Volume 3, Issue 2

Volume 3, Issue 2 Editorial

Stylized Image of the Word Editorial

SPRING 2004

Last November, the Editor-in-Chief of JIW, William Hutchinson, invited the Naval Postgraduate School in Monterey, California to put together a special issue of papers representing some of the research at NPS. We agreed and offer the five papers included in this issue. All of the papers underwent the normal JIW review process before final acceptance and publication.

The papers reflect but a small sample of the IW-related research at NPS. There are approximately 40 permanent faculty and research staff at NPS working in some area of IW, and an even larger number of graduate students who have passed through our programs and completed theses. Many of these people are affiliated with the Center for Information Systems Security Studies and Research (CISR), which was among the first federally designated Centers of Academic Excellence in Information Assurance Education and participants in the Scholarship for Service Program. Others are affiliated with the Cryptologic Research Center, which enjoys significant participation by members of the Department of Electrical and Computer Engineering, the Information Warfare program, the Center for Homeland Defense and Security, or the Center for Terrorism and Irregular Warfare (CTIW). NPS is also in the process of establishing the new Department of Defense Center of Excellence in Information Operations. The new IO center will join CISR and CTIW as components of the Cebrowski Institute for Information Innovation and Superiority. For more information about our programs, we invite the reader to visit the NPS website at www.nps.edu.

Vulnerability Analysis in Critical Infrastructure Protection

ABSTRACT

This paper describes a novel approach to critical infrastructure vulnerability analysis and risk assessment that applies to sectors that can be represented as networks. The method – called model-based vulnerability analysis (MBVA) - is based on a combination of scale-free network theory and fault-tree/event-tree analysis. MBVA incorporates two new optimal resource allocation equations: one for minimizing fault occurrences, and a second equation for minimizing financial risk. The method has been successfully used to identify vulnerabilities in sectors as diverse as water, energy, telecommunications, and power grids.

Terrorist Use of Information Operations

ABSTRACT

It is the authors’ contention that many terrorist organizations have a profound understanding of the information environment and have the ability to manipulate information to achieve their objectives, inherently viewing operations through an IO lens. To provide insight into how terrorist organizations use Information Operations, to exploit the information environment, the authors evaluate tactical and strategic examples of terrorist operations using an IO lens based on US Department of Defense (DoD) IO doctrine. This analysis illustrates that terrorists use IO, and that terrorist organizations are naturally linked to the information environment.

Two Taxonomies of Deception for Attacks on Information Systems

ABSTRACT

‘Cyberwar’ is information warfare directed at the software of information systems. It represents an increasing threat to our militaries and civilian infrastructures. Six principles of military deception are enumerated and applied to cyberwar. Two taxonomies of deception methods for cyberwar are then provided, making both offensive and defensive analogies from deception strategies and tactics in conventional war to this new arena. One taxonomy has been published in the military literature, and the other is based on case theory in linguistics. The application of both taxonomies to cyberwar is new. We then show how to quantify and rank proposed deceptions for planning using ‘suitability’ numbers associated with the taxonomies. The paper provides planners for cyberwar with a more comprehensive enumeration than any yet published to the tactics and strategies that they and their enemies may use. Some analogies to deception in conventional warfare hold, but many do not, and careful thought and preparation must be applied to any deception effort.

Vulnerability of Wireless Networks to Interception

ABSTRACT

This paper examines the vulnerability of wireless systems to interception, and provides some simple steps that can be taken to improve security. A commercially available computational electromagnetic software package was used to predict signal levels in complex indoor and urban environments. The simulation results can be used to determine the detection range of the network. Two basic scenarios are presented: (1) indoor-to-outdoor propagation for a local area network operating in a two story building, and (2) a wireless point-to-point link on an airbase. The simulations illustrate some of the unique propagation conditions that occur inside of buildings and in urban areas. This research has identified several possible system weaknesses and suggested some simple, yet effective, methods of improving security.

Subversion as a Threat in Information Warfare

ABSTRACT

As adversaries develop Information Warfare capabilities, the threat of information system subversion presents a significant risk. System subversion will be defined and characterized as a warfare tool. Through recent security incidents, it is shown that means, motive, and opportunity exist for subversion, that this threat is real, and that it represents a significant vulnerability. Mitigation of the subversion threat touches the most fundamental aspect of the security problem: proving the absence of a malicious artifice. A constructive system engineering technique to mitigate the subversion threat is identified.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

M

P

PDA

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com