Information Warfare Theory of Information Warfare Reading list

Information Warfare Theory of Information Warfare

Reading list l This lecture – Denning Chapters 2 – Denning, D. E. Stuxnet: What Has Changed? Future Internet 2012, 4, 672 -687. (. pdf) CSCE 727 - Farkas 2

l Information Security: “The protection of information against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional. ” (U. S. federal standards) l Information assurance: Information security + defensive information warfare l Information Warfare: Only intentional attacks + offensive operations CSCE 727 - Farkas 3

Information Dominance l Information Dominance - a condition that results from the use of offensive and defensive information operations to build a comprehensive knowledge advantage at a time, place, and on decision issues critical to mission success – from the IW Site, http: //www. iwar. org. uk/iwar/resources/infodominance/issue-paper. htm CSCE 727 - Farkas 4

Information Warfare l Information resources l Players l Offensive operations l Defensive operations WIN-LOSE NATURE OF OPERATIONS CSCE 727 - Farkas 5

Way of Thinking S. R. Covey: 7 Habits of Highly Effective People l Habit 4: Think Win-Win – Character-based code for human interaction and competition – Win-lose zero-sum game, competing for limited resources – Win-win the ultimate winner? l How are these direction affecting our (cyber) future? l CSCE 727 - Farkas 6

Value of Resources l Exchange value – Determined by market value – Quantifiable l Operational value – Determined by the benefits that can be derived from using the resource – May no be quantifiable May not be the same value for each player (offensive and defensive players) l Actual (before) and potential (after) value l Give examples! l CSCE 727 - Farkas 7

Players l Offense: motives, means, opportunity – Insiders, hackers, criminals, corporations, government, terrorists l Defense: protection – Federal Bureau of Investigation – U. S. , Secret Service – Department of Treasury – Department of Defense – National Institute of Standards and technology ROLE OF GOVERNMENT CSCE 727 - Farkas 8

Offensive Information Warfare Target: particular information resources – resources does not need to be owned or managed by the defense l Objective: increase the value of the resource for the offense and decrease it for the defense l Gain: financial, strategic, thrill, etc. l Loss (defense): financial, tactical, strategic, reputation, human loss, etc. l CSCE 727 - Farkas 9

Cost of Information Warfare l Monetary expense l Personal time l Risk of getting caught l Punishment l Resources used l Measuring cost of cyber attacks CSCE 727 - Farkas 10

Offense l Increase availability of resource l Decrease integrity of resource l Decrease availability of resource for defense CSCE 727 - Farkas 11

Defense l Prevent availability of resource for offense l Ensure integrity l Ensure availability CSCE 727 - Farkas 12

Offense: Increased availability l Collection of secret: – Espionage (illegal) and intelligence (may be legal) l Piracy l Penetration (hacking) l Superimposition fraud l Identity theft l Perception management CSCE 727 - Farkas 13

Offense: Decrease Availability for Defense l Physical theft l Sabotage l Censorship CSCE 727 - Farkas 14

Offense: Decreased Integrity l Tampering l Penetration – Cover up – Virus, worm, malicious code l Perception management – Fabrication, forgeries, fraud, identity theft, social engineering CSCE 727 - Farkas 15

Defense l Prevention: keeps attacks from occurring l Deterrence: makes attack unattractive l Indications and warning: recognize attacks before it occurs l Detection: recognize attacks l Emergency preparedness: capability to recover from and response to attacks l Response: actions taken after the attack CSCE 727 - Farkas 16

Playgrounds to Battlegrounds

IW Activities l Context of human actions and conflict l Domains: – Play: hackers vs. owners – Crime: perpetrators vs. victims – Individual rights: individuals vs. individuals/organizations/government – National security: national level activities CSCE 727 - Farkas 18

Play l Playing pranks l Actors: hackers/crackers/phreakers l Motivation: challenge, knowledge, thrill l Culture: social/educational – “global networks” – publications – forums l Law CSCE 727 - Farkas 19

Crime l Intellectual Property Crimes – IT targets: research and development, manufacturing and marketing plan, customer list, etc. – Attacker: insiders, formal insiders – 1996: Economic Espionage Act (U. S. Congress) l Fraud – Telemarketing scam, identity theft, bank fraud, telecommunication fraud, computer fraud and abuse l Fighting crime CSCE 727 - Farkas 20

Crime l Actors: – – – Employees Temp. staff Vendors Suppliers Consultants Trade secrets l Identity theft l Law l CSCE 727 - Farkas 21

Individual Rights l Privacy – Secondary use of information l Free speech – Harmful/disturbing speech – Theft and distribution of intellectual property – Censorship CSCE 727 - Farkas 22

National Security l Foreign Intelligence – Peace time: protecting national interests l Open channels, human spies, electronic surveillance, electronic hacking (? ) – War time: support military operations – U. S. Intelligence Priorities: l l l Intelligence supporting military needs during operation Intelligence about hostile countries Intelligence about specific transnational threats – Central Intelligence Agency (CIA) – Primary targets in U. S. A. : high technology and defense- related industry CSCE 727 - Farkas 23

War and Military Conflict l IT support, e. g. , sensors, weapons, surveillance, etc. l Psyops and perception management l Physical weapons (? ) l Cyber space battle (? ) l Unmanned devices (? ) CSCE 727 - Farkas 24

Terrorism l Traditional: – Intelligence collection – Psyops and perception management l New forms: – Exploitation of computer technologies Internet propaganda l Cyber attacks (electronic mail flooding, DOS, etc. ) l l Protection CSCE 727 - Farkas of national infrastructure 25