Editorial

Guest Editors

Dorothy E. Denning and Cynthia E. Irvine (Naval Postgraduate School)

Last November, the Editor-in-Chief of JIW, William Hutchinson, invited the Naval Postgraduate School in Monterey, California to put together a special issue of papers representing some of the research at NPS.  We agreed and offer the five papers included in this issue.  All of the papers underwent the normal JIW review process before final acceptance and publication.

The papers reflect but a small sample of the IW-related research at NPS.  There are approximately 40 permanent faculty and research staff at NPS working in some area of IW, and an even larger number of graduate students who have passed through our programs and completed theses.  Many of these people are affiliated with the Center for Information Systems Security Studies and Research (CISR), which was among the first federally designated Centers of Academic Excellence in Information Assurance Education and participants in the Scholarship for Service Program.  Others are affiliated with the Cryptologic Research Center , which enjoys significant participation by members of the Department of Electrical and Computer Engineering, the Information Warfare program, the Center for Homeland Defense and Security, or the Center for Terrorism and Irregular Warfare (CTIW).  NPS is also in the process of establishing the new Department of Defense Center of Excellence in Information Operations.  The new IO center will join CISR and CTIW as components of the Cebrowski Institute for Information Innovation and Superiority.  For more information about our programs, we invite the reader to visit the NPS website at www.nps.edu .

Turning to the papers, “Vulnerability Analysis in Critical Infrastructure Protection” by Ted Lewis introduces a new approach to critical infrastructure vulnerability analysis and risk assessment.  The model-based vulnerability analysis draws upon scale-free network theory and fault-tree/event-tree analysis.  The method is applied to the San Francisco water SCADA system to show where limited resources are best allocated to reduce faults or financial risk.

In “Terrorist Use of Information Operations,” Norm Emery, Rob Earl, and Ray Buettner show how terrorists manipulate the information environment to achieve their influence objectives.  They argue that terrorists understand the information environment and that their actions inherently integrate IO more effectively than typical U.S. military operations.

Neil Rowe and Hy Rothstein consider how deception can be used to attack or defend computer systems in their paper “Two Taxonomies of Deception for Attacks on Information System.”  They consider analogies from deception strategies and tactics used in conventional military operations, concluding that many of these strategies apply, but often in surprising ways. 

David Jenn, Lim Pin, and Paul Sumagaysay tackle the problem of protecting wireless network signals from unauthorized interception in their paper “Vulnerability of Wireless Networks to Interception.”  They show how a commercially available software package can be used to predict signal levels in complex indoor and urban environments.  They use their results to offer simple methods for improving security.

The paper “Subversion as a Threat in Information Warfare” by Emory Anderson, Cynthia Irvine, and Roger Schell builds a case that the threat of an adversary subverting a system during some stage of its life cycle is real, offering past and current examples as demonstration.  The authors conclude that the only solution is rigorous verifiable protection methodologies.

Table of Contents

Paper 1: Vulnerability Analysis in Critical Infrastructure Protection 

T.G. Lewis

Paper 2:Terrorist Use of Information Operations 

N. E. Emery, R.S. Earl, R,. Buettner 

Paper 3: Two Taxonomies of Deception for Attacks on Information Systems 

N.C.Rowe, H.S. Rothstein

Paper 4: Vulnerability of Wireless Networks to Interception 

D.C. Jenn, L.W. Pin, P.P. Sumagaysay

 Paper 5: Subversion as a Threat in Information Warfare 

E.A. Anderson, C.E. Irvine, R.R. Schell 

About the Authors

Emory A. Anderson is a Lieutenant Commander in the United States Navy currently assigned in an Information Assurance role at the Space and Naval Warfare System Center in Charleston, SC.   He has served as a Trusted Product Evaluator during which he participated as a team member on the Windows NT 4.0 C2 evaluation and worked on numerous Common Criteria (ISO 15408) Protection Profiles and Security Targets.  Other assignments include work in computer network defense and forensics, and information assurance and public key infrastructure policy for the Department of the Navy.  He is a member of the Institute of Electrical and Electronics Engineers, and the Association for Computing Machinery.

Raymond Buettner is a retired naval officer and is now an Associate Professor in the Information Sciences Department at the Naval Postgraduate School, Monterey .

Norman E. Emery and Robert S. Earlare active duty officers in the United States Army.  They are recent graduates of the Defense Analysis program at the Naval Postgraduate School in Monterey, California .   Their thesis work focused on the application of information operations to terrorism.

Cynthia E. Irvine is an Associate Professor of Computer Science at the Naval Postgraduate School and Director of the Center for Information System Security Studies and Research (CISR).  She has spent the past 16 years developing theory for, design, implementation, and analysis of high assurance secure systems. She has developed security aware applications for high assurance systems and currently leading the development of separation kernel intended for EAL7 evaluation. She has authored over 70 papers in the area of trusted computing. Dr. Irvine is a senior member of the IEEE, a member of the Association for Computing Machinery, the American Astronomical Society and a Life Member of the Astronomical Society of the Pacific.

David C. Jenn received the Ph. D. degree in electrical engineering from the University of Southern California in 1987.  From 1976 to 1978 he was with McDonnell Douglas Astronautics Co. and from 1978 to 1990 with Hughes Aircraft Co.  In 1990 he joined the Department of Electrical and Computer Engineering at the Naval Postgraduate School as a Professor.  His research has focussed on the design and analysis of high-performance phased array antennas for radar and communication systems, electromagnetic wave propagation, and radar cross section analysis.  Dr. Jenn is author of the book Radar and Laser Cross Section Engineering.

Ted Lewis is Professor of Computer Science and Academic Associate of the Center for Homeland Defense and Security at the Naval Postgraduate School, in Monterey, California .

Wee Pin (Melvin) Lim received a B. Eng. (Electrical & Computer) degree in 1999 and a M.S. (Engineering Management) in 2000, both from Queensland University of Technology.  In December 2003 he completed a M.S. in Engineering Science at the Naval Postgraduate School .  Currently he is with the Singapore Ministry of Defence.

Neil C. Rowe is a Professor of Computer Science at the U.S. Naval Postgraduate School where he has been since 1983.  He has a Ph.D. in Computer Science from Stanford University and three degrees from the Massachusetts Institute of Technology.  Besides on deceptive software, he has done research on intelligent access to multimedia databases, robotic path planning, statistical databases, and intelligent tutoring systems.

Hy Rothstein is a Senior Lecturer in the Department of Defense Analysis at the U.S. Naval Postgraduate School, served in the U.S. Army as a Special Forces officer for more than 26 years.  He served as the Director of Plans and Exercises, Joint Special Operations Command (JSOC), for more than three years and helped develop and operate the first special operations battle lab prior to his retirement in 1999.  He has earned degrees from the U.S. Military Academy, the U.S. Army Command and General Staff College, and the Fletcher School at Tufts University .

Roger R. Schell is co-founder and President of Aesec Corporation, a new company focused on verifiably secure platforms for secure, reliable e-business.  At Novell he led their Class C2 network evaluation, managed development of product security, and holds patents in cryptography and authentication.  He was VP for Engineering at Gemini Computers where he developed their highly secure (Class A1) commercial product. He was the founding Deputy Director of the DoD  (now National) Computer Security Center .  Dr. Schell has more than 60 publications, and was Associate Professor of Computer Science at the Naval Postgraduate School .  The NIST and NSA recognized him with the National Computer System Security Award.

Paul P. Sumagaysay received a B. A. degree from the University of San Diego in 1996.  He graduated from the Naval Postgraduate School in December 2002 with a Masters of Science in Systems Engineering (Information Warfare).  He is currently a Lieutenant in the United States Navy.