Information Age Vulnerabilities and Risks: The Emergence of a National Information Strategy

Transcription

1 CENTRO DE INVESTIGAÇÃO DA ACADEMIA MILITAR (CINAMIL) Information Age Vulnerabilities and Risks: The Emergence of a National Information Strategy LTCol Paulo Nunes CINAMIL, Academia Militar Portugal pfvnunes@net.sapo.pt Prof. António Grilo INESC/INOV Portugal antonio.grilo@inov.pt Prof. Henrique Santos Universidade do Minho Portugal hsantos@dsi.uminho.pt 11th International Command and Control Research and Technology Symposium (11º ICCRTS) COALITION COMMAND AND CONTROL IN THE NETWORKED ERA Cambridge, UK, September 2006

2 Summary Introduction The National Information Infrastructure Risk Analysis and Risk Management Model The Emergence of an Information Strategy Implementing the National Information Strategy NII Protection Conclusions

3 Introduction IInternet & Global Networked Society onew Competition Parameters Information Competition and Conflict IInformation Infrastructures & States Sovereignty

4 Technological Evolution Impact Competencies Líder dc Leader d t >>> dcchallenger d t C c Challenger Time Before: Available technologies increased leader advantage position c t Competencies T Líder dc Leader d t is possible <<< dcchallenger d t C Challenger Now: ICT reduces leader advantage Time T t Source: A Nova Economia Digital ( 4ª Conferência NETIE 1999).

5 Networked Society: A System of Systems University Vulnerabilities Social and Cultural Dependencies Intelligence Community Politics Economic Physical Defense Law Enforcement NODES Threats IOs, NGOs Legal, Ethical & Moral Scientific & Technical Enterprises Weakness Military Opportunities System of Systems Approach Source: Grossman-Vermaas (2004)

6 Concepts Source: Taborda, João e Ferreira, Miguel (2002), Competitive Intelligence: Conceitos, Práticas e Benefícios, Editora Pergaminho, Cascais, p. 61. Competitive Intelligence The ethic and systematic process of retrieving, analyzing and managing information that could affect planning activities, decision making and the operations of an organization. Objective: Achieve an Information Advantage over Competitors in a Ethic and Legal Way

7 Concepts Information Warfare Source: FM (1996, p.gl-8) encompasses all kinds of actions that we can conduct to preserve our information systems and resources from the exploitation, corruption or destruction and to explore, corrupt and destroy the information systems and resources of an adversary Information Superiority; Objective: Defensive Information Warfare; Offensive Information Warfare. Achieve a Information Advantage/Superiority

8 National Information Infrastructure Undefined States traditional Sovereignty Borders (Transnational Communications Networks); Difficulties to establish territorial jurisdictional principles; Emergent need to rethink and redefine NII s Security and Protection.

9 National Critical Infrastructures: Interdependencies Model STRUTURAL Dependency National Power Grid FUNCTIONAL Dependency Telecommunications Networks Transports (ex: Air, Rail, Metro Traffic Control etc.) Defence (ex: C3I Systems Radars, Missiles, etc.) Financial System (ex: Banking, Stock Market, ATM, etc.) Emergency Services (ex: Fire Department, 911, Law Enforcement., etc.) Other Critical Infrastructures (Government, Health Services, Water supply network, etc.)

10 Risk Analysis and Risk Management Model Resources (Potential Targets) Vulnerabilities Threats Risk Analysis Risk Management RISCOS Countermeasures Adoption Risk Acceptance Risk Transference

11 IW Threats to States Government PM / Governo Negócios Estrangeiros Administ. Interna Justiça + Forças Polic. Defesa Finanças Economia Energia + Transportes Echelon Espionagem Insiders Ciberataq. Virus & Co Acidentes Destabiliz. Desinfor. Manipulaç. Chantagem Extremismo Terrorismo 11º ICCRTS, Sept 2006 Adaptado: LTC Gérald Vernez (2004) LTCol Paulo Nunes

12 Threat Level Fontes: Martin Libicki (1996); Morris (1995) Intentions Hackers Amateurs Terrorists Groups of Pressure Crackers Capabilities States Organized Crime Information Attack Probability X Capabilities vs Intentions Threat Level Important vs Strategic Level Disruptive Power Information Warfare Weapons can be considered Weapons of Mass Disruption

13 National Information Strategy Competition Arena Information Policy POLITICS INFORMATION Conflictual Arena Information Strategy STRATEGY NATIONAL INFORMATION STRATEGY The art and science of the information (resource/weapon) development and its use with the aim to fulfil the objectives defined by National Policy.

14 National Information Strategy: Scope Outras OWN CYBERSPACE OTHER ACTORS Infosphere Exploration Protection Acquisition Information-Based Conflict Infosphere Exploration Protection Acquisition Source: Canadian Forces Information Manual Operations (1998)

15 National Information Infrastructure Protection: Conceptual Model MAJOR CONCERNS: Availability and Integrity of Information of National interest; Country s efficiency in its information processing and exploitation. Defensive Information Warfare / Defensive Information Operations Critical Information Infrastructure Protection INFORMATION ASSURANCE Source: Lars Nicander (2001)

16 National Information Strategy: Related Activities National Information Strategy (Information Assurance) National Information Infrastructure Protection Information Operations National Information Security Planning, Security and Intelligence Civilian Military Military INFO OPS (Offensive and Defensive) Civilian INFO OPS (Defensive) C2W Public Information Operational Security Military Deception Psychological Operations Public Diplomacy Economic Diplomacy Perception Management Electronic Warfare Criminal Activities CIMIC Physical Destruction Others

17 NII Protection: Important Issues New Organization/Structure? New Function? Critical Information Infrastructures Security Standards Definition (Governmental & Private); National CERT (Alert & Report System) Education &Training Programs; Security mechanisms and Critical Information Infrastructures redundancy Financing; International Cooperation Programs (e.g. ONU, UE, OTAN). Risk Management Philosophy: Protection, Detection & Reaction. Protection: Information Operations (Military Military/Civilian); Detection and Reaction: National Information Security

18 Conclusions Paradigmatic relationship between Social development and security (Information( Age vulnerabilities dynamics) IW is a global concept that deeply influences Nation-States States Policy as well as its Security and Defense; Modern conflicts epicenter moved to the geo- economics and transnational arenas (ex:echelon( e Carnivore); National interests fulfillment requires a clear definition of a National Information Strategy.

19 CENTRO DE INVESTIGAÇÃO DA ACADEMIA MILITAR (CINAMIL) Information Age Vulnerabilities and Risks: The Emergence of a National Information Strategy LTCol Paulo Nunes CINAMIL, Academia Militar Portugal pfvnunes@net.sapo.pt Prof. António Grilo INESC/INOV Portugal antonio.grilo@inov.pt Prof. Henrique Santos Universidade do Minho Portugal hsantos@dsi.uminho.pt 11th International Command and Control Research and Technology Symposium (11º ICCRTS) COALITION COMMAND AND CONTROL IN THE NETWORKED ERA Cambridge, UK, September 2006