Home
News
E-mail Newsletters
Blogs
Tech Dispenser
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Print Subscriptions

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Finance
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 

Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

New Weapons of Information Warfare

Paul Strassmann   Today’s Top Stories    or  Other Security Stories  
 

Sign up to receive Security Resource Alerts

December 01, 2003 (Computerworld) -- The October issue of Communications of the ACM featured papers about future robots capable of performing self-organizing tasks. The authors showed how acceleration in the processing power of computers means that machines could soon reach the capabilities of living creatures, at an affordable cost.
The table below, from the Association for Computing Machinery article, shows the "computing" capacity of organisms and illustrates when commercial computers had or are expected to have equivalent processing power.
Instead of thinking about the rising potential for robotic machines, it occurred to me that software with the intelligence of a mouse or a monkey would have the frightening capacity to launch a new form of network-based warfare.
So far, our approach to securing information networks has been static. The attackers write clever code that's then dispatched to potentially vulnerable apparatus on the Internet. The hostile code is designed to exploit the known weaknesses of millions of computers as well as those of other programmable devices connected to the global Web. The extent of the damage depends on the speed with which the corruption propagates and on the speed with which defenders can deploy countermeasures.
The Security Intelligence Products and Systems organization estimates the worldwide cost of damage from digital attacks from Jan. 1 to mid-November of this year to be between $170 billion and $203 billion—up from $110 billion to $130 billion for all of 2002. And that estimate doesn't include costs for installing increasingly burdensome defensive measures.
To place this figure into perspective, one must consider that the estimated total cost of information security failures is about 10% of the total global cost of business computing. In a year when the increases in budgets for business computing remain in the 1%-to-2% range, the net effect of the losses from attacks is a cut in available spending to support money-making business applications. From that point of view, the costs of software attacks can be seen as inflicting economic damage comparable to that of a major terrorist incident.
The question then arises of whether the current approaches to instituting defensive measures—as promised by software vendors, consultants and your own security personnel—will be sufficient to overcome steadily escalating security threats. This is a classic problem in waging defensive warfare, where the forces of attackers must be neutralized by the capabilities of the defenders. In force vs. counterforce war games, attackers can be defeated if the learning cycle of the defenders is faster and their resources are adequate to disable the aggressors.
Unfortunately, the outlook for information security from the standpoint of information warfare isn't encouraging. Current methods of blocking intruders aren't likely to be adequate to secure Internet commerce. When swarms of adaptively learning software attackers are launched, they will have the capacity to sense and learn the capabilities of the defenders and to modify their attack plans accordingly. The balance of power will shift in favor of the attackers. The cost of launching attacks will decrease and the expense for defenses will escalate until it becomes prohibitive for companies to pursue the current policy of adhering to static defensive measures.
The present methods for security assurance are as obsolete as Cold War military tactics. Regardless of how many firewalls you put up, a software "robot" with monkey-like intelligence will find ways to punch through and then inform other roaming attackers where to penetrate. Regardless of how frequently you patch your software or how often you download virus updates, self-aware mutant code will bypass defenses that were programmed for old patterns of attack.
In the new era of information warfare, network defenders must use new tactics. They will have to launch active countermeasures to disable the learning capabilities of the aggressors. Networks will have to be designed for initiating search-and-destroy software that will find attackers faster than the malevolent software can locate new vulnerabilities. International cooperation will be essential in identifying and neutralizing the sources of disruption. Punitive liability will have to be applied in cases where negligence fosters the proliferation of insecurity. Most important, the influence of CIOs will have to rise, because security has now become the primary impediment to further progress of a global information society.

Processing Power Accelerates
ORGANISMNUMBER OF NEURONSEQUIVALENT MIPSCOMPUTER PROCESSING AVAILABLEMIPS/$1,000COMPUTING COSTS
Bacterium10.00119750.001$1,000
Worm300119901$1,000
Guppy100,00010019961,000$100
Lizard2,000,00010,000200010,000$1,000
Mouse60,000,000100,0002005 - 2010100,000$1,000
Monkey3 billion1,000,0002010 - 20201 million$1,000
Human100 billion 100,000,0002020 - beyond1 billion$100

Paul A. Strassmann (paul@strassmann.com) has studied and taught the subject of information warfare since 1993.



Print this Story Send Us Feedback E-mail this Story Digg! Digg this Story Slashdot this Story

Blogs

"This company's infrastructure group is running a disaster recovery exercise with a reluctant participant: an IT manager who's notorious as..." Read more...
"It's IT Blogwatch: in which Mozilla's Firefox Web browser continues to gain market share, smashing records as it does so...." Read more...
Read more Security posts or See all Blogs

Microsoft promises four patches next week
Google gives away home-cooked Web application security scanner
Expect iPhone, Fourth of July scams, security firm says
More top stories...
Microsoft trumpets security additions in upcoming IE8
Apple cuts price of high-end SSD MacBook Air by $500
Ultrathin showdown: Apple MacBook Air vs. Lenovo ThinkPad X300 vs. Toshiba Portege R500

This old laptop: Revitalizing an aging notebook on the cheap
All it takes is a couple hours and about $125 to breathe new life into an old laptop. Here's how.
Bill Gates moves on
Is Microsoft's Golden Age over? What are Gates' most memorable quotes? Find out in Computerworld's complete coverage of the end of the Bill Gates era at Microsoft.
Five things you should never tell your boss
There are some things your CIO definitely doesn't want to hear. Also don't miss the flipside, Five things you should always tell your boss.
Hands-On: Firefox 3 fixes what's broke and keeps what's right
With its latest version, Mozilla's browser continues to raise the bar for what Web browsers should be.

FROM THE BLOGOSPHERE

Windows Vista A to Z
Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS.
IT Careers 2010
Four years from now, the IT field will be a vastly different place. Will you be ready?
All Zones
Application Performance Zone
Business Continuity Zone
Data Center Management Zone
Enterprise-Class Security Zone
The File Data Management Zone
Grid Computing on Windows Zone
Security Management Zone
ITIL Best Practices Zone
The SAS Zone
Storage Virtualization Zone
Business Intelligence and Analytics Zone


Ads by TechWords

See your link here
Why SaaS is Vital to Email and Web Security
Why SaaS is Vital to Email and Web Security
Download this webcast, free, compilments of Webroot Software
Go to the webcast 
Computerworld Executive Bulletin: Building a Robust Antivirus Defense
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs.
(Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more.
Download this executive briefing download
Eliminate SPAM, Gain Productivity
Get this white paper now!
(Source: MessageLabs) Learn all about the dangers and the costs of spam in all its forms - from stock-touting to spreadsheet. Also, understand the drawbacks of traditional hardware- and software-based defenses - and the unique benefits of MessageLabs multi-layered, managed Anti-Spam solution; as illustrated by a real-world case study where MessageLabs stopped spam cold.
Download this white paper go
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Deploying Virtualized NetWare on Linux Whitepaper
Toward More Flexible, Next-Generation Collaboration Solutions
Driving Business Success Through Workgroup Choice and Flexibility
View more whitepapers 

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDG Connect IDG World Expo Infoworld
The Industry Standard ITworld JavaWorld LinuxWorld MacUser Macworld Network World PC World Playlist
Copyright © 2008 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.