Changing the
Face of Warfare

Information contained in this article represents the opinion of the author and does not necessarily reflect the official Army or INSCOMposition. It does not change or supersede any information presented in other official Army publications.


By Maj. James P. Edmiston

     Warfare is no longer primarily a function of who puts the most resources, soldiers or technology on the battlefield, but rather of who has information dominance on the battlefield. The current "information revolution" reflects the meteoric technological advances enabled by the microchip and computerized information and communications systems. The role of information in enabling modern warfare also reflects how information is collected, stored, processed, communicated, and presented. Therefore, information warfare, in its largest sense, is simply the use of information to achieve national objectives.
     Information is similar to diplomacy, economic competition, or the use of military force. It is a key aspect of national power and, more importantly, is becoming a vital national resource which supports all aspects of our nation’s goals.
     Information is a strategic resource which may prove to be as valuable and influential in the post-industrial era as money and labor have been in the agrarian and industrial ages.
     The true target of information warfare is the human mind, especially those minds who make the key decisions of war or peace, or deploy the military assets and war-fighting capabilities of their country. While "cyberwar" will be fought over the worldwide telecommunications networks of computers, cables, fiber-optics and satellites, the objective of cyberwar is to influence the enemy and the decisions the enemy makes by controlling the "virtual battlefield."
     The old saying that knowledge is power has never been more true than its use in today’s military. The stunning advances of information technology should be used for exponential vision and the opportunity for a genuine revolution in military affairs. The ancient Chinese general Sun Tzu espoused that information should be used to create such a mismatch between us and an opponent that the opponent’s very strategy is defeated before his first forces can be deployed or his first shots fired.

Constant Change

     While our nation’s borders are guarded by soldiers, sailors, Marines and airmen; the security of the nation’s electronic nervous system is vulnerable to paralyzing attacks. The United States could be brought to its knees by compromising the country’s telephone, computer, air traffic control or financial systems. As the world approaches another millennium and prepares for the challenges of the 21st century, swift and radical changes are occurring in all dimensions of our society. The pace of these changes is a potentially chaotic revolution instead of an orderly evolution.
     Just as society is undergoing revolutionary change, so is the U.S. military. The dismantling of the Soviet armed forces and the emergence of the U.S. military from the desert wastes of the Gulf War have left the United States as the unquestioned world military leader, due in large part to our demonstrated technological superiority. But as current events are already proving, other military forces can also obtain technologies which challenge our own.
     Massive computer networking makes the United States and other information-based countries vulnerable to this revolutionary style of warfare known as "information warfare." The military’s reliance on unprotected networks carries the risk of military failure and catastrophic economic loss. Fully 95% of all military communications (both voice and data) are carried over the civilian telecommunications backbone. Whose responsibility is it to protect the nation’s information sinews and infrastructure? Where does the military forward edge of the battlefield (FEBA) start? Or end?
     Revolutions in military affairs occur when the application of new technologies into military weapons systems combines with innovative operational concepts and organizational adaptation to change the character and conduct of conflict by producing a dramatic increase in the combat potential and effectiveness of the armed forces. This information-based revolution goes beyond industrial based warfare where mass produced weapons cause mass destruction.
     Railroads, telegraphs and rifled musket and artillery changed the Civil War battlefields from those of the American Revolutionary War. World War I continued the relentless advancement of killing technology with the introduction of the tank and the airplane. During the interwar years, the internal combustion engine was "perfected," radio and radar were developed, and aviation technology flourished. These advances caused major changes in the character of warfare in World War II. Since then, the microchip, nuclear weapons and satellite technologies have forced changes in warfare.
     A global electronic environment was spawned by the explosive growth of the Internet and telecommunications networks. Many foreign governments (and their associated intelligence agencies) are using this new "virtual domain" to retrieve strategic and tactical information related to defense, economics, technology and even personal affairs. These networks also provide a potential "avenue of approach" for disruptive forces to introduce malicious software codes, viruses or logic bombs. The intent is to destroy essential data and to disrupt computer networks, therefore crippling the ability of the United States to effectively wage war.

A Historical Perspective

     While information is a relatively stable concept, the concept of warfare is not so stable and changes over time. Currently, Alvin and Heidi Toffler’s War and Anti-War and The Third Wave dominate conceptual thinking of how war will be fought in the 21st century. The Tofflers describe the history of warfare in terms of three waves: agrarian, industrial, and informational.
     Agrarian warfare was depicted by Agrarian Age raids on towns and villages to steal food and wealth using hand crafted weapons. Industrial warfare of the Industrial Age was depicted by attritional warfare between nation states relying on mechanization, mass and maneuver. Information warfare relies on Information Age technology, communications, decision support and real time processing of data to achieve tightly focused objectives.
     Sun Tzu’s The Art of War is considered the classic reference on warfare in the Agrarian Age. Elements of his work are still relevant, especially for information warfare, due to his high regard for information and the practice of deception.
     The Mongol hordes of Ghengis Khan illustrates almost a pure expression of information warfare. Mongol doctrine relied for success not upon military strength and mass, but upon learning exactly where their enemies were emplaced while keeping their own location secret until they attacked.
     They would search out the enemy, blind him, then strike at his heart with coordinated operations which had the end result of breaking down the command and control efforts of their enemies. This enabled them, despite being numerically inferior, to overthrow the finest, largest armies of imperial China, Islam, and Christendom. The Mongol example also reinforces the point that information warfare does not depend on high technology, but rather on how one thinks about conflict and strategic interaction.
     Carl von Clausewitz’s On War is regarded as the defining text on Industrial Age warfare. Clausewitz’s focus on operational and tactical level issues led him to place less value on information than Sun Tzu. In an Industrial Age war, battlefield information tended to lose most of its value in the time it took to reach centralized decision makers and redirect to those who needed it the most. His premise of "the fog of war" applies today: too much information can confuse or overwhelm just as easily as too little.
     The Tofflers believe warfare has moved into this "third wave" of information dominance. When one adversary possesses (or controls) almost complete "battlespace" awareness, while the other adversary is cut off from (reliable) information sources, the first adversary will always score a decisive win.
     The Gulf War is considered to be the first information war. Col. (Ret.) Alan Campen’s book, The First Information War, provides insight into the elements of information warfare employed in the war. By the start of the ground war, Saddam Hussein no longer knew the location of his armies, much less the location of coalition forces.
     The Pentagon’s final report to Congress on the Conduct of the Persian Gulf War—the so-called "COW Report"—states the earliest attacks targeted "microwave relay towers, telephone exchanges, switching rooms, fiber optic nodes and bridges which carried coaxial communications cables." This had the effect of either silencing them or forcing "the Iraqi leadership to use backup systems vulnerable to eavesdropping that produced valuable intelligence." Attacks were coupled with direct strikes at Saddam’s military and political command centers themselves; designed to destroy or isolate Iraqi leaders, cutting them off from field troops.
     Throughout the Gulf War, the coalition forces maintained superior battlefield awareness. They used command and control warfare, sensor elimination, and satellite imagery. By war’s end, the coalition communications infrastructure could handle 700,000 phone calls and 152,000 messages per day, while monitoring over 35,000 frequencies used for enemy communications.
     There are several examples where information warfare has been used against the United States. In Vietnam, the North Vietnamese expertly spoofed our radio communications and used hit and run guerrilla tactics. The United States relied upon traditional heavy armor and massed aviation warfighting techniques. They were also quick to reinforce and encourage the anti-war feelings in the United States due in part to televised images of the gruesome ravages of war. Vietnam showed the importance of psychological warfare as an element of information warfare.
     The term "warfare" has been associated with the military because of the connotation of physical violence. However, in the context of information warfare, the terms include a wider range of conflicts waged by a wider range of combatants because it is typically non-physical.
     A major new factor in information warfare is the worldwide info-sphere of television and broadcast news. Information warfare at the strategic level is the "battle of the battlefield" to shape the political context of the conflict. It will define the new "battlespace." Foreign countries may try to influence the news gathering and reporting capabilities of their adversaries in order to influence a political outcome.

Threat to Infrastructures

     The United States depends upon information systems and networks. Information systems control the basic functions of the nation’s infrastructure, including the air traffic control system, power distribution and utilities, phone system, stock exchanges, the Federal Reserve monetary transfer system, credit and medical records. The military depends upon commercial telephone networks to carry both routine and emergency communications; 95 percent of the traffic is on the commercial backbone. The MILNET computer network composed of more than 170,000 military computers is fully integrated into the Internet and exposes sensitive logistics, transportation, finance, personnel, and medical databases to exploitation.
     Most advanced countries today have some form of computer espionage or exploitation program. Today’s friends may be tomorrow’s enemies, either in war or commerce. The United States, due to its open, democratic society and personal freedoms, is open to exploitation from anywhere on the planet. All one needs is a computer and a modem, and the world’s information infrastructure is available with a few key strokes.
     Intelligence and espionage, once the exclusive occupations of monarch and government, have become an important component of international business. No longer are spies employed only by national intelligence services. Large corporations around the world, particularly in Western Europe and Asia, now hire sophisticated agents to gather intelligence on competitors and other.
     Buoyed by the success enjoyed by several computer hackers throughout the 1980s, scores of intelligence agencies began during the 1980s and 1990s to fully integrate the computer as an instrument of espionage tradecraft. International data networks now provide intelligence agencies with a conduit to retrieve information. These same networks also provide a potential avenue for opposing countries or people to introduce malicious software codes designed to destroy sensitive data or to disrupt computer networks.
     Some nations have created computer espionage branches within their intelligence services. These specialized units seek to compromise the confidentiality and, to a somewhat lesser degree, the integrity and availability of sensitive or classified computerized data. Although espionage agencies continue to have an interest in classified military information, the major targets for state-sponsored computer espionage are industrial and technological secrets. Many European and Asian nations admit their national intelligence services collect economic intelligence to benefit their industries at the expense of foreign competition. Computer systems and networks contain a large amount of research and development data that have a significant value to various national industrial and development policies.
     National intelligence agencies collect computer data. The storage of sensitive personal data spreads across internationally connected computers and data networks.
     The threat to data privacy and security increases with the size and complexity of computer system architecture. The stand-alone personal computer is much easier to protect against unauthorized intrusion than the sophisticated distributed computer systems using data networks and client-server system architectures. Reliance on "open-networks," such as the Internet, increases the possibility of surreptitious eavesdropping of electronic mail and other digital communications. Encryption is one form of protection against digital eavesdropping but its use is coming under increased governmental control and regulation in many countries.
     Legislation with criminal sanctions may serve as additional protection against state-sponsored and corporation-initiated digital eavesdropping schemes. However, these controls assume an illegal intrusion has already occurred and are designed to seek only financial or other remedies. Traditional computer security methods such as access control, secure database structures, personnel security controls, and input/output handling have met with only limited success in dealing with the computer hacker threat of the 1990s. All these controls have weaknesses which have been exploited by the determined and often youthful hacker.
     The threat posed by dedicated and well-financed intelligence agencies and international gangs to exploit computer security controls is much greater than that of the traditional hacker community. Those relying on computer technology face a far greater threat to computer security today than faced 10 years ago. The demand for new and more reliable computer security controls to counter the digital espionage threat will grow as a result of this formidable threat.

Effective Firewalls

     Military leaders are developing a new cyberspace warfare strategy which is intended to defend and attack the very computer networks which support it and all other modern armed forces. One of the "weapons" used to defend our networks from exploitation is the "firewall."
     A firewall is a generic term which describes a wide range of functions and architectures of devices which protect the network. A firewall can describe almost any network security device, such as hardware encryption devices, screening router, or an application level. However, a firewall is only part of an overall security posture adopted by an organization. Any hardware employed must be integrated with a security policy followed by the system’s users in order to be effective.
     The primary components of a firewall include a network policy, advanced authentication mechanisms, packet filtering and application gateways.
     Effective firewall design is specific to the network it protects. Every network is physically different. The intentions of the organizations vary from network to network. Firewalls generally implement one of two basic design policies: permit any service unless it is expressly denied, and deny any service unless it is expressly permitted.
     For a firewall to be successful, the network service-access policy must be drafted before the firewall is implemented. A realistic policy is one that provides a balance between protecting the network from known risks while still providing users reasonable access to network resources. If a firewall system denies or restricts services, a realistic network service-access policy can prevent the firewall’s access controls from being modified or circumvented on an ad hoc basis. Only a sound, management-backed policy can provide this defense against internal resistance.
     A firewall is only as effective as its administration. If the firewall is not maintained properly, it may permit break-ins while providing an illusion the site is still secure. Security policy should reflect the importance of strong firewall administration. Management should demonstrate its commitment to this importance in terms of full-time personnel, proper funding for procurement, maintenance and other necessary resources.
     A firewall is not an excuse to pay less attention to site system administration. It is in fact the opposite: if a firewall is penetrated, a poorly administered site could be wide open to intrusions and resultant damage. A firewall in no way reduces the need for skilled system administration. At the same time, a firewall can permit a site to be proactive in its system administration as opposed to reactive. Because the firewall provides a barrier, sites can spend more time on system administration duties and less time reacting to incidents and damage control.
     The Defense Information Systems Agency has conducted over 30,000 "friendly" hacker attacks against our own military computer systems in the past several years. Using offensive information warfare techniques and technologies which potential adversaries are believed to possess (and most of it freely available through the Internet), they have discovered that about 4 percent of systems administrators knew they had been attacked. Even worse, only 27% of the affected systems report an attack. Hackers try to penetrate military computer systems an estimated 250,000 times per year.
     This activity has spawned new defense activities such as the Land Information Warfare Activity (Army), the Naval Information Warfare Activity and the Air Force Information Warfare Center. The Marines, due to their unique mission, are working to combine the best elements of the other three services into a workable strategy.

Into the Information Age

     There have been several "official" definitions of what constitutes information warfare, however, all agree it concerns "actions taken to achieve information superiority by affecting adversary information, information-based processes, information systems and computer-based networks, while defending one’s own information, information-based processes, information systems, and computer-based networks." The security of our telecommunications networks is important in maintaining U.S. national security and competing in the global marketplace.
     The United States must face the challenge of Information Warfare by recognizing the global electronic environment and the threat it poses. Boundaries between nations and private-sector organizations are blurring–rendering distinctions between war and crime, and civilian and governmental interests, less meaningful. With this global connectivity, it will be difficult to distinguish between strategic information warfare attacks and other activities, such as espionage (both state-sponsored and commercial), accidents, systems failures and hacker attacks.
     Evolving Information Warfare doctrine such as FM 100-6, Information Operations, and the Army Intelligence Master Plan must address the nebulous "fog of battle" in which there is no "front line" or geographic boundary. Information warriors must be trained in the newest of technologies and techniques in order to assist the tactical warfighter.
     While the nature of war has changed as weapons improved, the purpose of war will endure: To impose one’s will over another. As Sun Tzu stated over two thousand years ago: "attaining one hundred victories in one hundred battles is not the pinnacle of excellence. Subjugating the enemy’s army without fighting is the true pinnacle of excellence."

     Maj. James P. Edmiston is assigned to Headquarters, INSCOM.

 


Go to Journal Contents

   Last Updated: May 29, 1997