CYBER TERROR
BLACKOUT NOT AN ATTACK BUT A WARNING


CLICK HERE TO READ THE 8/20/03 STORY ON NEWSMAX.COM

Strategic Information Warfare:  A New Face of War     
Roger C Molander, Andrew S. Riddile, Peter A. Wilson
Preface

This report summarizes research performed by RAND for the Office
of the Assistant Secretary of Defense (Command, Control,
Communications and Intelligence).  The objective of this effort
was to garner perspectives on a broad range of potential
national security issues related to the evolving concept of
information warfare, with a particular emphasis on the defensive
aspects of what is characterized in the report as "strategic
information warfare."  The study was undertaken in recognition
that future U.S. national security strategy is likely to be
profoundly affected by the ongoing rapid evolution of
cyberspace--the global information infrastructure--and in this
context by the growing dependence of the U.S. military and other
national institutions and infrastructures on potentially
vulnerable elements of the U.S.  national information
infrastructure.

This report should be of special interest to those who are
exploring the effect of the information revolution on warfare.
It should also be of interest to those segments of the U.S. and
broader international security community that are concerned with
the post-cold war evolution of military and national security
strategy, especially strategy changes driven wholly or in part
by the evolution of, and possible revolutions in, technology.

The research reported here was accomplished within the
Acquisition and Technology Policy Center of RAND's National
Defense Research Institute, a federally funded research and
development center sponsored by the Office of the Secretary of
Defense, the Joint Staff, and the defense agencies.  It builds
on an earlier and ongoing body of research within that center on
the national security implications of the information
revolution.

Summary

We live in an age that is driven by information.  Technological
breakthroughs . . . are changing the face of war and how we
prepare for war.  --William Perry, Secretary of Defense

Information Warfare and the Changing Face of War

Information warfare (IW) represents a rapidly evolving and, as
yet, imprecisely defined field of growing interest for defense
planners and policymakers.  The source of both the interest and
the imprecision in this field is the so-called information
revolution--led by the ongoing rapid evolution of cyberspace,
microcomputers, and associated information technologies.  The
U.S. defense establishment, like U.S. society as a whole, is
moving rapidly to take advantage of the new opportunities
presented by these changes.  At the same time, current and
potential U.S. adversaries (and allies) are also looking to
exploit the evolving global information infrastructure and
associated technologies for military purposes.

The end result and implications of these ongoing changes for
international and other forms of conflict are highly uncertain,
befitting a subject that is this new and dynamic.  Will IW be a
new but subordinate facet of warfare in which the United States
and its allies readily overcome their own potential cyberspace
vulnerabilities and gain and sustain whatever tactical and
strategic military advantages that might be available in this
arena?  Or will the changes in conflict wrought by the ongoing
information revolution be so rapid and profound that the net
result is a new and grave threat to traditional military
operations and U.S. society that fundamentally changes the
future character of warfare?

In response to this situation and these uncertainties, in
January 1995 the Secretary of Defense formed the IW Executive
Board to facilitate "the development and achievement of national
information warfare goals."  In support of this effort, RAND was
asked to provide and exercise an analytic framework for
identifying key IW issues, exploring their consequences and
highlighting starting points for IW-related policy
development--looking to help develop a sustainable national
consensus on an overall U.S. IW strategy.

To accomplish this purpose, RAND conducted an exercise-based
framing and analysis of what we came to call the "strategic
information warfare" problem.  Involving senior members of the
national security community as well as representatives from
national security-related telecommunications and information
systems industries, the exercises led participants through a
challenging hypothetical IW crisis involving a major regional
political-military contingency.  The exercise methodology, known
by the label "The Day After . . . ," had been previously used
for a variety of nuclear proliferation, counterproliferation,
and related intelligence studies.  The specific scenario chosen
for the exercise involved a turn-of-the-century conflict between
Iran and the United States and its allies, focused on a threat
to Saudi Arabia.

The exercise was conducted six times in evolving versions over
the course of five months from January to June 1995.  Each
iteration allowed for refinement of basic strategic IW concepts
and provided further insights about their national security
implications.  This process provided an opportunity to assess
and analyze the perspectives of senior participants from
government and industry regarding such matters as the
plausibility of strategic IW scenarios such as the one
presented, possible evolutions in related threats and
vulnerabilities, and the phrasing of key associated strategy and
policy issues.  It also provided an opportunity to identify
emerging schools of thought and, in some cases, a rough
consensus on next steps on a number of important strategic IW
issues.

In addition, the process yielded a badly needed multidimensional
framework for sharpening near-term executive branch focus on the
development of strategic IW policy, strategy, and goals--in
particular regarding the implications of prospective major
regional contingencies on defensive IW strategies, doctrines,
vulnerabilities, and capabilities.  It also provided a highly
useful forum for beginning to coordinate with industry on the
future direction of IW-related national security
telecommunications strategy.

As can be inferred from the above comments, the methodology
employed in this study appears to offer particular advantages
for addressing many of the conceptual difficulties inherent in
this topic.  The subject matter is very new and, in some
dimensions, technically complex, especially for individuals
typically found in policymaking positions.  The challenge of
finding techniques for efficiently accelerating the process of
basic education on the topic and its implications for national
security policy and strategy cannot be underestimated.

This report presents the results of this study.  Specifically,
the purpose of this report is to:

- describe and frame the concept of strategic information
warfare

- describe and discuss the key features and related issues that
characterize strategic IW

- explore the consequences of these features and issues for U.S.
national security as illuminated by the exercises

- suggest analytical and policy directions for addressing
elements of these strategic IW features and issues.


Strategic Information Warfare

The United States has substantial information-based resources,
including complex management systems and infrastructures
involving the control of electric power, money flow, air
traffic, oil and gas, and other information-dependent items.
U.S. allies and potential coalition partners are similarly
increasingly dependent on various information infrastructures.
Conceptually, if and when potential adversaries attempt to
damage these systems using IW techniques, information warfare
inevitably takes on a strategic aspect.

Strategic Information Warfare and Post-Cold War Strategy

Our exercise scenario highlighted from the start a fundamental
aspect of strategic information warfare:  There is no "front
line."  Strategic targets in the United States may be just as
vulnerable to attack as in-theater command, control,
communications, and intelligence (C3I) targets.  As a result,
the attention of exercise participants quickly broadened beyond
a single traditional regional theater of operations to four
distinct separate theaters of operation as portrayed in Figure
S.1:  the battlefield per se; allied "Zones of Interior" (in our
scenario, the sovereign territory of Saudi Arabia); the
intercontinental zone of communication and deployment; and the
U.S. Zone of Interior.


Figure S.1--The Changing Face of War:  Four Strategic IW Theaters of
Operation


The post-cold war "over there" focus of the regional component
of U.S. national military strategy is therefore rendered
incomplete for this kind of scenario and is of declining
relevance to the likely future international strategic
environment.  When responding to information warfare attacks of
this character, military strategy can no longer afford to focus
on conducting and supporting operations only in the region of
concern.  An in-depth examination of the implications of IW for
the U.S. and allied infrastructures that depend on the unimpeded
management of information is also required.

The Basic Features of Strategic Information Warfare

The exercises highlighted seven defining features of strategic
information warfare:


Low entry cost:  Unlike traditional weapon technologies,
development of information-based techniques does not require
sizable financial resources or state sponsorship.  Information
systems expertise and access to important networks may be the
only prerequisites.

Blurred traditional boundaries:  Traditional
distinctions--public versus private interests, warlike versus
criminal behavior--and geographic boundaries, such as those
between nations as historically defined, are complicated by the
growing interaction within the information infrastructure.

Expanded role for perception management:  New information-based
techniques may substantially increase the power of deception and
of image-manipulation activities, dramatically complicating
government efforts to build political support for
security-related initiatives.

A new strategic intelligence challenge:  Poorly understood
strategic IW vulnerabilities and targets diminish the
effectiveness of classical intelligence collection and analysis
methods.  A new field of analysis focused on strategic IW may
have to be developed.

Formidable tactical warning and attack assessment problems:
There is currently no adequate tactical warning system for
distinguishing between strategic IW attacks and other kinds of
cyberspace activities, including espionage or accidents.

Difficulty of building and sustaining coalitions:  Reliance on
coalitions is likely to increase the vulnerabilities of the
security postures of all the partners to strategic IW attacks,
giving opponents a disproportionate strategic advantage.

Vulnerability of the U.S. homeland:  Information-based
techniques render geographical distance irrelevant; targets in
the continental United States are just as vulnerable as
in-theater targets.  Given the increased reliance of the U.S.
economy and society on a high-performance networked information
infrastructure, a new set of lucrative strategic targets
presents itself to potential IW-armed opponents.


Consequences of the Basic Features

Through the course of our exercise-based analysis, we prompted
policymakers and other experts from the public and private
sectors to explore the character and consequences of these
features.  The discussion that follows summarizes our synthesis
of observations made by the exercise participants on the
characteristics and implications of these features for the
strategic IW problem.  Note that there is a "cascading" effect
inherent in these observations--each helps to create the
enabling conditions for subsequent ones.

Low Entry Cost

Interconnected networks may be subject to attack and disruption
not just by states but also by nonstate actors, including
dispersed groups and even individuals.  Potential adversaries
could also possess a wide range of capabilities.  Thus, the
threat to U.S. interests could be multiplied substantially and
will continue to change as ever more complex systems are
developed and the requisite expertise is ever more widely
diffused.  Some participants believed that the entry price to
many of the IW attack options posited could be raised by denying
easy access to networks and control systems through the
exploitation of new software encryption techniques.  Other
participants acknowledged that this might mitigate some threats
but emphasized that this approach would not remove other threats
to an internetted system by a corrupted insider (systems
operator) and/or direct physical attack.  It would also increase
the difficulty in strategic and tactical intelligence vis-a-vis
strategic IW attackers.

Blurred Traditional Boundaries

Given the wide array of possible opponents, weapons, and
strategies, it becomes increasingly difficult to distinguish
between foreign and domestic sources of IW threats and actions.
You may not know who's under attack by whom, or who's in charge
of the attack.  This greatly complicates the traditional role
distinction between domestic law enforcement, on the one hand,
and national security and intelligence entities, on the other.
Another consequence of this blurring phenomenon is the
disappearance of clear distinctions between different levels of
anti-state activity, ranging from crime to warfare.  Given this
blurring, nation-states opposed to U.S. strategic interests
could forgo more traditional types of military or terrorist
action and instead exploit individuals or transnational criminal
organizations (TCOs) to conduct "strategic criminal operations."

Expanded Role for Perception Management

Opportunities for IW agents to manipulate information that is
key to public perceptions may increase.  For example, political
action groups and other nongovernment organizations can utilize
the Internet to galvanize political support, as the Zapitistas
in Chiapas, Mexico, were able to do.  Furthermore, the
possibility arises that the very "facts" of an event can be
manipulated via multimedia techniques and widely disseminated.
Conversely, there may be a decreased capability to build and
maintain domestic support for controversial political actions.
One implication is that future U.S.  administrations may include
a robust Internet component as part of any public information
campaign.

Among participants, there was no support for any extraordinary
maneuver by the government to "seize control" of the media and
the Internet in response to a probable IW attack.  Rather, there
was an acknowledgment that future U.S.  administrations might
face a daunting task in shaping and sustaining domestic support
for any action marked by a high degree of ambiguity and
uncertainty in the IW realm.

Lack of Strategic Intelligence

For a variety of reasons, traditional intelligence-gathering and
analysis methods may be of limited use in meeting the strategic
IW intelligence challenge.  Collection targets are difficult to
identify; allocation of intelligence resources is difficult
because of the rapidly changing nature of the threat; and
vulnerabilities and target sets are not, as yet, well
understood.  In sum, the United States may have difficulty
identifying potential adversaries, their intentions, and their
capabilities.  One implication of this is that new
organizational relationships are needed within the intelligence
community and between this community and other entities.  A
restructuring of roles and missions may also be required.  In
our exercises, debate on this problem centered on the need for
some interagency structure to allow for coordinated collection
and analysis of "foreign" and "domestic" sources versus the
desire to preserve the boundary between foreign intelligence and
domestic law enforcement.

Difficulty of Tactical Warning and Attack Assessment

This feature of warfare presents fundamentally new problems in a
cyberspace environment.  A basic problem is distinguishing
between "attacks" and other events, such as accidents, system
failures, or hacking by "thrill-seekers."  The main consequence
of this feature is that the United States may not know when an
attack is under way, who is attacking, or how the attack is
being conducted.

As in the debate over what to do about the dilemmas posed by the
strategic intelligence challenge, exercise participants split on
this topic between those who were prepared to consider a more
radical mixing of domestic law enforcement and foreign
intelligence institutions and those strongly opposed to any
commingling.

Difficulty of Building and Sustaining Coalitions

Many U.S. allies and coalition partners will be vulnerable to IW
attacks on their core information infrastructures.  For example,
the dependence on cellular phones in developing countries could
well render telephone communications in those nations highly
susceptible to disruption.  Other sectors in the early stages of
exploiting the information revolution (e.g., energy and
financial) may also present vulnerabilities that an adversary
might attack to undermine coalition participation.  Such attacks
might also serve to sever "weak links" in the execution of
coalition plans.  Conversely, tentative coalition partners who
urgently need military assistance may want assurances that a
U.S. deployment plan to their region is not vulnerable to IW
disruption.


There was general agreement among participants that as the
United States develops and refines defensive systems and
concepts of operations or techniques in this area, it should
consider sharing them with key allies, but no specific policies
were proffered in the discussions.

Vulnerability of the U.S. Homeland

Information warfare has no front line.  Potential battlefields
are anywhere networked systems allow access.  Current trends
suggest that the U.S.  economy will increasingly rely on
complex, interconnected network control systems for such
necessities as oil and gas pipelines, electric grids, etc.  The
vulnerability of these systems is currently poorly understood.
In addition, the means of deterrence and retaliation are
uncertain and may rely on traditional military instruments in
addition to IW threats.  In sum, the U.S.  homeland may no
longer provide a sanctuary from outside attack.  There was a
broad consensus among exercise participants that no dramatic
measures such as shutting down an infrastructure would be
effective as a defensive measure (and some skepticism as to
whether such action would, in fact, be possible during a
crisis).  There appeared, however, a broad consensus in favor of
exploring the concept of a "minimum essential information
infrastructure" based on a series of federally sponsored
incentives to ensure that the owners and operators had
procedures to detect IW-type attacks and reconstitution measures
that minimized the impact of any one network disruption--see the
discussion below.

An Elusive Bottom Line on the Threat

Over the course of the exercise series, careful attention was
given to the possible solidifying of a bottom line on the
gravity of the cyberspace-based strategic IW threat.  Many
existing information systems do appear to be vulnerable to some
level of disruption or misuse.  At the same time, developments
in cyberspace are so dynamic that existing vulnerabilities may
well be ameliorated as part of the natural building of
immunities to threats that accompany any such rapidly evolving
entity.  However, our dependence on cyberspace and information
systems generally is also growing rapidly--raising unsettling
questions as to whether the "immune system" process can "keep
up" and thus prevent serious strategic vulnerabilities from
emerging and being exploited.

We looked for, but did not find, any strong statistical
consensus on just where people think we are now on the threat
spectrum portrayed in Figure S.2, or where we might be heading.
We did observe, however, that over the course of the exercise,
the general perspective on the magnitude of the strategic IW
problem almost invariably appeared to move downward along the
graph of Figure S.2.  This experience mirrored that of the
authors--the more time spent on this subject, the more one saw
tough problems lacking concrete solutions and, in some cases,
lacking even good ideas about where to start.


Figure S.2--A Broad Spectrum of Perspectives



Conclusions

The features and likely consequences of strategic information
warfare point to a basic conclusion:  Key national military
strategy assumptions are obsolescent and inad-equate for
confronting the threat posed by strategic IW.  Five major
recommendations emerged from the exercises as starting points
for addressing this shortcoming:

1.  Leadership:  Who Should Be in Charge in the Government?

Participants widely agreed that an immediate and badly needed
first step is the assignment of a focal point for federal
government leadership in support of a coordinated U.S. response
to the strategic IW threat.  This focal point should be located
in the Executive Office of the President, since only at this
level can the necessary interagency coordination of the large
number of government organizations involved in such matters--and
the necessary interactions with the Congress--be effectively
carried out.  This office should also have the responsibility
for close coordination with industry, since the nation's
information infrastructure is being developed almost exclusively
by the commercial sector.  Once established, this high-level
leadership should immediately take responsibility for initiating
and managing a comprehensive review of national-level strategic
information warfare issues.

2.  Risk Assessment

The federal government leadership entity cited above should, as
a first step, conduct an immediate risk assessment to determine,
to the degree possible, the extent of the vulnerability of key
elements of current U.S.  national security and national
military strategy to strategic information warfare.  Strategic
target sets, IW effects, and parallel vulnerability and threat
assessments should be among the components of this review.  In
an environment of dynamic change in both cyberspace threats and
vulnerabilities, there is no sound basis for presidential
decisionmaking on strategic IW matters without such a risk
assessment.

In this context there is always the hope or the belief--we saw
both in the exercises--that the kind of aggressive response
suggested in this report can be delayed while cyberspace gets a
chance to evolve robust defenses on its own.  This is, in fact,
a possibility--that the healing and annealing of an immune
system that is under constant assault, as cyberspace is and
assuredly will continue to be (if only, in Willy Sutton's words,
because that's where the money is), will create the robust
national information infrastructure that everyone hopes to use.
But it may not, and we are certainly not there now.

3.  Government's Role

The appropriate role for government in responding to the
strategic IW threat needs to be addressed, recognizing that this
role--certain to be part leadership and part partnership with
the domestic sector--will unquestionably evolve.  In addition to
being the performer of certain basic preparedness
functions--such as organizing, equipping, training, and
sustaining military forces--the government may play a more
productive and efficient role as facilitator and maintainer of
some information systems and infrastructure, and through policy
mechanisms such as tax breaks to encourage reducing
vulnerability and improving recovery and reconstitution
capability.

An important factor is the traditional change in the
government's role as one moves from national defense through
public safety toward things that represent the public good.
Clearly, the government's perceived role in this area will have
to be balanced against public perceptions of the loss of civil
liberties and the commercial sector's concern about unwarranted
limits on its practices and markets.

4.  National Security Strategy

Once an initial risk assessment has been completed, U.S.
national security strategy needs to address preparedness for the
threat as identified.  As portrayed in Figure S.3, preparedness
will cross several traditional boundaries from "military" to
"civilian," from "foreign" to "domestic," and from "national" to
"local."

Figure S.3--A Spectrum of National Security Preparedness


One promising means for instituting this kind of preparedness
could involve the concept of a "minimum essential information
infrastructure" (MEII), which was introduced as a possible
strategic defensive IW initiative in the exercise and is
portrayed notionally in Figure S.3.  The MEII is conceived as
that minimum mixture of U.S. information systems, procedures,
laws, and tax incentives necessary to ensure the nation's
continued functioning even in the face of a sophisticated
strategic IW attack.  One facet of such an MEII might be a set
of rules and regulations sponsored by the federal government to
encourage the owners and operators of the various national
infrastructures to take measures to reduce their
infrastructure's vulnerability and/or to ensure rapid
reconstitution in the face of IW-type attacks.  The analog for
this concept is the strategic nuclear Minimum Essential
Emergency Communications Network (MEECN).  Participants in the
exercise found the MEII construct conceptually very attractive
even though there was some uncertainty as to how it might be
achieved.  An assessment of the feasibility of an MEII (or like
concepts) should be undertaken at an early date.  5. National
Military Strategy

The current national military strategy emphasizes maintaining
U.S.  capability to project power into theaters of operation in
key regions of Europe and Asia.  Because of the four emerging
theaters of operation in cyberspace for such contingencies (see
Figure S.1), strategic IW profoundly reduces the significance of
distance with respect to the deployment and use of weapons.
Therefore, battlefield C3I vulnerabilities may become less
significant than vulnerabilities in the national infrastructure.
Planning assumptions fundamental to current national military
strategy are obsolescent.  Consideration of these IW features
should be accounted for in U.S. national military strategy.

Against this difficult projection and assessment situation,
there is the ever-present risk that the United States could find
itself in a crisis in the near term, facing the possibility of,
or indications of, a strategic IW attack.  When the president
asks whether the United States is under IW attack--and, if so,
by whom--and whether the U.S. military plan and strategy is
vulnerable, a foot-shuffling "we don't know" will not be an
acceptable answer.  Finally, however, it must be acknowledged
that strategic IW is a very new concept that is presenting a
wholly new set of problems.  These problems may well yield to
solution--but not without the intelligent and informed
expenditure of energy, leadership, money, and other scarce
resources that this study seeks to catalyze.


Contents

Chapter One: What is "Strategic Information Warfare?" 


Introduction
Study Background
Defense-Oriented Tasking from OASD(C3I)


Chapter Two: Methodology

         
The "Day After . . ." Exercise Methodology
The Exercise Design Process
Exercise History


Chapter Three: The Changing Face of War 

Chapter Four:  Defining Features of Strategic Information Warfare


Low Entry Cost
Blurred Traditional Boundaries
Perception Management
Strategic Intelligence
Tactical Warning and Attack Assessment
Building and Sustaining Coalitions
Vulnerability of the U.S. Homeland


Chapter Five:  Issues of Strategic Information Warfare 


Risk Assessment
National Military Strategy
National Security Strategy
U.S. Government Role


Chapter Six:  Conclusions


Leadership:  Who Should Be in Charge?
Risk Assessment
Government's Role
National Security Strategy
National Military Strategy


Additional Reading:  Threats and Vulnerabilities


Appendix 

A. Methodology
B. Summary of Group Deliberations for Step Three
C. Exercise




All content COPYRIGHT SOFTWAR (C) 2003. Any reproduction or use of content herein must be approved by SOFTWAR.