Transcript Information Operations - A Swedish View

Presentation at the Symposium “Threats from the Net”
New asymmetric threats in modern
information societies
Tallinn
February 29, 2008
Dir. Lars D. Nicander, Center for Asymmetric Threat Studies, Swedish National Defence College
SNDC/CATS 0802 LN
Asymmetric Threats
Terrorism
Studies
Dr. Magnus
Ranstorp
IO Studies
Dr. Dan Kuehl
Synergy
Intelligence
Studies
Dr. Greg
Treverton
(+ Wilhelm
Agrell)
The Swedish Concept of IO*
Information operations are joint and coordinated measures in peace, crises and war
in support of political or military goals by affecting or using information and
information systems owned by the opponents or other foreign parties. This can be
done by using own information and information systems, which also at the same
time must be protected. One important feature is to affect the processing of
decisions and decision making.
There are both offensive and defensive information operations, which are carried
out in political, economic and military relations. Examples of information
operations are information warfare, media manipulation, psychological warfare and
intelligence operations.
Defensive information operations are joint and coordinated measures in peace,
crises and war regarding policy, operations, personnel and technology to protect
and defend information, information systems and the ability for rational decision
making.
*MoTIC-bill 99/00:86
SNDC/CATS 0802 LN
IO/IW Synergy
Strategic/Economic Environment
Joint
Operations
IO/
IW
Information,
Intelligence
Perceptions
Information
Systems,
Infosec
SNDC/CATS 0802 LN
Taxonomy
Defensive Information Operations (IO-D)/
Defensive Information Warfare (IW-D)
Critical Infrastructure Protection
Information Assurance
SNDC/CATS 0802 LN
The Asymmetric Character
Classes
Coalitions
Coalitions
III
Nations
Nations
II
Organisations
Organisations
I
Individuals
Individuals
SNDC/CATS 0802 LN
The Dilemmas

Anonymous attacks
– How to detect an attack?
– Who is at the other end?
» A teenage hacker?
» A corporation/organisation?
» A nation?
» Mix of these?

What is an Act of War in Cyberspace?
SNDC/CATS 0802 LN
Information/Cyberterrorism
SNDC/CATS 0802 LN
CIIP
Critical Information
Infrastructure Protection
Continuity of gov.
(incl. media comm.)
Power
Telecom/ISP
Financial systems
ATC
SNDC/CATS 0802 LN
Home Made
HERF/EMP
Device
20MWatts
30m Soft Kill
Range
SNDC/CATS 0802 LN
Cyber/Information Terrorism
Aum Shinryko
 E-Jihad 2000-2001
 Arrest of an AQ-hacker in US
 Al-Qaida IPB vs California
 ATC – Boston and Schipol

– Proliferation of DEW-weapons?
SNDC/CATS 0802 LN
Critical Infrastructure Threat
Matrix
Infrastructure Threat
Matrix
Physical
Tool
EM(DEW
+ digital)
Target
Physical
(a) Conventional Terrorism
(Oklahoma City Bombing)
(c) Spoof (or HPM) Air
Traffic Control to crash
plane
Digital
(b) IRA attack plan on
London Power Grids, July
1996
(d) “Pure” Cyber
Terrorism (Trojan horse in
public switched networks)
Cell (d) the most difficult to detect and counter
SNDC/CATS 0802 LN
A scenario
Airbus over Schipol or LAX
 DEW or ”can-bomb”
 TV-camera or ”celluar-camera”
 9/11-effect…!

SNDC/CATS 0802 LN
The International Context
SNDC/CATS 0802 LN
Three Challenges
International
law (”use of
force”) etc
International
Co-operation,
Regimes etc
International tasks
Domestic tasks
Management issues
(”bending pipes”)
SNDC/CATS 0802 LN
Some examples

Conflict between East Timor and Indonesia in the
end of 1997-99
– The website (the ”.tp”-domain) of the East Timor
independence movement located in Ireland was ”shot
down” 990119. Indonesian Intelligence service
suspected.

“e-Jihad” 2000-2001
– Attack on the Israeli Land Register Authority routed
over Berlin and London



Estonia Spring 2007
Who´s law applies?
What are the ROE`s for governments and LEA?
SNDC/CATS 0802 LN
Collective Security in
Cyberspace



There are no borders in Cyberspace!
A cyber-intrusion could be routed from country A
through country B, C and D before it ends up in
country E.
How can we trace back these intrusions?
– Today: International Law Enforcement or private
initiatives (FIRST etc)
– Tomorrow: ”Fishwebs” between national CERT:s for
tracing intrusions back in real time?
SNDC/CATS 0802 LN
Building “fishwebs” in Cyberspace
Country Z
Country Y
Country A
Country B
Country C
Country D
UN, ITU
etc
Country X
Country E
SNDC/CATS 0802 LN
How to get an IA outreach?
Closed technical and other arrangements
(Five-eyes etc) has limited relevance when
IT-attacks could pass through 192 countries
 Global approach needed

– How to deny “safe havens”?
– What kind of incentives (“sticks and carrots”)?
– Could the Stanford Treaty be a model?
SNDC/CATS 0802 LN
Three Challenges
International
law (”use of
force”) etc
International
Co-operation,
Regimes etc
International tasks
Domestic tasks
Management issues
(”bending pipes”)
SNDC/CATS 0802 LN
Conclusions of the Estonian case for
Crisis Management

Enhancement of the security policy toolbox?
– A state actor (with big resources) can act through cyber attacks and
still conceal it's involvement.

Cyber attacks can be used in several ways:
– As an add-on to economic sanctions or other non-miltary means of
power projection (The Estonia Case)
– As a force multiplier (taking out emergency systems after bomb
attacks)

To improve preparedness and contingency planning in this
area there is a need for:
– Operational experience (More of Red Team exercises to detect
critical vulnerabilities i societal networks, a GovCERT working 24/7
etc)
– Cooperation – between agencies, private-public and international
SNDC/CATS 0802 LN
Swedish IO and International Law*
The use of cyber-weapons to attack information systems does not constitute
violence in terms of international law but it may nevertheless contravene
international law. At the same time it should be possible to make use of such
weapons within the provision of the UN Charter (Article 41) – given an
appropriate UN Resolution and consequent legal mandate – in order to uphold
sanctions or for other conflict prevention measures even though this has hitherto
not happened. A more flexible arsenal of non-violent measures of this type
would be in line with traditional Swedish policy in this field.
Another legal question is how, using measures permitted under international law,
it is possible to bring to book, for example, terrorists who make use of such
weapons. An international review of the provision of international law would be
of interest to Sweden, with regard both to cyber-attacks perpetrated by states or
individuals and to the possibility of using such a weapon as an instrument of
sanction enforcement.
*Parliament Decision 1999 (99/00:30)
SNDC/CATS 0802 LN
Conclusion
Areas of international co-operation
Doctrines concerning use of IO/IW under
UN or other international legal auspices
(international operations, upholding
sanctions etc.)
 Principles of building Regimes for
defensive actions taken in Cyberspace
(tracing, counterhacking etc.)

SNDC/CATS 0802 LN
Q&A
www.fhs.se/cats
SNDC/CATS 0802 LN