This is an informative, well researched, and entertaining book. Written by three well-known information security professionals, it presents a detailed analysis of information warfare (IW) and its impact on governments and businesses. The book’s 19 chapters are arranged into three sections; each chapter has been written individually, and they may be read in any order. Various graphs, charts, and tables complement the writing, along with a wealth of relevant anecdotes and references (both current and historical).
Section 1 provides an introduction to IW, and attempts to define what it is, and what it is not. Comparisons are drawn between war and business activities; the role of technology and its influence is examined, and then the text takes a look at how IW applies to the “Information Environment.” Information infrastructures are then examined, along with the changing world environment, the systemic problems faced, the changes in nations’ economies, and the technological issues faced in today’s society. Finally, the similarities among governments, businesses, and activists, including their techniques and tactics, are examined within the context of IW.
Section 2 begins with a discussion of the role of commercial, “off-the-shelf” applications in computer network attacks. Popular operating systems, outsourcing, and problems with hardware and software are detailed. Following an overview of nation states and various groups (such as the North Atlantic Treaty Organization (NATO), Organization of the Petroleum Exporting Countries (OPEC), and the United Nations (UN)), and how they use IW, the text delves into a more detailed analysis of the IW capabilities and programs used by Asian, Middle Eastern, European, American, and African nation states. This section finishes with a look at how businesses may use IW tactics to achieve a competitive advantage, and how terrorists, activists, and other groups may use IW to further their own causes.
Section 3 focuses on surviving IW attacks, and presents various countermeasure and counterattack strategies. It begins with an overview of various defense models (such as defense in depth, onion ring, and policy), various tools (such as firewalls, public-key infrastructure (PKI), and encryption), technologies (such as digital subscriber line (DSL) and local area networks (LANs)), and possible countermeasures (such as intrusion-detection systems (IDSs), honeypots, forensics, and law enforcement). The importance of applying knowledge management (KM), the need to protect the information environment, and the use of quantitative measurements is highlighted. An approach for determining the value of information is presented, as is a coherent knowledge-based operations (CKO) model that integrates the concepts of IW, KM, and network-centric business. The CKO model is then applied to the principles of war (a military theory), to develop a framework for use by a company’s chief executive officer in developing a competitive advantage for the business, as well as i n protecting their information environment. The final chapters of this section examine survivability, and the need to adapt to the information environment of the 21st century. The authors consider the current and future challenges likely to be faced, and the role IW and information security professionals will play.
Appendices are included that provide a list of recommended reading, a glossary of terms, a history of technology and its relationship to war, and a view on the revolution in information affairs. There is also a detailed index that allows for easy navigation and cross-referencing.
This book should appeal to those in business and government. It requires no technical expertise or background knowledge of information warfare. For those with an interest in information warfare, or in the wider information/computer security arena, this book will provide an excellent resource, and be a valuable addition to the bookshelf.
