Models - Information Warfare - Literature Review

List of Abbreviations

Chapter 2. Literature Review

2.3 Information Warfare

2.3.2 Models

This section discusses various models for IW; these models will be used to develop the new IW framework. Section 2.3.2.1 describes defensive concepts, Section 2.3.2.2 discusses offensive concepts, and Section 2.3.2.3 describes potential target types. Section 2.3.2.4 introduces some mathematical models for completeness.

19 2.3.2.1 Defensive Models

The "CIA Model" or "CIA Triad" (Denning, 1999; Hutchinson & Warren, 2001) illustrates three aspects of information (and information infrastructure services) that need to be maintained; they are:

Confidentiality: only those who should have access to sensitive information or knowledge of the functioning, operations or characteristics of infrastructures;

Integrity: only authorised persons should be able to alter information or systems settings that could affect the infrastructure;

Availability: the information and its supporting infrastructure should be available when required.

Parker (2002) expands the CIA Triad, proposing three additional attributes: possession or control, authenticity, and utility. Parker states that the loss of possession and/or control of information or the information systems does not necessarily breach confidentiality, unless the information has actually been read. Authenticity is the correct attribution of information to a field in a database or a source, and authenticity is compromised should this be incorrect; an attacker my intentionally subvert authenticity by claiming to be a legitimate user. Utility is the usefulness of the information; it is argued that should a decryption key be lost, all aspects of information are preserved, yet it cannot be used. Wylder (2004) states that there is a consideration that availability should be replaced with authenticity as availability is related to business continuity planning. However, the availability of information can be attacked, as will be discussed in Section 2.3.2.2; therefore it will remain as part of the CIA Triad for the purposes of this dissertation. It can be argued that the extended attributes are subsets of the original CIA Triad; possession and control may be considered as a special case of confidentiality as the information has been accessed in some form, then confidentiality has been breached. The availability may also be breached should the rightful owner also have lost physical control of the information or information systems. Authenticity may be considered as a subset of integrity, as incorrect attribution reduces the quality of the information. It can be argued that should the utility of the information be breached, then so is the availability, as it needs to be available before it can be utilised; utility is a subset of availability.

Other attributes proposed include authentication, non-repudiation (Denning, 1999; Joint Chiefs of Staff, 1998; Waltz, 1998), and restoration (Waltz, 1998). Authentication attempts to ensure that only authorised persons have access to relevant restricted information or infrastructure, or the ability to make alterations to them (Waltz, 1998). Non-repudiation is intended to provide proof of

participation (Joint Chiefs of Staff, 1998); which attempts ensures a false denial may not call integrity into question. Restoration provides the ability for information and infrastructures operations to continue should a disturbance occur (Waltz, 1998). These factors may be considered as controls used to preserve the attributes of the CIA Triad: authentication seeks to maintain confidentiality and integrity, non-repudiation protects integrity, and restoration aims to preserve availability. The CIA Triad and related attributes that are discussed above are the same for both IW and general information security perspectives, and have been described as the industry standard for information security (Whitman & Mattord, 2010).

Poisel (2004) also discusses three attributes: relevancy, accuracy, and timeliness. Wylder (2004) also considers accuracy, which is analogous to integrity in that inaccurate information will have poor integrity. Timeliness is analogous to availability in that a delay in the receipt of the information breaches the availability for a period of time (Defense Science Board, 1996).

Relevancy may impact on both integrity and availability in that the requested information is irrelevant and therefore has low integrity, and the required information is unavailable. Should the information be extra and irrelevant, then it has no affect on the integrity or availability.

From the discussions above it can be seen that the CIA Triad constitutes the fundamental attributes of information and infrastructures; the extensions proposed may be considered as subsets of or controls for the three attributes described by the CIA Triad (van Niekerk & Maharaj, 2011c), as shown below:

Confidentiality o Possession o Control Integrity

o Authenticity o Relevancy o Accuracy o Non-repudiation Availability

o Timeliness o Utility.

21 2.3.2.2 Offensive Models

Waltz (1998) describes a number of strategies can be used to attack information: disruption of access to the information or information service, corruption of the information, and exploitation of the information. Borden (1999) and Kopp (2000) provide a similar model, however they divide the disruption strategy into two subsets: deny and degrade. Similarly, the United States Air Force (1998) divides disruption into denial/loss and destruction, which also implies the use of the physical domain to conduct IW; this will be discussed in Section 2.3.3. In addition, exploit is termed as compromise, and corrupt as deceive/corrupt, which implies the human vulnerability to deception.

Pfleeger and Pfleeger (2003) divide corruption into fabrication and modification, and term disrupt as interrupt, and exploit as intercept.

Hutchinson and Warren (2001) provide a far more intricate model, with six strategies:

Deny and/or disrupt access to data.

Destroy data.

Steal data.

Manipulate data.

Alter the context in which the data is viewed.

Change the perceptions of people towards the data.

This model divides disrupt into disrupt, deny, and destroy; corrupt into manipulate, alter perception, and change context, and exploit is termed steal. This model again implies human vulnerabilities through the tactic of altering the perception of the target. The models discussed above are compared in Table 2.1.

From the comparison, it can be see that Waltz's model describes the 'fundamental' strategies, and the other models provide subsets of these strategies. The strategies described by Waltz also directly oppose or attack the CIA Triad discussed in Section 2.3.2.1; for this reason this will be the primary offensive model adopted for use in the dissertation.

The Defense Science Board (1996) provides a high-level taxonomy for IW which also relates offensive strategies to the CIA Triad, and also considers the time taken to detect the attack; this model is illustrated in Table 2.2, where t denotes the unit of time, which can vary from microseconds to years; the criticality of t needs to be determined for each case.

Table 2.1: Comparison of Information Warfare Attack Strategies (van Niekerk & Maharaj, 2011c) Waltz (1998) Borden (1999) and

Kopp (2000)

Hutchinson &

Warren (2001)

Pfleeger & Pfleeger

(2003) USAF (1998)

Disrupt

Degrade

Disrupt

Interrupt

Deny/loss Deny

Deny Destroy

Destroy

Corrupt Corrupt

Manipulate

Modify

Deceive/corrupt Alter perception

Fabricate Change context

Exploit Exploit Steal Intercept Compromise

Table 2.2: A Top-Level Taxonomy for Information Warfare, adapted from Defense Science Board (1996) Confidentiality Compromise of information or

information service