Time based information release (TIR) schemes are useful to support the gradual distribution of confidential information, in order to facilitate its quick availability after the information is made public. The crux of TIR schemes is the periodic release of cryptographic keys, each of which enables its users to decrypt ciphered documents which were intended to be accessible at the release time of the cryptographic key.
This TIR scheme is particularly useful when the size of confidential information file is significantly larger than the size of a key used for its encryption this is generally true for most text files including xml and html files (Zhou, 2005, p. 29). RFID technology is an automated data capture technology that can be used to by the defense to electronically identify, track and store information contained on a tag. A radio frequency reader scans the tag for the data and sends the information to a database, which stores the data contained on the tag.
Security and privacy issue related to RFID technology for federal use is that the tags and databases raises important considerations concerning confidentiality, integrity and availability of data on the tags in the database and how these are protected. In order to implement RFID technology, it should be ensured that only authorized readers or personnel have access to information, maintaining the integrity of the data on the chip, and store in the databases, and ensuring that critical data is fully available when necessary (GAO, 2005, p.
18). Defense security Under the military information security policy, the basic rule is that the classified information may be made available to only authorized persons. The policy although looked foolproof and uncomplicated, yet it is far too simple to prevent information theft or unauthorized release of information. The modified version of military information security system ensures checking of security levels on all reads and writes so that data is no longer at the discretion of individual user or application.
However, this system too was not found to be foolproof as authorized persons cannot always be trusted to follow rules properly. Much later, military orange book is used to update on information security matters. 1 Nowadays the department of defense relies on a vast and complex computerized information infrastructure to support virtually all aspects of its operations, including strategic and tactical operations, weaponry, intelligence, and security. This reliance extends to its business operations that support the department, including financial management (GAO, 2000, p.
8). Gaps in Defense information security The magnitude of these problems is probably understated. Consider data from recent US government reports. On the basis of 38,000 controlled attacks on Department of Defense computers, 65% were successful. Of those that were successful, only 4% were detected by system operators. And of those, only 25% were reported. Thus only 1 in 100 successful penetrations may appear in the statistics (GAO, 1996b). Evaluation of security of Department of Defense (DOD) by GAO since 1999 showed many gaps in military information security.
The gaps identified could jeopardize operations and thought to compromise the confidentiality, integrity or availability of sensitive information. The gaps in information security in the Department of Defense provide both hackers and hundreds of thousands of authorized users the opportunity to modify, steal, inappropriately disclose, and destroy sensitive DOD data (GAO, 2000, p. 10). The gaps in DOD information security system impaired DODs ability to control physical and electronic access to its systems and data, and to ensure that the software.
A comparison on commercial and military computer security policies, http://crypto. stanford. edu/~ninghui/courses/Fall03/papers/clark_wilson. pdf running on its systems is properly authorized, tested, and functioning as intended. The prevalent system also impaired the departments’ capability to limit employees’ ability to perform incompatible functions and to resume operation in the event of disaster. As a result, numerous DOD functions including weapons and supercomputer research, logistics, finance, procurement, personal management, military health, and payroll had already been adversely affected by system attack or fraud.
The GAO studies carried out in 1996 (GAO, 1996b) on Defense Information security reported that attackers had stolen, modified and destroyed both data and software at DOD and installed “back doors” that circumvented normal system protection and allowed attackers unauthorized future access. They had shut down and crashed entire systems and networks (GAO, 2000, p. 11). Action at government level National security goals include the protection of citizens and institutions against domestic criminal acts, protecting the nation against outside attack, and assuring international order by assisting other nations to achieve this same state of security.
Economic goals include assuring robust infrastructures on which all citizens depend, encouraging and protecting e-commerce; and protecting property rights. Civil rights, such as the protection of the privacy of citizens and respecting constitutional rights such as free speech will be equally important. However there is the likelihood of these goals to come into conflict with each other. Protection often intrudes on privacy, as people identify themselves to establish their bona fides. Protection often comes into conflicts with convenience, leading either to circumventing the protection, or to adopt with high transaction cost.
Measures that protect communication, through strong encryption and other means of protecting anonymity, is applied to criminals as well as honest users, and reduce the effectiveness of law enforcement and national security agencies. Enhanced protection can be achieved through government intervention in infrastructure markets, although the trend in the US over the last 25 years or more has been to rely more on market forces and less on regulatory intervention. Such interventions could take the form of product safety requirements, as when goods and services must meet standards of performance against specified risks.
Food and drug safety and automobile safety standards are examples, where a social good is achieved even though it may not offer a market appeal to either the seller or the buyer. Regulation can also be used to assure fair and open markets, as is the case of the regulation of financial markets and services. Regulators can often provide a useful, though sometimes onerous benefit, by requiring the collection and publication of system performance data to identify unreasonably poor operations. The application of regulation to the protection of information infrastructures raises several questions.
One deals with the degree to which security regulations might inhibit innovation, as regulatory processes, designed to be open and fair, are unable to keep up with the rapid pace of technical advance. Another is the degree to which the costs of unfunded mandates reduce the efficiency with which the market operates, running the risk of putting undue shackle to an otherwise essential system. The free operation of information markets could be impeded through regulation intended to protect the underlying information infrastructures.
Increasing the level of protection worldwide restricts the use of cyber capabilities for offensive uses intended to protect larger national interests, while at the same time it reduces domestic losses from attacks. Because the technology and the economics of protecting information infrastructures are so poorly understood, and the downside risk of over-regulating is potentially so great, there is reluctance, at least in the US, to intervene in the market at this point (Likasik, 1999).
Information warfare at government level Information security breach at military level is carried out among nation to nation. There are innumerable incidents during the world war when espionage scandal was all too common. Led by United stated military and intelligence communities, the world is now led down by to the path of information warfare, as a justifiable means of waging conflict against opponents.
The first major incident occurred in 1996, when it was reported that electronic mail system of Europe had been hacked by personnel of U. S. Intelligence Agency (CIA) and National Security Agency (NSA). Although the Americans were after confidential communications, pertaining to General Agreements on Tariffs and Trade (GATT) negotiations, other sensitive information including the medical and financial records of members of European parliament and thousands of staffers were also accessed. The U.
S government hackers apparently used reprogrammed network management protocol trapdoors in the routers used in the parliament network. At the government the hacking was made much easier with companies providing critical components of network to CIA. Such computer espionage at the government level too can pose serious threat to another nation’s security, and politically led infiltration into strategic databases of a nation, if not made infallible, may lead to major war among nations (Medsen, 2000).
Conclusion Many information warfare attacks have occurred and are likely to occur in the future. A Japanese cult, which launched a gas attack on the Tokyo subway system, nearly succeeded in getting software that it developed implanted in the Japanese Defense Agency computer system. Al-Qaeda has also reportedly attacked the US infrastructure. In addition, it emerged in December that Chinese attackers made highly professional attempts to penetrate US Government computers without leaving barely a trace.
Despite the evidence of information warfare activity, it has gone down in priority in the US Government defense agenda (Power and Forte, 2006). Although cyber security measures have been geared up after the 9/11 attack, still gap remains and full proof security to information, particularly defense is paramount for the nation so that these gaps can not be used as pawn by disruptive forces.
Buzzard, K (1999) Computer security: What should you spend your money on, Computer and Security, Vol. 18, pp. 322-334