URL: http://www.ndu.edu/ndu/inss/strforum/forum28.html Forum, Number 28, May 1995 WHAT IS INFORMATION WARFARE? Martin C. Libicki, National Defense University Is Information War (IW) a nascent, perhaps embryonic art, or simply the newest version of a time-honored feature of warfare? Is it a new form of conflict that owes its existence to the burgeoning global information infrastructure, or an old one whose origin lies in the wetware of the human brain but has been given new life by the information age? Is it a unified field or opportunistic assemblage? Since March 1993, Chairman of the Joint Chiefs of Staff Memorandum of Policy Number 30 (MOP 30) has set forth definitions and relationships that have guided the joint community in its thinking about the related concepts of information warfare and command and control warfare. As these seminal ideas have evolved, their definitions and relationships have changed as well. MOP 30 is under revision, and both higher level policy documents for the Department of Defense and doctrinal publications of the Joint Staff and Services are either in draft form or under revision. In light of the unformed state of these concepts, alternative definitions and taxonomies for twenty-first century warfare are proposed: 1. command-and-control warfare [C2W]; 2. intelligence-based warfare [IBW]; 3. electronic warfare [EW]; 4. psychological operations [PSYOPS]; 5. hackerwar software-based attacks on information systems; 6. information economic warfare [IEW] war via the control of information trade; and 7. cyberwar [combat in the virtual realm]. ... ------------------ URL: http://www.ndu.edu/ndu/inss/actpubs/act003/a003ch07.html Hacker Warfare The hacker attacks discussed here are attacks on civilian targets (military hacker attacks come under the rubric of C2 warfare). Note 41 Although attacks on civilian and military targets share some characteristics of offense and defense, military systems tend to be more secure than civilian systems, because they are not designed for public access. Critical systems are often disconnected from all others -- "air gapped," as it were, by a physical separation between those system and all others. From an operational point of view, civilian systems can be attacked at physical, syntactic, and semantic levels. Here, the focus is on syntactic attacks, which affect bit movement. Concern for physical attacks (see above, on C2W) is relatively low Note 42 (although some big computers on Wall Street can be disabled by going after the little computers that control their air-conditioning). Semantic attacks (which affect the meaning of what computers receive from elsewhere) are covered below, under cyberwarfare. Hacker warfare can be further differentiated into defensive and offensive operations. The debate on defensive hacker warfare concerns the appropriate role for the DoD in safeguarding nonmilitary computers. The debate on offensive hacker warfare concerns whether it should take place at all. In contrast to, say, proponents of tank or submarine warfare, only a few hackers argue that the best defense against a hacker attack is a hacker attack. Whether hacker warfare is a useful instrument of policy is a question that defense analysts and science fiction writers may be equally well placed to answer. Hacker warfare would, without doubt, be a new form of conflict ... ----------------- URL: http://www.ndu.edu/ndu/inss/actpubs/act003/a003ch09.html Cyberwarfare Of the seven forms of information warfare, cyberwarfare -- a broad category that includes information terrorism, semantic attacks, simula-warfare and Gibson-warfare -- is clearly the least tractable because by far the most fictitious, differing only in degree from information warfare as a whole. The global information infrastructure has yet to evolve to the point where any of these forms of combat is possible; such considerations are akin to discussions in the Victorian era of what air-to-air combat would be. And the infrastructure may never evolve to enable such attacks. The dangers or, better, the pointlessness, of building the infrastructure described below may be visible well before the opportunity to build it will present itself. ... The difference between a semantic attack and hacker warfare is that the latter produces random, or even systematic, failures in systems, and they cease to operate. A system under semantic attack operates and will be perceived as operating correctly (otherwise the semantic attack is a failure), but it will generate answers at variance with reality. The possibility of a semantic attack presumes certain characteristics of the information systems. Systems, for instance, may rely on sensor input to make decisions about the real world (e.g., nuclear power system that monitors seismic activity). If the sensors can be fooled, the systems can be tricked (e.g., shutting down in face of a nonexistent earthquake). Safeguards against failure might lie in, say, sensors redundant by type and distribution, aided by a wise distribution of decisionmaking power among humans and machines. GIBSON-WARFARE The author confesses to having read William Gibson's Neuromancer Note 61 and, worse, to having seen the Disney movie "TRON." In both, heroes and villains are transformed into virtual characters who inhabit the innards of enormous systems and there duel with others equally virtual, if less virtuous. What these heroes and villains are doing inside those systems or, more to the point, why anyone would wish to construct a network that would permit them to wage combat there in the first place is never really clear. Why bring up Gibson's novel and the Disney movie? Because to judge what otherwise sober analysts choose to include as information warfare -- such as hacker warfare or esoteric versions of psychological warfare -- the range of what can be included in its definition is hardly limited by reality. ... Possible? Actually, yes. Relevant to national security? Not soon.