Chapter 18: Civilian Casualties-The Victims and Refugees of Information Warfare

OVERVIEW

National information infrastructures are becoming an important vehicle for the generation of national wealth throughout the developed world. National information systems are, among other things, already used to conduct commerce and regulate and control national production. Nations are becoming increasingly dependent on their information infrastructure as the information age evolves. Accordingly, this infrastructure may now be considered to be representing an extension of national sovereignty and any attacks on national information systems may be perceived as attacks on the nation itself. This has resulted in civilian casualties (the victims and refugees of information warfare).

A further argument may be that the national security implications of information attacks make the defense against such attacks a military task. If this is the case, the vast majority of the world’s military forces require a significant review of their current doctrine and capabilities. Most are presently not capable of operating in a hostile information environment. An alternative argument may be that attacks against national information systems are criminal in nature and are, therefore, the responsibility of national police forces. Again, most police forces are incapable of defending against such attacks. Indeed, there is probably no organization in the world that can adequately defend national information infrastructures as of yet. Regardless of the capabilities of the various organizations, a clear observation is that the jurisdiction boundaries that separate civilian and military security responsibilities are blurring as the information age evolves.

Separating military and civilian information operations, particularly as they pertain to defending national information systems, is also complicated by the military dependence on the civilian information infrastructure. Significant elements of many of the information systems used by the world’s modern military forces are designed, developed, and managed by civilians, primarily for civilian purposes, and make extensive use of the civilian information infrastructure. This is particularly the case with communication systems. The use of unique systems by the military forces for all of their information tasks is not economically viable. Therefore, an attack that targets a military capability via a multiuser information system may inadvertently disrupt civilian users. Likewise, an attack that is directed at a civilian user of an information system may inadvertently affect military users. Is a military or civilian response more appropriate in each of these cases? To many this may appear to be a trivial issue, but distinguishing between civilian and military information operations is important if an appropriate (and legal) national response is to be determined.

The identification of the source of an information attack can be difficult, at times impossible, and can contribute to the problem of determining an appropriate response. Following a skilled information attack, identifying whether the act was calculated and hostile, or simply an accident or a system error may well be impossible. Determining whether a nation or an individual committed the IW attack or non-nation-state organization may also be impossible, as may be ascertaining the extent of any damage caused to civilians or refugees. Given the embryonic state of international law pertaining to the information domain, pursuing a response through the courts may also be impossible and/or pointless. Therefore, although distinguishing between a military information operation (MIO) and a civilian information operation (CIO) is highly desirable, and, from a legal viewpoint, it may be essential, such distinction is often impossible.

Attempting to resolve tomorrow’s information security challenges with today’s security infrastructure and culture is unlikely to prove successful. Securing a national information infrastructure presents unique challenges to national security agencies and demands unique and innovative solutions.

The need for macro-level information security in the information domain is becoming more obvious. There is a strong argument for the development of a national information authority that has the responsibility for assuring the integrity of all national information systems, advising on the development of new information systems, sponsoring research and development into information-assurance technologies, and ultimately prosecuting information operations in support of diplomatic, counter-criminal, and conflict-resolution objectives.

A national information authority would offer many strategic opportunities and benefits (including significant efficiencies) and could comfortably address information issues across portfolios, including national security and defense considerations. Such an organization would not deny the individual elements of a nation’s armed forces the right to develop their own information strategies; indeed, all arms have both a single-service and joint responsibility to develop robust information strategies now. The further a nation travels down the information age path, however, the more necessary the development of a professional, specialist national information body appears. It is an option that should be considered by any government with a genuine commitment to national security and the protection of its civilians.