Technology for the United States Navy and Marine Corps, 2000-2035: Becoming a 21st-Century Force: Volume 3: Information in Warfare (1997)

Given the critical centrality of information to every aspect of naval operations, the area of information operations (IO) and information warfare (IW) assumes a critical posture. The Department of the Navy must assure the availability and integrity of the information infrastructure and information content on which it relies, and must create and maintain required confidentiality. In an era of prolific information gatherers and promulgators as described in Chapters 2 through 4, these attributes must apply not only to the information systems but also to the operational posture of the fleet. The treatment of active and passive hiding measures, which in the past have been dealt with by radio silence or other means, is becoming an integrated part of the whole IW operational posture. The tactics to minimize observables not only will include decisions to radiate or not, in the conventional sense, but also must include the entire information set in every dimension and through every medium, including the ether, space, air, undersea, and cyberspace.

While minimizing its own information vulnerability, the Navy Department will need to defend its information infrastructure and information content against attack, using both passive and active means. These means must include comprehensive information security practices as well as technologies that assist in detecting and eradicating attacks. The most primitive of these types of technologies are virus checkers, automated audit analysis programs, and those based on zener diodes. With the increasing importance of these types of technologies and applications, it is critical that the Navy Department stay abreast of related developments in the commercial sector.

While denying the adversary information, the Department of the Navy may also need to employ active measures to manipulate, corrupt, or destroy information as necessary. Use of methods such as jamming, deception, and psychological operations can be continued and extended through capabilities provided by rapid growth worldwide of information technologies for activities such as network-based operations.

These requirements are complicated by the Navy's increasing dependence on, and interconnectivity with, public and commercial information sources and infrastructure elements. The commercial aspects of the Navy Department's information environment must not prevent its effective exploitation and protection of the information infrastructure or content. The associated challenges must be aggressively recognized, analyzed, and acted upon.

This chapter discusses the technical areas that support the development of an effective capability to conduct information operations and warfare in the time frame of 2035. While the discussion focuses on specific technologies, the crucial importance of people and organizations, particularly in creating and maintaining a robust defensive posture, must not be overlooked. In particular, the panel argues that the Department of the Navy should:

• Continue to exercise the full spectrum of IW in an effort to establish policy and procedures in preparation for hostilities or conflict such that it involves all levels of government-military leadership;

• Continue to make IW activities operational, integrating defensive and offensive elements at the control of the warfighter and developing a clear operational vision of what really can and what really cannot (or will not) be accomplished with IW; and

• Invest in specific technology applications, including those that can support countermeasures and defensive capabilities, offensive capabilities, and intelligence support activities, as detailed in this chapter.

Because of the fundamental changes in the worldwide information environment described in this study, it is crucial that the warfighter have a clear vision of what he can and cannot do in the information dimension in terms of warfare activities. The ownership of infrastructure elements and information content is a significant issue to be considered. There has been considerable hand waving about attacking an adversary's information and/or supporting infrastructure in order to deny him the use and leveraging capabilities of information, but the lessons learned from a number of military exercises seem to indicate that to date little well-thought-out policy or practice has been developed. There are three issues here:

1. Information and information infrastructure likely will not be wholly owned, operated, maintained, or protected by the adversary in any great part—just as the U.S. Department of the Navy will be using commercially provided data over commercially provided and maintained infrastructure elements, so also will the adversary. Those portions of the infrastructure may be "off limits" to attack due to some combination of commercial, international, or social concerns.

2. The application of acts of war to the parts of the adversary's information infrastructure that are fair game likely will be denied to the warfighter until after hostilities are engaged in.

3. The effective demonstration of the full range of IW capabilities will involve many or all government organizations, which will establish critical vulnerabilities, policies, and procedures.

Given these constraints, there are clearly things that the Department of the Navy must have the ability to do. First, the warfighter must have the ability to defend his information content and infrastructure against attack, destruction, or degradation. Defensive information warfare has three elements:

• Protection against hostile activity or attacks. Protection includes developing and applying technological and/or procedural fixes to vulnerabilities, creating and enforcing information policies and management standards, applying reasonable personnel security policies (such as background checks, two-person software upgrade control procedures, and restrictions on possible actions), and protecting the physical environment of critical resources (through the use of gates, guards, locks, and emergency support facilities), as well as continually reassessing risk.

• Detection of hostile activities. Detection includes such activities as monitoring the operating environment, auditing accesses and usage patterns on systems, performing periodic reassessments of personnel and physical facilities, and checking the integrity of software and data.

• Reaction and correction. Reacting to an attack or a problem includes correcting what has been done if possible, conducting triage on the system if necessary (including turning off elements of the system and rerouting network connections), increasing protective elements, and reconstituting capabilities, as well as potentially moving operations to a backup or alternate facility or subinfrastructure.

The elements of defense include much more than just technologies and apply to both the information content and infrastructure. Managing information vulnerability is enabled by these activities.

It is conceivable that in the future information environment there will be a requirement for the warfighter to be able to change his defensive posture in response to changing environments, such as mission requirements, or in order to

be able to interoperate with an ally—and to immediately ceases that interoperability on demand. The warfighter, therefore, must be in control of his defensive capabilities and be able to employ tactics and techniques to minimize or mitigate the effects of hostile activities.

The tools at hand to do this must include both technologies and procedures. Of the technologies, some percentage will be commercially produced—including, potentially, encryption products. The key to a robust and resilient defense is the knowledgeable application and management of the defensive components: the warfighter must be in charge of this process, must feel responsible for the results, and must have the appropriate capabilities and personnel to support the defensive posture.

Second, the warfighter must have the ability to attack and deny the enemy the advantage of those elements of the adversary's information content and infrastructure that are fair game. Even considering the element of accidental resiliency that may exist due to multiple paths and sources, it must not be forgotten or overlooked that there can be real utility in attacking certain targets. For example, denying a specific air defense system may not prevent indication and warning, since the data supporting that function could come in via the Cable News Network (CNN) or on e-mail. But denying that air defense system would limit a real-time link between the indication and warning function and a weapons system, thus injecting a time delay into the adversary's observe, orient, decide, and act (OODA) loop.

The warfighter must understand what these targets are, how to attack them, how to integrate these attacks into the operations priorities, and how to measure the contribution to mission objectives. These requirements speak to a robust supporting structure of exercises, training, assessments, and intelligence.

Countermeasure and defensive efforts to date have been focused on patchwork approaches to security. To ensure the secrecy and integrity of data during transmission, cryptography has been used. To limit access, mechanisms have been employed that require varying degrees of identification and authentication. To ensure integrity in storage, cyclic redundancy checks and other techniques have been employed. To ensure availability, multiple copies have been transmitted and backups made. A significant infrastructure has developed to coordinate and manage the use of these techniques and technologies.

Developing defenses implies knowing not only what one's own vulnerabilities and susceptibilities are but also what is required to mount an attack on one's systems, as well as what the logical outcomes might be. This is a fundamental part of risk management. The marshaling of resources and knowledge to attack

one target implies a baseline of complexity, but the addition of each new target makes the proposition exponentially more difficult. Further, if the targeting has the intention of preventing reconstitution of capability, then secondary targets must also be attacked. In addition to the direct resources involved, conducting such an operation requires a very large amount of intelligence information: where the critical vulnerabilities are, how they can be attacked, and how the attacks will be coordinated are merely the most obvious questions. Additional information of value to the attackers includes an understanding of the timing required for successful attacks, what actions would be required to prevent immediate reconstitution of the target, and the ability to predict effects with some degree of certainty. These are nontrivial requirements.

The technologies contributing to IW defense are aimed at providing confidentiality, maintaining integrity, and ensuring availability. These capabilities are currently provided in high-assurance environments, depending on the type of information to be protected, and there has been little attention to date to how to provide these capabilities in low-assurance environments. The envisioned future world of systems of systems created freely out of COTS products linked together in fluid and unmanaged networks stipulates an increased emphasis on how to provide enough confidentiality, integrity, and availability in a low-assurance environment.

Clearly, the use of cryptography bears a great deal of application in such a world. Besides protecting data at rest and in transit, crytography can enable localized strong identification and authentication (I&A) of both human users and software objects. It can also enable applications such as "tunneling" creating cryptographically protected virtual private networks (VPNs) embedded in unencrypted networks, and packet-level integrity maintenance, including both integrity verification and tamper checking, beyond what is currently provided for in communications protocols. Research in these areas could potentially provide the critical technologies needed for robust and resilient information transfer in a hostile world infosphere. Cryptography is not the sole key to these problems, however. Research in software engineering and computer hardware engineering is required in order to develop understanding of how software can be verified, how systems can be maintained in a system-of-systems environment, and how operational security can be ensured.

The U.S. security community has developed significant capabilities in protecting systems and information to date. A next step is to integrate these capabilities into a warfighting resource and develop the capabilities to control them as an integrated whole, managing them in concert with offensive efforts and operational environments as required. A candidate list of specific technology thrust areas is discussed below.

Clearly a high priority is protecting information content and infrastructure elements and detecting hostile activities. Three types of capability would provide great benefit to the warfighter:

• An automated defensive posture assessment capability,

• Truth-verification capabilities, and

• Attack-detection capabilities.

Defensive Posture Assessments

The capability to assess the defensive posture of information resources at any given time is currently a distressingly manual procedure. Even with automated data reduction techniques, the integration of the analyses is convoluted and manual, if possible at all. In order for the warfighter to understand the defensive posture of the information resources supporting and enabling the warfighting capability, it is desirable that the information environment be readily analyzable using trusted automated processes. This capability would require integrating the outputs of all auditing processes, intrusion-detection processes, risk analysis tools, and other capabilities as they are developed.

Assessment of defensive posture is critical to developing a further ability to manage information vulnerability, and it would conceptually provide the operator with the ability to minimize, obscure, or manipulate what his detected information vulnerability appears to be.

A capability to work toward would be to have a workstation (virtual or otherwise—it may be that the most useful way to interface with this data would be through a virtual reality interface) that would allow real-time assessment of the defensive posture with command and control over the elements of that posture, allowing the warfighter to modify the defensive posture in real time in response to changing conditions and environments.

Truth Verification

As dependence on information increases due to the automation of more and more elements in the surrounding environment, the ability of the warfighter to judge the reliability and accuracy of information content becomes more important. There are two aspects to this challenge:

• Judging relative truth: being able to comprehend the inherent inaccuracies in data that exist due to model uncertainty, source inaccuracies, and so on; and

• Judging continued truth: being able to determine whether the information being considered has been tampered with, replaced, or otherwise interfered with.

The significant technical challenges in both of these aspects range from human interface issues to confidentiality measures. In responding to these challenges, complex information display techniques, such as virtual reality applications, will clearly have some level of payoff. As capabilities for injecting falsehoods into otherwise truthful data continue to be developed,¹ the challenge of determining continued truthfulness will be exponentially greater, particularly in light of the automated fusion capabilities that are being relied on to assist humans in handling the huge amounts of available data in a timely manner.

Attack Detection

Being able to detect when information attacks (in any form) occur is clearly a high priority. Current-generation tools such as the Automated System Intrusion Monitor (ASIM) represent a first step in developing a real-time ability to detect such attacks. Current 6.1-level research ranging from exploration of the application of artificial intelligence to this problem² to an attempt to model a detection system on the human immune system³ is laying the groundwork for developing the scientific principles that will lead to operationally useful automated intrusion detection and reaction. This nascent capability needs to be nurtured and pushed to a real-time capability for the warfighter.

A capability for reacting when hostile activities or accidents occur is also critical, as is the ability to correct the situation. Significant capabilities already developed relate to reconstituting and recovering information. Another primary capability that is critical to the warfighter, but that may be less important to other entities and thus not likely to receive an equitable amount of technology investment, is the capability to perform real-time defensive posture realignments, including triage of both information infrastructure and content as necessary (analogous to cutting off a finger in order to save an arm).

For example, a warfighter performing a humanitarian relief mission in an assessed low-threat area should be able to minimize his defensive posture so as to increase his ability to perform information aspects of the mission (perhaps information dissemination operations), or if the situation becomes more hostile or threatening, to ratchet up his defensive posture accordingly. The infrastructure required to do this does not exist today. The capability for real-time assessment of the threat environment in the information dimension does not exist for the most part, nor does an ability to take such inputs and feed them back into the operational environment as part of a dynamic threat posture. A logical extension of such a capability would be the ability to determine threat and attack vectors, disconnecting systems as needed in order to channel attacks in one direction or to rebuff them completely.

A list of technologies for offensive information warfare is easy to imagine; integration of these technologies into a time-phased operational process will be difficult. The infrastructure and the content are jointly and separately the weapons and the targets; the integration into operations provides a useful offensive capability.

Consideration of offensive IW as the application of techniques and weapons on a useful scale (where useful is relative to the results desired) against information assets and systems, when desired and with predictable results, gives a framework for dissecting what it takes to perform offensive IW operations. On the cyberspace battlefield, conducting IW requires being able to do what is needed when it is needed. A lesser capability is neither effective on a strategic level nor conducive to success in warfare.

The offensive IW community must develop techniques, tactics, and weapons to support organized and prioritized mission objectives. These could take the form of:

• Single weapons with specific goals,

• Multipurpose weapons with generic goals, or

• Attack procedures that target elements selectively in order to achieve desired results.

A subversive attack would be multidimensional—an attack that combined attacks against the various elements of the information infrastructure, such as telecommunications providers, the power grid, the logistics information network, and the news media. A coordinated attack against these entities could conceivably cause widespread disruption of service, unstable support systems, public infrastructure breakdown (such as disruption of subway systems), and rampant gossip and innuendo. To be successful, such an attack would have to disable

these elements within a short period of time (such as a few months) so as to prevent recovery within the existing governance construct. With disablement spread out over a longer period of time, patches and jury-rigging of systems could prevent the scale of result desired.

The most subversive type of strategic attack on information would incorporate deception, perhaps using IW and non-IW components, prior to the actual attack to distract the target from being able to, first, recognize the attack when it gets under way and, second, respond effectively.

The most effective way to launch an attack of strategic significance would be to combine a series of IW kinds of attacks with other non-IW types of attacks. This approach would prove most serious to an adversary's capabilities for response, in that it would tax all resources for which, potentially, no overarching coordinating function would in place.

Clearly, a significant capability for attacking and disabling elements of the information infrastructure exists today in the form of bombs and jammers. Potentially useful technological thrust areas include weapons for nonpersistent network interruption, which in theory would allow the United States the ability to deny an adversary the use of parts or all of a network without physically damaging it, and for a controllable period of time.

Information content weapons are those designed to go after information itself at its source, while it is in transit, or while it is being processed or displayed. The outcomes could include delay, modification, deletion of, or addition to the information.

Intelligence information is the key to developing and implementing effective information warfare plans and operations. Whether the goal is developing a system to degrade an adversary's warfighting capabilities or ensuring protection for one's own military information systems, detailed technical information on the target's hardware, software, and operations is essential. The degree to which attackers are able to acquire timely, accurate, and complete information on the targeted system will determine the degree to which they can analyze exploitable vulnerabilities, and thereby design efficient and effective weapons and delivery vehicles, and develop useful measures of the effectiveness of their approach. The challenges inherent in the intelligence support role are underscored by the lack of a definitive national intelligence estimate on the information warfare threat:

assessing the IW threat is different from hunting for missiles and requires new sources and methods of data collection and analysis in order to support definitive intelligence conclusions. Candidate intelligence support capabilities that should be pursued include enemy profiling and targeting.

The world is changing in ways that are hard to predict. The rise of transnational organizations with multiple loyalties is one development; the availability of information technologies to every organization that exists is yet another. Given these conditions, the development of a methodology to profile enemies in terms of intent, capabilities, and organizational structure would seem to be a high-payoff endeavor that could support the development of a comprehensive information order of battle.

The ability to launch a cyberspace attack does not necessarily require having a precise photograph of the physical location of the target, but may be much more dependent on having a network address or knowing some other technical detail. The functional and physical entities that would serve as targets for IW enable and support information processes at differing levels of abstraction. They include the public switched telephone network (PSTN), automated teller machine networks, the financial transaction network, electronic money, credit, the Global Command-and-Control System (GCCS), tactical C³, medical and corporate networks, weather, cars, petroleum and gas transport, logistics, process controls, interfaces, transportation, the air traffic control system, the nascent intelligent vehicle highway system (IVHS), and many others. These functional entities mask an incredibly complex set of physical entities that continually evolve and change, usually transparently to everyone except the person doing the change. To complicate matters, the functional entities represent shared interests that may in addition share physical infrastructure elements with other functional entities. This introduces the phenomenon of nonlinear cascading effects, whereby an attack on one functional entity may have an impact on other functional entities or an attack on a physical infrastructure element may affect multiple functional entities; the challenge of confining damage and affect is thus magnified, but so is the ability to target systems with predictable effects.

A comprehensive capability to perform targeting in support of information operations and warfare must address these issues.

Knowing where the high payoff targets are in cyberspace is fundamental to being able to integrate time-phased priorities for attack into mission planning. Developing targeting methodologies and identification is necessary and should

be done independently of current targeting methodologies and identification procedures to avoid getting caught in inappropriate paradigms.

There is always a physical component to an IW attack or defense, even if only at the level of the electron, and consideration of the physical paths of attack and the constraints and limitations imposed by the physical components of the attack or defense is critical. At some point, to be operable, all attack plans must identify which specific components of the system—ranging from the 0s and 1s that represent the data through to and including the persons in the system—will be attacked with what weapon or weapons. A complicating factor is that many of the physical entities that underlie the intricately interconnected information infrastructure support not a single function but many functions. An attack must be designed to take this interconnectedness into account, perhaps even exploiting this feature. Once targets have been identified, integrated planning can occur that prioritizes targets within the context of the overall attack plan. First steps to being able to do this are under way now; these efforts should be supported and encouraged.

Performing intelligence preparation of the battlefield (IPB) is a time-tested procedure that must be expanded to include the battlefield's information dimension. This task is challenging, given that the information aspect of a battlefield is very different from its physical characteristics, with few geographic boundaries but multiple dimensions. Moreover, intelligence preparation is becoming increasingly necessary. Recognition of this aspect of IPB will help support the execution of integrated operations plans.

A significant problem in information operations is how to measure success and the level of success in any operation. While admittedly a huge challenge, it is conceivable that the methodical examination of this problem may benefit other challenge areas as well, such as targeting and attack prioritization. Only when it is possible to identify predictable outcomes at the functional node level is it possible to begin to understand the potential impacts and isolate the intelligence requirements that provide support to both the offensive and defensive IW communities. This in turn feeds into understanding of what the essential elements of information are, what the requirements for damage assessment would be, what the intelligence collection requirements would be, and what it would take to be able to perform a successful attack.

The data collected in the pursuit of targeting, attack prioritization, and development of measures of success are invaluable to the development of effective weapons. To quantify the effect of attacks on a specific information system requires complex analyses taking into account the physical and logical components of the system, the shared resources, and the vulnerabilities. Potentially, this type of analysis could provide insights into network vulnerabilities and provide valuable input for cost/benefit analysis of weapon development. The latter is important also for determining whether the likely results of an IW attack would outweigh its costs, risks, and uncertainties.

Quantifying the overall effectiveness of an IW attack is a complex task and will probably not result in unambiguous answers. For example, in a conventional weapons attack on a communications switching facility the results may be quantified in terms of degraded performance—the number of circuits still available and the period of outage or the level of noise on the remaining circuits. This type of information may be applied directly to an evaluation of military objectives such as the probability that critical telephone circuits have been eliminated. In a ''soft" weapon attack on the same switching center, the results may be much more complex. Only in certain cases will the IW weapon be designed to remove the switching circuits from operation as if destroyed by a "software bomb." Some of these types of weapons will conceivably cause the system to pass corrupted or false data while apparently remaining fully operational. In these cases, depending on the nature of the corrupted data, it may not be possible to directly determine the effect of "bad" data on critical functions of the affected network. And, of course, the real issue is the net effect on the degradation of command and control, not the reduction in telephone circuits, although there may be a positive correlation between the two.

In addition to the complexities introduced by altering information content, evaluating the effectiveness of IW will also suffer from uncertainties about or gaps in technical information concerning configurations of the network. As an extreme and simplistic example of this concept, consider a foreign command-and-control network with two independent and parallel transmission systems. If only one of the transmission systems were known about by an attacker, then any attack, no matter how devastating to that particular system, would nevertheless leave the command-and-control network fully functional. It is likely that real information networks, particularly military systems because of their inherent security precautions, contain many components that perform redundant functions or are interrelated in ways that are difficult to discover. Further, there are complexities introduced by the technical knowledge of the people who use the systems and their willingness to improvise new and unforeseeable alternate capabilities. These are issues that complicate translating the likely effects of use of a

specific weapon into meaningful assessments of an attacked adversary's reduced military effectiveness.

It is clearly necessary to apply descriptive and quantitative formalism in an analysis of the effectiveness of IW attacks. Measures of IW effectiveness are not understood completely at this time, but it is clear that they must reflect changes in strategic or military posture or capabilities relative to specific attacks and defenses. The methods applied must characterize the level of confidence in the information pertaining to the targeted information system and must reflect consideration of the impacts and likelihood, where possible, of undiscovered features of the network. These undiscovered features could include redundant nodes, persons-in-the-loop, and additional functionality.

Conceptually, it is useful to divide an information system into smaller, nearly single-function modules for which it is possible to define a structure. The information system model must span both physical and functional aspects so that impacts on logical systems are described as a result of specific actions. With effective modeling and simulation comes an ability to understand targetability requirements as well as interactive effects. Further, an abstracted model can be nested, with levels of functionality abstracted within each other from the simplest to the most complex.

A model could represent an entire simple network—a small number of networked computers—or it could represent a single module in a more complex system—one air defense battery in a country's air defense network. The information input into the module could represent information input from a keyboard, data obtained from remote sensing devices (such as an early warning radar), information from other modules, or, more likely, a combination of many sources of information. The main purpose of the module would be, of course, to perform some function—send e-mail, move cargo, launch missiles, or relay refined or processed information.

With such a model it is possible to conceptualize an IW attack on any of the targetable elements of an information system: the data, the retrieval of the data from some storage medium, communication or transmission of the data, and of course the processing or manipulation of the data. Further, the impact of such an attack on the logical purposes that the physical pieces support can be described. The depth of understanding of what the model represents can be described statistically in order to characterize the degree of the certainty of that understanding. These statistical probabilities play into the equation that describes the complexity of a successful attack: at the very least, it is necessary to know how probable it is that functional relationships are operating in such a way as to be vulnerable to a particular weapon and with what probability the effect on the physical target will

track to the functional target. A next step in the abstraction is to model the weapon system.

Each target can be attacked with a weapon. Conceptually, a weapon consists of two parts: the payload for the weapon and the delivery vehicle by which the payload is transported to the target. Thus, two probabilities associated with the weapon must be considered: the probability that a delivery vehicle will successfully deliver the payload to the correct target, and the probability that the payload will successfully detonate.

The statistical modeling of impacts is a great deal more difficult. For example, how do we quantify loss of functionality when deceptive data is introduced into a system? The effects are clearly dependent on the type of system and what the purpose of the data is—in one system, the result could be an immediate loss of functionality as the processes report out of bounds outputs, whereas in another system, the result could be an insidious skewing of simulation outputs totally unnoticeable to the authorized user.

Applying such a model iteratively can enable identification of some interesting second- and third-order effects. For example, an attack scenario can be modeled and then a second attack scenario modeled over the template of the result of the first attack. This process would provide information of two general sorts: first, identifying resilient pathways and logical functions, and second, identifying second-order attack priorities. From the offensive point of view, iterative modeling is useful to refine targeting strategies; from a defensive point of view, it is invaluable in identifying strategies for triage to recover from attacks as well as identify vulnerabilities that could be made less vulnerable. Most importantly, however, such modeling clearly identifies intelligence data requirements, collection priorities, and the operational essential elements of information.

The information and experience gathered in such a modeling exercise will additionally serve to identify techniques, technologies, and processes that could provide a significant defensive advantage to the information systems in question. Paradigm shifts such as distributed decisionmaking, groupware, and collaborative environments conceptually leapfrog both security controls and security configuration management. Methods carefully crafted to secure computers that stood alone have been shown to be wholly inadequate when computers are networked. The intricacies associated with information warfare simply add one or more dimensions of complexity to this situation.

The Navy must be able to perform assigned missions in the year 2035 with appropriate technologies, procedures, and capabilities. Apropos the information environment, this includes:

• Defending against attacks on own information technology resources;

• Conducting offensives against adversary's information technology resources; and

• Using information operations in ways that are neither clearly offensive nor defensive in nature to support using other tools, technologies, and procedures or to achieve desired mission outcomes.

Performing these operations is complicated by the following elements:

• The borders of information technology will not stop at the ship's hull, but continue past the hull to locations that the warfighter will have neither control over nor possibly even knowledge of;

• Cooperative engagement resources, such as the arsenal ship, must be included in the comprehensive offensive and defensive posture assessment; and

• The increasing incorporation of information technology into every facet of operations can be expected to include wearable computers, personal protection measures (to include medical developments, such as "smart" skin applications) as well as integrated control applications.

Implicit in an assumption of ubiquitous information systems, technology, and resources are the following:

• Useful and pervasive defenses of the information infrastructure and of information content;

• Potential offensive capabilities for use against the adversary's information infrastructure and/or the adversary's information content;

• The ability to command and control information technology defenses and offenses;

• The developed intellectual basis for information operations, specifically tactics and doctrine;

• The availability of intelligence to support the use and development of information technology resources, offense, and defense; and

• The availability of surveillance and reconnaissance data to support real-time adjustments to the information posture.

For the future naval forces to be able to coordinate and operate the range of required capabilities, both explicit and implicit, a range of integrated processes associated with information operations and warfare must be in place and operational. These processes include the following:

• Requirements identification and prioritization,

• Research and development,

• Acquisition,

• Interface negotiation and resolution,

• Equities resolution,

• Vulnerability assessments,

• Intelligence processes,

• Metrics collection and analyses, and

• Training and education.

The development and acquisition of technology without such supporting processes would result in less useful capabilities; as with all information technologies, the role of the people and the organizational constructs within which the technologies are implemented are critical elements in the success or failure of those technologies to achieve their specific goals.

As with any road map, it is important to know not only what the desired end point is, but also where you are starting from. Critical elements of the current posture that will affect any attempt to meet the Navy's goals in developing a competent information operations and warfare capability are discussed briefly below.

1. Information security resources and standards. The current level of expenditure for the Department of the Navy in information security is less than 2 percent of the Navy Department's acquisition budget, having been on a steady decline since the late 1980s. Specific expenditures on security for information-intensive programs (virtually every program today) differ from program to program according to the priorities of the program manager. Required milestones, such as certification and accreditation of information systems, are often waived or overlooked. This is inadequate. The report from the Joint DOD/Director of Central Intelligence (DCI) Security Commission, published in 1994, entitled Redefining Security, stated:

   In reviewing the best practices of government and industry, the Commission finds that an investment strategy that allocates five to ten percent of the total cost of developing and operating information systems and networks is appropriate and needed to ensure that those systems and networks are available when needed and safe to use.⁴

   In keeping with the importance of information to the Navy, it would be prudent to measure and assess the level of expenditures for information security for appropriateness and enforce currently imposed information security requirements.

   A critical element of emerging information security engineering is protecting against induced vulnerabilities associated with large systems integration

and architecture standards. Initiatives such as the joint technical architecture (JTA) are appealing due to their promise of increased interoperability between Services and potential plug-and-play capabilities. However, there are dangers lurking in such efforts. Increased homogeneity of system components makes the system as a whole susceptible to a smaller set of attacks (or inherent flaws), whereas heterogeneity of systems makes a potential adversary's task much more complicated. Features designed to provide redundancy for critical systems may in fact not provide resiliency—if the redundant system is made up of the same components as the primary system, it may well be vulnerable to the same kind of attack.

2. Offensive and defensive coordination. An increasingly artificial distinction between the communities providing and operating the offensive and defensive elements of information operations stands in the way of developing truly operational capabilities. While there are real reasons for keeping secrets, the efforts of the two communities must be rationalized from the beginning and coordinated in the execution. The appointment of an executive agent for IW for the Navy should help in this regard. Specific technological thrust areas that should be addressed as well in the pursuit of a truly operational capability are ones that allow the warfighter to control his resources and operate efficiently in pursuit of mission objectives. Regarding offensive capabilities, the lessons learned from various exercises indicate a serious disconnect between prioritized operations and available weapon systems. Regarding defensive capabilities, the practice to date has been one of installing patchwork information security fixes in what has been termed a "fire and forget" mode. Regarding the supporting intelligence, it is currently not possible to detect and identify attacks in real time, allowing the warfighter to marshal forces to defend against such attacks or to counterattack. Significant research efforts are under way that would support such capabilities. These research efforts should be encouraged, with the end goal of having a truly operational capability that the operators can use.

3. Organization. The first steps the Department of the Navy is taking to create an operational information warfare organizational structure are certainly the right things to do. These steps, which include the development of the information warfare training and education curriculum, the creation of the Fleet Information Warfare Center (FIWC), and the designation of an executive agent for information warfare for the Navy Department, must be supported. In an era when the dependence on information and the promise of information-based operations are so obvious, fiscal and personnel shortfalls can only cost in the long run, both in terms of dollars and potentially in terms of lives lost. Arguments that increased funding for the information operations arena will lead to shortfalls in other warfighting areas must be analyzed and addressed proactively. If the promise of information operations is to be achieved, it will not be with poorly supported organizations and capabilities.

The Department of the Navy must be able to manage and defend its information posture, including its information vulnerability, in the coming era of prolific information gatherers and promulgators. While doing this, the Navy Department must be able to deny information to adversaries as well as manipulate and/or attack it.

There are technology thrust areas that, if pursued, would provide the Department of the Navy with significant capabilities in information operations and information warfare. These technology thrust areas are based on the estimated evolutionary path of the global information environment in which the Navy Department will operate.

These capabilities must include both the content and infrastructure aspects of information.

None of this is inexpensive. There is clearly a tradeoff between the technological investments required to fully exploit the potential of IO and IW and the ongoing capitalization requirements of the more conventional platforms and weapons systems. The Navy Department must make these difficult tradeoffs to lay a foundation for its future ability to use information and information systems to support naval operations.