Network Eccentricity Imperils the Infosphere

Technology that connects anybody also connects everybody.

Responding to a soldier’s complaint about equipment inadequacies in Iraq, former Secretary of Defense Donald Rumsfeld replied, “You go to war with the army you have, not with the army you want,” and his remark was condemned as an unforgivable excuse for gross mismanagement. While warranted, that criticism could be leveled at most administrations in U.S. history when arms are stacked and forgotten at war’s end. Today, mismanagement is exemplified by the current reliance on information operations amid network centricity, which offers as much vulnerability as advantage.

Revolutions destroy in order to build. While the goals for a light, lithe and lethal military are achievable, they remain so only if as much attention is given to what is discarded as to what is acquired. Those who would transform the military tend to use lessons from battle as a baseline and evolving technologies as a guide. Given that transformation takes a decade or more, one must accurately define the shortfalls in the military kit and then evaluate potential tactics and technologies against a wide range of threats.

Analysis begins by determining why our forces in Iraq are ill equipped. One senior government official faults the Cold War and an opponent that was easy to find but hard to kill. That resultant preference for platforms and weapons still drives the defense budget. Regrettably, this priority on kinetics caused a reduction in funds for technologies and tactics essential to “find and fix” an elusive adversary.

Experience in Iraq and Afghanistan has turned that force model on its head. Adversaries in this asymmetric conflict are easy to kill—a single 19-cent bullet is sufficient, noted one senior military officer—but insurgents who meld into the population are hard to find and even harder to keep fixed until engaged.

Employing networked information technology to connect sensors to shooters directly is the means chosen to find, fix and kill such opponents. While richly interconnected networks can significantly improve collaborative planning and force execution, they do so only if the networks perform reliably and securely when linked through the demonstrably vulnerable Internet and its connective media.

The Internet once was thought to be too dirty and vulnerable to be the primary transport medium for national security matters. A secure and private network called GOVNET was considered then abandoned in favor of a web-based Internet protocol (IP) service-oriented architecture. A web-based architecture is challenged to provide the means to share information without compromising security. Moreover, it must do so in a common operating environment, often with nontraditional partners and across different domains, without knowing precisely who needs that information, how it will be used and, more importantly, how it will be protected. This challenge of secure sharing in an unpredictable environment is characterized by one software engineer as “a leap of faith that the recipient will treat the information properly, not abusing the implied trust.”

Networks will not provide for secure sharing of information until they can demonstrably satisfy three fundamental points.

First is the quality of information being introduced to the network. The metric for quality defined by the warfighter is timely, precise and actionable intelligence immediately accessible at lower echelons. Because of the extraordinarily short kill cycle in insurgency operations, this is especially important at the tip of the spear—where it is most lacking today.

The Iraq conflict is an information war aimed at influencing human behavior. To function in what military analyst Anthony Cordesman calls this human-centric war, allied forces must be able to operate inside an opponent’s OODA loop—John Boyd’s observe, orient, decide and act loop. Regrettably, the tools and tactics to observe and orient in order to decide and act suffered the most crippling declines in funding and management attention following the Cold War.

The second essential ingredient in network-centric warfare is information assurance. This mandates that all networks provide secure connectivity while under attack from resourceful opponents. Many of these networks are an assemblage of commercial components, bought off the shelf with operating funds to satisfy local needs. They are connected with little regard to standards or central management and controlled by software that was described by ex-defense official Paul Strassmann as the most unreliable artifact known to humankind.

Historically, our armed forces considered communications—if they did so at all—as a given and fought in what Robert Hermann called “a free signaling environment.” Their information domain was free because it suffered only from mutual interference in the radio frequency spectrum. However, information warfare now must be conducted in a polluted electromagnetic environment that demands significantly higher standards for discipline and deconfliction. A highly regarded expert in information operations recently commented that “we as a military are basing an enormous amount of military capability and future security on an information backbone that may be indefensible and could be prone to interruption and degradation when we can least afford [it].”

The German army responded to failed communications in World War I with a doctrine called Auftragstaktik, which assumed that disconnected units still could function productively within the context of their “commander’s intent.” That doctrine has little utility today when the commander’s intent can be impalpable, mercurial or immensurable. A disconnected force is a paralyzed force.

In congressional testimony, Lt. Gen. Charles E. Croom Jr., USAF, commander of the Joint Task Force–Global Network Operations, outlined proactive steps being taken or planned to build, operate, continually assess and defend the IP-based Global Information Grid, the backbone for virtually all military operations. While barriers can be erected against many forms of cyberattack, the defender always is in a react-and-recovery mode. A single disruptive penetration anywhere in any connected network can propagate instantly with potentially devastating effect on military operations.

However, defense is not the only option available in computer network operations. In his March 21 testimony before Congress, Gen. James E. Cartwright, USMC, commander of the U.S. Strategic Command—and the senior military official charged with full spectrum information operations—voiced a need to take offensive actions in the imprecisely defined domain called cyberspace. He told the House Armed Services Committee that the best defense against cyberattacks is to go on the offensive and “apply the same principles of warfare to the cyberdomain as we do to sea, air and land.” He added that the United States lacks dominance in the cyberdomain, which will become increasingly vulnerable “if we do not fundamentally change how we view this battlespace.” Gen. Cartwright also cautioned that adversaries in cyberspace include other countries, terrorists and criminals who operate behind “technical, legal and international screens” and that “we will need Congress’ help finding solutions to penetrate these screens.”

The Joint Chiefs of Staff define cyberspace as a domain “characterized by the use of electronics and the electromagnetic spectrum to store, modify and exchange data via networked systems and associated physical infrastructures.” How well then will the sanctioned rules and tools governing the military in sea, air, land and space domains apply to the global electromagnetic spectrum—this nebulous, artificial place in which humans interact over networks without regard to physical geography?

The U.S. Air Force views cyberspace as a third operational domain, with the others being air and space. The commander of the Air Combat Command, Gen. Ronald E. Keys, USAF, says that “almost everything I do is either on an Internet, an intranet or some type of network—terrestrial, airborne or spaceborne.” He also observes, “We’re already at war in cyberspace—have been for many years.” The Air Force is standing up a new four-star Cyber Command to ”organize, train, and equip forces for cyber war” (SIGNAL Magazine, June 2007). The U.S. Navy has formed a new Naval Network Warfare Command (SIGNAL Magazine, December 2006), and the U.S. Army reportedly is considering a similar move.

The third essential ingredient for superiority in information warfare is a dramatic reduction in system response time. Superiority in the OODA loop battle is measured in minutes at tactical levels. An Air Force official says that the sense-to-kill cycle time for insurgent operations in Afghanistan and Iraq is as short as two minutes and that this cycle can be reduced further only through direct computer-to-computer interaction. This is yet another example of increasing dependence on vulnerable networks.

No element of national security—military or civil—is immune from disruption of its information networks. Yet, steps to improve information assurance are hampered by ignorance and apathy on the part of owners and users of the network nodes and terminals. Perhaps a September-11-type assault on the nation’s information infrastructure will be needed to end indifference to a very real threat.

Civil libertarians may fuss about vigilante generals policing cyberspace. They should remember that pre-emptive attack in the electromagnetic domain—known as electronic warfare—long has been an essential adjunct to combat and that nascent technologies to focus electromagnetic energy precisely will provide commanders with nonlethal means to meet objectives.

Finally, every word spoken or written about information warfare—this article included—is itself an act of cyberwar. A modicum of saber rattling can be useful if embedded in policy that gives as much attention to risk management as it does to risk avoidance.

Col. Alan D. Campen, USAF (Ret.), is a SIGNAL contributing editor and the contributing editor to four books on information warfare and cyberwar.