Information Warfare and Security [Paperback]

Dorothy E. Denning (Author)

Book Description

Publication Date: December 20, 1998 | ISBN-10: 0201433036 | ISBN-13: 978-0201433036 | Edition: 1

* This book provides a comprehensive and detailed look at information warfare: computer crime, cybercrime, and information terrorism. It describes attacks on information systems through theft, deception, or sabotage, and demonstrates the countermeasures being mounted to defeat these threats. Focusing on the criminals and information terrorists whose depredations include information-based threats to nations, corporations, and individuals, Denning places cybercrime within a broader context, integrating the various kinds of information crime, and the countermeasures against it, into a methodology-based framework. * Among the topics included are government use of information warfare for law enforcement investigations and for military and intelligence operations; also, the conflicts arising in the areas of free speech and encryption. The author discusses offensive information warfare, including acquisition of information, deceptive exploitation of information, and denial of access to information; and also addresses defensive information warfare, specifically, information security principles and practices. The book features coverage that is both broad and deep, illustrating cyberspace threats with real-world examples.

Editorial Reviews

Review

Dorothy Denning is one of the world's most respected computer-security experts. She's also the author of the now-classic Cryptography and Data Security (Addison-Wesley, 1982) and a professor of computer science at Georgetown University. But if Denning ever wants to chuck it all and opt for an honest living of, say, writing horror stories, her most recent book, Information Warfare and Security, has all the source material she will ever need. Before reading half the book, I was ready to cancel my e-mail accounts, jettison my modems, cancel my credit cards, move what little money I have from the bank to my mattress, and head out for the Flint Hills.

You see, part of what Denning has done in Information Warfare and Security is chronicle what seems to be just about every breach in computer security over the past few years. Page after page of hacks, cracks, phreaks, and psyopts by everyone from teenagers and thrill seekers to spies and nuts. Credit card numbers, passwords, bank accounts -- they're all fair game for anyone who is bright, persistent, online, and so inclined.

Not that it was Denning's intent simply to titillate us with one interesting or exciting story after another. Instead, her goal is to provide us with a comprehensive overview of what's become known as "information warfare"... Read more from this review. -- Jonathan Erickson, Dr. Dobb's Journal -- Dr. Dobb's Journal

From the Inside Flap

In recent years, information warfare has captured the attention--and imagination--of government officials, information security specialists, and curious onlookers. The term is used to cover a broad spectrum of activity but especially a scenario wherein information terrorists, using not much more than a keyboard and mouse, hack into a computer and cause planes to crash, unprecedented power blackouts to occur, or food supplies to be poisoned. The terrorists might tamper with computers that support banking and finance, perhaps causing stock markets to crash or economies to collapse. None of these disasters has occurred, but the concern is that they, and others like them, could happen, given the ease with which teenagers have been able to romp through computers with impunity--even those operated by the U.S. Department of Defense.

This book is an introduction to information warfare. It is about operations that target or exploit information media in order to win some objective over an adversary. It covers a wide range of activity, including computer break-ins and sabotage, espionage and intelligence operations, telecommunications eavesdropping and fraud, perception management, and electronic warfare. The book is about teenagers who use the Internet as a giant playground for hacking, competitors who steal trade secrets, law enforcement agencies who use information warfare to fight crime and terrorism, and military officers who bring information warfare to the battleground. It is about information-based threats to nations, to business, and to individuals--and countermeasures to these threats. It spans several areas, including crime, terrorism, national security, individual rights, and information security.

The objectives of the book are fourfold. The first is to present a comprehensive and coherent treatment of offensive and defensive information warfare in terms of actors, targets, methods, technologies, outcomes, policies, and laws. Information warfare can target or exploit any type of information medium--physical environments, print and storage media, broadcast media, telecommunications, and computers and computer networks. All of these are treated within the book, albeit with a somewhat greater emphasis on computer media. The second objective is to present a theory of information warfare that explains and integrates operations involving this diverse collection of actors and media within a single framework. The theory is centered on the value of information resources and on "win-lose" operations that affect that value. The third is to separate fact from fiction. The book attempts to present an accurate picture of the threat, emphasizing actual incidents and statistics over speculation about what could happen. Speculation is not ignored, however, as it is essential for anticipating the future and preparing for possible attacks. A fourth objective is to describe information warfare technologies and their limitations, particularly the limits of defensive technologies. There is no silver bullet against information warfare attacks.

The book is not a "how to," with regard to either launching an attack or defending against one. Nevertheless, because the book provides a reasonably comprehensive treatment of the methods and technologies of information warfare, it may be useful for making informed judgments about potential threats and defenses.

The book is intended for a broad audience, from the student and layperson interested in learning more about the domain and what can be done to protect information assets, to the policy maker who wishes to understand the nature of the threat and the technologies and issues, to the information security specialist who desires extensive knowledge about all types of attacks and countermeasures in order to protect organizational assets. It was also written for an international audience. Although the focus is on activity within the United States, activity outside the United States is included.

The book is used in an information warfare course I teach at Georgetown University for graduate and advanced undergraduate students. The students in the course come from a wide range of disciplines--international politics, national security studies, science and technology in international affairs, communications, culture and technology, business, finance, government, the sciences, and the humanities.

The book is divided into three parts. Part I introduces the concepts and principles of information warfare. There are three chapters. Chapter 1, Gulf War--Infowar, begins with examples of information warfare taken from the time of the Persian Gulf War and the continuing conflict with Iraq. It summarizes the principles of information warfare and discusses trends in technology and information warfare. Chapter 2, A Theory of Information Warfare, presents a model of information warfare in terms of four main elements: information resources, players, offensive operations, and defensive operations. It relates information warfare to information security and information assurance. Chapter 3, Playgrounds to Battlegrounds, situates information warfare within four domains of human activity: play, crime, individual rights, and national security. It summarizes some of the activity in each of the areas.

Part II covers offensive information warfare operations. It is organized around media and methodologies and gives numerous examples of incidents in each category. There are eight chapters. Chapter 4, Open Sources, is about media that are generally available to everyone, including Internet Web sites. It covers open source and competitive intelligence, invasions of privacy, and acts of piracy that infringe on copyrights and trademarks. Chapter 5, Psyops and Perception Management, is about operations that exploit information media, particularly broadcast media and the Internet, in order to influence perceptions and actions. Chapter 6, Inside the Fence, is about operations against an organization's resources by insiders and others who get inside access. It covers traitors and moles, business relationships, visits and requests, insider fraud, embezzlement and sabotage, and physical break-ins. Chapter 7, Seizing the Signals, is about operations that intercept communications and use sensors to collect information from the physical environment. Telecommunications fraud and physical and electronic attacks that disrupt or disable communications are also covered. Chapter 8, Computer Break-Ins and Hacking, is about computer intrusions and remote attacks over networks. It describes how intruders get access and what they do when they get it. Chapter 9, Masquerade, is about imposters who hide behind a facade. It covers identity theft, forgeries, and Trojan horses. Finally, Chapter 10, Cyberplagues, is about computer viruses and worms.

Part III covers defensive information warfare, including strengths and limitations of particular methods. It has five chapters. Chapter 11, Secret Codes and Hideaways, is about methods that conceal secrets, including cryptography (encryption), steganography, anonymity, and locks and keys. Chapter 12, How to Tell a Fake, is about methods of determining whether information is trustworthy and genuine. It covers biometrics, passwords, integrity checksums, digital signatures, watermarking, and badges and cards. Chapter 13, Monitors and Gatekeepers, is about monitors that control access to information resources, filter information, and detect intrusions into information systems or misuse of resources. Chapter 14, In a Risky World, is about what organizations can do to deal with risk. It includes vulnerability monitoring and assessment, building and operating secure systems, risk management, and incident handling. Finally, Chapter 15, Defending the Nation, is about the role of the government in defensive information warfare. Three areas are covered: generally accepted system security principles, protecting critical infrastructures, and encryption policy.

Throughout these chapters, the book describes numerous incidents, companies, and products. These are provided to illustrate concepts and methods. I do not endorse any of the companies or products mentioned. I have tried to report all information fairly and accurately and welcome corrections.

Writing this book has posed several challenges. One was deciding what to include within the scope of information warfare. Whereas practically everyone would agree that breaking into Department of Defense computers is information warfare, at least under certain conditions, not everyone would agree that many of the topics covered in this book are information warfare. In the end, I decided to take a broad perspective, as there were common principles underlying these disparate activities. Moreover, I was fascinated by these areas, saw a connection, and so decided to include them. No doubt, some people will say that I swept up too much--that information warfare pertains more to national-level threats and not to activity such as fraud and piracy. That is a fair criticism. I considered various other terms--cybercrime, cyberwar, and information terrorism, to

See all Editorial Reviews

Product Details

• Paperback: 544 pages
• Publisher: Addison-Wesley Professional; 1 edition (December 20, 1998)
• Language: English
• ISBN-10: 0201433036
• ISBN-13: 978-0201433036
• Product Dimensions: 9.1 x 6.3 x 1.3 inches
• Shipping Weight: 1.8 pounds (View shipping rates and policies)
• Average Customer Review: 4.2 out of 5 stars  See all reviews (14 customer reviews)
• Amazon Best Sellers Rank: #566,466 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

11 of 11 people found the following review helpful:

4.0 out of 5 stars Heighten awareness, but not educate, October 2, 2000

By 

Eric E. Michael (Beaverton, OR) - See all my reviews

This review is from: Information Warfare and Security (Paperback)

Gulf war, fraud, national security, Spam, traitors, and computer viruses. These are just a few of the topics covered by Dorothy Denning's book Information_Warfare_and_Security. This book gives a broad and informative view of information security, however it lacks specifics to make it more than an introductory work to this field.

The book has a broad overview of subjects. The Introduction section encompasses around 75 pages and gives substantial theory to the how and why of information security. Part II discusses "Offensive Information Warfare" which brings the reader through techniques on obtaining information. "Defensive Information Warfare" in Part III naturally discusses how to repel the offenses discussed in Part II.

Information_Warfare_and_Security is very informative on the problem areas which it discusses. Computers and phones are obvious places for intrusion and the book covers the facets of these areas in depth. The less obvious methodologies are also mentioned such as eavesdropping, traffic analysis, and sabotage. Denning does not leave out the human factor in her sections on social engineering, traitors, and even dumpster diving.

Denning's book, however, lacks specific in-depth information. Any chapter subject could have a large book written on it. The book does not give the "how-to's" to create or block an attack; rather it merely discusses the possibilities. To Denning's credit, however, she does include a substantial bibliography and endnotes so the reader can find further information in the source material.

Information_Warfare_and_Security would serve the purpose of an excellent introductory overview to the information security field. It is broad and informative, but lacks the specific information to execute any of the offenses or defenses. Denning's book is useful to heighten awareness of information security issues, but it is not sufficient to provide an education in this field.

16 of 19 people found the following review helpful:

3.0 out of 5 stars Mostly a compilation, with a couple of saving graces, August 7, 2000

By 

Maurice E Dunn - See all my reviews

This review is from: Information Warfare and Security (Paperback)

I am very reluctant to give much credit for this book to its author. This is primarily because nearly a third of the book is dedicated to bibliography. That, in my opinion, is not really writing; it is compilation.

I was also disappointed at the caliber of anecdotes. I found them to be either totally irrelevant, or totally trite.

I will give credit, however, for the organization and 'soup-to-nuts' primer approach. The chapter organization and flow are superb and I am certain this makes a decent text for non-technical graduate students trying to grasp the concepts of information warfare. The chapter on encryption technology is especially well explained.

Unfortunately, the jacket and editorial reviews (and some of the Amazon reviews) would lead you to believe that this book is a MUST for all information security professionals. It isn't. It is probably, however, a good book for people who have to effectively communicate with information security professionals. Anyone with even a moderate background in information security will not be impressed.

10 of 11 people found the following review helpful:

4.0 out of 5 stars Comprehensive and well-written, November 26, 1999

By 

Deák Csaba (Budapest, Hungary) - See all my reviews

This review is from: Information Warfare and Security (Paperback)

Dorothy Denning's book covers almost every aspect of a topic that is of increasing importance. It is written in an ENJOYABLE STYLE and is full of examples, stories and quotations that WELL ILLUSTRATE the points she wants to make. It is an EXCELLENT OVERVIEW of the topic, and for those who are interested in the details, an extensive list of references is included at the end.

Whether you are responsible for information security at your enterprise or you are a citizen concerned about your data's privacy, you WILL NOT REGRET if you read this book.

However, it could be improved in several areas:

Even in an overview like this, more should be said about the controls that can help you protect your data (such as separation of duties, security audits etc.). The numbering of references is restarted in every chapter and so they are hard to find at the end of the book. Most importantly, it should show much less political and cultural bias. A book that is basically about information-related threats and defenses is NOT supposed to be used to protect Attorney General Janet Reno in connection with the Waco case (see Chapter 5) or vent the author's dislike of the Arab countries. For example, if Arab governments control information such as pornography, it is called "censorship", the same thing done by the US government is referred to as "restrictions - also in Chapter 5. (Don't get me wrong: it is NO accident that I lived in the US for years and never ever wished to live in an Arab country, so I am myself biased toward American culture. Even so, I often found Denning too openly manipulative.)