Cyber-Terrorism: E-WWIII? (6 of 8)

TOPIC 6: Information Warfare

What links information warfare with cyber-terrorism is that information technology is the means and object of attack.[1] Of concern is how the culmination of advanced technological objectives will work in concert with traditional models of terrorism. More specifically, how our society’s reliance on electronic information has led to the possibility of an increase in lethality of an attack, when a cyber-attack is used in concert with other more conventional means. Former deputy Secretary of Defense, John Hamre, believed that “if there is going to be a cyber terrorism event, it’s really, in my view, going to be used to try to amplify the effect of the primary attack, which is going to be physical.”[2] Hamre believes that unlike governments who use information warfare as a tactical and somewhat covert mechanism, terrorists will continue to exploit through shock and awe. As early as the late 1990’s, scholars were concerned about a time when a terrorist would find a way to accomplish the physical damage from a remote location. For example, a person would aim to use information warfare to disrupt a city’s emergency communications network, then detonate a bomb, thereby preventing the first responders and authorities from reacting and exponentially magnifying the carnage—all from the safety and privacy of his own home computer.[3] Today, not only is this scenario possible, but the traditional bomb is no longer even in the equation and we have arguably surpassed Hamre’s expectations of how the digital world and terrorism would interact. The modern day equivalent of his fears would involve hacking into a computer programmed drone to accomplish the secondary attack after taking out the emergency communications. In this sense even the physical attack would be accomplished through cyber means.

Consequently, in the post Cold-War era we find ourselves in, much of our defensive strategies have been aimed at that one purpose: Information Warfare. Regrettably this vague and ambiguous term has been used so broadly that a precise definition of what it means in practice is elusive (or just “classified”). The term rose to popularity in the intelligence community in 1996 at a time when cyber-terrorism was a more visceral threat than traditional terrorism. The Brown Commission’s[4] report detailed the future of how intelligence gathering and defense strategies must focus on electronic transmission through information warfare, which the commission defined as “activities undertaken by government, groups, or individuals to gain electronic access to information systems in other countries … as well as activities undertaken to protect against it.”[5]

UNDERSTANDING INFORMATION WARFARE

Certain characteristics must be present to classify as information warfare, in that it is 1) conducted during a time of crisis or conflict, in order to 2) promote specific objective against an adversary.[6]  Much as traditional warfare is broken down into different battle attacks and special operations, information warfare is composed of information operations, which are “[a]ctions taken to affect adversary information and information systems while defending one’s own information and information systems.”[7]

These adversarial actions come to life in the form of syntactic and semantic attacks. Syntactic attacks are directed at a computer’s operating system—at the “heart” of the computer—the software that controls the computer’s functions. [8]This type of attack works by making a modification in the computer operating system, that changes the logic of the system in order to make the system unpredictable, and introduce delays in the processing of the system.[9] If a syntactic attack is aimed destroying the heart, then a semantic attack could be seen as attacking the brain of a computer—resulting in a seemingly functional machine, but actually produces a distorted reality of information. A semantic attack works affecting a user’s confidence in the accuracy of the data he is accessing, by modifying information that is entering the system, without the users’ knowledge, in order to induce errors.” [10] This attack produces a distorted reality, much like a learning or memory disorder in the brain might, in that the computer under a semantic attack “will be perceived as operating correctly (otherwise the semantic attack is a failure), but it will generate answers at variance with reality.”[11]

Information warfare consists both of these attacks on the processing systems of these targeted networks so that cyber-attacks against the U.S. may be thwarted, but also includes the gathering aspect in which the government may access virtually any network in order to assess target areas and potential breaches of national security.

HISTORIC ATTACKS USING INFORMATION WARFARE

This was precisely what occurred in 1998, in highly classified incident that has come to be known as Moonlight Maze, when U.S. officials accidentally discovered a pattern of probing of computer systems at the Pentagon, NASA, Energy Department, private universities, and research labs that had been going on for nearly two years.[12] Moonlight Maze finally proved to the Defense Department the vulnerabilities and possibility of exploitation by some adversary gaining access to very sensitive information, and doing so over a considerable period of time. With the DoD finally understanding the need for a defensive cyber strategy, information warfare as a proactive and defensive measure began to take hold.

In the early 2000’s the White House was faced with a time sensitive computer virus known as ‘Code Red.’ The virus had a 27 day life cycle in which it spread and then remained dormant until a certain day when it was programmed to launch denial of service attack against the White House Web site at a certain date and time, from all 300,000 affected computers. Working with the private sector, the threat was thwarted and the success of information warfare as a legitimate defensive tactic was cemented. [13]

CONSTITUTIONAL ISSUES ARISING IN THE CONTEXT OF INFORMATION WARFARE

At first blush, this working description of how and when information warfare is used seems sufficiently limited in that it would not provoke any efforts to affect congressional war powers. However, just as technology has changed the landscape of war and terrorism so too has the definition of information warfare expanded in scope to include “conflicts that involve the protection, manipulation, degradation, and denial of information.”[14]The issue quickly then becomes how intelligence-based warfare relating to acquiring information and the manipulation of that information, should be carried out and whether that information is protected as a national security asset.[15] How far should congressional powers extend under the war powers provision to allow the government to obtain and analyze vast amounts of sometimes personal information, in order to defend against (or even carry out) attacks?

With the revelation that in the last 10 years, since information warfare has taken serious hold in intelligence communities, the standard operations now include gathering information on non-adversarial parties (i.e. American citizens), the question of regulation is ripe for an answer. Looking back at the Information Warfare and Security conference held in South Africa in 2009, where scholars contemplated the need for action in establishing boundaries for information warfare, one can only look back in 20/20 hindsight. Particularly, when one graduate business student preached that American military leaders must “explicit IW guidelines striking an equitable balance between humanitarianism concerns and military necessity,” lest they be faced with allegations of war crimes using these technologies beyond the scope of maintain international stability.[16] If the military and NSA are unwilling to regulate themselves, then it remains the domain of the judiciary to provide a check on the executive branch:

Certain constitutional clauses require the “wary jurist” to confront the reoccurring puzzle of how constitutional provisions written two centuries ago should be construed and applied in ever-changing circumstances. Nonetheless, particularly in the case of IW, new technologies should not lead us to react reflexively either way—either by assuming that technologies the Framers didn’t know about make their concerns and values obsolete, or by assuming that those new technologies couldn’t possibly provide new ways out of old dilemmas and therefore should be ignored altogether.[17]

This French student, over 4 years ago, was able to capture what constitutional legal scholars and heads of U.S. department agencies have being unable or unwilling to realize. “The US constitution is founded on universal conceptions of humanity that information warfare technologies and techniques cannot disprove: No conduct shall be placed above the constitution.”[18]

Norman Rockwell's Freedom from Fear (1943)

Norman Rockwell’s Freedom from Fear (1943)


[1] Clive Walker, Cyber-Terrorism: Legal Principle and Law in the United Kingdom, 110 Penn St. L. Rev. 625, 635 (2006).

[2] Interview with John Hamre, Former Deputy Secretary of Defense, Frontline News (Feb. 18, 2003), available at http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/interviews/hamre.html.

[3] Frank J. Cilluffo et. al., Bad Guys and Good Stuff: When and Where Will the Cyber Threats Converge?, 12 DePaul Bus. L.J. 131, 160-61 (2000) (discussing a 1997 incident, involving a young man sitting behind his desktop computer thousands of miles away in Toborg, Sweden, who disabled portions of the Emergency 911 system in Southern Florida.).

[4] The Intelligence Authorization Act for Fiscal Year 1995 created the Commission on the Roles and Capabilities of the United States Intelligence Community, which later became simply known as the Brown Commission. The committee reviewed and summarized the role of the intelligence community in the “post-cold war global environment.” The committee’s subsequent report, entitled Preparing for the 21st Century an Appraisal of U.S. Intelligence, was released in March of 1996, detailing the future of information warfare. Michael T. Clark, Economic Espionage: The Role of the United States Intelligence Community, 3 J. Int’l Legal Stud. 253, 256-57 (1997).

[5] Brian C. Lewis, Information Warfare, Federation of American Scientists, available at http://www.fas.org/irp/eprint/snyder/infowarfare.htm.

[6] Kenneth B. Moss, Information Warfare and War Powers: Keeping the Constitutional Balance, Fletcher F. World Aff., SUMMER/FALL 2002, at 239, 240; see also George K. Walker, Information Warfare and Neutrality, 33 Vand. J. Transnat’l L. 1079 (2000) (defining information warfare as any “actions taken to affect adversary information and information systems conducted during a crisis or conflict to achieve or promote specific objectives against the adversary”); Captain Robert G. Hanseman, USAF, The Realities and Legalities of Information Warfare, 42 A.F. L. Rev. 173, 176 (1997) (“Information-based warfare is that which utilizes information, especially computer-processed information, to impose one’s will on the enemy”).

[7] Moss, supra note 93, at 239.

[8] Susan W. Brenner, Marc D. Goodman, In Defense of Cyberterrorism: An Argument for Anticipating Cyber-Attacks, U. Ill. J.L. Tech. & Pol’y, Spring 2002, at 1, 27.

[9] Id. at 27.

[10] Id. at 31.

[11] Id. at 31-32.

[12] Interview with John Arquilla, Associate Professor of Defense Analysis at the Naval Postgraduate School, Frontline News (March 4, 2003), available at http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/interviews/arquilla.html.

[13] Interview with Ron Dick, Former Director of the FBI’s National Infrastructure Protection Center, Frontline News (March 18, 2003), available at http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/interviews/dick.html.

[14] Id. (quoting Martin Libicki, What Is Information Warfare, 10, National Strategic Studies, 1996 (1995)).

[15] Moss, supra note 93.

[16] Berg Hyacinthe, Warning to Information Operations Planners: Ignore Information-Seeking Patterns and the Legal Protection of Information Warfare Victims in the Middle East at your Peril, Leigh Armistad, ed., Edith Cowan University (2009).

[17] Id.

[18] Id.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: