Experts Focus on Reining in Information Technologies
Flexibility and ubiquity are welcome advances, now, control must be re-established on key issues.
The use of information technologies has increased faster than the ability of their users to recognize the technologies’ key issues, according to many international commercial and government experts. Interoperability, availability and security all are growing in importance as information technologies become increasingly indispensable in more aspects of society.
Many of these issues were addressed at the 1999 AFCEA Europe Munich Symposium and Exposition, held April 20 to 21. Its theme, “taming the information monster—assured, secure and ready communications and information technology services for private systems, public services and military headquarters,” illustrated the broad reach of these technologies and their interconnection across disciplines.
Some panels seemed to raise more questions than provide answers. Addressing the issue of taming the information monster is forcing many experts to rethink their priorities and longtime beliefs. Many speakers agreed that the information revolution presents a new set of challenges, but as yet no clear-cut path to long-term solutions is in sight.
Prof. Robert Kennedy, director of the George C. Marshall European Center for Security Studies, set the tone for the symposium in his keynote speech on the role information technologies are playing in ongoing reform efforts in Eastern Europe. He declared that global changes herald the beginning of a period of revolutionary transformation.
Kennedy questioned whether the traditional sanctity of the nation-state holds true in the post-Cold-War era. The dramatic changes underway promise to transform the entire nation-state system in a manner unseen since the end of the Thirty Years’ War in 1648.
The 21st century will bring an unprecedented high degree of transparency. “The availability of information will be infinitely greater and more widespread, and greater knowledge will be the key to change,” he stated. As a result, authoritarian models of governance—whether corporate or national—will fail. The replacement of dictatorial governments will not be uniform, but will occur haltingly over several years.
Policy making will be internationalized, offering greater opportunities for openness and transparency. With the advent of the new century, Kennedy sees the beginning of the end of national barriers to communications.
Companies need to embrace this new era, or risk failing. Employers must empower knowledgeable employees for decision making and bringing about change. As with governments, this involves replacing a top-down command model with a bottom-up version that will unleash a flow of ideas.
The dark side to this new information era is that conflict will remain a permanent part of the future. The democratization of information creates greater susceptibility to manipulation through information. The global media, for example, is superficially biased and prompts emotional reactions from viewers.
The definition of security is changing as well. The past monolithic threat has given way to new hazards that confront the Atlantic alliance. Kennedy cited terrorism, crime and illicit drugs as dangers that will increasingly threaten lives. Readily available information on building terrorist devices and engaging in menacing activities will enable wrongdoers to inflict great harm on innocent people, Kennedy warned.
Meeting the information challenge was the topic of the symposium’s leadoff panel, which was chaired by AFCEA Europe General Manager Rear Adm. Dr. Sigurd Hess, GE N (Ret.). Reinhard W. Hutter, senior vice president for command, control, communications and intelligence at IABG mbH, analyzed the threat facing critical infrastructures. He noted that more than 50 different organizations are involved in implementing a modern telecommunications network. This increases the opportunities for system compromise to more than 15 types of attack categories, and the number of attack entry points is virtually unlimited.
Remedying information infrastructure risk will require a comprehensive program having overview authority. Hutter volunteered the North Atlantic Treaty Organization (NATO), acting in close cooperation with its members and other national and international organizations, for this role.
With these challenges as a backdrop, Col. (GS) Dipl. Ing. Gerhard Bubel, GEA, of the German army information technology department, outlined his organization’s path to digitization. The army information technology target architecture has just been completed, and other efforts are leading to field testing of a digital brigade by 2001 as well as a multinational advanced warfighting capability by 2004. Sensors and weapon systems will be added after 2010. These digital capabilities will include standard software for office automation and information exchange.
With military information, the time from collection to presentation keeps decreasing, yet more elements are introduced along the way, according to Dr. Susanne Jantsch of IABG mbH. The increasing complexity of information management processes, along with the need to automate and integrate processes to speed up functions, may cause new vulnerabilities. Many of these threats are not yet apparent.
The human factor remains vital throughout the process, and extensive information systems can increase pressure on decision makers. Blind trust in tools is a real hazard, as is the inability to mentally process the amount of available information effectively. Information management must be tasked to remain vigilant, to give warnings, and to allow time for decision makers to sit back and think, Jantsch declared.
Dr. Klaus Saatkamp, vice president of the security and defense division at Siemens Business Services, suggested an intranet approach to network computing for a generic command, control and information systems approach. This type of network computing features open standards, easy handling, wide usage, distribution of work, easy access to the Internet and relatively low cost. Its adoption accelerates initial operational capabilities while allowing the system to ride technology evolution.
Information operations were the purview of a panel chaired by Col. Hans Joachim Recke, GEA (Ret.). Wolfgang Haas, IABG mbH, allowed that digital technologies will lead to a translucent battlespace. To ensure information superiority, forces must be able to collect any signal—visual or otherwise—and filter it, extract relevant information and send that information to the appropriate user. This capability must be available by 2010 or 2020 at the latest.
Moving target indicators and data support tools will help predict enemy movements based on intercepts. All this information will be part of an armed forces intranet that will be very vulnerable to information warfare attacks. Additional threats will be posed by near-term technological advances such as high-energy radio frequency guns or non-nuclear electromagnetic pulse weapons. Haas offered that, although future warfare will be information-oriented, cyberwarfare alone is unrealistic.
Christopher John Rhodes, business development manager and principle information warfare consultant at MAIT International Limited, discussed the new emerging threats of warlords, terrorist groups, religious zealots and organized crime. These adversaries could attack communications and information systems (CIS) with false information, sabotaged communications, corrupted reporting or even with viruses wired in hardware or embedded in chips in systems that are purchased commercially off the shelf.
Rhodes noted that while interoperability is essential, it makes CIS vulnerable to information warfare, and he suggested a systems approach to resolving this conflict. Prudent procurement can help ensure that future CIS would be less vulnerable to information warfare, but other extensive measures are also necessary.
A separate panel, chaired by Col. Bubel, focused exclusively on information security. Dr. Thilo Zieschang of EUROSEC GmbH warned that organizations must have fallback information security solutions, as no form of encryption is foolproof or crackproof. Attempts to provide an advanced encryption standard to replace the digital encryption standard may actually lead to increased vulnerability among the many financial institutions employing business software that adopts the new standard. Zieschang called for more research into systematic design and analysis of crypto-based protection mechanisms.
Achim Reckeweg, senior systems engineer for Sun Microsystems GmbH, warned against incursion by electronic (e-) mail. He cautioned attendees not to trust executable attachments, even if they seem to come from a familiar source. He listed many of the large organizations that were struck by the Melissa virus that traveled by e-mail, and he advised operators to use read-only viewer applications, many of which are available on the Internet, to open attachments. Crypto services are necessary to ensure authenticity and privacy.
Internet security technologies can create virtual private networks, according to Stephan Rein of Siemens AG. Because available Internet security technologies do not mandate specific security policies, virtual private networks can be built on them to operate within a broad range of security policy options. The capabilities of some technologies overlap, and it is unclear whether the commercial market will tolerate coexistence or whether some technologies will prevail over others.
Commercial and government security efforts are converging to an international framework, related Dr. Heinrich Kersten, debis IT Security Services. This international scheme features standardized security criteria and evaluation methodology and will ensure recognition agreements among participants. Stronger industrial participation promises shortened processes, broader access to results and international validity.
Two different communications standards were on opposite sides in a panel discussion chaired by Herbert Rieck, president of the AFCEA Munich Chapter. Gerhard Hering, head of the systems engineering department in the radio communications division of DaimlerChrysler Aerospace AG, offered the advantages of TETRAPOL for mobile military communications. As a communications standard for digital programmable radios for security forces, this technology would be well suited for military operations, which often present the same communication challenges as public safety.
The technology would also allow military forces to interoperate with public safety systems during joint emergency operations. Its open interfaces allow it to fit into standard military channel facings, and its interpersonal message service would be useful to the military. While similar to already deployed military systems, it is not protected from intentional jamming.
Steffen Ring, director, spectrum, standards, strategic planning, Motorola, argued for a system based on trans-European trunked radio (TETRA) technology. The terrestrial trunked radio is based on a European Telecommunications Standards Institute development and has been allocated military spectrum in 380 to 400 megahertz by NATO. It can communicate directly with battlefield terminals, and crypto algorithms can be developed as requirements change.
Europe and North America are working together on standards for a subsequent TETRA development known as DAWS, or digital advanced wireless service. TIPHON, the European voice over Internet telephony standard (SIGNAL, June 1999, page 37), could be placed on DAWS.
A dissenting voice came from audience member Col. Peter Bingel, GEAF, of the NATO frequency management subcommittee, who offered that TETRA was never intended for tactical forces.
Former NATO communications official Willi Krauss chaired a panel on mobile communications. Peter Iselt of Rohde & Schwarz GmbH & Co. shared a view on how a multifunctional radio platform can serve dual-use applications. Employing civilian technologies can suit the common requirements for both military and civilian applications. This is especially useful for the increasing likelihood of mixed multinational or joint civil-military operations. Software add-ons can provide necessary interoperability waveforms.
Bernd Gobert, senior expert for radio networks of DaimlerChrysler Aerospace radio communications, outlined the self-organizing wireless architecture for the German army command post communications network known as BIGSTAF. Martin R. Krick of the NATO Consultation, Command and Control (C3) Agency information systems division described the agency’s new roving command vehicle project. This mobile testbed, which is evaluating commercial technologies to provide multirole mobile command and control, can operate in a classified or unclassified mode with a wide range of capabilities. A version of this vehicle was demonstrated outside the symposium.
A panel on management of information media, chaired by Sam Visner of SAIC’s advanced technologies and solutions group, explored technologies and methodologies. Dr. Axel Lehmann, University of the Bundeswehr, Neubiberg, discussed requirements and technical approaches for managing future information technology systems. Dr. David Brewer of L-3 Communications Network Security Systems (Europe) plc, described security risk management as “the only reliable way to tame the information monster.”
Current risk management for military information systems is based on the need to make security products usable and affordable, Brewer stated. This involves measuring potential risks and their mitigation. Key to this is identifying threats and vulnerabilities that really matter. Risk-measurement techniques can be extended to form the core technology for an automated information security management sys tem.
Communications management presents a different type of issue, according to a panel chaired by Edward W. Chandler, consultant to Linkabit Wireless Incorporated. Col. Bingel discussed how tactical mobile radio communications are a challenge for military frequency management. While NATO’s frequency management subcommittee is working to address its own issues, the legal situation for frequency management is different in every country. This emphasizes the importance of direct cooperation between civil and military frequency managers, he offered.
James Kelly of N.E.T. Federal Incorporated reviewed advanced traffic management for multiservice asynchronous transfer mode (ATM) networks. With ATM, network efficiency competes with the goal of maintaining quality of service. Advanced traffic management can help meet both objectives with an ATM switch that offers a variety of features.
Multilateral security offers both advantages and challenges, according to Jaroslav Blaha of the NATO Air Command and Control Systems Management Agency. It strengthens the ability of users to specify the desired security characteristics of a communications relationship. On the other hand, the challenge is to integrate organic and external resources such as the Internet into a coherent and manageable security infrastructure.