Completing Dahl: Short Stories
Crossing Over: Secret Invasion

"On Information Warfare" (1996)

CryptologInformation Warfare poses the greatest threat to the national security of the United States. Our society today, whether it be in the defense or the public sector, is becoming more technologically dependent. The immediate need for information and information systems to make decisions, to communicate, or to simply survive as a culture has exponentially grown during the last 40 years.

Reliance on these expanding information systems has increased our vulnerability as a nation and analysts in the Intelligence Community are ill-prepared to deal with this new "War of Future."

Our political and military leaders have always relied on information to plan and fight traditional battles, but the technological dependency from which our nation suffers has made us more vulnerable to our adversaries. The "Information Age" in which our country finds itself today has led to the belief that all future wars will be information wars, and the winner will be the nation that achieves information superiority over its adversaries. That superiority is reflected in both an offensive (attack and/or exploit) and a defensive (protect) venue.

Which leads to the question of how to define Information Warfare (IW)?

No one appears to have a concise, clear-cut answer, and if one were to ask 50 different people that question, 50 different definitions would be supplied. The updated draft of Department of Defense Directive 3600.1 (originally drafted in December 1992) defined IW as "actions taken to achieve information superiority by affecting adversary information, information-based processes and information systems while defending our information, information-based processes and information systems." (However, not all members of the Intelligence Community [IC] could agree on the definition, and the phrase "computer networks" is to be added.)

Part of the confusion in defining IW is that people try to fit IW into existing terminology and concepts, and do not accept the fact that IW is something new. The commonly held belief that IW and command-and-control warfare(C2W) are interchangeable is a misconception that, unfortunately, is held by a large portion of IC analysts. The definition of C2W is divided into the disciplines of attack, exploit and protect. While C2W is a subset of IW, its disciplines are not encompassing of IW. In order to update the concept of IW, it has been divided into the following: Information Engagement (destroy and disrupt); Information Control (corrupt, deny, and deceive); and Information Assurance (defend and protect).

GraphicIW includes components such as jamming/interference, physical destruction, disinformation, deception, intelligence operations, computer intrusion, and viruses/malicious codes. What analysts sometimes fail to realize is that all information systems must be considered as targets for IW, although computer systems are the most likely target, especially in the United States, where computers run our nation's infrastructure and economy.

[The remainder of the article is redacted, except for the illustration reproduced (right) and the paragraph below.]

The main point is that an IW attack can come from anywhere in the world, whether it be initiated by groups or individuals, during peace or wartime. The motivation for an attack can be based on the need for recognition, political, economic, or military gain. At this time, the IC is focusing on state-sponsored attacks or plans. However, one can not overlook the individual ;hacker who has been hired by a foreign government to initiate an IW attack. The Internet has also become a vast resource of knowledge with hacker bulletin boards posting the latest "how to break in" information. Nonstate actors, such as terrorist groups, drug-traffickers and political dissident groups, have begun using the Internet as a source to gain worldwide sympathy, supporters and funds, as well as to pass secure communications to their counterparts around the world. Pirated software can also be acquired through connections on the Internet, including several encryption software packages.


Reproduced from the National Security Agency's Cryptolog: The Journal of Technical Health (Vol 22, No. 2 / Summer 1996 - Declassified 2012).