|
Changing
the
Face of Warfare
Information contained
in this article represents the opinion of the author and
does not necessarily reflect the official Army or
INSCOMposition. It does not change or supersede any
information presented in other official Army
publications.
By Maj. James P. Edmiston
Warfare
is no longer primarily a function of who puts the most
resources, soldiers or technology on the battlefield, but
rather of who has information dominance on the
battlefield. The current "information
revolution" reflects the meteoric technological
advances enabled by the microchip and computerized
information and communications systems. The role of
information in enabling modern warfare also reflects how
information is collected, stored, processed,
communicated, and presented. Therefore, information
warfare, in its largest sense, is simply the use of
information to achieve national objectives.
Information is similar to
diplomacy, economic competition, or the use of military
force. It is a key aspect of national power and, more
importantly, is becoming a vital national resource which
supports all aspects of our nations goals.
Information is a strategic
resource which may prove to be as valuable and
influential in the post-industrial era as money and labor
have been in the agrarian and industrial ages.
The true target of
information warfare is the human mind, especially those
minds who make the key decisions of war or peace, or
deploy the military assets and war-fighting capabilities
of their country. While "cyberwar" will be
fought over the worldwide telecommunications networks of
computers, cables, fiber-optics and satellites, the
objective of cyberwar is to influence the enemy and the
decisions the enemy makes by controlling the
"virtual battlefield."
The old saying that
knowledge is power has never been more true than its use
in todays military. The stunning advances of
information technology should be used for exponential
vision and the opportunity for a genuine revolution in
military affairs. The ancient Chinese general Sun Tzu
espoused that information should be used to create such a
mismatch between us and an opponent that the
opponents very strategy is defeated before his
first forces can be deployed or his first shots fired.
Constant
Change
While
our nations borders are guarded by soldiers,
sailors, Marines and airmen; the security of the
nations electronic nervous system is vulnerable to
paralyzing attacks. The United States could be brought to
its knees by compromising the countrys telephone,
computer, air traffic control or financial systems. As
the world approaches another millennium and prepares for
the challenges of the 21st century, swift and radical
changes are occurring in all dimensions of our society.
The pace of these changes is a potentially chaotic
revolution instead of an orderly evolution.
Just as society is
undergoing revolutionary change, so is the U.S. military.
The dismantling of the Soviet armed forces and the
emergence of the U.S. military from the desert wastes of
the Gulf War have left the United States as the
unquestioned world military leader, due in large part to
our demonstrated technological superiority. But as
current events are already proving, other military forces
can also obtain technologies which challenge our own.
Massive computer networking
makes the United States and other information-based
countries vulnerable to this revolutionary style of
warfare known as "information warfare." The
militarys reliance on unprotected networks carries
the risk of military failure and catastrophic economic
loss. Fully 95% of all military communications (both
voice and data) are carried over the civilian
telecommunications backbone. Whose responsibility is it
to protect the nations information sinews and
infrastructure? Where does the military forward edge of
the battlefield (FEBA) start? Or end?
Revolutions in military
affairs occur when the application of new technologies
into military weapons systems combines with innovative
operational concepts and organizational adaptation to
change the character and conduct of conflict by producing
a dramatic increase in the combat potential and
effectiveness of the armed forces. This information-based
revolution goes beyond industrial based warfare where
mass produced weapons cause mass destruction.
Railroads, telegraphs and
rifled musket and artillery changed the Civil War
battlefields from those of the American Revolutionary
War. World War I continued the relentless advancement of
killing technology with the introduction of the tank and
the airplane. During the interwar years, the internal
combustion engine was "perfected," radio and
radar were developed, and aviation technology flourished.
These advances caused major changes in the character of
warfare in World War II. Since then, the microchip,
nuclear weapons and satellite technologies have forced
changes in warfare.
A global electronic
environment was spawned by the explosive growth of the
Internet and telecommunications networks. Many foreign
governments (and their associated intelligence agencies)
are using this new "virtual domain" to retrieve
strategic and tactical information related to defense,
economics, technology and even personal affairs. These
networks also provide a potential "avenue of
approach" for disruptive forces to introduce
malicious software codes, viruses or logic bombs. The
intent is to destroy essential data and to disrupt
computer networks, therefore crippling the ability of the
United States to effectively wage war.
A
Historical Perspective
While
information is a relatively stable concept, the concept
of warfare is not so stable and changes over time.
Currently, Alvin and Heidi Tofflers War and
Anti-War and The Third Wave dominate conceptual thinking
of how war will be fought in the 21st century. The
Tofflers describe the history of warfare in terms of
three waves: agrarian, industrial, and informational.
Agrarian warfare was
depicted by Agrarian Age raids on towns and villages to
steal food and wealth using hand crafted weapons.
Industrial warfare of the Industrial Age was depicted by
attritional warfare between nation states relying on
mechanization, mass and maneuver. Information warfare
relies on Information Age technology, communications,
decision support and real time processing of data to
achieve tightly focused objectives.
Sun Tzus The Art
of War is considered the classic reference on warfare
in the Agrarian Age. Elements of his work are still
relevant, especially for information warfare, due to his
high regard for information and the practice of
deception.
The Mongol hordes of
Ghengis Khan illustrates almost a pure expression of
information warfare. Mongol doctrine relied for success
not upon military strength and mass, but upon learning
exactly where their enemies were emplaced while keeping
their own location secret until they attacked.
They would search out the
enemy, blind him, then strike at his heart with
coordinated operations which had the end result of
breaking down the command and control efforts of their
enemies. This enabled them, despite being numerically
inferior, to overthrow the finest, largest armies of
imperial China, Islam, and Christendom. The Mongol
example also reinforces the point that information
warfare does not depend on high technology, but rather on
how one thinks about conflict and strategic interaction.
Carl von Clausewitzs On
War is regarded as the defining text on Industrial
Age warfare. Clausewitzs focus on operational and
tactical level issues led him to place less value on
information than Sun Tzu. In an Industrial Age war,
battlefield information tended to lose most of its value
in the time it took to reach centralized decision makers
and redirect to those who needed it the most. His premise
of "the fog of war" applies today: too much
information can confuse or overwhelm just as easily as
too little.
The Tofflers believe
warfare has moved into this "third wave" of
information dominance. When one adversary possesses (or
controls) almost complete "battlespace"
awareness, while the other adversary is cut off from
(reliable) information sources, the first adversary will
always score a decisive win.
The Gulf War is considered
to be the first information war. Col. (Ret.) Alan
Campens book, The First Information War,
provides insight into the elements of information warfare
employed in the war. By the start of the ground war,
Saddam Hussein no longer knew the location of his armies,
much less the location of coalition forces.
The Pentagons final
report to Congress on the Conduct of the Persian Gulf
Warthe so-called "COW Report"states
the earliest attacks targeted "microwave relay
towers, telephone exchanges, switching rooms, fiber optic
nodes and bridges which carried coaxial communications
cables." This had the effect of either silencing
them or forcing "the Iraqi leadership to use backup
systems vulnerable to eavesdropping that produced
valuable intelligence." Attacks were coupled with
direct strikes at Saddams military and political
command centers themselves; designed to destroy or
isolate Iraqi leaders, cutting them off from field
troops.
Throughout the Gulf War,
the coalition forces maintained superior battlefield
awareness. They used command and control warfare, sensor
elimination, and satellite imagery. By wars end,
the coalition communications infrastructure could handle
700,000 phone calls and 152,000 messages per day, while
monitoring over 35,000 frequencies used for enemy
communications.
There are several examples
where information warfare has been used against the
United States. In Vietnam, the North Vietnamese expertly
spoofed our radio communications and used hit and run
guerrilla tactics. The United States relied upon
traditional heavy armor and massed aviation warfighting
techniques. They were also quick to reinforce and
encourage the anti-war feelings in the United States due
in part to televised images of the gruesome ravages of
war. Vietnam showed the importance of psychological
warfare as an element of information warfare.
The term
"warfare" has been associated with the military
because of the connotation of physical violence. However,
in the context of information warfare, the terms include
a wider range of conflicts waged by a wider range of
combatants because it is typically non-physical.
A major new factor in
information warfare is the worldwide info-sphere of
television and broadcast news. Information warfare at the
strategic level is the "battle of the
battlefield" to shape the political context of the
conflict. It will define the new "battlespace."
Foreign countries may try to influence the news gathering
and reporting capabilities of their adversaries in order
to influence a political outcome.
Threat
to Infrastructures
The
United States depends upon information systems and
networks. Information systems control the basic functions
of the nations infrastructure, including the air
traffic control system, power distribution and utilities,
phone system, stock exchanges, the Federal Reserve
monetary transfer system, credit and medical records. The
military depends upon commercial telephone networks to
carry both routine and emergency communications; 95
percent of the traffic is on the commercial backbone. The
MILNET computer network composed of more than 170,000
military computers is fully integrated into the Internet
and exposes sensitive logistics, transportation, finance,
personnel, and medical databases to exploitation.
Most advanced countries
today have some form of computer espionage or
exploitation program. Todays friends may be
tomorrows enemies, either in war or commerce. The
United States, due to its open, democratic society and
personal freedoms, is open to exploitation from anywhere
on the planet. All one needs is a computer and a modem,
and the worlds information infrastructure is
available with a few key strokes.
Intelligence and espionage,
once the exclusive occupations of monarch and government,
have become an important component of international
business. No longer are spies employed only by national
intelligence services. Large corporations around the
world, particularly in Western Europe and Asia, now hire
sophisticated agents to gather intelligence on
competitors and other.
Buoyed by the success
enjoyed by several computer hackers throughout the 1980s,
scores of intelligence agencies began during the 1980s
and 1990s to fully integrate the computer as an
instrument of espionage tradecraft. International data
networks now provide intelligence agencies with a conduit
to retrieve information. These same networks also provide
a potential avenue for opposing countries or people to
introduce malicious software codes designed to destroy
sensitive data or to disrupt computer networks.
Some nations have created
computer espionage branches within their intelligence
services. These specialized units seek to compromise the
confidentiality and, to a somewhat lesser degree, the
integrity and availability of sensitive or classified
computerized data. Although espionage agencies continue
to have an interest in classified military information,
the major targets for state-sponsored computer espionage
are industrial and technological secrets. Many European
and Asian nations admit their national intelligence
services collect economic intelligence to benefit their
industries at the expense of foreign competition.
Computer systems and networks contain a large amount of
research and development data that have a significant
value to various national industrial and development
policies.
National intelligence
agencies collect computer data. The storage of sensitive
personal data spreads across internationally connected
computers and data networks.
The threat to data privacy
and security increases with the size and complexity of
computer system architecture. The stand-alone personal
computer is much easier to protect against unauthorized
intrusion than the sophisticated distributed computer
systems using data networks and client-server system
architectures. Reliance on "open-networks,"
such as the Internet, increases the possibility of
surreptitious eavesdropping of electronic mail and other
digital communications. Encryption is one form of
protection against digital eavesdropping but its use is
coming under increased governmental control and
regulation in many countries.
Legislation with criminal
sanctions may serve as additional protection against
state-sponsored and corporation-initiated digital
eavesdropping schemes. However, these controls assume an
illegal intrusion has already occurred and are designed
to seek only financial or other remedies. Traditional
computer security methods such as access control, secure
database structures, personnel security controls, and
input/output handling have met with only limited success
in dealing with the computer hacker threat of the 1990s.
All these controls have weaknesses which have been
exploited by the determined and often youthful hacker.
The threat posed by
dedicated and well-financed intelligence agencies and
international gangs to exploit computer security controls
is much greater than that of the traditional hacker
community. Those relying on computer technology face a
far greater threat to computer security today than faced
10 years ago. The demand for new and more reliable
computer security controls to counter the digital
espionage threat will grow as a result of this formidable
threat.
Effective
Firewalls
Military
leaders are developing a new cyberspace warfare strategy
which is intended to defend and attack the very computer
networks which support it and all other modern armed
forces. One of the "weapons" used to defend our
networks from exploitation is the "firewall."
A firewall is a generic
term which describes a wide range of functions and
architectures of devices which protect the network. A
firewall can describe almost any network security device,
such as hardware encryption devices, screening router, or
an application level. However, a firewall is only part of
an overall security posture adopted by an organization.
Any hardware employed must be integrated with a security
policy followed by the systems users in order to be
effective.
The primary components of a
firewall include a network policy, advanced
authentication mechanisms, packet filtering and
application gateways.
Effective firewall design
is specific to the network it protects. Every network is
physically different. The intentions of the organizations
vary from network to network. Firewalls generally
implement one of two basic design policies: permit any
service unless it is expressly denied, and deny any
service unless it is expressly permitted.
For a firewall to be
successful, the network service-access policy must be
drafted before the firewall is implemented. A realistic
policy is one that provides a balance between protecting
the network from known risks while still providing users
reasonable access to network resources. If a firewall
system denies or restricts services, a realistic network
service-access policy can prevent the firewalls
access controls from being modified or circumvented on an
ad hoc basis. Only a sound, management-backed policy can
provide this defense against internal resistance.
A firewall is only as
effective as its administration. If the firewall is not
maintained properly, it may permit break-ins while
providing an illusion the site is still secure. Security
policy should reflect the importance of strong firewall
administration. Management should demonstrate its
commitment to this importance in terms of full-time
personnel, proper funding for procurement, maintenance
and other necessary resources.
A firewall is not an excuse
to pay less attention to site system administration. It
is in fact the opposite: if a firewall is penetrated, a
poorly administered site could be wide open to intrusions
and resultant damage. A firewall in no way reduces the
need for skilled system administration. At the same time,
a firewall can permit a site to be proactive in its
system administration as opposed to reactive. Because the
firewall provides a barrier, sites can spend more time on
system administration duties and less time reacting to
incidents and damage control.
The Defense Information
Systems Agency has conducted over 30,000
"friendly" hacker attacks against our own
military computer systems in the past several years.
Using offensive information warfare techniques and
technologies which potential adversaries are believed to
possess (and most of it freely available through the
Internet), they have discovered that about 4 percent of
systems administrators knew they had been attacked. Even
worse, only 27% of the affected systems report an attack.
Hackers try to penetrate military computer systems an
estimated 250,000 times per year.
This activity has spawned
new defense activities such as the Land Information
Warfare Activity (Army), the Naval Information Warfare
Activity and the Air Force Information Warfare Center.
The Marines, due to their unique mission, are working to
combine the best elements of the other three services
into a workable strategy.
Into
the Information Age
There
have been several "official" definitions of
what constitutes information warfare, however, all agree
it concerns "actions taken to achieve information
superiority by affecting adversary information,
information-based processes, information systems and
computer-based networks, while defending ones own
information, information-based processes, information
systems, and computer-based networks." The security
of our telecommunications networks is important in
maintaining U.S. national security and competing in the
global marketplace.
The United States must face
the challenge of Information Warfare by recognizing the
global electronic environment and the threat it poses.
Boundaries between nations and private-sector
organizations are blurringrendering distinctions
between war and crime, and civilian and governmental
interests, less meaningful. With this global
connectivity, it will be difficult to distinguish between
strategic information warfare attacks and other
activities, such as espionage (both state-sponsored and
commercial), accidents, systems failures and hacker
attacks.
Evolving Information
Warfare doctrine such as FM 100-6, Information
Operations, and the Army Intelligence Master Plan
must address the nebulous "fog of battle" in
which there is no "front line" or geographic
boundary. Information warriors must be trained in the
newest of technologies and techniques in order to assist
the tactical warfighter.
While the nature of war has
changed as weapons improved, the purpose of war will
endure: To impose ones will over another. As Sun
Tzu stated over two thousand years ago: "attaining
one hundred victories in one hundred battles is not the
pinnacle of excellence. Subjugating the enemys army
without fighting is the true pinnacle of
excellence."
Maj.
James P. Edmiston is assigned to Headquarters, INSCOM.
|