Information Warfare - PowerPoint PPT Presentation

Loading...

PPT – Information Warfare PowerPoint presentation | free to download - id: 27c04-NjE0N



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Information Warfare

Description:

Revolutionary War. Yorktown, 1781. Adapted from Sullivan and Dubik, War In the Information Age. ... Smart weapons * ms. 16. What is the Global Information ... – PowerPoint PPT presentation

Number of Views:2730
Avg rating:3.0/5.0
Slides: 65
Provided by: msha9
Learn more at: http://mason.gmu.edu
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Information Warfare


1
Review
Information Warfare
Mohamed Sharif
2
What is Warfare
  • Armed fighting between groups
  • Period during war
  • Method of warfare
  • Conflict
  • Serious effect to end something
  • There have been four generations

3
Command Cycle is Becoming Shorter
Adapted from Sullivan and Dubik, War In the
Information Age. SSI US Army War College,1994
4
What is Information Warfare ?
  • Information warfare is a coherent and
    synchronized blending of physical and virtual
    actions to have countries, organizations, and
    individuals perform, or not perform, actions so
    that your goals and objectives are attained and
    maintained, while simultaneously preventing your
    competitors from doing the same to you
    According to Andy Jones.

5
Information Environments
  • Information Environment (IE) is the aggregate of
    individual, organization, or systems that
    collect, process, or disseminate information
    including the information itself.
  • IE is the interrelated set of Information,
    Information Infrastructures and Information-based
    processes.

6
Information Environments (Conti)
  • Information
  • Data
  • Knowledge
  • Information Infrastructures
  • Display
  • Store
  • Process
  • Transmit
  • Information based processes
  • Obtain
  • Exchange

7
Information Warfare (Conti)
  • Objective of Information Warfare
  • Exploitation
  • Deception
  • Disruption
  • Destruction
  • To achieve the objective of Information Warfare
  • Natural hazard and unintended threats
  • Tactical attack
  • Strategic attack

8
Information Warfare (Conti)
  • Advantage
  • Less human causalities
  • Less cost
  • Information Technology
  • Disadvantage
  • Trust
  • Unexpected result
  • Terrorism
  • Un declare war

9
What is Information Operations ?
Information Operation is an action taken to
affect adversary information and information
systems while defending ones own information and
information systems
10
Information Operation Process
11
What is Technology?
  • According to one dictionary
  • The study, development, and application of
    devices, machines, and techniques for
    manufacturing and productive processes
  • A method or methodology that applies technical
    knowledge or tools.

12
What is High Technology?
  • High technology is based on a reference point
    and that reference point is time.
  • Example
  • Telephone and Mobile phone
  • Copper wire and Optical fiber

13
Moores Law
The capacity or circuit density of
semiconductors doubles every 18 months or
quadruples every three years
14
What is Internet ?
  • The Internet is a worldwide IP network, that
    links collection of different networks from
    various sources, governmental, educational and
    commercial.
  • Network of the networks
  • Also known as cyberspace and global information
    infrastructure (GII)

15
Tools of Warfare in the context of the Evolution
of Technology
  • Agrarian

Industrial
Information
Subs Tanks Planes Missiles
Computers Satellites Communications Smart weapons
Bows arrows Swords Guns
16
What is the Global Information Infrastructures
(GII)
  • GII is a worldwide collection of connected
    systems that integrate the following components
  • Communication Networks
  • Equipments
  • Information resources
  • Applications
  • People

17
Global Information Infrastructures (Conti.)
18
Data Network (Conti)
  • Millions of connected computing devices
  • PCs workstations, servers
  • PDAs phones
  • Communication links
  • fiber, copper, radio, satellite
  • transmission rate bandwidth
  • Routers forward packets

19
Internet structure network of networks
Tier 1 ISP
Tier 1 ISP
Tier 1 ISP
20
Internet structure network of networks
Tier 1 ISP
Tier 1 ISP
Tier 1 ISP
21
Human Protocol
Hi
Hi
22
Internet protocol stack
  • application supporting network applications
  • FTP, SMTP, STTP
  • transport host-host data transfer
  • TCP, UDP
  • network routing of datagrams from source to
    destination
  • IP, routing protocols
  • link data transfer between neighboring network
    elements
  • PPP, Ethernet
  • physical bits on the wire

Application
Transport
Network
Link
Physical
23
Public Telephone Network
  • Comprise of several networks
  • Public Switched Telephone Network (PSTN)
  • Wireless Telephone Network
  • International Telephone Network

24
Public Telephone Network
25
Wireless Network
  • Radio Technologies
  • AMPS, GSM, CDMA
  • Network Systems
  • Signaling, Transport
  • Mobility Management
  • GSM, IS-41

26
Cable Network
Diagram http//www.cabledatacomnews.com/cmic/diag
ram.html
27
Real and Potential Benefit of the GII
  • E-commerce
  • Distance Learning
  • Research
  • Public Service
  • Games
  • Communications
  • Command and Control

28
Risks and threats of the GII
  • No one is responsible for GII
  • No one has control of GII
  • Easy accessibility
  • Attack tools are freely available
  • Attack tools are easy to use
  • Attacks are more sever and difficult to detect
  • Attacks are difficult to predict.

29
Information Age Battlefield
  • Computer Network Attack (CNA)
  • Nation-States Conflict
  • Business
  • Terrorists and Activists
  • Simula War

30
Computer Network Attack (CNA)
  • Addresses the vulnerabilities of hardware,
    software and firmware
  • These vulnerabilities can be easily exploit with
    little expertise
  • The root cause of these vulnerabilities is
    commercial off-the Shelf Software (COTS)

31
Why COTS?
  • Provides good capabilities at reasonable cost
  • Easy of use
  • Frequently product upgrade
  • New products delivery with every18 months

32
Who are the Players?
  • Military info-warriors
  • Intelligent agents
  • Economic espionage agents
  • Technology terrorists
  • Terrorists
  • Activists
  • Revolutionaries
  • Freedom Fighters

33
Type of Attacks
  • Passive Attack
  • The attacker simply monitors the traffic being
    sent to try to learn secrets.
  • Passive attacks are the most difficult to detect.
  • Assume that someone is eavesdropping on the
    system.
  • Active Attack
  • The attacker is trying to break through your
    defenses
  • Cryptographic attacks
  • Spoofing
  • System access attempts

34
Type of Attacks (Cont.)
  • Most common type of attacks
  • Denial of Service
  • Web Defacement
  • System Modification
  • Theft
  • Radio Frequency
  • TEMPEST
  • Social Engineering
  • Viruses and Warms
  • Bugs

35
Information Warfare Tactics Process (cont.)
  • Covertly probe and document the results
  • Once inside, check for other systems
  • Once inside, find and transmit sensitive
    information
  • Once inside, set Logic Bombs, Trojan Horses and
    Trap Doors
  • Erase evidence of intrusion
  • Search for additional and systems of the
    nation-state

36
Attack Tools
  • The following commands could be used to perform
    system hacking
  • TRACERT
  • WHOIS
  • DNSLOOKUP
  • FINGER
  • NETSTAT
  • PING
  • TELNET
  • SU
  • RLOGIN

37
Nation-States
  • Conflicts between nation-states can be
    categorized as follows
  • Intelligence gathering
  • Protection, Exploitation, and hacker war
  • Diplomatic pressure
  • Psychological Operation
  • Economic pressure
  • Economic Warfare

38
Nation-States (Cont)
  • Military posturing
  • Deception
  • Combat
  • Precision and Information Weapons Electronic
    Warfare
  • Reconstruction

39
Businesses
  • Businesses use the following to gain a
    competitive advantage
  • Monitoring current competitor activities and
    strategy
  • Monitoring customers and vendors
  • Operational benchmarking
  • Strategic probabilities and possible futures
  • Product and services
  • Sales and marketing support
  • Internal knowledge management
  • Intellectual Property
  • Alliance and Investment support

40
Businesses (Cont.)
  • Long-term market prospects
  • Legislative and regulator effect
  • Decision support
  • Consultative briefing
  • Web Bugs
  • Low-technology Methods
  • Malicious Insiders
  • Reverse Engineering
  • Computer Based Attack
  • Dumpster Diving

41
Terrorist
  • Terrorist are whoever the people in power say
    they are.
  • A terrorist is one who causes intense fear, or
    one who controls, dominates, or coerces through
    the use of terror.

42
Terrorist (Cont.)
  • What is the difference between a terrorist and a
    freedom fighter?
  • Does moral rightness excuse violent?
  • Does the cause justify the means?
  • How does one distinguish between criminals and
    terrorists?
  • Criminals are those that violate the law of
    society.

43
Why use terrorist methods?
  • When those in power do not listen
  • When there is no redress of grievance
  • When individuals or groups current policy
  • When no other recourse is available
  • When a government wants to expand its territory
  • When a government wants to influence another
    countrys government

44
Activists
Activists are groups of people with common
cause who wanted to bring pressure to bear on the
establishment. The establishment might be a
government, an international organization such as
the World Trade Organization or even an industry
sector such as the petrochemical industry or the
biotech sector.
45
Criminal
  • Criminals are those that violate the law of
    society, and use hoaxes to gain sympathy and
    money
  • Nigerian Scam
  • Kidneys removed
  • Little Jessica dying of Cancer
  • For entertaining read urban legends, by visiting
    http//urbanlegends.about.com/

46
Simula War
  • We have said that in modern information warfare,
    destroying the enemy army is not necessarily an
    objective.
  • Some have taken this notion to the next level and
    have suggested that if the objective is to take
    control of power and infrastructure, then why
    fight a real battle at all? Why not simply run a
    simulation and agree to abide by the outcome?
    Wouldnt this be more civilized? (See Star Trek
    OS Episode 23, A Taste of Armageddon.)
  • If you could prove to the enemy that it would
    lose, wouldnt it make more sense not to fight at
    all?

47
Information Warfare Tactics Process
  • Identify the target
  • Identify its GII and NII interfaces
  • Research the nation-states systems
  • Gather intelligence information
  • Identify critical elements
  • Identify network vulnerabilities

48
Information Warfare Tactics Process (cont.)
  • Covertly probe and document the results
  • Once inside, check for other systems
  • Once inside, find and transmit sensitive
    information
  • Once inside, set Logic Bombs, Trojan Horses and
    Trap Doors
  • Erase evidence of intrusion
  • Search for additional and systems of the
    nation-state

49
Information Warfare Defense
  • Information warfare defense must be based on
    the analyses of acceptable levels of risks and
    this can be accomplished by conducting
  • Risk Assessment
  • Risk Management

50
Risk Analysis
  • Risk analysis is an evaluation of the exposure
    one has to loss of assets or services.
  • In the business world, a certain amount of risk
    may be acceptable, and entrepreneurship often
    involves taking risks.
  • However in the context of warfare, there is a
    much lower threshold for risk.

51
Assets
  • Evaluating risk first involves identifying
    assets
  • Some assets are obvious
  • Information
  • Equipment
  • Systems
  • Personnel
  • Some are not obvious
  • Reputation
  • Soldier loyalty

52
Sample Analysis Chart
53
Risk Management
  • Risk management objectives are different from
    one system to another but they are based on the
    following categories
  • Identification
  • Something which uniquely identifies a user and is
    called UserID.
  • Authorization
  • The process of assigning access right to user
  • Access Control
  • Assurance that the user or computer at the other
    end of the connection is permitted to do what he
    asks for.

54
Risk Management (Cont.)
  • Authentication
  • Assurance that the user or computer at the other
    end of the connection really is what it claims to
    be.
  • Data Integrity
  • Assurance that the data that arrives is the same
    as when it was sent.
  • Confidentiality
  • Assurance that sensitive information is not
    visible to an eavesdropper. This is usually
    achieved using encryption.

55
Risk Management (Cont.)
  • Non-repudiation (Accountability)
  • Assurance that any transaction that takes place
    can subsequently be proved to have taken place.
    Both the sender and the receiver agree that the
    exchange took place.
  • Availability
  • Assurance the system is available to the
    authorized users when they need it.

56
Risk Management (Cont.)
  • The objectives of risk management can be
    achieved by performing the following
  • Physical Security
  • Personal Security
  • Procedural Security
  • Electronic Security
  • Countermeasures

57
Physical Security
  • Physical Security is the fundamental building
    block on which all conventional system security
    is based
  • Bars
  • Cameras
  • Doors
  • Fences
  • Walls
  • Guards

58
Personal Security
  • Personal security is one of the most important
    security aspect that an organization must address
  • Staff Retention
  • Education and Training
  • Activity Monitoring

59
Procedural Security
  • Procedural security is the set of ruls and
    practices developed and implemented to integrate
    the physical, personal and electronic security
    measures that have been selected.
  • Diversity
  • Graceful Degradation
  • Use Software Features
  • Redundancy

60
Procedural Security (Cont.)
  • Disaster Recovery
  • Security Polices and Procedures
  • Security Policy Enforcement
  • Domain-Based Approach
  • Management
  • Penetration Testing

61
Electronic Security
  • Electronic security encompasses anything that is
    found in the electronic system that works toward
    improving the security of the system
  • Firewalls
  • Routers
  • Audit Logs
  • Software Patching
  • Sandboxes

62
Electronic Security (Cont.)
  • Virtual Private Network
  • Public Key Infrastructure
  • Encryption
  • Anti-Virus
  • Biometric Authentication
  • Wireless Security
  • Electromagnetic Pulse and High Energy Radio
    Frequency

63
Countermeasures
  • Countermeasures are used to defend the systems.
  • Intrusion Detection Systems
  • Computer Forensics
  • Honey Pots and Honey Nets
  • Counterstrike
  • Law Enforcement
  • Incident Response Teams
  • Cyber-Vigilantes

64
Information Warfare Defense Summary
  • Awareness
  • Policies
  • Information Assurance
  • Military Forces
  • Intelligence
  • Cooperation between government and private sector
About PowerShow.com