Information Warfare (IW) and your Company Risks

There are two ways to look at Information Warfare IW and your Company Risks from a Entreprise Risk Management (ERM) point of view: the good one and the bad one.

The good one encompasses good thinking and planning, the bad one goes into premature acquisition of technical solutions, hardware and “magic gear”.

Cyber Defense Operations Command Monitor

First of all let’s look at the reality of things: does IW exist? Sure it does: there are even schools that teach it, addressing corporate needs; and it has been abundantly used in recent armed conflicts.

Secondly let’s answer a simple question: is IW at the exclusive reach of highly skilled programmers and hackers? Here the reply is again clear: with minimal study and efforts anyone can implement an IW attack and start a campaign against a corporation.

Information Warfare IW and your Company Risks

Riskope International was asked by a European army to perform an IW risk assessment on an entire country. More specifically we were asked to evaluate how much money should be invested by an hostile party to obtain a certain damage level to a country, and what the likelihood of reaching that goal would be. We were asked to stay away from hacking or technical procedures, as the military are well equipped in those areas, but rather to examine the information related risks. We found out there is a very fine line between IW and good old propaganda, as defined from WW-I on to nowadays. Obviously information vectors have evolved, and therefore deployment tactics have/should changed.

The results of Riskope International study changed the view of our clients on what objectives can be achieved, what damage can be brought to an organization, and what it takes to get there. During the study an attack on Italian Civil Protection, perpetrated by a non identified group, showed that our conclusions closely matched reality.

Finally, looking at what kind of protection a corporation can develop, it becomes apparent that filtering and properly fusing information in order to trigger timely (immediate) and pertinent response seems to be the way. Recent documented examples in industry have shown how true this statement is.

Riskope International IW missions for corporate clients are geared towards helping clients to detect informational vulnerabilities, finding how easy it is to “fake” or distort information, how “colorful and vivid” the distorted information would be…and finally how that information can be brought to self-amplify and infect the informational environment of the corporation.

Once clear filtering and fusing criteria have been selected, it will be time to start thinking about gearing up…not before that, the penalty being a significant waste of mitigative investments and most likely no protection at all.

Tagged with: assessment, crisis, decision, management, operational, risk

Category: Crisis management, Risk analysis, Risk management