Common Strategy US-EU On Information Warfare

 

By Silviu Craescu.

 

                                                  

           Pentagon officials and defense analysts have a new topic to add to their list of post–Cold War concerns: information warfare (IW), cyber war and ,,lack” of informations. The term refers to the use of information systems—computers, communications networks, databases – for military or political advantage, either by the United States or by  an sponsor actor state unfriendly of US.

The United States is potentially vulnerable to IW attack. The United States, in civilian as well as military matters, is more dependent on electronic information systems than is anyone else in the world.  The possibility that computer and communications system to be target of an hostile parties—countries action, terrorist groups, religious sects multinational corporations, and so on could attack civilian information systems directly, is very high. Attacking these systems could be easier, less expensive and certainly less risky than, say, sabotage, assassination, hijacking or hostage-taking, and a quick cost-effectiveness calculation may make IW an aggressor’s strategy of choice.The United States should  be able to develop new military strategies using IW in the conditions of new Cold War, like European Union develop his strategy for combat information warfare and to implemented the security in communications field. Cybernetic security, terrorism, and critical information infrastructure – new challenges for the management of security culture and the European geopolitical space. The objectives of the European Union in the new global context.

            On the 30th of March 2009, the European Commission issued a communiqué regarding the protection of critical information infrastructure (“Protecting Europe against large-scale cyber-attacks: improving the degree of preparation, security, and resilience”) by which it established a plan (“the plan of action concerning the protection of critical information infrastructure”) for consolidating the security and resilience of vital information technology and communications infrastructure. Its aim was to stimulate and support the development of a high level of response, security, and resilience capacity on a national and European level. This approach was largely approved by the Council in 2009. The plan of action concerning the protection of critical information infrastructure is built on five pillars: preparation and prevention; spotting and reaction; risk reduction and recovery after incidents; international cooperation; and the criteria for the critical European infrastructure in the sector of information technology and communications. It establishes the measures to be taken with respect to every pillar by the Commission, member states and/or industry, with the support of the European Union Agency for Network and Information Security (ENISA).

            The digital agenda for Europe, adopted in May 2010, and the associated conclusions of the Council have underlined the common vision according to which confidence and security are fundamental preliminary conditions for using on a wide scale information technology and communications and for achieving thus the objectives concerning the dimension of “intelligent growth” of the Strategy Europe 2020. The digital agenda for Europe underlines the necessity that all interested parties unite their forces in a global effort in order to guarantee the security and resilience of information technology and communications infrastructure by emphasizing prevention, degree of preparation, and sensitivity, as well as to develop efficient and coordinated mechanisms in order to react to the increasingly sophisticated forms of attacks and cyber crimes.This approach guarantees that the preventive, as well as the reaction dimensions are challenges which are taken seriously.

            The Commission has adopted in September 2010 a directive proposal regarding the attacks on information systems. It concerns the consolidation of the fight against cybernetic attacks by better cooperation between the criminal law systems of member states and between judicial authorities and other competent authorities. Moreover, the proposal introduces some dispositions regarding the ways of fighting new forms of cybernetic attacks, namely botnets. At the same time the Commission forwarded a proposal for a new mandate of consolidation and modernization  of the European Union Agency for Network and Information Security (ENISA) in order to increase networks’ degree of reliability and security. The consolidation and modernization of ENISA will allow the European Union, member states, and interested parties from the private sector to develop capacities and training to prevent, detect, and approach challenges pertaining to information security.

             Moreover, the digital agenda for Europe, the Stockholm program/its plan of action, and EU’s Strategy of internal security in action underlines the Commission’s commitment to construct a digital environment in which all Europeans could express their full economic and social potential. This is why security culture involves cyber security, but at the same time involves proactive solutions for using human potential and community democratic participation, which could discourage security threats. The communiqué of the European Commission reviews the results that have been achieved since the adoption of the plan of action in what concerns the protection of critical information infrastructure. It describes future expected measures for each action both at an European and at an international level and it focuses at the same time on the global dimensions of the challenges and importance of increasing cooperation between the national administrations of member states and the private sector on national, European, and international levels, in order to handle global interdependencies.

           The global geopolitical dimension of these threats is becoming increasingly clear. We are experiencing in the present a tendency to use information technology and communications in order to achieve political, economic, and military supremacy, including through offensive capabilities. “Cybernetic warfare” and “cybernetic terrorism” are sometimes mentioned in such contexts.

           Moreover, as shown by the recent events in the Southern Mediterranean region, some regimes are ready and capable to forbid or undermine arbitrarily the access of their own citizens to informatic means of communication – especially the Internet and mobile communications – for political reasons. Such unilateral internal interventions could have severe consequences on the rest of the world.

           Information technology is a U.S. strong suit, and military force could use this know-how to improve  defense capabilities,  against hostile attack and to defeat any aggressors—and to accomplish both missions at the lowest possible cost.

U.S. military planners are already taking the first steps in this direction.

But consider some of the scenarios that the Department of Defense has studied:

  • Approximately 95 percent of all military communications are routed through commercial lines. U.S. troops depend on these communications; in some cases, even highly sensitive intelligence data is transmitted in encrypted form through commercial systems. Although hostile countries may not be able to intercept and decipher the signals, they might be able to jam the civilian links, cutting off U.S. forces or rendering useless numerous intelligence

systems costing hundreds of millions of dollars.

  • The United States buys most of the microchips used in military systems from commercial vendors, many of which are located in foreign countries. The chips are dispersed throughout a variety of weapons and perform a range of functions. Some experts are concerned that someone might tamper with these chips, causing the weapons to fail to perform when needed.
  • One lesson of Operation Desert Storm is that it is unwise to provoke a full-scale conventional military conflict with the United States and its allies. A more subtle alternative might be to send several hundred promising students to school to become computer experts and covert hackers. Such a cadre could develop the training and tactics to systematically tamper with U.S. government and civilian computer systems. But unlike pranksters, they would play for keeps, maximizing the damage they cause and maintaining a low profile so that the damage is hard to detect.
  • Some strategic thinkers believe that “economic warfare” between countries is the next area of international competition. This may or may not be so, but it is possible for government experts skilled in covert action, to assist their countries’ industries by well-designed dirty tricks. For example, a bogus “beta tester” could sabotage the market for a new software product by alleging on an Internet bulletin board that the prerelease version of the program has major problems.
  • Modern military aircraft, such as the B-2 bomber and F-22 fighter, are designed without a single blueprint or drawing.

          Rather, they use computer-assisted design/computer-assisted manufacturing (CAD/CAM), in which all records and manufacturing instructions are maintained on electronic media and shared on a closed network. This makes it possible for plants across the country to share databases and to manufacture components that fit together with incredible precision. But it also makes these programs dependent on the reliability and security of the network, which might be compromised by an insider with access.

  • Like many large-scale industrial operations today, the military  uses “just-in-time” methods for mobilization. That is, to cut costs and improve efficiency, the military services trim stockpiles of spare parts and reserve equipment to the minimum, and they use computers to make sure that the right part or equipment is delivered precisely when needed to the specific user.

          Virtually all communications systems are computer-controlled. Virtually all aircraft and land vehicles have computer-based components.

          Most transportation systems—aircraft, railroads, urban transit—are directed by remote communications and computers. Thus, virtually all of these civilian systems are also vulnerable to IW attack and could become targets to unfriendly parties.

          The U.S. advantage is in information technology—intelligence, communications, precision-guided munitions, night vision equipment, stealth technology, and electronic countermeasures. As a result, the United States and its coalition partners were well-coordinated and could adjust their operations in real time, whereas Iraqi forces were isolated, disorganized, and blind. It’s unlikely future foes will repeat Iraq’s mistakes and permit opponent to claim “information superiority” on the battlefield. Indeed, a country or organization with even a rudimentary knowledge of IW could take countermeasures that can greatly reduce the U.S. advantage. Also, because the U.S. advantage could be potentially hard tested and reduced it will be necessary to monitor the changing IW threat and develop new methodes.

          Dealing with the IW threat and especially with aggressive attackers who use IW as their main weapon against US, in the case of vital military communications links and computer systems, it may be possible to build hardened “point defenses,” taking extra steps to thwart attackers. These could include, for example, building dedicated transmission lines for communications, isolating critical computers from all outside networks, and using hardware and software security systems that might be excessively expensive or inconvenient for commercial use but which are necessary for defense vital informational system.

What Next?

Recent Articles