New Info-War Doctrine Poses Risks, Gains
The Pentagon wants to hit its enemies with four-dimensional cyber-war, but fears that its rear flank is exposed to enemy hacker attacks
Pentagon officials are hoping to win future wars by waging 21st-century "four-dimensional cyberwar," but fear they will be hamstrung by computerized sabotage of the nation's phone network, electrical-power grid and computerized banking system.
"We are not prepared for an electronic version of Pearl Harbor.... Our [electronic] infrastructure is not safe and not secure," said Robert Ayers, chief of the information-security center at the Defense Information Systems Agency, Arlington, Va.
The new post-Cold War plans - officially termed Information Warfare by the Pentagon-are being elevated into national policy as White House officials struggle to complete a classified Presidential Review Directive.
To support the directive, CIA officials are preparing a formal National Intelligence Estimate of possible threats facing the nation's - electronic infrastructure - the future Information Superhighway promoted by Vice President Al Gore. These threats include computer-hackers paid by foreign states and gangs, say officials.
the 21st Century
The Information War doctrine is the Pentagon's emerging blueprint for war in the information age. It seeks to go beyond industrial warfare where mass-produced weapons cause mass-destruction. Instead, Information Warfare is touted as a way to reshape a foreign country's hostile policies and-if a war does break out-to prevent the enemy from using his weapons effectively. "You can stop a war before it starts.... We think we have a paradigm shift here," said Col. Mike Tanksley, head of the Army's information warfare center in Fort Belvoir, Va.
These ambitious goals are to be achieved by subverting, reshaping, jamming or blocking information used by foreign leaders, populations and military forces, while protecting the information used by the United States' leaders, citizens and soldiers.
The doctrine urges action in peace and war against government, military, commercial and civilian targets. Its tools are deception, secrecy, electronic warfare, physical destruction, psychological warfare and intelligence, and its broad reach makes the doctrine "bigger than all outdoors," said Tanksley.
In wartime, Information Warfare tactics include physical attacks on enemy command centers, psychological attacks on enemy populations, deception of political leaders, and electronic jamming of an enemy's telephone networks. For example, the U.S. Air Force has deployed four C-130 Commando Solos designed to broadcast television and radio programs. In the future, such psychological warfare efforts could be waved via the new Direct Broadcast Satellites, said one official.
In peacetime, foreign targets will be hit by U.S. diplomacy, propaganda and covert-intelligence operations, say officials. Efforts to influence foreign populations and leaders are similar to "global improvisational theater," said Charles Williamson, an expert on psychological operations in the Pentagon's special operations directorate. Such operations "are going to be very important as to whether we achieve our national security goals," he said.
Each of the military services are also creating new centers to develop doctrines and technologies for Information Warfare under the supervision of the Pentagon and the military-run Joint Staff. Intelligence agencies, including the National Security Agency and the CIA, are also working aggressively, say government officials. "I see more joint efforts [in Information Warfare] than anywhere. We all look under each others' skirts," said Capt. R.J. Calderella, director of the Navy's information warfare office in the Pentagon.
The Information War plans have already begun to boost the services' demand for high-tech computer technology, information-security systems, database-manipulation software, as well as a variety of "information-weapons," such as airborne television-studios, electronics-destroying pulse weapons and persistent computer-viruses.
Doctrine Is a
But the ambitious Information Warfare plans will likely be hampered by a variety of problems, including the vulnerability of the nation's electronic infrastructure to foreign attacks, say officials.
"We now have to worry," said Col. Doug Hotard, chief of the Pentagon's information warfare office. "There is not much that goes on in the civil sector that does not impact military readiness.... [It is] a very difficult problem," he said Dec. 8 at an Arlington, Va., conference organized by the Technical Marketing Society of America.
For example, 95 percent of DoD communications are sent via the public telephone networks, he said. So "we are concerned about the defense of [the phone network] although we are not responsible. In the future... we will be working closely with industry" to boost defenses, he said. But the public outcry against the Clipper chip-developed by the NSA to ease judicially-approved review of private data-shows how politically difficult it is for the Pentagon or the government to get involved in civilian areas, such as the security of financial data.
Even the protection of the DoD's data seems to be beyond the Pentagon's ability. The vulnerability of the Pentagon's logistics, support and medical networks was glaringly demonstrated in tests conducted this year by the Defense Information Systems Agency, said Ayers. Using computer-cracking tools available to any Internet user, DISA experts attacked 9,000 DoD computers, successfully hacking into 88 percent of them, he said.
Worse still, only 4 percent of the successful attacks were ever detected by the DoD organization that operates the computer system, he said. Even then, only 5 percent of the organizations that noticed the attack ever reacted, he said.
The poor quality of the Pentagon's defenses and reactions are partly to blame for an estimated 300,000 attacks made on DoD computer systems, he said. Hackers have successfully compromised at least 350 DoD computer systems this year, he said. "Today we are engaged in Information Warfare on a full-time basis. We don't know who our enemy is, and we are losing," Ayers concluded.
These threats extend beyond the military networks. For example, the threat of sabotage has also driven the banking industry-in cooperation with the Treasury Department - to erect extensive defenses, says Kawika Daguia, a spokesman for the Washington-based American Bankers Association. "If somebody cuts your phone line or the power grid goes down, we want the system to be up and functioning," he said.
The electric power grid is kept operating via computerized control systems built by local utilities, said Gene Gorzelnik, a spokesman for the North American Electric Reliability Council, based in Princeton, N.J. The control system-dubbed the Supervising Control And Data Acquisition system-is maintained by each of the utilities, he said.
To ensure continued operation of its phone networks, AT&T relies on multiple communications links, automated reaction to problems, and stringent protection of its computerized switching stations, according to Dan Lawler, an AT&T network-security specialist.
The Pentagon's nightmare is an electronic Pearl Harbor-a determined attack on these networks by hackers working for an enemy country. Skilled hackers could use international communications networks to penetrate and disable the computer systems that keep these networks operating, Information Warfare proponents say.
A variety of organizations exist to promote the security of these networks, but greater inter-agency and government-industry cooperation is needed, said officials. The policy directive being prepared in the White House may foster greater cooperation, they said.
Other problems impeding the Pentagon's Information Warfare efforts include:
Skepticism-There are plenty of officials who regard the doctrine as a fashionable means to justify existing Cold War weapons programs, or a buzzword without form or substance. No amount of Information Warfare will remove the Serbs from Bosnia-only an infantryman with air support can do the job, one official said. But Information Warfare proponents such as Tanksley acknowledge the doctrine works best when used alongside the weapons and strategies used to destroy the Iraqi military.
Legal Problems-The Pentagon has very limited legal roles in the protection of the telephone system, power grid or banking networks. It has no role in protecting American citizens from foreign propaganda, nor can it wage Information Warfare in peacetime, except under very narrow circumstances.
Cultural Conflict-Strait-laced military officials have to become more comfortable with civilian cultures if they are to wage Information Warfare. For example, one Air Force general derided as a "geek ... with a pocket protector" is a civilian scientist whose work unmasked a gang of German hackers working for the KGB intelligence service.
Intelligence Demands-Officials will need very precise technical data on enemy information-technology and an excellent understanding of foreign motivations, said officials. "It is the biggest challenge to intelligence since nuclear weapons," said Tanksley.
Poor Equipment-For example, the weak transmitters in the Air Force's Commando Solo aircraft prevent their aircraft from broadcasting TV or radio signals from outside the range of Serbian air defenses, according to Williamson. But the department is developing a variety of Information Warfare weapons in highly classified "black" programs, said one intelligence official.
Commercial Technology-Although cheap, commercially developed software contains flaws that can be exploited by hackers, said Hotard. "The more we use these [commercial] high-tech information-systems... the more vulnerabilities we incur," he said.
Career Paths-If the military is to improve its capabilities, it must provide promotion opportunities for soldiers expert at Information Warfare techniques. Dubbed Information Warriors or Combat Software Engineers, such well-trained soldiers are needed to work alongside civilians, said officials.