en04.gif (47 bytes) en04.gif (47 bytes)
Questions on Information Warfare

 
Prof. Dorothy E. Denning (Georgetown University)


Introduction

  1. Write down a definition of IW in your own words.
  2. What is the definition of IO as given in Joint Pub 3-13? What specific types of operations constitute IO? How do these relate to the IW operations in the Air Force Report?
  3. Describe an IO or IW operation that you have performed or that has been performed with you as a target.
  4. What do we care about IW?
  5. Who commits IW and why?
  6. What is a hacker? Who hacks and why?
  7. What new technologies are impacting the conduct of IW?

Computer Hacking and Cybercrime

  1. Describe one of the following incidents in terms of what happened, who was responsible, how many people or computers were affected, what the cost or impact of the incident was, how long the incident lasted, what was done to stop it, what law was violated, and what happened to the perpetrator (charged? fined? sentenced?). You may not be able to answer all of these questions.
    • Moonlight Maze
    • ILOVEYOU Virus/Worm
    • Code Red Worm
    • Nimda Worm
    • Sir Cam Virus
    • February 2000 DoS/DDoS assualt
  2. Describe Warhol and Flash worms, and how they could spread even faster than Code Red.
  3. What issues and challenges do law enforcement agencies face when investigating a computer crime or Internet fraud?
  4. Describe the Internet Auditing Project.  What did they learn?  Was conducting it ethical?
  5. Find an Internet site with hacking tools. Describe what is available.
  6. Comment on the practice of "full disclosure." Should people be able to publish information about security vulnerabilities and the tools that exploit those vulnerabilities? What would be a responsible disclosure policy?
  7. How could a hacker have exploited the vulnerabilities to classified information brought on by the practices of John Deutsch? Write down one or more scenarios of what could have happened.
  8. What are the various forms of Internet fraud?  What types of fraud are most common?  How can you avoid being the victim of Internet fraud?

Cryptography and Authentication

  1. What is public-key (asymmetric) cryptography and how does it differ from single-key (symmetric) cryptography?
  2. What is a digital signature and how does it differ from a digital certificate?
  3. What is a public-key infrastructure?
  4. How long should your keys be to protect against a well-funded and highly motivated adversary with single-key cryptography?  public-key cryptography?
  5. Does encrypted e-mail make it harder or easier to defend against e-mail viruses?
  6. What is a watermark and what is it used for?  What types of attack does it need to defend against?
  7. Go to http://www.anonymizer.com/. Using their free anonymous web surfing, go to the USA Today web site at www.usatoday.com. Once you get there, write down the URL in your browser's Location box.

Hacktivism and Cyberterrorism

  1. Describe one of the following cyber attacks/protests in terms of who was involved, what they did, and impacts.
    • The Sep 11 related cyberwar.
    • The Mideast cyberwar launched in October 2000.
    • Anti-globalization cyberwars against the WTO, IMF, WEF, etc.
    • The cyberwar relating to the U.S.-China spy plane incident.
  2. Comment on the ethics and legality of various forms of hacktivism, including Web defacements, Web sit-ins, and denial-of-service attacks.
  3. Are terrorists engaging in cyber attacks? If so, give examples.
  4. What are realistic scenarios of what cyberterrorists might do?
  5. What are the advantages and disadvantages of conducting cyber attacks from a terrorist's perspective?

Espionage and Signals Intelligence.

  1. In the wake of the September 11 terrorist attacks, Congress passed the USA PATRIOT Act, HR 3162. How did the Act affect government surveillance? What concerns have been raised by civil libertarians (try the CDT or EFF website).
  2. Describe the capabilities of the Echelon system. Can NSA use it to read your e-mails or listen to your phone conversations? Is the system ethical? What are the concerns of the European Parliament and others?
  3. Describe the capabilities of the FBI's Carnivore system. What did the independent reviewers conclude? Under what conditions can Carnivore be used to intercept your own e-mails?
  4. What are the benefits and drawbacks of installing video cameras and other sensors in public places when (a) the information is available only to the police and (b) it is available to anyone, say through the Web? Should the use of such cameras be regulated? What about their use combined with a facial recognition system in order to spot "bad guys"?
  5. Should satellite imagery be regulated and, if so, how? Justify your answer.
  6. Should the government actively seek to collect the trade secrets of foreign companies, i.e., engage in economic espionage? Does it?
  7. When does competitive intelligence conducted by one corporation against another become illegal or unethical? Was the competitive ambush by Tactical Marketing Associates (Denning, p. 147) legal? ethical?
  8. Comment on the Crypto AG story in Adams, pp. 214. Do you think that Crypto AG rigged their machines? If so, was that ethical?

Information Security

  1. What is more important for an organization: confidentiality, integrity, or availability?  Explain your answer. If you want, you can pick a particular organization and consider its mission.
  2. What are the threats to your own computer? What can you do to mitigate them?
  3. If you were in charge of security for an organization, how would you decide how much money to spend and what to spend it on? How much do other organizations spend on security?
  4. What is risk assessment and what makes it hard?
  5. What is the difference between a firewall and intrusion detection system? What are their respective benefits?
  6. What can be done to stop a Denial of Service attack?
  7. What problems (technical, legal, etc) do investigators of computer crimes face when trying to determine who committed a crime and collecting evidence?
  8. What type of insurance is ccurrently available for protecting against computer crimes?
  9. What are the information security requirements and issues for Georgetown?
  10. Outline a security policy for an organization you are affiliated with. The policy should identify responsibilities for implementing and enforcing security measures.

National Cyber Defense

  1. Go to the CIAO Web site at http://www.ciao.gov/ and read the October 16, 2001 Executive Order on Critical Infrastructure Protection in the Information Age. Outline what is established by the new policy.
  2. PDD 63, issued by President Clinton, called for several things, including the establishment of the NIPC, the CIAO, and of ISACs. What has happened since then to protect critical infrastructures from cyber attack?
  3. What is the proper role of the government vs. the private sector in protecting critical infrastructures that are owned by the private sector?

Open Sources

  1. Find out as much as you can about one of your professors at Georgetown. Describe what you found and how and where you found it.  If some information would cost money, it is not necessary to actually get the information, but list what you could get it and what it would cost.
  2. What is the privacy policy of Amazon.com?
  3. What is the Code of Fair Information Practices? Does Amazon.com follow it? Justify your answer.
  4. What is a Web bug? Is it a serious threat to privacy when used alone or combined with cookies?
  5. If someone e-mails you an article from the Washington Post, can you forward it to a friend without violating copyright laws? Can you forward it to a class distribution list? Can you post it on your Web page?
  6. Is it ethical and legal to forward a personal e-mail from one person to someone else?
  7. Go http://www.eff.org/cafe/drmgame/carabella.html and play the Carabella game about music, privacy, and fair use. What did you learn from this exercise?
  8. Is it legal to use a system to acquire free access to music, video, or books, when the copyright holders have not given permission for such? Regardless of legality, is it ethical?
  9. Exactly what would the Berman bill allow? Is this a good idea? Justify your answer.
  10. What is DeCSS and what is the dispute?  What is the status of the court case against 2600?
  11. What is the complaint with the DMCA?
  12. Describe the case involving Ed Felton and the Secure Digital Music Initiative (SDMI) challenge. What was the legal decision?

Psyops and Perception Management

  1. Discuss how psyops and perception management have been used by the US government, al Qaeda, or others during the war on terrorism.
  2. How much control does and should the US government have over what is aired on television or reported in the press?
  3. In what ways does the Internet serve as a tool for hate? As a tool against hate? Give examples.
  4. What are the main claims of Emil Pain about the Chechen war?
  5. Comment on the scenario outlined by Charles Dunlop in "How We Lost the High Tech War of 20007." What lessons can be learned from it.
  6. Under what conditions, if any, is deception ethical when conducted by the government? When conducted by a business?
  7. Find an example of a virus hoax or urband legend that is not in the text. What features make it recognizable as a hoax? Include a copy of the message with your report.
  8. Should any content on the Internet be censored? If so, what content and under what conditions? How effective can it be? You might comment specifically on the French ruling with respect to Yahoo or laws requiring the installation of filters in schools or libraries.

International Policies, Laws, and Ethics

  1. Does international law permit countries to conduct offensive IW operations and, if so, what types of operations and under what conditions?
  2. Comment on the morality of nations conducting offensive IW operations. You may wish to consider specific types of operations. What are the moral issues?
  3. Do the rules of Just War permit IW operations against a country's critical infrastructures?
  4. How does offensive IW fit into current military doctrine?
  5. Has information warfare created a new arms race? Defend your answer.
  6. Is IW, conducted at a state level, a force for stability in the world. Is it a deterrent to war?
  7. How does an IW arms race compare with the nuclear arms race in terms of main players, objectives, costs, organization, possible effects, and morality?
  8. What concerns have been raised over the Council of Europe Cybercrime Convention?



en04.gif (47 bytes) en04.gif (47 bytes)