SUMMARY

 < Day Day Up > 



The United States has substantial information-based resources, including complex management systems and infrastructures involving the control of electric power, money flow, air traffic, oil and gas, and other information-dependent items. U.S. allies and potential coalition partners are similarly increasingly dependent on various information infrastructures. Conceptually, if and when potential adversaries attempt to damage these systems using IW techniques, information warfare inevitably takes on a strategic aspect.

There is no “front line.” Strategic targets in the United States may be just as vulnerable to attack (as we all found out in the 9-11 terrorist attacks) as in-war zone command (such as Afghanistan, Iraq, etc. ...), control, communications, and intelligence (C3I) targets. As a result, the attention of exercise participants quickly broadened beyond a single traditional regional theater of operations to four distinct separate theaters of operation: the battlefield per se; allied “Zones of Interior” (for example, the sovereign territory of Saudi Arabia); the intercontinental zone of communication and deployment; and the U.S. Zone of Interior.

The post-cold war “over there” focus of the regional component of U.S. national military strategy is, therefore, rendered incomplete for this kind of scenario and is of declining relevance to the likely future international strategic environment. When responding to information warfare attacks of this character, military strategy can no longer afford to focus on conducting and supporting operations only in the region of concern. An in-depth examination of the implications of IW for the U.S. and allied infrastructures that depend on the unimpeded management of information is also required in the fight against macro threats—defensive strategies for governments and industry groups, as follows.

Conclusions Drawn from Fighting against Macro Threats

  • Low entry cost: Unlike traditional weapon technologies, development of information-based techniques does not require sizable financial resources or state sponsorship. Information systems expertise and access to important networks may be the only prerequisites.

  • Blurred traditional boundaries: Traditional distinctions (public versus private interests, warlike versus criminal behavior) and geographic boundaries, such as those between nations as historically defined, are complicated by the growing interaction within the information infrastructure.

  • Expanded role for perception management: New information-based techniques may substantially increase the power of deception and of image-manipulation activities, dramatically complicating government efforts to build political support for security-related initiatives.

  • A new strategic intelligence challenge: Poorly understood strategic IW vulnerabilities and targets diminish the effectiveness of classical intelligence collection and analysis methods. A new field of analysis focused on strategic IW may have to be developed.

  • Formidable tactical warning and attack assessment problems: There is currently no adequate tactical warning system for distinguishing between strategic IW attacks and other kinds of cyberspace activities, including espionage or accidents.

  • Difficulty of building and sustaining coalitions: Reliance on coalitions is likely to increase the vulnerabilities of the security postures of all the partners to strategic IW attacks, giving opponents a disproportionate strategic advantage.

  • Vulnerability of the U.S. homeland: Information-based techniques render geographical distance irrelevant; targets in the continental United States are just as vulnerable as in-war zone targets. Given the increased reliance of the U.S. economy and society on a high-performance networked information infrastructure, a new set of lucrative strategic targets presents itself to potential IW-armed opponents.

An Agenda for Action in Preparing for Defensive Strategies for Governments and Industry Groups

The likely consequences of strategic information warfare point to a basic conclusion: Key national military strategy assumptions are obsolescent and inadequate for confronting the threat posed by strategic IW. As discussed next, major recommendations have emerged that address this shortcoming.

The U.S. government needs to set an agenda for action that goes beyond the work already done in preparation for the fight against macro threats—defensive strategies for governments and industry groups. Action steps should include, but not be limited to the following 16 areas:

  1. Leadership: Who should be in charge in the government? An immediate and badly needed first step is the assignment of a focal point for federal government leadership in support of a coordinated U.S. response to the strategic IW threat. This focal point should be located in the Executive Office of the President, because only at this level can the necessary interagency coordination of the large number of government organizations involved in such matters—and the necessary interactions with the Congress—be effectively carried out.

  2. This Executive Office should also have the responsibility for close coordination with industry, because the nation’s information infrastructure is being developed almost exclusively by the commercial sector. Once established, this high-level leadership should immediately take responsibility for initiating and managing a comprehensive review of national-level strategic information warfare issues.

  3. Risk assessment: The federal government leadership entity cited a previously explained, should, as a first step, conduct an immediate risk assessment to determine, to the degree possible, the extent of the vulnerability of key elements of current U.S. national security and national military strategy to strategic information warfare.

  4. Strategic target sets, IW effects, and parallel vulnerability and threat assessments should be among the components of this review. In an environment of dynamic change in both cyberspace threats and vulnerabilities, there is no sound basis for presidential decision making on strategic IW matters without such a risk assessment.

  5. In this context, there is always the hope or the belief that the kind of aggressive response suggested in this chapter can be delayed while cyberspace gets a chance to evolve robust defenses on its own. This is, in fact, a possibility—that the healing and annealing of an immune system that is under constant assault, as cyberspace is and assuredly will continue to be, will create the robust national information infrastructure that everyone hopes to use. But it may not, and we’re certainly not there now.

  6. Government’s role: The appropriate role for government in responding to the strategic IW threat needs to be addressed, recognizing that this role (certain to be part leadership and part partnership with the domestic sector) will unquestionably evolve.

  7. In addition to being the performer of certain basic preparedness functions (such as organizing, equipping, training, and sustaining military forces), the government may play a more productive and efficient role as facilitator and maintainer of some information systems and infrastructure; through policy mechanisms such as tax breaks to encourage reducing vulnerability and improving recovery and reconstitution capability.

  8. An important factor is the traditional change in the government’s role as one moves from national defense through public safety toward things that represent the public good. Clearly, the government’s perceived role in this area will have to be balanced against public perceptions of the loss of civil liberties and the commercial sector’s concern about unwarranted limits on its practices and markets.

  9. National security strategy: Once an initial risk assessment has been completed, U.S. national security strategy needs to address preparedness for the threat as identified. Preparedness will cross several traditional boundaries from “military” to “civilian,” from “foreign” to “domestic,” and from “national” to “local.”

  10. One promising means for instituting this kind of preparedness could involve the concept of a “minimum essential information infrastructure” (MEII), which is introduced as a possible strategic defensive IW initiative. The MEII is conceived as that minimum mixture of U.S. information systems, procedures, laws, and tax incentives necessary to ensure the nation continues functioning even in the face of a sophisticated strategic IW attack.

  11. One facet of such an MEII might be a set of rules and regulations sponsored by the federal government to encourage the owners and operators of the various national infrastructures to take measures to reduce their infrastructure’s vulnerability and/or to ensure rapid reconstitution in the face of IW-type attacks. The analog for this concept is the strategic nuclear Minimum Essential Emergency Communications Network (MEECN).

  12. The MEII construct is conceptually very attractive even though there was some uncertainty as to how it might be achieved. An assessment of the feasibility of an MEII (or like concepts) should be undertaken at an early date.

  13. National military strategy: The current national military strategy emphasizes maintaining U.S. capability to project power into theaters of operation in key regions of Europe and Asia. Because of the emerging theaters of operation in cyberspace for such contingencies, strategic IW profoundly reduces the significance of distance with respect to the deployment and use of weapons. Therefore, battlefield C3I vulnerabilities may become less significant than vulnerabilities in the national infrastructure.

  14. Planning assumptions fundamental to current national military strategy are obsolescent. Consideration of these IW features should be accounted for in U.S. national military strategy.

  15. Against this difficult projection and assessment situation, there is the ever-present risk that the United States could find itself in a crisis in the near term, facing the possibility of, or indications of, a strategic IW attack. When the president asks whether the United States is under IW attack (and, if so, by whom) and whether the U.S. military plan and strategy is vulnerable, a foot-shuffling “we don’t know” will not be an acceptable answer.

  16. It must be acknowledged that strategic IW is a very new concept that is presenting a wholly new set of problems. These problems may well yield to solution—but not without the intelligent and informed expenditure of energy, leadership, money, and other scarce resources.



 < Day Day Up > 



Computer Forensics. Computer Crime Scene Investigation
Computer Forensics: Computer Crime Scene Investigation (With CD-ROM) (Networking Series)
ISBN: 1584500182
EAN: 2147483647
Year: 2002
Pages: 263
Authors: John R. Vacca

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net