The Role of Computer Network Exploration (Active Sigint) in Information Warfare

Summary of Per Kjelnäs's article in RSAWSPJ no 6 2001.

The article is Per Kjellnäs's inaugural lecture presented to the Military Technical Section of The Royal Swedish Academy of War Sciences, presented on 8th May 2001.

The emergence of new communications systems and their interconnectivity through the global net have considerably increased the scope for information operations and information warfare. The purpose of such activities could be the intelligence collection, manipulation or destruction of stored data or the disruption of vital public services.

Normal security solutions to stop such incursions are not sufficient to keep advanced perpetrators at bay.

To carry out offensive operations, a wide knowledge of the target environment is essential. This is achieved by passive monitoring. Successful attacks are in turn highly dependent on the skill of the aggressors.

The legal position for such operations varies considerably from one country to another. Swedish law is most stringent in this respect, for active measures as well as for protection against incursion.

It is reasonable to assume that active measures of this type are already being used by the superpowers for their intelligence gathering, and that these operations (sometimes called Active Sigint) could result in very significant intelligence data.

Active Sigint involves the penetration of security systems to tap information stored or being readied for transmission to parts of the global net. These incursions should not be traceable. The taps could either be coincidental with the incursion, or as trojans left behind in the target computer to ensure subsequent dumps to addresses controlled by the perpetrator.

To change or destroy the contents of information systems is no more difficult than intelligence operations, but the risk of exposure is considerably greater, and such measures are thus more likely to be considered in open conflicts or real war.

To exploit the possibilities of Active Sigint is a very demanding task, showing great similarities to conventional Sigint. For this reason, the two are often combined. This also helps to protect the resulting intelligence dissemination, as the output from active measures could conveniently be merged with normal Sigint sources.