Information Age Vulnerabilities and Risks: The Emergence ... · Information Age Vulnerabilities and Risks: The Emergence of a National Information Strategy 11th International Command
Post on 21-Apr-2018
222 Views
Preview:
Transcript
Information Age Vulnerabilities and Risks:Information Age Vulnerabilities and Risks:The Emergence of a NationalThe Emergence of a NationalInformation StrategyInformation Strategy
11th 11th InternationalInternational CommandCommand andand ControlControl ResearchResearch andand TechnologyTechnology SymposiumSymposium (11(11ºº ICCRTS)ICCRTS)““COALITION COMMAND AND CONTROL IN THE NETWORKED ERACOALITION COMMAND AND CONTROL IN THE NETWORKED ERA””
Cambridge, UK, 26Cambridge, UK, 26--28 28 SeptemberSeptember 20062006
Prof. António GriloINESC/INOV
Portugalantonio.grilo@inov.pt
LTCol Paulo NunesCINAMIL, Academia Militar
Portugalpfvnunes@net.sapo.pt
Prof. Henrique SantosUniversidade do Minho
Portugalhsantos@dsi.uminho.pt
CENTRO DE INVESTIGAÇÃODA ACADEMIA MILITAR
(CINAMIL)
11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes
SummarySummary
Introduction The National Information Infrastructure Risk Analysis and Risk Management Model The Emergence of an Information StrategyImplementing the National Information Strategy NII ProtectionConclusions
11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes
IntroductionIntroduction
IInternetIInternet & Global & Global Networked SocietyNetworked Society
oNewoNew Competition Competition ParametersParameters
IInformationIInformationInfrastructures & Infrastructures &
States SovereigntyStates Sovereignty•
Information Information Competition Competition and Conflictand Conflict
11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes
Technological Evolution ImpactTechnological Evolution Impact
Competencies
Time
t T
C
c
Líder
Challenger
dCLeader
d t>>> dCChallenger
d t
Before:Before:Available technologies increased Available technologies increased leader advantage positionleader advantage position
Competencies
Time
T t
c
C
Líder
Challenger
dCLeader
d t
is possible
<<< dCChallenger
d t
Now:Now:ICT reduces leader advantageICT reduces leader advantage
Source: “A Nova Economia Digital” ( 4ª Conferência NETIE 1999).
11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes
Networked Society: A System of SystemsNetworked Society: A System of Systems
Economic
Social and Cultural
Military
Physical
Scientific& Technical
Politics
Legal, Ethical& Moral
Vulnerabilities
Weakness Opportunities
Dependencies
System of SystemsApproach
Intelligence Community
Law Enforcement
Enterprises
Defense
University
IOs, NGOs
NODES Threats
Source: Grossman-Vermaas (2004)
11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes
ConceptsConcepts
Achieve an Information AdvantageInformation Advantage over CompetitorsCompetitors in a Ethic and Legal WayEthic and Legal Way
Objective:Objective:
The The ethicethic and systematic process of and systematic process of retrieving, analyzing and managing retrieving, analyzing and managing information that could affect information that could affect planningplanningactivities, activities, decision makingdecision making and the and the operationsoperations of an organization.of an organization.
Source: Taborda, João e Ferreira, Miguel (2002), Competitive Intelligence: Conceitos, Práticas e Benefícios, Editora Pergaminho, Cascais, p. 61.
Competitive Intelligence
11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes
““ encompasses all kinds of actions that we can encompasses all kinds of actions that we can conduct to conduct to preservepreserve our information systems and our information systems and resources from the resources from the exploitationexploitation, , corruptioncorruption or or destructiondestruction and to explore, corrupt and destroy the and to explore, corrupt and destroy the information systems and resources of an adversaryinformation systems and resources of an adversary””
Achieve a Information Advantage/SuperiorityInformation Advantage/Superiority
Objective:Objective:
Information WarfareSource:Source: FM 100FM 100--6 6
(1996, p.GL(1996, p.GL--8)8)
Information Superiority;Information Superiority;
Defensive Information Warfare;Defensive Information Warfare;
Offensive Information WarfareOffensive Information Warfare..
ConceptsConcepts
11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes
National Information InfrastructureNational Information Infrastructure
Undefined States’ traditional Sovereignty Borders (Transnational Communications Networks);
Difficulties to establish territorial jurisdictional principles;
Emergent need to rethink and redefine NII’s Security and Protection.
11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes
National Critical Infrastructures: National Critical Infrastructures: Interdependencies ModelInterdependencies Model
STRUTURALSTRUTURALDependency
FUNCTIONALFUNCTIONALDependency
NationalPower Grid
TelecommunicationsNetworks
Transports(ex: Air, Rail, Metro Traffic Control etc.)
Financial System(ex: Banking, Stock Market, ATM, etc.)
Defence(ex: C3I Systems Radars,
Missiles, etc.)
Emergency Services(ex: Fire Department, 911, Law Enforcement., etc.)
Other CriticalInfrastructures
(Government, Health Services, Water supply network, etc.)
11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes
Risk Acceptance Risk Transference
Risk Management
Countermeasures Adoption
RISCOS
Risk Analysis and Risk Management ModelRisk Analysis and Risk Management Model
Risk Analysis
Resources(Potential Targets) Threats
Vulnerabilities
11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes
Terrorismo
Extremismo
Chantagem
Manipulaç.
Desinfor.
Destabiliz.
Acidentes
Virus & Co
Ciberataq.
Insiders
Espionagem
Echelon
Energia + TransportesEconomiaFinançasDefesa
Justiça + Forças Polic.
Administ.Interna
NegóciosEstrangeirosPM / Governo
IW IW ThreatsThreats to to StatesStates’’ GovernmentGovernment ……
Adaptado: LTC Gérald Vernez (2004)
11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes
Threat LevelThreat Level
Fontes: Martin Libicki (1996); Morris (1995)
Information Attack
Disruptive PowerDisruptive PowerProbability X Threat LevelThreat Level
Capabilities Capabilities vsvs
IntentionsIntentions
Important Important vsvs
Strategic Strategic LevelLevel
Information Warfare Information Warfare WeaponsWeapons
can be consideredcan be considered
Weapons of Weapons of ““Mass DisruptionMass Disruption””
Terrorists
Groups of PressureIn
tent
ions
Capabilities
Crackers
Organized Crime
States
HackersAmateurs
11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes
NationalNational InformationInformation StrategyStrategy
INFORMATION
InformationPolicy
POLITICS
InformationStrategy
STRATEGY
CompetitionArena
ConflictualArena
The The artart and and science science of the of the information information (resource/weapon)(resource/weapon) developmentdevelopment and its and its use with the aim to fulfil the objectives use with the aim to fulfil the objectives defined by National Policy.defined by National Policy.
NATIONAL INFORMATION STRATEGYNATIONAL INFORMATION STRATEGY
11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes
NationalNational InformationInformation StrategyStrategy:: ScopeScope
Exploration
Protection
Acquisition
Infosphere
Information-BasedConflict
Outras OTHER ACTORSCYBERSPACE
Exploration
Protection
Acquisition
Infosphere
OWN
Source:Canadian Forces Information Manual Operations (1998)
11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes
NationalNational InformationInformation InfrastructureInfrastructureProtectionProtection:: ConceptualConceptual ModelModel
Defensive Information Warfare / Defensive Information OperationsDefensive Information Warfare / Defensive Information Operations
Critical Information Infrastructure Protection
INFORMATION ASSURANCE
MAJOR CONCERNS:MAJOR CONCERNS:
Availability and Integrity of Information of National interest;
Country’s efficiency in its information processing and exploitation.
Source: Lars Nicander (2001)
11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes
National Information Strategy:National Information Strategy:Related ActivitiesRelated Activities
National Information Strategy(Information Assurance)
Information Operations National Information Security
Public Diplomacy
Economic Diplomacy
Perception Management
Criminal Activities
Others
Planning, Security and Intelligence
C2W
MilitaryCivilian
Operational Security
Military Deception
Psychological Operations
Electronic Warfare
Physical Destruction
PublicInformation
CIMIC
National Information Infrastructure Protection
Military INFO OPS (Offensive and Defensive)
Civilian INFO OPS (Defensive)
11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes
NII Protection: Important IssuesNII Protection: Important Issues
ProtectionProtection:: InformationInformation OperationsOperations ((MilitaryMilitary//CivilianCivilian););
DetectionDetection andand ReactionReaction:: NationalNational InformationInformation SecuritySecurity
New Organization/Structure? New Function?New Organization/Structure? New Function?
Critical Information Infrastructures Critical Information Infrastructures Security Standards Security Standards Definition Definition ((Governmental & PrivateGovernmental & Private););
National CERT National CERT (Alert & Report System)(Alert & Report System)
Education &Training ProgramsEducation &Training Programs;;
Security mechanisms andSecurity mechanisms and Critical Information Infrastructures Critical Information Infrastructures redundancy redundancy FinancingFinancing;;
International Cooperation Programs International Cooperation Programs (e.g. ONU, UE, OTAN).(e.g. ONU, UE, OTAN).
Risk Management PhilosophyRisk Management Philosophy: : ProtectionProtection, , DetectionDetection & & ReactionReaction..
11º ICCRTS, 26-28 Sept 2006 LTCol Paulo Nunes
Paradigmatic relationship between Social Paradigmatic relationship between Social development and security (development and security (Information Age Information Age vulnerabilities dynamicsvulnerabilities dynamics))
IW is a IW is a global conceptglobal concept that deeply influences that deeply influences NationNation--StatesStates’’ Policy as well as its Security and Policy as well as its Security and Defense;Defense;
Modern conflicts epicenterModern conflicts epicenter moved to the geomoved to the geo--economics and transnational arenas (economics and transnational arenas (ex:Echelonex:Echelone Carnivore);e Carnivore);
National interests fulfillment requires a clear National interests fulfillment requires a clear definitiondefinition of a of a National Information Strategy.National Information Strategy.
ConclusionsConclusions
Information Age Vulnerabilities and Risks:Information Age Vulnerabilities and Risks:The Emergence of a NationalThe Emergence of a NationalInformation StrategyInformation Strategy
11th 11th InternationalInternational CommandCommand andand ControlControl ResearchResearch andand TechnologyTechnology SymposiumSymposium (11(11ºº ICCRTS)ICCRTS)““COALITION COMMAND AND CONTROL IN THE NETWORKED ERACOALITION COMMAND AND CONTROL IN THE NETWORKED ERA””
Cambridge, UK, 26Cambridge, UK, 26--28 28 SeptemberSeptember 20062006
Prof. António GriloINESC/INOV
Portugalantonio.grilo@inov.pt
LTCol Paulo NunesCINAMIL, Academia Militar
Portugalpfvnunes@net.sapo.pt
Prof. Henrique SantosUniversidade do Minho
Portugalhsantos@dsi.uminho.pt
CENTRO DE INVESTIGAÇÃODA ACADEMIA MILITAR
(CINAMIL)
top related