Securing Information Is the Ultimate Element of Data Management

February 1999
By Lt. Gen. C. Norman Wood, USAF (Ret.)

As Alvin Toffler predicted almost 30 years ago, society is transitioning from its second wave, the industrial revolution, to the third wave, the information age. All three waves, beginning with the agrarian age, offered their own elements of control that proved vital to prevailing economically and politically. In the first wave, the objective in the agrarian society was to control the land from which life-giving food would be harvested. In the industrial second wave, the objective was to control the means of production. Now, in the information age, the objective is to control the information technology.

Prevailing in an information-driven economy hinges on being able to lead, or at least compete, in information technologies. Currently, the industrialized West is the focal point for virtually all leading innovations in this arena. The process is seamless to most users, who take for granted that advances in technology and applications will be geared for the leading-edge consumer market.

This same objective applies to the geopolitical arena, where the military is the main implementer of information technology as it protects Western interests worldwide. In this application, information technology is viewed as the prime enabler for military supremacy. Mastering it is essential to deterring an opponent or prevailing in a conflict.

As other commentators have stated, the ultimate precision-guided weapon is the electron. With the success of U.S. forces armed with the power of data, more militaries worldwide are using the Internet to find information and communicate with forces.

The United States and its allies have mastered packet-switched data and network-centric warfare, delegating platform-centric warfare to a military wave of the past. This has made more information available to forces. However, the flip side is that having more data in volume makes it more difficult to locate and extract that one kernel of information necessary for research, surveillance or strategic planning.

In some cases, finding data is less challenging than achieving the ability to distribute it in a usable form. Several factors stand in the way of seamless, uninhibited data access. Two major inhibitors are bandwidth and pipe capacity. Technology advances are widening data pipes or enabling digitized information to pass through them at greater rates. Bandwidth, however, is more daunting in its limitations on the large volumes of data that can be transmitted. It is probably one of the most serious problems that the West faces, and it is a major obstacle to obtaining data after it is identified and located.

The Internet opens up the capacity to mine data from virtually any country. Global interconnectivity, with its unlimited potential for empowering with information, also opens up a host of vulnerabilities. In the Internet realm, to be connected with anybody is to be connected with everybody. Terrorists know this, and their future activities are more likely to employ the electron than the explosive.

Our third wave society has enjoyed a quantum leap in available data, along with the ability to sort through it, obtain the correct information and assimilate it into the proper form for distribution to the correct user. Once users begin to move this information, they must protect it to ensure its security and validity. Without this, its advantages are lost and new liabilities emerge.

To achieve information assurance, users employ a wide variety of solutions. Most forms of security begin with firewalls, but a greater emphasis is now being placed on intrusion detection. Two items that will go a long way toward offsetting vulnerabilities are authentication and encryption. Authentication can validate the identity of a message sender to prevent acceptance of false information. The ability to encrypt vital information helps ensure the fidelity of the data. This is even more significant in the information age, as high-power computers now have the ability to break codes faster than could have been imagined only a few years ago.

The umbrella covering all these aspects is multilevel security. It always has been the measuring tool by which users gauge whether they could protect their information. In the intelligence community, information comes in various forms—unclassified up through highly compartmented. Obtaining a fused picture of these diverse data requires combining the inputs from various organizations across the spectrum. This mandates protecting these data at the level they are classified while commingling output for appropriate users.

Ensuring appropriate access to information is only half the equation, for industry as well as for government. The National Security Council’s Richard A. Clarke recently suggested to attendees at an AFCEA intelligence symposium that the key to protecting against external threats may lie in assessing domestic vulnerabilities. He said this could involve asking a few vital questions: “Where are our single points of failure? Where can our systems be easily stressed or overwhelmed? Where have we left the doors open? How would you attack America?”

Business and government alike frequently fall prey to the trap of preparing for the last crisis. Success often breeds complacency, and the successful U.S. economy, coupled with unchallenged military superiority, may be blinding decision-makers to inherent vulnerabilities.

The nations of the industrialized West must guard against being seduced by the glittering tower of technology. A few well-placed cyberterror attacks or even an unexpected complex failure could turn this tower into a teetering house of cards. Having access to all the data in the world is a liability rather than an asset, if it is not wrapped in adequate security.

This need for security should not impede the drive for greater incorporation of information system innovations, however. The third wave is well upon us, and catching that wave opens up a host of opportunities in every corner of this burgeoning information society.