From: iw@all.net
Subject: IW Mailing List history/951127
---------------------------------------------
Noderator's note:
	In the last issue, the information on SpaceCom systems came from
The Jarvis Report, in a section on Techno-Terrorism.  The Jarvis Report
focuses on industrial espionage and is written by Ray Jarvis who many
say is "one of the best wiremen around".  Here's another relevant
extract:

May 22, 1995, Bill Gaede, an Argentine engineer, confessed to stealing
technical secrets from Advanced Micro Devices and Intel Corp.  and
selling them to China, Cuba and Iran. 

---------------------------------------------
From: Danny Cox 
Date: Mon, 27 Nov 1995 11:24:03 GMT

What do I consider IW to be ? Hard to say - I guess it's organisations
using techniques to gain information from opponents or to deny them
access to the same. 

Danny Cox
dannyc@gmap.leeds.ac.uk
---------------------------------------------
From: Mr SC Meert - System Manager 
Date: Mon, 27 Nov 1995 10:18:53 GMT

    I've been in system admin now for around two years, running Netware
& HP-UX/ SUN OS Unix.  I'm probably in the same situation as a lot of
people - I've heard of Information Warfare, but have never had to time
to read into it.  IW to me means use of computer code to compromise Info
Systems - eg.  virii/ passwd cracking/ hacking etc.

Steve Meert- Novell & Unix System Manager
Chemical Engineering Computing Services
---------------------------------------------
Date: Mon, 27 Nov 95 07:37:59 EST
From: pirocchi@mitre.org (Jesse Pirocchi)

I saw an interesting graphic recently that showed 1992 as the year in
which capital expenditures in the U.S.  for information systems first
exceeded expenditures for industrial age items such as factories,
machines, etc.  One could therefore argue that 1992 was the "official"
beginning of the information age.  Information and information systems
have become so critical to national well-being that defending against
attacks and figuring out how to attack others in times of conflict are
becoming mandatory strategies. 

Jesse Pirocchi  MITRE  Voice:(703) 883-6706  Fax:(703) 883-6801
---------------------------------------------
From jpc@ibm.pt Mon Nov 27 03:34:04 1995
Date: Mon, 27 Nov 95 09:35:36 +0100

The way I see it, IW encompasses all the aspects of information
manipulation/disclosure/distortion to get tactical/strategical advantage
over your enemy/competition.

So it's not limited to the military side, but it's also quite popular
among the civilian side.  Computer industry lives by it.
---------------------------------------------
From caelli@ocean.fit.qut.edu.au Mon Nov 27 02:36:48 1995
From: caelli@fit.qut.edu.au (Bill Caelli)

IW Definitions :
             the denial of proper information resources to an opponent
while protecting your own information resources

Bill Caelli
Queensland University of technology
---------------------------------------------
Date: Sun, 26 Nov 1995 23:20:23 -0800 (PST)
From: Dave Watson 

With apologies to Schwartau, I'm not sure there is a good definition of
info warfare.  I perceive it as a composite of the evolutionary
directions of traditional malicious hacking, leading to organized
attacks by people with definite financial or political objectives.  I
guess the definition will evolve with the methods that are used. 
---------------------------------------------
Moderator's note:
	Winn Schwartau's book: "Information Warfare" (Thunder's Mouth
Press, NY, 1994) states that the United States is at economic war with
the world.  Winn defines IW as operating in three classes:

Class 1: Personal IW (personal privacy issues)
Class 2: Corporate IW (corporate information assets protection)
Class 3: Global IW (conflict in the econo-technical global network
	dealing with nation-states and political or economic spheres
	of influence)

and later:
	"Information warfare is an electronic conflict in which
information is a strategic asset worthy of conquest or destruction. 
Computers and other communications and information systems become
attractive first-strike targets"
---------------------------------------------
Date: Mon, 27 Nov 95 09:52:56 CST
From: Mark_W_Loveless@smtp.bnr.com

I had been approached by a previous employer to obtain a copy of
proprietary software by a competitor, analyze its potential, and explore
the possibility of crippling it slightly and sending it back to the
competitor.  The idea was to slow down the competitor's latest Windows
product, and make my previous employer's software look better. 

Most companies that deal in IW have strict policies against it, however
some are willing to pay for good info regardless of source. 
---------------------------------------------
Date: Mon, 27 Nov 95 10:29:33 -0600
From: rrietz@sadis01.kelly.af.mil (RONALD E. RIETZ - FMPS)

My personal definition of information warfare is -- The use of
possibly false/misleading data to manipulate the decision making
process of the an opponent.

  _    Ronald Rietz  +1 (210) 925-4747(V) (DSN)945-4747
_| ~-. SA-ALC/FMPS   +1 (210) 925-7725(F)
---------------------------------------------
Date: Mon, 27 Nov 1995 11:52 -0400 (EDT)
From: "Appelmans, Jack" 

Hypothesis: The topic "Information Warfare" is too loosely defined -->
too broad a scope for discussion.  Here's the rationale

Premises:
P1: Capitalist society --> Competition (strong thrive; weak die out).
P2: High Rate of Computer Technology (R)Evolution  --> Information Age.

Conclusion:
C1=P1+P2:  Competition + Information Age = Information-based Competition.

Assumption:
A1: The C1 topic is huge, since it deals with the intersections of an entire 
socio-economic theory and an entire industrial movement, both of which are 
global.

Premise:
P3: Competition = Non-violent Warfare

Therefore, substituting for P3 in C1:
C2: Information-based Competition = Information-based Non-violent Warfare

but (Identity):
I1: Information Warfare = Information-based Non-violent Warfare + 
Information-based Violent Warfare

Therefore:
C3: Information Warfare = C2 + Information-based Violent Warfare
but substituting for C1: = C1 + Information-based Violent Warfare
which is even bigger than C1.

I suggest, therefore, that the topic C3 (Information Warfare) is
unmanageable, and that it be dropped.  If useful, the topic area can be
limited to Information-based Violent Warfare.  I suggest that this
subject is likely to involve a significant element of classified
material, and is already well-defined within the C3 structure in DoD
(i.e.  the work involves difficult barriers, and much of it has been
done).  Anybody still interested? (To be frank, I'm busy enough in
specialized interest areas within C2). 

I offer this in the spirit of encouraging directed and productive
application of valuable (intellectual) resources; and acknowledge that
if the logic, premises or assumption are refuted, the conclusions may be
invalid. 

=============================================
 -=[Jack Appelmans | jack.appelmans@fmr.com]=-
---------------------------------------------
From: William Bradley Paris (Volt Comp) 
Date: Mon, 27 Nov 95 08:52:57 TZ

Information = Data and systems to analyze data.

Warfare = Deliberate attempts to break stuff and kill people to further
a cause. 

IW = Range of activities from hacking and phreaking to using EMP to
destroy economies in order to bring about a "political" change as
opposed to just nefarious activities done for personal benefit, usually
economic. 

Thx - brad
---------------------------------------------
From: timothy denison 
Date: Mon, 27 Nov 95 12:50:00 EST

In DoD IW has been defined, most recently, as "Actions taken to ahcieve
information superiority by affecting adversary information, information
based processes, and information systems, while defending our own
information, information based processes, and information systems." Many
in the department view IW as "an integrating strategy" - a way to
improve mission effectiveness by bringing the various operational and
support elements closer together.  The enabeling factor in this strategy
is of course information and information technolgy.  IW is basically a
recognition that we as a military, and a society for that matter, have
become incredibly dependant upon information and information technology. 
This dependancy is both a asset to be leveraged to our gain and a liability 
which can be used against us.

v/r - Tim -- email:  tdenison@radium.ncsc.mil
---------------------------------------------
From: Craig McLellan 
Date: Mon, 27 Nov 95 11:46:00 CST

I have been very interested in all studies relating to the valuation of
information assets.  As more and more corporations struggle to convert
their data into information and even knowledge, the opportunity to
engage in warfare using this intellectual capital is bigger than ever. 

Craig L. McLellan
Network Systems Corp.
---------------------------------------------
Date: Mon Nov 27 12:29:04 1995
From: x85899c4@cadet2.usma.edu (Whyte Jesse CDT)
Subject: Re: IW Mailing List history/951126

IMHO, I think that to speculate that these activities, (i.e., the
Skypager and power grid shutdowns) were caused by the offensive action
of unknown agents is far from the probable truth.  There are just too
many other possible causes - for example almost 90% of hacking attempts
are caused by inside accounts on the system.  A disgruntled power
employee could act similar to a disgruntled postman... 

My 2cents

Jesse Whyte
United States Military Academy
---------------------------------------------
Date: Mon, 27 Nov 1995 14:45:41 +0800
From: garys@redwood.rt.cs.boeing.com (Gary Stoneburner)

  My interest in IW is both as an Army reservist assigned to the Land
Information Warfare Activity (LIWA) and as the Project Manager for
Computing Assurance Technology at Boeing Information and Support
Services. 

  Whatever the definition for IW, my concern is that (1) automated
information systems are becoming (have become) an integral part of the
business (or warfare) process, are (2) massively interconnected - to
include the global Internet, and therefore (3) are attractive targets
for exploitation by adversaries. 

  The tight decision cycle for the warfighter means that there will be
no time to second guess the computer's output - providing frightening
possibilities for impact from maliciously modified output.  Besides time
pressures, the warfighting process is simply becoming increasing
dependent on the existence of computing - for example, consider the
impact on reserve mobilization in a few years if the computing
infrastructure is subverted. 

  The massively automated processes necessary for world-class
competiveness subject the commercial entity to a similar computer
dependence and resulting danger from malicious tampering. 

  The dangers are real, but the marketplace is still in denial with
vendors not seeing a good return on investment (ROI) for development
efforts related to computing assurance.  Computer security is (1)
treated as mechanisms to be added rather than as an attribute of the
system and (2) is often implemented as after-thoughts and point
solutions instead of a system solution. 

  In addition, security solutions are developed using essentially the
same processes used for other software development - producing products
that are expected to have bugs.  This may be cost-effective for a word
processor but is highly questionable for system security to protect
against world class attacks. 

Gary R. Stoneburner     
The Boeing Company
---------------------------------------------