Preface

This report should be of special interest to those who are exploring the effect of the information revolution on warfare. It should also be of interest to those segments of the U.S. and broader international security community that are concerned with the post-cold war evolution of military and national security strategy, especially strategy changes driven wholly or in part by the evolution of, and possible revolutions in, technology.

The research reported here was accomplished within the Acquisition and Technology Policy Center of RAND's National Defense Research Institute, a federally funded research and development center sponsored by the Office of the Secretary of Defense, the Joint Staff, and the defense agencies. It builds on an earlier and ongoing body of research within that center on the national security implications of the information revolution.

Summary

We live in an age that is driven by information. Technological breakthroughs . . . are changing the face of war and how we prepare for war.

--William Perry, Secretary of Defense

Information Warfare and the Changing Face of War

Information warfare (IW) represents a rapidly evolving and, as yet, imprecisely defined field of growing interest for defense planners and policymakers. The source of both the interest and the imprecision in this field is the so-called information revolution--led by the ongoing rapid evolution of cyberspace, microcomputers, and associated information technologies. The U.S. defense establishment, like U.S. society as a whole, is moving rapidly to take advantage of the new opportunities presented by these changes. At the same time, current and potential U.S. adversaries (and allies) are also looking to exploit the evolving global information infrastructure and associated technologies for military purposes.

The end result and implications of these ongoing changes for international and other forms of conflict are highly uncertain, befitting a subject that is this new and dynamic. Will IW be a new but subordinate facet of warfare in which the United States and its allies readily overcome their own potential cyberspace vulnerabilities and gain and sustain whatever tactical and strategic military advantages that might be available in this arena? Or will the changes in conflict wrought by the ongoing information revolution be so rapid and profound that the net result is a new and grave threat to traditional military operations and U.S. society that fundamentally changes the future character of warfare?

In response to this situation and these uncertainties, in January 1995 the Secretary of Defense formed the IW Executive Board to facilitate "the development and achievement of national information warfare goals." In support of this effort, RAND was asked to provide and exercise an analytic framework for identifying key IW issues, exploring their consequences and highlighting starting points for IW-related policy development--looking to help develop a sustainable national consensus on an overall U.S. IW strategy.

To accomplish this purpose, RAND conducted an exercise-based framing and analysis of what we came to call the "strategic information warfare" problem. Involving senior members of the national security community as well as representatives from national security-related telecommunications and information systems industries, the exercises led participants through a challenging hypothetical IW crisis involving a major regional political-military contingency. The exercise methodology, known by the label "The Day After . . . ," had been previously used for a variety of nuclear proliferation, counterproliferation, and related intelligence studies. The specific scenario chosen for the exercise involved a turn-of-the-century conflict between Iran and the United States and its allies, focused on a threat to Saudi Arabia.

The exercise was conducted six times in evolving versions over the course of five months from January to June 1995. Each iteration allowed for refinement of basic strategic IW concepts and provided further insights about their national security implications. This process provided an opportunity to assess and analyze the perspectives of senior participants from government and industry regarding such matters as the plausibility of strategic IW scenarios such as the one presented, possible evolutions in related threats and vulnerabilities, and the phrasing of key associated strategy and policy issues. It also provided an opportunity to identify emerging schools of thought and, in some cases, a rough consensus on next steps on a number of important strategic IW issues.

In addition, the process yielded a badly needed multidimensional framework for sharpening near-term executive branch focus on the development of strategic IW policy, strategy, and goals--in particular regarding the implications of prospective major regional contingencies on defensive IW strategies, doctrines, vulnerabilities, and capabilities. It also provided a highly useful forum for beginning to coordinate with industry on the future direction of IW-related national security telecommunications strategy.

As can be inferred from the above comments, the methodology employed in this study appears to offer particular advantages for addressing many of the conceptual difficulties inherent in this topic. The subject matter is very new and, in some dimensions, technically complex, especially for individuals typically found in policymaking positions. The challenge of finding techniques for efficiently accelerating the process of basic education on the topic and its implications for national security policy and strategy cannot be underestimated.

This report presents the results of this study. Specifically, the purpose of this report is to

• describe and frame the concept of strategic information warfare

• describe and discuss the key features and related issues that characterize strategic IW

• explore the consequences of these features and issues for U.S. national security as illuminated by the exercises

• suggest analytical and policy directions for addressing elements of these strategic IW features and issues.

Strategic Information Warfare

The United States has substantial information-based resources, including complex management systems and infrastructures involving the control of electric power, money flow, air traffic, oil and gas, and other information-dependent items. U.S. allies and potential coalition partners are similarly increasingly dependent on various information infrastructures. Conceptually, if and when potential adversaries attempt to damage these systems using IW techniques, information warfare inevitably takes on a strategic aspect.

Strategic Information Warfare and Post-Cold War Strategy

Our exercise scenario highlighted from the start a fundamental aspect of strategic information warfare: There is no "front line." Strategic targets in the United States may be just as vulnerable to attack as in-theater command, control, communications, and intelligence (C3I) targets. As a result, the attention of exercise participants quickly broadened beyond a single traditional regional theater of operations to four distinct separate theaters of operation as portrayed in Figure S.1: the battlefield per se; allied "Zones of Interior" (in our scenario, the sovereign territory of Saudi Arabia); the intercontinental zone of communication and deployment; and the U.S. Zone of Interior.

Figure S.1--The Changing Face of War: Four Strategic IW Theaters of Operation

The Basic Features of Strategic Information Warfare

The exercises highlighted seven defining features of strategic information warfare:

• Low entry cost: Unlike traditional weapon technologies, development of information-based techniques does not require sizable financial resources or state sponsorship. Information systems expertise and access to important networks may be the only prerequisites.

• Blurred traditional boundaries: Traditional distinctions--public versus private interests, warlike versus criminal behavior--and geographic boundaries, such as those between nations as historically defined, are complicated by the growing interaction within the information infrastructure.

• Expanded role for perception management: New information-based techniques may substantially increase the power of deception and of image-manipulation activities, dramatically complicating government efforts to build political support for security-related initiatives.

• A new strategic intelligence challenge: Poorly understood strategic IW vulnerabilities and targets diminish the effectiveness of classical intelligence collection and analysis methods. A new field of analysis focused on strategic IW may have to be developed.

• Formidable tactical warning and attack assessment problems: There is currently no adequate tactical warning system for distinguishing between strategic IW attacks and other kinds of cyberspace activities, including espionage or accidents.

• Difficulty of building and sustaining coalitions: Reliance on coalitions is likely to increase the vulnerabilities of the security postures of all the partners to strategic IW attacks, giving opponents a disproportionate strategic advantage.

• Vulnerability of the U.S. homeland: Information-based techniques render geographical distance irrelevant; targets in the continental United States are just as vulnerable as in-theater targets. Given the increased reliance of the U.S. economy and society on a high-performance networked information infrastructure, a new set of lucrative strategic targets presents itself to potential IW-armed opponents.

Consequences of the Basic Features

Through the course of our exercise-based analysis, we prompted policymakers and other experts from the public and private sectors to explore the character and consequences of these features. The discussion that follows summarizes our synthesis of observations made by the exercise participants on the characteristics and implications of these features for the strategic IW problem. Note that there is a "cascading" effect inherent in these observations--each helps to create the enabling conditions for subsequent ones.

Low Entry Cost

Interconnected networks may be subject to attack and disruption not just by states but also by nonstate actors, including dispersed groups and even individuals. Potential adversaries could also possess a wide range of capabilities. Thus, the threat to U.S. interests could be multiplied substantially and will continue to change as ever more complex systems are developed and the requisite expertise is ever more widely diffused.

Some participants believed that the entry price to many of the IW attack options posited could be raised by denying easy access to networks and control systems through the exploitation of new software encryption techniques. Other participants acknowledged that this might mitigate some threats but emphasized that this approach would not remove other threats to an internetted system by a corrupted insider (systems operator) and/or direct physical attack. It would also increase the difficulty in strategic and tactical intelligence vis-a-vis strategic IW attackers.

Blurred Traditional Boundaries

Given the wide array of possible opponents, weapons, and strategies, it becomes increasingly difficult to distinguish between foreign and domestic sources of IW threats and actions. You may not know who's under attack by whom, or who's in charge of the attack. This greatly complicates the traditional role distinction between domestic law enforcement, on the one hand, and national security and intelligence entities, on the other. Another consequence of this blurring phenomenon is the disappearance of clear distinctions between different levels of anti-state activity, ranging from crime to warfare. Given this blurring, nation-states opposed to U.S. strategic interests could forgo more traditional types of military or terrorist action and instead exploit individuals or transnational criminal organizations (TCOs) to conduct "strategic criminal operations."

Expanded Role for Perception Management

Opportunities for IW agents to manipulate information that is key to public perceptions may increase. For example, political action groups and other nongovernment organizations can utilize the Internet to galvanize political support, as the Zapitistas in Chiapas, Mexico, were able to do. Furthermore, the possibility arises that the very "facts" of an event can be manipulated via multimedia techniques and widely disseminated. Conversely, there may be a decreased capability to build and maintain domestic support for controversial political actions. One implication is that future U.S. administrations may include a robust Internet component as part of any public information campaign.

Among participants, there was no support for any extraordinary maneuver by the government to "seize control" of the media and the Internet in response to a probable IW attack. Rather, there was an acknowledgment that future U.S. administrations might face a daunting task in shaping and sustaining domestic support for any action marked by a high degree of ambiguity and uncertainty in the IW realm.

Lack of Strategic Intelligence

For a variety of reasons, traditional intelligence-gathering and analysis methods may be of limited use in meeting the strategic IW intelligence challenge. Collection targets are difficult to identify; allocation of intelligence resources is difficult because of the rapidly changing nature of the threat; and vulnerabilities and target sets are not, as yet, well understood. In sum, the United States may have difficulty identifying potential adversaries, their intentions, and their capabilities. One implication of this is that new organizational relationships are needed within the intelligence community and between this community and other entities. A restructuring of roles and missions may also be required.

In our exercises, debate on this problem centered on the need for some interagency structure to allow for coordinated collection and analysis of "foreign" and "domestic" sources versus the desire to preserve the boundary between foreign intelligence and domestic law enforcement.

Difficulty of Tactical Warning and Attack Assessment

This feature of warfare presents fundamentally new problems in a cyberspace environment. A basic problem is distinguishing between "attacks" and other events, such as accidents, system failures, or hacking by "thrill-seekers." The main consequence of this feature is that the United States may not know when an attack is under way, who is attacking, or how the attack is being conducted.

As in the debate over what to do about the dilemmas posed by the strategic intelligence challenge, exercise participants split on this topic between those who were prepared to consider a more radical mixing of domestic law enforcement and foreign intelligence institutions and those strongly opposed to any commingling.

Difficulty of Building and Sustaining Coalitions

Many U.S. allies and coalition partners will be vulnerable to IW attacks on their core information infrastructures. For example, the dependence on cellular phones in developing countries could well render telephone communications in those nations highly susceptible to disruption. Other sectors in the early stages of exploiting the information revolution (e.g., energy and financial) may also present vulnerabilities that an adversary might attack to undermine coalition participation. Such attacks might also serve to sever "weak links" in the execution of coalition plans. Conversely, tentative coalition partners who urgently need military assistance may want assurances that a U.S. deployment plan to their region is not vulnerable to IW disruption.

There was general agreement among participants that as the United States develops and refines defensive systems and concepts of operations or techniques in this area, it should consider sharing them with key allies, but no specific policies were proffered in the discussions.

Vulnerability of the U.S. Homeland

Information warfare has no front line. Potential battlefields are anywhere networked systems allow access. Current trends suggest that the U.S. economy will increasingly rely on complex, interconnected network control systems for such necessities as oil and gas pipelines, electric grids, etc. The vulnerability of these systems is currently poorly understood. In addition, the means of deterrence and retaliation are uncertain and may rely on traditional military instruments in addition to IW threats. In sum, the U.S. homeland may no longer provide a sanctuary from outside attack.

There was a broad consensus among exercise participants that no dramatic measures such as shutting down an infrastructure would be effective as a defensive measure (and some skepticism as to whether such action would, in fact, be possible during a crisis). There appeared, however, a broad consensus in favor of exploring the concept of a "minimum essential information infrastructure" based on a series of federally sponsored incentives to ensure that the owners and operators had procedures to detect IW-type attacks and reconstitution measures that minimized the impact of any one network disruption--see the discussion below.

An Elusive Bottom Line on the Threat

Over the course of the exercise series, careful attention was given to the possible solidifying of a bottom line on the gravity of the cyberspace-based strategic IW threat. Many existing information systems do appear to be vulnerable to some level of disruption or misuse. At the same time, developments in cyberspace are so dynamic that existing vulnerabilities may well be ameliorated as part of the natural building of immunities to threats that accompany any such rapidly evolving entity. However, our dependence on cyberspace and information systems generally is also growing rapidly--raising unsettling questions as to whether the "immune system" process can "keep up" and thus prevent serious strategic vulnerabilities from emerging and being exploited.

We looked for, but did not find, any strong statistical consensus on just where people think we are now on the threat spectrum portrayed in Figure S.2, or where we might be heading. We did observe, however, that over the course of the exercise, the general perspective on the magnitude of the strategic IW problem almost invariably appeared to move downward along the graph of Figure S.2. This experience mirrored that of the authors--the more time spent on this subject, the more one saw tough problems lacking concrete solutions and, in some cases, lacking even good ideas about where to start.

Figure S.2--A Broad Spectrum of Perspectives

Conclusions

The features and likely consequences of strategic information warfare point to a basic conclusion: Key national military strategy assumptions are obsolescent and inad-equate for confronting the threat posed by strategic IW. Five major recommendations emerged from the exercises as starting points for addressing this shortcoming:

1. Leadership: Who Should Be in Charge in the Government?

Participants widely agreed that an immediate and badly needed first step is the assignment of a focal point for federal government leadership in support of a coordinated U.S. response to the strategic IW threat. This focal point should be located in the Executive Office of the President, since only at this level can the necessary interagency coordination of the large number of government organizations involved in such matters--and the necessary interactions with the Congress--be effectively carried out. This office should also have the responsibility for close coordination with industry, since the nation's information infrastructure is being developed almost exclusively by the commercial sector. Once established, this high-level leadership should immediately take responsibility for initiating and managing a comprehensive review of national-level strategic information warfare issues.

2. Risk Assessment

The federal government leadership entity cited above should, as a first step, conduct an immediate risk assessment to determine, to the degree possible, the extent of the vulnerability of key elements of current U.S. national security and national military strategy to strategic information warfare. Strategic target sets, IW effects, and parallel vulnerability and threat assessments should be among the components of this review. In an environment of dynamic change in both cyberspace threats and vulnerabilities, there is no sound basis for presidential decisionmaking on strategic IW matters without such a risk assessment.

In this context there is always the hope or the belief--we saw both in the exercises--that the kind of aggressive response suggested in this report can be delayed while cyberspace gets a chance to evolve robust defenses on its own. This is, in fact, a possibility--that the healing and annealing of an immune system that is under constant assault, as cyberspace is and assuredly will continue to be (if only, in Willy Sutton's words, because that's where the money is), will create the robust national information infrastructure that everyone hopes to use. But it may not, and we are certainly not there now.

3. Government's Role

The appropriate role for government in responding to the strategic IW threat needs to be addressed, recognizing that this role--certain to be part leadership and part partnership with the domestic sector--will unquestionably evolve. In addition to being the performer of certain basic preparedness functions--such as organizing, equipping, training, and sustaining military forces--the government may play a more productive and efficient role as facilitator and maintainer of some information systems and infrastructure, and through policy mechanisms such as tax breaks to encourage reducing vulnerability and improving recovery and reconstitution capability.

An important factor is the traditional change in the government's role as one moves from national defense through public safety toward things that represent the public good. Clearly, the government's perceived role in this area will have to be balanced against public perceptions of the loss of civil liberties and the commercial sector's concern about unwarranted limits on its practices and markets.

4. National Security Strategy

Once an initial risk assessment has been completed, U.S. national security strategy needs to address preparedness for the threat as identified. As portrayed in Figure S.3, preparedness will cross several traditional boundaries from "military" to "civilian," from "foreign" to "domestic," and from "national" to "local."

Figure S.3--A Spectrum of National Security Preparedness

5. National Military Strategy

The current national military strategy emphasizes maintaining U.S. capability to project power into theaters of operation in key regions of Europe and Asia. Because of the four emerging theaters of operation in cyberspace for such contingencies (see Figure S.1), strategic IW profoundly reduces the significance of distance with respect to the deployment and use of weapons. Therefore, battlefield C3I vulnerabilities may become less significant than vulnerabilities in the national infrastructure. Planning assumptions fundamental to current national military strategy are obsolescent. Consideration of these IW features should be accounted for in U.S. national military strategy.

Against this difficult projection and assessment situation, there is the ever-present risk that the United States could find itself in a crisis in the near term, facing the possibility of, or indications of, a strategic IW attack. When the president asks whether the United States is under IW attack--and, if so, by whom--and whether the U.S. military plan and strategy is vulnerable, a foot-shuffling "we don't know" will not be an acceptable answer.

Finally, however, it must be acknowledged that strategic IW is a very new concept that is presenting a wholly new set of problems. These problems may well yield to solution--but not without the intelligent and informed expenditure of energy, leadership, money, and other scarce resources that this study seeks to catalyze.

Contents

Chapter One: What is "Strategic Information Warfare?"

Introduction
Study Background
Defense-Oriented Tasking from OASD(C3I)

The "Day After . . ." Exercise Methodology
The Exercise Design Process
Exercise History

Chapter Four: Defining Features of Strategic Information Warfare

Low Entry Cost
Blurred Traditional Boundaries
Perception Management
Strategic Intelligence
Tactical Warning and Attack Assessment
Building and Sustaining Coalitions
Vulnerability of the U.S. Homeland

Risk Assessment
National Military Strategy
National Security Strategy
U.S. Government Role

Leadership: Who Should Be in Charge?
Risk Assessment
Government's Role
National Security Strategy
National Military Strategy

Appendix

A. Methodology
B. Summary of Group Deliberations for Step Three
C. Exercise

To order this document . . .