- Historical Redux
-
- The United States government has embarked
on a dangerous program to bring military warfare to cyberspace. This will
result in threats to information privacy and security barely conceived
of some twenty years ago. There is also great interest by some members
of private industry to see information warfare expand into a major expenditure
area for the military budget. It is fitting to reflect on the words of
one former American president who was no stranger to the military agenda:
-
- * "In the councils of government,
we must guard against the acquisition of unwarranted influence, whether
sought or unsought, by the military-industrial complex . . . We must never
let the weight of this combination endanger our liberties or democratic
processes. We should take nothing for granted."
- President Eisenhower -- Farewell Address,
17 January 1961
-
- NSDD 145/NTISSP No. 2 Precursors: Government
Regulation of Private Sector Security?
-
- Over the past two decades the government
has shown a willingness to extend its brand of information security and
privacy controls to the private sector. It has consistently failed to recognize
that what is important to private industry, namely customer satisfaction,
stockholder profits, and availability and integrity of data, are not so
important to the government -- which generally operates behind a veil of
secrecy and denial of access to information.
-
- During the 1980s, the Reagan administration
attempted to extend governmental information secrecy requirements to the
private sector when it issued National Security Decision Directive 145
(followed by its implementation order -- National Telecommunications and
Information System Security Policy Memorandum Number 2.) By attempting
to place a national security caveat of "unclassified but sensitive"
on certain commercial information, Congress deemed the policy to be unconstitutional
(a violation of the First Amendment right to free speech).
-
- The Reagan policy was largely discredited.
However, a small number of Reagan administration defense policy officials,
operating under the guise of private sector Pentagon special task force
members, managed in the early 1990s to get information warfare and "critical
infrastructure protection" high on the Clinton administration,s policy
agenda. Their intent, and the intent of the administration, is clear. Rhetoric
aside, the government seeks to carve out for itself a major role in information
security and privacy policy in those private industry sectors connected
in any way to the information infrastructure.
-
- In practical Orwellian "Newspeak,"
the National Security Agency, the chief eavesdropper of private communications
in the world, talks of the need to protect the privacy of commercial electronic
transactions. Responsibility for civilian infrastructure protection has
fallen into the hands of an agency that has historically shown its disdain
for the civil rights and liberties of American citizens -- the Federal
Bureau of Investigation (FBI).
-
- The Clinton administration has sent out
mixed signals on where it intends to go with its critical infrastructure
protection policies. In this regard, one must merely read the statements
of members of the administration.
- "We cannot mandate our Goals through
Government regulation."
- President Clinton, May 1999
- "We cannot mandate our goals through
Government regulation."
-
-
President Clinton, May 1999
- "We cannot mandate our Goals through
Government regulation."
- President Clinton, May 1999
-
- "If the private sector fails to
step up to the plate and implement government-level security controls,
one option would be government regulations that will require them to do
so."
-
John S. Tritak,
CIAO, 14 April 2000 , Washington, DC
-
-
- Ethical Implications of Information Warfare
-
- It is clear that the warfare planners
of the Pentagon and its contractors feel an urgent need to bolster the
cyber defenses of the United States in order to launch offensive information
warfare attacks on other countries.
-
- * Fiduciary Responsibilities --
By agreeing to share internal information with the government, banks may
be compromising their fiduciary responsibilities with their customers.
The speed at which several banks agreed to set up a financial Information
Sharing and Analysis Center (ISAC) with the government is emblematic of
the problem. According to an American Bankers Association (ABA) source,
the NSA approached the banking organization with a proposal to set up its
ISAC complete with NSA-developed technical monitoring capabilities. The
ABA rejected the offer.
-
- The FBI also approached the banking group
and offered assistance in creating an ISAC monitoring capability for banking
networks. The FBI,s system was based on a lower level of technology than
that offered by NSA. The involvement of such agencies with sensitive banking
systems without a clear criminal predicate, backed up by judicial warrants,
represents a severe violation of the constitutional rights of American
citizens.
-
- * War criminality vis a vis civilian
targets - In late 1999, a legal team at the Defense Department cautioned
against the use of computer hacking and disinformation in offensive information
campaigns. In a document titled "An Assessment of International Legal
Issues in Information Operations," the Pentagon,s Office of General
Counsel opined that it was dangerous for the military to contemplate launching
information warfare attacks on banks, stock exchanges, and universities.
The lawyers warned of the possibility of a ripple effect on civilian populations
and unintended consequences for neutral or allied nations. As for disinformation
campaigns contemplated by some within the Pentagon and intelligence community,
the Pentagon report was straightforward: "it might be possible to
use computer morphing techniques to create an image of the enemy,s chief
of state informing his troops that an armistice or cease-fire agreement
had been signed. If false, this also would be a war crime." [1]
-
- * "Bounce back" effect
-- There is a huge threat that if the United States launches an information
warfare attack (and there is clear evidence to indicate it did exactly
that against Yugoslavia in the Balkans War), the United States could either
face a retaliatory attack (for which it is much more vulnerable than a
majority of the world,s nations) or it could become a victim of its own
cyber-weaponry. For example, if the Pentagon were to launch a virus attack
against an opponent, how could the military ensure such digital contagion
would not affect the systems of the United States, its allies, its friends
and neutral nations? At this time, the Pentagon cannot make any such credible
assurances.
-
- * A new international weapons race
-- In the aftermath of the Cold War, many nations can ill-afford to try
and match the United States in developing information warfare weapons and
defenses. Many of the world,s nations, including Russia, are in sever debt
situations. There expenditures on such fool-hardy notions as information
warfare comes at the expense of social services, education, modernization,
and international debt payments.
-
- * Military role in domestic affairs
-- The Founding Fathers of the United States and law makers throughout
the history of the country, have stressed the need to keep the military
out of domestic affairs as much as possible. In the aftermath of the Civil
War, when the military attained an omnipotent domestic law enforcement
role, the Congress passed a law that forbade the military from getting
involved in domestic law enforcement. Today, the promoters of information
warfare are calling for a greater domestic law enforcement role for the
military and its associated intelligence agencies. This development is
clearly not in the best traditions of the United States as a democratic
nation based on the rule of law, not on the whims of an Army general or
a Navy admiral.
-
- Privacy Implications of Information Warfare
-
- Expenditures on information warfare and
critical infrastructure protection have included the establishment of a
number of network monitoring and surveillance systems. It is questionable
whether these surveillance networks operate within the framework of the
Fourth and Fifth Amendments of the U.S. Constitution, namely those dealing
with privacy of communications and the protection against self-incrimination.
-
- Some of the more ubiquitous surveillance
networks are listed below:
-
- * Information Sharing and Analysis
Centers (ISACs) in banking and finance, telecommunications, information
services and computer sectors
- * Federal Intrusion Detection Network
(FIDNET),
- * Regional Information Sharing
System Network (RISSNET)
- * Financial Crimes Enforcement
Network (FINCEN)
- * ECHELON
- * Similar surveillance and monitoring
systems in other countries
-
- Perception Management
-
- The military and the intelligence agencies
have a vested interest in whipping up public support for their information
warfare and cyber-protection initiatives. They seek first to create a "fear
mentality." By instilling the fear of "cyber doom" in the
minds of the general public, the agencies can then focus on curtailing
those civil liberties and privacy rights that represent impediments to
their agendas. Recently, this has resulted in an attempt by the Justice
Department to amend the U.S. Freedom of Information Act, the result of
which will make it harder for the citizen to gain access to government
information that is in the public interest, e.g., environmental, health,
and safety information.
-
- The military/intelligence consortium
also seeks to control the dissemination of news in order to frame the debate
on its own terms. They get the media to hype up existent or non-existent
threats and military exercises reminiscent of the Cold War. In the past
few years these have included exercises with names like ELIGIBLE RECEIVER,
MOONLIGHT MAZE, and EVIDENT SURPRISE.
-
- The propaganda elements within the military/intelligence
complex are also very open about their need to control new media like the
Internet and worldwide satellite broadcasts. This has resulted in military
psychological warfare (PSYOPS) programs like the U.S. State Department,s
International Public Information (IPI) system, a program designed to place
U.S. government propaganda in the international media, including Internet
news sources, and a Pentagon program that successfully placed PSYOPS interns
within the news organizations of CNN and National Public Radio.
-
- Standing Your Ground Against the Info
War Agenda
-
- There is one potent defense against the
information warfare/critical infrastructure protection agenda and that
is the political one. By using the democratic political process to deny
funding for these various info war programs, the military and intelligence
agencies cannot implement their agendas. Without funding, military contractors
will lose interest in the subject and wander off to some other watering
holes or grazing fields to satiate themselves. Therefore, it is important
to organize political opposition to these programs at the national levels
(U.S. Congress, British House of Commons, Russian Duma, German Bundestag,
Japanese Diet, Israeli Knesset) and the supranational levels (European
Parliament, Council of Europe, Organization for Economic Cooperation and
Development, United Nations). The stakes are too important not to act.
-
-
-
- [1] Bradley Graham, "Military Grappling
With Rules for Cyber Warfare," The Washington Post, November 8, 1999,
p. A1.
-
-
- http://www.waynemadsenreport.com/infowar.htm
|