Fall 2023

This new edition of the Journal of Information Warfare (JIW) offers a global view, with authors from around the world analyzing their research into cutting edge topics on Information Warfare and Cyber Security. These academics have laid out in these eight papers their theses and concepts as shown here:

• A Systemic View of Surprise Attacks: Why It Matters
• A No Limits Partnership on Propaganda
• Analysis of the Next Evolution of Security Audit Criteria
• Desperately Seeking Strategic Alignment: Australia’s Response to the Informatic Environment as a Global Security Disrupter
• The Cybersecurity Framework’s Most Vulnerable User: Small Business
• How China Uses Social Media in Grey Zone Operations toward Taiwan
• Information Operations Do not worry me
• Effects-Based Ideas: An Opinion-Based Examination

Summer 2023

Welcome to the latest edition of the Journal of Information Warfare. Enclosed are nine double-blind peer-reviewed academic papers that encompass a wide variety of topics and issues:

Spring 2023

Welcome to the latest edition of the Journal of Information Warfare (JIW). This is a very interesting set of papers that we have selected to publish as it demonstrates the breadth and depth of academic intellect of our community. These articles range from very technical cyber attack methodologies, to social media, proposed military reorganizations, as well as awareness tactics to understand the threat. This is done on purpose, as we want to expose how broad this research publication is, and how incredibly exciting this field is becoming. Specifically includes this publication the following papers:

Spring 2022

Are we witnessing the first TikTok war, with the invasion of Ukraine? The prevailing wisdom before 24 February 2022 was that Russia had a significant Information Warfare (IW) capability based on previous events, and that combined with cyber security attacks on the infrastructure in-theatre, across Europe and the United States, which would mean a very quick victory. To date that has not happened, and a fascinating aspect from this conflict has been the tremendous difference in the messages coming from Volodymyr Zelenskyy and Vladimir Putin. The former comedian turned politician is definitely winning the hearts and minds of the public, with his stalwart resistance and videos of him in combat gear, while the latter sits at the end of an extraordinarily long table, afraid to engage with anyone.

Winter 2022

Cybersecurity has evolved over the years, and today cyberattacks instigated by cyber-criminals, nation states, or insider threat actors are part of regular headline news. In South Africa and around the world, the number of cyberattacks or incidents in the public and private sectors have been on an increase over the past few years, but are more prominent since the emergence of the COVID-19 pandemic. The ransomware attacks and data breaches are more common. Recent research studies indicate that in 2020 countries such as India reported over 50 000 cybercrimes (12% increase from previous year) and Australia reported a 13% increase in 2020 with one in four of the cyber incidents targeting critical information infrastructure. In August 2021, the Information Regulator indicated that close to 40 organisations reported suffering a security breach in South Africa. All these cyber incidents come at a cost estimated to be at $500 billion per annum, negatively impacting 20% of the businesses; whilst in South Africa, the South African Banking Risk Information Centre (SABRIC) predicts cybercrime losses to be over a billion every year and that the attacks will be increasing. The developed countries are not protected either, as a recent study from Checkpoint indicates that ransomware attacks have increased by 93% in 2021 with Europe, the Middle East, and Africa seeing the highest growth. In the United States, authorities have also observed over 500 attacks in 2021 that have been perpetrated by the Conti ransomware.

Fall 2021

The Journal of Information Warfare (JIW) was launched in Washington at InfoWarCon 2001, on Thursday, September 6th, 2001. The following Tuesday saw the world and Information Warfare change dramatically. Now 20 years later, we desired to get the original authors in the two issues published in 2001, to write new papers to show the changes over the last 20 years as they see them. In this way, this volume is different as the papers are personalised. The experience of the authors makes this entertaining and informative to all JIW readers. We could not track down all the authors or persuade some to write again but we do have a good selection. I hope you feel the same.

Summer 2021

For the past year, COVID 19 has cast a long, dark shadow across the globe. It has proven itself to be a powerful and agile enemy capable of overcoming countless obstacles to spread, mutate, and destroy human lives and livelihoods. Today, it is undeniably the case that COVID 19 continues to shape our world and our future, but it is also undeniably the case that we are not helpless anymore.

We have armed ourselves and are continuing to arm ourselves with the one thing that will surely help us in this fight—information. We have learned how the virus spreads, to whom it is most easily transmitted, what mitigating measures we can take to protect ourselves and each other. We know what type of vaccine it will respond to. We know enough about its spread that we can anticipate surges and exercise some control over their severity. We know that variants are bound to occur, and we can move to address those mutations with hitherto unimagined speed.

Spring 2021

Infrastructure Resiliency from a Macro Cyber Perspective

In our 2019 special edition of the Journal of Information Warfare, the foundations for autonomic control for critical infrastructure and operational technology systems were introduced. Herein we build on that foundation by introducing the concept of resiliency from a macro cyber perspective. The prefix ‘macro’ has been applied previously to concepts such as ‘economics’ to differentiate national scale economic concepts such as gross domestic product from ‘micro’ scale economics, which focuses on solvency of, for example, individual homes and businesses. Here we apply the same prefix to resiliency in cyber systems to differentiate between micro cyber resiliency, which we define as ensuring the functionality of individual cyber devices, systems, and networks; and macro cyber resiliency, which we define as ensuring the functionality of interconnected systems comprising control, sensing, and physical elements such as are found in critical infrastructure like the power grid.

Fall 2020

This issue celebrates the best papers from the International Conference on Cyber Warfare and Security (ICCWS) held last spring at Old Dominion University (ODU) in Norfolk, VA. As the dates for the conference neared (9-13 March 2020), the United States (and the world) was rapidly shutting down due to COVID-19. Even with 50+ delegates from all over the world already onsite, it was touch and go up to almost the very last moment as to whether the event was going to happen. Luckily, we were able to proceed with the conference, which might go down as one of the last academic conferences conducted in person in the U.S. before the lockdown. What is certain is that the conference was a great event, as evidenced by the papers here that represent the best of the best as rated by the conference stream chairs.

Fall 2020

Strange times, indeed. Circumstances are dire across the globe. Here in the United States, we see news reports or broadcasts identifying COVID-19 as a combination of the worst pandemic in 100 years, the worst recession since the ’30s, and the worst riots since the ’60s … all rolled into one. On top of the fallout from the pandemic, we are aware that there are a number of Information Warfare (IW) campaigns being conducted around the world, in both positive and negative manners, that can significantly affect the conduct of present and future international policy. The papers in this edition of the JIW reflect the challenges of these times and circumstances.

From the Editors

Special Issue: Legal, Social, and Technical Considerations for Cyber Security 
in the Digital Revolution

The current digital revolution is often synonymous with the Fourth Industrial Revolution, where there is increasing focus on the use of artificial intelligence and machine learning, big data and data science, and cyber-physical systems with particular focus on the Internet of Things (IoT). The introduction of new technologies has the potential to increase the attack surface as well as the legal liabilities of security flaws and failures with or by the technology. In addition, there exist gaps in terms of cybersecurity governance and policy that need to be addressed.

The Cambridge Analytica scandal illustrated how big data can be misused to aid in potentially influencing the outcomes of voting, with severe social and legal repercussions for the organisation when their role was discovered (Meredith 2018). In addition, big data is often not as helpful as expected; Lui (2016) indicates that 32% of organisations found big data made decision-making more problematic.

The security concerns with IoT were demonstrated when a casino was hacked through the Inter-net-connected sensors for the lobby fish tank (Schiffer 2017). At a larger scale, distributed denial of service attacks from the Mirai botnet (consisting of compromised IoT devices) targeted Dyn and disrupted access to social media across the U.S. and Western Europe (Woolf 2016), and then essentially severed Liberia from the Internet (Kirk 2019). The varying scale of the attacks means that there is a greater need to consider both national laws and regulations, as wells as international laws. An example of the growing efforts for common international frameworks includes the Paris Call (Macron 2018) and the norms proposed by the Global Commission for the Stability of Cyberspace (2019).

This special issue invited authors who presented papers at three mini-tracks (chaired by the editors for this special issue) at the 2019 International Conference on Cyber Warfare and Security to expand upon their work by including additional content and contributions not presented at the conference. The papers submitted to this issue have undergone a double-blind peer review process in addition to the review process for the conference. Of ten papers invited, eight have been selected for inclusion in this special issue.

Spring 2020

When I wrote the editorial of the previous edition (19.1), COVID-19 was this distant item in the news that occasionally was mentioned. In the last three months, it has changed the world as we know it, with hundreds of thousands of deaths, the global economy moving to a depression, with a new existence for all involving social distancing while we wait for a vaccine to be developed. Into this environment, the use of information, for good and for bad intentions, has grown tremendously as different groups try to seize the narrative and cast blame or divert attention. In addition, academics and researchers are feeling the pain as Universities and Colleges are shutdown, with huge losses in revenue and funding.These are indeed strange times, and unfortunately, I am not sure that it will get better soon, so as a group I ask that we all continue to write and publish, rigorous and detailed papers, that demonstrate and reveal the truth to ensure that we are not blinded by lies and innuendo. 

March 2020

These are exciting times for the Journal of Information Warfare as we have recently published two special editions: the first with the Partnership for Countering Influence Operations (PCIO), housed by the Carnegie Endowment for International Peace (for more on this initiative, see https://carne-gieendowment.org/specialprojects/counteringinfluenceoperat...), and the second with the cadre of experts from and affiliated with the Pacific Northwest National Laboratory in Richland, Wash-ington. In the next eighteen months or so, in addition to our regular issues, we’ll partner with the Council for Scientific and Industrial Research (CSIR) in South Africa on a special edition; work with a group of ICCWS researchers and experts to produce an edition that focuses on big data and privacy, legal perspectives, and cyber-physical systems’ security; and, under the guidance of our first Chief Editor, Bill Hutchinson, deliver a 20th-anniversary edition featuring the authors of the inaugural volume of JIW.

Winter 2019

Preparing for a Future of Critical Infrastructure under Autonomic Control

This special edition of the Journal of Information Warfare explores foundations of key technol-ogies that we believe will drive a revolution in control of critical infrastructure systems. This revolution is needed because of the importance of these systems (i.e., providing most of the basic functionality required to sustain life and livelihood on a national and global scale), the growing prevalence of networked sensing and control that operates these systems, and the increasingly hostile and fast-acting ecosystem that challenges them on a daily basis. It is our assertion that in the near future increasing autonomy will be necessary for subsystems and their components to react quickly enough (and proactively position themselves) against the threats they face. This has the added benefitof freeing up humans to act in a supervisory and strategic decision-making loop that resides above the lower-level subsystems and component control—but it also comes with an added cost of designing systems so that, when they take autonomous action, it is transparent to humans and the motivations for and impact of those actions are also communicated and controllable by human operators. The goal is to make human decision-making more impactful and at a time scale that is appropriate for human cognition.

Winter 2019

Influence operations (IO) are nothing new. Studies of propaganda demonstrate that efforts to inflence the battlefield by, for example undermining the will to fight, are as old as war itself (Taylor 1999). Of great concern in recent years has been the audacious targeting of these techniques upon civilian populations in peacetime, including toward rituals central to the integrity of democratic societies, such as elections. IOs typically mimic and appropriate individuals expressing their rights to freedom of speech but are, in fact, run by agents of foreign powers attempting to manipulate and degrade public debate with the aim of undermining the functioning of those societies.

Spring 2019

As the owner of the JIW, Peregrine Technical Solutions, LLC., has also developed and successfully executed, the first registered DOL cyber apprenticeship in the nation (https:// augustafreepress.com/mcauliffe-announces-virginias-first-cybersecurity-apprenticeship-program), with the first nationwide cohort graduating in May 2019.  

Winter 2019

In earlier editorials, I’ve written about the urgent need to modernise IO capabilities to meet the challenges of our information-age world. There can be no doubt: the nature of power has changed radically. In this new era, nations, groups, even individuals conduct multi-faceted information campaigns designed to influence perception of everything from soft drinks to presidential candidates to national security threats. These campaigns employ wholesale onslaughts of manipulated texts and images as instruments of informational power. Perception management and computer network operations figure prominently as new informational capabilities.

Fall 2018

Information has always been regarded as an element of power. Too often, however, it has been seen as an enabling or supporting component rather than as the mission-critical element it frequently is in conducting operations. Indeed, the very nature of modern-day operations, with its persuasive and never-ending 24-7 global media coverage, has time and again demonstrated the need for actors and nation-states to utilise all the tools or elements of power at their disposal. To be sure, information must be considered a vital compo- nent in any sort of influence type of operations.

Summer 2018

"In an age when terrorists move information at the speed of an email, money at the speed of a wire transfer, and people at the speed of a commercial jetliner, the Defense Department is bogged down in the micromanagement and bureaucratic processes of the industrial age—not the information age. Some of our difficulties are self-imposed, to be sure. Some are the result of law and regulation. Together they have created a culture that too often stifles innovation.... The point is this: we are fighting the first wars of the 21st century with a Defense Department that was fashioned to meet the challenges of the mid- 20th century. We have an industrial age organization, yet we are living in an information age world, where new threats emerge suddenly, often without warning, to surprise us. We cannot afford not to change and rapidly, if we hope to live in that world."

—Rumsfeld, D, U.S. Secretary of Defense February 2003, Prepared Statements to House
Armed Services Committee, FY 2004 Defense Budget Hearings

I love this quote because it demonstrates two things. 

Spring 2018

Information is power. How a nation uses that power determines how effective that country can be in influencing world politics. The use of information to affect international relations has a long and varied history: in the past, governments or leadership elites would control information, thereby exercising power over their people. Historically, the primary elements of power included military, economic, and diplomatic factors; in the 21st century, the control of information is rapidly assuming a place of primacy in the conduct of foreign policy. However, the tremendous advances in computer technology, telecommunications, and perception management over the last decade have forever shattered the monopoly of control governments once held with regard to information. Because nations no longer control the flow of information, they can only attempt to coordinate its use as best as possible.