Registration
You will receive an email confirming your registration.
On December 15, 1999, Women In International Security (WIIS), the Managing Global Issues Project, and the Project on the Information Revolution and World Politics at the Carnegie Endowment for International Peace co-sponsored a panel discussion on "Information Warfare and CyberTerrorism: Combating Cyber Threats in the New Millennium."
Introducing the topics were Dorothy E. Denning, professor of Computer Science at Georgetown University; Terry Gudaitis, behavioral scientist in the Cyber Forensics and Profiling Division at Global Integrity Corporation; and Susan Koeppen, senior attorney in the Computer Crime and Intellectual Property Section (CCIPS) of the Department of Justice. William J. Drake and Chantal de Jonge Oudraat moderated the discussion.
PRESENTATIONS
|
Dorothy Denning discusses information warfare and cyberterrorism. |
Dorothy Denning offered an overview of information warfare and cyberterrorism. She uses the term information warfare to cover a wide range of activity, including corporate and military espionage and intelligence collection, psychological operations and perception management, attacks on communication systems, consumer fraud, and information piracy. In addition, the concept covers specifically computer-related issues: viruses, Trojan horses, and deliberate and targeted hacking efforts such as computer break-ins and denial-of-service attacks (where hackers flood an Internet server with traffic to overload and disable it). Denning described cyberterrorism as politically-motivated computer hacking that inflicts severe societal harm, such as disabling a power grid for an extended period, causing planes to crash, or poisoning a city's water system. |
She stressed the need to distinguish between information-age vulnerabilities, which are everywhere and may be inevitable, and true cyberterrorism threats, which are far fewer. Denning noted that information-age security has become a contentious issue because of the competing security interests of governments, corporations, and individuals. Government desires to break encryption schemes in the name of national security, for instance, clash with corporate concern for secure financial transactions and individual desire for online privacy.
Susan Koeppen spoke about ways that the US government is responding to cyberthreats. She discussed Presidential Decision Directive 63 of May 1998, "Protecting America's Critical Infrastructures," which creates a national coordinator for information security, establishes the National Infrastructure Protection Center at the FBI, and directs government agencies to address their own vulnerabilities. Koeppen admitted that technological changes can impact law enforcement and noted that the transborder nature of many cybercrimes complicates questions of legal jurisdiction. Still, she argued, criminal processes and network security are ultimately effective in combating information-age threats. All cyberattacks are first and foremost crimes, she emphasized, and it is essential to distinguish between the actions of a hostile government and the efforts of teenage hackers before responding with force. Koeppen claimed that cooperation among government agencies insures that the Department of Justice can pass on relevant information to the Department of Defense when it determines that an attack should be considered an act of war rather than a simple cybercrime.
Panel Participants, L
to R: Chantal de Jonge Oudraat (Moderator), William J. Drake (Moderator), Terry
Gudaitis, Susan Koeppen, and Dorothy E. Denning
Terry Gudaitis talked about her work adapting criminal profiling to cyber-related crimes. Regardless of the technology involved, she argued, it is still people who perpetrate attacks. Gudaitis noted that computer-related incidents have mirrored traditional crimes of the past in many ways; anonymity has always been important for criminals, and the ease of moving around on the Internet simply facilitates concealing one's identity. Studying cultural clues in cybercrime, such as linguistic patterns in the emails used to launch a computer virus or the unique characteristics of different schools of programming and hacking, can help pinpoint where an attack may have originated from. To anticipate future trends in cybercrime, Gudaitis advocated watching the tactics of pornographers, as well as looking at children to see how future generations are using the Internet. Ethical lines are being redrawn in the information age, she claimed, and new users who would not commit physical crimes think nothing of doing so on the Internet.
Questions and Answers
Several attendees questioned whether the US military is adequately prepared to defend itself against attacks on information infrastructure (much of which is privately owned). Others noted that some in the national security community have raised the prospect of developing a new entity within the Department of Defense that would lead responsibility for information warfare issues.
|
Chantal de Jonge Oudraat and William J. Drake moderate the discussion. |
One commentator suggested that the government should shift its defense spending priorities, devoting more resources to information defense and less to conventional and nuclear defense. Several people believed that countries incapable of gaining traditional military advantage would seek to develop information warfare capacity. |
Hacking of government computers has already played a role in the China-Taiwan conflict, and individuals in the Chinese military have begun to explore the potential for using information warfare against the United States in the event of an armed conflict.
One attendee suggested that increased vulnerability to cybercrime and terrorism around the world would push states toward greater cooperation in managing such threats. Several formats were suggested for a new international cyber-regime, including a nonproliferation treaty akin to current agreements on nuclear weapons. In general, participants identified several obstacles to international regulation of cyberthreats. One problem is that the "weapons" of information warfare and cyberterrorism are almost exclusively tools that have many legitimate and benign uses. Another involves competing standards of free speech and privacy under various legal systems. Market concerns may also complicate cooperation since much of the information industry is in private hands.
The discussion on Information Warfare and CyberTerrorism provided a forum for analysts in the field to examine cutting-edge issues that will be increasingly relevant to national and international security in the years to come. For future announcements of related events, please check the web pages of Women In International Security, the Managing Global Issues Project, and the Project on the Information Revolution and World Politics.
Summary by Taylor C. Boas