A number of key characteristics of information infrastructures flow from the above definitions that are important to targeting considerations. These include components, connectivity, bandwidth, functional interdependence, and ownership and control.
The NII, DII and GII comprise five distinct interdependent components. The first four are explicit in the definitions above; the fifth is more implicit:
the hardware, e.g. the computers; sensors; physical transmission components such as cable; radio/wireless; satellites, and transmission towers;
the software applications, e.g. processes; protocols; encryption; and firewalls;
the information itself, e.g. the databases; and information in transmission including voice, facsimile, text messages, imagery, or information in other forms;
the people who operate and maintain the infrastructure; and
power supply, without which hardware and software cannot function and information cannot be transmitted or accessed. While integrated backup power supply (e.g. uninterrupted power systems (UPS)) could be considered a part of the hardware component, mains supply is not. Most UPS have only a limited capability in terms of both duration and capacity, and mains supply remains critical for full and enduring functionality.
The very broad, virtually instantaneous and seamless connectivity and reach across the various domestic and international information domains of the NII/GII/DII networks is a characteristic that also contributes significantly to infrastructure functional efficiency. Users of these infrastructures have adjusted business or other practices accordingly. Real-time communications are now critical in many areas of business and government. The domestic and global marketplace, which includes stock exchange and credit card transactions, are such examples.[9] This real-time dependence also applies to many emergency services and especially to Defence functions across the whole C4ISREW spectrum, including sensor to weapon configurations, during combat operations. Disruption to connectivity, even for relatively brief periods of time, could have a major impact on outcomes.
Bandwidth across all three infrastructures is constantly increasing, particularly over data networks, in parallel with technology improvements. Client demand has not only kept pace with bandwidth availability, but has outstripped it. Broad bandwidth allows access to vast quantities of information in a very short space of time. In a Defence context in particular, it is an important feature of real-time delivery of surveillance and reconnaissance imagery, and the immediate ‘pull-down’ accessibility of deployed combat forces to their headquarters’ intelligence databases. It is also important in emergency services scenarios, for example in real-time or near real-time monitoring of bushfires or other natural disasters where lives are at risk and the timely delivery of humanitarian aid is critical.
Functional interdependence between information and its supporting systems, and between the supporting systems themselves, is a major factor related to the functional efficiency and security of any information infrastructure. And the more complex the system or network, the greater that interdependence. Failure, in whole or by a part of any component of an interdependent system, can impact on the functionality of another part or, potentially, on the whole system. Depending on the type of system affected (for example, its size or complexity) and the scale of the failure, the cascade effect can have significant implications for specific or general services and capabilities, and ultimately affect how people live and behave. In military terms especially, this cascade of ‘knock-on’ effects fits the classic mould of targeting outcomes in ‘effects-based’ operations.[10]
The principle of related ‘effects-based’ considerations also applies to any compromise of the five key criteria of Information Assurance (IA), which is discussed in more detail later in this chapter.
Ownership of the networks that make up the NII, DII (and thus GII) varies between the government and private sector, depending on the country, and what part of the network within that country, is involved. In most countries today, the major telecommunications service providers are privately owned. And in the world of globalisation, those services may be owned, or part owned by foreign private corporations, the exceptions being where the major telecommunications service providers are state-owned enterprises, like, for example, in North Korea.
In addition, the majority of software systems, especially commercial off-the-shelf (COTS) operating systems, are sourced from foreign corporations, as are many specialist hardware components used within those systems.[11]
Furthermore, the people who develop and maintain and administer particular systems within networks, or the networks themselves, will usually be from the private sector, and indeed may be foreigners.
The up-side of the above is that globalisation or selective global marketing enables access, potentially, to the best hardware, software and people services that are available to deliver and maintain key parts of a country’s NII and DII.
The down-side is that a country (i.e. its people and government as both shareholders and stakeholders) may not own or, in reality, fully control or manage these vital national services. Potentially at least, systems and networks could be vulnerable (in the production, operating and administrative phases) to a hostile person (local or foreign), acting on behalf of others or alone, who accesses, manipulates (or establishes the means to access and manipulate) the functionality of the systems and networks at a future date. There are many ways how this might be done, within and without the target country, but could include covertly inserting trap-doors and ‘Trojan horses’ in its operating software, causing the malfunction of key hardware and software components at a critical time, or enabling other hostiles to access exploitable parts of the system. In normal circumstances this situation might not pose a significant risk, but it could become a national security issue in a time of crisis or war.
The percentage of the DII that is made up of and dependent on the NII, and GII, varies from country to country, but it is generally assessed in most technically advanced countries as about 90 per cent or more. Thus, only 10 per cent or less of the DII in these countries falls into the category of being owned, controlled, managed or administered by their Defence organisation. And, generally, the infrastructure that they do own, control and manage exists primarily at the tactical level only. Few countries can afford to have their own fully independent strategic and/or operational broadband communications systems. The United States is one such country, but that resource is nevertheless limited relative to the total size and operational commitments of the US armed forces. This limitation necessitates the majority of communications being transmitted over leased or other non-Defence owned networks.
One important conclusion is, therefore, that a significant proportion of any Defence organisation’s C4ISREW capability, its Network Centric Warfare (NCW) ‘information superiority’ capability, and any potential information-based Asymmetric Warfare capability, is outside its total control, and may well be foreign owned and under actual or de facto foreign control.
It also means that maintaining and protecting a functional and efficient NII (inclusive of DII components) and its GII connectivity is a critical Defence-specific security requirement, as much as a broader national security requirement.
[9] The Blackberry blackout in the United States and Canada in April 2007, lasting about 10 hours and due to a primary server fault, caused considerable confusion and disruption to many thousands of business and government users, especially those who did not have ready access to alternative communications during that period. According to press reports of the incident, many businesses lost considerable amounts of money because of their inability to close deals or exploit market opportunities within critical timeframes.
[10] The concept of modern effects-based operations has largely been developed by Dr Edward A. Smith, Executive Strategist of Effects-Based Operations at the Boeing Corporation. His most recent book on this subject entitled Complexity, Networking & Effects-Based Approaches to Operations, Command and Control Research Program (CCRP), Department of Defense, July 2006, is available at <http://www.dodccrp.org/files/Smith_Complexity.pdf>, accessed 26 February 2008.
[11] In today’s global marketplace, a critical electronic system might be designed in the United States, comprise operating software written in India, and include physical components manufactured in such countries as China, Malaysia or South Korea.