Canadian Security Intelligence Service, Service Canadien du Renseignement de Sécurité, Gouvernement of Canada,
Skip all menus * * * * *
* Français * Contact Us * Help * Search * Canada Site
*
* About CSIS * Priorities * Publications * Newsroom * PSEPC
*
* Home * FAQ * A-Z Index * Site Map * Careers
*
* A world of challenge.
*

Newsroom
CSIS RSS Newsfeed
News Releases
Speeches and Presentations
CSIS Backgrounders
*
Print ViewPrint View

* *

Backgrounder No. 11

Information Operations

Revised February 2004

Introduction

With the advent of the personal desktop computer in 1980, the manner in which the public and private sectors conduct business and provide services to the public at large has changed. Over time, millions of computers and thousands of dissimilar networks worldwide have been connected through a global network of networks. Internet use has more than doubled annually for the last several years to an estimated 40 million users worldwide in nearly every country today. Connections between computer systems are growing at an ever-increasing rate, with the Internet adding a new network about every 30 minutes. According to a report by the Computer Industry Almanac, nearly 43 percent of Canadians use the Internet, which makes Canada the leading country for Internet use.

The growing dependence of governments, institutions, business, groups and individuals on computer-based communications and information technologies has resulted in a constantly changing view of what constitutes threats in today's "information age". It is no longer necessary for "hostile actors" (individuals, extremist and terrorist groups, intelligence services and armed forces) to directly access a computer to copy, destroy or manipulate data. People can use a variety of techniques and software tools to exploit a targeted system once they gain unauthorized access remotely via the Internet or by dialling directly into the system using a telephone and a modem. Most legislation and protective measures address physical attacks on critical systems and data; however, they have been or are in the process of being revised and updated to deal with the new class of computer-based threats defined as Information Operations (IO).

Back to top Back to top

Information Operations

The concept of IO has its root in that of "Information Warfare" (IW), which is the physical and computer-based operations used by military forces to compromise the access to and viability of information received by the decision-makers of an enemy, while at the same time protecting their own information and information systems. The term "Information Operation" (IO) is used to denote the use of IW tools and techniques at any time. The definition has evolved to reflect the need for a state to maintain national security by protecting its critical information infrastructure (CII). The eight critical sectors in a state's infrastructure include: transportation; oil and gas; water; emergency services; continuity of government services; banking and finance; electrical power; and telecommunications.

IO is the outgrowth of military doctrine that focussed on the use of electronic warfare measures to degrade the capabilities of adversaries on the battlefield. Operations conducted during the Desert Storm campaign indicated that technological development had provided the military with computer-based tools and techniques that could be used to degrade not only military systems but those of government and the private sector as well.

Within the realm of IO, there is no safe haven; territorial boundaries become irrelevant as IO can be conducted at any time against any sector (public or private). All other "cyber" activity (cybercrime, cyberterrorism, cyberwar, netspionage, hacktivism, etc.) is a subset of IO. However, most discussions relating to the use of computer-based tools and techniques in the context of IO have come to focus on information assurance and the protection of computer-based systems and networks from an intrusion or attack.

Back to top Back to top

The Threat

Information Operations could be used to target national information systems from anywhere in the world using inexpensive hardware and software. Degradation in the operation of a targeted computer system could cause significant social, political and economic impact that would have serious ramifications in the area of national security. Although security measures are being created to protect these infrastructures, the development of attack tools to circumvent these protective measures is ongoing and such attack mechanisms have come to be freely available through the Internet. The number of intrusions into computer-based systems is on the rise and the tools used to exploit existing vulnerabilities are growing in sophistication. Although only a small number of system intrusions are reported, indications are that the level of reported incidents and vulnerabilities is doubling roughly every six months. In 2000, statistics released from the Computer Emergency Response Team (CERT) at Carnegie Mellon University in Pittsburg show that 1,334 computer security incidents were reported world-wide in 1993, compared to 9,859 in 1999 and, in the first three quarters of 2000, the number of incidents rose to 15,167.

The threat of unauthorized intrusions into computer systems and networks increases proportionately to the degree of connectivity to external networks such as the Internet. Such connections create vulnerabilities that can be exploited, for whatever reason, by hostile actors, using malicious software, e.g. viruses, Trojan Horses and worms via the Internet. In addition, physical attacks like cutting power cables or destroying hardware upon which the information infrastructure depends are the equivalent of physical denial of service (DoS) attacks. The latter prevents authorized users from gaining access to information systems and data. Any of these hostile actors can attack vulnerable infrastructure points using physical means and/or software. As a result, the growing capability of a variety of hostile actors to make offensive use of IO, in both its physical and nonphysical forms, can potentially threaten the public safety of Canadians and the national security of Canada.

This is especially true since international affairs, in all their dimensions, will increasingly involve competition for control of information networks. Discussions at the United Nations on the topic of the proliferation of IO tools are couched in the rhetoric of weapons proliferation. The language has evolved from mass destruction to include IO tools and weapons of mass corruption. The increasing reliance of states on computer networks makes critical infrastructures attractive targets for attack and exploitation, and many countries have embarked on programs to develop IO technologies. According to American military and congressional reports, Russia, China, India and Cuba have acknowledged preparations for cyberwar and are actively developing IO capabilities; North Korea, Libya, Iran, Iraq and Syria have some IO capabilities. Even though many countries are developing IO capabilities, few have the means to fully integrate various IO tools into a comprehensive attack which would cripple a country's infrastructure. However, some could develop the required abilities to mount such attacks over the next decade.

Back to top Back to top

Security of Systems and Data

The development of IO tools and techniques is evolving in pace with the rate of technological change in the communications and computer industries. The ability to communicate and connect with networks worldwide almost instantaneously has created both advantages and vulnerabilities.

As government departments and businesses globally have experienced both intrusions into their networks and the loss of sensitive information, they have attempted to install security measures to protect both systems and data. Unfortunately, these security packages have a short life span. Surveys and intrusion assessments conducted by private-sector security firms and by government agencies worldwide indicate that a large number of security packages and monitoring tools, many of which are commercially available, are ineffective or misused. A number of surveys conducted in the United States and the United Kingdom indicate that more than 80% of respondents in one case did not use firewalls or any other security measures to protect their systems and data. Up to 93% of respondents in another case were vulnerable to rudimentary attacks even if firewalls were used.

As more and more persons, businesses and government departments become dependent on computer-based communications and the operations of interconnected networks, the configuration of interacting computer networks and operating systems becomes more complex and creates vulnerabilities. Natural forces (like storms), the natural evolution of network processes, and IO tools could pressure these vulnerabilities and cause failures that could have a profound effect, both short- and long-term, on the operation of government and the private sector. For example, during the 1998 ice storm in Quebec and eastern Ontario, the destruction of the essential electrical power infrastructure cascaded into a disruption of key services such as water supply, financial services, telecommunications and transportation, with devastating consequences for some Canadians.

Back to top Back to top

Examples of Information Operations

Many examples of IO-related activity can be drawn from the experience of American government departments dealing with computer intrusions and system exploitation. These experiences have been related in speeches given before Senate and congressional committees, and in documents produced by the General Accounting Office.

Extremist organizations, criminal groups and governments are acquiring expertise in the area of IO and could threaten various systems if they possessed the proper tools and techniques to exploit vulnerabilities, and the intent to do so. Testimony provided during committee hearings held within the United States revealed that an increasing number of countries have or are developing offensive IO programs. Further, data indicates that an increasing number of extremist groups and intelligence services are becoming proficient in the development and / or use of IO tools and techniques. A number of these hostile actors may intend to use IO tools to achieve specific goals. Recent media reports indicate that protected military networks in the United States have been easily hacked using rudimentary tools. One American government-sponsored exercise (Eligible Receiver) demonstrated that software tools obtained from hacker sites on the Internet can not only degrade the operations of government departments but threaten the critical infrastructure.

In April 1998, hackers belonging to the "Masters of Downloading" (MOD), which an international membership, claimed they had broken into NASA and DoD classified computerized systems, having acquired the means to access these systems with impunity, and to control military satellite and other systems. With at least two Russian members, MOD was considered by computer experts to be more secretive, careful and sophisticated - and hence more dangerous - than Analyzer. MOD threatened to sell information about American systems to terrorist groups or foreign governments. MOD members allegedly communicate using an elaborate system of passwords and cover their tracks by routing messages through a variety of computer systems all over the world. Claims made by MOD have not been publicly corroborated to date.

In February 2000, national infrastructures suffered degradation from virus and distributed denial of service attacks (DDoS). The attacks, which centred on a number of companies, each with a significant presence on the Internet, were estimated to have caused damage in the order of billions of dollars. The subsequent infestation of computers around the world with the "I Love You" virus had even a more profound effect on systems and networks. This was due in part to the fact that the phrase "I Love You" in the subject line of an e-mail message was a simple psychological operations ploy that enticed many individuals to open the virus-laden e-mail attachment and infect their computer systems. The DDoS attacks of February 2000 acted as a proof of concept demonstrating that a number of computers previously compromised by hacker activity could be used in concert to focus attacks on a single target or a number of targets.

Political tensions have resulted in hacking duels between hacker groups and others in various countries. In 1999, there were hacking exchanges between China and Japan over the issue of the Nanking massacre, between China and Taiwan, and between India and Pakistan over Kashmir. In 2000, Armenians placed false information in the Azerbaijan daily Zerkalo, and the current tensions between Israel and Palestinians resulted in hacking activity by supporters of each side. The latter activity on the part of pro-Palestinian supporters expanded to include corporations and a pro-Israel organization in North America as targets.

Back to top Back to top

Protection of the Canadian Critical Infrastructure

The Report of the Special Senate Committee on Security and Intelligence, published in 1999, addressed the issue of protecting Canada's critical infrastructure. The latter consists of both physical and cyber-based systems which are essential to the day-to-day operations of the economy and government. Historically, elements of this critical infrastructure were physically segregated. However, these elements gradually converged, became linked and more interdependent. Advances in computer and communications technologies resulted in a growing level of automation in the operation of critical systems. The report stated that the growth of, and our increased reliance on, the critical infrastructure, combined with its complexity, has made it a potential target for physical or cyber-based terrorism.

In its recommendations, the Committee suggested that the government take action to protect the critical infrastructure and to:

  • develop policies and resources to deal with any attacks;
  • create the capability to assess and reduce infrastructure vulnerabilities, and to prevent or respond to physical and cyber attacks;
  • create public-private sector partnerships to protect the critical infrastructure; and
  • ensure that the National Counterterrorism Plan regularly be reviewed and updated, especially relating to the impact created by new and emerging technologies that may be used by terrorists

The Canadian government responded to these recommendations by creating the Office of Critical Infrastructure Protection and Emergency Preparedness. The role of this agency is to work closely with the provinces and municipalities, private industry and other countries to protect Canada's electronic infrastructure against possible cyber-based attacks and natural disasters. In 2003, the agency was amalgamated into the Public Safety and Emergency Preparedness department.

In addition, each federal government department and agency has information technology (IT) policies and procedures. The Communications Security Establishment (CSE) advises the federal government on the security aspects of government automated information systems.

Back to top Back to top

The Role of CSIS

The CSIS Information Operations program was initiated in 1997. As with all CSIS investigations, this program derives its authority from the CSIS Act. Under sections 2 (a) (b) and (c) of the Act, threats to the security of Canada are defined as: espionage or sabotage, foreign influence activities, or serious acts of violence against persons or property in support of achieving a political objective. The information operations threat may fall under any of these three sections.

The Service focuses its investigations on threats or incidents where the integrity, confidentiality, or availability of critical information infrastructure is affected. As a result, three conditions must appear in order to initiate a CSIS "information operations" investigation. That is, the incident:

a) must be a computer-based attack

b) must, within reason, appear to be orchestrated by a foreign government, terrorist group or politically motivated extremists;

c) must be done for the purpose of espionage, sabotage, foreign influence or politically motivated violence.

This definition excludes many of the computer intrusions occurring within Canada. For example, most hacking activity is being done by thrill-seeking amateurs with no political agenda. Moreover, a certain amount of hacking is conducted by criminals for monetary gain and by corporations seeking an unfair competitive advantage over another company. These types of computer intrusions fall outside the CSIS mandate but may be of interest to law enforcement. The Service confines its investigation to computer intrusions conducted with a "political motivation". That is, whether a hostile intelligence service is hacking into Canadian computer systems, or an extremist group is targeting a government Web site – there must be a political aspect to the computer intrusion in order for CSIS to be involved.

Since the threat from cyber sabotage and cyber terrorism is part of a broader economic threat to key sectors of Canadian society, CSIS works closely with other government departments such as the Royal Canadian Mounted Police, the Department of National Defence and the Communications Security Establishment.

Furthermore, within the international milieu, CSIS liaises and exchanges information with allied agencies to remain abreast of the global threat and how it may affect Canada's national security. CSIS also participates with the federal government in broader G-8 efforts aimed at addressing the cyber threat.

Back to top Back to top

Outlook

One of the greatest challenges in countering the threat in the realm of IO is that borders have become meaningless to anyone operating in a virtual environment. Even if great diligence was taken in the effort to remove vulnerabilities, it would be almost impossible to eliminate them entirely because attack tools, networks and network control systems are in a constant state of evolution.

As new technologies develop, so too will new attack tools and mechanisms. As a result, governments will have to set procedures in place to allow security initiatives to evolve to deal with new threats as they arise. For example, the risks involved with the movement of the private sector to an e-commerce environment, the initiatives within the private sector to provide services and system interconnection through wireless means, and the use of personal digital assistants all present challenges from a security perspective.

Hacking is becoming easier to a certain extent because some elements of both the private and public sectors around the world have been more interested in connecting to the Internet than in facilitating their operations securely via the Internet.

Back to top Back to top

National Liaison Awareness Program

CSIS maintains a national Liaison Awareness Program. The program seeks to develop an ongoing dialogue with both public and private organizations concerning the threat posed to Canadian interests from cyber-based attacks. The purpose of the program is to enable CSIS to collect and analyse information that will assist it in its investigation of these threats which could have implications for Canada's national security. The Service then assesses the threat, and provides advice to government accordingly. This program is an important vehicle used by the Service to articulate its message to the Canadian public.

 

Date modified: 2005-11-14

Top

Important Notices