E N D
Information WarfareTrends, Dangers, and the Impact for European Research PolicyDipl. Pol. Ralf Bendrath, BerlinFoG:IS ReG:ISForschungsgruppe Research GroupInformationsgesellschaft und Information Society and Sicherheitspolitik Security PolicyLecture at theGreen/EFA Research ForumEuropean Parliament, Brussels, 6 June 2001
Infowar: The U.S. Concept • Goal: „information dominance“ • Targets: not adversaries´ forces, but his information flows • Means: more than just kinetic weapons • Operations Security (OPSEC) • Psychological Operations (PSYOPS) • Deception of enemy´s sensors or soldiers • Electronic Warfare • physical Attack/Destruction • „Public Affairs Activities“ (Spin Doctoring) • Civil Affairs • Computer Network Attacks (Cyberwarfare)
Cyberwar: The U.S. Efforts • Goal: denying or disturbing adversary´s computer systems • Targets: military and civilian computer networks, banks, infrastructures,... • Means: digital break-ins and more: • Hacker-tools • Computer viruses & worms • Denial-of-service attacks • Insiders • Back doors • Electronic surveillance • Global network mapping
Cyberwar: The U.S. practice • have done it • computer intrusions since 1980s • cyberwar waged 1991 & 1999 • part of military strategy • Joint Doctrine for Info-Operations, JP 3-13 • Field Manual 100-6 (Info Operations) • specialised military units • infowar units (since 1994, expanding) • part of combat commands (2001)
Dangers of U.S. Cyberwar Plans • IT - insecurity cycle • threat to privacy • acts of war in times of peace • breaks laws of armed conflict • covert operations, hard to control • use against domestic actors? • chilling effect on digital economy • cyber-arms race • Cyberspace less safe
The IT - Insecurity Cycle IT vulnerability usage of IT-security holes cyber warfare military and intelligence services
Cyber Arms Control needed • to prevent cyber arms race • to secure emerging cyber-society politically possible • already proposed by other nations • computer industry would love it urgent • dynamic still slow - how long?
Options for Action • political oversight • no first use • international convention on peaceful use of cyberspace • collaboration of security policy studies and computer science
European Research Policy I Guiding principles • good: • observation of international conventions • ethical norms: data protection & privacy • missing: • peaceful purpose for research and development • dangers rising from new technologies • not so good: • technology is the answer - what was the question?
European Research Policy II Information and communication technologies • good: • security technologies • cryptography • missing: • open source software • decentralized and diverse systems • not so good: • securing civilian infrastructures: self-healing networks or surveillance?
European Research Policy III Citizens and governance in the knowledge-based society • good: • diversity of ways to the knowledge-based society • security and conflict resolution • missing: • role of new media for conflict resolution • democratic control of intelligence services & the military • not so good: • JRC-Europol cooperation in developing tools to fight cybercrime
European Research Policy IV Strengthening the foundations of a European research area • good: • science & technology indicators - but not only quantitative! • missing: • technology assessment before development • indicators for preventive arms control • assessment of social and political impacts of research projects • not so good: • too bureaucratic for small groups
Beyond Research Policy • continue work against ECHELON and global surveillance • establish electronic privacy as a basic human right in Europe • stop European efforts to establish own intelligence services • stop ENFOPOL / ILETS • support efforts for cyber arms control • don´t believe the „cyber terrorism“-hype
It could be just junk mail, Colonel, or the beginning of a major enemy attack...
See you again in Berlin? • International Conference Arms Control in CyberspacePerspectives for Peace Policy in the Age of Computer Network AttacksBerlin, 29 - 30 June 2001 www.boell.de/cyberpeace