Handbook of Information Security Management:Policy, Standards, and Organization

Previous Table of Contents Next


Section 4-2
Security Awareness

Chapter 4-2-1
Information Warfare and the Information Systems Security Professional

Gerald L. Kovacich

Although the Cold War has ended, it has been replaced by new wars. These wars involve the use of technology as a tool to assist in conducting information warfare. It encompasses electronic warfare, techno-terrorist activities, and economic espionage. The term “information warfare” is being referred to as the twenty-first century method of waging war. The U.S., among other countries, is in the process of developing cyberspace weapons.

These threats will challenge the information security professional. The threats from the teenage hacker, company employee, and phreakers are nothing compared with what may come in the future. The information warfare warriors, with Ph.D.s in computer science backed by millions of dollars from foreign governments, will be conducting sophisticated attacks against U.S. company and government systems.

THE CHANGING WORLD AND TECHNOLOGY

The world is rapidly changing and, as the twenty-first century approaches, the majority of the nations of the world are entering the information age as described by Alvin and Heidi Toffler. As they discussed in several of their publications, nations have gone or are going through three waves or periods:

  The agricultural period, which according to the Tofflers ran from the time of humans to about 1745.
  The industrial period, which ran from approximately 1745 to the mid-1900s.
  The information period, which began in 1955 (the first time that white-collar workers outnumbered blue collar workers) to the present.

Because of the proliferation of technologies, some nations, such as, Taiwan and Indonesia, appear to have gone from the agricultural period almost directly into the information period. The U.S., as the information technology leader of the world, it is the most information systems-dependent country in the world and, thus, the most vulnerable.

What is meant by technology? Technology is basically defined as computers and telecommunications systems. Most of today’s telecommunications systems are computers. Thus, the words telecommunications, technology, and computers are sometimes synonymous.

Today, because of the microprocessor, its availability, power, and low cost, the world is building the Global Information Infrastructure (GII). GII is the massive international connections of world computers that will carry business and personal communications, as well as those of the social and government sectors of nations. Some contend that it could connect entire cultures, erase international borders, support cyber-economies, establish new markets, and change the entire concept of international relations.

The U.S. Army recently graduated its first class of information warfare hackers to prepare for this new type of war. The U.S. Air Force, Army, and Navy have established information warfare (IW) centers. Military information war games are now being conducted to prepare for such contingencies.

INFORMATION AGE WARFARE AND INFORMATION WARFARE

Information warfare (IW) is the term being used to define the concept of twenty-first century warfare, which will be electronic and information systems driven. Because it is still evolving, its definition and budgets are unclear and dynamic.

Government agencies and bureaus within the Department of Defense all seem to have somewhat different definitions of IW. Not surprisingly, these agencies define IW in terms of strictly military actions; however, that does not mean that the targets are strictly military targets.

Information warfare, as defined by the Defense Information Systems Agency (DISA) is “actions taken to achieve information superiority in support of national military strategy by affecting adversary information and information systems while leveraging and protecting our information and information systems.” This definition seems to apply to all government agencies.

The government’s definition of IW can be divided into three general categories: offensive, defensive, and exploitation. For example:

  Deny, corrupt, destroy, or exploit an adversary’s information or influence the adversary’s perception (i.e, offensive).
  Safeguard the nation and allies from similar actions (i.e., defensive), also known as IW hardening.
  Exploit available information in a timely fashion to enhance the nation’s decision or action cycle and disrupt the adversary’s cycle (i.e., exploitative).


Previous Table of Contents Next



The CISSP Open Study Guide Web Site

We are proud to bring to all of our members a legal copy of this outstanding book. Of course this version is getting a bit old and may not contain all of the info that the latest version are covering, however it is one of the best tool you have to review the basics of security. Investing in the latest version would help you out in your studies and also show your appreciation to Auerbach for letting me use their book on the site.