1. Information Operations Conditions (INFOCONs) In The Real World
Although our mission is Strategic Nuclear Deterrence, we are fully aware of the impacts that information operations can have on our ability to execute that mission.
The consequences of not being prepared are clear.
Information Operations may not be a kinetic weapon system, but clearly it can have serious consequences. Our job in J6 is to defend against such an attack.
Our bottom line is that a strong Information Assurance (IA) program is absolutely essential to provide assured information services to the warfighter.
Major George L. McMullin II
UNCLASSIFIED

2. INFOCONs What Why How UNCLASSIFIED
- What is the most powerful unified Command on the face of the earth doing about it?
UNCLASSIFIED

3. VIRTUAL COMMUNITY, VIRTUAL THREAT “Virtual” Enemy “Virtual” Country
Vulnerabilities
Global Info Flow
- Virtual Country: no geographic boundaries or borders in cyberspace
- Global Information Flow: Information exchange is instantaneous--that does not mean we should believe everything we read in cyberspace
- Proliferating Attack Weapons: more weapons, easier to use
-- Example: Search utility on Internet found 50,000 hits on “hacking”
- Vulnerabilities: Are increasing exponentially with the continuing rapid increase in technology -- DISA has over 400 known Internet vulnerabilities they’ve posted on their bulletin board.
- Growing Technology & Targets: The growth of technology has resulted in a proportional growth in opportunities to exploit
- No laws: Virtually no International laws exist on computer crimes (a crime in U.S. may not be a crime in Sweden) -- more international cooperation is critical to bringing violators to justice
- Virtual Enemy: The enemy is invisible.
Growing
Technology & Targets
Proliferating
“Attack” Weapons
Technology Leads Laws
UNCLASSIFIED

4. COUNTERING THE THREAT Protect Detect React People Processes Systems
Facilities
To build the foundations of our program, we started with a basic formula of “protect, detect, and react”--a fairly standard DoD concept.
We then applied this formula to the building blocks of “people, processes, systems, and facilities.” The result has been a well-balanced program with a strong foundation.
Policy/Concepts: Strong policies are vital, from how to accredit your systems to enforcing computer passwords, our team keeps current with leading edge practices and technologies, and integrates them into Command guidance and planning efforts.
Earlier this year we hosted a workshop with Joint Staff, pulling together CINCs, Services, and component Info Assurance players. This year’s workshop also focused on pulling the Task Forces together.
Awareness: We put great emphasis on security awareness and training. Newcomer’s programs and recurring training have paid big dividends. The results of Global Guardian 98 yielded a 98.5% OPSEC effectiveness rate. We attribute this success primarily to training and awareness programs. We have always had strong CINC sponsorship in this area.
Security Assessments: Find the vulnerabilities before your enemies! We have built an in-house “Red Team” to test our systems in real time. We also assess readiness by exercising our capabilities during Command exercises such as Global Guardian.
Response: The final ingredient is the ability to respond to any IO attack. We have formed a home-grown response capability called the STRATCOM Computer Emergency Response Team (STRATCERT). This team has forged strong operational ties both internal to STRATCOM and with other DoD agencies.
Policy/Concepts
Awareness
Security Assessments & Exercises
Response Capabilities
UNCLASSIFIED

5. DEFCON THREATCON INFOCON National Geographical Organizational
- What is the most powerful unified Command on the face of the earth doing about it?
UNCLASSIFIED

6. USSTRATCOM’s RESPONSE
Training and Awareness
Info Operations Conditions (INFOCONS)
Computer Emergency Response Team (STRATCERT)
“Red” Team
Exercises/Testing
New Intrusion Detection Technology Demonstration
- What is the most powerful unified Command on the face of the earth doing about it?
UNCLASSIFIED

7. INFORMATION ASSURANCE POSTURE
Monitor
Threats
Assess
Vulnerability
The goal is to be able to continually manage the risk so that it is acceptable. This is a continual process that everyone in the Command is part of.
We have a layered defense strategy of people and technology that allows us to monitor the threat, assess the threat to determine if we are vulnerable, and then to manage the risk to the Command if we are vulnerable.
Manage
Risk
UNCLASSIFIED

8. INFORMATION OPERATIONS CONDITIONS (INFOCONs)
Escalating Information Threat Conditions
Normal > Alpha > Bravo > Charlie > Delta
Responses for each condition
Developed by USSTRATCOM personnel
Defense Science Board report
Exercise lessons learned
Focus - C4I defense from computer network attack
We are also the first DoD organization to implement the concept of Information Operations Conditions. INFOCONs are roughly analogous to Terrorist THREATCONs and the local base THREATCONs, but are designed to define and respond to an information attack.
Theat changes can be simplified in another way:
A DEFCON change is a national response
A THREATCON change is a geographical response
An INFOCON change is an organizational response
Developed by USSTRATCOM personnel, we built our INFOCONs using the basic construct mentioned in the 1996 Defense Science Board report, GG 97 lessons learned, and daily operations.
The focus of the INFOCONs is C4I defense, primarily against computer network attacks.
UNCLASSIFIED

9. Advantage Hacker Technology Edge Difficult to develop perfect defense
High cost in time and money
Tools
Free vs Expensive
Simple vs Complicated
Picks the time, place, medium, and method
David Effect
We are also the first DoD organization to implement the concept of Information Operations Conditions. INFOCONs are roughly analogous to Terrorist THREATCONs and the local base THREATCONs, but are designed to define and respond to an information attack.
Theat changes can be simplified in another way:
A DEFCON change is a national response
A THREATCON change is a geographical response
An INFOCON change is an organizational response
Developed by USSTRATCOM personnel, we built our INFOCONs using the basic construct mentioned in the 1996 Defense Science Board report, GG 97 lessons learned, and daily operations.
The focus of the INFOCONs is C4I defense, primarily against computer network attacks.
UNCLASSIFIED

10. Effective Employment Hostile intent identified?
Accomplish aims of aggressors?
Increase in probes/attacks?
Recommended?
Mitigating circumstances?
We are also the first DoD organization to implement the concept of Information Operations Conditions. INFOCONs are roughly analogous to Terrorist THREATCONs and the local base THREATCONs, but are designed to define and respond to an information attack.
Theat changes can be simplified in another way:
A DEFCON change is a national response
A THREATCON change is a geographical response
An INFOCON change is an organizational response
Developed by USSTRATCOM personnel, we built our INFOCONs using the basic construct mentioned in the 1996 Defense Science Board report, GG 97 lessons learned, and daily operations.
The focus of the INFOCONs is C4I defense, primarily against computer network attacks.
UNCLASSIFIED

11. Y2K! “El Nino Of The Cyber World!”
Coming Soon. . . a Winter Blockbuster!!
Y2K!
One Time Only!
All Shows Free!!
1 Jan 2000!
All Theaters!
- Year perfect time to strike
- Y2K problem or computer hacker--who will be able to discern the difference.
- BCOT class--you are the ones who will be tasked with solving many of these problems-- this is warfighting in the 21st Century
“El Nino Of The Cyber World!”
Coming Soon!
UNCLASSIFIED