The Integration of Cyber Warfare and Information Warfare. Part 01

By | Noor Azwa Azreen Binti Dato’ Abd. Aziz1, Engku Azlan Bin Engku Habib2, and Madihah Mohd Saudi3 1,2CyberSecurity Malaysia, Selangor Darul Ehsan, Malaysia 3CyberSecurity & Systems(CSS) Unit, Universiti Sains Islam Malaysia(USIM) 1azreen@cybersecurity.my, 2azlan@cybersecurity.my, 3madihah@usim.edu.my

ABSTRACT

Throughout the years, the appearance of cyber warfare and information warfare have changed and enhanced the methods, techniques, as well as the tools strategically, in the information and cyber warfare domain. Many researchers have highlighted the misinterpretation and use of the term cyber warfare and information warfare interchangeably. This paper will first define and differentiate the differences between cyber warfare and information warfare. Then it will discuss the connection and the integration of this two warfare. Cyber warfare and information warfare have its challenges and posed threats to nation-states and the world. Knowledge and skills identified in information and cyber warfare will be discussed in this paper. In this regard, this paper will also discuss physical security and cybersecurity measures in addressing the threats posed by warfare in this modern age.

1. INTRODUCTION

In this day and age, warfare does not only encompass the physical domain in areas of land, water, air, and space. Most countries around the globe are aware of the fifth domain, which is cyberspace in their warfare doctrine and operations. This includes warfare attacks against a nation-state, destroying one’s critical communication channels, information systems infrastructure, and assets.

Furthermore, in this complex world, physical and cyber warfare alone are insufficient. According to the 2019 Cyber Threat Outlook by Booz Allen, information warfare is one of the top cyber threats in 2019. Information warfare activities include an extensive range of tactics such as deception, spreading propaganda, and disinformation that are very important in warfare strategies. Information warfare involves not only nation-states but individuals and organizations. Thus far, most countries only used information warfare for political and military purposes such as pushing voters’ decisions on their votes and fuelling cultural conflicts [1]. However, that might change soon due to the complexity of today’s environment.

2. THESUBSTANTIAL DIFFERENCE BETWEEN CYBER WARFARE AND INFORMATION WARFARE

The idea and concept of cyber warfare are still new. The growth, commercialization, and high dependence of the internet and digital technology have boomed in the last two to three decades. Cyber warfare is politically motivated. It is an Internet-based conflict that involves attacks on a target’s information and system [5]. Another literature written by Peifer, Kenneth V. (1997) defines cyber warfare as “attacking and defending information and computer networks in cyberspace, as well as denying an adversary’s ability to do the same.” Cyber warfare activities are all about but not limited to denial- of-service attacks (DoS), attacks on systems, malware attacks, ransomware attacks, system disruption, cyber sabotage, cyber terrorism, and attacks on the Critical National Information Infrastructure (CNII). Actors of cyber warfare can be nation-state, terrorist organization, criminal groups, etc. Actors are capable of carrying out cyber warfare attacks such as [6]:

1. Disrupting the telephone networks. Using logic bombs.
    
2. A logic bomb is a malicious program that is set to be activated when a logical condition is met, on a certain time, date or after several transactions have been processed. The program can put the stock markets on a halt and destroy records of any transactions and money can be stolen by breaching the networks.
    
3. Attacking a country’s power grids, which eventually will cause local and regional blackouts. This has happened to countries such as Ukraine, Russia, Venezuela, etc.
    
4. Causing malfunction and disabling computer systems, onboard avionic computers, or an aeroplane causing it to crash or collide.
    
5. Misrouting trains causing train crashes and collisions. Stealing of cryptocurrency or blockchain.
    

Cyber warfare cannot be separated or isolated from information security. To an organization and nation-state, information is the most valuable asset as it is worth a lot of money. Thus, information security is essential and needs to be the top priority of an organization. Without information security, there will be a risk of vulnerabilities and possible threats and attacks to an organization. In general, information is always targeted for manipulation, deception, and espionage in information warfare.

Information warfare is not a new concept. Britain has manipulated information to change American’s opinion in 1917 and 1941 to engage in wars with Germany. On the other hand, in Germany, Paul Joseph Goebbels, known as The Minister of Propaganda, took over the national propaganda machinery that was responsible for creating the right image of the Nazi regime to its masses, which is the German citizens (Britannica). He continually makes press statements via the press and over the radio. He keeps raising hope to the masses, mentioning, and conjuring past events in history, as well as referring to some secret miracle weapons that the Nazis have in their grasp.

Both the United States (US) and the Soviet Union have been using broadcasting, the use of covert organizations and funds in their operations in order to intervene with other countries’ election during the Cold War [12]. Before the Internet existed, information warfare operations cost a lot of money due to training and movement of spies across borders. Nation-state at that time needs to establish foreign bank accounts and transfer of cash. In the present day, a nation-state remotely achieves a similar outcome at a lower cost. Rather than sending human agents, spyware and other internet tools are used to acquire, alter, and manipulate information across the globe. Funds can be transferred using cryptocurrency, which is harder to detect especially if it uses the tumbling services. Hence, technology and cyberspace easily execute information warfare operations faster, with less cost and low risk.

According to the US Department of Defence, information warfare is “an information-based attack that includes any unauthorized attempt to copy data, or directly alter data or instructions.” In a wider perspective, information warfare is not just about the involvement of computers and computer networks [17]. It is much bigger than that. The operation may involve different types of information transfer transmitted through any media which include the operations against information content, its supporting systems, as well as software. In addition, information warfare can involve physical hardware devices that store the data, human habits, and practices as well as perceptions. This proves that the informational environment is brutal and war on itself.

According to the Joint Chiefs of Staff, information operations, which is also known as influence operations, is defined as the cohesive integration practice and engagement in the computer network operations, electronic warfare, psychological operations, military deception as well as the operation security. In information operation, tactical information regarding the adversaries is compiled and analysed. Furthermore, it is also used to create and disseminate propaganda in order to get a competitive advantage over the adversaries, competitors, or oppositions. There are three components to the information environment, which are the informational aspects, the physical aspects, and the cognitive aspects of the environment [13].

• Physical environment aspect is where the individuals, organizations, information systems, and the physically connected networks reside.
   
• Cognitive environment aspect includes individual and collective consciousness, which information is used, and perception and decision are made.
   
• Information environment aspect is the intersection of the physical and cognitive domains in which information content and flow exist, and a medium in which information is collected, processed, and disseminated.

Information warfare activities are all about, but not limited to, psychological warfare, data and identity theft, electronic surveillance, intelligence analysis, public diplomacy, deception, disinformation, espionage, cyberbullying, and social media attacks. Using social media to spread misinformation, can damage an organisation’s reputation or scrutinising and slandering government institutions and their policies. Social media can play the role to confuse the public, make the truth obscure and attack individuals, politicians, and organizations[1]. Information warfare via social media confuses people and eventually disrupts social harmony and democracy. It will impact the country’s national security negatively. [5].

It is stated that the Russians are very skillful and masters of information warfare ever since Stalin’s Rule of Supremacy. Stalin’s administration was very skilled in photo manipulation even before Photoshop existed. Stalin and his administration were notorious in rewriting the truth or even history through photographs. The Soviet photo engineers changed and erased faces of revolutionaries, enemies of the state, and other unwanted faces from official photographs so that it would not be recorded in history.

Stalin was famous for his Order 227 statement, which caused fear among the masses. Fear is considered a part of information warfare. The contents of Order 227 circulated verbally to every single person in the army. The contents are required to be understood and memorised. Stalin, through Order 227, demanded and ordered that every officer, soldier, and political aides understand that their resources are limitless, to fight until his/her death, and never to retreat. Cowards are unforgiven and were punished severely or even put to death. The laggards or deserters were drawn aside and shot without any reflection or remorse. Dr Martin Libicki in his seven forms of information warfare (shown in Table. 1) described that this kind of warfare contains the element of psychological structure in instilling fear to the troops. However, the elements of Order 227 have affected Stalin’s troops rather than the opposing force.

TABLE 1: L Libicki’s Seven Forms of Information Warfare

Since then, Russia still has not lost its touch in information warfare. One of the recent information warfare incidents that involve Russia is about the 13 Russian officials who were caught meddling in the 2016 US Presidential election. They were charged on account of the conspiracy to deceive the US by ruining the functions of the Federal Election Commission, the US Department of Justice, and the US Department of State. They were charged with schemes to commit bank fraud, wired fraud, and aggravated identity theft (BBC News, 2018).

Another incident that has happened was the cyber warfare and information warfare activities against Ukraine by Russia. Russia has several times attacked Ukraine’s cyberspace, which includes attacks on its electricity grid, electronic billboard hack, influence their election and the integrity of their data [3] Russia tended to manipulate and fabricate stories and information to shock and caused international dialogue to be put into a halt.

The physical and cyber warfare increased due to global connectivity. Unlike any other nation-states, Russia sees the importance and the impact of information warfare, and they are very active in creating and spreading inflammatory rumours and exaggerating stories via the internet. This has caused a lot of problems for the US, NATO, and the EU. Russia tends to undermine the official version of events by using statements such as “Russia is a misunderstood and misjudged superpower and a necessary counterweight to Western liberal values. On the other hand, it is said that the western countries have experienced a deterioration of their ‘traditional values’ and have been hypocritical in their views and decisions in the international arena. As a result, Western philosophy, systems, and actions should not be trusted.” This is the perfect example of how information warfare is played in cyberspace.

Alternatively, at the end of 2018, Reuters reported that the Russian Internet search company Yandex was hacked by hackers working from Western intelligence. The hacker covertly maintains access to Yandex for at least several weeks without being detected. A rare type of malware called Regin was used to spy on the user accounts. Its architecture, complexity, and capability are on another level of advancement. Regin is known to be used by the “Five Eyes,” an intelligence-sharing alliance consisting of countries from the US, Canada, Britain, Australia, and New Zealand. However, the intelligence agencies from these countries have refused to comment on the alliance. Yandex informed that the attack was fully neutralized before any damage was done, and no user data was compromised.

Other than Russia and the US, China has been seen investing more of their time, money and focus, on cyber and information operations, in conducting cyber espionage for political and economic purposes. China mostly targeted the US financial reserve and its defence industrial base. China wants to close the gap in knowledge, skills, and capability with its number one military rival.

Continue to Part 02 of 02

REFERENCES

1. B. Allen, “2019 Cyber Threat”, Outlook. Booz Allen Hamilton Inc.”, Washington D.C., 2019.
   
2. J. Andreas, and S. Winterfeld, “Cyber Warfare (Second Edition)”. Syngress, Elsevier, Amsterdam, 2013.
   
3. M. Baezner, “Hotspot Analysis: Cyber and Information Warfare in the Ukrainian Conflict”, Centre for Security Studies, ETH Zurich, 2018.
   
4. J. Bourque, “Electromagnetic Spectrum Operations, An Approach to the Universal Maneuver Domain”, CHIPS The Department of the Navy’s Information Technology Magazine October-December 2014 [Online] http://www.doncio.navy.mil/CHI PS/ArticleDetails.apx?id=5572 [Accessed: 22-May-2020].
   
5. Essays, UK. “Cyber Warfare Examples Essay”, November 2018 [Online], https://www.ukessays.com/essays/information- technology/examples-of-cyber- warfare-information-technology- essay.php?vref=1 [Assessed: 22- May-2020].
   
6. Global Information Assurance Certification Paper, “Information Warfare: Cyber Warfare is future warfare”, SANS Institute, 2004.
   
7. P. Hälsig, “Measures to prevent cyber warfare and information warfare”, Model United Nations International School of The Hague, Munish, 2013.
   
8. P. Han-na, “North Korea-backed hackers intensify information warfare, financial theft”, The Korea Herald, 2019 [Online] http://www.koreaherald.com/vie w.php?ud=20190326000616 [Assessed: 27 June 2019].
   
9. D.B. Johnson, “How China uses cyber theft and information warfare”, 2019 [Online] https://fcw.com/articles/2019/05/ 06/china-information-warfare- dod-report.aspx [Assessed: 24 May 2019].
   
10. R. Loui and W. Hope, Information Warfare Amplified by Cyberwarfare and Hacking the National Knowledge Infrastructure. IEEE Computer Society, 2017.
    
11. Mitre, Lazarus Group. [Online] Retrieved https://attack.mitre.org/groups/G0 032/, [Assessed: 27 June 2019].
    
12. J. Nye, “Protecting Democracy in an Era of Cyber Information Warfare”, 2018, https://www.hoover.org/research/ protecting-democracy-era-cyber- information-war, [Assessed: 22 May 2019].
    
13. I.R. Porche, C. Paul, M. York, C.C. Serena, J.M. Sollinger, E. Axelband, E.Y. Min, and B. J. Held, “Redefining Information Warfare Boundaries for an Army in the Wireless World”, Rand Corporation, California, 2013.
    
14. S. Ranger, “What is cyberwar? Everything you need to know about the frightening future of digital conflict”, 2018, [Online] https://www.zdnet.com/article/cy berwar-a-guide-to-the- frightening-future-of-online- conflict/, [Assessed: 27 May 2018].
    
15. M. Robinson, K. Jones and H. Janicke, Libicki’s table reference: Cyber Warfare: Issues and Challenges, 2015, [Online] https://www.researchgate.net/pub lication/276248097_Cyber_warfa re_Issues_and_challenges, [Assessed: 28 September 2019].
    
16. W. Snyder, The Difference Between Cyber and Information Warfare, 2018, https://blog.cybersecuritylaw.us/2 018/02/20/the-difference- between-cyber-and-information- warfare/, [Assessed: 21 May 2019].
    
17. S. Wilson, Information Warfare and Cyberwar: Capabilities and Related Policy Issues. Report for Congress, The Library of Congress, Washington D.C., 2013.