The following are unproofed, unedited speaking notes from my presentation at InfoWarCon II in Montreal, Canada on January 18-19, 1995. It is interesting to read them today and see how little has changed.
Political Aspects of Class III Information Warfare: Global Conflict and Terrorism.
Presentation by Matthew G. Devost
Second International Conference on Information Warfare
Montreal, Canada January 18-19, 1995
I would like to take this opportunity to address some of the political aspects of Class III information warfare and how it relates to conceptions of national security, both past and present. This will not be a very technical presentation. In the past when I have spoken on this subject it was to an audience that had little or no knowledge of the technology involved and I could relax into the comfortable position of describing the technology without really getting into the juicy political aspects. Today will be different. If you are interested in what I say today, and would like a copy of my thesis when it is finished in May, just give me a business card and I’ll be sure that you get a copy.
This panel is really concerned with two entirely different topics. Global conflict and terrorism are really unique subsets of Class III information warfare. Therefore, I am going to address them separately. I refer to global conflict as information warfare and terrorism as information terrorism.
I’ll start with global conflict. Information warfare is undoubtedly the warfare of the future. Traditionally warfare has followed the different waves of development in society. Science has always been applied to war. Agrarian society saw the development of the crossbow, and as societies scientific capacity increased, so did the weapons they used in warfare. As nations industrialized, they used their factories to create tanks, and as our capacity to understand physics increased we used nuclear fusion to deal devastating blows from high altitudes. Today, computer guided electronics allow us to deal even more damage from the comfort of an underground bunker on our own continent. As we move, or have already moved (depending on who you talk to) in the third wave or information age, it is only natural that our weapons or means of warfare will follow. The attraction of state sponsored information warfare may be so great that many nations will be unable to resist.
What are some of the attractions of information warfare.
In information warfare there is a huge first strike advantage. There is a high correlation between the extent to which you damage your enemies information capabilities and their ability to respond using purely information warfare techniques. You can also execute this first strike anonymously if you so desire, delaying retaliation indefinitely.
There is a low human life factor in information warfare. This makes response difficult for nations without strong information warfare capabilities. The urge to respond using industrial age warfare techniques will be great, but justifying such responses will be difficult unless the value of these information systems is declared before they are attacked. A press release saying “any attack on the information infrastructure of this nation will be viewed as an act of war and any state sponsored information warfare may be responded to with military strikes.” may seem a little drastic, but remember we are talking about all out information warfare here. This type of warfare is waged to erode a nations strength, destabilize its economy, or threaten its autonomy. Such responses might be necessary and I am certain they will be advocated by many policy makers should the circumstances arise.
Information warfare is inexpensive. You get high returns on your investment in information warfare.(schwartau numbers) If you want to attack the heart of an industrial nation, you must shut down the factories, which can be quite expensive since you have to physically destroy them. If you want to attack the heart of an information economy, you must shut down, destroy or reduce the flow of information. Though the organizational process and technical expertise behind information warfare may be complex, the actually cost is relatively small.
Information warfare is timely and it is not location specific. Information warfare can be waged at the drop of pin, to steal an analogy from the telecommunications industry that would be a probable target of such an attack. There is no early warning system for information warfare. You don’t know it is coming, so you must always expect it which creates a high level of paranoia. No radar pick up a long distance phone call from overseas, yet that one phone call may cause more monetary damage that a dozen planes carrying a non-nuclear arsenal. The World Trade Center is a perfect example. Damage to the flow of information proved more costly than the structural damage inflicted on the building.
If there are so many attractions, what prevents information warfare?
Perhaps, the greatest deterrent to information warfare is economic interdependence. The extent to which many nations are linked today means that it would be nearly impossible to wage information warfare without effecting your own economy. Now this does nothing to prevent states from attacking specific industries or corporations, but that falls under Class II information warfare.
Another possible deterrent is fear of escalation. A country will not wage information warfare, especially against a country with strong military capabilities, if they are not sure what the response will be, or if they fear that the situation will escalate into military conflict. That is one reason, nations need to declare, or at least acknowledge what is at stake in advance.
Lack of technical expertise is perhaps the weakest deterrent to information warfare and is one that is eroding fast. It is not really a deterrent, but what Bruce Sterling has referred to as a protective membrane of computer literacy. We must not fool ourselves into thinking that this protective membrane prevents any nation state from developing information warfare capabilities. If they don’t have the experts in-house, they will import them from another country, whether it be a scientist from Russia or hackers from the United States.(mention KC)
How does this fit into traditional conceptions of national security?
Traditionally, in political science national security studies have been divided into two well known camps. Realism and liberalism. Information security as a direct component of national security fits into this debate as well, and as might be expected realism and liberalism would remedy the threat posed by information warfare in different ways.
The realist perspective is concerned with relative security at a base military level. If the Russians have two bombs and we have four and they increase their arsenal to four, then we need to increase ours to eight. The relative balance of power is maintained. The problem with the realist perspective is that it is not really geared towards including prosperity as a component of national security. However, I think that most realists would agree that information warfare poses a genuine national security threat. The realist response the information warfare threat would be to increase relative security, which is extremely difficult if not impossible to gauge where information technologies are concerned. The typical realist response would contain at least four components:
1) Increase security of information systems at home.
2) Constant evaluation of possible adversaries information systems for weaknesses. Since security is relative, create weaknesses where possible either through backdoors in software or chipping of hardware.
3) Formation of possible responses, allowing for the use of both counter information warfare and conventional military warfare.
4) Develop methods for assessing information damage inflicted and information damage incurred.
The liberal perspective is more inclined to recognize the threat posed by information warfare, based on its ability to decrease a nations ability to remain prosperous. However, the liberals would recognize that the maximum security is achieved when no one wages information warfare, and would base their response towards preventing information warfare in several ways:
1) Increase levels of interdependence. Realizing that interdependence is a deterrent to information warfare, interdependence should be increased, especially with those nations that pose the greatest threat. A sort of mutual self assured destruction for the Information Age.
2) Create global liberal institutions and agreements designed to prevent information warfare. Treaties designed to prevent the waging of information warfare might be difficult to establish as traditional allies of openly admit to waging Class II information warfare. However, precautions to prevent Class III information warfare might be negotiated and would prove beneficial, especially to the United States, since we are the nation most susceptible to attack.
The realist/liberal conflict:
As you can see, the realists and liberals are in conflict as to how to deal with the threat of information warfare. Where the liberals would increase security by increasing interdependence, the realists would see this as weakening security because you are decreasing your ability to wage information warfare against others and you are leaving yourself susceptible to third party information warfare to which you might not otherwise be involved. Recognizing interdependence as a deterrent to information warfare, also opens up difficult policy questions, as traditional methods of negative international relations policy such as economic sanctions become less effective. In fact, the liberals would argue that economic sanctions are ineffective and potentially threatening where information warfare concerns are present. You are opening yourself up to one-way information warfare, where the aftershocks would not be felt by the attacking nation, thus increasing the attraction of using information warfare methods.
Though global liberal institutions would help the situation, they do not eliminate the threat. There will always be at least one country that does not participate in the agreement, and the threat from that country is as potentially dangerous as any other. If you try to create globally enforceable information warfare laws, where acceptable use policies are laid out, you have the problem of regulatory arbitrage that Cypherpunk Eric Hughes always talks about. What I can’t do in one country I will do in another that allows it. A good example of this, was the Netherlands delay in establishing anti-hacker laws.
What solution might be derived from this?
Global liberal institutions and agreements would be a step in the right direction, however, we must always accept the realist presumption that information warfare in one form or another is inevitable. The stakes must be declared and security should be increased. I also think that the best way to increase security is to know your own weakness and that we should utilize the hacker community as a national resource. We have created a generation of security experts, yet we don’t use them. Robert Steele notes that “If someone gets into a system, that is not a violation of law, it is poor engineering. When we catch a hacker, rather than learn from him, we kick them in the teeth. When the Israelis catch a hacker, they give him a job working for the Mossad.” There does seem to be a trend in the past year to utilize hacker capabilities, both in the military and private sector…this needs to increase, and perhaps some internal evaluation of our own laws might be necessary if we wish to continue knowing where the holes are.
Information terrorism presents an entirely different and perhaps more difficult dilemma. The key to any type of terrorism is to strike terror, and information terrorism does so by slowing down or destroying information flows. Information terrorism also preys heavily on the feelings of binary schizophrenia that Mr. Schwartau discusses in his book. We have become so reliant on computers, that often computers dictate the schedules of our daily lives to us. Without them we experience a sense of chaos and insecurity. All of the things that make information warfare attractive also make information terrorism attractive: it is low cost, not location specific, and there is an opportunity to attack anonymously. The only protective barrier has been the lack of technical knowledge on the terrorist’s part, and that barrier is eroding fast, if it isn’t gone already.
Global liberal institutions and agreements won’t prevent or deter information terrorism, in fact there is no way to prevent attempts at information terrorism. You can only increase security to make your nation less susceptible, gather intelligence to stop plans in progress and work on backup systems or plans to reduce the impact should a successful attack be carried out. As knowledge disseminates, the number and locality of the threats will increase as well. Mr. Schwartau often speaks of cyber-civil disobedience. This disobedience may take the form of information terrorism as well. After the California couple that ran the Amateur Action BBS in California were sentenced to jail in Memphis Tennessee, there we a few messages that circulated the Internet requesting volunteers to help takedown the Memphis phone and power grids in an act of protest. This person was soliciting help to conduct information terrorism.
Anarchists, who I have concluded have too much time on their hands, and are much to organized to maintain their namesake, have spoken of creating information anarchy should the commercialization of the net continue. Again, information terrorism in a limited sense.
In conclusion, we certainly are, as Al Gore noted last week, in the midst of an Information Revolution. Methods of warfare will continue to adapt as the revolution progresses and conceptions of national security will have to adapt as well.
The conflict between realism and liberalism intensifies here, because there is a shared common goal, but entirely different approaches. We must keep this in mind as we address this issue in the future. Information warfare must be made less attractive to other nations, while at the same time internal security must be increased. Mr. Schwartau has done a great service by acknowledging the threat and explaining it to the general public, but the debate and conceptualization has only just begun. Information warfare and information security must be incorporated into the national security agenda of any nation that is making the transition into the Information Age. I certainly look forward to working on the issue in the future, and I know that everyone here does as well. Thank you.