Cooperation essential to new cyberprotection model.
Businesses and the U.S. military have between them a multitude of information assurance programs to protect against cyberattacks; however, a recent research project reveals significant gaps in national policies, procedures and relationships that must be addressed to ensure success. As the United States becomes more dependent on technology and near-real-time data, information operations are evolving into a critical national security matter that requires a joint approach.
A study conducted by three graduates of the Joint Forces Staff College, Norfolk, Virginia, argues that the concept of jointness must be re-evaluated, and new ideas must be applied to a new joint information operation (JIO) template. The researchers, who attended the Joint and Combined Staff Officer School, found that current JIOs cannot be executed effectively because information operations constitute a dynamic discipline that transcends the military community and permeates activity at the national level—a situation that makes the effort exponentially more complex.
One challenge involves mislabeling JIOs. “The concept of information operations has existed for centuries,” says project researcher Cmdr. Synthia S. Jones, USN, information professional officer, applications directorate, Defense Information Systems Agency, Arlington, Virginia. “However, it was not until the last few years that doctrine began to include multidimensional information operation concepts at the joint level in any deliberate or systematic method.”
For example, she says, JIOs typically center around five primary themes: public affairs, civil affairs, psychological operations, operational security and deception. “We found many joint operations were said to have used information operations. However, we also realized that, in each case, only a small portion of the discipline was actually used,” she offers.
Col. Kenneth Allard, USA, assessed information operations in Bosnia. The colonel makes it clear that information operations in that conflict mainly consisted of the synchronization between government and public affairs. Similar activity also took place in other operations, he points out. Although only a small portion of the discipline is actually explored, the event is mistakenly labeled as an information operations campaign.
“Because of the significant legal and political concerns against activities such as computer network attack, we are unable to exercise the full spectrum of JIO options,” Cmdr. Jones says. “That reinforced our assertion that there exists a tendency to call something an information operations campaign when in actuality it is not.”
She also points out another concern: differences between service and JIO doctrines. “When we examined current joint doctrine—for example, Joint Publication 3-13: Joint Information Operations—we realized that a conscious effort was being made to address some of the gaps. However, we still saw major disconnects at the service level.”
Much of the service doctrine tends to suffer from what the research team labels as the politicization of doctrine. The concept is adapted from a similar notion, the politicization of strategy, offered by Stephen M. Walt, professor of international affairs at Harvard University. It charges that a service tends to view doctrine via its own lens—its own worldview—as required by law. As a result, the individual services develop information operations doctrine that follows along specific service lines. For example, the team’s analysis shows that the U.S. Army views information operations from a land-based operations perspective, while the U.S. Air Force views it with respect to air mindedness. However, Cmdr. Jones says, JIOs should transcend the traditional boundaries of modern warfare, so doctrine must change as well.
Doctrine appears to be just a portion of the problem, according to another member of the research team, Maj. Bernard Flowers, USAF, information operations staff officer, Joint Information Operations Center, San Antonio, Texas. He asserts that national, governmental and private-sector entities must be included in the information operations equation, and that changes the rules a bit.
“Realistically, if the United States becomes the victim of an organized information operations attack, it will not necessarily be limited to military elements. Additionally, the tactic is not just limited to cyberattacks. Information operations also include a psychological component that could be used against the American public,” Maj. Flowers explains.
In the event of such an assault, the major contends that the media can play an effective role in lessening or negating the strategic impact of the attack. The destruction of the World Trade Center towers was both a physical and a psychological attack on America, he points out. During the event, little was done to mitigate the psychological impact on the American people; however, doing this effectively requires that certain processes be in place. Relationships must be built to coordinate an adequate defense while simultaneously allowing censorship-free news flow. By all accounts, some checker pieces are on the board, but the game to be played is chess, he offers.
The team’s research reveals that the day is coming when a concentrated information operations attack will occur. Several sources, ranging from congressional and senatorial hearings to the Terrorism Research Center, concur with that assessment. James Adams, chief executive officer, Infrastructure Defense Incorporated, testified before the U.S. Senate Committee on Governmental Affairs that more than 30 countries have aggressive offensive information warfare programs targeted against the United States. In addition, in their book Unrestricted Warfare, Col. Qiao Liang and Col. Wang Xiangsui, both of the Chinese army, confirm the point. “We [China] should formally turn nonmilitary activities such as computer hacking, financial intrusion, and media propaganda into methods of warfare and form a many-stranded ‘combination of nonrestriction’ with the aim of defeating the enemy and winning victory.”
Cmdr. Jones offers one approach to addressing this type of threat. “We think the best preparation for the challenges ahead will lie in effectively synchronizing the effort between the disparate players involved in information operations and elevating the term jointness to include those players. Although we have organizations like the Joint Information Operations Center performing some of the functions, we really do not have a body that pulls it all together.
“What we need is something that will link private industry with the military, the military with the media and so forth. This new organization would become the fusion center of sorts that bridges the gaps between the various players, helping them to develop the right mix of competencies, policies and, most importantly, the right relationships so they can respond as one to the information operations asymmetric assault,” she says.
One idea the research team offers is the inclusion of the media in the synchronization effort. “At the Staff College, we learned a great deal about the importance of establishing proper relations with the media,” Cmdr. Jones says. “With the advent of CNN, we realized that the media would be there wherever the action happened. However, we also realized that the current joint effort does not actually involve collaboration with the media to negate media propaganda. If we do not plan for it and train for it, we have to determine how we will make it happen when the time comes and who will take on that responsibility.”
Maj. Flowers agrees. “Military warriors are taught to train as they fight. But this type of battle changes all the rules. In this kind of war, civilians, such as media personnel and private industry, can also be on the team. We are definitely going to have to rethink the business, and we need a body that incorporates those stakeholders to accomplish that goal,” he says.
Team members agree that it will take time for this to happen. “Part of the challenge will be answering the question, How do we break down the long-standing barriers that exist between some organizations?” Cmdr. Jones points out. “We’re talking about many lines on different levels: military service lines, federal and civil government lines, and the lines between government and the private sector.”
Another challenge will be to define and agree on the various processes, tactics, techniques and procedures for communicating between entities and coordinating predictive or reactionary responses to the entire offensive information operations spectrum, Maj. Flowers adds.
“Everyday, new strides are made in the area of JIOs. The creation of the Joint Information Operations Center is a great leap forward, and the recent additions to Joint Publication 3-13 set the stage even further. Still, we have to do more,” Maj. Flowers states. “In some cases, we will have to unlearn the past; in others, think of the future in revolutionary terms. In the end, we might have to devise an entirely different playbook and change the rules in order to win the day.” Adds Cmdr. Jones, “If we don’t, someone might do it for us.”
Maj. Karlton D. Johnson, USAF, is chief of the communications and information systems plans section, Supreme Headquarters Allied Powers Europe, Mons, Belgium. He was a member of the research team that examined joint information operations at the Joint Forces Staff College.