Third-degree conflicts: information warfare

European Journal of Information Systems (2010) 19, 1–4. doi:10.1057/ejis.2010.2 The concept of the Internet as a potential military battlefield is not particularly new. The Internet itself is rooted to the military notion of a bomb-proof defense network. Similarly, the feasibility of attacking information systems across this network was proven in the 1980s by the Morris Worm. This Internet worm brought an early lesson: The seemingly obvious defense of network disconnection was an extremely poor defensive maneuver (Spafford, 1989). The information security community was already developing communications-network-based defenses and controls before the Morris Worm (e.g., Baskerville, 1988). These defenses were extended against potential Internet-based attacks, together with newly designed controls like virus protection software. Information warfare, in the sense of limiting an adversary’s information capabilities while improving friendly capabilities, is indeed ancient (cf. the types of ‘spies’ in Sun Tzu, 1995). The ability to misguide an adversarial decision-maker can result in misdirected assets and efforts that can be highly favorable for the side that controls information. Even the notion of conducting battles that take place entirely within networks of information systems has been a popular scenario for science fiction writers (e.g., Gibson, 1984). However, the reality of battles in information networks is relatively recent. Information warfare certainly encompasses Internet-based espionage. Most Internet-based attacks, at least among those that are suspected of being sponsored by nation-states, have been directed toward espionage. Recent examples include the interception of drone videos and the compromise of defense plans through network hacking. Information warfare also encompasses disabling or disfiguring attacks on Internet-based resources. Such attacks can compromise network-based operations, for example, by hacking into servers or shutting servers down with denial-of-service attacks. Most of the known instances of this sort of network-based battle have been conducted by unruly groups of hackers from one country who engage in grass-roots, online gang fights with hackers from another country. These ‘hacker wars’ have tended to erupt in the shadow of more explicit conflicts between nation-states, such as military confrontations (Baskerville, 2005). Whether online attackers have the capability to seriously disrupt civil or military infrastructures beyond the network itself is debatable. Suspicions of online attacks eddy in the wake of almost every major power outage, such as the recent blackouts in Brazil (actually attributed to lightning Lyons, 2009). These recurring suspicions make it difficult to unseat the notions that information attacks could (or have) shut down control networks for utilities, interrupt financial transactions, or shut down telecommunications. While it is not clear that such attacks are immediate threats to national infrastructures, the prospects are rather severe. The agility that comes with Internet access is luring increasing connectivity. Electricity supervisory control and data acquisition systems ‘SCADA’ , once air-gapped (physically isolated) from the Internet, are gaining Internet connection European Journal of Information Systems (2010) 19, 1–4 & 2010 Operational Research Society Ltd. All rights reserved 0960-085X/10