We
traditionally think of acts of war and
terrorism as a physical assault against persons or property. However, it
is now clear that future terrorist acts and wars will involve information
and technology to a great extent. Infowar isn't just a concern
for nations - it is a concern for businesses and individuals.
It has become clear that many future wars and acts of terrorism will take
place in cyberspace rather than in the physical world. The reason? Knowledge is
power. The Internet has made the knowledge base both accessible
and vulnerable. Information warfare is the act of attacking this data.
Information warfare is not limited to disputes between countries, it can
include corporate and economic espionage as well as bored teenagers looking
to make a reputation as a hacker. And, while it takes place in
cyberspace, the impact can be felt on Main Street as critical infrastructures
depend on computer controls to operate effectively.
Information Warfare (InfoWar) can be offensive or defensive. According to
the Defense Science Board Task Force on
Information Warfare, offensive information warfare is attractive to
terrorists and armies as it is relatively inexpensive compared to the cost
of developing, maintaining, and using advanced military capabilities. It may
cost little to suborn an insider, create false information, manipulate
information, or launch malicious logic-based weapons against an information
system connected to the globally shared telecommunications
infrastructure.
For business continuity planners, their interest is obviously directed
towards the defense against InfoWar. For decades, information security
(InfoSec) has been a concern for both technologists and risk managers. Now
that we realize the seriousness of the InfoWar threat, we need to concern
ourselves with far more than passwords and dial-up access. The
Internet and e-commerce have increased our vulnerabilities by many
fold. We have migrated to distributed computing systems that
communicate over shared networks but largely still depend on the use of
fixed passwords as the first line of defense -- a carry-over from the days
of the stand-alone mainframe computer. We do this even though we know that
network analyzers have been and continue to be used by intruders to steal
computer addresses, user identities, and user passwords from all the major
Internet and unclassified military networks. Intruders then use these stolen
identities and passwords to masquerade as legitimate users and enter into
systems. Once in, they apply freely available software tools which ensure
that they can take control of the computer and erase all traces of their
entry.
Hackers (or more appropriately, crackers) are making their impact known
in powerful ways. Recent e-commerce denial of service attacks have
made infowar all to real for even the uninterested. During the recent
conflict in Kosovo, hacking played a role in dispute as Serbs attacked the
United Nation web site.
This is just the tip of the iceberg. There is much information available
on information warfare and cyberterrorism. The information and links below should help
you find your way.
Crackers are cyber terrorists. Often inappropriately called
"hackers" a "cracker" is defined as one who
perpetrates Denial of Service (DOS), cyber theft, and other acts of cyber
vandalism. A hacker, on the other hand, is a term more appropriately used
for programming gods and others that actually enjoy programming.
DOS attacks on e-comm leaders Yahoo!,
eBay and Amazon.Com
led Attorney General Janet Reno to exclaim this this was a "`wake-up
call'' on what needs to be done to improve security and to catch crackers.
(see story)
"There is much to be done and I think that this was a wake-up call
for everyone concerned as to what needs to be done in terms of prevention,
and what we need to do in terms of holding the people responsible for it
accountable,'' Reno said.
This was actually a new type Internet attack. Using little known features
of Internet protocols that have not previously been regarded as
vulnerabilities, Distributed Denial of Service (DDoS) attacks were carried
out using vulnerable web servers at universities and other sites to send
high volume streams of pings to these large e-comm sites. Some experts
believe that attacks of this form will proliferate.
"We conclude that there is a need for extraordinary action to
deal with the present and emerging challenges of defending against possible
information warfare attacks on facilities, information, information systems,
and networks of the United States which would seriously affect the ability
of the Department of Defense to carry out its assigned missions and
functions. We have observed an increasing dependency on the Defense
Information Infrastructure and increasing doctrinal assumptions regarding
the continued availability of that infrastructure. This dependency and these
assumptions are ingredients in a recipe for a national security
disaster."
Duane P. Andrews - Defense Science Board Task Force on
Information Warfare (Defense)
The Defense Science Board Task Force on Information Warfare (Defense) was
established at the direction of the Under Secretary of Defense for
Acquisition and Technology in 1995. The Task Force was directed to
"focus on protection of information interests of national importance
through the establishment and maintenance of a credible information warfare
defensive capability in several areas, including deterrence."
Specifically, the Task Force was asked to:
- Identify the information users of national interest who can be
attacked through the shared elements of the national information
infrastructure.
- Determine the scope of national information interests to be defended
by information warfare defense and deterrence capabilities.
- Characterize the procedures, processes, and mechanisms required to
defend against various classes of threats to the national information
infrastructure and the information users of national interest.
- Identify the indications and warning, tactical warning, and attack
assessment procedures, processes, and mechanisms needed to anticipate,
detect, and characterize attacks on the national information
infrastructure and/or attacks on the information users of national
interest.
- Identify the reasonable roles of government and the private sector,
alone and in concert, in creating, managing, and operating a national
information warfare-defense capability.
- Provide specific guidelines for implementation of the Task Force's
recommendations.
The full report is available
on-line
The Computer Emergency Response Team
(CERT) combined with the CERT/Coordination Center is the preeminent computer incident response
team and a model for numerous similar teams. CERT is part
of the Software Engineering Institute (SEI), a
federally funded research and development center established in 1984
by the U.S. Department of Defense with a broad charter to address
the transition of software engineering technology. The SEI is an
integral component of Carnegie Mellon
University and is sponsored by the Office of the Under Secretary
of Defense for Acquisition. The CERT Coordination Center (CERT/CC)
is a major reporting center for Internet security problems.
CERT
was established after the Morris Worm incident in 1988 and originally
worked almost exclusively on incident response. Since then, they
have worked to help start other incident response teams, coordinate
the efforts of teams when responding to large-scale incidents,
provide training to incident response professionals, and research
the causes of security vulnerabilities, prevention of
vulnerabilities, system security improvement, and survivability of
large-scale networks.
CERT offers a number of resources for
computer incident response:
CERT
Advisory Mail List
CERT Overview on
Incident and Vulnerability Trends
Common
Terminology Project (PDF file - Requires Adobe
Acrobat Reader)
LINKS
Resources
Get anti-virus protection from McAfee.com
They offer free virus news and also have a free virus map that
offers a real-time, bird’s-eye view of where the latest
viruses are infecting computers worldwide.
ZoneAlarm Pro
provides powerful security for individual and networked PCs in a small or home
office environment.
alt.comp.virus FAQ
Sites
ISSA (Information Systems Security
Association)
U.S. Critical Infrastructure
Assurance Office
President's Commission on Critical
Infrastructure Protection
Infowar.com and info-sec.com
Internet/Network
Security BBS
ARC InfoWar
State of Texas Information
Resources Asset Protection Information Exchange
ARIA
Journal of Infrastructural Warfare
ISSA (Information Systems Security
Association)
ASIS (American Society for
Industrial Security
BOOKS
The
Art of Information Warfare: Insight into the Knowledge Warrior Philosophy
Information
Warfare : Principles and Operations
Cyberwar: Security, Strategy, and Conflict in the Information Age
ICSA
Guide to Cryptography
Time
Based Security
Information
Warfare : Chaos on the Electronic Superhighway
Strategic
Information Warfare : A New Face of War
In Athena's Camp : Preparing for Conflict in the Information Age
The
Future of War : Power, Technology and American World Dominance in the 21st
Century
Defending Your Digital Assets Against Hackers, Crackers, Spies &
Thieves
