Markku J. Saarelainen
Although many concepts of the information warfare (IW) are known in many commercial
enterprises and in their MIS departments, most corporations and their information
personnel are still quite unfamiliar with the terminology and most fundamental concepts of
the information warfare and its applications in commercial enterprises and business
activities. The quality, accuracy, reliability and timeliness of the information and any
related analysis have become increasingly important in the dynamic and fast changing
global business environment. The protection of this valuable and often costly asset have
become very important for most companies, CEOs, MIS personnel and information security
specialists. The purpose of this brief newsletter is to bring up some important issues and
concepts of the IW and some basic elements of information protection systems and methods
to minimize negative impacts of the IW on the company's information assets.
The information warfare can be used as an integral element of any strategy to influence
the market place, competitors, customers, general public and suppliers to achieve the
business objectives. Basic concepts of the IW may include 1. the distribution and
dissemination of the disinformation and misinformation, 2. the destruction or modification
of some key information, 3. unauthorized uses or theft of the valuable data and
information and 4. the penetration of competitors' or other opponents' information systems
and databases. The intent of the IW is often to penetrate the company's information
processing systems and to influence key decision making processes in ways that are
beneficial for an organization that is organizing the IW campaign against another
organization. The methods of the IW may also include many traditional problem solving
methods such as law suits or lengthy arbitration processes to delay R&D projects or
other development activities. No matter what techniques and methods are chosen for the IW,
it is important that these methods are integrated into the company's tactical and
strategic communication processes to implement effectively the company's business
strategies and tactics.
The information and communication processes have become increasingly important and
critical for any international business. In addition, processes and systems that show how
the information is used and processed have become more complex and dependent upon advanced
technologies that provide many efficient ways for decision makers to obtain and process
the quality information and then make accurate and reliable decisions on specific business
matters. This reliance on the information and related processes has also created new
threats for many organizations globally. International businesses can use some elements of
the IW against their competitors, competitor's suppliers or other related organizations
and individuals. These IW attacks may establish new barriers for market entry, limit the
accurate and quality information that is available for individual decision makers about
some market place and specific industries and cause other harmful impacts on these
international businesses such as the misuse of corporate financial resources and assets.
In addition, some international organizations may operate together with governmental
agencies to collect the information and to initiate programs and activities to destruct or
steal the information assets, destruct decision making processes or other analytical
processes resulting in ill-advised and incomplete decisions and business activities.
It shall be important for any organizations to implement management systems and
techniques to prevent any harmful impacts from the hostile IW attacks. These systems may
include various strategic and risk management systems such as the Information Security
Systems (ISS), Business Intelligence Systems (BIS), Quality and Environmental Management
Systems (Q&EMS), specific Internal and External Communication Systems, Legal
Management Systems and many others. In most of these systems, the assigned Management
Representative and/or Officer is responsible for ensuring that the system is established,
implemented and maintained. Specific procedures and instructions shall be developed and
implemented for specific elements of the systems and the effectiveness of these systems
should be reviewed periodically by the executive management and if necessary, additional
improvements can be initiated to improve the effectiveness and performance of the system.
The scope of some systems can be broader than others and they may be integral elements of
other strategic management systems. For example, some elements of the ISS such as tape
backups and the information classification can be a part of the Quality Management System
to prevent the accidental or intended unauthorized deletion, destruction or modification
of the quality data and information. These systems should be integrated into one strategic
management system to collect, obtain, analyze, disseminate and protect the key information
and intelligence and then to make sound and quality decisions on various business, market
and competitiveness related issues. In addition, encryption, cryptography and other
information protection applications can be used to prevent any unauthorized monitoring and
eavesdropping and protect the information and intelligence during its communication and
delivery processes from its generators to its receivers.
How would the IW attack affect your organization, if this attack would destroy the
major portion of your key business information or if it would delay the availability of
this information for several months? Would you be prepared to lose millions of dollars,
when your decisions are based on the disinformation or other harmful influences? These are
the questions that every international business should be concerned about and evaluate
serious applications and techniques on how to prevent and minimize impacts of these IW
attacks or influences. CEOs and lead MIS personnel should assess their organizational
environment and specific threats from competitors or from other market place players. The
defensive IW strategy should be integrated into an overall business strategy by the top
executives to maintain and improve the company's competitiveness in the market place and
to ensure fair and unharmed commercial trade practices. The strategic management systems
can be established and implemented to ensure the protection, reliability, accuracy and
quality of the business information and to minimize actual and potential risks. It shall
be important for any international organization to use the defensive IW against any
hostile and harmful competitors or other organizations and agencies.
|
