The third world war will be an information war

Hacking used to be the exclusive domain of computer geeks, but as criminal organisations, companies and even governments have started to get in on the action, it has been rechristened information warfare.

Hacking used to be the exclusive domain of computer geeks, but as criminal organisations, companies and even governments have started to get in on the action, it has been rechristened information warfare.

And as a new form of warfare, it is the 21st century equivalent of the Blitzkrieg, according to Maxim Kovel, a US defence consultant.

Speaking at the Information Warfare conference here last week, Kovel briefed representatives of the British, Dutch and Swedish ministries of defence on the new threat emerging: systematic assaults on financial, transportion and communications networks and systems.

"The aim of information warfare is mass disruption, rather than mass destruction," says Kovel.

Developments that are seen as positive in the commercial world, such as interoperablity, convergence and globalisation, actually increase the risk of hacking. "There are now 40 million computers in the world capable of searching the Pentagon's UNCL files," says Kovel. "And the increasing trend to use standard off-the-shelf applications and hardware makes it easier for hackers to break into systems, because they can buy the systems themselves and examine them for weaknesses."

The level of knowledge needed to break into systems is also dropping all the time. "Only a few years ago, hackers had to be very knowledgeable people," says Kovel. "Now you can download packages for hacking over the Internet."

As the knowledge spreads, so does the danger. More than 250,000 attacks buffeted Pentagon computer systems last year and the number of attempts is doubling every year, he says.

Despite the threat to military targets, it is commercial civilian networks that are at the greatest risk, according to a study called Keeping Information War in Perspective by DC Gompert of the Washington-based Rand consultancy.

"There is more uncertainty and more potential for disruption in the domestic and economic spheres than in the military arena. Military commanders are accustomed to dealing with changing threats and confusion. By contrast, we at home are not well rehearsed in defending ourselves. Americans are accustomed to things working, whether it's telephones, light switches, automatic tellers or air traffic control systems," the report states.

Despite the growing awareness of a threat, nobody is really sure who the enemy is.

"Who is the enemy?" says a Swedish Ministry of Defence official. "We believe that there is a greater threat from the inside than there is from the outside."

Kovel agrees that in the commercial world the greatest threats are from within organisations, from people who steal corporate or product information, conduct internal espionage and disseminate false information.

"The biggest single contributing factor to corporate information warfare is the reluctance to reveal instances of information theft, or compromise," says Kovel.

However, there are significent legal and regulatory problems in policing the networks. "If somebody from Europe attacks a US network or vice versa, how do you prosecute them?" says Kovel. "Are they breaking a US law or an EC law?"

Added to which, there is no single cohesive strategy to protect both military and civilian networks. No one organisation is responsible for protecting all networks in the US or in Europe. In the UK, for instance, the Ministry of Defence has a strategy for protecting its own networks, but it leaves the protection of commercial networks to commercial organisations.

Furthermore, observers say, it would be naive to assume that all government efforts are to protect domestic networks when governments openly acknowledge offensive capabilities aimed at their foes. Such offensive tactics, Kovel says, include using hackers to infiltrate and damage computer systems by introducing viruses, logic bombs, worms and Trojan horses.

According to vice-admiral Arthur Cebrowskhi of the US Navy: "The power of the cyberspace deterrent would lie somewhere between the nuclear and conventional weapons. The objective would be to sabotage the banking systems, train systems, power systems and isolate the enemy from the rest of the world."

Join the newsletter!

Error: Please check your email address.
Show Comments

Market Place

[]