2014-03-10

Basics of Information Operations 4/4

This is the part 4/4 of full paper! Based on this part there is also a paper with name: "Protecting national assets against Information Operations in Post-modern world" which was published in 2nd BCS International IT Conference 2014.

4. NATIONAL DEFENCE AGAINST INFORMATION OPERATIONS


4.1 Analyses of adversary’s possibilities and force projection logic


Next picture is showing some principles of aggressor decision making process when estimating profitability of information operation. Aggressor analyses level of operational executionability with accessibility and vulnerability. When this function is having a driver of motivation and it is balanced below line with profits gained from this operation, it is surely considered by aggressor’s decision makers.


Picture 27: Aggressors equation for information force projection

Information Operations execution needs longer time to build up capabilities but with globally connected vulnerable information systems and at least western population’s sensitivity to propaganda makes IO tools easy to utilize and they have good penetration ability through media and network of devices. Effect on target may not be as clear, but information criminal operations are giving good reference on taking advantage of vulnerabilities both at human and technology.

Adversary is analysing opponent as a system of systems network with nodes, their interrelations and components depicted in next picture. There is always five components that can be affected in a node of network: human being, information, processing, shelter and environment. Between nodes there are interactions that can be affected like communications links between processing, data transaction between information storages, social interaction between people and shelter dependence of its environment. Adversary is analysing what tools they can utilize with minimum unwanted collateral effects and how good their accessibility is through defence. They assess what effects may be caused and how they may be further proliferated within system of systems network. 


Picture 28: Example of IO targeting against inter-relations of and human-technology system of systems

Adversary is optimizing their tools to meet maximum effect, thus the interrelation topology is important for their intelligence and targeting analyses. Next series of topology pictures shows, how adversary is optimizing effect when disintegrating opponents network.


Picture 29: Example of how adversary might optimize effect with topological analyses of interconnections in system of systems structure

If interrelations topology is hierarchical, it might become more cost-effective to eliminate upper level nodes or links (leaders, command posts, information hubs or communications hubs) than mid- or low level nodes to disintegrate target structure to separate components. Human interrelations require trust to act fluently. If adversary ruins trust between co-operating parties or leaders self-assurance, he has hit most vulnerable and hardest mended asset in a social network. Chia Lin  defines quite extensively the measures that can be utilized against human social network as follows:
  • "Entice away the enemy's best and wisest men, so that he may be left without counsellors”.
  • Introduce traitors into his country so that the government policy may be rendered futile. 
  • Foment intrigue and deceit, and thus sow dissension between the ruler and his ministers. 
  • By means of every artful contrivance, cause deterioration amongst his men and waste of his treasure. 
  • Corrupt his morals by insidious gifts leading him into excess. 
  • Disturb and unsettle his mind by presenting him with lovely women." 
As defined in picture 28, human being still is one of the most vulnerable component in system of systems thus information operation in the end tries to effect on human attitude and behaviour. Or as Kevin Mitnick says, the most vulnerable piece of any information system is one credulous human being.  

Another very cost-efficient way to disintegrate system of systems is to attack on human trust on information integrity or service availability. Sun Tzu says that “all warfare is based on deception” and information is essential for leaders “Thus, what enables the wise sovereign and the good general to strike and conquer, and achieve things beyond the reach of ordinary men, is FOREKNOWLEDGE”.  If leader will lose trust on available information as a basis of one’s understanding and foresight, adversary has gained major advantage. Information may be attacked by deception or more cost-effectively various man-in-the-middle measures. Striking to opponent’s resource management information storage would disable their force building and rearranging both material and people. It may also hamper their ability to manage supply chain. If people and their leaders have not trained and practiced with their information systems, they tend to abandon their widgets in stressful situations if their availability lowers even temporarily. Thus denial of service attacks or using malevolent software attacks are fruitful in collapsing human trust to technical systems.


4.2 Nature of information confrontation


In basic confrontation model of two entities blue and red, Clausewitz  has defined three bases of ability: population of society, power of governance of society and force that society is able to harness to defend against adversary’s force projection. Each base is constructed of volume of personnel and matter and quality of their competence and will. This three node network is projecting force via multiple channels to create either kinetic or non-kinetic effects in adversary’s information, networks, understanding and will that is connected with military, social, economic and political structure around them.


Picture 30: Basic setting of confrontation and conflict where Information Operations are waged

If nation’s vital systems, information content and spirit are vulnerable to information operations, adversary will have temptations to attack in periods of interstate tension. Not only to affect nation’s capabilities, but just demonstrate to “audience” and other stake holders, that they have capability to do so. Information operations “playground” include also other entities and venues that can be used as “hired”, 3rd party or “neutral” forces. States may deny attacking with cyber means, but blame private hactivists for launching attacks like in situation of Bronze soldier between Russia and Estonia . Media can publish biased information like in situation, when Al Jazeera published old video footage as live on Egypt situation during summer 2013. National organizations may establish their computer network operations capabilities distributed all over Internet thus achieving force projection capability screened with anonymity like alleged North-Korean computer operations against USA infrastructure. 

Information operation can affect material assets as alleged STUX malevolent software attack against Iranian plutonium production program. Information may change the will of population in home front, have secondary effect on political decision making, which again effects military arms utilization in conventional area of operation. This happened in Vietnam War, where Vietcong Tet-operation was military failure, but originated a video footage, which was published in US television channels and changed U.S.A public opinion about Vietnam War and later affected political decision making. Similar thing happened in USSR where mothers of sons killed in Afghanistan together with economic situation aroused public opinion against the rule of communist party. Arab Spring movement was triggered by tragic news of young merchant driven to suicide together with stories of ruler’s luxurious lifestyle. The revolutionary spirit was carried on by social media and mobile phone messaging through North-African Arabic speaking nations.

As with conventional weapons Information Operation offensive forces may not be not cost-effectively disabled by pre-emptive attack since computer network tools might be already injected to target systems and are only triggered in action when needed. Information Operation Defence is the main strategy against information operation attacks unless there is capabilities of countering attack with some other arms. This is case in Russian doctrine referred in picture 3, where information attack may be countered with nuclear retaliation. This kind of extreme doctrine may be resulted of weak defence measures or it may tempt opponent to “call the bluff”. There are two main methods to prepare Information Operation Defence: Protection by Isolation or Habituate defined in next picture. Then there is U.S. Military way because they think that they cannot protect vast private sector function utilizing Internet and focus on building international structure of connection and content surveillance structure parallel with major and possibly pre-emptive computer network attack capabilities.   Similar but asymmetric is Russian strategy declaring that any defined Information Attack will be countered by nuclear strike.


Picture 31: Example of Information Operations strategies for national defence

China has been using Isolation strategy. Chinese government is protecting their information assets and citizens from attacks and international information sources by creating the “Great Fire Wall” to filter all connections and content over national boundaries and establishing national social media services, mobile access, etc. They state that: “within Chinese territory the Internet is under the jurisdiction of Chinese sovereignty. The Internet sovereignty of China should be respected and protected.” With this government has good control over malevolent content like pornography, viruses, spam and other unwanted online action. It is alleged that government is also filtering other content in the fields of political and social life. It has been also doubted that Chinese officials have hired a vast number of “online commenters” to promote “official” content and the Communist Party. This outer perimeter defence often leaves inner structure weaker but China as a big unified information and online market has also been able to get rights to produce their national version of Microsoft Operation System and Cisco IP-routers IOS-program thus being able to safeguard their basic Internet-structure inside as well as outside.

Iranian government is also utilizing Isolation strategy by building a “Halal internet”. Iranian YouTube equivalent Mehr was launched on December 2012 with government-approved videos. It is believed that national “Halal internet” grows gradually as more content and services from global Internet is being blocked. Together with shared language this approach will provide good border control over cyber and propaganda attacks from outside against Iran and Iranian people. There is no information on, how well Iranian network operators, broadcasters and citizens are protected against malevolent information and attacks launched within the nation. 

Sweden as a small nation is utilizing the Habituate strategy. While being 2nd in International Human Rights Rank Indicator , Sweden has strong screening of all Internet and telephone content going through their borders (executed by Forsvarets Radio Anstalt from 2008 ), but government do not isolate their citizens, ISP’s or private sector any other way. With exposure to ongoing Internet malevolence they harden their information sources and users; build culture for citizens to recognize misinformation by exposing them to all types; utilize all modern methods of cloud computing, information assurance and mobile access; empower public and private partnership networks to counter existing malevolent features in Internet. This can be seen in Global virus Map where Sweden is one of least infected but most networked nation in Europe. 
Information Operations present a wide field of asymmetric tactics that is utilized along all lines of operation (political, economic, social and military) without conventional arms restriction agreements, Geneva Conventions, international war legislation or other restrictions. Computer Network Operations and Electronic Countermeasures are still used quite straight forward and managed by conventional arms decision making. Operations that try to effect public opinion of target society or neutral parties are far complicated thus requiring understanding of complex social interrelation network flavoured with cultural priorities. This is main reason, why current U.S. officer training is changed to instruct more how to think than what to think in modern full spectrum operations.  


4.3 Possibilities for national defence against Information Operation attacks


Defending national cyber services and digital information assets is in most cases Joint effort with both public and private sector organizations utilizing together multi-layered security since many of the computer related services, mobile phone access and social media are provided by private companies. Defence measures include protecting national core Internet with name domain and lower level network services. User end should be maintained at high level in Information Assurance since eGovernance services are increasingly important for providing citizen’s basic wellbeing and information. Essential structures like energy production and delivery, finance, retail, health care and logistics are more information based and Just-On-Time functioning thus availability of information services is absolute to maintain citizen’s trust and society’s functionality. 


4.3.1 Defensive measures of Information Core

Defending national core Internet Service Providers (ISP) is a private and public partnership co-operation. Legislation should provide operators both right and responsibility to screen data flows that their core switches and routers transfer. They should be authorized to detect any malevolent software or attack pattern defined by governmental authority and to capture all those packets into cyber oblivion or quarantine. They should be authorized also to disconnect all “polluted” terminals in their network to stop BOTNET  activity and users should be liable to protect and clean their devices. All ISP’s operating within nation should be oblique to participate Computer Emergency Response Team (CERT) action. Government should define policies and architecture at Border Gateways within nation’s networks to balance vulnerabilities of different switching and routing operating systems. Core switches and routers should be managed out-of-band only. To make these measures more effective a regional coalition is the best solution. For example European wide co-operation provides best defence against man-in-the-middle and outside attacks for European Union.


4.3.2 Defensive measures of Information and application services

eGovernance services should be governed by computer architecture for all public sector organizations. All essential services should be distributed to parallelly available computer clouds of both private and public. National information should have preserving policy governing data storages maintained and provided from distributed sites. Information content should be checked with continuous process to prevent any one man manipulation against its integrity. All public and main private information providers should be using strong identity in provision points. All eGovernance services should require strong authentication from their users (something what they are, know and possess). Critical publication points should be distributed extending to different ISP’s and Domain Name Servers (DNS).

Defending national information driven infrastructure should include energy providers, finance organizations, logistics service providers and retail chains. Legislation and government co-operation should provide similar basis of security measures to all stake holders.  These measures should be audited by 3rd parties and neglect of remedy should be sanctioned.

Regular exercise of national public-private partnership computer defence should be arranged annually to hone co-operation skills and widen the understanding of possible scenarios and their effect. Government should also screen organizations providing critical services for their ownership, management, economic situation and long term investment to foresee any structural unbalance. 


4.3.3 Defending public competence in cyber environment

Defending national interests and creating better understanding against Information attacks requires participation of wider range of professional organizations. There should be academic level network for vulnerability studies; operational network with information security service providers; national CERT network providing information and education to citizens and users of digital services; education to information assurance professionals to be able to maintain their competence in changing environment; education started from elementary school to open adult courses on information assurance measures as a part of post-modern citizenship.

When information and communications technology is changing rapidly, there is continuous need to support citizens with multilevel support concerning information assurance issues. This is accomplished best at peer level support, where citizens can access to support provided by people of same age, culture and language from organizations in both private, public and voluntary sector. 

4.3.4 Defending public opinion and citizens spirit

Public opinion is widely distributed and volatile in post-modern western societies. Human perception is based on attitudes created in history and categorising first impresses to these “boxes of presumption”. Education should be focused more on how to think than what to think and to critical thinking capabilities in order to have competent citizens that understand disinformation both in crises and normal situations. Governmental and critical service provider’s public relations functions should be exercised to be fast and accurate in their communication. If adversary has opportunity to deliver disinformation first, it will be the base for first impression. Citizens will categorize first incoming information and there is major amount of additional communication and persuasion needed to have that first impression changed.
All information, which government and national critical organizations are communicating, should be as precise, fast and true as possible to maintain trust of citizens and stay as main information source for their needs. In the future this might need a strong identification of all users in social media and other discussion forums. After all, real world requires also personal identity when one is transacting officially.

4.3.5 Defending national political decision making capability

Political decision making is dependent on competency of politicians, quality of information they are supported with, co-operation of their subject matter support teams, durability of diplomatic relations and direct channels to their voters. All these links and abilities should be secured from both man-in-the-middle and outside attacks. There is no way for any politician to possess required thoughtfulness, insight and foresight to make decisions in crises situations, if it is not being exercised. Scenario analyses with war and role games should be normal routine for key politicians to practise decision making and co-operation between different shareholders both in home and abroad. 
Government should be able to gather information continuously from different sources and fuse it for better current situational picture. There should be collaboration services available and in use between politicians, public agencies and private organizations to create teams for analyses and planning on demand. There should be officials able to manage complex sense-making and planning projects. There should be body of officials to perceive, analyse and define future scenarios for both normal and crises situations. These scenarios should be planned further to detail and possible measures that can be executed on demand. As strategic surprise is most wanted situation for adversary, all leaders should be practising political-strategic level decision making to counter this possibility.


4.3.6 Defending national electromagnetic space and usage of frequencies

Defending national electromagnetic space requires national competency of electromagnetic authorities, co-operation with other countries in the area, capability to detect and locate intrusive transmissions both outside and inside nation’s borders and military measures to put out any transceiver within area of effect. Since private and other governmental functions have developed dependence on electromagnetic frequencies, adversary with some artificial intelligent transmitters or vast number of simple transmitters can interfere majorly all critical functions. Military is continuously training in interfered electromagnetic environment thus they master measures to counter effects. This is something that other agencies and private sector do not. There should be possibility to utilize several parallel channels for mobile access like 3G, 4G, WIFI, SATCOM, etc. for ensuring critical access. This roaming should be defined as base requirement for all mobile services utilized for critical functions. Thus single channel failure should not end up with entire service break down.


5. CONCLUSION


Information Operations have extended in post-modern world mainly because of pervasive information technology and information services both citizens, governments and private companies are dependent of.  But also because individuals and societies are more connected to each other and dependent on continuous flow of information. Since trust is imperative between both in men-to-men and men-to-machine relationships, it is possible target to both inborn and out-born effects projected by possible adversary. Cyber space has introduced totally new way to project effects on information and cognitive levels and as Internet of devices extends it will open channel to affect physical level as well. 

Nation can defend their freedom of Information and availability of Information and Communications Technology Services by either Isolation or Habituation, which are both applicable but require totally different structures, political culture and governance. Information Operations are not only state level measures, but can be utilized at very low levels and by small entities. Single terrorist cell can project its threat against whole nation by publishing videos of small scale physical violence, but effecting vast public attitude amplified by Internet. One man can reveal secrets of decades of work in building clandestine intelligence capabilities. One disconnected application service provider can take down major parts of Internet core switches capabilities with Denial of Service attacks. it requires multilevel preparations of defence executed together in public-private-voluntary sector alliance extending over national borders. Unlike conventional operations information operations are ongoing at strategic, operational and tactical levels even in peace time. If nation is not countering and preparing for these operations, it is an easy target in area of global confrontations and crises.

No comments:

Post a Comment