The Integration of Cyber Warfare and Information Warfare. Part 02

By| Noor Azwa Azreen Binti Dato’ Abd. Aziz1, Engku Azlan Bin Engku Habib2, and Madihah Mohd Saudi3 1,2CyberSecurity Malaysia, Selangor Darul Ehsan, Malaysia 3CyberSecurity & Systems(CSS) Unit, Universiti Sains Islam Malaysia(USIM) 1azreen@cybersecurity.my, 2azlan@cybersecurity.my, 3madihah@usim.edu.my

 

3. THE INTEGRATION OF CYBER WARFARE AND INFORMATION WARFARE


Most countries see cyber warfare as a section of information warfare. However, in this technological age, whereby technology, as well as devices, are complex, sophisticated, and interconnected, the aspect of cyber is considered an essential tool in carrying out tasks including information warfare operations. Countries are now seeing cybersecurity as a critical issue. They are now setting up cyber commands and have developed or are currently developing national cybersecurity strategies to deal with the emerging cyber threats [5]. A US Intelligence report in January 2017 suggests that 30 nation-states are developing cyber offensive capabilities. This reveals that cyber warfare and the cyber-arm race have already started to take root and will develop into something even bigger and dangerous [14].


However, having skills in weaponry, fighting, and cyber-attack capabilities are not enough in war situations. Perception management in information warfare is essential as the arms of war. Perception determines actors’ decisions and the next course of actions, especially on the battleground. In this digital age, the public and the people worldwide are being sucked in and involved in the battleground. The society involvement in the battlefield is made clear and demonstrated during significant incidents such as the ‘Arab Spring’ demonstration in Arab countries and the ‘Jasmine Protest’ in China.


Another term for information warfare is information operations. The military uses the term as a tool for falsifying perception, and it is an integral part of cyber warfare. In cyber warfare, information is used for disseminating and spreading real and fake information. The military is able to deny or stop access to information. Disinformation and fake news campaigns, as well as propaganda, can be used to deceive the enemy. It can influence public perception and trick them into believing or not believing a piece of information.


The rise and strong presence of the mass media have made governments realize the importance of perception management. Due to the advancement of the internet and digital technology, people are given opportunities to become actors, producers, and involved in information warfare via social media. The information spreads rapidly and sporadically than wild forest fires in this digital age.


In 2014, some intelligence groups acquired and even manipulated information via the internet. Other than affecting public opinion, information warfare has distorted information and made people believe what they want to believe. This information manipulation shows that there are high levels of decision making involved in the political arena. The manipulation of information and perception is already a lot and embedded in cyber espionage, intelligence, and military operations, as well as destructive or disruptive cyber operations. The cyberwar information domain is significant for an organization or nation to progress forward and achieve its goals [2].


Cyber warfare can be seen as defensive and offensive warfare. An effective cyber defence will be able to protect the network systems against cyber threats such as Denial of Service (DoS) attack, illegal access, cyber intrusion, network modification, or even jamming. It provides access to information, detects and identifies the information systems, vulnerabilities and threats. It ensures that there will be an efficient use of the systems with less interference and disruption [2].


On the other hand, there are two functions of offensive cyber warfare. First is to identify, detect, manipulate, and affect an information system. Second is to disrupt or destroy the webbed information systems of adversaries. The attacker's process is reconnaissance, scanning, gaining access, maintaining access, and clearing tracks. With their knowledge, skills, and perseverance, they are able to conduct signal jamming, misleading information and malware, to alter, manipulate or wipe out important and confidential data of the opponent. They are able to congest the system with misleading information [2].


Recently, information warfare capabilities are more intense and widely used. Yet, cyber warfare is not merely a tool or a mode of executing information warfare, it is considered the primary mechanism to enhance information warfare manoeuvres. Attacks become more efficient, specific, faster to execute, in-depth, broader usage, and directly interconnected than in the past. Recently, there is a new information warfare on cyber warfare strategy, which involves hacking of the knowledge infrastructure (KI). For example, the spread of scandals, fake news and causing problems to election-day logistics which puts the KI at risk. Some areas of concern on hacking knowledge infrastructure are in politics,finance, engineering, medicine, education, law, and entertainment [10].


Cyber-physical information infrastructure (CPII) has become a new target of cybercriminals. It involves heavily on the command and control of physical infrastructure. The critical national information infrastructures (CNII) sectors such as in Malaysia consist of Government service, defence and security, health service, emergency service, energy, water, banking and finance, food and agriculture, transportation, and information and communication, are frequent targets of cyber-attacks.


Following the targets of national knowledge industries, other targets that might be involved are institutions industries including education, engineering, surveillance, monitoring, investment, advertising, entertainment, and law. Knowledge hacking has progressed tremendously through time due to access and pathways that are easy to manage, and perimeters that can be breached.


Information warfare on cyber warfare is made possible by surrendering and ignoring the check and balance or counterbalance to the cyberspace ecosystem and conveniences. This shows that information warfare is trading security with convenience and not the other way around. The future of information warfare will consist of the combination of net warfare, electronic warfare, cyber warfare, and psychological operations. It will be widely used for offence, attack and defence.


The combination of information warfare and cyber warfare use the ICT infrastructure to enhance and accelerate the movement of information. It will cover a wide range of audiences and with a significant impact on a nation-state or organization. Speakers or voice recordings are used in public or military operations to send or circulate a message more quickly and efficiently to the enemy combatants. The records usually aim to distract, confuse, and even anger the enemy combatants.


Another brilliant strategy that combines both the warfare is the use of social networks and targeted e- mail. These channels provide propagation of false information and disinformation by ambiguous people or false authority. The information does not need to be a total lie or part lie, as long as they can put a spin on the information and are able to distract the audience from the absolute truth.


Deception in terms of targets and sources can be used extensively via ICT. It speeds up the decision-making process and automates its consequences. Cyber warfare allows massive investigation on specific information such as a dossier on incidents, events, tendencies, and personalities needed to launch a successful information warfare operation. This is not always a contributing factor, but it can lead to a highly predictable response from the target population.



4. CYBERSECURITY IN CYBER WARFARE AND INFORMATION WARFARE


It is indisputable that the world has its focus on cyber warfare and information warfare. Countries such as the US, the United Kingdom (UK), China, South Korea and Australia NATO have set up dedicated cyber- security centres to conduct these operations.


Cybersecurity experts in Malaysia have urged authorities to take cybersecurity and cyber warfare more seriously. Combating cyber threats and cyber attacks from nation-states can be very challenging. This is because some of these nation-states have no budgetary constraints in their cyber and information warfare operations.


An example of a state-sponsored cyber-attacks is an Advanced Persistent Threats (APTs) attack. APTs usually refer to cyber attack campaigns that use sophisticated hacking attempts. These attacks are usually persistent, continuously ongoing, and usually targeting an individual, organisation, or country. Their motivation varies from monetary, to cyber espionage, to obtaining confidential data or even to spread misinformation, confusion, and chaos.


For instance, hackers from North Korea are more sophisticated as they are equipped with a wide range of knowledge and skills to conduct DoS, data theft, malware/ransomware attack and cyber espionage. The infamous 2016 $81 million cyber heists on the Bangladesh Central Bank were said to have been done by the North Korean hacking group, Lazarus. Hacking has become a handy tool for countries such as North Korea to acquire money and evade sanctions. This is especially useful when the sales of weapons and counterfeit notes are obstructed due to international restrictions.


However, APT attacks are not only executed by nation-states but also organisations or groups. The Carbanak syndicate has attacked banking, retail, hospitality, and other industries to obtain and collect financial information of the targets. The syndicate uses APT-style tactics to compromise their targets. Carbanak was able to employ and engage a commodity or leaked tools so that they are able to stop the abilities of the network defenders’ in identifying the Carbanak intrusions. So far, the syndicate is recorded to have stolen $1 billion from banks and other industries.


It is crucial to have a holistic and adaptive approach that identifies potential threats to organizations and impacts on national security and public well-being. Nation-states should look at the overall people, process, and technology of an organization and the nation-state. In addition, valuable data and information need to be protected by security with a series of layers of defence mechanisms. This multi-layered approach helps to raise the security system from many different attack vectors.


It is essential to develop nations to become cyber reliant and to gain the capabilities to safeguard the interests of its reputation, image, brands, its stakeholders, and their value-creating activities. Nation-states should implement a more proactive, dynamic, and integrated cybersecurity approach.


People are the weakest link in cybersecurity. Hence, there are two critical aspects of improvement to consider. First, everyone needs to be fully aware of their roles and functions in preventing and reducing cyber threats and cyber attacks. It is imperative to protect cybersecurity issues, risk, and gaps in the organization. Everyone has their responsibilities and roles in securing data and systems in the organization. People need to realize that they cannot rely 100 per cent on security devices to prevent cyber attacks. Vulnerability and risk can happen due to human weaknesses. This can be from internal and external threats. Therefore, security awareness and training for employees must be one of the elements for improving cybersecurity in an organization. An effective security awareness program can reduce the risk of cyber threats that are aimed at exploiting people [6].


Second, the organization must recruit staff specialized in cybersecurity. They continuously need to be well informed, updated with the latest knowledge, trends, skills, and qualifications to ensure appropriate controls, technologies, and best practices are implemented in order to handle current and upcoming cyber threats. All other employees must have knowledge on security, such as organization security policies, best practices in safety, guidelines, incident response and responsibility. Cyber resilience should be practiced throughout the organization. When security is in everybody's mindset, the whole organization can predict, prevent, detect, and respond to the cyber-attacks.


Simulated cyber attack drill needs to be conducted annually or when needed. The drill needs to use the current potential cyber threats and cyber attacks. This is to create awareness and educate its employees with the anatomy of the attacks, to react according to Standard Operation Procedure (SOP) upon encounter. Time to time, cyber attack simulation or cyber drill on cyber attacks such as phishing, will minimize security risk in an organization.


Then there is the process. It is important to implement an effective cybersecurity strategy to identify ways organization’s activities, roles, and documentation are used to mitigate risks to the organization’s information. Due to drastic changes in cyber threats, the organisation needs to adapt and revise the processes timely. If people do not comply with the policies and processes, the organization is deemed inefficient.


It is important for organizations to prepare documented policy, processes, and procedures for their staff’s reference, handbook, knowledge, and awareness in handling vulnerabilities, threats, securing data, and cybersecurity. The policies must be in line with the standards and regulations that are currently implemented in the organization. These policies should comprise provisions related to internal and external workers. The workers are organisation staff, vendors, partners, clients, stakeholders, and customers. The organisation must also regularly review and amend the documentation, guidelines, policies, and strategies such as the Risk Management Plan, Disaster Recovery Plan, and Business Continuity Management Plan to ensure the Cyber Security Life Cycles (Identity, Protect, Detect, Respond, Recover) are correctly implemented. Implementation of ISO/IEC 27001 in critical departments or units is highly advisable to implant the security mindset as daily routine and behaviour of the employees.


The business process in a cyber enabled space and technology is very important in order to tackle the risks and threats that occur in cyberspace. First, an organisation must identify their cyber risks, controls, and technologies needed. Technology is crucial to prevent, protect, or even reduce the impact of cyber risks depending on the organisation’s risk assessment according to an acceptable level of risk. Following are several examples of using Technology to manage cybersecurity:


  1. Update software and hardware regularly.

  2. Remove unnecessary services and accounts.

  3. Enhance network security.

  4. Use encryption where necessary.

  5. Update anti-virus programs.

  6. Identify existing risks and test controls.

Organizations must consistently identify and address risk through independent risk analysis and conduct security assessments as well as vulnerability testing to stop cyber- attacks. When an anomaly or weakness is detected, the system will raise a red flag. The details of the red flag are then shared with the relevant sectors. If the organisation’s system network and technology are properly maintained, the usage of information security controls are able to assist in identifying required protection for the task at hand.


In today’s complex digital age, cyber threats take place across multiple layers. This is called defence in depth. Each layer of the organisation must have their own security defence and measures in order to cover all vulnerabilities. If they are not able to completely stop the attack, at least they are able to slow down attacks before damage is done. It is important for an organization to determine its critical assets, identify any vulnerabilities, and design security in their organization to prevent attacks and detect any breaches. The defence layers are physical, network, host, data, application, business process and organization strategy, and direction (as shown in Fig. 1).


Fig. 1: Defence in Depth In terms of managing and securing data, the government and organization need to implement confidentiality, integrity, and availability in their documentation (CIA). Confidentiality limits access to information. The levels of confidentiality can be Top Secret, Secret, Confidential, Restricted, and Public. Meanwhile, integrity is to make sure that information at hand is accurate and has not been altered by any means possible. Lastly is availability, which guarantees that relevant information or documents are made available to authorized personnel.


Authentication is a method to authenticate a process to recognize and verify valid users or processes. It manages the information users or processes are allowed to access in the system. Whereas non-repudiation is the transparency and assurance that the information exchanges or any transaction may be trusted. It ensures that a party or a communication cannot deny the authenticity of their signature on information, document, or transaction.


Encryption is eminent and crucial to secure data. Encryption is installed and used in devices, computers, file servers, and across networks to assure the privacy of sensitive government, business, and personal information. Encryption technology is now a fundamental enabler for information assurance. It is available in the commercial marketplace throughout the world.


In addressing information warfare, the nation-state needs active transparency in its policies, capabilities, and activities. Transparency is considered a vital component for building trust and confidence between states bilaterally, regionally, and globally. Nevertheless, transparency is not the main aim, yet a toll for promoting further discussion on specific issues of national and international importance.



5. CONCLUSION


The threat of cyber warfare and information warfare is real and needs to be taken seriously. This situation worsens with the rapid spread of information technology, digital technology, and know-how, especially when both integrate or converge with each other. As more computers and devices are connected to networks for increased connectivity, vulnerability increases.


Through information technology advancement, the purpose of data based war in military activities will continue to develop, increase and in time evolve. However, it is a disadvantage to the less advanced nations. Most developed countries will take advantage of the less developed nations which impact the loss of data, sovereignty, and system control.


This paper aims to provide a better understanding on the differences between information warfare and cyber warfare. It reveals the evolution of technology whereby information warfare and cyber warfare are linked to each other and utilized by nation- states to create a significant impact.


Nation-states and organizations need to develop a holistic and adaptive approach to prevent cyber threats in cyber warfare and information warfare situations. Other than that, organizations need to implement multi-layered defence and implement innovative, dynamic, and knowledgeable cybersecurity approach against advanced cyber threats.



6. ACKNOWLEDGEMENT


We like to express our appreciation to Col. Ts. Sazali Bin Sukardi (Retired), Senior Vice President, Strategic Research Division, CyberSecurity Malaysia for his pearl of wisdom and invaluable guidance in completing this conference paper. He is an expert in his field, which is cybersecurity and cyber warfare.



7. REFERENCES


  1. B. Allen, “2019 Cyber Threat”, Outlook. Booz Allen Hamilton Inc.”, Washington D.C., 2019.
  2. J. Andreas, and S. Winterfeld, “Cyber Warfare (Second Edition)”. Syngress, Elsevier, Amsterdam, 2013.
  3. M. Baezner, “Hotspot Analysis: Cyber and Information Warfare in the Ukrainian Conflict”, Centre for Security Studies, ETH Zurich, 2018.
  4. J. Bourque, “Electromagnetic Spectrum Operations, An Approach to the Universal Maneuver Domain”, CHIPS The Department of the Navy’s Information Technology Magazine October-December 2014 [Online] http://www.doncio.navy.mil/CHI PS/ArticleDetails.apx?id=5572 [Accessed: 22-May-2020].
  5. Essays, UK. “Cyber Warfare Examples Essay”, November 2018 [Online], https://www.ukessays.com/essays/information- technology/examples-of-cyber- warfare-information-technology- essay.php?vref=1 [Assessed: 22- May-2020].
  6. Global Information Assurance Certification Paper, “Information Warfare: Cyber Warfare is future warfare”, SANS Institute, 2004.
  7. P. Hälsig, “Measures to prevent cyber warfare and information warfare”, Model United Nations International School of The Hague, Munish, 2013.
  8. P. Han-na, “North Korea-backed hackers intensify information warfare, financial theft”, The Korea Herald, 2019 [Online] http://www.koreaherald.com/vie w.php?ud=20190326000616 [Assessed: 27 June 2019].
  9. D.B. Johnson, “How China uses cyber theft and information warfare”, 2019 [Online] https://fcw.com/articles/2019/05/ 06/china-information-warfare- dod-report.aspx [Assessed: 24 May 2019].
  10. R. Loui and W. Hope, Information Warfare Amplified by Cyberwarfare and Hacking the National Knowledge Infrastructure. IEEE Computer Society, 2017.
  11. Mitre, Lazarus Group. [Online] Retrieved https://attack.mitre.org/groups/G0 032/, [Assessed: 27 June 2019].
  12. J. Nye, “Protecting Democracy in an Era of Cyber Information Warfare”, 2018, https://www.hoover.org/research/ protecting-democracy-era-cyber- information-war, [Assessed: 22 May 2019].
  13. I.R. Porche, C. Paul, M. York, C.C. Serena, J.M. Sollinger, E. Axelband, E.Y. Min, and B. J. Held, “Redefining Information Warfare Boundaries for an Army in the Wireless World”, Rand Corporation, California, 2013.
  14. S. Ranger, “What is cyberwar? Everything you need to know about the frightening future of digital conflict”, 2018, [Online] https://www.zdnet.com/article/cy berwar-a-guide-to-the- frightening-future-of-online- conflict/, [Assessed: 27 May 2018].
  15. M. Robinson, K. Jones and H. Janicke, Libicki’s table reference: Cyber Warfare: Issues and Challenges, 2015, [Online] https://www.researchgate.net/pub lication/276248097_Cyber_warfa re_Issues_and_challenges, [Assessed: 28 September 2019].
  16. W. Snyder, The Difference Between Cyber and Information Warfare, 2018, https://blog.cybersecuritylaw.us/2 018/02/20/the-difference- between-cyber-and-information- warfare/, [Assessed: 21 May 2019].
  17. S. Wilson, Information Warfare and Cyberwar: Capabilities and Related Policy Issues. Report for Congress, The Library of Congress, Washington D.C., 2013.