Subject: IW Mailing List history/951128
Date: Tue, 28 Nov 95 07:19:52 EST
From: "Tom Hart" 
     I define Information Warfare simply as control of information.  The
art has been practiced throughout history, currently ranging from local
gossip to deliberate penetration and manipulation of sensitive
information.  IW is generally practiced as both offensive and defensive,
with the offensive practice having a decided advantage by being able to
concentrate on a specific target while the defense must try to protect
against all attacks or attempts to penetrate, alter, delete, or in other
ways manipulate or deny access to important or sensitive systems and
Date: Mon, 27 Nov 1995 23:20:07 -0500
From: (Matthew G. Devost)

Paraphrased from my thesis "National Security in the Information Age" (May 1995)

Information warfare is about destroying information, stealing
information, reducing information flows, reducing the reliability of
information content, and denying access to information
services/technology with the intention of gaining strategic, competitive
or personal superiority over one's adversary. 
Date: Tue, 28 Nov 95 09:00:48 PST
From: (timothy shimeall)

My concept of information warfare:
  The collection of strategies, tactics and operations that impact or defend 
against impacts on the collection and application of information in combat.

Successful information warfare:
  - N Vietnam's climate of opinion measures (Fonda visits, etc.) during the 60s.
  - Use of CNN video during gulf war
  - Leafletting, etc. during gulf war

Unsuccessful information warfare:
  - Sadam Hussein's interview with the children prior to Gulf war
  - Airplane highjacking during the 60s

Note: This defn is not official policy, and is based on no classified
sources or other non-public information. 

					Tim Shimeall
					Naval Postgraduate School
Date: Tue, 28 Nov 1995 14:42:00 -0600
From: (Bill Hardin)
Subject: What is information warfare?

How would you define information warfare?

Is it normal intelligence activities, or possibly covert operations directed
against "enemy" information systems, or maybe technical information about
systems which have historically and presently beeen associated with warfare?

 Bill Hardin                                                       
 Systems Administrator                                             
From: (Dr. Frederick B. Cohen)
Date: Tue, 28 Nov 1995 21:21:07 -0500 (EST)
Subject: Power grid and Skypager outages and detection thresholds

>From history/951127
> Date: Mon Nov 27 12:29:04 1995
> From: (Whyte Jesse CDT)
> Subject: Re: IW Mailing List history/951126
> IMHO, I think that to speculate that these activities, (i.e., the
> Skypager and power grid shutdowns) were caused by the offensive action
> of unknown agents is far from the probable truth.

I think that this begs the whole issue of how we set thresholds in
triggering alarms.  If the detection threshold is such that these
incidents are ignored, then it's a simple matter to remain below that
threshold while testing in preparation for a far more massive attack. 
We will get only false negatives.  If these instances cause serious
alarms, we may waste a lot of resources chasing false positives.

I also don't understand the notion of probability in this instance.
It's either true or not, and there is inadequate history to declare
any meaningful probability as far as I can tell.

> There are just too
> many other possible causes - for example almost 90% of hacking attempts
> are caused by inside accounts on the system.  A disgruntled power
> employee could act similar to a disgruntled postman... 

I have a lot of problems with this part of the response.  Where does the
90% figure come from? According to statistics published by AT&T, (see
the papers by Bellovin and Cheswich and their fine book on "Firewalls
and Internet Security") only 1% of all attacks are detected on systems
with normal instrumentation.  The 1995 CSI survey indicates that less
than 30% of systems connected to the Internet have meaningful
protection.  This would tend to indicate that an even smaller percentage
of all systems have more than normal instrumentation.  In addition, the
types of attacks detected tend to correspond to the specific techniques
used in the attack.  If we only detect 1%, the best we can say is that
90% of the 1% we detect follow this pattern.  Furthermore, the 90%
statistic is highly suspect because we don't have an attributable source
for it.  Where did you get this notion, and what data is there to back
it up?

What is an "inside" account? Do you mean an inside user, or an account
belonging to an inside user being used by an outsider? If you mean an
inside account being used in an attack, I suspect the 90% number is far
too low.  It could easily by 99.999%.  If you mean that an insider is a
participant in the attack, I think your number is high.  According to
the 1992 ASIS survey on industrial espionage, about 40% of detected
incidents involve outsiders acting alone.  This would appear to fly
directly in the face of the 90% statistic. 

I think that a conservative viewpoint would be that any incident
involving information targets or systems of potential military value and
not proven to be non-military in nature must be assumed to be IW unless
and until a more well-supported specific alternative is identified. 
When multiple inadequately explained events are correlated resulting in
more serious potential military consequences, the burden of proof of
non-military motives must be raised to a level commesurate with the
implications of a false-negative.

-> See: Info-Sec Heaven at URL
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
From: Jeff Murphy 
Date: Tue, 28 Nov 1995 21:08:43 -0500 (EST)

what is IW?

I think information warfare is the act of controlling and securing
information that can be used against others (companies, individuals,
countries, etc).  In my opinion, it is probably similiar to the CIAs
official function: to gather and process information that could be used
to better secure our position in world affairs. 

From: "Parker, Ward (CIV) ~U" 
Date: Tue, 28 Nov 95 08:40:00 PST

Concept of IW: Hmmm.  At its lowest common denominator, IW is nothing
more than an old principle applied to modern technologies (computers,
telecommunications, etc.). 

Ward Parker
Date: Tue, 28 Nov 1995 08:55:17 -0500
From: (Craig Rabb)
     My official view of information warfare is that of the Department
of Defense.  My personal views have never been private and I will be
happy to share them with the list participants.