Information Warfare and Security / Edition 1

Paperback (Print)
Buy New
Buy New from BN.com
$47.90
Buy Used
Buy Used from BN.com
$37.34
(Save 37%)
Item is in good condition but packaging may have signs of shelf wear/aging or torn packaging.
Condition: Used – Good details
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 96%)
Other sellers (Paperback)
  • All (36) from $1.99   
  • New (6) from $46.82   
  • Used (30) from $1.99   

Overview

What individuals, corporations, and governments need to know about information-related attacks and defenses!

Every day, we hear reports of hackers who have penetrated computer networks, vandalized Web pages, and accessed sensitive information. We hear how they have tampered with medical records, disrupted emergency 911 systems, and siphoned money from bank accounts. Could information terrorists, using nothing more than a personal computer, cause planes to crash, widespread power blackouts, or financial chaos? Such real and imaginary scenarios, and our defense against them, are the stuff of information warfare-operations that target or exploit information media to win some objective over an adversary.

Dorothy E. Denning, a pioneer in computer security, provides in this book a framework for understanding and dealing with information-based threats: computer break-ins, fraud, sabotage, espionage, piracy, identity theft, invasions of privacy, and electronic warfare. She describes these attacks with astonishing, real examples, as in her analysis of information warfare operations during the Gulf War. Then, offering sound advice for security practices and policies, she explains countermeasures that are both possible and necessary.

You will find in this book:

  • A comprehensive and coherent treatment of offensive and defensive information warfare, identifying the key actors, targets, methods, technologies, outcomes, policies, and laws;
  • A theory of information warfare that explains and integrates within a single framework operations involving diverse actors and media;
  • An accurate picture of the threats, illuminated by actual incidents;
  • A description of information warfare technologies and their limitations, particularly the limitations of defensive technologies.

Whatever your interest or role in the emerging field of information warfare, this book will give you the background you need to make informed judgments about potential threats and our defenses against them.

0201433036B04062001

Read More Show Less

Editorial Reviews

Rob Slade
Complete and solidly based...clear and thought-provoking...engaging and informative.
Comp.society.cu-digest
Booknews
Denning (computer science, Georgetown U.) covers threats such as fraud, sabotage, espionage, piracy, identity theft, and electronic warfare. She uses examples from actual attacks and thefts, including an analysis of information warfare operations during the Gulf War. For each type of threat she includes advice for countermeasures that she argues are both possible and necessary. Specific topics include IP spoofing, software trojans, viruses, cryptography, steganography, biometrics, and the limitations of defensive technologies. Annotation c. by Book News, Inc., Portland, Or.
Jonathan Erickson
In all likelihood, Information Warfare and Security won't realize over time the "classic" status of Cryptography and Data Security (they're not the same kinds of books), but it is important as a comprehensive introductory survey of the challenges we face in the coming century.
Electronic Review of Computer Books
Jonathan Erickson

Information Warfare and Security

Dorothy Denning is one of the world's most respected computer-security experts. She's also the author of the now-classic Cryptography and Data Security Addison-Wesley, 1982 and a professor of computer science at Georgetown University. But if Denning ever wants to chuck it all and opt for an honest living of, say, writing horror stories, her most recent book, Information Warfare and Security, has all the source material she will ever need. Before reading half the book, I was ready to cancel my e-mail accounts, jettison my modems, cancel my credit cards, move what little money I have from the bank to my mattress, and head out for the Flint Hills.

You see, part of what Denning has done in "Information Warfare and Security" is chronicle what seems to be just about every breach in computer security over the past few years. Page after page of hacks, cracks, phreaks, and psyopts by everyone from teenagers and thrill seekers to spies and nuts. Credit card numbers, passwords, bank accounts -- they're all fair game for anyone who is bright, persistent, online, and so inclined.

Not that it was Denning's intent simply to titillate us with one interesting or exciting story after another. Instead, her goal is to provide us with a comprehensive overview of what's become known as "information warfare." In defining this term, Denning relies on a definition supplied by Winn Schwartau in his book Information Warfare Thunder's Mouth Press, 1996 whereby:

"Information warfare consists of those actions intended to protect, exploit, corrupt, deny, or destroy information or information resources in order to achieve a significant advantage, objective, or victory of a specific adversary or adversaries."

However, Denning doesn't stop there. She goes on to explain that she attempts to take the definition deeper, to

"... provide a theory of information warfare based on the value of information resources to an offense or defense... Information warfare is a 'win-lose' activity. It is about "warfare" in the most general sense of conflict, encompassing certain types of crime as well as military operations."

To that end, Denning opens Information Warfare and Security with a description of the role of information warfare in the Gulf War. The brief history she presents is both interesting and exciting and immediately pulls you into the book. This chapter kicks off "Part I: Introduction" of the book, which covers other topics such as the author's theory of information warfare, and issues such as motivation and types of computer crime. From there, Denning moves to "Part II: Offensive Information Warfare" which addresses topics such as open source no, not source code, but the information about all of us that is open and easily accessible, psyops "psychological operations", traitors and moles, corporate espionage, dumpster diving, shoulder surfing, phone phreaking, packet sniffers, e-mail forgeries, and much more. Finally, in "Part III: Defensive Information Warfare," Denning surveys the tools and techniques that enable individuals and organizations to protect themselves from attacks: cryptography, RSA, biometrics, digital signatures, trash disposal, firewalls, and the like.

Although Denning does explain the basics of topics such as public-key encryption in Part III, "Information Warfare and Security" isn't a technical book. Instead, it is perhaps the best single overview of the real-world security issues that you'll find. And what makes the book particularly interesting is that Denning puts the various types computer cracking into the broader context of topics such as phone phreaking hey, I always like to read about the exploits of Cap'n Crunch and other forms of information warfare. In fact, it is hard to imagine how she was able to gather all of the incidents described and present them in a coherent manner that keeps you reading.

In all likelihood, Information Warfare and Security won't realize over time the "classic" status of Cryptography and Data Security they're not the same kinds of books, but it is important as a comprehensive introductory survey of the challenges we face in the coming century.--Dr. Dobb's Electronic Review of Computer Books

Read More Show Less

Product Details

  • ISBN-13: 9780201433036
  • Publisher: Addison-Wesley
  • Publication date: 12/2/1998
  • Series: ACM Press Series
  • Edition description: New Edition
  • Edition number: 1
  • Pages: 522
  • Sales rank: 798,334
  • Product dimensions: 6.22 (w) x 9.05 (h) x 1.18 (d)

Meet the Author

Dorothy E. Denning is Professor of Computer Science at Georgetown University. She is the author of a classic book in the field, Cryptography and Data Security, a coeditor (with Peter J. Denning) of a more recent work, Internet Besieged: Countering Cyberspace Scofflaws , and the author of 100 papers on computer security. Dr. Denning has shared her special expertise on encryption in testimony before the U.S. Congress.

0201433036AB04062001

Read More Show Less

Read an Excerpt

In recent years, information warfare has captured the attention—and imagination—of government officials, information security specialists, and curious onlookers. The term is used to cover a broad spectrum of activity but especially a scenario wherein information terrorists, using not much more than a keyboard and mouse, hack into a computer and cause planes to crash, unprecedented power blackouts to occur, or food supplies to be poisoned. The terrorists might tamper with computers that support banking and finance, perhaps causing stock markets to crash or economies to collapse. None of these disasters has occurred, but the concern is that they, and others like them, could happen, given the ease with which teenagers have been able to romp through computers with impunity—even those operated by the U.S. Department of Defense.

This book is an introduction to information warfare. It is about operations that target or exploit information media in order to win some objective over an adversary. It covers a wide range of activity, including computer break-ins and sabotage, espionage and intelligence operations, telecommunications eavesdropping and fraud, perception management, and electronic warfare. The book is about teenagers who use the Internet as a giant playground for hacking, competitors who steal trade secrets, law enforcement agencies who use information warfare to fight crime and terrorism, and military officers who bring information warfare to the battleground. It is about information-based threats to nations, to business, and to individuals—and countermeasures to these threats. It spans several areas, including crime, terrorism, national security, individual rights, and information security.

The objectives of the book are fourfold. The first is to present a comprehensive and coherent treatment of offensive and defensive information warfare in terms of actors, targets, methods, technologies, outcomes, policies, and laws. Information warfare can target or exploit any type of information medium—physical environments, print and storage media, broadcast media, telecommunications, and computers and computer networks. All of these are treated within the book, albeit with a somewhat greater emphasis on computer media. The second objective is to present a theory of information warfare that explains and integrates operations involving this diverse collection of actors and media within a single framework. The theory is centered on the value of information resources and on "win-lose" operations that affect that value. The third is to separate fact from fiction. The book attempts to present an accurate picture of the threat, emphasizing actual incidents and statistics over speculation about what could happen. Speculation is not ignored, however, as it is essential for anticipating the future and preparing for possible attacks. A fourth objective is to describe information warfare technologies and their limitations, particularly the limits of defensive technologies. There is no silver bullet against information warfare attacks.

The book is not a "how to," with regard to either launching an attack or defending against one. Nevertheless, because the book provides a reasonably comprehensive treatment of the methods and technologies of information warfare, it may be useful for making informed judgments about potential threats and defenses.

The book is intended for a broad audience, from the student and layperson interested in learning more about the domain and what can be done to protect information assets, to the policy maker who wishes to understand the nature of the threat and the technologies and issues, to the information security specialist who desires extensive knowledge about all types of attacks and countermeasures in order to protect organizational assets. It was also written for an international audience. Although the focus is on activity within the United States, activity outside the United States is included.

The book is used in an information warfare course I teach at Georgetown University for graduate and advanced undergraduate students. The students in the course come from a wide range of disciplines—international politics, national security studies, science and technology in international affairs, communications, culture and technology, business, finance, government, the sciences, and the humanities.

The book is divided into three parts. Part I introduces the concepts and principles of information warfare. There are three chapters. Chapter 1, Gulf War—Infowar, begins with examples of information warfare taken from the time of the Persian Gulf War and the continuing conflict with Iraq. It summarizes the principles of information warfare and discusses trends in technology and information warfare. Chapter 2, A Theory of Information Warfare, presents a model of information warfare in terms of four main elements: information resources, players, offensive operations, and defensive operations. It relates information warfare to information security and information assurance. Chapter 3, Playgrounds to Battlegrounds, situates information warfare within four domains of human activity: play, crime, individual rights, and national security. It summarizes some of the activity in each of the areas.

Part II covers offensive information warfare operations. It is organized around media and methodologies and gives numerous examples of incidents in each category. There are eight chapters. Chapter 4, Open Sources, is about media that are generally available to everyone, including Internet Web sites. It covers open source and competitive intelligence, invasions of privacy, and acts of piracy that infringe on copyrights and trademarks. Chapter 5, Psyops and Perception Management, is about operations that exploit information media, particularly broadcast media and the Internet, in order to influence perceptions and actions. Chapter 6, Inside the Fence, is about operations against an organization's resources by insiders and others who get inside access. It covers traitors and moles, business relationships, visits and requests, insider fraud, embezzlement and sabotage, and physical break-ins. Chapter 7, Seizing the Signals, is about operations that intercept communications and use sensors to collect information from the physical environment. Telecommunications fraud and physical and electronic attacks that disrupt or disable communications are also covered. Chapter 8, Computer Break-Ins and Hacking, is about computer intrusions and remote attacks over networks. It describes how intruders get access and what they do when they get it. Chapter 9, Masquerade, is about imposters who hide behind a facade. It covers identity theft, forgeries, and Trojan horses. Finally, Chapter 10, Cyberplagues, is about computer viruses and worms.

Part III covers defensive information warfare, including strengths and limitations of particular methods. It has five chapters. Chapter 11, Secret Codes and Hideaways, is about methods that conceal secrets, including cryptography (encryption), steganography, anonymity, and locks and keys. Chapter 12, How to Tell a Fake, is about methods of determining whether information is trustworthy and genuine. It covers biometrics, passwords, integrity checksums, digital signatures, watermarking, and badges and cards. Chapter 13, Monitors and Gatekeepers, is about monitors that control access to information resources, filter information, and detect intrusions into information systems or misuse of resources. Chapter 14, In a Risky World, is about what organizations can do to deal with risk. It includes vulnerability monitoring and assessment, building and operating secure systems, risk management, and incident handling. Finally, Chapter 15, Defending the Nation, is about the role of the government in defensive information warfare. Three areas are covered: generally accepted system security principles, protecting critical infrastructures, and encryption policy.

Throughout these chapters, the book describes numerous incidents, companies, and products. These are provided to illustrate concepts and methods. I do not endorse any of the companies or products mentioned. I have tried to report all information fairly and accurately and welcome corrections.

Writing this book has posed several challenges. One was deciding what to include within the scope of information warfare. Whereas practically everyone would agree that breaking into Department of Defense computers is information warfare, at least under certain conditions, not everyone would agree that many of the topics covered in this book are information warfare. In the end, I decided to take a broad perspective, as there were common principles underlying these disparate activities. Moreover, I was fascinated by these areas, saw a connection, and so decided to include them. No doubt, some people will say that I swept up too much—that information warfare pertains more to national-level threats and not to activity such as fraud and piracy. That is a fair criticism. I considered various other terms—cybercrime, cyberwar, and information terrorism, to name a few—but none seemed as good as information warfare at capturing the essence of the activity treated in this book.

A second challenge, aggravated in part by my decision to cover so much ground, was how to organize the material. The book was reorganized twice, the second time after using a draft in my course. Although I am reasonably satisfied with the current organization, I would not claim that it is the best way to present the material.

A third challenge, also magnified by the first, was trying to provide reasonable coverage of topics in which I had little background. I could have left these out, but I wanted to situate the areas of my greatest expertise, computers and cryptography, within a larger context. Computer hackers are not the only threat to information resources, nor is encryption the magic solution. A consequence of covering so much ground is that the book is uneven, with some topics treated in greater depth than others. The number of sentences devoted to a topic is not necessarily related to its overall significance. The book has lots of references for those who wish to study an area further.

Finally, a major challenge has been keeping up with developments in the field, including new technologies, methods of attack, laws, and studies and developments related to incidents covered in the book. On a typical day, I find half a dozen or more items in my incoming e-mail that are related to material in this book. I might find another story or two in The Washington Post or some book or magazine. By the time this book goes to print, I no doubt will have accumulated a huge pile of material that I wish could have been included.

Information warfare itself raises many challenging issues. What is an acceptable level of risk? Who is liable if a computer on the Internet is compromised and used to launch a damaging attack against another site? Who is liable if defamatory material or stolen intellectual property is posted on an on-line service? Under what conditions is offensive information warfare unethical even where it may be legal? Who is responsible for protecting critical infrastructures? How can crimes be successfully investigated and prosecuted when the perpetrator resides in a different state or country from the victim or the information resources attacked? Should encryption be regulated to allow access for law enforcement and national security purposes? These and other issues are addressed in this book. The book does not, however, make recommendations regarding information policy. Its purpose is to enhance understanding of threats, defenses, and issues.

This book is possible only because of the work of many others who have gone before me and contributed to my own knowledge in the area and to those who read and commented on drafts. It is not possible to enumerate everyone, but a few deserve special mention. First, the students in my information warfare class (COSC 511). My interest in writing the book emerged while teaching the course in spring 1997. The excellent term projects by Michael Brown, Eric Hess, Bruce Kammer, Hadley Killo and Heather Yeo, Chad Lamb, and Kelly McIntyre all gave me insight and sources, as did the Web site of 100 information warfare incidents set up by Doug Casey, Joe Gugliotto, and Mark Sample. I completed a draft of the book in time for the spring 1998 class, and feedback throughout the semester shaped the next draft of the book. I thank Aasil Ahmad, Garrett Allen, David Boney, Laura Brady, Richard Clark, Michael Cling, Robert Copley, Alan Focht, Aaron Frank, Colin Gallagher, Scott Haladay, Nicole Hider, James Hides, M. Blake Hill, Matthew Hill, R. Hayden Hurst, John Jackson, Travis Larson, Jennifer Lee, Catherine Lotrionte, Gregory Lucas, Jessica McIntyre, John McKee, Darcy Noricks, Brian Reilly, Sarah Roche, Jennifer Shin, Richard Tyler, Jennifer Wager, Stephen Yang, and Amit Yoran.

Much of my source material has come by way of the Internet from news services and colleagues. I thank Eric Nelson for operating the "get-the-word-out-intelligence" (g2i) e-mail list and all those who post to it, Frank Church for the valuable information and analysis provided by the Centre for Infrastructural Warfare Studies ("www.iwar.org"), Winn Schwartau and Betty O'Hearn for the extensive resources provided on their Web site ("www.infowar.com"), Dave Farber for his e-mail distribution list, and Bill Boni for his frequent e-mails with relevant articles. I thank William Baugh, Curtis Frye, Frank Heuston, George Heuston, Martin Libicki, Avi Rubin, Peter Salus, Gregory White, and the anonymous reviewers who read a draft of the book and provided many helpful comments and suggestions. I thank Leonard Adleman, Alan Brill, Kawika Daguio, Chuck de Caro, Peter Denning, Dan Farmer, Mich Kabay, Carlo Kopp, Steven Lipner, Jonathan Littman, Will Ozier, Paul Proctor, Joshua Quittner, David Ronfeldt, Eugene Schultz, and Ira Winkler for commenting on portions of the book. I thank the staff at Addison-Wesley for their tremendous support, particularly Helen Goldstein, who coordinated the entire project, Jacqui Young, who handled production, and Peter Gordon, who has enthusiastically supported all three of my books. Finally, I thank my husband, Peter Denning, for his loving support. Dorothy E. Denning Georgetown University October, 1998
www.cs.georgetown.edu/~denning

Read More Show Less

Table of Contents

I. INTRODUCTION.

1. Gulf War—Infowar.

The Gulf War.

Information Warfare.

From Chicks to Chips.

2. A Theory of Information Warfare.

Information Resources.

The Value of Resources.

Players.

The Offense.

The Defense.

A Dual Role.

Offensive Information Warfare.

Increased Availability to Offensive Player.

Decreased Availability to Defensive Player.

Decreased Integrity.

Other Classification Schemes.

Defensive Information Warfare.

Types of Defense.

Information Security and Information Assurance.

The CIA Model and Authorization.

3. Playgrounds to Battlegrounds.

Play.

Motivation.

Culture.

More than Child’s Play.

Crime.

Intellectual Property Crimes.

Fraud.

Computer Fraud and Abuse.

Fighting Crime.

Individual Rights.

National Security.

Foreign Intelligence.

War and Military Conflict.

Terrorism.

Netwars.

Protecting National Infrastructures.

II. OFFENSIVE INFORMATION WARFARE.

4. Open Sources.

Open Source and Competitive Intelligence.

Privacy.

Snooping on People Through Open Sources.

Web Browsing.

Privacy Regulations.

Piracy.

Copyright Infringement.

Trademark Infringement.

Dark Sides.

5. Psyops and Perception Management.

Lies and Distortions.

Distortion.

Fabrication.

Hoaxes.

Social Engineering.

Denouncement.

Conspiracy Theories.

Defamation.

Harassment.

Advertising.

Scams.

Spam Wars.

Censorship.

United States Restrictions.

6. Inside the Fence.

Traitors and Moles.

State and Military Espionage.

Economic Espionage.

Corporate Espionage.

Privacy Compromises.

Business Relationships.

Visits and Requests.

Fraud and Embezzlement.

Bogus Transactions.

Data Diddling.

Inside Sabotage.

Physical Attacks.

Software Attacks.

Penetrating the Perimeter.

Physical Break-ins and Burglaries.

Search and Seizure.

Dumpster Diving.

Bombs.

7. Seizing the Signals.

Eavesdropping on Conversations.

Cellular Intercepts.

Pager Intercepts.

Law Enforcement Wiretaps.

Foreign Intelligence Intercepts.

Deciphering the Messages.

Traffic Analysis.

Pen Registers and Trap and Trace.

Location Tracking.

Telecommunications Fraud.

Blue Boxes.

PBX and Related Fraud.

Voice Mail Fraud.

Calling Card Fraud.

Cloned Phones and Cellular Fraud.

Computer Network Monitoring.

Packet Sniffers.

Keystroke Monitoring.

Environment Surveillance.

Cameras and Video.

Satellites and Imagery.

Van Eck Receptors.

Miscellaneous Sensors.

Shoulder Surfing.

Privacy and Accountability.

Sabotage.

Tampering with Phone Service.

Jamming.

Radio Frequency Weapons.

Physical Attacks.

8. Computer Break-Ins and Hacking.

Accounts.

Getting Access.

Tools and Techniques.

A Demonstration.

Network Scanners.

Packet Sniffers.

Password Crackers.

Buffer Overþows and Other Exploits.

Social Engineering.

Covering up Tracks.

Information Theft.

Gathering Trophies.

More than Trophies.

Tampering.

Web Hacks.

Domain Name Service Hacks.

Takedown.

Remote Shutdown.

Extent.

9. Masquerade.

Identity Theft.

Forged Documents and Messages.

E-Mail Forgeries.

Forgeries in Spam.

E-Mail Floods.

IP Spoofing.

Counterfeiting.

Trojan Horses.

Software Trojans.

Riding the Web.

E-Mail Relays.

Chipping.

Undercover Operations and Stings.

10. Cyberplagues.

Viruses.

Program Viruses.

Boot Viruses.

Macro Viruses.

Concealment Techniques.

Who Writes Viruses.

Prevalence.

Virus Hoaxes.

Worms.

III. DEFENSIVE INFORMATION WARFARE.

11. Secret Codes and Hideaways.

Locks and Keys.

Cryptography.

Digital Ciphers.

Code Breaking.

Generation and Distribution of Keys.

Public-Key Distribution and Diffie-Hellman.

Public-Key Cryptography and RSA.

Key Storage and Recovery.

Applications of Encryption.

The Limits of Encryption.

Steganography.

Anonymity.

Sanitization.

Trash Disposal.

Shielding.

12. How to Tell a Fake.

Biometrics.

Passwords and Other Secrets.

Integrity Checksums.

Digital Signatures.

Public-Key Management and Certificates.

Watermarks.

Call Back and Call Home.

Location-based Authentication.

Badges and Cards.

13. Monitors and Gatekeepers.

Access Controls.

Authorization Policies.

Access Control Monitors.

Limitations.

Filters.

Firewalls.

Junk E-Mail Filters.

Web Filters.

Intrusion and Misuse Detection.

Workplace Monitoring.

Automated Detection.

Computer Intrusion and Misuse Detection.

Analogy with the Human Immune System.

Detecting and Eradicating Viruses and Malicious Mobile Code.

14. In a Risky World.

Vulnerability Monitoring.

Finding Computer and Network Security Flaws.

Monitoring Security Publications.

Building It Secure.

The Orange Book.

The ITSEC and Common Criteria.

Evaluation.

Commercial Criteria.

ICSA Certification.

Accreditation.

The Capability Maturity Model.

Security Awareness and Training.

Avoiding Single Points of Failure.

Backups.

Risk Management.

Risk Assessment and Asset Valuation.

Insurance.

Benchmarking.

Due Care and Liability.

Incident Handling.

Investigation and Assessment.

Containment and Recovery.

Improving Security.

Notification.

In-Kind Response.

Legal and Civil Remedies.

Economic and Military Response.

Emergency Preparedness.

Obstacles.

15. Defending the Nation.

Generally Accepted System Security Principles.

Protecting Critical Infrastructures.

President’s Commission on Critical Infrastructure Protection.

Presidential Decision Directive.

Encryption Policy.

Code Making.

Code Breaking.

International Policies.

U.S. Policy.

Legal Challenges.

Legislation.

Encryption Policy in Perspective.

Bibliography of Books.

Endnotes.

Index. 0201433036T04062001

Read More Show Less

Preface

In recent years, information warfare has captured the attention--and imagination--of government officials, information security specialists, and curious onlookers. The term is used to cover a broad spectrum of activity but especially a scenario wherein information terrorists, using not much more than a keyboard and mouse, hack into a computer and cause planes to crash, unprecedented power blackouts to occur, or food supplies to be poisoned. The terrorists might tamper with computers that support banking and finance, perhaps causing stock markets to crash or economies to collapse. None of these disasters has occurred, but the concern is that they, and others like them, could happen, given the ease with which teenagers have been able to romp through computers with impunity--even those operated by the U.S. Department of Defense.

This book is an introduction to information warfare. It is about operations that target or exploit information media in order to win some objective over an adversary. It covers a wide range of activity, including computer break-ins and sabotage, espionage and intelligence operations, telecommunications eavesdropping and fraud, perception management, and electronic warfare. The book is about teenagers who use the Internet as a giant playground for hacking, competitors who steal trade secrets, law enforcement agencies who use information warfare to fight crime and terrorism, and military officers who bring information warfare to the battleground. It is about information-based threats to nations, to business, and to individuals--and countermeasures to these threats. It spans several areas, including crime, terrorism, national security, individual rights, and information security.

The objectives of the book are fourfold. The first is to present a comprehensive and coherent treatment of offensive and defensive information warfare in terms of actors, targets, methods, technologies, outcomes, policies, and laws. Information warfare can target or exploit any type of information medium--physical environments, print and storage media, broadcast media, telecommunications, and computers and computer networks. All of these are treated within the book, albeit with a somewhat greater emphasis on computer media. The second objective is to present a theory of information warfare that explains and integrates operations involving this diverse collection of actors and media within a single framework. The theory is centered on the value of information resources and on "win-lose" operations that affect that value. The third is to separate fact from fiction. The book attempts to present an accurate picture of the threat, emphasizing actual incidents and statistics over speculation about what could happen. Speculation is not ignored, however, as it is essential for anticipating the future and preparing for possible attacks. A fourth objective is to describe information warfare technologies and their limitations, particularly the limits of defensive technologies. There is no silver bullet against information warfare attacks.

The book is not a "how to," with regard to either launching an attack or defending against one. Nevertheless, because the book provides a reasonably comprehensive treatment of the methods and technologies of information warfare, it may be useful for making informed judgments about potential threats and defenses.

The book is intended for a broad audience, from the student and layperson interested in learning more about the domain and what can be done to protect information assets, to the policy maker who wishes to understand the nature of the threat and the technologies and issues, to the information security specialist who desires extensive knowledge about all types of attacks and countermeasures in order to protect organizational assets. It was also written for an international audience. Although the focus is on activity within the United States, activity outside the United States is included.

The book is used in an information warfare course I teach at Georgetown University for graduate and advanced undergraduate students. The students in the course come from a wide range of disciplines--international politics, national security studies, science and technology in international affairs, communications, culture and technology, business, finance, government, the sciences, and the humanities.

The book is divided into three parts. Part I introduces the concepts and principles of information warfare. There are three chapters. Chapter 1, Gulf War--Infowar, begins with examples of information warfare taken from the time of the Persian Gulf War and the continuing conflict with Iraq. It summarizes the principles of information warfare and discusses trends in technology and information warfare. Chapter 2, A Theory of Information Warfare, presents a model of information warfare in terms of four main elements: information resources, players, offensive operations, and defensive operations. It relates information warfare to information security and information assurance. Chapter 3, Playgrounds to Battlegrounds, situates information warfare within four domains of human activity: play, crime, individual rights, and national security. It summarizes some of the activity in each of the areas.

Part II covers offensive information warfare operations. It is organized around media and methodologies and gives numerous examples of incidents in each category. There are eight chapters. Chapter 4, Open Sources, is about media that are generally available to everyone, including Internet Web sites. It covers open source and competitive intelligence, invasions of privacy, and acts of piracy that infringe on copyrights and trademarks. Chapter 5, Psyops and Perception Management, is about operations that exploit information media, particularly broadcast media and the Internet, in order to influence perceptions and actions. Chapter 6, Inside the Fence, is about operations against an organization's resources by insiders and others who get inside access. It covers traitors and moles, business relationships, visits and requests, insider fraud, embezzlement and sabotage, and physical break-ins. Chapter 7, Seizing the Signals, is about operations that intercept communications and use sensors to collect information from the physical environment. Telecommunications fraud and physical and electronic attacks that disrupt or disable communications are also covered. Chapter 8, Computer Break-Ins and Hacking, is about computer intrusions and remote attacks over networks. It describes how intruders get access and what they do when they get it. Chapter 9, Masquerade, is about imposters who hide behind a facade. It covers identity theft, forgeries, and Trojan horses. Finally, Chapter 10, Cyberplagues, is about computer viruses and worms.

Part III covers defensive information warfare, including strengths and limitations of particular methods. It has five chapters. Chapter 11, Secret Codes and Hideaways, is about methods that conceal secrets, including cryptography (encryption), steganography, anonymity, and locks and keys. Chapter 12, How to Tell a Fake, is about methods of determining whether information is trustworthy and genuine. It covers biometrics, passwords, integrity checksums, digital signatures, watermarking, and badges and cards. Chapter 13, Monitors and Gatekeepers, is about monitors that control access to information resources, filter information, and detect intrusions into information systems or misuse of resources. Chapter 14, In a Risky World, is about what organizations can do to deal with risk. It includes vulnerability monitoring and assessment, building and operating secure systems, risk management, and incident handling. Finally, Chapter 15, Defending the Nation, is about the role of the government in defensive information warfare. Three areas are covered: generally accepted system security principles, protecting critical infrastructures, and encryption policy.

Throughout these chapters, the book describes numerous incidents, companies, and products. These are provided to illustrate concepts and methods. I do not endorse any of the companies or products mentioned. I have tried to report all information fairly and accurately and welcome corrections.

Writing this book has posed several challenges. One was deciding what to include within the scope of information warfare. Whereas practically everyone would agree that breaking into Department of Defense computers is information warfare, at least under certain conditions, not everyone would agree that many of the topics covered in this book are information warfare. In the end, I decided to take a broad perspective, as there were common principles underlying these disparate activities. Moreover, I was fascinated by these areas, saw a connection, and so decided to include them. No doubt, some people will say that I swept up too much--that information warfare pertains more to national-level threats and not to activity such as fraud and piracy. That is a fair criticism. I considered various other terms--cybercrime, cyberwar, and information terrorism, to name a few--but none seemed as good as information warfare at capturing the essence of the activity treated in this book.

A second challenge, aggravated in part by my decision to cover so much ground, was how to organize the material. The book was reorganized twice, the second time after using a draft in my course. Although I am reasonably satisfied with the current organization, I would not claim that it is the best way to present the material.

A third challenge, also magnified by the first, was trying to provide reasonable coverage of topics in which I had little background. I could have left these out, but I wanted to situate the areas of my greatest expertise, computers and cryptography, within a larger context. Computer hackers are not the only threat to information resources, nor is encryption the magic solution. A consequence of covering so much ground is that the book is uneven, with some topics treated in greater depth than others. The number of sentences devoted to a topic is not necessarily related to its overall significance. The book has lots of references for those who wish to study an area further.

Finally, a major challenge has been keeping up with developments in the field, including new technologies, methods of attack, laws, and studies and developments related to incidents covered in the book. On a typical day, I find half a dozen or more items in my incoming e-mail that are related to material in this book. I might find another story or two in The Washington Post or some book or magazine. By the time this book goes to print, I no doubt will have accumulated a huge pile of material that I wish could have been included.

Information warfare itself raises many challenging issues. What is an acceptable level of risk? Who is liable if a computer on the Internet is compromised and used to launch a damaging attack against another site? Who is liable if defamatory material or stolen intellectual property is posted on an on-line service? Under what conditions is offensive information warfare unethical even where it may be legal? Who is responsible for protecting critical infrastructures? How can crimes be successfully investigated and prosecuted when the perpetrator resides in a different state or country from the victim or the information resources attacked? Should encryption be regulated to allow access for law enforcement and national security purposes? These and other issues are addressed in this book. The book does not, however, make recommendations regarding information policy. Its purpose is to enhance understanding of threats, defenses, and issues.

This book is possible only because of the work of many others who have gone before me and contributed to my own knowledge in the area and to those who read and commented on drafts. It is not possible to enumerate everyone, but a few deserve special mention. First, the students in my information warfare class (COSC 511). My interest in writing the book emerged while teaching the course in spring 1997. The excellent term projects by Michael Brown, Eric Hess, Bruce Kammer, Hadley Killo and Heather Yeo, Chad Lamb, and Kelly McIntyre all gave me insight and sources, as did the Web site of 100 information warfare incidents set up by Doug Casey, Joe Gugliotto, and Mark Sample. I completed a draft of the book in time for the spring 1998 class, and feedback throughout the semester shaped the next draft of the book. I thank Aasil Ahmad, Garrett Allen, David Boney, Laura Brady, Richard Clark, Michael Cling, Robert Copley, Alan Focht, Aaron Frank, Colin Gallagher, Scott Haladay, Nicole Hider, James Hides, M. Blake Hill, Matthew Hill, R. Hayden Hurst, John Jackson, Travis Larson, Jennifer Lee, Catherine Lotrionte, Gregory Lucas, Jessica McIntyre, John McKee, Darcy Noricks, Brian Reilly, Sarah Roche, Jennifer Shin, Richard Tyler, Jennifer Wager, Stephen Yang, and Amit Yoran.

Much of my source material has come by way of the Internet from news services and colleagues. I thank Eric Nelson for operating the "get-the-word-out-intelligence" (g2i) e-mail list and all those who post to it, Frank Church for the valuable information and analysis provided by the Centre for Infrastructural Warfare Studies ("www.iwar.org"), Winn Schwartau and Betty O'Hearn for the extensive resources provided on their Web site ("www.infowar.com"), Dave Farber for his e-mail distribution list, and Bill Boni for his frequent e-mails with relevant articles. I thank William Baugh, Curtis Frye, Frank Heuston, George Heuston, Martin Libicki, Avi Rubin, Peter Salus, Gregory White, and the anonymous reviewers who read a draft of the book and provided many helpful comments and suggestions. I thank Leonard Adleman, Alan Brill, Kawika Daguio, Chuck de Caro, Peter Denning, Dan Farmer, Mich Kabay, Carlo Kopp, Steven Lipner, Jonathan Littman, Will Ozier, Paul Proctor, Joshua Quittner, David Ronfeldt, Eugene Schultz, and Ira Winkler for commenting on portions of the book. I thank the staff at Addison-Wesley for their tremendous support, particularly Helen Goldstein, who coordinated the entire project, Jacqui Young, who handled production, and Peter Gordon, who has enthusiastically supported all three of my books. Finally, I thank my husband, Peter Denning, for his loving support.

Dorothy E. Denning
Georgetown University
October, 1998
www.cs.georgetown.edu/~denning

0201433036P04062001

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)