«DEFENSE SCIENCE BOARD SUMMER STUDY TASK FORCE ON INFORMATION ARCHITECTURE FOR THE BATTLEFIELD DTlC OCTOBER 1994 S ELECTE APR I 0 1995' G i 95-01137 I ...»
"• The Secretary of Defense should support immediate increases in funding for defensive IW, focusing attention on protection of critical information services; and " As a more detailed part of the Net Assessment process recommended above, the
Secretary of Defense should direct ASD (C3M) to carry out:
- An assessment of DoD's critical information needs;
- Threat development as part of the NIE process; and
- A risk assessment and a risk management strategy to apportion actions during procedures, processes and systems.
The recommendations immediately preceding are needed to jump-start Defensive IW. Beyond that, a continuing activity to assess vulnerabilities and readiness is needed,
based on a system of on-going assessments and evaluations. We recommend that:
* The Secretary of Defense should direct establishment of a joint Red Team activity in which a team evaluating adversaries' offensive IW is used to "attack" DoD's information enterprise. This activity should be distributed throughout DoD, and carried out at various levels and locations, after appropriate legal considerations are addressed. It should be coordinated and audited by ASD (C31) and should be coordinated with a parallel DCI activity; and The JCS build 1W and its resultant degradations into exercises and simulations.
(Earlier in this report, the Task Force recommended that greater attention should be given to simulation and modeling of information systems and operations.) The BITF should play a leading role.
This overall system of exercises, simulation and red teaming should be coordinated and evaluated by ASD (C3M).
The Task Force also noted deficiencies in how DoD took IW into account in systems acquisition and in DoD policy on export of systems and technology. Weapon systems contain embedded "information systems" which can be vulnerable in many of the same ways that information networks and infrastructures are. Further, 1W is taken into account in inconsistent ways in the acquisition cycle for both weapon systems and information systems per se. Also, export of information technology can be used in a variety of ways to help the U.S. achieve our objectives in both information warfare and the use of
information in warfare. We recommend that:
* The Secretary of Defense task ASD (C3M) to lead development of DoD policy on IW in acquisition and export.
Information Warfare needs to be integrated into a more cohesive warfighting strategy, with associated doctrine and tactics in a way which has some parallels with the nuclear SIOP (see Figure B-5). Various measures will need to be deconflicted; target lists should be developed and maintained; and potential adversary responses should be anticipated. Unlike the nuclear SIOP (at least during the Cold War), it will probably be impossible to predict the nature of the contingency until it begins to develop. What is needed is a capability within JCS, including a set of planning tools such as IW simulations, B-11 so that comprehensive IW plans can be built in near real-time as contingencies unfold. We
* The VCJCS create an integrated joint IW strategy and planning cell within JCS. This cell should be integrated at the flag level and report to VCJCS. It should involve the Joint Staff, the CINCs, the Services, SOCOM, DISA and the intelligence agencies, In addition to its planning and warfighting functions, this cell will be a focal point for increased emphasis on IW in DoD. It should be closely coupled to the BITF.
4.0 DEFENSIVE INFORMATION WARFARE: AN OVERVIEW OF NECESSARY
INITIATIVESThere are two parallel paths of observation of Defensive IW programs as illustrated in Figure B-6. On the one hand, there is a baseline of critical data that must be protected.
We must identify essential networks and systems that contain this critical data to perform a vulnerability assessment of those systems. On the other hand, one must consider varied and unidentified potential adversaries and their threats to our information systems. A risk assessment that compares and contrasts these two parallel efforts that results in a risk management decision becomes the basis for a defensive program strategy. After the strategy is developed, the result is the processes, procedures, and systems used as a basis for continued protection of critical data.
B-12 Current DoD policy (DoDD Directive TS 3600.1) directs that command and control of forces shall be planned and exercised in such a manner as to minimize the amount of information transfer required for effective direction and application of force to ensure our forces are able to operate successfully in degraded information and communication environments. Additionally, elements of the DoD information system critical to transmission and use of minimum-essential information for control and direction of forces are directed to be designed and employed in a manner that minimizes or prevents exploitation, denial, or degradation of services.
Current standards, policies, procedures, and tools are designed to mitigate an attack on the information and information infrastructure mounted for the purpose of destroying or disabling the functions that depend upon the information and/or information infrastructure without regard to the classification of the information.
This view of warfare is made clear in the October 1991 observation of Lieutenant General Bogdanov, Chief of the General Staff Center for Operational and Strategic Studies, that "Iraq lost the war before it even began. This was a war of intelligence, electronic warfare (EW), command and control and counter intelligence. Iraqi troops were blinded and deafened....Modem war can be won by informatika and that is now vital for both the U.S. and the USSR." In a similar vein, Major General G. Kirilenko wrote in the June 4, 1991 issue of Komsomolskaia Pravada, "...the number of barrels and ammunition, aircraft and bombs is no longer the important factor. It is the computers that control them, the communications that makes it possible to manage force on the battlefield, land the reconnaissance and concealment assets that highlight the enemy's dispositions and cloak one's own."
These Russian general officers were correct as far as they went. However, information warfare targets include all of the information, information systems and control systems associated with the activities of a modem society and military. These include energy, finance, health, logistics, maintenance, transportation, personnel, numerous control systems (for example air, sea, rail, road, river, pipeline and canal transport systems that depend upon control mechanisms), intelligence, command and control, and communications. All depend upon an assured availability of correct information at the time needed. Destroy or degrade the information or information service and the function is stopped or delayed. Exploiting this dependency relationship is the basis of Information Warfare.
If the U.S. military is to maintain a competitive combat advantage in further conflicts, the information and information services upon which the U.S. military depends must be protected commensurate with the intended use. Analysis shows that all of the Department of Defense military and support functions are highly dependent upon the information and information services provided by the Defense Information Infrastructure.
The DII is highly susceptible to attacks which disrupt information services (availability) or corrupt the data (integrity) within the infrastructure. Many nations and groups have the capability to cause significant disruption (both availability and integrity) to the DII and in turn cripple U.S. operational readiness and military effectiveness. The design factors used to protect against normal breakage, natural disasters or attacks to obtain access to sensitive information are inadequate to deal with the levels of disruption that can readily be caused by malicious actions. For example, an encrypted signal can protect the content of information. An attack that upsets the synchronization of the encryption device will not B-13 expose the content of the information, but may stop the flow of the information and thus stop the function using the information.
If the Department of Defense is to maintain a suitable level of military preparedness to meet the national security requirements of the U.S., the information infrastructure upon which it depends for information services must be strengthened against malicious attack. This must address protection against attacks, detection of attacks and the ability to r*1act to attacks.
Information systems usually consist of six primary elements: hardware (computers, entry, output, and display devices, storage media, and facilities), operating software (system), application software (including data base software), communications devices and links (which are just a specialized form of an information system), data, and the people who have been trained to operate or maintain one or more of these elements. All of these elements can be damaged or destroyed by physical attack. Some can be damaged or destroyed by over-the-wire attacks. The trained people who have access to these components can become a threat. The hardware operating software, commercial "shrink wrap" software and communications media (unless this is the target) usually can be considered as readily replaced commodity items. Tailored application software, data, and trained people are more difficult to replace. These assets should be given protection commensurate with the value of the process or function they support. Storage of data creates unique vulnerabilities that require increased attention to a means to verify the integrity of stored data.
To assure effective protection, DoD should:
Provide sufficient redundancy so that DoD functions do not depend upon the "* uninterrupted operation of any particular Automated Information System (AIS) or communications service. To determine "sufficiency," an analysis is required to relate the time dependent relationship of all DoD functions, and the information services upon which these functions depend, to the expected actions and interrelationships of the Department's enterprise activities in peace, crisis and conflict. That is, in effect, a campaign plan. It addresses what functional events have to happen and when and what information is needed to obtain the objective at the desired operational tempo.
Provide sufficient protection in information systems so that "over-the-wire" attacks "* cannot exploit known flaws in computer operating systems to cause the underlying computers or communications devices to malfunction or information to be corrupted or destroyed.
Eliminate the practice of assigning responsibility for developing security functions "* by the classification of the information to be protected.
Provide suitable protection to the physical plant, including those used for back up of " data and restoration of functions, that houses information systems and the supporting utility services such as water and electricity that are essential to the support of high-priority operations.
B-14 "* Design the facilities that house information systems supporting high-value processes or functions in such a way as to facilitate the rapid repair or replacement of the information systems housed within the facility.
Develop security processes and devices (fire walls, etc.) that will enable the DII to " operate secure information processing enclaves while allowing safe access to the global information infrastructure.
Determine which functions or processes must be supported by information services "* that are within a secure enclave.
Determine which functions or processes must be supported by information services "* that are located on a distributed structure.
Establish a means to identify all assured wartime information services, in priority by " function by time.
Develop metrics to portray the relative value of a function or process to the defense " mission(s) as a function of time during peacetime, force deployment, force employment, and force sustainment.
Develop metrics such that the manager of the DII can portray the cost basis "* underlying efficiency versus effectiveness trades (e.g., the cost delta for added increments of resiliency obtained by alternative design or by the addition of security features).
Conduct the necessary research to enable the network data manager and "* information security manager to protect information in a mobile environment, to include suitable means to dynamically limit the availability of, or access to, sensitive information as a function of the current subscriber location.
Develop suitable processes to share knowledge of offensive and defensive "• information warfare trade craft with DISA as the manager of DII.
Enhance security training and education so that the users of information systems "* operate more securely and know how to behave when under information warfare attack.
Develop a defensive information warfare exercise capability and train the combatant " forces to operate in an information-hostile environment. This capability should include a means for exercise references to stress the information systems supporting the forces so that the military learns how to operate under varying time/bandwidth and error rate ratios.
" Challenge the purveyors of concepts for using advanced technology to enhance information services to portray to the warfighter the operational dependencies and security limitations that may accompany the claimed gains in combat utility.
" Adopt a testing process that would enable purchasers to have confidence in whatever security claims are made for an information system or security component offered for sale.
" Determine if the increased use of encryption is an affordable means to maintain the integrity of stored and transferred data.
" Develop or adopt some type of dynamic password devices(s) that can be used for information transactions throughout the Department of Defense and eliminate the use of static passwords (static means that the password change time is greater than seconds of time).
B-15 DETECTION 6.0
To ensure effective detection of threats to the DII, DoD should:
"* Develop tools to monitor network operations, detect and audit inappropriate behavior, and detect abnormal operating patterns.