Information warfare, assurance and security in the energy sectors

INFORMATION WARFARE,
ASSURANCE AND SECURITY:
THE ENERGY SECTOR
PERSPECTIVESAdedayo O.S
CSO EIS Department
Information Warfare, Assurance and Security 1
A paper delivered during the Energy Information
System (EIS) departmental Seminar, March,
2013 at Computer Training room, ECN Abuja

1. Introduction
2. Definitions
3. Types of Information Warfare
4. Security Measures
5. Impact of Information Warfare
6. Vulnerability Scanners/Tools
7. Conclusion

1.0 Introduction
Computers now control the
electric power,
telecommunication systems,
aviation systems and the financial
sector. Medical, business, criminal
and other vita records are now
stored on the computer systems
(National Research Council, 1991).
Information Technology has
brought a lot changes to the way
warfare are being wage today, a
great number of the national
infrastructures in the developed
nation greatly depend on IT.
The economic, social, political,
educational, power and other
activities depend on Information
Technology .

Electric Power Grid System
Internet

1.0 Introduction (cont’d)
Internet is now a very
powerful tool for trade,
national and financial
development, it is the
largest computer network in
the world comprising of
smaller networks, forming
the backbone for data
transmission across the
whole world because of the
level of its great
redundancy. (SecurityFocus,
2008).

Information Warfare in Energy Sectors
Examples
 In June 2007, the Department of Homeland Security (DHS) leaked a video
that showed how researchers launched a simulated attack that brought down
a diesel electrical generator, leaving it coughing in a cloud of smoke, through
a remote hack that was dubbed the Aurora vulnerability.
 In January 2008, a CIA analyst revealed that a number of cyber attacks had cut
power to several cities outside the U.S.
 In May 2008, the Government Accountability Office (GAO) issued a scathing
report on the number of security vulnerabilities at the Tennessee Valley
Authority, the nation’s largest public power company.
 In April 2009, The Wall Street Journal reported, according to unnamed
current and former national security officials, that Russian and Chinese
attackers penetrated the U.S. power grid, installing malware that could
potentially be used to disrupt delivery.
 In July 2009, NERC CSO Michael Assante told the House subcommittee on
Emerging Threats, Cyber security, and Science and Technology, “Cyber
threats to control systems are

Today, information war and
cyber-war cover wide area of
conflict types ranging from
economic, social, political,
and civilian to military
scopes. Cyber warfare is
generally referred to as the
use of information
technology devices to wedge
war in a communication
medium.

Cyber criminals now targets
national infrastructures, such
as public electricity system,
transportation, energy, oil and
gas system, finance and
banking system, mass media,
and military command and
control (Wik, 2000).
The impact of the information warfare and its
associated risk is very high based on the incident
reports to Computer Emergency Response Team
Coordination Center (CERT/CC) (CERT Statistics,
2009).

Computers now controls most of the civilian and
military infrastructure, including communication,
power systems, and over two million computers are
being used by the military (Melnick, 2007).
Libicki (1995) stated, information warfare is a military
word which can be categorized into;
Psychological warfare, intelligence-based warfare,
Electronic warfare, cyber-warfare, hacker warfare,
Command and control warfare, and economic
information warfare

1.1 Characteristics of Cyber war
Target exist in Cyberspace with real impact
Telecommunication
Computer Network
Control Network
Weapons
Malicious Software
Electromagnetic pulse (EMP) Weapons
Data manipulation and destruction
Techniques
Virtual destruction of target in the cyberspace
Disabling of system software
Overwhelming of control system

1.1 Characteristics of Cyber war
(cont’d)
Capital required is small for large impact
Physical risk associated is Low for the cyber criminal
Role of media is moderate
Legal factor are ill-defined
Physical presence not required for successful attack
(boundary less)
Attack can have any effects focused or diffused
Treat created are in the virtual and physical

2.0 Definitions of Information
Warfare
Haeni (1997) define IW as; “Actions taken to achieve
information superiority by affecting adversary information,
information-based processes, information systems, and
computer-based networks while defending one's own
information, information-based processes, information
systems, and computer-based networks”.
Other definition used include, “Cyberwar refers to
conducting, and preparing to conduct, military operations
according to information-related principles.” (Arquilla &
Ronfeldt, 1997)
The word Netwar was used by refers to information-
related conflict at a grand level between nations or
societies” (Arquilla & Ronfeldt, 1997)

2.1 Information Warfare Conflicts

2.2 Classification Of Information
Warfare

3.0 Types of Information
Warfare
Offensive
Information
Warfare
Defensive
Information
Warfare
Passive
Information
Warfare

3.1 Offensive Information
Warfare
This is define as taking full control of the enemy’s
information, computer and control systems using
information weapons. Offensive Weapons include:
computer virus, logic bombs, worms, Trojan horses,
back doors, trap doors, chipping, electronic jamming,
HERF guns, Nano machines, and microbes (Haeni,
1997).
The tools can be in form of software code or hardware
device with ability to perform dangerous operation,
which can cause partial or total breakdown of the
enemy’s computer system, infrastructure or networks.
16Information Warfare, Assurance and Security

3.2 Defensive Information
Warfare
The main security measures employed in defensive
Information warfare are physical security, electronics
countermeasure and encryption methods. Hence
protecting system availability and data confidentiality
are very important. (Kaomea, n.d). Countermeasures
used in modern day Information warfare are intrusion
detector systems, antivirus software, encryption,
vulnerability scanners and security analysis software
(Hrovat, 2001).

3.3 Passive Information Warfare
Passive weapons are harmless, consisting of
surveillance equipment used in information warfare,
an example is during the building of the U.S. Embassy
in Moscow in the 1980s, when the Soviet workers
buried thousands of electronic diodes into the concrete
slabs for the purpose of secret surveillance. This
weaponry does not leave any trace or harmful effect on
the victims. (Schwartau, 1996)

3.4 Information Weaponries
A virus is a code fragment that copies itself into a
larger program, modifying that program. A virus
executes only when its host program begins to run.
The virus then replicates itself, infecting other
programs as it reproduces. (Russell & Gangemi, 2006)
A worm is an independent program. It reproduces by
copying itself in full-blown fashion from one
computer to another, usually over a network. Unlike a
virus, it usually doesn't modify other programs.
(Russell & Gangemi, 2006)

A Trojan horse is a code fragment that hides inside a
program and performs a disguised function. It's a
popular mechanism for disguising a virus or a worm
(Russell & Gangemi, 2006)
A bomb is a type of Trojan horse, used to release a
virus, a worm or some other system attack. It's either
an independent program or a piece of code that's been
planted by a system developer or programmer. (Russell
& Gangemi, 2006)
Surveillance system, satellites systems, Signals and
Human Intelligence(C4ISR and IW, n.d)

(cont’d)
A trap door, or a back door, is a mechanism that's
built into a system by its designer. The function of a
trap door is to give the designer a way to sneak back
into the system, circumventing normal system
protection. (Russell & Gangemi, 2006)
Chipping is a process of implanting tiny electronics
chip into hardware to perform an unexpected function
by the manufacturer. The function include sending
radio signal to a specific location, total breakdown and
unexpected performance when remotely triggered by a
specific frequency signal (Haeni, 1997).

3.4 Information Weaponries (cont’d)
Nano machine and Microbes; this are special bred
of micro organism and tiny robots with ability to
destroy integrated circuits, computer system ,
buildings or completely shutdown systems
Electronic jamming are used to destruct
communication signals or overshadow signal with
incorrect information to deceive the audience
High Energy Radio Frequency( HERF) gun and
Electro Magnetic Pulse (EMP) bomb are used to
shutdown electronic devices or completely destroy it
(Haeni, 1997).

4.0 Information Security
Measures
Protective measure used by civilian security practitioners
are redundancy, alternative procedure and emergency
plans (Wik, 2000).
Implementing security policy and guidelines, proper
allocation of all resources and training (Wik, 2000).
Access control through the installation of intrusion
detector , vulnerability scanners ,firewall systems and
network security analyzer (Hrovat, 2001).
Information confidentiality, integrity and availability
measure through user authentication, encryption, and
installation of antivirus and Internet security software.
(Uchida, Sugano, & Andou, 2006).

4.1 Encryption Programs
Currently, various types of encryption programs are
being design and used to transmit information securely
on the information superhighways by the civilians.
 The rapid rate of development of encryption now
support the use of strong, powerful encryption to
protect private, public communications network and
their data storage. There are now better products
offering 128bit and 256 bit encryptions making the
illegal and unauthorized decryption of transmitted
information more difficult (Littleton, 1995).

4.2 Secure Digital Communication
Modern technology in digital communication
has brought a lot of improvement in
information in terms encryption as a way of
reducing security risk. The new communication
utilized digital signatures, thereby preventing
unauthorized interception, preserving the
confidentiality and integrity of data (Littleton,
1995). Random encryption is used each time the
phone is used making guessing the right key to
decrypt the signal difficult (Littleton, 1995).

4.3 Redundant Management
Systems
In attempt to reduce security risk, the use of redundant
management systems is employed as way of quick recovery
from information security attacks (Littleton, 1995).
Redundancy is defined as the ability of certain components
of a system to assume functions of failed components
without adversely affecting the performance of the system
itself (Matalus & Fiering, 1977).
Building of redundancy in communication path and
backing up of all information systems resources is being
used by cooperate organization to mitigate risk of system
failure since it is rare to attack all the systems at a time.

5.0 Impact of Information
Warfare on Energy Sector
One the major responsibility is to “to win the
information war” stated, in the National Military
strategy of the United States of February 1995
(DeVries, 1997).
Most Energy power systems and national economy
depends greatly only the national information
infrastructures due to its automated and network
dependent nature. As a result, the national
information infrastructures is the centre of all
information warfare attack and it depends largely on
electric power, computers and telecommunication
(Wik, 2000).

National Information Infrastructures
ELECTRIC
POWER
TELECOM
COMPUTERS

Warfare on Private Sector
The world today had moved from agrarian to
industrial and finally to information wave. The
most industrial nation’s economy greatly depends
on information technology (Knapp & Boulton,
2006).
Computers now control the electric power,
telecommunication systems, aviation systems and
the financial sector. Medical, business, criminal
and other vital records are now stored on the
computer systems (National Research Council,
1991). Information Warfare, Assurance and Security 29

Warfare on Private Sector cont’d
Since 1994, when hackers attacks military, civilian and
government organizations through the Griffiss Air Force base
computers. The major target of cyber terrorist have being on
the civilian firms, commercial firms and infrastructures.
(Strassmann, 2001).
Corporate espionage rate is rapidly increasing due to the
current corporate competition, modern development in IT and
miniaturization of digital devices and opening of internal
network which make more information available for both the
workers and vendors (Knapp & Boulton, 2006).

6.0 Vulnerability
Scanners/Tools
Some of the information weaponries used by the military and civilian
security practitioners to acquire knowledge about their organizational
strategies and plans and security measures to reduce information risks are :
 Network Visualisation, Monitors and Sniffers softwares. Like Visio, NetViz,
NetPartitioner, NeoTrace, TraceRoute, Ethload, Net Xray, Etherpeak,
TCPDump, Snoop, IPWatcher, T-sight and Scott/Tkined
 Vulnerability Analysis software. Like ISS Internet Scanner, Kane Security
Analyst, Trident IP Toolbox / L3 Expert, Security Profile Inspector (SPI), SNI
Ballista and SATAN
 Intrusion detection software. Like RealSecure, NetRanger, Stalker/CyberCop,
Intruder Alert, Network Flight Recorder, SHADOW and NIDS
 Exploitation software. Like NTSecurity, RootShell, Offline NT Password
Utility, Lopht Heavy Industries, AntiOnline, Insecure/Fyodor , TCPwrappers,
Tripwire, COPS, crack, LophtCrack and ScanNT

7.0 Conclusion
The increasing over dependency of our economy and
infrastructures on IT system created a high level of
security risks resulting from inexpensive cost of cyber
attacks is of great concerns to both the public, private
and military sectors. Information warfare is a two
edged sword, a country capable of waging IW is also
very vulnerability. Currently, security treat are more
then the solution we have and the cost of preventing
information warfare is far beyond the cost of the
attack. It is therefore necessary for the government
and agency in the energy sector to be more
committed and defensive.

References
Adams, J. (2001). Virtual Defense. Retrieved from Foreign Affairs: http://www.foreignaffairs.com/articles/57037/james-adams/virtual-defense
Arquilla, J. & Ronfeldt, D. (1997). Retrieved from http://www.rand.org/pubs/reprints/2007/RAND_RP223.pdf
Brazzoli, S. M. (2007). Future prospects of information warfare and particularly psychological operations. . Retrieved from
http://www.iss.org.za/uploads/SA2020CHAP13.PDF
Bush, G. W. (2003). National Strategy to Secure Cyberspace. Retrieved from http://www.whitehouse.
C4ISR and Information Warfare. Naval Weapons Systems. (n.d). Retrieved from http://www.owlnet.rice.edu/~nava201/presentations/Lecture19.ppt
DeVries, A. (1997). Information Warfare and Its Impact on National Security (U). Retrieved from http://www.dtic.mil/cgi-bin/GetTRDoc?
Location=U2&doc=GetTRDoc.pdf&AD=ADA325003
Haeni, R. E. (1997). Information Warfare an Introduction. Retrieved from http://www.trinity.edu/rjensen/infowar.pdf
Hrovat, E. (2001). Information Warfare: The Unconventional Art In A Digital World. Retrieved from
http://www.sans.org/reading_room/whitepapers/warfare/information-warfare-unconventional-art-digital-world_787
Kaomea, P. (n.d.). Beyond Security: A Data Quality Perspective on Defensive Information Warfare. Retrieved from
http://mitiq.mit.edu/iciq/Documents/IQ%20Conference%201996/Keynote%20and%20Lunch%20Speeches/Beyond%20Security.pdf
Kelsey, J. T. (2008). Hacking into International Humanitarian Law: The Principles of Distinction and Neutrality in the Age of Cyber Warfare.
Retrieved from http://proxy1.ncu.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=bsh&AN=32010233&site=ehost-
live

Knapp, K. J., & Boulton, W. R. (2006). Cyber-warfare Threatens Corporations: Expansion into Commercial Environments. Information
Systems Management. Retrieved from http://proxy1.ncu.edu/login?url=http://search.ebscohost.com/login.aspx?
direct=true&db=bsh&AN=20025701&site=ehost-live
Melnick, J. (2007). The cyberwar against the United States. Retrieved from
http://www.boston.com/news/globe/editorial_opinion/oped/articles/2007/08/19/the_cyberwar_against_the_united_states/
Nunes, P. F. (2001). The Impact of New Technologies in the Military Arena: Information Warfare. Retrieved from
http://www.iwar.org.uk/iwar/resources/technology/nunes.htm
Peters, D. (2009). Intercontinental Replaces ATM Cards with Verve Chip. Retrieved from
http://businessworldng.com/web/articles/79/1/Intercontinental-Replaces-ATM-Cards-with-Verve-Chip/Page1.html
Research Council National. (1991). Computers at Risk. Washington D.C: National Academy Press.
SecurityFocus. (2008). Retrieved from http://www.securityfocus.com/glossary/I
Strassmann, P. A. (2001). Government Should Blaze Global Information Warfare Trails. . Retrieved from http://www.strassmann.
com/pubs/searchsecurity/2001-8.php.
Thom, M. (n.d). Information Warfare Capabilities and Policy Issues. Retrieved from http://www2.fiu.edu/~apodaca/Information
%20Warfare%20Lecture.ppt
Uchida, K. Sugano, N. & Andou, S. (2006). Information Security Solutions. Retrieved from
http://www.fujitsu.com/downloads/MAG/vol43-2/paper04.pdf
Wik, M. W. (2000). Revolution in Information Affairs: Tactical and Strategic Implications of Information Warfare and Information
Operations. Retrieved from http://ics.leeds.ac.uk/papers/pmt/exhibits/812/wik.pdf

THANK YOU

Information warfare, assurance and security in the energy sectors

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Information warfare, assurance and security in the energy sectors

Semelhante a Information warfare, assurance and security in the energy sectors (20)

Mais de Love Steven

Mais de Love Steven (8)

Último

Último (20)

Information warfare, assurance and security in the energy sectors

Notas do Editor