Information Warfare: When Intrusion Detection Isn't Enough
September 11, 2001… that date will be engraved upon the memories of most Americans for many years to come. That is the date when Terrorists brought their battle to the U.S. soil. One week later, the Internet came under attack by the Nimda worm. Many claimed this was an act of Information Warfare. This was not the first "attack" on the Internet, and it certainly won’t be the last, but was this an act of Info War? I don’t believe it was. Let’s compare the tragic events from the 11th with the Nimda worm to see if we can draw some conclusions about Information Warfare.

On September 11th, without warning, 4 commercial jets were hijacked. Contrary to the historic profile of such events, no negotiations took place. Instead the aircraft were flown into prominent U.S. landmarks. Both World Trade Center towers were completely destroyed, and the Pentagon suffered major damage as a result of this attack.

On or about September 18th, the first signs of the Nimda worm began to surface. This worm used several methods to propagate around the Internet. It was again targeted at computers running various Microsoft products (Internet Information Server, and Outlook). It rapidly moved throughout the Internet, compromising thousands of computer systems around the world. So, was it Info War? In a word… No!

This was just another Internet worm. It used well-known vulnerabilities just like previous worms, Trojans, and malicious software. It was not targeted against prominent U.S. targets. It did not specifically target any of the U.S. critical infrastructures. Instead, it indiscriminately scoured the Internet for vulnerable computers, infected them, and moved on. This is not what we can expect in the event of a true Information War.

So what is Information Warfare? There have been many definitions of Information Warfare offered. My favorite definition comes from Dr. John Alger, at a seminar on Information Warfare (I found this reference here).

Information warfare is the offensive and defensive use of information and information systems to deny, exploit, corrupt, or destroy, an adversary’s information, information-based processes, information systems, and computer-based networks while protecting one’s own.

Now that we have a definition, we can think about the form these attacks might take. How will we know if and when we’ve been targeted by an Info War attack? Let’s see what lessons, if any, can we learn from the events of September 11th?

The airline hijackings and subsequent attacks against the World Trade Center and the Pentagon buildings were almost a complete surprise. It turns out the Intelligence community was aware of a threat of “unprecedented attacks” against the U.S., but they didn’t have the specifics. It also quickly became clear that these attacks were very well planned out. Preparations had been ongoing for at least 12-18 months. Terrorists had established a presence in the community, and had even taken flying lessons. Even now we don’t know the extent of their plans, or how long they’ve been setting this up.

I suggest that we will get hit with Info War attacks in a very similar manner. We already know the threat, in vague terms. There will be “offensive use of information and information systems to deny, exploit, corrupt, or destroy our information, information-based processes, information systems, and computer based networks. More simply put, we’ll be the target of crippling viruses and worms. Our infrastructure will be infiltrated with the goal of manipulating, corrupting or destroying our data and systems. We’ll also be denied access to our systems and infrastructure by some form of “denial of service” attacks. Hmmm… sound familiar?


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th