Introduction

The Cold War has ended, but it has been replaced by the continuance of older wars by other methods. These wars involve unprecedented use of high technology as tools to assist in conducting information warfare (IW). IW encompasses electronic warfare, techno-terrorist activities, and even economic espionage. It includes attacks against governments' and businesses' networks using malicious codes. While ISSOs may look at attacks against their corporate systems as "some hacker," it may in fact be a probe of the corporate InfoSec defenses by a competitor, possibly even a competitor from a foreign nation-state. It may be for the purpose of stealing corporate trade secrets to share with its domestic businesses, or even a prelude to an all-out attack against the corporations and government agencies of a nation-state.

As we have seen from the attacks on the World Trade Center, and as can be seen throughout history, hostile groups or nation-states will attack the corporations of their nation-state adversaries. The Allies in World War II bombed the cities and factories of their enemies. The targets included commercial businesses such as the oil refining plants and the ball bearing plants of Germany. That was because the adversaries relied on such plants to prosecute the war. Today, the nation-states target more information-based "factories" such as telecommunications corporations and computer networks. They do so for the very same reason: Such "plants" help an adversary prosecute their wars—wars of business competition, or wars of nation-states—using information warfare tactics. What if you worked for IWC—would such attacks apply to IWC? Of course they would. If not directly, what about collateral damage? If major telecommunications links were not available because of an IW attack, would IWC be able to conduct its online business transactions, communicate via e-mail, and the like? The answer is no, they would not. IWC would be the victim of an IW attack even if it was not the intended, direct target of the attack. As an ISSO, what are your responsibilities relative to direct and indirect attacks?

It is imperative that as an ISSO, you understand basic concepts related to IW and also expand the focus of your attention beyond defending against "some hacker." The IW attacks may use hacker techniques as a ruse, but they may also be using very sophisticated attack techniques that you never thought possible. Such tactics, such as malicious code as an offensive IW weapon, are considered weapons of mass destruction by nation-states that are very dependent on information and information-based systems.

As global competition increases, governments are becoming more actively involved in gathering information about the companies of foreign countries. The terrorists of the future are using technology not only to communicate among themselves, but also to commit high-technology crimes to fund their activities. They are beginning to look at the potential for using high technology against their enemies. As their level of sophistication increases, so do the threats to the nation-state's government agencies and businesses.

These threats will challenge the ISSO more than ever before. The threats from teenage hackers, company employees, and phreakers are nothing compared to what may come in the future. These information warfare warriors aren't "script kiddies" but individuals with doctorates in computer science who may have reverse-engineered IBM mainframe computer systems in the past. They are backed by financial support from foreign governments. They are conducting and will continue to conduct sophisticated attacks using these new weapons of mass information and information systems destruction against companies' and government agencies' systems.

Wars have been fought ever since there were human beings around who did not agree with one another. These conflicts continue to this day with no end in sight. The use of information in warfare is nothing new. Those that had the best information the fastest and were able to act on it the soonest were usually the victors in battle.

Is it any wonder, now that we are in the Information Age, that we should also have information warfare? No, that is certainly not surprising—or at least it shouldn't be. Since we now look at almost everything on a global scale, it should also not be surprising that information warfare is viewed on a global scale. Information warfare is today's much-talked-about type of warfare. A search of the Internet in just one language (English) on the topic using Google.com disclosed 472,000 hits. Information warfare is becoming an integral part of warfare of all types in the modern era. One can argue that information warfare has existed in all generations of warfare and included spying, observation balloons, breaking enemy codes, and many other functions and activities. True, information warfare is as old as humanity, but many aspects of how it is being applied in our information-dependent, information-based world are new.