The more sophisticated the technological base of a country, the more vulnerable it is to information warfare.
Mike Roberts/LONDON
WHEN HISTORIANS look back and consider the most important weapons system developed during 1995, the chances are that it will not be a missile, bomb or new aircraft which attracts their attention, but a few lines of computer code. During the course of the year, details have emerged of a new battlefield. It is called information warfare, or "cyber-war".
US military chiefs of staff now consider that there is a real risk of mainland USA being directly affected by a concerted attack on its computer systems. "The strategic landscape is changed forever," says Vice Adm Arthur Cebrowski, director for command, control, communications and computers for the US Joint Staff. He says that he ranks information warfare as a higher threat to US national security than conventional conflict.
It is not just the military, which is warning against the new threat. According to US House of Representatives Speaker Newt Gingrich, "...cyberspace is a free-flowing zone to which anyone has access... and we had better be prepared for zones of creativity we've never dreamed of".
The US Department of Defense (DoD), in an attempt to prevent an electronic Pearl Harbour, has established a panel of experts to assess the potential of information warfare. The Advanced Battle-space Information Task Force is spending the next three months exploring the implications of cyber-war. It will examine not only its direct battlefield use, but also how it could be used against a country's economic structure, by wrecking a nation's information infrastructure, including its military, banking and telephone systems, its power grids and its computer networks, without a shot being fired.
FALSE INFORMATION
In essence, information warfare is the use of computers and telecommunications to destroy a country's ability to function without a single shot being fired. This can be achieved by feeding false information into enemy computers, destroying information or issuing commands which over-ride legitimate instructions.
In one scenario suggested by US Air Force Lt Gen John Fairfield, deputy chief of staff for command, control, communications and computers, if military planners had possessed information-warfare tools during the planning stages of Operation Desert Storm, it could have been possible to attack Iraq's power grid by electronic means.
Like many nations, Iraq controls its power by computers. By infiltrating conflicting commands, the system could have been overloaded, resulting in a shutdown. Unlike those of the development of the nuclear bomb, the costs are minimal. With inexpensive home computers and modems, hackers have long been able to penetrate supposedly top-secret computer databases.
The problem that faces both military and commercial organisations in defending against a determined attack is that computer networks have grown organically over many years, and that growth has gathered pace over the last few years. The DoD has 12,000 different computer systems and, within the Pentagon, there are 45 separate electronic-mail networks. In the case of the Pentagon, a new single electronic-mail network is being developed by Loral Federal Systems. When it is in place, the Defense Message System will support up to 2 million users at 500 sites in the USA and around the world. It will not, however, be able to take the most sensitive secret messages until 2000, when it is fully operational. Some US experts question the feasibility of making any communications network totally secure.
The USA is not alone. The UK Ministry of Defence (MoD) has admitted that it has for some time been working on the potential of information warfare, although a senior official admits that it is behind the USA in developing its policy. The MoD says that it is "...examining ways in which appropriate levels of connectability and intra-operability can be maintained in a hostility situation. Our policy is that it is being developed in consultation with the individual services within the department, industries and clearly our defence allies. It also takes into account military concepts that have been around for a number of years. The UK MoD is actively aware of the work in the USA and has been actively involved in a number of studies and exercises, as the Americans have developed their doctrine. The essential issue is how complex and inter-dependent information systems have developed and how modern society depends on them."
One of the most devastating examples of the use of information warfare was enacted during the US Joint Warrior Interoperability Demonstration Warfare exercise in September 1995. During a series of tests to explore the strengths and weaknesses of the USA's computer systems, a US Air Force captain based at the Air Force Electronic Systems Center, Hanscom AFB, Massachusetts, electronically invaded the computer systems of several US Navy ships. If he had wanted to, he could have taken total control.
All he needed was a commercial off-the-shelf computer and modem, plus access to the military Internet. With these he was able to send, under the cover of an innocent-looking electronic-mail message, a series of codes which enabled him to pass from the non-secure ships' computer network to the supposed secure security net. A senior official has admitted that the exercise showed that "...we have a long way to go in protecting our information systems".
The conduit that the USAF captain used to gain access to the warships was the Internet. This is a series of interconnected computers originally developed by the US military to provide a communications network capable of being operated, even if much of the country had been devastated by nuclear war.
COMPLEX NETWORK
The theory when it was set up was that, even if several hubs had been destroyed, messages could still be passed between surviving computer hubs. The Internet not only connected military installations, but civil, university and commercial organisations. As time went by, other users joined the net and today it forms a complex web around the globe. It is believed, that there are now somewhere in the region of 100 million users, and this figure is expected to grow rapidly in the next few years. It is estimated that 95% of all US military non-classified data are transmitted, or are accessible, on the Internet.
Information warfare has developed from the need to prevent infiltration by hackers and, while the cost of equipment to attack a network might be low, the cost of defending against attack is colossal. The cost to the USA for improving security in 1996 will be $1 billion, and it is estimated that information-warfare costs will constitute 10% of the total US military-electronics budget until the middle of the next decade.
The UK is expected to announce before April the winner of a competition to supply a new fixed-communications network. The aim of this ten-year, £1 billion ($1.5 billion), project will be to replace 51 separate networks with a single Defence Fixed Telecommunications Network. One industry insider involved has calculated that as much as 30% of the cost is for defence against cyber attack. He says that, even ten years ago, such elaborate defence would have been described as "gold plating". This is not the case today, however.
While there are as yet no published examples of genuine attacks by cyber terrorists, there are plenty of examples to illustrate the extent of the damage which hackers could inflict. The US DoD now has a team of specialists trained to hunt down hackers and, whenever possible, to prosecute them. The DoD recorded 255 attacks on its networks in 1994, and over 500 assaults in 1995. A similar increase in raids is expected this year.
It took US security officials 13 months to track down one UK hacker, during which time he is alleged to have penetrated 69 US Government and Lockheed Martin computers. One of the databases which he is alleged to have accessed contained information supplied by US agents operating in North Korea during the nuclear crisis.
Another example, published in the UK's Independent newspaper in November 1994, highlighted the vulnerability of supposedly secure telecommunications. The article reveals how a hacker had been able to gain access to thousands of top-security numbers, many of which where not even listed on British Telecom's ex-directory records.
Numbers included those of 10 Downing Street, GCHQ (the UK Government communications centre at Cheltenham), and the USA's electronic-listening centre at Menwith Hill in Yorkshire.
INADEQUATE SAFEGUARDS
The hacker also supplied detailed information on command-and-control centres and missile- launch sites. It is understood that the Cincinnati Bell Customer Services System database did have internal safeguards, but they proved to be inadequate once the hacker had gained the correct security-code clearances. Other hackers have caused tens of thousands of pounds worth of damage by the use of viruses. Viruses work by invading and corrupting a computer's hard-disk storage.
The threat to computer users, be they military or commercial, who link their machines remotely by conventional means is a real one. Military establishments the world over, have recognised the potential threat and are, now taking major actions to protect themselves. At the same time, they are developing new methods of warfare which, in the very near future, could result in a war being started and finished in seconds - the higher the technological base of a nation, the easier it could be to defeat them.
A simple chemical reaction released the power of the nuclear age: a simple computer code could shape the technology age.
Source: Flight International