Geography no safeguard against information warfare
- By Bob Brewin
- Apr 14, 1996
It's midspring in the year 2000. In the midst of yet another crisis in the Persian Gulf, Americans wake up to find out that war has hit the shores of their country for the first time since the Civil War.
CNN reports that a logic bomb has been placed in the computer system controlling the Northeast Corridor rail system, causing a Metroliner to crash. Later, the automatic tellers of the two largest bank chains in Georgia start to malfunction, causing the bank networks to shut down.
CNN reports that Western intelligence agencies believe Iran may be employing computer experts "to threaten the entire economic fabric of the United States and Western Europe."
Shortly after, CNN loses its satellite signal—the result of an attack against a key U.S. system.
Seemingly fanciful, these scenarios and others from the first Information War (IW) were played out from January through June of last year by senior members of the national security community as well as senior executives from telecommunications and computer companies in a Rand Corp. exercise called "The Day After...in Cyberspace." The project was conducted on behalf of the Office of the Assistant Secretary of Defense for Command, Control, Communications and Intelligence (ASD/C3I).
Rand conducted these exercises as part of an effort to "garner perspectives on a broad range of national security issues related to the evolving concept of information warfare," according to a report recently released by the think tank, "Strategic Information Warfare: A New Face of War."
The exercise highlighted what the report called "a fundamental aspect of strategic information warfare: There is no `front line.' Strategic targets in the United States may be just as vulnerable to attack as in-theater command, control, communications and intelligence targets."
Information warfare techniques, the report said, "render geographical distance irrelevant; targets in the continental United States are just as vulnerable as in-theater targets. Given the increased reliance of the U.S. economy on a high-performance, networked information infrastructure, a new set of lucrative, strategic targets presents itself to potential IW-armed opponents."
After receiving input from the senior decision makers who played the "Day After" game, Rand came to a number of conclusions about how the United States should prepare itself for IW. The report said the participants "widely agreed" that there should be a single focal point for IW within the government located within the Executive Office of the President.
That new office should then conduct "an immediate risk assessment" to determine U.S. vulnerabilities to IW. The government, Rand said, could also play a "more productive and efficient role as the facilitator and maintainer of some information systems and infrastructure...to encourage reducing vulnerability and improving recovery and reconstitution capability."
Following up on that recommendation, Rand said the government could protect itself from a total shutdown by developing a "minimal essential information infrastructure (MEII)."
A Pentagon spokeswoman said ASD/C3I "finds the report useful in its ongoing review of information warfare issues."
`A Lot of Influence'
John Pike, an analyst with the Federation of American Scientists, said the Rand reports carry a lot of weight "because of the people usually involved in the exercise.... I bet they dragged a not-insignificant portion of senior leaders in to play this game. As a result of that kind of participation, these exercises have a lot of influence."
John Pescatore, an information security specialist with IDC Government, said the suggestion to centralize all IW policy in the White House is a "bureaucratic" response to the problem that does not make much sense.
Pescatore also pointed out that, aside from the large sums the Pentagon has decided to invest in the Defense Message System, "there is no money" for developing a protective IW strategy or system.
Pike added that commercial entities, such as banks, would disagree with the suggestion that the government develop an MEII that would only protect government networks and systems.
"It strikes me as a bad idea to protect the Government Information Infrastructure while leaving the National Information Infrastructure open to attack," Pike said.
To order the "Strategic Information Warfare" report, call Rand at (310) 451-7002 or send electronic mail to [email protected]