Volume 3, Issue 2 Editorial
SPRING 2004
Last November, the Editor-in-Chief of JIW, William Hutchinson, invited the Naval Postgraduate School in Monterey, California to put together a special issue of papers representing some of the research at NPS. We agreed and offer the five papers included in this issue. All of the papers underwent the normal JIW review process before final acceptance and publication.
The papers reflect but a small sample of the IW-related research at NPS. There are approximately 40 permanent faculty and research staff at NPS working in some area of IW, and an even larger number of graduate students who have passed through our programs and completed theses. Many of these people are affiliated with the Center for Information Systems Security Studies and Research (CISR), which was among the first federally designated Centers of Academic Excellence in Information Assurance Education and participants in the Scholarship for Service Program. Others are affiliated with the Cryptologic Research Center, which enjoys significant participation by members of the Department of Electrical and Computer Engineering, the Information Warfare program, the Center for Homeland Defense and Security, or the Center for Terrorism and Irregular Warfare (CTIW). NPS is also in the process of establishing the new Department of Defense Center of Excellence in Information Operations. The new IO center will join CISR and CTIW as components of the Cebrowski Institute for Information Innovation and Superiority. For more information about our programs, we invite the reader to visit the NPS website at www.nps.edu.
Turning to the papers, “Vulnerability Analysis in Critical Infrastructure Protection” by Ted Lewis introduces a new approach to critical infrastructure vulnerability analysis and risk assessment. The model-based vulnerability analysis draws upon scale-free network theory and fault-tree/event-tree analysis. The method is applied to the San Francisco water SCADA system to show where limited resources are best allocated to reduce faults or financial risk.
In “Terrorist Use of Information Operations,” Norm Emery, Rob Earl, and Ray Buttoner show how terrorists manipulate the information environment to achieve their influence objectives. They argue that terrorists understand the information environment and that their actions inherently integrate IO more effectively than typical U.S. military operations.
Neil Rowe and Hy Rothstein consider how deception can be used to attack or defend computer systems in their paper “Two Taxonomies of Deception for Attacks on Information System.” They consider analogies from deception strategies and tactics used in conventional military operations, concluding that many of these strategies apply, but often in surprising ways.
David Jenn, Lim Pin, and Paul Sumagaysay tackle the problem of protecting wireless network signals from unauthorized interception in their paper “Vulnerability of Wireless Networks to Interception.” They show how a commercially available software package can be used to predict signal levels in complex indoor and urban environments. They use their results to offer simple methods for improving security.
The paper “Subversion as a Threat in Information Warfare” by Emory Anderson, Cynthia Irvine, and Roger Schell builds a case that the threat of an adversary subverting a system during some stage of its life cycle is real, offering past and current examples as demonstration. The authors conclude that the only solution is rigorous verifiable protection methodologies.
Guest Editors
Dorothy E. Denning and Cynthia E. Irvine, Naval Postgraduate School
AUTHORS
Professor, Defense Analysis Naval Postgraduate School, Monterey, California
Dorothy Denning is Professor of Defense Analysis at the Naval Postgraduate School. She is author of Information Warfare and Security, and the recipient of several awards.
Director, Center for Information System Security Studies and Research (CISR);
Associate Professor, Department of Computer Science, Naval Postgraduate School, Monterey, California
USA
Cynthia E. Irvine is an Associate Professor of Computer Science at the Naval Postgraduate School and Director of the Center for Information System Security Studies and Research (CISR). She has spent the past 16 years developing theory for, design, implementation, and analysis of high assurance secure systems. She has developed security aware applications for high assurance systems and currently leading the development of separation kernel intended for EAL7 evaluation. She has authored over 70 papers in the area of trusted computing. Dr. Irvine is a senior member of the IEEE, a member of the Association for Computing Machinery, the American Astronomical Society and a Life Member of the Astronomical Society of the Pacific.
Published In
Keywords
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive
