DEFENSIVE RESPONSIVE CONTAINMENT INFORMATION WARFARE TOOLS AND TACTICS

One of the more recent additions to the military commander’s toolbox are defensive responsive containment information warfare tools. Computers and associated technology have helped change the face of modern information warfare tactics by providing the capabilities to generate and process massive amounts of data, and disseminate the resultant information throughout the battlespace. However, computers provide more than just an information-processing capability. They may also be used as weapons in their own right. The most common examples of computer operations include hacking, virus planting, and chipping. These techniques are primarily aimed at targeting the enemy’s broad information environment. However, they may also be used to attack the enemy’s computer-based weapon systems and computer-based platforms, such as “fly-by-wire” aircraft. Although generally strategic in nature, computer operations may be applied to the tactical and operational components of the conventional warfare environment, either in support of C2W operations or in direct support of air, land or sea operations. See sidebar, “Military Tests Digital Forces.”

The Army has kicked off a major new warfighting experiment at Fort Polk, Louisiana, designed to test the effectiveness of infantry units armed with digitized information systems. The Joint Contingency Force Advanced Warfighting Experiment (JCF AWE) included about 5,000 soldiers. They took part in realistic combat scenarios against the Fort Polk Joint Readiness Training Center’s opposing force.

The exercise was used to assess 58 technological and doctrinal initiatives, including the En Route Mission Planning and Rehearsal System (EMPRS), Land Warrior, and the Army Battle Command System. EMPRS is installed on aircraft and creates a wireless local-area network connecting all planes, thereby allowing commanders and soldiers to collaborate en route to their objective.

EMPRS allows airborne forces and light forces to do planning and mission rehearsal while they’re on the way to the exercise. The Army really wants to disseminate that information down to the company commander, the platoon leader, and the individual soldier onboard those airplanes.

The Army Battle Command System will be instrumental for coordination between light and armored forces. The digital Army Battle Command System will go all the way from the platoon or to the brigade level; the Army wants to measure how those digital enablers allow that commander to fight differently.

The Land Warrior platoon conducted a nighttime ambush and a nighttime assault on a mock city. Some soldiers wore the latest version of the Land Warrior system, others an earlier version. The Army has reduced the Land Warrior system from about 65 pounds to 41. The JCF AWE is part of the Millennium Challenge, a major exercise conducted by Joint Forces Command, Norfolk, Virginia, in which the services interact and operate with one another.

Hacking

The term computer hacker is now synonymous with computer criminal although, arguably, this merging of terms is not justified. Someone who uses a computer to rob a bank is a criminal, not a hacker. The genuine computer hackers are still doing what the original computer hackers were doing 40 years ago—simply exploring the bounds of computer science.

Unfortunately, exploring today’s computer science often means entering other people’s systems. There are many computer hackers around the world who enter other people’s systems on a daily basis. Most simply gain access to the systems, “snoop” around for a while, and leave. Some hackers like to explore the logic flow in systems. A few like to exploit these systems for either their own gain or simply to make life difficult for the users of that system. The genuine hackers, while invading system privacy, rarely damage the systems into which they have hacked. However, most users of systems understandably find it an unacceptable invasion of their privacy to have people intruding into their systems.

Hackers present a genuine problem to most organizations today, and a specific threat to military security. Hackers have historically found the challenge of breaking into so called “secure” military systems one of the more satisfying aspects of their hobby. Accordingly, the first and foremost aim of any information strategy for military forces must be to defend their own system integrity.

Once access is gained into a system, hackers can generally manipulate whatever files they wish. They will often set up personal accounts for themselves in case they wish to return again in the future. A hacker can, of course, collect very important information. In the business domain, intelligence can be gained about a competitor’s product. In the government service domain, sensitive personal information can be obtained (or altered), which can later be used against individuals. In the military domain, classified information such as capabilities, vulnerability, strategies, and dispositions may be extracted or manipulated. A hacker can also change the file structure, amend the logic flow, and even destroy parts of the system.

Hacking is no longer simply a pursuit of misfits and computer scientists; it is now a genuine method of obtaining information by government agencies, criminals, or subversive organizations. There have been several reports about government sponsorship of such activity. Many of the world’s secret security organizations are now passing industrial secrets to their nation’s domestic businesses. The basic tool kit of today’s industrial spy contains a PC and a modem. The industrial spy is simply a hacker who intrudes into someone else’s computer system and then exploits the information obtained. Neither domestic nor international laws adequately address all of the issues surrounding hacking. Therefore, in the unlikely event that hackers are caught, in many situations prosecution is impossible.

The impact on those involved in developing MIWT is that hacking presents a genuine threat to the security and integrity of both military and civilian information systems. Defense against hacking can be successful to varying degrees. Most defensive strategies are system-dependent; therefore, listing them in this chapter would be pointless. However, defense against hacking needs to be considered by anyone who manages or operates an information technology system.

The other reason that national security forces should become involved in hacking is the potential benefits that can be derived by employing hacking techniques as an offensive tactic. Intelligence collection against information stored in an enemy’s databases as well as the specific system capabilities, vulnerability, and architecture, can be accomplished successfully using hacking techniques. In future wars, information derived from hacking will form a large part of intelligence databases and, thus, manipulation of the enemy’s decision-making support systems will become routine.

Viruses

A virus is a “code fragment that copies itself into a larger program, modifying that program.” A virus executes only when its host program begins to run. The virus then replicates itself, infecting other programs as it reproduces. Protecting against computer viruses has become a part of using modern ITS. Viruses are passed from computer to computer via disks and reportedly via the more recent practice of electronic file transfer, such as e-mail. Although statistics concerning viruses are often difficult to substantiate, some specialists estimate that there are as many as 8,900 viruses currently existing on the Internet, with cures being available for only 1,250. Although virus screening software should prevent known viruses being brought into a system, they will not prevent all virus attacks. The most effective method of minimizing the risk of virus attack, and minimizing the damage caused by viruses in the event of an attack, is by employing sound and rigorous information-management procedures.

Isolating Internet systems from operating systems where practical is vital, and minimizing computer-to-disk-to-computer transfers, particularly if the origin of that data is the Internet, will reduce the chances of picking up a virus. The use of the most recent antivirus software and the screening of disks every time that they are placed in a computer will reduce the risk of disk infections being passed onto systems. Careful selection and management of passwords may deter a potential intruder from accessing a system and planting a virus, while the maintenance of comprehensive system back-ups can minimize the impact of viruses, should one find its way onto a system. Viruses, however, can also be backed-up and a dormant virus can infest any back-up files and can be reintroduced when a system is recovered. Accordingly, a layered back-up strategy is imperative. Antivirus strategies are aimed at minimizing the chances of getting a virus and minimizing the damage that viruses can cause if they are introduced. Users of today’s ITS must be aware of the virus threat. Simple procedures will often be enough to avoid viruses, but a single failure to comply with antivirus procedures can result in systems becoming inoperable.

Virus planting is clearly a suitable and attractive weapon for military forces and is a valuable addition to the offensive information operations inventory. If a simple virus can be injected into the systems of a potential enemy, the need to expend effort in physically attacking that system may be eliminated.

Chipping

Most people are aware of the vulnerability of software to hostile invasions, such as a virus attack. Few, however, are aware of the risk to the essential hardware components of an ITS. Chipping is a term that refers to unexpected events that can be engineered into computer chips. Today’s chips contain billions of integrated circuits that can easily be configured by the manufacturer so that they can initiate unexpected events at a specific time, or at the occurrence of specific circumstances. This may explain why some electronic goods fail a short time after the warranty has expired. There is almost no way of detecting whether a chip contained within a piece of equipment has been corrupted.

One way to minimize the risk of chipping is to self-manufacture all important chips, such as those that are used as part of an aircraft’s flight control system. Economically, this is often not feasible. Most chips used within today’s high-technology equipment are manufactured in countries where labor costs are low. Establishing an indigenous manufacturing capability would increase the cost of acquiring the equipment. A risk assessment must be made when purchasing vital equipment from overseas, by comparing the risk of vital equipment failing once hostilities commence to the cost of producing chips internally or developing rigorous quality control of imported chips.

Chipping represents a simple way to develop a conventional military advantage by those countries that regularly export military equipment. In the event of any hostilities with recipients of their “chipped” equipment, that equipment may be incapacitated without having to use conventional force. This makes economic as well as military sense. The legal and ethical aspects are a separate issue.

There are many other computer weapons that can be used in conjunction with or instead of chipping, viruses, and hacking. These weapons have many different descriptive names such as “worms,” “trojan horses,” and “logic bombs,” and are commonplace in today’s information society. They are all examples of computer operations that may be adapted to suit the information-warfare environment. A detailed description of all of these techniques is beyond the scope of this chapter. Suffice to say that computer weapons should be an integral part of any information- warfare operations strategy. They should be considered as valid alternatives to conventional weapons both in offense and defense.