Army Cyberwarriors Prepare for Broader Future

March 2002
By Robert K. Ackerman
E-mail About the Author

Information operations involve more than just digits.

The menu for U.S. Army information operations now runs several courses long as the service integrates low-end news activities directed at local populace with high-end cyberspace defense and attack. As all of these elements come together in a common operational mode, the future cyberwarrior may see netwar visualization capabilities that provide cyberspace situational awareness akin to icon-driven battlefield monitoring systems.

As information operations has evolved, two key characteristics have emerged. First, it no longer encompasses just cyberspace and its enabling systems, but instead involves information technology users and decision makers. Second, information operations is taking its place alongside ground, maritime and air operations as a defining element of the new battlefield. This will mandate a cyberspace battle visualization capability to enable easy comprehension and rapid decision making.

Col. James M. McCarl Jr., USA, commander of the Army’s Land Information Warfare Activity (LIWA), Fort Belvoir, Virginia, describes full-spectrum information operations as “the moral equivalent of combined arms.” This requires viewing information operations in the same light as when combining infantry, artillery, armor and aircraft, for example.

Information operations was a driving force impelling the Army transformation, Col. McCarl states. “The information age changed the Army,” he declares, describing LIWA as a precursor to the ongoing transition. LIWA itself grew out of the events of the Gulf War, when planners began to grasp how information technologies had changed the way the Army fights (SIGNAL, March 2000, page 31). LIWA’s consequent evolution led to the Army becoming a more information-based organization.

LIWA originally was built around separate disciplines, beginning with the Army’s computer emergency response team (ACERT) and its subordinate CERTs. This was followed by the development of a vulnerability assessment group tasked with determining Army force vulnerabilities against information operations. A third element provided field support by helping to plan information operations in Army service component commands. In an example of the maturing of information operations, these onetime stovepipes now are becoming integrated.

For example, field support teams provide highly visible physical support to a commander as they help a force team plan information operations. Meanwhile, CERTs work in the cyberworld to assess unit vulnerabilities. These two aspects are being integrated to function in a single operational context, the colonel relates.

Col. McCarl explains that the Army views information operations as more than just digital streams in cyberspace. Information systems targeted for attack comprise the enabling hardware, the network and the people involved in their operation and exploitation.

“What you are trying to do is shape a situation on the battlefield for your commander, and you are going to do that with the full spectrum of information operations,” Col. McCarl says. “These include deception, psychological operations, electronic warfare, computer network attack and physical destruction of selected parts of the adversary’s information systems.”

This increases the relevance of information operations across the entire spectrum of military forces as well as societies. Previously, an agrarian society lacking extensive cyberspace assets, for example, was not a worthwhile target for information operations. This is no longer the case. Waging an information war often means entering the enemy’s decision cycle, and that may involve introducing information that steers the foe’s decision-making process to a desirable outcome. So, deception and psychological operations may be the tools of choice for waging effective information operations against the largely agrarian foe.

Some of these conditions certainly apply to Afghanistan. However, Col. McCarl describes that conflict as a multilayered problem. While most of that war-torn nation lacked anything remotely resembling a cyberspace infrastructure, al Qaida did possess some advanced electronic capabilities. “You have to work both ends of the spectrum and all points in between, where you [face] al Qaida having high-technology capabilities as well as forces that in many cases are illiterate tribesmen,” he relates.

LIWA has had information operations field support teams working with a variety of the commanders in operation Enduring Freedom throughout the theater, the colonel continues. He notes that 10 years ago few commanders would have had any enthusiasm for information operations. Now, most mainstream planners and commanders recognize that they are something that they can use and harness.

All of the special operations forces, Army service component commands and unified theater commands include extensive information operations planning elements, and LIWA is active in all of them, the colonel relates. Some of these information operations are low-level tactical perception management affairs, which tend to be less technological and more traditional. Other information operations are strategic in nature, especially with multiple theater commanders in chief involved.

The Army’s evolution into an information-based organization also has opened it up to a host of new vulnerabilities. Accordingly, LIWA devotes considerable effort to protecting against adversarial information operations. From this defensive standpoint, Col. McCarl expresses concern about Army command and control and the effect an attack would have on hardware and networked systems.

“When you think about how the enemy is going to attack you in the physical world, you think about avenues of approach, choke points, mobility corridors, key terrain and where you are going to defend,” he explains. “When you move into the cyberbattlefield, there are strong similarities. The avenues of approach really are the networks; the choke points are selected routers or places where transmissions must pass through.”

This brings to light one of the foremost challenges—and burgeoning requirements—facing Army information warriors. Waging war in cyberspace increasingly will require a battlespace visualization capability along the same lines as physical battlefield situational awareness. Only, in this case, it must be a representation of activities occurring entirely in the virtual realm of cyberspace.

The goal is to portray the cyberbattlespace in a graphic form to allow commanders to make the same types of decisions to deal with cyberthreats that they would make for fighting in the physical world. This capability also would include technologies that allow cyberwarriors to operate on the virtual battlefield.

As important as this concept is to information operations, visualizing the cyberworld battlefield holds the same risk of error that can occur in physical visualization, the colonel warns. For example, a conventional battlefield can be protected at key points that are obvious to friend and foe alike. At the same time, it may hold subtle terrain hazards such as obscure paths or intervisibility lines that can open a back door for adversaries to approach friendly forces.

In cyberspace, computer network defenders may be well aware of 13 defense information system gateways, for example, but they may not know enough about the lower level of detail—access points at the post, camp and station level that reside in networks that are harder for computer defenders to see and monitor.

“Part of battlefield visualization that we must still come to grips with is how we monitor and track the whole battlefield,” the colonel continues. “We have methods to do it, but it is a challenge because individual system administrators are constantly moving around and changing configurations, and we must keep up with that.”

Achieving cyberspace battle visualization will require technologies that translate networks into elements that easily can be seen and monitored. This will involve sensing capabilities on the networks that also allow observers to see what the enemy is doing in cyberspace. The colonel explains that this goes beyond current security monitoring techniques to a more sophisticated and advanced form that is active and can be visualized. Network sensors currently are relatively static. Future users must be able to reposition and retask them dynamically, Col. McCarl offers.

LIWA is working with the Army Signal Command and other elements of the signal community to develop this visualization capability. Key to its realization is establishing relationships in the visualization. For example, a regional CERT would normally be co-located with a theater network operations center, which is a Signal Command function, to monitor and respond to problems in a network. Some functions overlap the two groups’ responsibilities, and planners must take that into account when determining how to visualize networks at the theater level and respond accordingly.

The colonel also notes that, currently, forces secure networks and fight cyberspace conflicts largely inside of Army networks. For the future, however, this fight may be moved out into a security zone. Turning a cyberspace battle into a security zone fight ultimately will be achieved technologically, the colonel adds. It would entail operating beyond current service-specific networks, and achieving it also will require overcoming policy and legal challenges.

In addition to cyberspace, the battlespace in the physical world also demands new technologies for information operations. One capability that Col. McCarl cites is the ability to geolocate adversaries based on the technologies that they are using. These might be telephones, radios, network terminals or other communication systems. Voice recognition and translation technologies also must be improved to serve information operations needs.

LIWA has its own futures division that is staffed by technology experts working to predict future technologies. They are tasked with providing direction on how to shift rapidly to accommodate changes in these technologies. This guidance should result in LIWA acquiring remarkable new capabilities, the colonel predicts.

In addition to seeking new methods of fighting on the cyberbattlefield, this division is looking at new ways of processing and synthesizing data and databases. This may be an intelligence function, but it is an activity that is “inextricably linked” with information operations, the colonel points out. These operations must have the ability to gather “very tailored, very detailed and very distinct kinds of intelligence” to support information operations planning, he notes.

This will require tailored databases that can store and synthesize large volumes of material that later can be extracted. It goes right to the heart of planning information operations and conducting cyberwarfare.

Considerable debate is underway on the organizational future of information operations. A major question to be resolved is whether it should evolve to become a joint interagency operation or remain strictly a defense activity. “I’ve seen pieces of that start to emerge, and we are seeing a move toward that now at the national level with operation Enduring Freedom,” the colonel says. Employing information operations from a Defense Department standpoint requires activities in all other aspects of national power, including diplomatic and economic forces.

Another issue involves planning information operations from the top level on down. The Afghanistan war is highlighting how multiple theater commanders in chief may have interoperating, or even overlapping, information operations needs. Some planners are calling for information operations to be a more centralized, integrated effort. The solution may be to place information operations entirely under one commander in chief in the same manner that an air war is guided by its own commander.

The colonel emphasizes that, with this approach, information operations would “shape the situation” as an integral element in the same manner as air operations. It probably would not be executed exclusively by an independent organization but rather would operate out of an organization that handles policy coordination, authorities and releases while decentralizing responsibility for the actual execution.

On the other hand, theater commanders in chief offer that they need to be in charge of all operations in their arenas of operation. Col. McCarl describes this debate over establishing an information operations commander in chief as “one of the most significant discussions that has come along—how to organize for combat.”

LIWA is aiming to become “more robust in the cyberbattlefield side,” the colonel reports. “We intend to be engaged on the cyberbattlefield with more people and more capability than we have now.” LIWA will continue to perform the traditional vulnerability assessments and planning pieces for commanders in the field, he adds.

Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.