Return to Information Warfare Tutorial Intro/Contents
|Individual Hackers||Low lever threat (nuisance)|
|Coordinated hacking (Instructor/tutor)||Low/Med level of threat|
|Funded, coordinated (focused, employed)||High level|
|State sponsored, focused (Intel provided, spec tasking)||Extremely High|
A new management philosophy is needed.
To expand the DoD perspective of securing America from groups that wish to influence U.S. policy throughout infrastructure attacks, our nation's leadership, both political and industrial, must define a process by which America can be secured. The National Information Infrastructure will be used by tomorrow's enemies to gain access and attempt to control or influence our nation's critical infrastructures. Policy makers will be faced with the challenge of respecting and balancing the basic rights of Americans. For example, a balance between the right to privacy vs. law enforcement represents one of many issues which will be hotly debated. However, there is one positive aspect; the threat posed to America's infrastructure via IW attacks is by its nature non-partisan. The threat is real and is focused against all of America. As a result, our political leaders will come to closure on this issue much more quickly. This contrasts sharply with the health care debates of the early 90's which ended with few positive results.
The key to Information Infrastructure security is clearly defined by our forefathers:
We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty, and the pursuit of Happiness. That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed. That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness.
Our fore fathers believed that individual rights were granted by God and secured by government. Our nation's leaders will be challenged to find the right balance - this represents the heart of the debate in securing America.
The focus for change must come from Congress. The issues associated with defending America in the age of information can only be equitably debated through this branch of government. This is not to suggest that the President and the Judicial branch will not play a major role; they will... Congress will have to take the lead in forging new policy as our nation enters the 21st century.
Role of the President: Lead from behind by directing the Executive branch departments and agencies to provide critical information (data) for use by Congress, Industry, and the public in forming the national debate. The Executive branch must provide a clear representation of the Threat that IW poses to our nation's infrastructure. Further, the President must ensure that any technical skills and associated knowledge resident in the U.S. Government is available to industry and Congress for their use in formulating national information policy.
Role of the Supreme Court: The Supreme Court will, as it has in the past, ensure that legislated policy does not encroach on the rights of Americans. Just as the Supreme Court played a major role in interpreting legislation as America entered the Industrial Revolution, it will do so for the Information Revolution. However, history has shown that such interpretations are molded over time as society's needs and perspectives change. For example, the balance between economic rights and the needs of business.
Role of industry: Corporate America will be called upon to provide a realistic view of industry's security needs. This view is currently not possible as most of corporate America is either fearful of disclosing the extent of the threat, or is unaware of the intentions of its adversaries. To remedy this, the President must commit America's intelligence community to directly providing relevant indications and warnings to industry. Congress must engineer a policy where industry is required to report the number and nature of IW attacks against its infrastructures. Such disclosures by industry must be protected to guard against erosion of the public confidence. Today many nations desire U.S. military products, tomorrow they will want American security products that protect critical infrastructure. If our nation's policy makers pass legislation that encourages the will of American industry, the "Made in America" label will appear on security systems world wide.
Role of the individual: The Internet is growing exponentially. Within it there are many references to the sanctuary of cyberspace. There have been declarations of cyber-independence and calls for a hands-off by governments. People of the world are experiencing for the first time what Americans have taken for granted: Freedom of Speech. The ability to publicly voice one's opinion is bringing a passion to the Internet that is indescribable. Non-Americans are naturally hesitant to embrace any government association with the Internet. However it must be remembered that it was America, specifically the U.S. Department of Defense, that made the Internet possible. According to the Declaration of Independence, America's government is formed by its people to protect the rights granted by the Creator. This brings us to one of the most fundamental arguments of society (State): when do the rights of the many outweigh the rights of the few? This issue has been argued since the dawn of logical thought. Our policy makers (Congress and the President) must receive a balanced view from their constituents. Often our nation has applied the oil only to the squeaky wheel. The Congress must initiate public community debates to help bring the message to Washington. When called individuals must educate themselves to the issues and voice their opinion.
Look to our nation's transition during times of great change, e.g., the industrial revolution, the Great Depression, and the nuclear threat (Cold War). During each period the concept of free enterprise provided the technical means to a solution. Likewise, each transition, required a new assessment of the balance of rights. Looking more recently to the second half of the 20th century, it can again be illustrated that free enterprise enabled America to become the global leader in technology. The voices of our forefathers offer guidance; if only we would listen.
Information Warfare Weapons fall into three categories: Strategic, Theater, and Tactical. Each category has its own unique capabilities and thus requires different safety mechanisms to prevent inadvertent release. Consider nuclear weapons. They too can be employed to support a tactical, theater and/or strategic objective. However, nuclear weapons must ultimately be released for use by the President and usually by recommendation of the National Security Council. IW weaponry is very similar, but there are exceptions.
The Commander In Chief (CINC) will always implement the directions of the President. In such a capacity certain IW weapons can be left to the discretion of the CINC for implementation. Likewise, traditional theater level Electronic Warfare (EW) or PSYOP that is enhanced by IW capabilities fall under CINC authority.
Strategic IW weapons however, will most likely be reserved for release by the highest level. For example, a computer virus that would cripple a nation's monetary system or may seize control of international satellites must be controlled by either the President (SECDEF if authority has been delegated). Justification: a response in-kind would have a direct impact on the American homeland, i.e., the loss of sanctuary.
So who pulls the trigger? In general the command to launch an IW attack will at least be reviewed by the National Security Council, possibly the President (weapon dependent), and ordered by the CINC. One must remember that some strategic weapons will only be released on authority of the President. Note: during the planning process the CINC will be the single person responsible for the overall campaign and will decide his or her weapons of choice, but just as in the case of nuclear weapons, IW weaponry will require a higher lever of coordination and authorization for release.
America has the strongest, most capable military in the world. This fact challenges many nation's objectives which conflict with American policy. No nation has the capability to challenge the United States using traditional force-on-force. Further, the acquisition of weapons of mass destruction by such nations is also considered futile, as America's response would be direct and massive. This leaves many developing nations with few options in countering America's military force. That was until the introduction of Information Warfare.
Many nations in competition with the United States, either in the political or economic realm, are actively developing IW capabilities. They hope to use these capabilities to gain an industrial edge by stealing U.S. industrial secrets, and when possible disrupt America's industrial base.
America possesses many infrastructures: power, transportation, economic. But there are others not normally considered. Our nation possesses a knowledge infrastructure where critical scientific information is freely shared between academia, government, and industry. This infrastructure, like others, is open to attack by IW weapons.
America has typically enjoyed a protected sanctuary provided by the two great oceans. Not until Pearl Harbor and the subsequent nuclear threat did America become aware of it's loss of sanctuary. With the fall of the Iron Curtain and the end of the Cold War, Americans have returned to believing in a new protected sanctuary. This is far from the truth. Daily, America's critical infrastructures are being probed and investigated by foreign powers. Our nation's industries currently lack the capability to adequately detect the implantation of IW weapons into our infrastructure.
Many nations are looking for ways to attack our financial networks to gain economic advantage. Likewise our industrial base is under attack. Cyberspace has no geographic boundaries. Nations are contracting the efforts of cyber-terrorists to maintain non-attribution. It is possible that some nations we traditionally consider allies and friendly are set on a path of economically and industrially conquering America.
America's sanctuary has been lost. Our nation is under a quiet, sometimes organized attack by many forces whose goal is to topple America's global position.
The military perspective on the beta version of this tutorial was composed from various unclassified briefings and presentations. Each service has been distributed the beta version with the intent of providing input into the final version due in October 1996. As you explore the military perspective please remember that military offensive aspects of IW cannot be discussed openly. Nonetheless these efforts are ongoing!
Just as America's military transitioned into the industrial age and adopted the concept of mechanized war, so will it adapt to warfare in the information age. That said, the transition will not be easy. Just as military leaders resisted accepting a mechanized calvary and concept of an Air Force there will be great hesitation to adopt IW. By its nature any military must adhere to tradition and order. How else can a person be commanded into combat? But tradition typically stalls advancement of new technologies. America's military will become tomorrow's information warriors, and when future military leaders look to this period they will again wonder why acceptance of such an natural concept was hard to comprehend.
The Army has and will always command the ground aspect of warfare. The information revolution will provide a battlefield (situational) awareness unimaginable today. The fog of war will be greatly reduced if not totally eliminated. Likewise, offensive IW will render our nation's enemies dispersed and informationally isolated. The enemy's fog will be extended to a complete blindness. All aspects of today's Army will be enhanced by the information revolution.
The Navy and Marine Corps will continue to control the seas and provide the heavy strategic reach capability America now enjoys. Global sensory networks will ensure the Navy has the capability to track any form of naval enemy on a global basis. New information technologies will extend the track and reaction time of many naval weaponry for both hard and soft kills.
The Air Force and its command of the skies will continue. Tomorrow's air defense weaponry and electronic warfare will be unrecognizable to today's military leaders. The ability to precisely strike a hostile nation's command and control, air defense, or critical infrastructures will be just a push-button away. If a hard kill is required, the enhancement of IW will ensure the safety of our service personal and reduce the amount of physical force necessary. Precision strike will place munitions on a target in ways now considered impossible.
The nation is ready to debate the issue of Information Warfare and begin to decide that delicate balance between protecting the individual rights and national security. For the past three years we have come a long way. First the term Information Warfare was discussed, i.e., what does it mean. Then groups began to discuss organization structure and identify needed policy. Today, insiders understand IW and its threat to America's infrastructure. It is now time to mode the debate to the people and industry and answer the question, how do we protect America's Critical Infrastructure form Information Warfare.
The following Executive Order was issues by President Clinton on July 15, 1996. It focuses the necessary ingredients for the national debate:
WASHINGTON, July 15, 1996 Executive Order Certain national infrastructures are so vital that their incapacity or destruction would have a debilitating impact on the defense or economic security of the United States. These critical infrastructures include telecommunications, electrical power systems, gas and oil storage and transportation, banking and finance, transportation, water supply systems, emergency services (including medical, police, fire, and rescue), and continuity of government. Threats to these critical infrastructures fall into two categories: 1. physical threats to tangible property ("physical threats"), 2. and threats of electronic, radio-frequency, or computer-based attacks on the information or communications components that control critical infrastructures ("cyber threats"). Because many of these critical infrastructures are owned and operated by the private sector, it is essential that the government and private sector work together to develop a strategy for protecting them and assuring their continued operation. NOW, THEREFORE, by the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows: Section 1. Establishment. There is hereby established the President's Commission on Critical Infrastructure Protection ("Commission"). (a) Chair. A qualified individual from outside the Federal Government shall be appointed by the President to serve as Chair of the Commission. The Commission Chair shall be employed on a full-time basis. (b) Members. The head of each of the following executive branch departments and agencies shall nominate not more than two full-time members of the Commission: (i) Department of the Treasury; (ii) Department of Justice; (iii) Department of Defense; (iv) Department of Commerce; (v) Department of Transportation; (vi) Department of Energy; (vii) Central Intelligence Agency; (viii) Federal Emergency Management Agency; (ix) Federal Bureau of Investigation; (x) National Security Agency. One of the nominees of each agency may be an individual from outside the Federal Government who shall be employed by the agency on a full-time basis. Each nominee must be approved by the Steering Committee. Sec. 2. The Principals Committee. The Commission shall report to the President through a Principals Committee ("Principals Committee"), which shall review any reports or recommendations before submission to the President. The Principals Committee shall comprise the: (i) Secretary of the Treasury; (ii) Secretary of Defense; (iii) Attorney General; (iv) Secretary of Commerce; (v) Secretary of Transportation; (vi) Secretary of Energy; (vii) Director of Central Intelligence; (viii) Director of the Office of Management and Budget; (ix) Director of the Federal Emergency Management Agency; (x) Assistant to the President for National Security Affairs; (xi) Assistant to the Vice President for National Security Affairs. Sec. 3. The Steering Committee of the President's Commission on Critical Infrastructure Protection. A Steering Committee ("Steering Committee") shall oversee the work of the Commission on behalf of the Principals Committee. The Steering Committee shall comprise four members appointed by the President. One of the members shall be the Chair of the Commission and one shall be an employee of the Executive Office of the President. The Steering Committee will receive regular reports on the progress of the Commission's work and approve the submission of reports to the Principals Committee. Sec. 4. Mission. The Commission shall: (a) within 30 days of this order, produce a statement of its mission objectives, which will elaborate the general objectives set forth in this order, and a detailed schedule for addressing each mission objective, for approval by the Steering Committee; (b) identify and consult with: (i) elements of the public and private sectors that conduct, support, or contribute to infrastructure assurance; (ii) owners and operators of the critical infrastructures; and (iii) other elements of the public and private sectors, including the Congress, that have an interest in critical infrastructure assurance issues and that may have differing perspectives on these issues; (c) assess the scope and nature of the vulnerabilities of, and threats to, critical infrastructures; (d) determine what legal and policy issues are raised by efforts to protect critical infrastructures and assess how these issues should be addressed; (e) recommend a comprehensive national policy and implementation strategy for protecting critical infrastructures from physical and cyber threats and assuring their continued operation; (f) propose any statutory or regulatory changes necessary to effect its recommendations; and (g) produce reports and recommendations to the Steering Committee as they become available; it shall not limit itself to producing one final report. Sec. 5. Advisory Committee to the President's Commission on Critical Infrastructure Protection. (a) The Commission shall receive advice from an advisory committee ("Advisory Committee") composed of no more than ten individuals appointed by the President from the private sector who are knowledgeable about critical infrastructures. The Advisory Committee shall advise the Commission on the subjects of the Commission's mission in whatever manner the Advisory Committee, the Commission Chair, and the Steering Committee deem appropriate. (b) A Chair shall be designated by the President from among the members of the Advisory Committee. (c) The Advisory Committee shall be established in compliance with the Federal Advisory Committee Act, as amended (5 U.S.C. App.). The Department of Defense shall perform the functions of the President under the Federal Advisory Committee Act for the Advisory Committee, except that of reporting to the Congress, in accordance with the guidelines and procedures established by the Administrator of General Services. Sec. 6. Administration. (a) All executive departments and agencies shall cooperate with the Commission and provide such assistance, information, and advice to the Commission as it may request, to the extent permitted by law. (b) The Commission and the Advisory Committee may hold open and closed hearings, conduct inquiries, and establish subcommittees, as necessary. (c) Members of the Advisory Committee shall serve without compensation for their work on the Advisory Committee. While engaged in the work of the Advisory Committee, members may be allowed travel expenses, including per diem in lieu of subsistence, as authorized by law for persons serving intermittently in the government service. (d) To the extent permitted by law, and subject to the availability of appropriations, the Department of Defense shall provide the Commission and the Advisory Committee with administrative services, staff, other support services, and such funds as may be necessary for the performance of its functions and shall reimburse the executive branch components that provide representatives to the Commission for the compensation of those representatives. (e) In order to augment the expertise of the Commission, the Department of Defense may, at the Commission's request, contract for the services of nongovernmental consultants who may prepare analyses, reports, background papers, and other materials for consideration by the Commission. In addition, at the Commission's request, executive departments and agencies shall request that existing Federal advisory committees consider and provide advice on issues of critical infrastructure protection, to the extent permitted by law. (f) The Commission, the Principals Committee, the Steering Committee, and the Advisory Committee shall terminate 1 year from the date of this order, unless extended by the President prior to that date. Sec. 7. Interim Coordinating Mission. (a) While the Commission is conducting its analysis and until the President has an opportunity to consider and act on its recommendations, there is a need to increase coordination of existing infrastructure protection efforts in order to better address, and prevent, crises that would have a debilitating regional or national impact. There is hereby established an Infrastructure Protection Task Force ("IPTF") within the Department of Justice, chaired by the Federal Bureau of Investigation, to undertake this interim coordinating mission. (b) The IPTF will not supplant any existing programs or organizations. (c) The Steering Committee shall oversee the work of the IPTF. (d) The IPTF shall include at least one full-time member each from the Federal Bureau of Investigation, the Department of Defense, and the National Security Agency. It shall also receive part-time assistance from other executive branch departments and agencies. Members shall be designated by their departments or agencies on the basis of their expertise in the protection of critical infrastructures. IPTF members' compensation shall be paid by their parent agency or department. (e) The IPTF's function is to identify and coordinate existing expertise, inside and outside of the Federal Government, to: (i) provide, or facilitate and coordinate the provision of, expert guidance to critical infrastructures to detect, prevent, halt, or confine an attack and to recover and restore service; (ii) issue threat and warning notices in the event advance information is obtained about a threat; (iii) provide training and education on methods of reducing vulnerabilities and responding to attacks on critical infrastructures; (iv) conduct after-action analysis to determine possible future threats, targets, or methods of attack; and (v) coordinate with the pertinent law enforcement authorities during or after an attack to facilitate any resulting criminal investigation. (f) All executive departments and agencies shall cooperate with the IPTF and provide such assistance, information, and advice as the IPTF may request, to the extent permitted by law. (g) All executive departments and agencies shall share with the IPTF information about threats and warning of attacks, and about actual attacks on critical infrastructures, to the extent permitted by law. (h) The IPTF shall terminate no later than 180 days after the termination of the Commission, unless extended by the President prior to that date. Sec. 8. General. (a) This order is not intended to change any existing statutes or Executive orders. (b) This order is not intended to create any right, benefit, trust, or responsibility, substantive or procedural, enforceable at law or equity by a party against the United States, its agencies, its officers, or any person. WILLIAM J. CLINTON THE WHITE HOUSE, July 15, 1996.
Return to Information Warfare Tutorial Intro/Contents