Information Warfare

Information warfare is the use of computers to supplement or supplant conventional warfare. Computers can play a variety of roles in this regard, including acquiring information from an adversary's computers, planting information in their computers, and corrupting an adversary's data.

Information warfare can also be applied in an isolating capacity, in an 'information embargo' that prevents an adversary from getting information in or out. Computers are a great equalizer, and information warfare is a key weapon in asymmetric warfare, a form of warfare where an enemy possesses a decided advantage in one or more areas.

For example, the United States currently enjoys an advantage over many countries in terms of weaponry, and countries that cannot respond in kind have been proactively developing computer attack capabilities to counter this perceived threat.

Laws, rules of engagement, and the level of conflict may constrain information operations. Legally, it is unclear whether information warfare constitutes warfare; this is an important point, as it governs what international law applies to information warfare.

For example, civilian targets are usually off limits in conventional warfare, but information warfare may not be able to avoid substantial collateral damage to civilian computers and network infrastructure. A conservative approach is that malware may never be used in peacetime, but may be deployed by intelligence agencies as the conflict level rises.

In all-out war, both intelligence agencies and the military may use malware. Ultimately, information warfare of any kind may be limited if an adversary's communications infrastructure has been destroyed or otherwise disabled. It is interesting to think of malware-based information warfare as an electronic countermeasure.

An electronic countermeasure, or ECM, is any electronic means used to deny an enemy use of electronic technology, like radar jamming. Early jamming ECM was roughly analogous to a DoS attack, but current ECM systems heavily employ deception, making an enemy see false information.

A comparison of traditional ECM and malware is below.

Persistence

  • Traditional ECM: The effect of the ECM only lasts as long as the transmission of the jamming signal or false information.
  • Malware: The effect of malware lingers until the malware is stopped by the adversary. This longer persistence allows targets to be attacked in advance, with the malware lying dormant until needed.

Targeting

  • Traditional ECM: Only direct targeting of an adversary's systems is possible.
  • Malware: Both direct and indirect targeting is possible through connected, but weaker, points in an adversary's defenses. Malware can be a double-edged sword. Careful thought must be given to the design of malware for information warfare, so that it doesn't start targeting the computers of the original attacker and their allies.

Deception

  • Traditional ECM: Possible.
  • Malware: Also possible. There are many possibilities for presenting false information to an adversary without them being aware of it.

Range of effects

  • Traditional ECM: Because the targets are special-purpose devices with limited functionality, the range of effects that ECM can elicit from their targets is similarly limited.
  • Malware: The targets are more general-purpose computers, and the malware's effects can be designed to fit the situation. For example:
  • Logic bombs.
  • Denials of service at critical times.
  • Precision-guided attacks, to destroy a single machine or file.
  • Intelligence gathering, looking for specific, vital information. After the information is found, there is also the problem of smuggling it out. One possibility for worm-based intelligence gathering is to allow the information to propagate with the worm, in stronglyencrypted form, and intercept a copy of the worm later.
  • A forced quarantine virus, which deliberately makes its presence known to an adversary. The adversary must isolate the affected machines, thus fragmenting and reducing the effectiveness of the adversary's computing infrastructure.

Reliability

  • Traditional ECM: It is unknown until ECM is used whether or not it will work, a detriment to the planning of military operations.
  • Malware: Depending on the setting, malware may be able to signal indicating that it is in place and ready for use. Whether or not it will actually work is still unknown, as with traditional ECM.

Continuity

  • Traditional ECM: Must continually overcome the target, even if the target adapts to the attack using electronic counter-counter measures (ECCM).
  • Malware: An adversary's defenses must only be overcome once, at their weakest point, unlike traditional ECM which attacks the strongest point.

The way that malware is inserted into an adversary's system may be more exotic in information warfare. Direct transmission is still an option, either by self-replication or by espionage.

Indirect transmission is possible, too, such as passing malware through third parties like military contractors or other software vendors, who may be oblivious to the malware transmission.

Malware may be present, but dormant, in systems sold by a country to its potential future enemies. Another indirect means of transmission is to deliberately leak details of a malware-infected system, and wait for an enemy to copy it.