March 28, 2024

Under Clinton, CIA Created the Information Warfare Center, NSA Planned Information Warfare Unit

In 2019, Twitter confirmed that one of its senior executives served as a Reservist in the British Army’s 77th Brigade, an information wars unit. The theory of information warfare is not new. In fact, the CIA created an Information Warfare division in 1996. The New York Times wrote an article outlining how information warfare impacted the DoD and United States in 1996:

A New Battleground: Rethinking Warfare in the Computer Age

By Steve Lohr

New York Times 09/30/1996

It was the OPEC meeting in May 2000 that started the crisis. The oil-price hawks, led by Iran, demanded a sharp cutback in production to drive prices up to “at least $60 a barrel. “

The stormy gathering of the Organization of Petroleum Exporting Countries ended on May 4, with a shouting match between the Iranian and Saudi Arabian oil ministers. Over the next two weeks, Iran and its allies mobilized troops and fired on Saudi warships. But they also unleashed an arsenal of high-technology weapons to try to destabilize the Saudi government and prevent the United States from intervening.

A huge refinery near Dhahran was destroyed by an explosion and fire because of a mysterious malfunction in its computerized controls. A software “logic bomb” caused a “new Metro-Superliner” to slam into a misrouted freight train near Laurel, Md., killing 60 people and critically injuring another 120.

The Bank of England found “sniffer” programs running amok in its electronic funds transfer system. And a “computer worm” started corrupting files in the Pentagon’s top-secret force deployment data base.

The opening scenes from a Hollywood script or a new Tom Clancy novel? No, these are excerpts from a role-playing game conducted last year at the Government’s National Defense University in Washington. The goal was to generate some serious thinking about “information warfare.”

Today, there are a lot of people thinking seriously about information warfare, not only at the Pentagon and the CIA but also in the executive offices of banks, securities firms and other companies. Once dismissed as the stuff of science fiction, high-tech information warfare is fast becoming a reality.

Defense and intelligence officials believe that enemy nations, terrorists and criminal groups either already have the capability to mount information warfare strikes or soon will. Criminals are quickly progressing beyond the vandalism and petty theft associated with teen-age hackers and into robbery and extortion schemes ranging up to millions of dollars, corporate executives and private investigators say.

In the future, they fear, information warfare assaults could be made against commercial networks like the banking system or utilities in several states.

Yet there is a heated debate among experts in this emerging field about whether the kinds of catastrophic incidents cited in the National Defense University war game are imminent threats or worst-case nightmares.

“A couple of years ago, no one took information warfare seriously,” said Howard Frank, director of the information technology office at the Defense Advanced Research Project Agency, or DARPA. “But the more you learn about it, the more concerned you become.”

Others reply that the worst threats mentioned are mostly speculation. “Information warfare is a risk to our nation’s economy and defense,” said Martin Libicki, a senior fellow at the National Defense University. “But I believe we will find ways to cope with these attacks, adjust and shake them off, just as we do to natural disasters like hurricanes.”

Experts on both sides of the debate do agree that the growing reliance on computer networks and telecommunications is making the nation increasingly vulnerable to “cyber attacks” on military war rooms, power plants, telephone networks, air traffic control centers and banks.

John Deutch, the director of central intelligence, told Congress in June that such assaults “could not only disrupt our daily lives, but also seriously jeopardize our national and economic security.”

“The electron, in my view,” Deutch warned, “is the ultimate precision-guided weapon.”

Cyberspace also plays havoc with traditional definitions: What is a military and what is a commercial target, if 95 percent of military communications are over commercial networks; what is within United States jurisdiction and what is an international issue, when cyberspace has no geographic borders?

“We have to redefine national security for the information age,” Horton said.

There is, to be sure, an aspect of self-interest in the information warfare alarms raised by defense and intelligence agencies. Those bureaucracies are sizable and costly, and in the post Cold-War era, they are in need of new enemies.

“The people who are concerned about information warfare tend to magnify its significance,” said Libicki of the National Defense University.

The Electronic Industries Association estimates that over the next decade, the government’s information warfare procurement, mainly for specialized software and services, will grow sevenfold, to more than $1 billion annually.

Yet the projected information warfare spending amounts to pocket change, compared with next year’s military budget of $257 billion.

“The point of information warfare is that you don’t need fighter planes and billions of dollars to launch an attack on the United States anymore,” said Winn Schwartau, an author and president of Interpact Inc., a security consulting firm.

The government’s computer systems are clearly susceptible to intruders. In 1988, a Cornell student sent a worm program over the Internet that penetrated military and intelligence systems, shutting down 6,000 computers.

In 1994, a 16-year-old British hacker broke into the computer system at an Air Force laboratory in Rome, N.Y.

And in “red team” exercises, the military’s experts have been able to break into 65 percent of the Defense Department systems they tried to penetrate, using hacking tools available over the Internet.

But nearly all these intrusions have been into some of the 2 million computers in military networks that handle unclassified information — though that information can be useful to enemies, defense officials concede. The classified information is on the other 10 percent of the military’s computer networks, which do not have open links to the outside.

Private companies and banks typically do not have the luxury of making their networks off-limits to outsiders.

“We invite our customers into our computer networks,” said Colin Crook, the senior technology officer of Citibank. “I think our problem is more challenging than the government’s.”

Citibank got an alarming brush with the problem two years ago, when a Russian computer hacker tapped into the bank’s funds transfer system, taking more than $10 million. Citibank will not discuss the case, but investigators say the bank recovered all but $400,000.

In the business world, the reported hacker activity to date is mostly stealing credit card numbers, vandalizing software or harassing Internet service companies.

“At the moment, we’re dealing with penny ante stuff,” said Peter Neumann, a computer scientist at SRI International, a research firm in Menlo Park, Calif. “But the risk of much greater damage is there.”

Frank of DARPA speaks of a “frightening vulnerability” of utilities systems, of the private data networks of the international financial system and of the digital switches at the core of modern phone systems.

Major breakdowns caused by computer intruders have not yet occurred. But there is evidence that more sophisticated hackers are now at work. The Science Applications International Corp., a defense contractor and technology security firm, surveyed more than 40 major corporations who confidentially reported that they lost an estimated $800 million due to computer break-ins last year, both in lost intellectual property and money.

Private investigators and bankers say they are aware of four banks, three in Europe and one in New York, that have made recent payments of roughly $100,000 each to hacker extortionists. The bankers and investigators would not name the banks, but the weapon used to blackmail the banks was a logic bomb — a software program that, when detonated, could cripple a bank’s internal computer system. In each case, the sources said, the banks paid the money, and then took new security measures.

Frequently, experts say, the tighter security measures are nothing fancy. One problem is modems on employees’ computers. They are open connections to the outside world, potentially giving hackers access to an internal network.

“You can’t eliminate risk of information attacks, but you can minimize it,” said William Marlow, a senior vice president of Science Applications International. “Many of the steps are not all that high-tech or expensive.”

After it got stung in the Russia episode, Citibank has taken a series of measures, from instructing employees to never assume a computer network is secure to aggressively pursuing hackers.

“You mess with us and we’re going after you,” Crook said. “This is a big deal for us now.”

President Clinton last July created a Commission on Critical Infrastructure Protection to craft a coordinated policy to deal with the threat.

Within the government, information warfare tactics and intelligence are highly classified issues. But the CIA has recently created an “Information Warfare Center.” And the National Security Agency intends to set up an information warfare unit staffed by as many as 1,000 people, with both offensive and defensive expertise, as well as a 24-hour response team, according to a staff report by the Senate Permanent Subcommittee on Investigations, which was initiated by Sen. Sam Nunn.

Information warfare is a catchall term. The military, for example, often refers to information warfare broadly to include time-tested techniques and tools like disinformation, cryptography, radio jamming and bombing communications centers.

But it is high-tech information warfare that has been getting most of the attention and funding lately. This budding warfare industry is an eclectic field indeed, ranging from computer scientists whose work is funded by the government to hackers-for-hire who specialize in theft, extortion and sabotage. In his Senate testimony, Deutch said the CIA had determined that cyber attacks are now “likely to be within the capabilities of a number of terrorist groups,” including the Hezbollah in the Middle East.

The weapons of information warfare are mostly computer software, like destructive logic bombs and eavesdropping sniffers, or advanced electronic hardware, like a high-energy radio frequency device, known as a HERF gun.

In theory, at least, these weapons could cripple the computer systems that control everything from the electronic funds transfer systems of banks to electric utilities to battlefield tanks.

For the military, information warfare raises the prospect of a new deal for America’s adversaries. Cyberwar units could sidestep or cripple conventional weaponry, undermining the advantage the United States holds.

“Even a third-tier country has access to first-class programmers, to state-of-the-art computer hardware and expertise in this area,” said Barry Horton, principal deputy assistant secretary of defense, who oversees the Pentagon’s information warfare operations. “There is a certain leveling of the playing field.”

Cyberspace also plays havoc with traditional definitions: What is a military and what is a commercial target, if 95 percent of military communications are over commercial networks; what is within United States jurisdiction and what is an international issue, when cyberspace has no geographic borders?

“We have to redefine national security for the information age,” Horton said.

There is, to be sure, an aspect of self-interest in the information warfare alarms raised by defense and intelligence agencies. Those bureaucracies are sizable and costly, and in the post Cold-War era, they are in need of new enemies.

“The people who are concerned about information warfare tend to magnify its significance,” said Libicki of the National Defense University.

The Electronic Industries Association estimates that over the next decade, the government’s information warfare procurement, mainly for specialized software and services, will grow sevenfold, to more than $1 billion annually.

Yet the projected information warfare spending amounts to pocket change, compared with next year’s military budget of $257 billion.

“The point of information warfare is that you don’t need fighter planes and billions of dollars to launch an attack on the United States anymore,” said Winn Schwartau, an author and president of Interpact Inc., a security consulting firm.

The government’s computer systems are clearly susceptible to intruders. In 1988, a Cornell student sent a worm program over the Internet that penetrated military and intelligence systems, shutting down 6,000 computers.

In 1994, a 16-year-old British hacker broke into the computer system at an Air Force laboratory in Rome, N.Y.

And in “red team” exercises, the military’s experts have been able to break into 65 percent of the Defense Department systems they tried to penetrate, using hacking tools available over the Internet.

But nearly all these intrusions have been into some of the 2 million computers in military networks that handle unclassified information — though that information can be useful to enemies, defense officials concede. The classified information is on the other 10 percent of the military’s computer networks, which do not have open links to the outside.

Private companies and banks typically do not have the luxury of making their networks off-limits to outsiders.

“We invite our customers into our computer networks,” said Colin Crook, the senior technology officer of Citibank. “I think our problem is more challenging than the government’s.”

Citibank got an alarming brush with the problem two years ago, when a Russian computer hacker tapped into the bank’s funds transfer system, taking more than $10 million. Citibank will not discuss the case, but investigators say the bank recovered all but $400,000.

In the business world, the reported hacker activity to date is mostly stealing credit card numbers, vandalizing software or harassing Internet service companies.

“At the moment, we’re dealing with penny ante stuff,” said Peter Neumann, a computer scientist at SRI International, a research firm in Menlo Park, Calif. “But the risk of much greater damage is there.”

Frank of DARPA speaks of a “frightening vulnerability” of utilities systems, of the private data networks of the international financial system and of the digital switches at the core of modern phone systems.

Major breakdowns caused by computer intruders have not yet occurred. But there is evidence that more sophisticated hackers are now at work. The Science Applications International Corp., a defense contractor and technology security firm, surveyed more than 40 major corporations who confidentially reported that they lost an estimated $800 million due to computer break-ins last year, both in lost intellectual property and money.

Private investigators and bankers say they are aware of four banks, three in Europe and one in New York, that have made recent payments of roughly $100,000 each to hacker extortionists. The bankers and investigators would not name the banks, but the weapon used to blackmail the banks was a logic bomb — a software program that, when detonated, could cripple a bank’s internal computer system. In each case, the sources said, the banks paid the money, and then took new security measures.

Frequently, experts say, the tighter security measures are nothing fancy. One problem is modems on employees’ computers. They are open connections to the outside world, potentially giving hackers access to an internal network.

“You can’t eliminate risk of information attacks, but you can minimize it,” said William Marlow, a senior vice president of Science Applications International. “Many of the steps are not all that high-tech or expensive.”

After it got stung in the Russia episode, Citibank has taken a series of measures, from instructing employees to never assume a computer network is secure to aggressively pursuing hackers.

“You mess with us and we’re going after you,” Crook said. “This is a big deal for us now.”

Information Warfare, International Law, and the Changing Battlefield, Dr. Waseem Ahmad Qureshi (2020):

“Use of Media According to Aki-Mauri Huhtinen, information warfare always entails certain objectives aimed at an adversary. These objectives primarily include waging propaganda and disinformation against a rival. For this purpose, manipulated information is disseminated against an adversary through certain mediums, among which mainstream media appears the greatest. A certain kind of perception is crafted of the adversary, which is realized through the use of print and electronic media sources.”

“Psychological Warfare The media is also regarded as a tool of psychological warfare, because the narrative among the people—shaped by the media— fundamentally affects their psychological comprehension of a particular situation. Primarily, it is the media that shapes people’s opinions about any incident, activity, or situation. The media can also incite the sentiments of the public by spreading hatred-oriented information among them about a particular activity or situation.”

“In the contemporary era, owing to the rise of technology and the consequent emergence of smartphones and the use of the internet, social media has appeared as one of the most prominent sources of the dissemination of information. An estimated 3.5 billion people, or nearly half of the human population, use social media. In particular, Facebook has 2.4 billion users, YouTube has 1.9 billion, and WhatsApp, owned by Facebook, has 1.6 billion. These are the most commonly used social media platforms. These forums are the quickest modes of information dissemination as they allow any information to go viral within only a few hours. Furthermore, there are no significant costs associated with the use of almost all of the social media platforms…

These informational attacks mainly include the spread of disinformation and propaganda on social media against an adversary. If propaganda or disinformation is spread so as to incite or challenge the religious or ideological inclinations of a nation,then such propaganda can urge them to protest against the individuals sharing propaganda on social media. The resharing of content on social media may further aggravate their emotions and make the information go viral, reaching more people and thus inviting stronger reactions.Such utilization of social media can prove to be detrimental for peace when it is employed by anti-state actors to spread propaganda against the state. Herein, social media appears a negative and lethal component of information warfare as it allows any information to go viral, demonize the reputation of an adversary within a short passage of time, and incite the emotions of the general public into uproar and tumult.

US Military Opportunities: Information Warfare Concepts of Operation, Brian Nichiporuk.

Information Warfare: Legal, Regulatory, and Organizational Considerations for Assurance, Vice Admiral Arthur Cebrowksi and Lt. Gen Ervin Rokke: