[IWAR] US gov IWAR preparations

From: Nick Halflinger (shockwave_riderat_private)
Date: Sun Dec 07 1997 - 13:36:44 PST

  • Next message: Michael Wilson: "[IWAR] SPAIN Attacks on banks"

     5 December 1997, Defense Daily:
     By Frank Wolfe 
     The Pentagon is crafting a set of recommendations on a national 
     architecture to present to President Clinton next year. 
     First, the recommendations are to be given Dec. 16 to the Principals 
    Committee of
     the Presidential Commission on Critical Infrastructure Protection 
    (PCCIP). That
     committee is composed of cabinet level officers and equivalents, 
    including the
     Secretaries of Defense, Commerce, Energy and the Director of Central
     The recommendations are designed to provide protection for key Pentagon
     infrastructures and cyber and communications assets and to insure these 
    assets do
     not conflict with those in the private world. 
     Clinton created the commission in July last year to assess threats to 
    eight of the
     nation's critical infrastructures, including telecommunications and 
    banking, and
     recommend solutions. 
     The commission's advisory committee--chaired by retired Sen. Sam Nunn 
     and former Deputy Attorney General Jamie Gorelick--is looking at 
    several studies,
     including one this year by the Defense Science Board and analyzing them 
    to issue
     advice to Clinton. 
     "Maybe we treat national security as a separate sector to insure that 
    these threats
     are addressed," Sheila Dryden, the Pentagon's principal director of 
     preparedness policy, told Defense Daily yesterday. 
     The Federal Bureau of Investigation has been collaborating with the 
    Pentagon in
     fashioning the infrastructure protection strategies of both agencies. 
    In July last
     year, the FBI started critical infrastructure threat assessment teams 
    in each of its
     56 field offices. 
     "Some of them are doing better than others," David Keyes, the FBI's 
     commission representative, told Defense Daily. "It's a tough problem. 
    You have
     different levels of industry acceptance and different levels of 
    competence within
     field offices." 
     The FBI has been sharing threat data with industry, including public 
    utilities, and is
     looking to expand that data to the classified realm, Keyes said. 
     "That's very important (to build trust)," Nunn said. "They (industries) 
    have to
     understand the general scope of the threat." 
     DoD and the FBI have collaborated in the past, Keyes said. When retired 
     Colin Powell was commander of the Army's Forces Command (FORSCOM), the
     FBI and FORSCOM signed a memorandum of agreement concerning key asset
     protection programs in the United States, Keyes said. 
     "It's a concerted effort," Keyes said of the FBI/DoD collaboration. "As 
     comes to closure on their program, our goal is to continue to be 
     In October the commission issued its recommendations to Clinton, 
    advising a
     "doubling" of the federal government's research and development funding 
     infrastructure protection, to $500 million per year, with 20 percent 
    increases for
     the next five years. Other recommendations included establishing a 
     system of encryption in collaboration with the private sector and a 
    joint setting of
     standards for information security by the National Institute of 
    Standards and
     Technology and the National Security Agency. Those standards are to be 
     with government agencies and industry. 
     The DSB study recommended a threat and warning center in the Pentagon 
    to alert
     DoD to foreign cyber attack and a private sector entity to respond to 
    private sector
     requests while the commission's report recommended a government cell 
    within the
     FBI and private sector alert and warning centers. 
     "Our report suggest they will all be interconnected to share 
    information, " Gorelick
     said. "The way we envision things is that when a warning center has 
     information that needs to be provided to certain industries or 
    individuals, that
     would allow for the free flow of information directly to those people 
    and in and
     among those structures that currently provide information and warning."
     5 December 1996, C4I News:
     For the second installment of "Point of View," C4I NEWS asked John 
    Woodward of 
     the MITRE Corp. to address the topic of information warfare. Woodward 
    is the 
     technical director of MITRE's Intelligence and Special Programs 
    Division, which 
     executes MITRE's Air Force intelligence program, and serves as 
    corporate director 
     of information warfare. Woodward has more than 23 years of experience 
    in software 
     engineering with MITRE and has specialized in information assurance for 
    the last 
     20 years. He has also managed the company's prototype development of 
    the Joint 
     Worldwide Intelligence Communications System and was responsible for 
     intelligence information system support to the Defense Intelligence 
     North American Air Defense/U.S. Space Command/Air Force Space Command 
    and Strategic 
     Air Command. Woodward also led MITRE's Artificial Intelligence 
    Technical Center.
     MITRE is an independent non-profit company that provides technical 
    support to
     the government. 
     Information dominance, the emerging mantra for our military, depends on
     achieving interoperabilitity, as Kenneth Allard suggested in his 
    inaugural "Point of
     View." Our facility in collecting, processing, disseminating and acting 
    upon C4I
     information will indeed be key to future military operations and to 
    getting the most
     (or even a return on investment) from an ever-improving arsenal of 
     weapons. Our dependence on information technology is growing rapidly, 
     more so than our future enemies'. Achieving and maintaining information
     dominance will rely on information assurance--preserving the free flow 
     processing of information, and controlling our dependence on it. 
     Controlling our dependence? Surely our insatiable appetite for 
    technology will be
     fed by the rapid evolution of commercial information processing 
    technology on
     which our military increasingly depends. Why must we control our 
     and what would that mean? The answers lie in a broad understanding of
     information assurance and of threats to our information systems. 
     A major, and increasingly understood, part of information assurance is 
    known by
     several popular names: information security, information protection, 
     information warfare and others. But true information assurance, to be 
     in the long run, must have a larger "bag of tricks," applied in the 
    right combination.
     We can broaden our perspective by realizing that C4I is not alone in 
    having a
     growing dependence on rapidly evolving information technology. Most 
    aspects of
     our daily life are similarly reliant. 
     An important aspect of that dependence is on the infrastructures that 
    underlie the
     military, the government and the private sector: telecommunications, 
     power systems, banking and finance, gas and oil systems, 
    transportation, water
     supply systems and emergency services. The President's Commission on 
     Infrastructure Protection (PCCIP), which recently released its final 
    report, is
     focusing attention on the vulnerabilities of these infrastructures due 
    to their
     reliance on information technology. A major (some say the major)
     recommendation of the PCCIP is an unprecedented partnership between the
     government and private sector operators of these infrastructures. Each 
    partner has
     much to learn from the others, and they all share a common need for 
     What can we learn from looking at the common information assurance 
     of the military and the infrastructure providers? One of the first 
    things to become
     evident is that many different information assurance techniques are 
     including system hardening, intrusion detection, reaction, backup, 
     redundancy, diversity, deterrence, graceful degradation and deception. 
     hardening refers to any action taken to make it more difficult to 
    monitor, change
     or disrupt information. Common examples include employment of 
     which seek to keep outsiders from penetrating information systems, and 
     for (typically configuration) vulnerabilities that make it harder for 
    insiders to
     penetrate other users' systems. 
     Intrusion detection seeks to find penetration attempts and successes. 
    Reaction can
     cover a wide range of activities, from disconnecting the intruder's 
    access to
     creating a "fishbowl" in which his actions can be observed. Backup and 
     allow for timely reconstitution of service after a successful 
     Redundancy and diversity of communications or information processing
     capabilities provide for more system robustness. Deterrence includes 
     upgrading one's hardening and vigorously pursuing intruders. Graceful 
     derives from the philosophy that it is better for an information system 
    to operate in
     a (possibly pre-planned) degraded mode than to shut down for complete 
     Deception takes advantage of the difficulty in attacking a system you 
    do not
     The military and infrastructure operators employ these information 
     techniques in various combinations. The military favors system 
     intrustion detection and reaction. It is interesting to note that the 
    military has a long
     history of employing deception (prominently in the Gulf War) in its 
     but has not yet embraced deception in its information systems, though 
     systems are touted as the battleground of the future. The banking and 
     community additionally favors redundancy, backup and recovery. In 
     air traffic control, the Federal Aviation Administration favors 
    graceful degradation. 
     Intruders, whether hackers or more sophisticated professionals, tend to 
    keep up
     with emerging technologies better than our defenses do. Even the "holy 
     fully encrypted information infrastructure--is susceptible to 
    disruption or denial of
     service attacks. Therefore, defending our evolving information 
    systems-- whether
     their purpose is C4I or infrastructure operation--against a 
    consistently growing
     threat will involve a prudent combination of these information 
     techniques, as well as others perhaps yet to be discovered. This 
    combination will
     likely be different for each system and must be one that we control and 
     over time. 
     In addition, we should seek to control our dependence on information. 
    To do this,
     we must first understand it. We often don't realize our degree of 
    reliance until a
     critical infrastructure or capability is disrupted. How helpless do we 
    feel when our
     power goes out in a storm? If we correctly assess those areas in which 
    we are
     most dependent on information technology, then we can better gauge what
     combination of information assurance techniques we should apply and 
    where they
     would be most effectively employed. 
     We can better understand and control our dependence when we understand 
     others do. The military and the private sector infrastructure providers 
    are in this
     together. Common use of modern information technologies breeds common
     vulnerabilities that are best addressed centrally. "Best practices" of 
     information assurance technologies must be shared to raise the overall 
    level of
     hardening. Information about attacks must be shared to enable effective 
     determination and projection. Only through partnering and sharing can 
    we achieve
     the long-term information assurance that will be required for 
     dominance. Our investment for the future in this critical area must be 
     and the time to act is now. Those who do not may soon find themselves 
    in the
     electronic gunsights of others who have. 
     The military has a long history of employing deception (prominently in 
    the Gulf
     War) in its warfighting, but has not yet embraced deception in its 
     systems, though these systems are touted as the battleground of the 
     5 December 1997, C4I News:
     A new study by the non-profit National Institute for Public Policy 
    advises a 
     wholesale restructuring of the intelligence community to support U.S. 
     forces and save money. 
     "Overall the intelligence community has been among the most successful 
    parts of
     the postwar U.S. national security apparatus. Without basic reforms, 
     that judgment will not remain valid indefinitely," according to the 
    study, entitled
     Modernizing Intelligence: Structure and Change for the 21st Century. 
     "Over the last thirty years, the intelligence community has witnessed 
     changes in the way intelligence is gathered and processed, but during 
    this time,
     with the exception of the recent establishment of the National Imagery 
     Mapping Agency (NIMA), the intelligence community has not undergone
     significant structural reform," according to the study, which was 
    conducted under
     the direction of retired Army Lt. Gen. William Odom, the director of 
     security studies at the Hudson Institute and a former Director of the 
     Security Agency (NSA). 
     These are some of the report's wide-ranging suggestions: 
     * the National Reconnaissance Office (NRO) should be abolished and its 
     placed under NSA and NIMA; 
     * separate the Directorate of Intelligence (DI) from the Central 
     Agency, greatly reduce its size and put it under the Director of 
    Central Intelligence
     (DCI) through the National Intelligence Council; 
     * a formal J-2 office under the Joint Chiefs of Staff should be 
    developed to
     provide support to current military operations; 
     * put all Defense Intelligence Agency (DIA) electronics intelligence 
     collection under NSA and its imagery intelligence (IMINT) collection 
    under NIMA;
     * establish an overt human intelligence (HUMINT) organization in the 
     Department as a joint activity coordinating its activities with the 
    national HUMINT
     Asked about Defense Secretary William Cohen's recent recommendation 
    that a
     separate Assistant Secretary of Defense for Intelligence (ASDI) be 
    created, Odom
     said that "he (Cohen) needs a guy up there who asks are my intelligence 
     doing things consistent with my intelligence aims?" Odom said that the 
     Assistant Secretary of Defense for Command, Control, Communications and
     Intelligence (ASDC3I) structure is "spread too thin. " 
     The key for the ASDI will be finding "staff expertise," Odom said. 
     According to the report, the DI is also "spread too thin" and " has 
    become too
     large and bureaucratic to perform innovative and insightful analysis." 
     "The DI has tried to be the 'central processor' for intelligence 
    production while
     'distributed processing' has taken the lion's share of the market," 
    according to the
     report. "It (DI) has efforts in virtually all areas of intelligence 
     military, technical military, science and technology, economics, 
     counterintelligence, and so forth. Yet it is not comprehensive in any 
    of these areas.
     For example, the DI does analysis of foreign tanks. No U.S. Army tank
     development program, however, could survive on the DI's tank analysis. 
    The DI's
     work is simply too eclectic, incomplete, or untimely." 
     "The same is true for intelligence support to any Navy or Air Force 
     program," according to the report. "In matters of the services' 
    development of
     military doctrine, the DI's products on foreign militaries would not 
    even begin to
     provide sufficient information to satisfy their needs." 
     The report suggests reducing DI in size "rather dramatically" and 
    converting it to
     "a flexible analysis unit that looks for problems and issue areas being 
    neglected by
     other intelligence community (IC) components, develops them for the 
    DCI, and
     then passes them off to appropriate IC components for sustained and
     comprehensive analysis if that appears necessary. " 
     CIA spokesman Mark Mansfield recently told C4I NEWS that CIA had no
     comment on the report because the agency had not yet reviewed it. 
     But DCI George Tenet, in a speech Nov. 19 at the Gerald Ford library in 
     said the U.S. still needs the CIA and its production of " outstanding 
     analysis that is timely, prescient and persuasive." The CIA's four 
    mission areas--all
     source analysis, clandestine operations, counterintelligence, and 
    covert action--"are
     missions that I do not believe can be successfully replicated any place 
    else in the
     United States government," Tenet said. Asking other agencies, such as 
     Department of State or the Pentagon, to pull together all source 
    intelligence to
     present to the President "would place an unfair burden on them," he 
     Tenet also defended the CIA's efficiency and its relationship with the 
    military in
     response to a question about competition between the CIA and the 
     Intelligence Agency (DIA). "I think that there is a real synergy 
    between the civilian
     agency and the defense agencies, of which the Defense Intelligence 
    Agency is only
     one," Tenet said. "We attempt to rationalize our work so that we don't 
     our work, particularly in the analytical arena. " The amount of the 
     budget--$26.6 billion--was recently declassified. 
     Tenet said the CIA's relationship with the military may be its "most 
    important" one.
     "We pay a lot of time and attention to it," he said. U.S. commanders in 
     would say that support by the CIA and defense agencies is "the best 
     story in the history of the United States," Tenet said. 
     National Institute for Public Policy 
     Keith Payne, President 
     3031 Javier Road 
     Suite 300 
     Fairfax, VA 22031-4662 
     703/698-0563, fax 703/698-0566
    Get Your Private, Free Email at http://www.hotmail.com

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:56:10 PDT