FREE ELECTRONIC LIBRARY - Dissertations, online materials

Pages:     | 1 |   ...   | 14 | 15 || 17 | 18 |   ...   | 25 |


-- [ Page 16 ] --

"• The Secretary of Defense should support immediate increases in funding for defensive IW, focusing attention on protection of critical information services; and " As a more detailed part of the Net Assessment process recommended above, the

Secretary of Defense should direct ASD (C3M) to carry out:

- An assessment of DoD's critical information needs;

- Threat development as part of the NIE process; and

- A risk assessment and a risk management strategy to apportion actions during procedures, processes and systems.

The recommendations immediately preceding are needed to jump-start Defensive IW. Beyond that, a continuing activity to assess vulnerabilities and readiness is needed,

based on a system of on-going assessments and evaluations. We recommend that:

* The Secretary of Defense should direct establishment of a joint Red Team activity in which a team evaluating adversaries' offensive IW is used to "attack" DoD's information enterprise. This activity should be distributed throughout DoD, and carried out at various levels and locations, after appropriate legal considerations are addressed. It should be coordinated and audited by ASD (C31) and should be coordinated with a parallel DCI activity; and The JCS build 1W and its resultant degradations into exercises and simulations.

(Earlier in this report, the Task Force recommended that greater attention should be given to simulation and modeling of information systems and operations.) The BITF should play a leading role.

This overall system of exercises, simulation and red teaming should be coordinated and evaluated by ASD (C3M).

The Task Force also noted deficiencies in how DoD took IW into account in systems acquisition and in DoD policy on export of systems and technology. Weapon systems contain embedded "information systems" which can be vulnerable in many of the same ways that information networks and infrastructures are. Further, 1W is taken into account in inconsistent ways in the acquisition cycle for both weapon systems and information systems per se. Also, export of information technology can be used in a variety of ways to help the U.S. achieve our objectives in both information warfare and the use of

information in warfare. We recommend that:

* The Secretary of Defense task ASD (C3M) to lead development of DoD policy on IW in acquisition and export.

Information Warfare needs to be integrated into a more cohesive warfighting strategy, with associated doctrine and tactics in a way which has some parallels with the nuclear SIOP (see Figure B-5). Various measures will need to be deconflicted; target lists should be developed and maintained; and potential adversary responses should be anticipated. Unlike the nuclear SIOP (at least during the Cold War), it will probably be impossible to predict the nature of the contingency until it begins to develop. What is needed is a capability within JCS, including a set of planning tools such as IW simulations, B-11 so that comprehensive IW plans can be built in near real-time as contingencies unfold. We

recommend that:

* The VCJCS create an integrated joint IW strategy and planning cell within JCS. This cell should be integrated at the flag level and report to VCJCS. It should involve the Joint Staff, the CINCs, the Services, SOCOM, DISA and the intelligence agencies, In addition to its planning and warfighting functions, this cell will be a focal point for increased emphasis on IW in DoD. It should be closely coupled to the BITF.



There are two parallel paths of observation of Defensive IW programs as illustrated in Figure B-6. On the one hand, there is a baseline of critical data that must be protected.

We must identify essential networks and systems that contain this critical data to perform a vulnerability assessment of those systems. On the other hand, one must consider varied and unidentified potential adversaries and their threats to our information systems. A risk assessment that compares and contrasts these two parallel efforts that results in a risk management decision becomes the basis for a defensive program strategy. After the strategy is developed, the result is the processes, procedures, and systems used as a basis for continued protection of critical data.

–  –  –

B-12 Current DoD policy (DoDD Directive TS 3600.1) directs that command and control of forces shall be planned and exercised in such a manner as to minimize the amount of information transfer required for effective direction and application of force to ensure our forces are able to operate successfully in degraded information and communication environments. Additionally, elements of the DoD information system critical to transmission and use of minimum-essential information for control and direction of forces are directed to be designed and employed in a manner that minimizes or prevents exploitation, denial, or degradation of services.

Current standards, policies, procedures, and tools are designed to mitigate an attack on the information and information infrastructure mounted for the purpose of destroying or disabling the functions that depend upon the information and/or information infrastructure without regard to the classification of the information.

This view of warfare is made clear in the October 1991 observation of Lieutenant General Bogdanov, Chief of the General Staff Center for Operational and Strategic Studies, that "Iraq lost the war before it even began. This was a war of intelligence, electronic warfare (EW), command and control and counter intelligence. Iraqi troops were blinded and deafened....Modem war can be won by informatika and that is now vital for both the U.S. and the USSR." In a similar vein, Major General G. Kirilenko wrote in the June 4, 1991 issue of Komsomolskaia Pravada, "...the number of barrels and ammunition, aircraft and bombs is no longer the important factor. It is the computers that control them, the communications that makes it possible to manage force on the battlefield, land the reconnaissance and concealment assets that highlight the enemy's dispositions and cloak one's own."

These Russian general officers were correct as far as they went. However, information warfare targets include all of the information, information systems and control systems associated with the activities of a modem society and military. These include energy, finance, health, logistics, maintenance, transportation, personnel, numerous control systems (for example air, sea, rail, road, river, pipeline and canal transport systems that depend upon control mechanisms), intelligence, command and control, and communications. All depend upon an assured availability of correct information at the time needed. Destroy or degrade the information or information service and the function is stopped or delayed. Exploiting this dependency relationship is the basis of Information Warfare.

If the U.S. military is to maintain a competitive combat advantage in further conflicts, the information and information services upon which the U.S. military depends must be protected commensurate with the intended use. Analysis shows that all of the Department of Defense military and support functions are highly dependent upon the information and information services provided by the Defense Information Infrastructure.

The DII is highly susceptible to attacks which disrupt information services (availability) or corrupt the data (integrity) within the infrastructure. Many nations and groups have the capability to cause significant disruption (both availability and integrity) to the DII and in turn cripple U.S. operational readiness and military effectiveness. The design factors used to protect against normal breakage, natural disasters or attacks to obtain access to sensitive information are inadequate to deal with the levels of disruption that can readily be caused by malicious actions. For example, an encrypted signal can protect the content of information. An attack that upsets the synchronization of the encryption device will not B-13 expose the content of the information, but may stop the flow of the information and thus stop the function using the information.

If the Department of Defense is to maintain a suitable level of military preparedness to meet the national security requirements of the U.S., the information infrastructure upon which it depends for information services must be strengthened against malicious attack. This must address protection against attacks, detection of attacks and the ability to r*1act to attacks.

Information systems usually consist of six primary elements: hardware (computers, entry, output, and display devices, storage media, and facilities), operating software (system), application software (including data base software), communications devices and links (which are just a specialized form of an information system), data, and the people who have been trained to operate or maintain one or more of these elements. All of these elements can be damaged or destroyed by physical attack. Some can be damaged or destroyed by over-the-wire attacks. The trained people who have access to these components can become a threat. The hardware operating software, commercial "shrink wrap" software and communications media (unless this is the target) usually can be considered as readily replaced commodity items. Tailored application software, data, and trained people are more difficult to replace. These assets should be given protection commensurate with the value of the process or function they support. Storage of data creates unique vulnerabilities that require increased attention to a means to verify the integrity of stored data.


To assure effective protection, DoD should:

Provide sufficient redundancy so that DoD functions do not depend upon the "* uninterrupted operation of any particular Automated Information System (AIS) or communications service. To determine "sufficiency," an analysis is required to relate the time dependent relationship of all DoD functions, and the information services upon which these functions depend, to the expected actions and interrelationships of the Department's enterprise activities in peace, crisis and conflict. That is, in effect, a campaign plan. It addresses what functional events have to happen and when and what information is needed to obtain the objective at the desired operational tempo.

Provide sufficient protection in information systems so that "over-the-wire" attacks "* cannot exploit known flaws in computer operating systems to cause the underlying computers or communications devices to malfunction or information to be corrupted or destroyed.

Eliminate the practice of assigning responsibility for developing security functions "* by the classification of the information to be protected.

Provide suitable protection to the physical plant, including those used for back up of " data and restoration of functions, that houses information systems and the supporting utility services such as water and electricity that are essential to the support of high-priority operations.

B-14 "* Design the facilities that house information systems supporting high-value processes or functions in such a way as to facilitate the rapid repair or replacement of the information systems housed within the facility.

Develop security processes and devices (fire walls, etc.) that will enable the DII to " operate secure information processing enclaves while allowing safe access to the global information infrastructure.

Determine which functions or processes must be supported by information services "* that are within a secure enclave.

Determine which functions or processes must be supported by information services "* that are located on a distributed structure.

Establish a means to identify all assured wartime information services, in priority by " function by time.

Develop metrics to portray the relative value of a function or process to the defense " mission(s) as a function of time during peacetime, force deployment, force employment, and force sustainment.

Develop metrics such that the manager of the DII can portray the cost basis "* underlying efficiency versus effectiveness trades (e.g., the cost delta for added increments of resiliency obtained by alternative design or by the addition of security features).

Conduct the necessary research to enable the network data manager and "* information security manager to protect information in a mobile environment, to include suitable means to dynamically limit the availability of, or access to, sensitive information as a function of the current subscriber location.

Develop suitable processes to share knowledge of offensive and defensive "• information warfare trade craft with DISA as the manager of DII.

Enhance security training and education so that the users of information systems "* operate more securely and know how to behave when under information warfare attack.

Develop a defensive information warfare exercise capability and train the combatant " forces to operate in an information-hostile environment. This capability should include a means for exercise references to stress the information systems supporting the forces so that the military learns how to operate under varying time/bandwidth and error rate ratios.

" Challenge the purveyors of concepts for using advanced technology to enhance information services to portray to the warfighter the operational dependencies and security limitations that may accompany the claimed gains in combat utility.

" Adopt a testing process that would enable purchasers to have confidence in whatever security claims are made for an information system or security component offered for sale.

" Determine if the increased use of encryption is an affordable means to maintain the integrity of stored and transferred data.

" Develop or adopt some type of dynamic password devices(s) that can be used for information transactions throughout the Department of Defense and eliminate the use of static passwords (static means that the password change time is greater than seconds of time).


To ensure effective detection of threats to the DII, DoD should:

"* Develop tools to monitor network operations, detect and audit inappropriate behavior, and detect abnormal operating patterns.

Pages:     | 1 |   ...   | 14 | 15 || 17 | 18 |   ...   | 25 |

Similar works:

«Response to a Challenger of Geocentrism Challenger: I agree that all the letters are good letters, but not because what they write is TRUE but because we can learn even from the stupidities some of them write. For example, John Chrysostom Lux – don’t be too impressed by him writes several howlers or simply very foolish remarks betraying his high level of ignorance – such... R. Sungenis: Yes, various Fathers wrote some howlers. Even the great St. Augustine has a few whoppers in his bag...»

«Structural Design of Dam Sluice Gate Walkway Slabs: Retrofit and Replacement Options A local utility company issued a Request for Proposal to our university’s capstone design class for structural improvements to their dam facility. The company identified reinforced concrete service walkways at each of the dam’s seven sluice gates as damaged and in need of repair or replacement. The walkways are routinely used by staff for dam maintenance, posing a life-safety issue. There are a total of...»

«2 Clonogenic Cell Survival Assay Anupama Munshi, Marvette Hobbs, and Raymond E. Meyn Summary The clonogenic cell survival assay determines the ability of a cell to proliferate indefinitely, thereby retaining its reproductive ability to form a large colony or a clone. This cell is then said to be clonogenic. A cell survival curve is therefore defined as a relationship between the dose of the agent used to produce an insult and the fraction of cells retaining their ability to reproduce. Although...»

«THE MISSING MILLION: IN SEARCH OF THE LONELIEST IN OUR COMMUNITIES Contents Executive Summary 4 Introduction 8 IDENTIFYING 12 LONELINESS APPLYING THE 28 METHODS TALKING ABOUT 46 LONELINESS Conclusion 60 About The Campaign to End Loneliness 62 About the Author 62 62 Acknowledgements THE MISSING MILLION: IN SEARCH OF THE LONELIEST IN OUR COMMUNITIES 3 Executive summary The public and political attention on loneliness has sharpened significantly in recent years as the social, economic and moral...»

«FILED SEP 30 2009 FOR PUBLICATION MOLLY C. DWYER, CLERK UNITED STATES COURT OF APPEALS U.S. C O U R T OF APPE ALS FOR THE NINTH CIRCUIT UNITED STATES OF AMERICA, No. 09-50161 Plaintiff Appellant, D.C. No. 8:08-CR-00139-cjc-2 v. OPINION WILLIAM J. RUEHLE, Defendant Appellee. Appeal from the United States District Court for the Central District of California Cormac J. Carney, District Judge, Presiding Argued and Submitted September 1, 2009 Pasadena, California Filed Before: FISHER, GOULD, and...»

«ISSN impresa 0717-3644 Maderas. Ciencia y tecnología 16(2):217-226, 2014 ISSN online 0718-221X DOI:10.4067/S0718-221X2014005000017 ANALYSIS OF RIGIDITY LOSS AND DETERIORATION FROM EXPOSURE IN A DECAY TEST FIELD OF THERMORECTIFICATED Eucalyptus grandis WOOD♣ Henrique Trevisan 1,♠, João Vicente de Figueiredo Latorraca2, Angelo Luíz Pacheco dos Santos3, Juliana Grilo Teixeira4, Acacio Geraldo de Carvalho2 In memoriam of Dr. Manfred SCHWANNINGER ABSTRACT The objective was to evaluate the...»

«IOSR Journal of Mathematics (IOSR-JM) e-ISSN: 2278-5728, p-ISSN:2319-765X. Volume 10, Issue 2 Ver. II (Mar-Apr. 2014), PP 149-154 www.iosrjournals.org Isomorphism on Irregular Intuitionistic Fuzzy Graphs and Its Complements 1 S. Yahya Mohamed and 2R.JahirHussain 1 P.G Department of Mathematics, Govt. Arts College, Tiruchirappalli-620 022, India 2 P.G and Research Department of Mathematics, Jamal Mohamed College, Tiruchirappalli-620 020, India Abstract: In this paper, We study more results of...»

«1 When A Pastor or Rostered Leader Resigns or Retires When a pastor leaves either because of a retirement or resignation, it can be a stressful and anxious time for the community. While it may be an exciting time for the pastor to begin a new chapter in their lives, there can be surprise, confusion, sadness, and even anger for members of a congregation upon hearing the news that their pastor is leaving. The following steps are designed help both the pastor and the congregation move through this...»

«Eating Together Food, Friendship, and Inequality Alice P. Julier Eating Together Eating Together Food, Friendship, and Inequality Alice P. Julier University of Illinois Press Urbana, Chicago, and Springfield © 2013 by the Board of Trustees of the University of Illinois All rights reserved Manufactured in the United States of America 12345cp54321 ∞ This book is printed on acid-free paper. Library of Congress Cataloging-in-Publication Data Julier, Alice P. Eating together: food, friendship,...»

«Manual Los niños de manutención nece$itan infantil am♥r de Tennessee y manutención infantil Departamento de Servicios Humanos de Tennessee Modificado: 06/13 ÍNDICE Introducción.. 3 Servicios proporcionados. 4 Derechos y responsabilidades. 5 Derecho de apelar las acciones administrativas. 9 Pagos y distribución de los cobros. 12 Información necesaria.. 15 Respuestas a algunas preguntas importantes. 16 Búsqueda del padre o la madre alternativo que tiene la custodia...»

«Bioregional Mapping as a Participatory Tool in the Community Based Watershed Management Project in Santo André, Greater São Paulo, Brazil ∗ Erika de Castro Alison McNaughton† Prepared for delivery at the 2003 meeting for the Latin American Studies Associations, Dallas, Texas, March 27-29, 2003 ∗ Erika de Castro is Project Manager of the project “Community Based Watershed Management in Santo André” at the Centre for Human Settlements, School of Community and Regional Planning,...»

«Frontiers: The Interdisciplinary Journal of Study Abroad Host Language Proficiency, Intercultural Sensitivity, and Study Abroad Jane Jackson The Chinese University of Hong Kong Introduction The number of foreign language students who join study abroad programs continues to increase annually, especially those who take part in shortterm sojourns lasting eight weeks or less (Donnelly-Smith, 2009; Institute of International Education 2009; Spencer and Tuma, 2008). What can be accomplished in such a...»

<<  HOME   |    CONTACTS
2016 www.dissertation.xlibx.info - Dissertations, online materials

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.