27 April 2006
Source: Hardcopy Defense Intelligence Journal.
Defense Intelligence Journal; 5-1 (1996),13-23
Kenneth A. Minihan
Lieutenant General Kenneth A. Minihan, USAF, is the Director of the National Security Agency. He entered the Air Force in 1966 from the Florida State University Reserve Officer Training Corps program, having received a Bachelor of Arts Degree in Political Science. He received a Masters of Arts degree in National Security Affairs from the Naval Postgraduate School and has attended the Air Command and Staff College, the Air War College and the program for Senior Executives in National and International Security at Harvard University. His career has included increasingly responsible assignments in the Air Force, the Defense Intelligence Agency and National Security Agency.The views expressed in this paper are those of the author and do not reflect the official policy or position of the US Government.
The defensive component of information warfare integrates a number of disciplines to protect information and information systems. Physical security, electronic security, operations security, counter psychological operations, and counter deception play major roles. However, the critical defenses against intelligence exploitation and information denial, destruction, and degradation are supplied by information systems security. Our command, control, communications, computing, and intelligence networks depend on this discipline for security and resilience throughout the conflict spectrum. Information systems security also has a key role to play in ensuring that information-dependent support and weapon systems, including communications and navigational satellites, cruise missiles, and future aircraft, can function effectively in information warfare environments.
Information systems security depends heavily on cryptology. As the nation's cryptologic organization, the National Security Agency (NSA) plays a vital role in the U.S. defensive information warfare effort through its work in safeguarding our signals, information systems, and data bases. This role will expand as defensive information warfare begins to generate significant requirements for NSA's other key cryptologic function, signals intelligence. Defensive information warfare can be expected to significantly affect intelligence requirements, the future development of information systems security, and the way the nation's cryptologic team does business.
Intelligence and information systems security have always complemented each other. Intelligence gives us an information advantage over our adversaries and competitors. Information systems security prevents others from gaining a comparable advantage over us. The two functions serve as the offensive and defensive squads of a team dedicated to a single goal -- information dominance for the United States.
In the future, however, intelligence and information systems security will be more than complementary -- they will become integral to each other. We are entering a time when the effectiveness of information systems security will depend, as never before, on intelligence, and the effectiveness of intelligence will depend, as never before, on information systems security. This integration will be driven by the threat that has emerged as the down side of the information age -- the threat of information warfare.
Our Information Infrastructure Is at Risk
In the space of a decade the nation has become increasingly dependent on networked information systems to conduct essential business, including military operations, civil government, and national and international commerce. Networking has become a prime component of our competitiveness as a nation, making the information infrastructure that supports it a center of gravity for our national power.
The networking of America has national security implications that are only now beginning to be widely recognized. Our ability to network has far out paced our ability to protect networks, and the increased efficiency of networking has come at the price of increased vulnerability of data and systems to attack. Information in unprotected or poorly protected networks can be accessed, changed, or destroyed. Unprotected systems can be controlled, damaged, or shut down. Through global interconnectivity, targeted systems can be accessed and attacked from almost anywhere in the world.
Employed on a large scale against a nation heavily reliant on unprotected networks, these techniques have the potential to inflict some disruption on military readiness and the economy. We are both heavily reliant and somewhat unprotected. At their current stage of development, our Defense and National Information Infrastructures offer minimal defense against unauthorized access and abuse. Ironically, even as our conventional defenses have achieved unprecedented effectiveness, networking has offered our adversaries a way around them. It has opened a path to our heartland over which an attacker, committing only modest resources, could achieve wide scale disruption -- the information age equivalent of the Pearl Harbor attack.
The full potential of information warfare has yet to be demonstrated operationally. How do we know that our infrastructure is vulnerable to this type of attack? We know both through test attacks conducted against our own defense networks, and through clear evidence that our vulnerabilities are being exploited today.
Tests conducted recently by the Defense Information Systems Agency (DISA) demonstrated the vulnerability of DoD unclassified logistics, support, and medical networks. Using widely available techniques, DISA experts attacked nearly 10,000 DoD computers, successfully gaining access to 88 percent of them. Only four percent of the successful penetrations were detected by the organizations under attack. Of those organizations detecting attacks, only five percent reacted. Overall, during these tests only one in roughly a thousand successful attacks drew an effective defensive response. Based on these results and the current level of reported security incidents, the number of penetrations of DoD systems last year, including those undetected or unreported, has been estimated in the hundreds of thousands.
There is ample evidence that the vulnerabilities noted in DISA's testing have been found and exploited by real-world attackers. Last year, more than 250 unclassified DoD computer systems were known to have been penetrated by outsiders. Functions supported by these systems included weapon and supercomputer research, logistics, finance, procurement, personnel management, payroll, and military health systems. The incidence of such attacks is escalating and the number is projected to double this year.
Some examples help demonstrate the scale of these activities. Administrators of one Pentagon system suspected they had a minor security problem with intrusion attempts over the Internet. When user access was monitored, 4,300 unapproved intrusion attempts were detected during the first three months of the monitoring effort. Administrators of another system stumbled onto what they thought was a high school hacker. When the system was monitored for access, it was found that hackers from 14 different countries were attacking the system.
The networked systems serving the rest of the Federal government and the private sector are at least equally vulnerable. Known targets have included financial systems, payroll systems, personnel records, industrial research and development information, and tax files. One recent press report estimated u.s. losses from computer crimes via the Internet within the past year alone at $5 billion.
The demonstrated vulnerabilities of our information technology entail a potential vulnerability to economic disruption on a massive scale. The phone system, the banking, credit, and Federal Reserve systems, the stock exchanges, the power distribution system, the air traffic control system, public safety, and law enforcement all depend heavily on networked information systems. These functions are all potentially vulnerable to network-based attack and disruption.
Summarizing, the scale of networking in the United States and the degree to which we rely on information technology to carry out essential functions make us highly vulnerable to information warfare attacks. The technology to exploit our vulnerabilities exists now. It is known to have been used against a broad range of targets, and it is highly probable that the known attacks constitute only a small fraction of the total activity. The U. S. information infrastructure is indeed at risk.
The Role Of Intelligence In Information Systems Security
Earlier it was emphasized that in the information warfare environment the effectiveness of information systems security will depend increasingly on intelligence, and the effectiveness of intelligence will depend increasingly on information systems security. Let us return to those themes in greater detail.
Information systems security's increasing dependence on intelligence stems from the profound changes it has undergone in adapting to networking. In the pre-network era of dedicated circuits, security meant protecting the confidentiality of information while it was being transmitted. In the networked environment, information systems security includes not only confidentiality but protection of systems from viruses and other attacks intended to deny service, protection of data from alteration or destruction, and assurance that data exchanges are originated and received by valid participants.
This is clearly a more active concept than simply encrypting information for transmission. Providing security in a large-scale information warfare scenario may involve sealing off or restricting access to critical segments of the infrastructure, either cryptologically or physically, with the specific actions taken tailored to the specifics of the attack. In this environment information systems security will need help from intelligence. In particular, it will ask intelligence two questions that sound simple but aren't. These are: Are we under attack, and, if so, by whom?
These questions would present little problem in more familiar scenarios, particularly for an intelligence system optimized over a period of four decades against the threats of a large-scale conventional attack in Europe and a strategic nuclear exchange. But information warfare is new, and we have barely begun to consider the intelligence requirements it will bring.
Are we under attack? The DISA test cited earlier attacked 10,000 DoD computers and drew only a handful of sporadic, apparently unrelated detections. How far could a strategic-level campaign, conducted across the entire information infrastructure, progress before it was recognized for what it was?
Who is attacking us? Unlike nuclear, conventional, chemical, or biological warfare, information warfare requires little telltale infrastructure. Information warfare forces are highly mobile, with individuals or small teams equipped with laptop computers capable of launching attacks from any point on the global network. Above all information warfare is cheap, putting information warfare capability within reach of most nations and many terrorist groups. These factors give information warfare a substantial degree of plausible deniability. Bringing force to bear in stopping an attack will likely be slowed by the need to determine which of our adversaries is attacking.
The information warfare battlefield is unfamiliar terrain for both information systems security and intelligence. Over the near term information systems security will need to develop a more· active defensive strategy, and intelligence will need to identifY new threats, develop new sensors, and perhaps move out into cyberspace. Information systems security will look to intelligence initially to tell us what's happening, and, later, to tell us what's going to happen as techniques to detect advance preparations for information warfare attacks begin to come on line.
What direction will information systems security's intelligence needs take over the mid to long term future? This will depend on how security technology and the nature of defensive information warfare evolve. The question leads to some interesting speculation.
While information warfare against Iraqi command and control was a component of our strategic campaign in DESERT STORM, it was conducted to a significant degree with smart munitions and iron bombs and our opponents lacked an information warfare capability. Given this model, information warfare fit relatively comfortably within our existing command and intelligence structures.
This model, however, will not last indefinitely. Both the scope and the nature of information warfare will change as our potential adversaries acquire offensive capabilities. We can expect information warfare to become global in scope and increasingly focused on logical weaponry, and these developments will influence how we organize to fight it.
These new offensive weapons will give our adversaries the capability to launch attacks against the U.S. information infrastructure from virtually any point on the globe. Such attacks would be difficult to stop using our current geographically-based command structure and traditional weaponry. Cyberspace provides a vast and borderless hiding place into which to deploy information warfare weapons days, months, or years in advance of an attack. It will likely become increasingly difficult to isolate and neutralize an opponent's offensive information warfare capabilities using hard kill techniques against targets within the opponent's borders. While hard kill attacks will continue to play a significant role in information warfare, it is possible that the global byteways of cyberspace will become information warfare's primary battlefield and logic its primary weapon. Like outer space in the 1960s and 1970s, cyberspace may emerge as a distinct Area of Responsibility with its own weapons, tactics, and intelligence requirements.
What will these new intelligence requirements look like? The answer will depend in large part upon the defensive capabilities we are able to field. Funding for defensive information warfare capabilities in recent years has lagged that for offensive programs by orders of magnitude. While we have developed techniques to provide for data integrity, authentication of users, non-repudiation assurance, confidentiality of data, and availability of service, deployment of these techniques has been constrained by resource limitations, leaving gaps in our defenses. Further, these techniques at present provide minimal capability to detect and actively counter sophisticated information warfare attacks.
For now, given the current state of information systems security technology, defensive information warfare requires relatively modest intelligence support. This will change with the advent of more responsive and proactive information systems security techniques. As we begin to field capabilities permitting the conduct of active defensive operations in cyberspace, our intelligence organization for information warfare will need to support coordination between offense and defense and effective information warfare battle management. Looking to the future, new defensive information warfare concepts and capabilities will generate major new demands on the intelligence system.
The Role of Information Systems Security in Intelligence
Even as information systems security becomes more dependent on intelligence, intelligence will come to depend increasingly on information systems security. As our nation moves further into the information age, secure networking technology will be a key enabler for the Intelligence Community and DoD in the areas of analysis, fusion, and dissemination. Secure networking will permit new analytic processes in which analysts from across the Community communicate, share data, and bring resources to bear on high-priority problems in real time. Secure networking will permit both analysts and their customers to quickly fuse products from many sources into an integrated intelligence picture. Finally, secure networking will revolutionize the dissemination of intelligence to the warfighter, the diplomat, and other key customers. In essence, this technology will make the organizational structure of the Intelligence Community transparent. It will enable the Community to move beyond its traditional stovepipes and function as a seamless, integrated, highly responsive virtual organization.
Providing security for networked systems presents an unprecedented challenge. In the past, classified information moved over dedicated circuits and was stored and processed by standalone computers. To fully utilize the capabilities of networked systems, users need the ability to manage and distribute data of different security sensitivities over common, public-switched networks. The cornerstone of DoD's effort to provide multilevel security for the Defense Information Infrastructure is the Multilevel Information Systems Security Initiative (MISSI). MISSI includes a number of ongoing and planned efforts to make available products and services for workstations, local area networks, and wide area networks. These will serve as common building blocks that can be combined to provide tailorable security capabilities according to individual users' needs. MISSI will also provide products and services for common network security management. Working in integrated architectures, MISSI products will protect data from unauthorized disclosure and modification, identify and authenticate system users, control access to data and systems, and verify the originators of incoming messages. MISSI will provide information systems security for the Defense Message System and for much of the INTERLINK system as well.
The first high-volume product within the MISSI architecture is the FORTEZZA cryptographic card. The FORTEZZA card is a hardware-based encryption product. It is the size of a thick credit card and plugs into its host platform, such as a desktop or laptop computer or a digital personal communications device, using the international commercial standard PCMCIA interface. FORTEZZA secured applications include electronic mail, electronic commerce and electronic data interchange, file transfer, file storage, remote database access, World Wide Web browsers, and remote identification and authentication. The first generation of FORTEZZA cards, intended for use with unclassified but sensitive information, went into production over the past year. The next phase will be to provide security for applications with classification levels up to secret.
Unfortunately, in today's networked environment connection to anything means connection to everything, and our efforts within the national security community, while necessary, are not sufficient. The Defense Information Infrastructure relies on the public switched networks of the National Information Infrastructure to carry over 95% of its communications. From an information warfare perspective, attacks against a relatively unprotected National Information Infrastructure could degrade the operation of even a well-protected Defense Information Infrastructure, hampering the production and dissemination of intelligence.
NSA is working with the National Institute for Standards and Technology to help develop network security standards for federal government networks outside the national security community. Neither of these agencies is presently chartered to comprehensively address protection of the private sector systems that comprise much of the National Information Infrastructure and upon which the Defense Information Infrastructure and all other government networks increasingly depend. NSA is supporting the Information Infrastructure Task Force and the Security Policy Board as they work to develop policy in this area.
Progress has been slow to date. The civil government, private industry, and a significant segment of the public are extremely wary of expanding national security community influence in national information systems security policy. For these users, information systems security is a cost of doing business with a quantifiable expected value. Like insurance, it is expected to provide protection against a set of anticipated risks at a reasonable cost. For national security users, the protection of information has intrinsic value. The cost of compromise is difficult to quantifY monetarily, and in some instances is measured not in dollars but in lives. National security users have traditionally tended to avoid rather than manage risk, adopting standards of protection most private sector users would regard as far in excess of their needs. Private sector users are anxious to avoid mandates requiring them to adopt "gold-plated" information systems security standards.
The broad outline for a reasonable division of responsibility for information system security is in sight. Just as private sector organizations provide their own security against theft and other low-level threats, they should handle their own point defense in cyberspace against hackers and other low-level, unstructured threats. Low cost solutions exist for the majority of threats these organizations face, and they are in the best position to balance cost against risk. At the other end of the spectrum, defense against attacks against strategic targets or cumulative attacks against the National Information Infrastructure are clearly a national security responsibility, and will require government action coordinated with both private sector and international organizations. Between these two clearly defined poles lie broad zones of potential collaboration between government and industry to deaL with intermediate level threats.
National policy in this area is still formative. Government needs to establish a framework for progress. We need to speed the growth of national awareness and accelerate policy development for the information age, recognizing that the technology to inflict potentially catastrophic damage through information warfare exists now.
Conclusion
The partnership between intelligence and information systems security will become more critical than ever in preserving information dominance for the United States as the information age unfolds. As information systems security and defensive information warfare move from a passive to a more active posture, intelligence will become increasingly· critical to their success. As networking improves the production of intelligence and revolutionizes its distribution, information systems security in its broadest sense -- confidentiality, authentication of senders and recipients, data integrity, and availability of service -- will be one of the intelligence community's key enabling technologies.
US information warfare strategy needs to encompass not only powerful offensive capabilities but a highly robust and sophisticated defense and a wide-ranging intelligence effort as well. Defensively, we rely today on passive point defenses for information systems security, permitting attackers to concentrate efforts against weak links at will. We should begin to work toward a layered defense, supplementing close-in protection with active logical methods of detecting and engaging incoming attacks in cyberspace. To employ such capabilities, we will need warning and targeting intelligence for information warfare at levels of detail and timeliness comparable to those achieved for conventional and nuclear warfare. Information warfare poses a strategic risk of military failure and catastrophic economic loss. It belongs on the short list of key priorities for the Department of Defense and the Intelligence Community.
HTML by Cryptome.