Subject: IW Mailing List iw/960116
Date: Mon, 15 Jan 1996 21:22:47 -0500 (EST)
From: Sick Puppy 
Subject: Re: IW Mailing List iw/960115

> >From: David Lifton 
> I have a question: What ramifications does IW hold for today's
> corporation (irrespective of size)? (Other than defence against hackers
> I suppose). 

Many governments use statistical databases in determining the size and
scope of economic development projects and to plan social programs. 
Some large multi-national corporations use demographic databases and
systems that store vast amounts of information on natural resources to
identify and develop markets.  The goal of a hacker would probably be to
use computer system processing capability and storage to store kewl
tewls and mount attacks against other machines.  The goal of an
Information Warrior would probably be to change the data in the
governmental or corporate systems with a view to affecting the projects,
programs or markets. 

Take the hypothetical case of Big Oil which has spent hundreds of
millions of dollars mapping oil deposits under the sea floor and has
plans for long term off-shore drilling.  If an Information Warrior
penetrated their systems and added fake oil resources to those already
mapped in their expert systems, the result could be disastrous
investments in wells where the oil was non-existent. 

The psychology and social structure of the military, in my view, makes
them very susceptible to this kind of attack.  Where data stored in a
commerical system would probably be subject to some kind of question or
further analysis, the military tends to accept it at face value, because
it was put there by higher authority. 

The psychology and social structure of the military can in fact be used
as the basis for making reasonable assumptions which in turn make it
easier than most people expect to crack military systems.  A predictable
structure with common and well understood relationships creates a high
degree of probability.
Date: Tue, 16 Jan 96 15:20:03 EST
From: (Bob Bowes)
Subject: Re: mjr's challenge

> Briefly, my claims about IW are as follows:
> 	1) It's nothing new.

The buying, selling, stealing, and protection of information has been a
part of warfare since wars began.  What IS new is the way information
is propogated.  Perhaps a better name should be Information SYSTEMS
Warfare to emphasize that Information SYSTEMS are targets / weapons.

> 	2) It's just a cute name for a subset of tactical operations.

Since Information Systems are used at strategic and tactical levels of
warring, Information Systems Warfare (& Security) needs to be addressed
at all levels. 
Date: Tue, 16 Jan 96 08:44:12 -0500
From: (A. Padgett Peterson, P.E. Information Security)
Subject: RE: IW Mailing List iw/960115

>From: David Lifton 
>I have a question: What ramifications does IW hold for today's
>corporation (irrespective of size)? (Other than defence against hackers
>I suppose). 

Think you are referring to Electronic Information Warfare (a subset of
IW) & not sure if you mean offensive or defensive but I will assume the
latter (if the former, bring unmarked bills to the third telephone booth
on the right and dial your mother's number...)

The biggest problem with defensive EIW is that you will never know if a
real professional attacks you unless you already have a formidable
multi-layered system in place. 

So you get underbid on that contract or a supplier holds out for the
maximum you are willing to pay.  Was is EIW ? Unless you already know,
you probably will not find out. 

>From a legal standpoint, there are few disincentive to EIW so from one
standpoint any company that does not engage in EIW is putting itself at
a competitive disadvantage.  Further, any company that does not believe
itself to be a target (because the cost of attack is so low) is just
plain stupid.