I. INFORMATION WARFARE

1. Definition

Information Warfare (IW) encompasses actions taken to achieve information superiority by affecting adversary information, information-based processes, information systems and computer-based networks, while defending one's own information, information-based processes, information systems, and computer-based networks. In this section, the term "information system" includes information, information-based processes, information systems, and computer-based networks either individually or in combination with each other.

This section addresses only the unclassified aspects of IW and the associated science and technology programs which address key joint warfighter IW requirements. It does not address classified IW initiatives. It should be noted that information warfare is a dynamic area. Doctrine, policy, and the taxonomy are as fast moving as the supporting technology. Accordingly, the taxonomy used in this section describes the relevance of key technology initiatives to joint warfighter requirements, but should not be interpreted as being representative of the entire spectrum of warfighter IW roles and missions.

2. Operational Capability Elements

Figure IV.I.1 represents a conceptual view of the information warfare environment. The joint warfighter must have the operational capability to defend information systems from both deliberate and accidental disruptions, as well as the operational capability to attack adversary information systems. These operational capability elements give the joint warfighter a credible deterrent across the full spectrum of conflict. They also ensure information superiority and permit the conduct of operations without effective opposition. This section describes how key, enabling, technologies will be explored through DTOs, ACTDs, and ATDs to provide timely operational capabilities to the joint warfighter.

To achieve information superiority and contribute to dominant battlespace knowledge, the technology base must support joint warfighter requirements in two overlapping areas: defensive information warfare (IW-D) and offensive information warfare (IW-O). There is an overlap between these two areas that represents those technologies and operational capability elements that are common to both. Figure IV.I.2 expands upon these overarching capabilities, identifying subordinate operational capability elements.

Subordinate categories of IW-D are: protect, detect attack, and restore. For the purpose of this plan, information security, operations security, and information integrity are subelements of protect. Information security encompasses confidentiality, integrity, authentication, non-repudiation, and to some extent, availability. Operations security ensures that critical friendly information and activities cannot be easily intercepted or observed by adversary intelligence systems. Information integrity ensures that the information is unimpaired.

Figure IV.I.1. Information Warfare Concept

For IW-O, the technology base must provide the joint warfighter with a stockpile of new weapons, including several based upon improved conventional electronic warfare technologies. IW-O includes capabilities to deny/disrupt/degrade/exploit, deceive, and destroy adversary information systems. At the intersection of IW-D and IW-O is effective C4I which is critical to both. Other capabilities also can be considered to be "shared" by IW-D and IW-O. For example, deception techniques and supporting technologies, developed under an IW-O initiative can be used (i.e., shared) with IW-D to enhance information security or operations security.

3. Functional Capabilities

The technology base must support a set of functional capabilities which contribute to the achievement of the operational capability elements described in the previous sub-section. A number of these IW functional capabilities are common to IW-D and IW-O. For example, tools that assess vulnerabilities or that "map" the structure of an information system can contribute to both IW-D and IW-O operations. Figure IV.I.2 identifies the following functional capabilities to achieve the IW Operational Capability Elements.

1. Information consistency includes the integrity, protection, and authentication of information systems.

2. Access controls/security services ensures information security and integrity by limiting access to information systems to authorized personnel only. It includes trusted electronic release, multi-level information security, and policies.

3. Service availability ensures that information systems are available when needed, often relying upon communications support for distributed computing.

4. Network management and control ensures the use of reconfigurable, robust protocols and control algorithms, self-healing applications and systems capable of managing distributed computing over heterogeneous platforms and networks.

5. Damage assessment determines the effectiveness of attacks in both a defensive capacity (e.g., where and how bad) and an offensive capacity (e.g., measure of effectiveness).

6. Reaction (isolate, correct, act) responds to a threat, intruder, or network or system disturbance. Intrusions must be characterized and decision-makers must have the capability to isolate, contain, correct, monitor surreptitiously, etc. The ability to correct includes recovery, resource reallocation, and reconstitution.

7. Vulnerability assessment and planning is an all-encompassing functional capability that includes the ability to realistically assess the joint warfighter's information system(s) and information processes and those of an adversary. The assessment of warfighter systems facilitates the use of critical protection functions such as risk management and vulnerability analysis. The assessment of an adversary's information system provides the basis for joint warfighter attack planning and operational execution.

8. Preemptive indication provides system and subsystem precursors or indications of impending attack.

9. Intrusion detection/threat warning enables detection of attempted and successful intrusions (malicious and non-malicious) by both insiders and outsiders.

10. Corruption of adversary information/systems can take many diverse forms, ranging from destruction to undetected change or infection of information. There are two subsets of this function: (1) actions taken on information prior to its entry into an information system; and (2) actions taken on information already contained within an information system.

11. Defeat of adversary protection includes the defeat of information systems, software and physical information system protection schemes, and hardware.

12. Penetration of adversary information system provides the ability to intrude, or inject desired information, into an adversary's information system, network, or repository. The function includes the ability to disguise the penetration -- either the fact that the penetration has occurred, or the exact nature of the penetration.

Figure IV.I.2. Functional Capabilities Needed for Information Warfare

13. Physical destruction of adversary information system physically denies an adversary the means to access or use its information systems. Actions include traditional hard-kills as well as actions of a less destructive nature, which cause a physical denial of service.

14. Defeat of adversary information transport defeats any means involved in the movement of information either to or within a given information system. It transcends the classical definition of electronic warfare by encompassing all means of information conveyance, rather than just the traditional electrical means.

15. Insertion of false station/operator into adversary information system provides the ability to inject a false situation or operator into an adversary's information system.

16. Disguise of sources of attack encompasses all actions designed to deny an adversary any knowledge of the source of an information attack or the source of information itself. Disguised sources, which deny the adversary true information sources, often limit the availability of responses, thereby delaying correction or retaliation.

4. Current Capabilities, Deficiencies, and Barriers

Currently, the bulk of the information available to the joint warfighter is provided over legacy, communications-intensive, message-based information distribution systems. While there is a high degree of assurance (i.e., confidence in the integrity, confidentiality, and availability) associated with information received via stove-piped classified systems, there is less assurance associated with information received over other systems. In addition, there is a limited ability to internetwork at varying levels of security.

Although there are deficiencies in current IW operational capabilities that can be attributed to non-technical issues (e.g., operator awareness and training) there are many deficiencies that exist because there remain technological barriers to be overcome. From a technology perspective, much is being done, using existing technology, to meet warfighter requirements. The judicious application of existing technology is rapidly advancing the state-of-the-art, particularly in the area of IW-D. Existing capabilities are being applied in unique ways and are being extended to provide more effective means of network protection. Ranging from advanced access control systems to effective means of encryption of databases and transmitted information, tools are becoming available which help ensure the availability, integrity, and confidentiality of critical information for the joint warfighter.

In spite of these efforts, limitations still exist because many technology barriers have yet to be overcome. Figure IV.I.3 summarizes current capabilities and limitations. Currently, IW-D is limited in the following areas: management of distributed information, multilevel security (MLS), countermeasures that are generally reactive to emergent IW rather than anticipatory, predictive and anticipatory network management capabilities, IW sensors and processing for grid self-defense, and intrusion detection techniques that do not scale or that do not facilitate damage assessment or automated response. IW-O is limited in the following areas: integration of IW with hard kill as a continuum of tactical operations, the ability to automatically and rapidly determine points of vulnerability, and diverse tailorable IW attack tools.

Figure IV.I.3 lists key technologies that are needed to overcome these limitations. Figure IV.I.4 graphically portrays a subset of these key technologies and their respective relationship to ACTDs. As a relatively new area of focus within the DoD, IW has only one currently approved ACTD, Navigation Warfare, with a second proposed ACTD, IW Planning Tools, pending approval.

5. Technology Plan

Meeting the IW needs of the joint warfighter requires the development of new technology as well as the adaptation and insertion of applicable commercial technology. In addition to the two ACTDs previously cited, Figure IV.I.5 provides a list of DTOs (most of which are described in the DTAP) that have direct relevance to achieving the operational capability elements of IW.

The following DTOs address IW-D capabilities:

The following DTOs address IW-O capabilities:




GOALS
FUNCTIONAL CAPABILITIES

LIMITATIONS
KEY TECHNOLOGIES
OPERATIONAL CAPABILITY ELEMENT: INFORMATION SECURITY
Provide protection from deliberate or inadvertent, unauthorized disclosure, acquisition, manipulation, modification, or loss of sensitive information under various complex security policies, using distributed open systems architectures, and different security attributes. 1. Information Consistency
2. Access Control/ Security Services
7. Vulnerability Assessment and Planning
8. Preemptive Indication
9. Intrusion Detection/Threat Warning
1. Limited MLS capability
2. Countermeasures are generally reactive to emergent IW rather than anticipatory
3. Limited network management and security management capabilities
4. Limited availability of trusted operating systems
5. COTS applications vulnerabilities
6. Inadequate tools for validating system security and robustness
7. Limited authentication and identification capabilities
8. Inadequate automated intrusion detection techniques
9. Inadequate data contamination recovery techniques
1. Secure firewalls and guards (B3 Level)
2. Dynamic reallocation of computing resources
3. Automated intrusion detection and response capabilities
4. MLS secure COTS-based clusters
5. Trusted Operating systems
6. Malicious code detection tools
7. Security analysis tools
8. Security Engineering for Systems
OPERATIONAL CAPABILITY ELEMENT: OPERATIONS SECURITY
Eliminate, or reduce to an acceptable level, the vulnerabilities that an adversary could exploit by obtaining information about friendly capabilities, limitations, and intentions.

2.
6. Reaction (Isolate, Correct, Act)
7.
3.
7.
10. Limited ability to manage distributed information
11. Limited classification management capability of data objects.
9. Robust, adaptive, automated context-based information distribution infrastructure
10. Advanced high speed protocol/encryption and advanced key management for tactical and strategic networks
Figure IV.I.3. Goals, Limitations, and Technologies for Information Warfare


GOALS
FUNCTIONAL CAPABILITIES

LIMITATIONS
KEY TECHNOLOGIES
OPERATIONAL CAPABILITY ELEMENT: INFORMATION INTEGRITY
Ensure that information is sound and unimpaired. 1.
2.
3. Service Availability
4. Network Management and Control
5. Damage Assessment
6.
7.
8.
9.
1.
4.
5.
7.
11.
12. Limited scaleable encryption
1.
4.
5.
10.
OPERATIONAL CAPABILITY ELEMENT: DETECT ATTACK
Provide early warning of potential attacks so as to alert all defensive mechanisms, initiate available, reactive measures and minimize or obviate attack effectiveness. 5.
7.
8.
9.
13. Limited predictive and anticipatory network management capability
14. Limited IW sensors and processing for grid self- defense
15. Intrusion-detection techniques do not scale, do not facilitate damage assessment or automated response
3.

7.
11. Secure Global Positioning System
OPERATIONAL CAPABILITY ELEMENT: RESTORE
Achieve an ability to continue to operate at some nominally acceptable level through attacks so as to avoid catastrophic failure of the system and endure into the post-attack period for recovery and/or reconstitution. 3.
4.
5.
6.
7.
13.
14.
15.
16. Limited IW damage assessment
17. Current technologies have limited capability to support continued operations during network partition
2.
3.
7.
12. Fault avoidance and recovery mechanisms
OPERATIONAL CAPABILITY ELEMENT: C4I
Achieve transport of the required information, from anywhere to anywhere, "just in time". 3.
4.
5.
7.
1.
17.
2.
4.
10.
12.
Figure IV.I.3. Goals, Limitations, and Technologies for Information Warfare (Cont'd)


GOALS
FUNCTIONAL CAPABILITIES

LIMITATIONS
KEY TECHNOLOGIES
OPERATIONAL CAPABILITY ELEMENT: DENY/DISRUPT/DEGRADE/EXPLOIT
Selectively control an adversaryís use of information, information-based processes, and information systems through the application of offensive IW capabilities that deny access to, or use of information, disrupt operations or capabilities, or selectively degrade levels of service 5.
7.
10. Corruption of Adversary Information/System
11. Defeat of Adversary Protection
12. Penetration of Adversary Information System
13. Physical Destruction of Adversary Information System
14. Defeat of Adversary Information Transport
15. Insertion of False Station/Operator into Adversary Information System
16.
18. IW not integrated with hard kill as a continuum of tactical operations
19. Limited ability to automatically and rapidly determine points of vulnerability
20. Lack of arsenal of diverse, tailorable IW attack tools
21. Difficult to keep attack tools current in era of rapid change in information technology
22. Increasing sophistication of advanced protection software and hardware
23. Limited capability to surreptitiously enter a wide range of information systems
7.
13. High Power Microwave Attack Technology
14. Electronic attack against digital information transport systems
15. Information warfare planning and decision aid tools
16.
OPERATIONAL CAPABILITY ELEMENT: DECEIVE
Provide the Joint Warfighter with the capability to selectively influence an adversary's use of, or confidence in, information, information-based processes, information systems and computer-based networks through the application of offensive deceptive IW capabilities that provide the means to manipulate the information or information sources which support them. 5.
7.
10.
11.
12.
15.
16. Disguise Sources of Attack
19.
20.
21.
22.
23.
7.
14.
15.
OPERATIONAL CAPABILITY ELEMENT: DESTROY
Provide capability to selectively destroy an adversaryís information, information-based processes, information systems and computer-based networks through the application of offensive weapons that destroy the information, or the capability to use, transport, collect or access it. 5.
7.
10.
12.
13.
16.
18.
19.
20.
21.
22.
23.
7.
13.
14.
15.
16.
Figure IV.I.3. Goals, Limitations, and Technologies for Information Warfare (Cont'd)

Figure IV.I.4. Technology to Capability --Information Warfare



DTO #
TITLE
I.01
Digital Communications Electronic Attack
I.02
Information Warfare Planning Tool ACTD (Proposed)
I.03
Navigation Warfare ACTD
WE.22.09.F
High Power Microwave C2W/IW Technology
WE.23.08.ANF
Modern Network Command and Control Warfare (C2W) Technology
IS.19.06.AF
Context-Based Information Distribution
IS.21.07.AF
Assured Communications
IS.22.01.AFN
Network Management
IS.17.02.NFE
Defensive Information Warfare
IS.18.02.F
Survivable Information Systems


Figure IV.I.5. Defense Technology Objectives -- Information Warfare

Figure IV.I.6 provides a list of demonstrations that are currently planned to meet the DTOs. In addition, this figure depicts the relevance of each of these demonstrations to the various IW operational capability elements, and identifies the respective Services and Agencies involved in each.

Figure IV.I.7 provides a graphical depiction of the timelines and relationships of a subset of the key technologies being developed in support of the DTOs cited above. As noted earlier, there currently exists only one approved IW-related ACTD; however, as indicated in this figure, three possible new ACTDs or ATDs (identified in dotted lines) are proposed as logical future extensions of the current planned efforts in this area.

6. Summary

IW is a relatively new joint warfighting area which crosscuts several JWCOs and DTAP technology areas. Figure IV.I.8 reflects the contributions of the DTOs to an incremental improvement in IW capabilities. Near-term capabilities will internetwork warfighters at the tactical level, improve the security and reliability of distributed databases, and provide improved protection techniques. Mid-term capabilities will take advantage of high bandwidth, encrypted links to internetwork warfighters at varying levels of security, and provide a suite of IW-O planning tools and effectiveness models. The capability objective will ensure the availability, confidentiality, and integrity of information by providing the warfighter with a robust, adaptive, automated context-based information infrastructure and suites of tools to protect friendly information systems and attack adversary information systems.

It is important to recognize that the IW threat is real. IW-D and IW-O capabilities, at various levels, are widely available. DoD systems, particularly those that are unclassified, are currently vulnerable. While a concerted, coordinated attack against DoD interests would require considerable resources, significant damage to DoD information systems is possible. The S&T community takes this threat seriously and will continue to focus funding on key technologies that support the joint warfighter IW requirements. IW represents a new tenet in military doctrine. The appropriate investment in the supporting technologies will enable the DoD to achieve military superiority through information superiority.

Figure IV.I.6. Demonstration Support -- Information Warfare

Figure IV.I.7. Roadmap -- Information Warfare

Figure IV.I.8. Progress -- Information Warfare