REVIEW: Information Warfare and Security

cover-25000193

by Dorothy Denning. Addison-Wesley Publishing Co. 522 p.

______________________________________________________________________________________________________

Denning has chosen to take an inclusive approach to the topic of information warfare, not limiting the material to attacks on "military" targets. Given the state of physical warfare, this seems to be quite realistic. It does mean that the book tends to read like a high level computer security text (small wonder) with an emphasis on intrusions and the more overt aspects of computer crime. Part one is a foundation and background for the material to come. Chapter one looks at the great many information aspects to the Gulf War and Operation Desert Storm. One of the unusual factors reviewed is that of propaganda, or "perception management." A theory of infowar is the intent of chapter two, which outlines players and positions in a variety of ways. The theory is somewhat weakened for being strongly dependent upon the idea of the value of the information being attacked or defended, and this is an area that still requires work. Another possibly problematic area is the reliance on a "win- lose" model for data warfare, when there have been numerous instances of intruders, upon sufficient provocation, being willing to deny themselves a resource by damaging it, on the basis that the defenders stand to lose far more. (On the other hand, "bragging rights" seem to have a lot of value in the computer underground.) More detail on the players involved, and the possible types of attacks that have occurred, and might occur, are presented in chapter three.

Part two looks at the specifics of offensive information warfare. Chapter four is extremely interesting, showing that "open source," or publicly available information, can and has been used for offensive and criminal undertakings in a variety of ways. Disinformation is reviewed in chapter five, including the odd phenomenon of urban legends and Internet hoaxes. The problem of damage from insiders, including, finally, a documented case of a salami attack (albeit a rather clumsy one), is covered in chapter six.

Chapter seven discusses the interception of information and communications in a variety of ways, and, as a sideline, jamming and alteration. A variety of methods of computer intrusion are presented in chapter eight. False identity, both identity theft and outright false, are examined in chapter nine. The material on viruses and worms, in chapter ten, is solid, although I was sorry to see that a great many possibilities for reproductive mayhem that have been discussed over the years went unmentioned. ("Harlie," Dr. Denning. "When *HARLIE* Was One.") (Of course, when I sent the first draft, I had, myself, spelled "Harlie" incorrectly.) Part three looks at the opposite side, that of defence. Chapter eleven..

Read more: http://www.infosecnews.org/hypermail/9903/1562.html