Taking byte from Baghdad

[InfoSec News <isn () c4i org>]

http://www.gomemphis.com/mca/opinion_columnists/article/0,1426,MCA_539_1726690,00.html

Gary Pounder 
February 9, 2003

Although President Bush hasn't made a final decision about going to
war with Iraq, preparations for that potential conflict are almost
complete. Thousands of American troops have been deployed to the
Middle East in recent weeks, along with dozens of warships and
hundreds of combat aircraft.

These preparations have been highly publicized, with daily pictures of
departing aircraft, naval vessels and military personnel, all designed
to convey a final warning to Saddam Hussein. But preparations for war
also are under way in less-visible areas.

If Bush gives the order to attack Iraq, U.S. forces will initiate
information operations (IO) as part of their overall military
strategy. Aimed at disrupting Iraqi information systems, the expected
"information war" may represent the ultimate technology weapon in what
will be a high-tech campaign.

Details of this war are almost nonexistent. Although the Pentagon has
spent billions of dollars on IO since the early 1990s, it has said
little about its capabilities in this area.

What is known is that this investment has fostered the development of
highly specialized IO units, doctrine and tactics. Gen. Tommy Franks,
commander of U.S. forces in the Persian Gulf region, has his own team
of IO specialists.

Although IO is sometimes described in terms of computer attack or
cyber-warfare, it covers a variety of functions related to the use and
protection of information and information systems. The rationale
behind IO is simple: deny the enemy use of the information spectrum,
while protecting our own information assets.

IO includes several disciplines that are almost as old as warfare
itself: intelligence collection, deception, psychological operations.  
It also incorporates newer technologies, exploiting advances from the
information revolution of the past 20 years.

Cyber-attack is one of the most intriguing and useful new tools of
information warfare. Because of the explosion of computer networks and
the Internet, it is now possible to gain access to information systems
that support an enemy's economy or military forces. Disrupting these
systems can wreak havoc with an adversary's war machine, potentially
shortening the war and reducing the number of allied casualties.

The United States displayed the benefits of a computer war in the 1991
Gulf War, when it conducted its first cyber-attack on Iraq's air
defense system. The highly automated system (nicknamed KARI) linked
Iraqi surface-to-air missiles and anti-aircraft guns in a computerized
command-and-control network.

The KARI system could withstand air attacks reliably and still provide
critical information to Iraqi air defense commanders. Neutralizing
KARI was deemed essential to the allied air campaign.

IO experts decided to attack KARI internally and externally. Allied
electronic warfare aircraft would jam and bomb KARI components, while
specially designed computer viruses would infect the system from
within. Agents inserted the virus in a printer shipped to an Iraqi air
defense site.

The virus also was introduced via a fiber optic cable that connected
air defense nodes. A Special Forces unit infiltrated Iraq, dug up the
cable and inserted the virus. It remained dormant until the opening
moments of the air war, when it went active and crippled KARI. The
Iraqi air defense system never recovered, and allied losses in the air
campaign were minimal.

Since the Gulf War, IO tacticians have added to their target lists
economic and infrastructure systems that support an enemy's ability to
fight: power grids, water supplies, banking networks. There are
unconfirmed reports that cyber-attacks helped shut down the Serb power
grid during the 1999 Balkans War. Information operations also have
been used in the war on terrorism to ferret out al-Qaida bank
accounts, trace financial transactions and identify potential
operatives.

Officially, the Pentagon won't say what level of IO planning and
preparation is under way, but there are vague hints about what might
be in store for Baghdad. Several media outlets reported last month
that the United States was sending E-mail messages to Iraqi military
commanders, urging them not to fight if war breaks out.

In a police state such as Iraq, E-mail directories are classified
material, off limits to anyone outside the military and security
establishment. Our ability to send E-mail to Iraqi generals suggest IO
teams have identified key computer networks, earmarking them for
potential disruption or destruction.

There is a good chance the cyber-battle will spread beyond Iraqi
information systems. If the United States launches military action
against Baghdad, we can expect a vicious "war" between Middle Eastern
and western computer hackers.

Remember the 2001 "spy plane" incident between the United States and
China? That relatively minor episode prompted a month-long
confrontation between American and Chinese hackers that resulted in
the defacement of thousands of Web sites around the world.

A hacker war emerging from a new conflict with Iraq would be even more
intense, likely unleashing new computer viruses, denial-of-service
attacks aimed primarily at Internet providers and Web site
defacements. The potential cost of such a war could be staggering.

The United States is not alone in developing information operations as
a tool of war. Although Iraq's IO capabilities in this area are
rudimentary, other potential adversaries - notably China - are
investing heavily in information warfare. More-sophisticated enemies
would have no qualms about mounting an IO campaign against us.

As the most "wired" nation on Earth, the United States has the
greatest vulnerability to information attack. Although our government
and private companies have invested heavily in computer security, the
recent virus that disabled thousands of automated teller machines
illustrates the potential impact of even small-scale cyber-attacks.  
The forces about to be unleashed on Saddam Hussein may be used against
us in the future.


Guest columnist Gary Pounder is a retired U.S. Air Force intelligence
officer who lives in Oxford, Miss.




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.