What is DoD's concern?After all, internal Continental United States (CONUS) policy is not it's concern... Or is it? There is a shared responsibility between managing DoD and commercial networks.
Why is DoD concerned?DoD uses closed systems, router and firewall protection, and encryption in order to secure critical networks and message traffic; however, these secured transmissions ride on the public switched network, which has been proven to be vulnerable to IW attacks. The enemy is turf blind. It does not worry about what is DoD or Public.
Information Warfare does not equal Computer Warfare. Computer Warfare (CyberWar) is a subset of Information Warfare. Many aspects of IW can be waged without the use of the computer. Take, for example, Somalia.
Threat ModelThe following is a model that you can trace through for responding to IW threats. SummaryHopefully the case studies have illustrated that there are a variety of IW threats possible. Here are the important points to this module:
DoD Roles and MissionsModule 3The Lesson
The module learning objective:
Why is DoD involved in Information Warfare?
Consider the two perspectives:
The DoD is critically dependent on information technology. In the past: DoD maintained a dedicated hardened communications capability. Today: Current technology offers better commercial communications services than past DoD systems. This coupled with declining budgets, has driven DoD to the commercial sector for communications needs. Result: Currently, 95% of DoD communications ride on the public switched networks. Concern: DoD has no authority to provide guidance on securing the public net.
So, What is DoD's role?
|
Malicious software | Chipping |
Back doors | Electromagnetic pulse weapons |
Destructive microbes | Van Eck radiation |
Cryptology | Spoofing/Authentication |
Video morphing | Psychological operations |
Attacks on the banking system | Disruption of air traffic control |
Denial of service | Stand-off and close-in sensors |
Decision support |
Viruses, worms, and Trojan horses, falling under the category of malicious software, are perhaps the most frequently talked about information warfare weapons in the popular media. Although these weapons have the potential to cause great damage, there is no clear method for effectively targeting and controlling these weapons. Once a virus is let loose, it is just as likely to infect friendly information systems as it is to infect enemy information systems.
Chipping is the practice of making electronics chips vulnerable to destruction by designing in weaknesses. For example, certain chips may be manufactured to fail upon receiving a specific signal.Anyone using these chips could then be instantly devastated. Unfortunately,the problem here, once again, is how to get the right people to use the affected chips.
Back doors are designed to defeat security protections. For example,the designers of the Clipper encryption chip could possibly have built in a secret back door so that they can easily decode messages encrypted with the chip.
Electromagnetic pulse weapons could be used to knock out enemy electronics equipment. Suitcase sized devices have been developed to do just that.
Researchers are also working on developing microbes which eat electronics components so that, in the event of conflict, these microbes could be introduced into an adversary's electronics equipment to cause failure.
Van Eck radiation is the radiation which all electronic devices emit. Specialized receivers can pick up this radiation and tap a wealth of information. Fortunately, there are various safeguards against this type of attack.
Cryptology is a weapon of information warfare designed to encrypt and crack secure communications respectively. Despite significant advances in cryptography, cryptanalysis will continue to be an important weapon aided by equally significant advances in computing power.
Spoofing is an attempt to send a falsified message to someone. For example, I could dial up a university phone registration system pretending to be someone I have a grudge against, and drop their classes. Since these systems are automated, all I need to know in most cases is a person's Social Security number and birth date.
Video morphing is a weapon that could be used in a manner similar to that in the movie Forrest Gump to make an enemy leader appear to say things he or she didn't in fact say, undermining credibility.
Psychological operations (PSYOP) using all available information means to form a desired public perception. PSYOP benefits from the ability to conduct market research and analysis of regional data. As a result, customized messages and be generated for each targeted sector of society. PSYOP was very successfully in the U.S. re-instatement of Haiti's president.
Various possible operations with obvious effects include knocking out telephone switches, crashing stock markets, attacking electronic routers for rail system, attacking bank accounts, disrupting air traffic control, and denying service with, for instance, a ping attack. Note: the "ping attack" gets its name from old age sonar techniques. Within a network, a computer can send systematic queries to all addresses and analyze the associated return time, very similar to sonar. Net groups with similar times of return and be associated into a hierarchical structure.
For military applications, the use of stand-off and close-in sensors to gather data could be considered an information warfare weapon.
As in any decision process the more information available the higher the probability of arriving at a useful solution. Likewise, computer decision support is also a key weapon in information warfare and especially in defensive information warfare. Decision support can be used to detect attacks, identify the type of attack, generate defensive options, evaluate options, and perform damage assessments. In a similar manner, an adversaries decision support system can be delayed, or disrupted with erroneous data.
Information Warfare Weapons fall into three categories: Strategic National, Strategic Theater, Operational, and Tactical. Each category has its own unique capabilities and thus requires different safety mechanisms to prevent inadvertent release. Consider nuclear weapons. They too can be employed to support a tactical, theater and/or strategic objective. However, nuclear weapons must ultimately be released for use by the President and usually by recommendation of the National Security Council. IW weaponry is very similar, but there are exceptions.
The Commander In Chief (CINC) will always implement the directions of the President. IW weaponry supporting non-military elements of power or that fall into the category of national strategic will all require NSC approval. However, operational control of IW weapons which support classic C2W has been delegated to the CINC for implementation. Likewise, traditional theater level Electronic Warfare (EW) or PSYOP that is enhanced by IW capabilities fall under CINC authority as well.
National Strategic IW weapons, will be released by the president upon recommendation of the NSC. For example, a computer virus that would cripple a nation's monetary system or may seize control of international satellites must be controlled by either the President (SECDEF if authority has been delegated). Justification: a response in-kind would have a direct impact on the American homeland, i.e. the loss of sanctuary.
So who pulls the trigger? In general the command to launch an IW attack will at least be reviewed by the National Security Council, possibly the President (weapon dependent), and ordered by the CINC. One must remember that some strategic weapons will only be released on authority of the President. Note: during the planning process the CINC will be the single person responsible for the overall campaign and will decide his or her preferred weapons of choice, but just as in the case of nuclear weapons, IW weaponry will require a higher lever of coordination and authorization for release.
Loss of SanctuaryModule 7The Lesson
The module learning objectives:
Historical ReviewWhat was Pearl Harbor? A strike at the heart of America. Why Pearl Harbor? Japan wanted to eliminate the US's ability to project power in the Pacific.
How do countries today project power?
Another ConsiderationWhy are Third World nations so desperately seeking weapons of mass destruction (WMD)? Many nations do not have the resources to maintain a powerful military force. WMDs, such as nuclear, biological, or chemical weapons present an economically viable alternative for security. What was wrong with Japan's WWII strategy and recent efforts by Third World nations? Pearl Harbor ensured a response from the United States. Japan wanted to erase the U.S. Pacific military threat. They, of course, did not accomplish that. Iran, Iraq, Libya, and others want to reduce the effectiveness of American military influence, but they know doing so explicitly and deliberately would result in war.
An Effective Information (electronic) Pearl HarborAn Effective Information (electronic) Pearl Harbor So what would an effective Information Pearl Harbor look like? Today, our critical infrastructures consist of the transportation, power, and industrial networks. These all could be likely targets. The U.S. may find it difficult to use military force in response to an Information Pearl Harbor-type attack. It is difficult for the U.S. to retaliate using military action when the country did not suffer loss of life and cannot even determine who to target.
Weapons Choice From a Non-US Perspective
|
Force Deployed | Relative Expense | Anticipated Response |
---|---|---|
Military deployment | Very high | In kind. US would dominate. |
Nuclear | High | Possible in-kind. US would win. |
Chemical/biological | Medium | Definite military response. US would win. |
IW infrastructure attack | Low | US can't ID attacker. Can't retaliate. |
Carl von Clausewitz reasoned that commitment to war merges from the confluence of three characteristics or tendencies: the people, the military, and the government. He suggested that when these three components unify around a common purpose to be achieved by force of arms, an interactive trinity emerges that produces the national will to fight.
This suggests the following formulation:
National Will = Will of the People + Will of the Military + Will of the Government
This proposition has been supported in the emerging information age. For examples look at Somalia and Haiti. Information had the power to break the will of the people.
Our military must assume that future conflicts will be viewed real-time in the homes of every American. War must be quick, decisive, and limit civilian casualties to few or none.
Furthermore, because of our system, the military and political leadership cannot lie or deny access to the American press.
Does the Information Age offer any positive advances to the military?
Yes.
These include: immediate battlefield awareness, precision weapons, and most importantly, new non-lethal weaponry. However, we must understand America's potential adversaries may have the same capabilities. Therefore, many believe future conflicts will be waged on the information plane.
Consider infrastructure as a target; power plants, communications facilities, factories, petroleum pipelines, transportation systems (air, sea, rail). All are either currently or will soon be operated and managed by computers. Computers that receive critical sensing and requirement changes via the net. Therefore, by attacking or taking control of the net an adversary controls the infrastructure.
A nation's air force may take out an air defense system using a computer virus in lieu of an iron bomb. It's cheaper, quieter, and safer. And it is psychologically more effective!
A nation's infrastructure can be exploited, disrupted, or destroyed by infiltrating the computer networks that control such. Many ask will an army still be required to occupy a nation to impose its will? In total war, most likely; however, in the emerging age of economic warfare occupation can be achieved by precipitation a condition conducive to a leveraged buy-out, i.e., foreign corporations with the assistance of their government will simply procure critical portions of an enemy's infrastructure. As a result, ultimate control can be achieved through the corporate board room.
Remember, the trinity concept offered by Clausewitz: a nation's will is a combination of the people's, military's, and government's will. The people will as always desire a non-military solution to challenges of national interest. The information age offers many non-military options for exerting national will.
IW offers a new peace time application of warfare. A new type of infrastructure attack focused against a nation's political, economic, and social infrastructure.
An old quote:
The greatest happiness is to vanquish your enemies, to chase them before you rob them of their wealth, to see those dear to them bathed in tears, to clasp to your bosom their wives and daughters. Genghis Khan
Today, translated by America's competitors:
The greatest happiness is to crush your American competitor, to chase them before you, to rob them of their market share, to clasp to your income statement their former sales revenues, and to hear the lamentations of their stockholders. Asian Strategy
You can examine each service's perspective on IW:
Congress is being pulled in all directions by these groups:
Although a political solution has not been identified, it does exist. The path toward the answer can be significantly narrowed. The historical evolution of our constitutional rights provides the reliable road map. Our country's Constitution, legislative enactment, executive orders, and Supreme Court rulings form the boundaries within which future policies.
Congressional leaders will be challenged to set upon the path to deriving
legislation that secures our nation's critical infrastructures. In doing
so our nation's leaders will have to pay close attention to the following
influences. Otherwise, the legislative process will become bogged down in
debate or litigation and much needed legislation will ultimately be
delayed.
Finding the path consists of:
The Next Step
The IW threat has been identified and the process of reporting such is on-going. The next step, Determining a Process, has been done by the formation of a presidential bipartisan committee (commission) on securing our Nation's critical infrastructures.
This committee will focus on protecting those infrastructures critical to national defense and preserving the American way of life; however, in doing so issues that resonate at the core of each American's individual right to freedom will have to be considered. Groups which support various positions during these debates will have to carefully formulate their strategy to insure that the needs of their constituents are addressed.
This may sound elementary, but one of the most difficult aspects of problem solving is correctly identifying the problem, or determining what really needs to be fixed. Interestingly, the threat of an informational attack itself is not the central issue. Depending upon the specific target infrastructure the central issue may be one of several: knowing the event has occurred, motivations of the attackers, the loss of service, or the attacker's ultimate goal (which could be the second or third order effect).
The following example is offered as a mental exercise to help illustrate that identifying the central issue is not always easy and that often solutions are sought that do not solve the actual problem.
The setting is a college class room.
On the first day of a freshman engineering class thirty students have filled the room, confident that they have the ability to become world-class engineers. The instructor introduces himself and displays the following sign for the student's consideration:
The instructor asked two questions, with the first being What is the problem? After about twenty minutes, the students were ready to present their analysis. The students finally decided that the following was the problem: the bridge freezes before the road surface.
The second question was, What is the best solution? There was little
consensus. The students devised clever solutions to the problem. Here are
some of their creative solutions:
So, two questions were asked: What is the problem? and What is the solution? Obviously, the students did not get either question correct. As the students continued to work on this assignment, the voice of a young lady emerged from the back of the room.
The sign is the solution, she said.
The instructor then asked, What is the problem?
She replied that the problem is not the bridge freezing. It is the fact that a driver who is not paying attention and traveling on a surface with good traction suddenly reaches an area where the road surface is icy. The problem is the unsuspecting driver, not the freezing bridge.
Therefore, the sign is the solution as it makes the driver aware of a potential hazard. She was right!
The example was given to illustrate how easy it is to arrive at a solution to the wrong problem and miss the issue. Look at the recent Indecency Law passed by Congress and struck down by a Philadelphia Court as unconstitutional. The law sought to stop the posting of pornographers from being accessed by minors via the Internet. Did the engineers of this legislation lose focus of the real problem? As a young person, did you ever see pornography? Is the material the problem, its mode of publication, or its manufacturer?
As our nation enters the age of information many different issues will come into play: privacy, free speech, law enforcement, etc. Our congressional leaders (more importantly their staff members performing the analyses) will have to remain constantly aware that it is easy to diverge from the core issue, which is the national security threat posed by IW. The IW threat will raise many issues for congressional review. Not all of these issues deal with national security. Congress and executive agencies must continue to keep the national debate focused upon securing America. Only then can our nation adequately deal with the more social aspects of the emerging information age.
Here is a recommended rule of thumb. If you are suggesting a solution ask yourself, Why would I want to do that? Continue asking yourself until you arrive at a basic, repeating conclusion. Considering our students in the example and their initial solutions. Would they have come to closure more quickly had they asked the simple question, why? Would Congress have passed the recent Indecency Law had they done the same?
Threat | Threat Level |
---|---|
Individual Hackers | Low lever threat (nuisance) |
Coordinated hacking (Instructor/tutor) | Low/Med level of threat |
Funded, coordinated (focused, employed) | High level |
State sponsored, focused (Intel provided, spec tasking) | Extremely High |
A new management philosophy is needed.
To expand the DoD perspective of securing America from groups that wish to influence U.S. policy throughout infrastructure attacks, our nation's leadership, both political and industrial, must define a process by which America can be secured. The National Information Infrastructure will be used by tomorrow's enemies to gain access and attempt to control or influence our nation's critical infrastructures. Policy makers will be faced with the challenge of respecting and balancing the basic rights of Americans. For example, a balance between the right to privacy vs. law enforcement represents one of many issues which will be hotly debated. However, there is one positive aspect; the threat posed to America's infrastructure via IW attacks is by its nature non-partisan. The threat is real and is focused against all of America. As a result, our political leaders will come to closure on this issue much more quickly. This contrasts sharply with the health care debates of the early 90's which ended with few positive results.
The key to Information Infrastructure security is clearly defined by our forefathers:
We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty, and the pursuit of Happiness. That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed. That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness.
Our forefathers believed that individual rights were granted by God and secured by government. Our nation's leaders will be challenged to find the right balance - this represents the heart of the debate in securing America.
The focus for change must come from Congress. The issues associated with defending America in the age of information can only be equitably debated through this branch of government. This is not to suggest that the President and the Judicial branch will not play a major role; they will... Congress will have to take the lead in forging new policy as our nation enters the 21st century.
Role of the President: Lead from behind by directing the Executive branch departments and agencies to provide critical information (data) for use by Congress, Industry, and the public in forming the national debate. The Executive branch must provide a clear representation of the Threat that IW poses to our nation's infrastructure. Further, the President must ensure that any technical skills and associated knowledge resident in the U.S. Government is available to industry and Congress for their use in formulating national information policy.
Role of the Supreme Court: The Supreme Court will, as it has in the past, ensure that legislated policy does not encroach on the rights of Americans. Just as the Supreme Court played a major role in interpreting legislation as America entered the Industrial Revolution, it will do so for the Information Revolution. However, history has shown that such interpretations are molded over time as society's needs and perspectives change. For example, the balance between economic rights and the needs of business.
Role of industry: Corporate America will be called upon to provide a realistic view of industry's security needs. This view is currently not possible as most of corporate America is either fearful of disclosing the extent of the threat, or is unaware of the intentions of its adversaries. To remedy this, the President must commit America's intelligence community to directly providing relevant indications and warnings to industry. Congress must engineer a policy where industry is required to report the number and nature of IW attacks against its infrastructures. Such disclosures by industry must be protected to guard against erosion of the public confidence. Today many nations desire U.S. military products, tomorrow they will want American security products that protect critical infrastructure. If our nation's policy makers pass legislation that encourages the will of American industry, the "Made in America" label will appear on security systems world wide.
Role of the individual: The Internet is growing exponentially. Within it there are many references to the sanctuary of cyberspace. There have been declarations of cyber-independence and calls for a hands-off by governments. People of the world are experiencing for the first time what Americans have taken for granted: Freedom of Speech. The ability to publicly voice one's opinion is bringing a passion to the Internet that is indescribable. Non-Americans are naturally hesitant to embrace any government association with the Internet. However it must be remembered that it was America, specifically the U.S. Department of Defense, that made the Internet possible. According to the Declaration of Independence, America's government is formed by its people to protect the rights granted by the Creator. This brings us to one of the most fundamental arguments of society (State): when do the rights of the many outweigh the rights of the few? This issue has been argued since the dawn of logical thought. Our policy makers (Congress and the President) must receive a balanced view from their constituents. Often our nation has applied the oil only to the squeaky wheel. The Congress must initiate public community debates to help bring the message to Washington. When called individuals must educate themselves to the issues and voice their opinion.
Look to our nation's transition during times of great change, e.g., the industrial revolution, the Great Depression, and the nuclear threat (Cold War). During each period the concept of free enterprise provided the technical means to a solution. Likewise, each transition, required a new assessment of the balance of rights. Looking more recently to the second half of the 20th century, it can again be illustrated that free enterprise enabled America to become the global leader in technology. The voices of our forefathers offer guidance; if only we would listen.
Information Warfare Weapons fall into three categories: Strategic, Theater, and Tactical. Each category has its own unique capabilities and thus requires different safety mechanisms to prevent inadvertent release. Consider nuclear weapons. They too can be employed to support a tactical, theater and/or strategic objective. However, nuclear weapons must ultimately be released for use by the President and usually by recommendation of the National Security Council. IW weaponry is very similar, but there are exceptions.
The Commander In Chief (CINC) will always implement the directions of the President. In such a capacity certain IW weapons can be left to the discretion of the CINC for implementation. Likewise, traditional theater level Electronic Warfare (EW) or PSYOP that is enhanced by IW capabilities fall under CINC authority.
Strategic IW weapons however, will most likely be reserved for release by the highest level. For example, a computer virus that would cripple a nation's monetary system or may seize control of international satellites must be controlled by either the President (SECDEF if authority has been delegated). Justification: a response in-kind would have a direct impact on the American homeland, i.e., the loss of sanctuary.
So who pulls the trigger? In general the command to launch an IW attack will at least be reviewed by the National Security Council, possibly the President (weapon dependent), and ordered by the CINC. One must remember that some strategic weapons will only be released on authority of the President. Note: during the planning process the CINC will be the single person responsible for the overall campaign and will decide his or her weapons of choice, but just as in the case of nuclear weapons, IW weaponry will require a higher lever of coordination and authorization for release.
America has the strongest, most capable military in the world. This fact challenges many nation's objectives which conflict with American policy. No nation has the capability to challenge the United States using traditional force-on-force. Further, the acquisition of weapons of mass destruction by such nations is also considered futile, as America's response would be direct and massive. This leaves many developing nations with few options in countering America's military force. That was until the introduction of Information Warfare.
Many nations in competition with the United States, either in the political or economic realm, are actively developing IW capabilities. They hope to use these capabilities to gain an industrial edge by stealing U.S. industrial secrets, and when possible disrupt America's industrial base.
America possesses many infrastructures: power, transportation, economic. But there are others not normally considered. Our nation possesses a knowledge infrastructure where critical scientific information is freely shared between academia, government, and industry. This infrastructure, like others, is open to attack by IW weapons.
America has typically enjoyed a protected sanctuary provided by the two great oceans. Not until Pearl Harbor and the subsequent nuclear threat did America become aware of it's loss of sanctuary. With the fall of the Iron Curtain and the end of the Cold War, Americans have returned to believing in a new protected sanctuary. This is far from the truth. Daily, America's critical infrastructures are being probed and investigated by foreign powers. Our nation's industries currently lack the capability to adequately detect the implantation of IW weapons into our infrastructure.
Many nations are looking for ways to attack our financial networks to gain economic advantage. Likewise our industrial base is under attack. Cyberspace has no geographic boundaries. Nations are contracting the efforts of cyber-terrorists to maintain non-attribution. It is possible that some nations we traditionally consider allies and friendly are set on a path of economically and industrially conquering America.
America's sanctuary has been lost. Our nation is under a quiet, sometimes organized attack by many forces whose goal is to topple America's global position.
The military perspective on the beta version of this tutorial was composed from various unclassified briefings and presentations. Each service has been distributed the beta version with the intent of providing input into the final version due in October 1996. As you explore the military perspective please remember that military offensive aspects of IW cannot be discussed openly. Nonetheless these efforts are ongoing!
Just as America's military transitioned into the industrial age and adopted the concept of mechanized war, so will it adapt to warfare in the information age. That said, the transition will not be easy. Just as military leaders resisted accepting a mechanized calvary and concept of an Air Force there will be great hesitation to adopt IW. By its nature any military must adhere to tradition and order. How else can a person be commanded into combat? But tradition typically stalls advancement of new technologies. America's military will become tomorrow's information warriors, and when future military leaders look to this period they will again wonder why acceptance of such an natural concept was hard to comprehend.
The Army has and will always command the ground aspect of warfare. The information revolution will provide a battlefield (situational) awareness unimaginable today. The fog of war will be greatly reduced if not totally eliminated. Likewise, offensive IW will render our nation's enemies dispersed and informationally isolated. The enemy's fog will be extended to a complete blindness. All aspects of today's Army will be enhanced by the information revolution.
The Navy and Marine Corps will continue to control the seas and provide the heavy strategic reach capability America now enjoys. Global sensory networks will ensure the Navy has the capability to track any form of naval enemy on a global basis. New information technologies will extend the track and reaction time of many naval weaponry for both hard and soft kills.
The Air Force and its command of the skies will continue. Tomorrow's air defense weaponry and electronic warfare will be unrecognizable to today's military leaders. The ability to precisely strike a hostile nation's command and control, air defense, or critical infrastructures will be just a push-button away. If a hard kill is required, the enhancement of IW will ensure the safety of our service personal and reduce the amount of physical force necessary. Precision strike will place munitions on a target in ways now considered impossible.
The nation is ready to debate the issue of Information Warfare and begin to decide that delicate balance between protecting the individual rights and national security. For the past three years we have come a long way. First the term Information Warfare was discussed, i.e., what does it mean. Then groups began to discuss organization structure and identify needed policy. Today, insiders understand IW and its threat to America's infrastructure. It is now time to mode the debate to the people and industry and answer the question, how do we protect America's Critical Infrastructure form Information Warfare.
The following Executive Order was issues by President Clinton on July 15, 1996. It focuses the necessary ingredients for the national debate:
WASHINGTON, July 15, 1996 Executive Order Certain national infrastructures are so vital that their incapacity or destruction would have a debilitating impact on the defense or economic security of the United States. These critical infrastructures include telecommunications, electrical power systems, gas and oil storage and transportation, banking and finance, transportation, water supply systems, emergency services (including medical, police, fire, and rescue), and continuity of government. Threats to these critical infrastructures fall into two categories: 1. physical threats to tangible property ("physical threats"), 2. and threats of electronic, radio-frequency, or computer-based attacks on the information or communications components that control critical infrastructures ("cyber threats"). Because many of these critical infrastructures are owned and operated by the private sector, it is essential that the government and private sector work together to develop a strategy for protecting them and assuring their continued operation. NOW, THEREFORE, by the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows: Section 1. Establishment. There is hereby established the President's Commission on Critical Infrastructure Protection ("Commission"). (a) Chair. A qualified individual from outside the Federal Government shall be appointed by the President to serve as Chair of the Commission. The Commission Chair shall be employed on a full-time basis. (b) Members. The head of each of the following executive branch departments and agencies shall nominate not more than two full-time members of the Commission: (i) Department of the Treasury; (ii) Department of Justice; (iii) Department of Defense; (iv) Department of Commerce; (v) Department of Transportation; (vi) Department of Energy; (vii) Central Intelligence Agency; (viii) Federal Emergency Management Agency; (ix) Federal Bureau of Investigation; (x) National Security Agency. One of the nominees of each agency may be an individual from outside the Federal Government who shall be employed by the agency on a full-time basis. Each nominee must be approved by the Steering Committee. Sec. 2. The Principals Committee. The Commission shall report to the President through a Principals Committee ("Principals Committee"), which shall review any reports or recommendations before submission to the President. The Principals Committee shall comprise the: (i) Secretary of the Treasury; (ii) Secretary of Defense; (iii) Attorney General; (iv) Secretary of Commerce; (v) Secretary of Transportation; (vi) Secretary of Energy; (vii) Director of Central Intelligence; (viii) Director of the Office of Management and Budget; (ix) Director of the Federal Emergency Management Agency; (x) Assistant to the President for National Security Affairs; (xi) Assistant to the Vice President for National Security Affairs. Sec. 3. The Steering Committee of the President's Commission on Critical Infrastructure Protection. A Steering Committee ("Steering Committee") shall oversee the work of the Commission on behalf of the Principals Committee. The Steering Committee shall comprise four members appointed by the President. One of the members shall be the Chair of the Commission and one shall be an employee of the Executive Office of the President. The Steering Committee will receive regular reports on the progress of the Commission's work and approve the submission of reports to the Principals Committee. Sec. 4. Mission. The Commission shall: (a) within 30 days of this order, produce a statement of its mission objectives, which will elaborate the general objectives set forth in this order, and a detailed schedule for addressing each mission objective, for approval by the Steering Committee; (b) identify and consult with: (i) elements of the public and private sectors that conduct, support, or contribute to infrastructure assurance; (ii) owners and operators of the critical infrastructures; and (iii) other elements of the public and private sectors, including the Congress, that have an interest in critical infrastructure assurance issues and that may have differing perspectives on these issues; (c) assess the scope and nature of the vulnerabilities of, and threats to, critical infrastructures; (d) determine what legal and policy issues are raised by efforts to protect critical infrastructures and assess how these issues should be addressed; (e) recommend a comprehensive national policy and implementation strategy for protecting critical infrastructures from physical and cyber threats and assuring their continued operation; (f) propose any statutory or regulatory changes necessary to effect its recommendations; and (g) produce reports and recommendations to the Steering Committee as they become available; it shall not limit itself to producing one final report. Sec. 5. Advisory Committee to the President's Commission on Critical Infrastructure Protection. (a) The Commission shall receive advice from an advisory committee ("Advisory Committee") composed of no more than ten individuals appointed by the President from the private sector who are knowledgeable about critical infrastructures. The Advisory Committee shall advise the Commission on the subjects of the Commission's mission in whatever manner the Advisory Committee, the Commission Chair, and the Steering Committee deem appropriate. (b) A Chair shall be designated by the President from among the members of the Advisory Committee. (c) The Advisory Committee shall be established in compliance with the Federal Advisory Committee Act, as amended (5 U.S.C. App.). The Department of Defense shall perform the functions of the President under the Federal Advisory Committee Act for the Advisory Committee, except that of reporting to the Congress, in accordance with the guidelines and procedures established by the Administrator of General Services. Sec. 6. Administration. (a) All executive departments and agencies shall cooperate with the Commission and provide such assistance, information, and advice to the Commission as it may request, to the extent permitted by law. (b) The Commission and the Advisory Committee may hold open and closed hearings, conduct inquiries, and establish subcommittees, as necessary. (c) Members of the Advisory Committee shall serve without compensation for their work on the Advisory Committee. While engaged in the work of the Advisory Committee, members may be allowed travel expenses, including per diem in lieu of subsistence, as authorized by law for persons serving intermittently in the government service. (d) To the extent permitted by law, and subject to the availability of appropriations, the Department of Defense shall provide the Commission and the Advisory Committee with administrative services, staff, other support services, and such funds as may be necessary for the performance of its functions and shall reimburse the executive branch components that provide representatives to the Commission for the compensation of those representatives. (e) In order to augment the expertise of the Commission, the Department of Defense may, at the Commission's request, contract for the services of nongovernmental consultants who may prepare analyses, reports, background papers, and other materials for consideration by the Commission. In addition, at the Commission's request, executive departments and agencies shall request that existing Federal advisory committees consider and provide advice on issues of critical infrastructure protection, to the extent permitted by law. (f) The Commission, the Principals Committee, the Steering Committee, and the Advisory Committee shall terminate 1 year from the date of this order, unless extended by the President prior to that date. Sec. 7. Interim Coordinating Mission. (a) While the Commission is conducting its analysis and until the President has an opportunity to consider and act on its recommendations, there is a need to increase coordination of existing infrastructure protection efforts in order to better address, and prevent, crises that would have a debilitating regional or national impact. There is hereby established an Infrastructure Protection Task Force ("IPTF") within the Department of Justice, chaired by the Federal Bureau of Investigation, to undertake this interim coordinating mission. (b) The IPTF will not supplant any existing programs or organizations. (c) The Steering Committee shall oversee the work of the IPTF. (d) The IPTF shall include at least one full-time member each from the Federal Bureau of Investigation, the Department of Defense, and the National Security Agency. It shall also receive part-time assistance from other executive branch departments and agencies. Members shall be designated by their departments or agencies on the basis of their expertise in the protection of critical infrastructures. IPTF members' compensation shall be paid by their parent agency or department. (e) The IPTF's function is to identify and coordinate existing expertise, inside and outside of the Federal Government, to: (i) provide, or facilitate and coordinate the provision of, expert guidance to critical infrastructures to detect, prevent, halt, or confine an attack and to recover and restore service; (ii) issue threat and warning notices in the event advance information is obtained about a threat; (iii) provide training and education on methods of reducing vulnerabilities and responding to attacks on critical infrastructures; (iv) conduct after-action analysis to determine possible future threats, targets, or methods of attack; and (v) coordinate with the pertinent law enforcement authorities during or after an attack to facilitate any resulting criminal investigation. (f) All executive departments and agencies shall cooperate with the IPTF and provide such assistance, information, and advice as the IPTF may request, to the extent permitted by law. (g) All executive departments and agencies shall share with the IPTF information about threats and warning of attacks, and about actual attacks on critical infrastructures, to the extent permitted by law. (h) The IPTF shall terminate no later than 180 days after the termination of the Commission, unless extended by the President prior to that date. Sec. 8. General. (a) This order is not intended to change any existing statutes or Executive orders. (b) This order is not intended to create any right, benefit, trust, or responsibility, substantive or procedural, enforceable at law or equity by a party against the United States, its agencies, its officers, or any person. WILLIAM J. CLINTON THE WHITE HOUSE, July 15, 1996.
The following list of references are from an excellent paper written by Daniel E. Magsig titled Information Warfare: In the Information Age. Thanks to Daniel for all the effort in compiling this list with abstracts:
[1] Alberts, David S., and Richard E. Haynes. "Information Warfare Workshop: Decision Support Working Group Report." First International Symposium on Command and Control Research and Technology (June 1995): 569-76. Discusses information warfare decision support, and offensive and defensive information warfare issues. Highlights pervasive nature of information warfare. Recommends one consistent, widely disseminated policy on information warfare, full integration of information warfare into military operations, emphasis on defensive information warfare, and attention to psychological and coalition warfare issues. [2] Alberts, David S., and Richard E. Haynes. "The Realm of Information Dominance: Beyond Information War." First International Symposium on Command and Control Research and Technology (June 1995): 560-65. Examines the concept of information dominance. Suggests a data, information, understanding, knowledge, and wisdom typology of information. Defines information space across arenas, levels, and natures of interaction between entities. Highlights danger of focusing too narrowly on commonly discussed elements of information warfare. [3] Arquilla, John, and David Ronfeldt. "Cyberwar is Coming!" Comparative Strategy 12 (April-June 1993): 141-65. Classic paper introduces terms "cyberwar" and "netwar". Argues mass and mobility will no longer decide the outcome of conflict. Instead, decentralized, networked forces with superior command, control, and information systems will disperse the fog of war while enshrouding the enemy in it. Provides excellent example of twelfth and thirteenth century Mongol armies successfully employing such doctrine. [4] Arquilla, John. "The Strategic Implications of Information Dominance." Strategic Review (Summer 1994): 24-30. Focuses on the importance of information dominance over traditional attritional and maneuver techniques. Introduces control warfare and advocates a systems approach to identifying and attacking an adversary's "center of gravity". Identifies the links between systemic elements as key targets. [5] Campen, Alan D., ed. The First Information War: The Story of Communications, Computers, and Intelligence Systems in the Persian Gulf War. (Fairfax, VA: AFCEA International Press, 1992.) Often cited reference on the role of information, communications, command, control, and electronic warfare in the Persian Gulf War. [6] Campen, Alan D. "Information Warfare is Rife with Promise, Peril." Signal 48 (November 1993): 19-20. Argues military leaders must understand the nature of change in warfare inherent in information based warfare. The right changes will act as effective force multipliers. The wrong changes, or failure to change, will leave the United States dangerously exposed. Discusses specific military issues. [7] Campen, Alan D. "Vulnerability of Info Systems Demands Immediate Action: Reliance by Military on Commercial Communications Infrastructure Poses Significant Peril to United States." National Defense (November 1995): 26-7. Focuses on military reliance on commercial communications and market driven security policy. Argues for stronger government role in assuring the security of the National Information Infrastructure. [8] Clausewitz, Carl von. On War. (New York: Viking Penguin, 1988.) Classic text on warfare that has dominated military thinking for over a century. Clausewitz regards information as generally unreliable in war. This can be explained by his focus on operational and tactical level issues, and his pre-Industrial Age frame of reference. Unfortunately, Clausewitz so dominates military thinking that his bias against information and intelligence has in some cases undermined acceptance of the precepts information warfare. [9] Dubik, James M., and Gordon R. Sullivan. "War in the Information Age." AUSA Institute of Land Warfare, Landpower Essay Series 94-4 (May 1994): 16 pages. Parallels the changes needed in today's Information Age military with the changes that were necessary in the Industrial Age military at the turn of the century. Specifically, the network as the model replaces the machine as the model; near-simultaneous, continuous, short-run production replaces paced, sequential, continuous, long run production; and, mass-customized products, precisely targeted, with near-instantaneous distribution replaces mass output. [10] Franks, Frederick M., Jr. "Winning the Information War" Vital Speeches of the Day 60 (May 15, 1994): 453-8. Discusses the shift from hierarchical organizations to networked organizations necessary in information based warfare. Traces the evolution of command, control, communications, and intelligence through major wars. Emphasizes the need for rapid, reliable sharing of information across units and at different levels instead of traditional stove-piped intelligence activities. [11] Grier, Peter. "Information Warfare." Air Force Magazine (March 1995): 34-7. Provides overview of information warfare from the U.S. military perspective. Pulls together information from many sources highlighting key topics. [12] Handel, Michael I. Sun Tzu and Clausewitz Compared. (Carlisle Barracks, Pennsylvania: U.S. Army War College, 1991.) Compares the two most highly regarded classic texts on warfare. Section on deception, surprise, intelligence, and command and control speaks to issues related to information warfare. [13] Jensen, Owen E. "Information Warfare: Principles of Third-Wave War." Airpower Journal (Winter 1994): 35-43. Summarizes War and Anti-War [31] and proposes eight principles of information warfare grouped into four categories summarized as: "(1) thicken the fog of war for our enemy, (2) lift the fog of war for ourselves to create a transparent battlefield, (3) ensure that our enemies can't turn these tables on us, and (4) always fight the information war with full intensity." [14] Johnson, Stuart E., and Martin C. Libicki, eds. Dominant Battlespace Knowledge: The Winning Edge. (Washington, D.C.: National Defense University Press, 1995.) Introduces the concept of dominant battlespace knowledge which is the ability to collect real-time battlefield information, understand that information, and turn that knowledge into a decisive battlespace advantage. Discusses necessary doctrinal changes. [15] Lawrence, R. E., and A. J. Ross. "Equities: Dissemination vs. Protection: Information Warfare Workshop Results." First International Symposium on Command and Control Research and Technology (June 1995): 566-8. Recommends action to raise public awareness of the threat of information warfare. Recognizes vulnerabilities to national information infrastructure. Argues information needs to be shared instead of overprotected, on the premise that some adversaries, notably hackers, have achieved their relative effectiveness largely through the practice of information sharing. [16] Libicki, Martin C. What is Information Warfare? (Washington, D.C.: National Defense University Press, 1995.) Proposes seven distinct forms of information warfare: command and control warfare, intelligence based warfare, electronic warfare, psychological warfare, "hacker" warfare, economic information warfare, and cyberwarfare. Posits that the concept of information dominance is hollow. [17] Libicki, Martin C. The Mesh and the Net: Speculations on Armed Conflict in a Time of Free Silicon. (Washington, D.C.: National Defense University Press, 1995.) Analyzes the "revolution in information technology." Argues that technology begets doctrine and doctrine begets organization, implying a possible need for organizational changes in the military. Examines a proposed "Information Corps". [18] Libicki, Martin C., and James A. Hazlett. "Do We Need an Information Corps?" Joint Forces Quarterly 1 (Autumn 1993): 88-97. Examines the debate as to whether a separate Information Corps should be created. The benefits would be common doctrine, inherent standardization, and increased innovation. The downside would be a lack of integration with other forces. [19] Libicki, Martin C. "Dominant Battlefield Awareness and its Consequences." First International Symposium on Command and Control Research and Technology (June 1995): 550-9. Introduces the concept of dominant battlefield awareness. Predicts the ability to achieve perfect knowledge of a 200 mile square battlefield by the year 2008. Discusses the technological requirements for achieving dominant battlefield awareness. Examines the pros and cons of related issues. [20] Lucky, Robert W. Silicon Dreams: Information, Man, and Machine. (New York, NY: St. Martin's Press, 1989.) Discusses in layman's terms the concept of information, information theory, and information processing. Provides even coverage of philosophical and technical issues. Touches on almost every important aspect of information. [21] Mann, Edward. "Desert Storm: The First Information War?" Airpower Journal (Winter 1994): 4-14. Takes the theory of information warfare and ties it together with specific examples from the Persian Gulf War. Discusses many key concepts in concise, readable terms. [22] Nielson, Robert E., and Charles B. Gaisson. "Information - The Ultimate Weapon." First International Symposium on Command and Control Research and Technology (June 1995): 545-549. Examines the differences between war in the Industrial Age and war in the Information Age. Focuses in on the decision environment and the old and new paradigms for decision making. Argues for greater technological support for decision making to reduce need for fallible intuition. [23] Peterson, A. Padgett. "Tactical Computers Vulnerable to Malicious Software Attacks." Signal 48 (November 1993): 74-5. Highlights the role of tactical computers in warfare, examining their vulnerability to viruses. Discusses the history of viruses, how they work, what they are capable of, and theoretical reasons why no perfect defense can be established. Examines practical measures that can be taken with tactical computers to reduce the threat. [24] Ryan, Donald E., Jr. "Implications of Information Based Warfare." Joint Forces Quarterly (Autumn-Winter 1994-5): 114-6. Discusses the need to re-examine doctrine in light of advances in technology. Draws analogies between traditional Industrial Age warfare doctrinal elements and proposed future doctrine. [25] Schwartau, Winn. Information Warfare: Chaos on the Electronic Superhighway. (New York, NY: Thunder's Mouth Press, 1994.) Popular text on information warfare in general. Full of anecdotes. Lacks grounding in the theoretical basis of warfare. Divides information warfare into personal, corporate, and global information warfare. [26] Science Application International Corporation (SAIC). Information Warfare: Legal, Regulatory, Policy, and Organizational Considerations for Assurance. (Prepared for the Joint Staff, 4 July, 1995.) Exhaustive legal reference on the legal, regulatory, policy, and organizational implications of information warfare. Cites specifics in public law, executive orders, court decisions, etc. [27] Starr, Stuart H., and Dale K. Pace. "Developing the Intellectual Tools Needed by the Information Warfare Community." First International Symposium on Command and Control Research and Technology (June 1995): 577-86. Outlines a detailed conceptual framework for understanding information from the military perspective. Leaves room for further definition of non-military elements of information warfare. Examines toolsets applicable to the support of the information warfare community. [28] Stein, George J. "Information Warfare." Airpower Journal (Spring 1995): 31-39. Discusses a definition of information warfare, development of a strategy for information warfare, the U.S. Air Force perspective, and the danger of failing to address information warfare. Sees the rise of information warfare as similar to the rise of Airpower. [29] Stoll, Clifford. The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage. (New York: Doubleday, 1989.) Classic true story of international information warfare over the Internet. Often referenced. [30] Szafranski, Richard. "A Theory of Information Warfare: Preparing for 2020." Airpower Journal (Spring 1995): 56-65. Defines information and warfare. Focuses on psychological warfare aspects on information warfare. Sees the primary target of information warfare as the knowledge and belief systems of the adversary. [31] Toffler, Alvin, and Heidi Toffler. War and Anti-War: Survival at the Dawn of the 21st century. (New York, NY: Little, Brown, and Company, 1993.) Traces the evolution of warfare through agrarian, industrial, and informational warfare "waves." Forecasts the future of human conflict. Constantly referenced and highly recommended by other authors on the subject of information warfare. [32] Tzu, Sun (Griffith, Samuel B., trans.) The Art of War. (New York: Oxford University Press, 1963.) Ancient text on warfare popularized due to Sun Tzu's holistic view of warfare and the increasing irrelevance of Clausewitz's classic On War in the Information Age. Unlike Clausewitz, Sun Tzu regards information as indispensable in reducing the uncertainty of war. Much of The Art of War is arguably applicable to information warfare. [33] Waller, Douglas. "Onward Cyber Soldiers." Time (August 24, 1995): 38-46. Focuses mostly on examples and speculation to describe information warfare. Provides a summary of some of the major papers on information warfare. Includes many salient points. [34] Wardynski, E. Casey. "The Labor Economics of Information Warfare." Military Review (May-June 1995): 56-61. Examines the economics of providing appropriate education in the nation's public schools to ensure the numbers of quality workers that will be required to support and defend the nation in the Information Age. Analyzes the wages these people can expect to make and discusses the tradeoff between developing technologies that require low skill, low wage workers, versus developing technologies that require high skill, high wage workers. [35] Cornerstones of Information Warfare. (Department of the Air Force, 1995.) States the Air Force's definition of information warfare. Outlines the traditional elements of warfare which comprise information warfare. Discusses how Air Force doctrine should change to accommodate information warfare. [36] Jumpstart Information Warfare Briefing. (Department of the Air Force, 1995.) Open source briefing ordered by the Air Force Chief of Staff to educate Major Command and Numbered Air Force commanders and staffs on the subject of information warfare. Contains numerous examples of information warfare activities. [37] National Defense University School of Information Warfare and Strategy Syllabus, Academic Year 1995-96. Details goals, objectives, lessons, and labs taught at the School of Information Warfare and Strategy. [38] U.S. Army Field Manual (FM) 100-6, Information Operations, 8 July, 1995 Working Draft. States the Army's definition of information warfare. Discusses information environment, threats, information dominance, information operations, command and control warfare, intelligence, information systems, and information activities. [39] U.S. Army TRADOC Pamphlet 525-9, Concept for Information Operations, 1 August, 1995. "This concept describes the importance of information and how to win the information war in military operations now and into the twenty-first century."