Category Archives: Cyber War

Threats, risks, and players in the cyber realm.

A Cyber Vulnerability Assessment of the U.S. Navy in the 21st Century

By Travis Howard and José de Arimatéia da Cruz

Introduction

The United States Navy is a vast, worldwide organization with unique missions and challenges, with information security (and information warfare at large) a key priority within the Chief of Naval Operations’ strategic design. With over 320,000 active duty personnel, 274 ships with over 20 percent of them deployed across the world at any one time, the Navy’s ability to securely communicate across the globe to its forces is crucial to its mission. In this age of rapid technological growth and the ever expanding internet of things, information security is a primary consideration in the minds of senior leadership of every global organization. The Navy is no different, and success or failure impacts far more than a stock price.

Indeed, an entire sub-community of professional officers and enlisted personnel are dedicated to this domain of information warfare. The great warrior-philosopher Sun Tzu said “one who knows the enemy and knows himself will not be endangered in a hundred engagements.” The Navy must understand the enemy, but also understand its own limitations and vulnerabilities, and develop suitable strategies to combat them. Thankfully, strategy and policy are core competencies of military leadership, and although information warfare may be replete with new technology, it conceptually remains warfare and thus can be understood, adapted, and exploited by the military mind.

This paper presents a high-level, unclassified overview of threats and vulnerabilities surrounding the U.S. Navy’s network systems and operations in cyberspace. Several threats are identified to include nation states, non-state actors, and insider threats. Additionally, vulnerabilities are presented such as outdated network infrastructure, unique networking challenges present aboard ships at sea, and inadequate operating practices. Technical security measures that the Navy uses to thwart these threats and mitigate these vulnerabilities are also presented. Current U.S. Navy information security policies are analyzed, and a potential security strategy is presented that better protects the fleet from the before-mentioned cyber threats, mitigates vulnerabilities, and aligns with current federal government mandates.

Navy Network Threats and Vulnerabilities

There are several cyber threats that the Navy continues to face when conducting information operations in cyberspace. Attacks against DoD networks are relentless, with 30 million known malicious intrusions occurring on DoD networks over a ten-month period in 2015. Of principal importance to the U.S. intelligence apparatus are nation states that conduct espionage against U.S. interests. In cyberspace, the Navy contests with rival nations such as Russia, China, Iran, and North Korea, and all are developing their own information warfare capabilities and information dominance strategies. These nations, still in various stages of competency in the information warfare domain, continue to show interest in exploiting the Navy’s networks to conduct espionage operations, either by stealing information and technical data on fleet operations or preventing the Navy from taking advantage of information capabilities.

Non-state actors also threaten naval networks. Organized activist groups known collectively as “hacktivists,” with no centralized command and control structure and dubious, fickle motivations, present a threat to naval cyberspace operations if their goals are properly aligned. In 2012, Navy officials discovered hacktivists from the group “Team Digi7al” had infiltrated the Navy’s Smart Web Move website, extracting personal data from almost 220,000 service members, and has been accused of more than two dozen additional attacks on government systems from 2012 to 2013. The hactivist group boasted of their exploits over social media, citing political reasons but also indicated they did it for recreation as well. Individual hackers, criminal organizations, and terrorist groups are also non-state threat actors, seeking to probe naval networks for vulnerabilities that can be exploited to their own ends. All of these threats, state or non-state actors, follow what the Department of Defense (DoD) calls the “cyber kill chain,” depicted in figure 1. Once objectives are defined, the attacker follows the general framework from discovery to probing, penetrating then escalating user privileges, expanding their attack, persisting through defenses, finally executing their exploit to achieve their objective.

Figure 1. Navy depiction of the “cyber kill chain

One of the Navy’s most closely-watched threat sources is the insider threat. Liang and Biros, researchers at Oklahoma State University, define this threat as “an insider’s action that puts an organization or its resources at risk.” This is a broad definition but adequately captures the scope, as an insider could be either malicious (unlikely but possible, with recent examples) or unintentional (more likely and often overlooked).

The previously-mentioned Team Digi7al hactivist group’s leader was discovered to be a U.S. Navy enlisted Sailor, Petty Officer Nicholas Knight, a system administrator within the reactor department aboard USS HARRY S TRUMAN (CVN 75). Knight used his inside knowledge of Navy and government systems to his group’s benefit, and was apprehended in 2013 by the Navy Criminal Investigative Service and later sentenced to 24 months in prison and a dishonorable discharge from Naval service.

Presidential Executive Order 13587, signed in 2011 to improve federal classified network security, further defines an insider threat as “a person with authorized access who uses that access to harm national security.”  Malevolence aside, the insider threat is particularly perilous because these actors, by virtue of their position within the organization, have already bypassed many of the technical controls and cyber defenses that are designed to defeat external threats. These insiders can cause irreparable harm to national security and the Navy’s interests in cyberspace. This has been demonstrated by the Walker-Whitworth espionage case in the 1980s, Private Manning in the latter 2000s, or the very recent Edward Snowden/NSA disclosure incidents.

The Navy’s vulnerabilities, both inherent to its nature and as a result of its technological advances, are likewise troubling. In his 2016 strategic design, Chief of Naval Operations Admiral John M. Richardson stated that “the forces at play in the maritime system, the force of the information system, and the force of technology entering the environment – and the interplay between them have profound implications for the United States Navy.” Without going into classified details or technical errata, the Navy’s efforts to secure its networks are continuously hampered by a number of factors which allow these threats a broad attack surface from which to choose.

As the previous Chief of Naval Operations (CNO), Admiral Jon Greenert describes in 2012, Navy platforms depend on networked systems for command and control: “Practically all major systems on ships, aircraft, submarines, and unmanned vehicles are ‘networked’ to some degree.” The continual reliance on position, navigation, and timing (PNT) systems, such as the spoofing and jamming-vulnerable Global Positioning System (GPS) satellite constellation for navigation and precision weapons, is likewise a technical vulnerability. An internet search on this subject reveals multiple scholarly and journalist works on these vulnerabilities, and more than a few describe how to exploit them for very little financial investment, making them potentially cheap attack vectors.

Even the Navy’s vast size and scope of its networks present a vulnerability to its interests in cyberspace. As of 2006, the Navy and Marine Corps Intranet (NMCI), a Government Owned-Contractor Operated (GOCO) network that connects Navy and Marine Corps CONUS shore commands under a centralized architecture, is “the world’s largest, most secure private network serving more than 500,000 sailors and marines globally.” That number has likely grown in the 10 years since that statistic was published, and even though the name has been changed to the Navy’s Next Generation Network (NGEN), it is still the same large beast it was before, and remains one of the single largest network architectures operating worldwide. Such a network provides an enticing target.

Technical Security Measures and Controls

The Navy employs the full litany of technical cybersecurity controls across the naval network enterprise, afloat and ashore. Technical controls include host level protection through the use of McAfee’s Host Based Security System (HBSS), designed specifically for the Navy to provide technical controls at the host (workstation and server) level. Network controls include network firewalls, intrusion detection and prevention systems (IDS/IPS), security information and event management, continuous monitoring, boundary protection, and defense-in-depth functional implementation architecture. Anti-virus protection is enabled on all host systems through McAfee Anti-Virus, built into HBSS, and Symantec Anti-Virus for servers. Additionally, the Navy employs a robust vulnerability scanning and remediation program, requiring all Navy units to conduct a “scan-patch-scan” rhythm on a monthly basis, although many units conduct these scans weekly.

The Navy’s engineering organization for developing and implementing cybersecurity technical controls to combat the cyber kill chain in figure 1 is the Space and Naval Warfare Systems Command (SPAWAR), currently led by Rear Admiral David Lewis, and earlier this year SPAWAR released eight technical standards that define how the Navy will implement technical solutions such as firewalls, demilitarized zones (DMZs), and vulnerability scanners. RADM Lewis noted that 38 standards will eventually be developed by 2018, containing almost 1,000 different technical controls that must be implemented across the enterprise.

Of significance in this new technical control scheme is that no single control has priority over the others. All defensive measures work in tandem to defeat the adversary’s cyber kill chain, preventing them from moving “to the right” without the Navy’s ability to detect, localize, contain, and counter-attack. RADM Lewis notes that “the key is defining interfaces between systems and collections of systems called enclaves,” while also using “open architecture” systems moving forward to ensure all components speak the same language and can communicate throughout the enterprise.

The importance of open systems architecture (OSA) as a way to build a defendable network the size of the Navy’s cannot be understated. The DoD and the Navy, in particular, have mandated use of open systems specifications since 1994; systems that “employ modular design, use widely supported and consensus-based standards for their key interfaces, and have been subjected to successful validation and verification tests to ensure the openness of their key interfaces.” By using OSA as a means to build networked systems, the Navy can layer defensive capabilities on top of them and integrate existing cybersecurity controls more seamlessly. Proprietary systems, by comparison, lack such flexibility thereby making integration into existing architecture more difficult.

Technical controls for combating the insider threat become more difficult, often revolving around identity management software and access control measures. Liang and Biros note two organizational factors to influencing insider threats: security policy and organizational culture. Employment of the policy must be clearly and easily understood by the workforce, and the policy must be enforced (more importantly, the workforce must fully understand through example that the policies are enforced). Organizational culture centers around the acceptance of the policy throughout the workforce, management’s support of the policy, and security awareness by all personnel. Liang and Biros also note that access control and monitoring are two must-have technical security controls, and as previously discussed, the Navy clearly has both yet the insider threat remains a primary concern. Clearly, more must be done at the organizational level to combat this threat, rather than just technical implementation of access controls and activity monitoring systems.

Information Security Policy Needed to Address Threats and Vulnerabilities

The U.S. Navy has had an information security policy in place for many years, and the latest revision is outlined in Secretary of the Navy Instruction (SECNAVINST) 5510.36, signed June 2006. This instruction is severely out of date and does not keep pace with current technology or best practices; Apple released the first iPhone in 2007, kicking off the smart phone phenomenon that would reach the hands of 68% of all U.S. adults as of 2015, with 45% also owning tablets. Moreover, the policy has a number of inconsistencies and fallacies that can be avoided, such as a requirement that each individual Navy unit establish its own information security policy, which creates unnecessary administrative burden on commands that may not have the time nor expertise to do so. Additionally, the policy includes a number of outdated security controls under older programs such as the DoD Information Assurance Certification and Accreditation Process (DIACAP), which has since transitioned to the National Institute for Standards and Technology (NIST) Risk Management Framework (RMF).

Beginning in 2012, the DoD began transitioning away from DIACAP towards the NIST RMF, making full use of NIST Special Publications (SPs) for policy development and implementation of security controls. The NIST RMF as it applies to DoD, and thus the Navy, is illustrated in figure 2. The process involves using NIST standards (identified in various SPs) to first categorize systems, select appropriate security controls, implement the controls, assess their effectiveness, authorize systems to operate, then monitor their use for process improvement.

Figure 2. NIST Risk Management Framework

This policy is appropriate for military systems, and the Navy in particular, as it allows for a number of advantages for policymakers, warfighters, system owners, and developers alike. It standardizes cybersecurity language and controls across the federal government for DoD and Navy policymakers, and increases rapid implementation of security solutions to accommodate the fluidity of warfighting needs. Additionally, it drives more consistent standards and optimized workflow for risk management which benefits system developers and those responsible for implementation, such as SPAWAR.

Efforts are already underway to implement these policy measures in the Navy, spearheaded by SPAWAR as the Navy’s information technology engineering authority. The Navy also launched a new policy initiative to ensure its afloat units are being fitted with appropriate security controls, known as “CYBERSAFE.” This program will ensure the implementation of NIST security controls will be safe for use aboard ships, and will overall “focus on ship safety, ship combat systems, networked combat and logistics systems” similar to the Navy’s acclaimed SUBSAFE program for submarine systems but with some notable IT-specific differences. CYBERSAFE will categorize systems into three levels of protection, each requiring a different level of cybersecurity controls commensurate with how critical the system is to the Navy’s combat or maritime safety systems, with Grade A (mission critical) requiring the most tightly-controlled component acquisition plan and continuous evaluation throughout the systems’ service life.

Implementation of the NIST RMF and associated security policies is the right choice for the Navy, but it must accelerate its implementation to combat the ever-evolving threat. While the process is already well underway, at great cost and effort to system commands like SPAWAR, these controls cannot be delayed. Implementing the RMF across the Navy enterprise will reduce risk, increase security controls, and put its implementation in the right technical hands rather than a haphazard implementation of an outdated security policy that has, thus far, proven inadequate to meet the threats and reduce vulnerabilities inherent with operating such a large networked enterprise. With the adoption of these new NIST policies also comes a new strategy for combating foes in cyberspace, and the Navy has answered that in a few key strategy publications outlined in the next section.

Potential Security Strategy for Combating Threats and Minimizing Vulnerabilities

It is important to note that the Navy, like the other armed services of the DoD, was “originally founded to project U.S. interests into non-governed common spaces, and both have established organizations to deal with cybersecurity.” The Navy’s cyber policy and strategy arm is U.S. Fleet Cyber Command (FLTCYBERCOM, or FCC), co-located with the DoD’s unified cyber commander, U.S. Cyber Command (USCYBERCOM, or USCC). Additionally, its operational cyber arm, responsible for offensive and defensive operations in cyberspace, is U.S. 10th Fleet (C10F), which is also co-located with U.S. Fleet Cyber and shares the same commander, currently Vice Admiral Michael Gilday.

Prior to VADM Gilday’s assumption of command as FCC/C10F, a strategy document was published by the Chief of Naval Operations in 2013 known as Navy Cyber Power 2020, which outlines the Navy’s new strategy for cyberspace operations and combating the threats and vulnerabilities it faces in the information age. The strategic overview is illustrated in figure 3, and attempts to align Navy systems and cybersecurity efforts with four main focus areas: integrated operations, optimized cyber workforce, technology innovation, and acquisition reform. In short, the Navy intends to integrate its offensive and defensive operations with other agencies and federal departments to create a unity of effort (evident by its location at Ft. Meade, MD, along with the National Security Agency and USCC), better recruit and train its cyber workforce, rapidly provide new technological solutions to the fleet, and reform the acquisition process to be more streamlined for information technology and allow faster development of security systems.

Figure 3. Threats and Motivations, Strategic Focus of Navy Cybersecurity 

Alexander Vacca, in his recent published research into military culture as it applies to cybersecurity, noted that the Navy is heavily influenced by sea combat strategies theorized by Alfred Thayer Mahan, one of the great naval strategists of the 19th century. Indeed, the Navy continually turns to Mahan throughout an officer’s career from the junior midshipman at the Naval Academy to the senior officer at the Naval War College. Vacca noted that the Navy prefers Mahan’s “decisive battle” strategic approach, preferring to project power and dominance rather than pursue a passive, defensive strategy. This potentially indicates the Navy’s preference to adopt a strategy “designed to defeat enemy cyber operations” and that “the U.S. Navy will pay more attention to the defeat of specified threats” in cyberspace rather than embracing cyber deterrence wholesale. Former Secretary of the Navy Ray Mabus described the offensive preference for the Navy’s cyberspace operations in early 2015, stating that the Navy was increasing its cyber effects elements in war games and exercises, and developing alternative methods of operating during denial-of-service situations. It is clear, then, that the Navy’s strategy for dealing with its own vulnerabilities is to train to operate without its advanced networked capabilities, should the enemy deny its use. Continuity of operations (COOP) is a major component in any cybersecurity strategy, but for a military operation, COOP becomes essential to remaining flexible in the chaos of warfare.

A recent  article describing a recent training conference between top industry cybersecurity experts and DoD officials was critical of the military’s cybersecurity training programs. Chief amongst these criticisms was that the DoD’s training plan and existing policies are too rigid and inflexible to operate in cyberspace, stating that “cyber is all about breaking the rules… if you try to break cyber defense into a series of check-box requirements, you will fail.” The strategic challenge moving forward for the Navy and the DoD as a whole is how to make military cybersecurity policy (historically inflexible and absolute) and training methods more like special forces units: highly trained, specialized, lethal, shadowy, and with greater autonomy within their specialization.

Current training methods within the U.S. Cyber Command’s “Cyber Mission Force” are evolving rapidly, with construction of high-tech cyber warfare training facilities already underway. While not yet nearly as rigorous as special forces-like training (and certainly not focused on the physical fitness aspect of it), the training strategy is clearly moving in a direction that will develop a highly-specialized joint information warfare workforce. Naegele’s article concludes with a resounding thought: “The heart of cyber warfare…is offensive operations. These are essential military skills…which need to be developed and nurtured in order to ensure a sound cyber defense.

Conclusions

This paper outlined several threats against the U.S. Navy’s networked enterprise, to include nation state cyber-rivals like China, Russia, Iran, and North Korea, and non-state actors such as hactivists, individual hackers, terrorists, and criminal organizations. The insider threat is of particular concern due to this threat’s ability to circumvent established security measures, and requires organizational and cultural influences to counter it, as well as technical access controls and monitoring. Additionally, the Navy has inherent vulnerabilities in the PNT technology used in navigation and weapon systems throughout the fleet, as well as the vast scope of the ashore network known as NMCI, or NGEN.

The Navy implements a litany of cybersecurity technical controls to counter these threats, including firewalls, DMZs, and vulnerability scanning. One of the Navy’s primary anti-access and detection controls is host-based security through McAfee’s HBSS suite, anti-virus scanning, and use of open systems architecture to create additions to its network infrastructure. The Navy, and DoD as a whole, is adopting the NIST Risk Management Framework as its information security policy model, implementing almost 1000 controls adopted from NIST Special Publication 800-53, and employing the RMF process across the entire enterprise. The Navy’s four-pronged strategy for combating threats in cyberspace and reducing its vulnerability footprint involves partnering with other agencies and organizations, revamping its training programs, bringing new technological solutions to the fleet, and reforming its acquisition process. However, great challenges remain in evolving its training regimen and military culture to enable an agile and cyber-lethal warfighter to meet the growing threats.

In the end, the Navy and the entire U.S. military apparatus is designed for warfare and offensive operations. In this way, the military has a tactical advantage over many of its adversaries, as the U.S. military is the best trained and resourced force the world has ever known. General Carl von Clausewitz, in his great anthology on warfare, stated as much in chapter 3 of book 5 of On War (1984), describing relative strength through admission that “the principle of bringing the maximum possible strength to the decisive engagement must therefore rank higher than it did in the past.” The Navy must continue to exploit this strength, using its resources smartly by enacting smart risk management policies, a flexible strategy for combating cyber threats while reducing vulnerabilities, and training its workforce to be the best in the world.

Lieutenant Howard is an information warfare officer/information professional assigned to the staff of the Chief of Naval Operations in Washington D.C. He was previously the Director of Information Systems and Chief Information Security Officer on a WASP-class amphibious assault ship in San Diego.

Dr. da Cruz is a Professor of International Relations and Comparative Politics at Armstrong State University, Savannah, Georgia and Adjunct Research Professor at the U.S. Army War College, Carlisle, Pennsylvania.

The views expressed here are solely those of the authors and do not necessarily reflect those of the Department of the Navy, Department of the Army, Department of Defense or the United States Government.

Featured Image: At sea aboard USS San Jacinto (CG 56) Mar. 5, 2003 — Fire Controlman Joshua L. Tillman along with three other Fire Controlmen, man the shipÕs launch control watch station in the Combat Information Center (CIC) aboard the guided missile cruiser during a Tomahawk Land Attack Missile (TLAM) training exercise. (RELEASED)

The Lawless Trons of Cyberspace

 By LT Travis Nicks, USN

Introduction

Open borders are here. You likely crossed the Rio Grande before breakfast this morning and you’ll sneak into China before you sleep tonight. Trons travel through cyberspace ignoring all manners of political boundaries. Technology doesn’t care where Ukraine ends and Russia begins, or about an air gap between China and Taiwan. The policy of cyber does; it shouldn’t.

Conceptualizing Cyber Borders

 The national policy for cyber borders has been similar to conceptions of airspace: a vertical extension of geopolitical borders into the sky, or in the case of cyber, into the flowing infrastructure of the internet. If a plane is going to travel through the airspace of another country, that country has to agree to it or the flight has to go around. A long-range bomber aircraft might fly over a few countries for a raid on the other side. Packets or “trons” can travel continents’ worth of countries in a path of least resistance taking seconds. Furthermore, while borders stay the same, digital routes are totally dynamic. In order to prevent the unintended escalation of cyber operations, we must divorce the routes trons take from the effects they cause.

A Path Forward

Fortunately, an existing policy framework already exists for an effects-based policy in a new frontier. We need to rise above the airspace mentality, and draw inspiration from satellites. Satellites travel freely over countries and cross borders with impunity. The international community agreed to a borderless framework in space in the Outer Space Treaty of 1967.1 The orbit a satellite is on and its position relative to political borders are irrelevant when it takes an action that causes an effect. The effect is all that matters. The group at the effect’s end may protest or retaliate, but the country under the satellite at the time of the action will have no issue. If, for example, China shot down a Russian satellite while the satellite was over Mexico, Russia would have no issue with Mexico for having allowed the attack above them, because they don’t own that space. Instead, China would be responsible for causing the malign effect.

The Department of Defense (DoD) has addressed this attribution issue. The DoD Law of War Manual specifically addresses “cyber operations that use communications infrastructure in neutral states.”2 This policy allows trons to be routed through neutral nations so long as the cyber infrastructure in that country allows innocuous information to be routed through it as well, if they route trons for the common World Wide Web. It also specifically acknowledges that it is unreasonable to expect other nations to review all cyber traffic for its content. These principles are fundamental to the spirit and design of the internet. Acknowledging those fundamentals will prevent future conflicts that will otherwise arise from misattribution during analysis of tron routes. Imagine Canada sends cyber attack trons to Russia via France, Thailand, and China. It is easy to see Russia determining that China may not have ownership of the trons that attacked them, but—unless we agree otherwise—they were complicit in the attack. A scenario where clumsy confusion leads to aggressive accusation, the likes of which we have not seen since the eve of WW1, is not far-fetched given the cyber domain’s peculiarities.

Many international cyber agreements are being written. One, the International Code of Conduct for Information Security, has already been signed by major players Russia and China. That agreement addresses the intent of cyber warfare and end effects, but leaves a grey area in between. A 2013 NATO report addressed this point indirectly, saying “demilitarized zones are not feasible in the context of cyberspace, due to its global scope.”3 NATO failed to separate the infrastructure itself from the use of the infrastructure. A United Nations report from 2015 (aware of NATO’s 2013 report)  further departs in the wrong direction and declares “states of jurisdiction over the ICT (information and communications technologies) infrastructure located within their territory.”4 This policy direction simply does not pragmatically address the technology involved. The transnational spirit of the internet and the technology itself does not respect borders as the UN does. A failure to acknowledge this fact is dangerous. The focus on infrastructure and not on the transmissions and effects of the technology leaves a dangerous grey area.

The solution is an agreement among the international community to ignore cyber routes. The DoD’s cyber components must press this issue into international agreements. The Department is uniquely equipped to lead this effort. It is the center of our nation’s cyber warfare universe. The NSA, CIA, DIA, and others with less notoriety are led or staffed largely by military officers and enlisted, retired versions of the same, or DoD civilians. No other organization is as integrated into every aspect of offensive and defensive cyber operations. DoD’s outsized operational involvement gives us an equally outsized cyber policy voice, and we should use it to ensure a discussion on cyber routes.

The discussion should acknowledge, first, that attribution is the foundation of cyber warfare. Second, acknowledge that routing technologies use the communications equipment of neutral states to obscure  the origin of cyber-attacks. After establishing those truths, the policy must focus on ensuring the analysis of digital forensic evidence acknowledges the inherent deceptiveness of cyber route analysis and delegitimizes the evidence as international policy. The international community must agree to focus on the information and effects of the trons and not attempt to hold accountable the infrastructure used for transmission. Absolve the owners of the infrastructure and the land on which it sits from responsibility for the trons it transmits, and inversely remove the standing they might have if they dislike the trons.

Conclusion

The publicly available cyber discussions in the international community have so far focused on intent, effects, and physical infrastructure while they ignore any agreement on cyber routes. To avoid a massive international misunderstanding in the fog of attribution we must internationally agree to ignore cyber routes. We have a framework for this. In space we own the object, not the orbit. In cyber we will own the information, not the route.

Travis Nicks is a nuclear submarine officer serving at the Pentagon. He is focused on finding precise fixes to complex problems. LT Nicks is interested in cyber policy and personnel performance issues. The views herein are his alone and do not represent the views of the Department of Defense, the Department of the Navy, or any other organization.

References

1. Outer Space Treaty, 1967, Article II

2. Department of Defense, Law of War Manual, 2016, Section 16.4.1

3. Dr. Katharina Ziolkowski, NATO Cooperative Cyber Defense Centre of Excellence, Confidence Building Measures for Cyberspace – Legal Implications, 2013, Section 3.2

4. Group of Government Experts, United Nations General Assembly, report on Developments in the Field of Information and Telecommunications in the Context of International Security, 2015, Section VI.28.a.

Featured Image: U.S. Navy Petty Officer 1st Class Joel Melendez, Naval Network Warfare Command information systems analysis, U.S. Air Force Staff Sgt. Rogerick Montgomery, U.S. Cyber Command network analysis, and U.S. Army Staff Sgt. Jacob Harding, 780th Military Intelligence Brigade cyber systems analysis, analyze an exercise scenario during Cyber Flag 13-1, Nov. 8, 2012, at Nellis Air Force Base, Nev. (U.S. Air Force photo by Senior Airman Matthew Lancaster)

Twenty-First Century Information Warfare and the Third Offset Strategy

The following article originally published at National Defense University’s Joint Force Quarterly and is republished with permission. Read it in its original form here

“While the United States and our closest allies fought two lengthy wars over the past 13 years—the rest of the world and our potential adversaries were seeing how we operated. They looked at our advantages. They studied them. They analyzed them. They looked for weaknesses. And then they set about devising ways to counter our technological over-match.”

—Deputy Secretary of Defense Robert Work

By James R. McGrath

It is well established that both state and nonstate adversaries are gaining parity with current U.S. military-technological capabilities, and as a result adversaries are eroding the tremendous asymmetrical conventional warfare advantages once exclusively enjoyed by U.S. forces.1 This leveling of the playing field has been enabled through decreased costs of modern information technology and low barriers of entry to attaining precision weapons; stealth capabilities; sophisticated commercial and military command and control (C2) capabilities; advanced intelligence, surveillance, and reconnaissance (ISR); and relatively cheap access to commercial and government-sponsored space and cyber capabilities.2 As a result, in November 2014, then–Secretary of Defense Chuck Hagel announced the Defense Innovation Initiative to counter adversary technical and tactical progress that, if left unchecked, will ultimately hinder U.S. ability to project power across the globe and permanently challenge its aims of retaining its coveted status as a global hegemon.3 While there are many aspects to this initiative, the Third Offset Strategy, as outlined in policy, does not adequately address the need for advanced information operations (IO), particularly IO wargaming, modeling and simulation (M&S), and training systems. The purpose of this article is to make the case that increasing the investment in joint live, virtual, and constructive (LVC) IO wargaming and simulations will generate lasting asymmetrical advantages for joint force commanders and will significantly contribute to the achievement of the Third Offset Strategy.

U.S. Navy E-2C Hawkeye 2000 aircraft assigned to “Wallbangers” of Carrier Airborne Early Warning Squadron 117 approaches flight deck of USS John C. Stennis while ship is underway in Pacific Ocean, July 13, 2006 (DOD/John Hyde)
U.S. Navy E-2C Hawkeye 2000 aircraft assigned to “Wallbangers” of Carrier Airborne Early Warning Squadron 117 approaches flight deck of USS John C. Stennis while ship is underway in Pacific Ocean, July 13, 2006 (DOD/John Hyde)

Military Problem

The Defense Innovation Initiative is aimed at solving the problem of ensuring that lasting power projection capabilities are available to the U.S. military in pursuit of the Nation’s core and enduring national interests, most notably safeguarding national security, promoting democratic values, maintaining long-term economic prosperity, and preserving the current international order.4 The solution to this problem—one that has yet to be fully articulated and bounded in scope, much less solved—has been named the Third Offset Strategy, meaning that there are a series of strategic capabilities that must be developed to give U.S. forces a decisive military-technological offset that generates lasting asymmetrical advantages over any potential adversary for the next 25 to 50 years. The strategy is so named because there already were two successful offset strategies in the 20th century.5 The first was President Dwight D. Eisenhower’s New Look Strategy during the 1950s, which sought to develop advanced nuclear weapons capabilities to offset the Soviet Union’s overwhelmingly superior conventional forces and nascent nuclear capabilities. The second strategy was Secretary of Defense Harold Brown’s Offset Strategy during the 1970s, which was aimed at countering recent Soviet advances in both numerical and technical parity regarding its nuclear arsenal, coupled with sustained numerically superior conventional forces deployed in Eastern Europe and elsewhere around the globe. Essentially, the U.S. Offset Strategy invested in stealth technologies, precision weapons, sophisticated C2 capabilities, and advanced airborne and space-based ISR that were ultimately revealed to the world during the first Gulf War.

As outlined by Secretary Hagel and currently being championed by Deputy Secretary of Defense Robert Work, the Defense Innovation Initiative emphasizes three key areas for sources of innovation: long-range research and development, new operating concepts, and reenergizing wargaming efforts and techniques.6 Currently, most of the discussion regarding this initiative is overly focused on purely technical, materiel solutions, such as unmanned autonomous systems and sources of new global strike and ISR capabilities. Regrettably, the appeal for the development of new operating concepts and wargaming techniques seems to be overlooked in the media and most defense policy think tanks.

What many analysts fail to realize is that the operating environment, specifically the information environment (IE),has changed, and our adversaries are undermining our asymmetrical advantages through innovative use of the information space, particularly by operating in the informational and cognitive dimensions on a global scale.8 What should be obvious—but unfortunately is not to many military and defense planners—is that IO is precisely the tool set that joint force commanders already have to attack our adversaries’ newly found advancements in C2 warfare, ISR, and precision weapons. Unfortunately, for example, the Russians,9 Chinese,10 and the Islamic State of Iraq and the Levant,11 to name a few, are now also demonstrating advanced forms of information warfare that continually undermine U.S. tactical prowess and enable successful antiaccess/area-denial (A2/AD) strategies that are the root cause of the problem.12 For U.S. forces to achieve the Third Offset Strategy, the joint force must be able to achieve information superiority at the time and place of its choosing. To do that, the joint force must develop innovative operating concepts for IO, wargame them using a variety of computer-based methods, and then train to the newly discovered tactics, techniques, and procedures that are absolutely essential for 21st-century warfare—a type of warfare aimed at breaking the will of the adversary through control of the IE.

Currently, IO is often treated as an ad hoc, additive activity during most joint LVC training events; therefore, IO is routinely ignored or underutilized despite being a major component of every real-world joint operation since Operations Desert Shield and Desert Storm13 and arguably in other forms, such as psychological warfare and deception, throughout all of human history.14 Much of the reason for this routine omission and lack of prominence in major joint LVC exercises is that military information support operations (MISO, formerly known as psychological operations), public affairs, electronic warfare (EW), cyber warfare, military deception (MILDEC), special technical operations, and other information-related capabilities (IRC)15 are difficult to simulate over a relevant exercise time horizon. Even more challenging is the ability to realistically but sufficiently model the physical, technical, and cognitive complexities of the IE as a coherent whole whose sum is greater than its individual parts. If this can be achieved, U.S. joint forces would be able to train in synthetic environments that would ultimately enable them to effectively maneuver within the IE, counter recent adversary military-technological gains and newfound information warfare prowess, and provide the baseline for a newly defined technical, military, and psychological offset.

IO as the Solution

By acknowledging the fact that adversaries are reducing our operational advantages and conventional overmatch through innovative use of the IE, it becomes increasingly imperative that U.S. IO training, wargaming, and operating concepts be improved. It is also important to emphasize that this improvement should not only mirror-image the activities of our adversaries, but also provide joint force commanders with a comprehensive set of tools and concepts that allows them to outmaneuver adversaries within the cognitive, informational, and physical dimensions of the IE. As a starting point, a brief analysis of modern IO reveals at least six interrelated IO lines of effort (LOE), which if truly integrated with each other could facilitate the Third Strategic Offset. These primary LOEs or mission areas are psychological warfare, C2 warfare, denial and deception, cyber warfare, engagement, and IE situational awareness.16

While on the surface some of these IO LOEs appear well-established IRCs, that is not the intent or the case. These highly complementary and interdependent mission areas are IRC agnostic—meaning that no one particular IRC is necessarily required for a particular mission.17 In fact, multiple IRCs applied in a combined arms fashion are a prerequisite to achieving success in any one of these critical mission areas. This idea is consistent with the accepted Department of Defense (DOD) IO definition and is precisely why they are considered germane to any serious discussion of future IO.18 The following discussion briefly highlights the need for further development and implementation of these six mission areas, as well as their relevance to the future joint force.

Generally speaking, psychological warfare is defined as actions against the political will of an adversary, his commanders, and his troops, and includes inform and influence operations directed at any third party capable of providing sympathy or support to both the adversary or friendly forces.19 This mission area directly targets the cognitive dimension of our adversaries’ operations in the IE and ultimately attacks their will to resist. It should be the primary focus of the joint force in order to ensure lasting tactical, operational, and strategic success, especially while state and nonstate actors are simultaneously competing for dominance in this highly contested space. After all, by definition, war as a contest of political wills by other means is the primary basis of most warfighting philosophies.20 Therefore, increasing the effectiveness of joint operations in this mission area would certainly require improved MISO, EW, cyber, and MILDEC capabilities and authorities at all levels of war.

C2 warfare is about controlling the physical and informational dimensions of the IE by cutting off an enemy force from its commander, key decisionmakers, or automated control systems through attacking vulnerable control mechanisms or by simply attacking the commander and removing him or her from the C2 equation, ultimately resulting in the collapse of his or her subordinate forces.21 Applying IRCs for C2 warfare purposes is one of the few ways to overcome the joint operational access and A2/AD problems. Using a combination of physical destruction, EW, cyber, MISO, and MILDEC capabilities would be indispensable to the process of systematically unravelling an adversary’s integrated air and coastal defenses; undermining his ballistic and cruise missile standoff weapons; and blinding his advanced land, sea, air, cyber, and space-based ISR platforms. Furthermore, there is a defensive aspect of C2 warfare that requires advanced electromagnetic spectrum operations, information assurance, and defensive cyberspace operations to ensure assured C2 over friendly forces on a global scale. Without a modern, robust defensive C2 warfare capability, U.S. global power projection is nearly impossible.

Denial and deception operations are a combination of operations security and MILDEC activities, supported by a wide-range of IRCs, to protect critical information, facilitate surprise, and deliberately mislead an adversary to achieve a tactical, operational, or strategic advantage. Denial and deception operations provide force-multiplying advantages by enabling operational access and joint forcible entry operations under A2/AD conditions and contributing to the cognitive demise of an adversary as part of the psychological warfare effort. In addition, counter–denial and deception operations are critical to future conflicts, as demonstrated by our adversaries’ skilled use of deception in Syria, Iraq,22 and the Crimean Peninsula.23

Cyber warfare in the IO context is about controlling the content and flow of information within the information dimension of the IE. It includes the convergence of the cyber and EW IRCs, where cyber is enabled at the tactical level through radio frequency spectrum operations; cyber warfare in support of the other five IO mission areas; and offensive cyberspace operations in support of traditional kinetic operations. For instance, a prime example of this IO mission area in action is the Russia-Georgia war of 2008, during which the Russians executed the world’s first synchronized cyber attack in concert with major combat operations, likely using both state cyber capabilities and nonstate hackers to attack key Georgian communications, finance, and government nodes prior to and during combat operations to control the narrative and pace of the psychological war as well as demonstrate Russian resolve and future deterrence capabilities.24 Furthermore, there is tremendous opportunity for future cyber warfare operations to: 1) support C2 warfare in A2/AD conditions by creating gaps and seams in an adversary’s defensive system of systems from standoff ranges, especially during the early shaping phases of an operation; 2) enable the psychological warfare effort through focused and broad social media messaging; and 3) support both the engagement and IE situational awareness efforts as message delivery and ISR platforms.

Then–Secretary of Defense Chuck Hagel announces Defense Innovation Initiative and Third Offset Strategy during Reagan National Defense Forum at The Ronald Reagan Presidential Library in Simi Valley, California, November 15, 2014 (DOD/Sean Hurt)
Then–Secretary of Defense Chuck Hagel announces Defense Innovation Initiative and Third Offset Strategy during Reagan National Defense Forum at The Ronald Reagan Presidential Library in Simi Valley, California, November 15, 2014 (DOD/Sean Hurt)

The U.S. Army has recently established engagement as a concept for a seventh warfighting function and defines it as influencing people, security forces, and governments across the range of military operations to prevent, shape, and win in the future strategic environment.25 While there are close similarities, in this context, engagement is an IO mission—not a warfighting function focused on the intersection between partnership activities and special warfare activities.26 In this context, engagement is about operating in the cognitive dimension of the IE through informing and influencing partner and adversary nations using a wide range of IRCs, including but not limited to media operations using public affairs and MISO. Engagement as an IO mission also includes public affairs operations to harden the friendly force against adversary psychological warfare. Moreover, for the foreseeable future, engagement will remain a combatant commander’s primary tool for Phase 0, steady-state, and theater security cooperation (TSC) operations, used to send signals to our adversaries and allies that we are committed to the current international order and a stable security environment. For instance, engagement could and should be used to amplify our TSC actions in the U.S. Pacific Command area of responsibility to ensure that Chinese psychological, media, and legal warfare27 are countered with the overarching goal of ensuring that our regional allies are able to observe our actions and interpret them as U.S. commitment to defend our common interests.

Lastly, IE situational awareness is defined as understanding past events within all three dimensions of the IE, tracking ongoing events, and being able to adequately model and reliably predict (or at the very least wargame) a wide variety of possible outcomes in support of the other five IO mission areas. These activities include not only all traditional intelligence disciplines but also the use of a broad range of IRCs operating on the battlefield as sensors, processors, and actors. In addition, IE situational awareness requires advanced M&S to aid IO planners and commanders in the extremely difficult task of understanding the dynamic, nonlinear, and ever-changing IE. Furthermore, IE situational awareness requires a detailed understanding of individuals, social groups, behavior dynamics, communication architectures, exploitation of narratives, and target audience vulnerabilities, as well as the newly emerging techniques of real-time, live big data analytics, social media scraping, and memetic warfare.28

IO M&S Requirements

As discussed, there is a known gap for joint force commanders to exercise their IO cell within the six mission areas outlined above. There is also a gap for exercising both supporting organic and non-organic IRCs and then integrating them with traditional kinetic fires. Closing this gap with computer-based M&S would ensure that joint forces are well trained in a repeatable and expandable synthetic environment prior to employment across the full range of military operations. This is particularly important because IO mission areas and their supporting IRCs are highly sensitive in nature, and live IO training events are nearly impossible to conduct. For instance, certain EW, cyber, and special technical operations capabilities must be well protected to achieve any form of technical surprise, and MISO, EW, cyber, MILDEC, and special technical operations also have uniquely strict political and legal sensitivities.

Achieving repeatable, scalable, and fully integrated simulation of the IE is not an easy task. However, if the Third Offset Strategy is to be realized, the Services and DOD must invest in materiel solutions to enable the joint force to train its IO forces in a synthetic environment. There are several key additional requirements for any useful automated M&S of the IE and IO for advanced wargaming purposes:

  • Must encompass a system-of-systems approach that includes training for individual IO and IRC mission essential tasks through the highest levels of a joint force’s collective-level training events. Examples include a range of immersive virtual environments for individual and small-unit IRC tactical trainers through high-level constructive simulations supporting strategic- and combatant command–level wargaming, capable of seamlessly integrating with each other as well as other kinetic and legacy M&S systems.
  • Must incorporate the full array of possible effects that can be generated by organic and non-organic IRCs from the strategic to the tactical level of warfare.
  • Must be interoperable with other joint and Service-level LVC M&S networks and systems.
  • Must be compatible with all major constructive M&S programs of record in order for IO M&S to be fully integrated into a single common tactical and operating picture.
  • Must be interoperable with current command and control systems and classified intelligence systems up to Top Secret/Sensitive Compartmented Information and other high-level operational security control measures to be integrated into a single common tactical and operating picture.
  • Must incorporate open source media and the replication or emulation of social and traditional media for analysis, using advanced forms of data analytic techniques to simulate actions in the IE.
  • Must incorporate advanced decision support M&S techniques, including but not limited to artificial intelligence–enabled augmented reality, chatbots, and other expert systems to facilitate understanding of actions in the IE.
  • Must leverage state-of-the-art artificial intelligence algorithms, machine-learning software, and advanced M&S paradigms, such as agent-based modeling, systems dynamics, and game-theoretic modeling in a federated architecture, to accurately model complex, adaptive systems with the goal of replicating the behaviors and communications conduits of a vast array of thinking target audiences and their highly automated information systems.

Ultimately, the desired endstate for developing an advanced IO M&S capability is to ensure that there are highly trained forces ready to design, plan, rehearse, execute, and assess operations within the IE, particularly when confronted with a sophisticated, technologically enabled 21st-century adversary. This can and should be implemented via a family of tactical- through strategic-level M&S systems that adequately model and simulate friendly, neutral, and adversary decisionmaking capabilities, behaviors, and information systems as well as the complex feedback loops that comprise all relevant aspects of the physical, informational, and cognitive dimensions of the IE.

IO Considerations

There are five prominent counterarguments that immediately come to mind for not developing advanced IO M&S capabilities. These arguments range from the cost of IO M&S materiel solutions, the presence of other existing solutions, widespread doubts regarding the efficiency and efficacy of IO across the full range and spectrum of military operations, and the complex framework of legal and policy restrictions governing most joint force IRC employment.

The first counterargument is that developing IO M&S systems would be expensive and that the technology for simulating the IE is not mature. However, this is exactly the type of investment that the Defense Innovation Initiative is calling for: an investment that leverages advanced technologies such as artificial intelligence, machine learning, agent-based modeling, and big data analytics that our adversaries would not likely have ready access to exploit. This investment in IO M&S would also lead to new operating concepts that would be tested during high-level joint wargames using the very same systems, which is precisely the intent behind the second and third key areas for innovation outlined by the Defense Innovation Initiative.

The second counterargument is that the Joint Staff and the Office of the Secretary of Defense are already investing in IO M&S through the use of the Joint IO Range and other cyber and EW initiatives. While that is a first step, the Joint IO Range is only a stovepipe capability for cyber warfare effects rather than a capability that truly exercises all relevant IRCs in support of joint operations—that is, something more than cyber and EW operations are required to realize the true potential for full-spectrum IO, specifically how to assemble a relevant array of IRCs aimed at placing an adversary on the horns of a dilemma and then inducing a complete collapse of their will to resist our aims and objectives. Without being able to model and integrate the cognitive, informational, and physical aspects of the IE in a coherent simulation, influencing adversary decisionmakers and their supporting systems would not be achievable to the level of what is required for the Third Strategic Offset.

Soldiers from Britain’s Royal Artillery train in virtual world during Exercise Steel Sabre 2015 (MOD/Si Longworth)
Soldiers from Britain’s Royal Artillery train in virtual world during Exercise Steel Sabre 2015 (MOD/Si Longworth)

The third counterargument is that IO is not suited for major combat operations, and thus many military planners perceive it as a tool only for counterinsurgency or irregular warfare, whereby keeping the violence threshold low or controlling the attitudes and the behavior of the local populace is paramount. This is not the case, however, since IO and IRCs have routinely been employed by U.S. forces throughout all phases of operations and all types of conflict, from World War II through Operations Enduring Freedom and Iraqi Freedom. Additionally, there is considerable evidence that increasing the lethality of operations using information warfare is central to the strategy of our 21st-century adversaries, most notably and recently demonstrated by the Russians operating in Ukraine and Syria.29

The fourth counterargument is that IO is not well suited for the strategic shaping and deterrence missions required by the Third Offset Strategy, or at least not as effectively as the physical advantages that the Second Offset capabilities have provided. However, in some sense, the luxuries that were afforded by the unprecedented freedom of movement, maneuver, and firepower that successfully held our adversaries in check for the past 25 years are also the root cause of our current military problem—namely that U.S. joint forces routinely win tactically and sometimes operationally, but continuously have their victories ultimately overturned at the operational and strategic levels, such as in Iraq and Afghanistan. Ironically, it has been the overdependence on our physical, conventional superiority that has led the U.S. military to neglect the mental and moral aspects of warfighting, a deficiency that IO, by definition and if sufficiently raised to the appropriate level of prominence within U.S. warfighting doctrine, can immediately address.30 In addition, to further discredit the notion that IO is an ineffective strategic shaping and deterrence tool, it is a well-accepted fact that due to international legal, diplomatic, and political constraints, IO and a handful of select influence-oriented IRCs are our military’s only available tools to successfully prevent, deter, initiate, or close a conflict.

The fifth and final counterargument is that there are insurmountable legal and policy restrictions for the joint force to conduct full-spectrum IO. This is simply not the case. However, the two primary supporting counterarguments either revolve around U.S. Code Title 10, Armed Forces, versus Title 50, War and National Defense, arguments, or claim that the current review and approval processes for IRCs are too complicated to achieve timely and relevant effects in the IE. The first supporting argument is false because Title 10 and Title 50 issues have already been solved and are deconflicted on a daily basis using a highly complex but extremely effective ISR and strike network. This network is enabled by intelligence professionals and operators working side by side, both physically and virtually, and allows the lowest tactical formations to receive the benefits of strategic assets and vice versa. There is some truth to the second supporting counterargument that the review and approval processes are overly complex. Many IRCs do, in fact, require DOD- and national-level approvals. This is not true for all IRCs, however, and there are numerous IRC-unique programs already in place for military planners to immediately implement. In addition, all IRCs can be and already are implemented with great effect for those commanders with well-trained IO staffs. Hence, developing an IO M&S and training capability is actually part of the solution to the military problem and not an impediment. Lastly, as joint forces continue to demonstrate their increased proficiency for fighting and winning in the IE—and as our adversaries do the same—it is inevitable that over time, many of the authorities for certain sensitive IRC activities, currently held at the strategic level, will naturally be delegated to operational and tactical commanders.

Soldiers from U.S. Army’s 350th Tactical Psychological Operations, 10th Mountain Division, drop leaflets over village near Hawijah, Iraq, on March 6, 2008, promoting idea of self-government (U.S. Air Force/Samuel Bendet)
Soldiers from U.S. Army’s 350th Tactical Psychological Operations, 10th Mountain Division, drop leaflets over village near Hawijah, Iraq, on March 6, 2008, promoting idea of self-government (U.S. Air Force/Samuel Bendet)

Future Innovation

In the long run, creating the necessary technical innovation in the field of advanced IO M&S and training would no doubt lead to the maturation of capabilities and tactics needed to achieve the goals of the Third Strategic Offset. Furthermore, the gaps that IO M&S could immediately close are also the first steps in the necessary research, design, and development of an integrated global effects network that could and should act as the primary intellectual engine for an advanced, semi-autonomous global strike and ISR network—a network that has been considered the “holy grail” by those who already offer solutions to the Third Strategic Offset problem and that is a solution that is eerily similar to nefarious systems of science fiction literature and movies, such as The Terminator’s self-aware “SkyNet” and “Genisys” programs.31 The flaw in this popularized global strike and ISR network solution—other than the obvious science fiction connotations—is that it is short-sighted and deals only with the current problem within the physical dimension of the operating and information environments. The real solution is something far more complicated and worthy of the forward thinking required by the Third Strategic Offset problem set.

A better solution is an advanced, semi-autonomous hybrid kinetic and nonkinetic weapons system fully enabling the warfighter to, at a moment’s notice, conduct highly integrated, cognitively focused operations that are also simultaneously synchronized with other ongoing joint actions across the globe, as well as concurrently facilitating long- and short-term influence campaigns. Continuously and consistently striking at the will of our adversaries through the use of carefully selected physical, information, and cognitive-related capabilities should be the ultimate goal of this advanced weapons system concept. This system would facilitate maneuver warfare and mission command by integrating, synchronizing, and coordinating many different capabilities by different commanders at all levels directly against an adversary’s physical, moral, and mental critical capabilities. Again, this is something that clearly cannot be accomplished without advanced IO M&S accurately and continuously modeling the complex, nonlinear, and ever-changing IE. While the fusing of kinetic and nonkinetic modeling into a semi-autonomous global effects network might seem like material for science fiction, in the current era of machine-based learning and artificial intelligence–enabled autonomous vehicles, these capabilities are not too far over the horizon and are worthy goals for the ambitions of the Third Offset Strategy.

The military-technological gains of our adversaries over the past several decades are apparent and alarming. To counter this threat and meet the intended objectives of the Defense Innovation Initiative, a robust set of research and development programs, concept development activities, and wargaming efforts has begun to uncover a series of technologies required to achieve the Third Strategic Offset. While an advanced family of IO LVC M&S systems is not the only capability required to achieve this ambitious offset strategy, failing to recognize the prominence of IO in this new era would be a serious mistake. In addition, these IO M&S capabilities should be the foundation and focus of any future advanced, semi-autonomous global effects system. Therefore, advanced IO M&S is an absolutely indispensable capability that will fully enable the joint force to achieve lasting asymmetrical advantages over our newly emerging, emboldened, and technologically savvy 21st-century adversaries. JFQ

Lieutenant Colonel James R. McGrath, USMC, is the Information Warfare Department Head for Expeditionary Warfare Training Group Atlantic.

Notes

1 James R. Clapper, Opening Statement to the Worldwide Threat Assessment Hearing, Senate Armed Services Committee, February 9, 2016, available at <www.dni.gov/index.php/newsroom/testimonies/217-congressional-testimonies-2016/1314-dni-clapper-opening-statement-on-the-worldwide-threat-assessment-before-the-senate-armed-services-committee-2016>.

2 Robert Martinage, Toward A New Offset Strategy: Exploiting U.S. Long-Term Advantages to Restore U.S. Global Power Projection (Washington, DC: Center for Strategic and Budgetary Assessment, October 2014).

3 Chuck Hagel, “Secretary of Defense Memo: Defense Innovation Initiative,” November 2014.

4 National Security Strategy (Washington, DC: The White House, February 2015), available at www.whitehouse.gov/sites/default/files/docs/2015_national_security_strategy.pdf>.

5 Martinage.

6 Hagel.

7 The information environment is an environment that is an aggregate of individuals, organizations, and systems that collect, process, disseminate, or act on information as defined by Department of Defense (DOD) Directive 3600.01, Information Operations (Washington, DC: DOD, May 2013), available at <www.dtic.mil/whs/directives/corres/pdf/360001p.pdf>.

8 The information environment is comprised of three interrelated dimensions: cognitive, information, and physical. See Joint Publication 3-13, Information Operations (Washington, DC: The Joint Staff, November 20, 2014), x.

9 Jolanta Darczewkska, The Anatomy of Russian Information Warfare (Warsaw: Centre for Eastern Studies, May 2014), available at <www.osw.waw.pl/en/publikacje/point-view/2014-05-22/anatomy-russian-information-warfare-crimean-operation-a-case-study>.

10 Larry M. Wortzel, The Chinese People’s Liberation Army and Information Warfare (Carlisle, PA: Strategic Studies Institute, March 2014), available at <www.strategicstudiesinstitute.army.mil/pubs/display.cfm?pubID=11901>.

11 U.S. Army Training and Doctrine Command (TRADOC) G-2 Intelligence Support Activity, Complex Operational Environment and Threat Integration Directorate, Threat Tactics Report: Islamic State of Iraq and the Levant (Fort Leavenworth, KS: TRADOC, November 2014), 1, 13–15, available at <https://drakulablogdotcom3.files.wordpress.com/2015/04/trisa_threat_tactics_rpt_isil_141101-cdr-137271.pdf>.

12 Joint Operational Access Concept, Version 1.0 (Washington, DC: DOD, January 17, 2012), available at <www.defense.gov/Portals/1/Documents/pubs/JOAC_Jan%202012_Signed.pdf>; and Joint Concept for Entry Operations (Washington, DC: The Joint Staff, April 2014), available at <www.dtic.mil/doctrine/concepts/joint_concepts/jceo.pdf>.

13 John Broder, “Schwarzkopf’s War Plan Based on Deception,” Los Angeles Times, February 28, 1991, available at <http://articles.latimes.com/1991-02-28/news/mn-2834_1_war-plan>.

14 Jon Latimer, Deception in War (New York: Overlook Press, 2001), 6.

15 Information-related capabilities are tools, techniques, or activities employed within the dimensions of the information environment and can be used to achieve specific ends as defined by DOD Directive 3600.01.

16 Martin C. Libiki, What Is Information Warfare? (Washington, DC: NDU Press, 1995); Darczewkska; Wortzel; TRADOC.

17 Agnostic in this sense is based on the information technology context, where software and other processes are independent of hardware or various platforms. In this case, for example, psychological warfare objectives could be achieved outside the traditional doctrinal military information support operations construct with kinetic effects, maneuver, and other information-related capabilities (IRCs). Similarly, cyber objectives and denial and deception objectives could be achieved or supported outside the current cyber and joint military deception doctrinal framework using a variety of IRC effects—not to circumvent current DOD policy and authority framework but to simply acknowledge that there are other, perhaps more innovative means and ways to achieve the same ends.

18 Information operations are generally defined as the integration, coordination, and synchronization of IRCs to deny, degrade, disrupt, or usurp an adversary’s decisionmaking capabilities, people, and systems in support of a commander’s objectives as defined by DOD Directive 3600.01.

19 Libicki, 34.

20 Carl Von Clausewitz, On War, trans. J.J. Graham (London, 1909), chapter 1, available at <www.gutenburg.org>.

21 Libicki, 9–15.

22 TRADOC, 12.

23 Lucy Ash, “How Russia Outfoxes Its Enemies,” BBC.com, January 29, 2015, available at <www.bbc.com/news/magazine-31020283>.

24 David Hollis, “Cyberwar Case Study: Georgia 2008,” Small Wars Journal, January 2011, available at <www.smallwarsjournal.com>.

25 TRADOC Pamphlet 525-8-5, Functional Concept for Engagement (Fort Eustis, VA: TRADOC, February 28, 2014), available at <www.tradoc.army.mil/tpubs/pams/tp525-8-5.pdf>.

26 Ibid.

27 Wortzel.

28 Memetics and memetic warfare are used in the context of discrete ideas or units of culture being rapidly transferred to wide audiences, particularly over social media—that is, things “going viral” and their influence on cognition and behavior. See Jeff Giesa, “It’s Time to Embrace Memetic Warfare,” Defense Strategic Communication1, no. 1 (Winter 2015), available at <www.stratcomcoe.org/download/file/fid/3956>.

29 David Stupples, “How Syria Is Becoming a Test Zone for Electronic Warfare,” CNN.com, October 9, 2015, available at <www.cnn.com/2015/10/09/opinions/syria-electronic-warfare-russia-nato/index.html>.

30 Marine Corps Doctrinal Publication 1, Warfighting (Washington, DC: Headquarters Department of the Navy, June 7, 1997). Mental, moral, and physical aspects of maneuver warfare and the Marine Corps’ warfighting philosophy are discussed throughout the text.

31 Martinage.

Featured Image: MEDITERRANEAN SEA (Aug. 25, 2016) Sailors stand watch in the combat information center aboard USS Ross (DDG 71) Aug. 25, 2016. (U.S. Navy photo by Mass Communication Specialist 1st Class Theron J. Godbold/Released)

Navy Information Warfare — What is it?

By Richard Mosier

Defining a warfare area’s mission and function is the foundation for all activities required to conduct mission area analysis to determine requirements, develop doctrine and tactics, and structure, train, and equip the fleet to accomplish the mission.

Within the U.S. Navy, the terms Information Warfare (IW), Information Operations (IO), and Information Operations Warfare are widely used but not well defined. Nor are they linked to provide coherent definitions from joint and service perspectives that are essential to successful communication regarding IW’s relationship to other warfare areas and supporting activities. The result is confusion and a lack of progress in structuring, training, and equipping the U.S. Navy to perform this emerging predominant warfare area.

The following are examples of how these terms mean different things to different groups:

Reference: Station Hypo, 14 Jul 16, “CWOBC, a Community’s Course“: “The Cryptologic Warfare Officer Basic Course (CWOBC) formerly known as the Information Warfare Basic Course (IWBC) is an entry level course for all officers, regardless of commission source, who are coming into the Cryptologic Warfare Officer (CWO) community. Six weeks in length with an average annual throughput of 154, the course focuses on Signal Intelligence (SIGINT), Electronic Warfare (EW), Cyber Operations, as well as security fundamentals and community history.” Inasmuch as the content of the basic course remained the same, the terms “Information Warfare” and “Cryptologic Warfare” appear to mean the same thing for this group.  

150828-N-PU674-005 PENSACOLA, Fla. (Aug. 28, 2015) Officers attending the Information Professional Basic Course at Center for Information Dominance Unit Corry Station listen to Rear Adm. Daniel J. MacDonnell, commander of Information Dominance Corps Reserve Command (IDCRC) and Reserve deputy commander of Navy Information Dominance Forces (NAVIDFOR). Macdonnell spoke with them about career opportunities in the Information Dominance Corps and active and reserve integration. (U.S. Navy photo by Carla M. McCarthy/Released)
PENSACOLA, Fla. (Aug. 28, 2015) Officers attending the Information Professional Basic Course at Center for Information Dominance Unit Corry Station listen to Rear Adm. Daniel J. MacDonnell, commander of Information Dominance Corps Reserve Command (IDCRC) and Reserve deputy commander of Navy Information Dominance Forces (NAVIDFOR). Macdonnell spoke with them about career opportunities in the Information Dominance Corps and active and reserve integration. (U.S. Navy photo by Carla M. McCarthy/Released)

Reference the BUPERS Information Warfare Community Management web page. It only addresses Information Professionals (1820), Cryptologic Warfare Specialists (1810), Cyber Warfare Engineers (1840), Intelligence Officers (1830), and Oceanography Specialists (1800), implying that together this aggregation of legacy support specialties constitutes Information Warfare. All of these are restricted line designators that by definition exercise command only over organizations that perform these specialties. There are no unrestricted line designators for specializing in and exercising Information Operations Warfare Commander (IWC) functions described in Naval Warfare Publication NWP 3-56 below.

Reference: NAVADMIN 023/16, DTG 021815 Feb 16, Subject: Information Dominance Corps Re-designated Information Warfare Community. The message states Information Warfare’s mission is: “providing sufficient overmatch in command and control, understanding the battlespace and adversaries, and projecting power through and across all domains.” This description of the Information Warfare mission is substantially different from the definition of Information Operations defined by Secretary of Defense, adopted by the JCS, and reflected in Naval Warfare Publications.

The Secretary of Defense defines Information Operations in DOD Directive 3600.1, dated May 2, 2013, as: “The integrated employment, during military operations, of information-related capabilities in concert with other lines of operation to influence, disrupt, corrupt, or usurp the decision making of adversaries and potential adversaries while protecting our own.” This definition was incorporated in Joint Pub 1-02 and Naval Warfare Publications.

Naval Warfare Publication (NWP) 3-13 Information Operations, Feb 2014, defines Information Operations as: “the integrated employment, during military operations, of information-related capabilities in concert with other lines of operation to influence, disrupt, corrupt, or usurp the decision making of adversaries and potential adversaries while protecting our own.” Paragraph 1-3 states: “Evolving joint and Navy doctrine has refined IO as a discrete warfare area, not just a supporting function or enabling capability, and the IE [information environment] as a valuable and contested part of the battlespace.”

160123-N-PU674-018 PENSACOLA, Fla. (Jan. 23, 2016) Information warfare Sailors from the Center for Information Dominance Unit Corry Station mentor high school students during CyberThon, an event designed to develop the future cybersecurity workforce. Hosted by the Blue Angels Chapter of the Armed Forces Communications and Electronics Association, CyberThon challenged the students to play the role of newly hired information technology professionals tasked with defending their company's network. (U.S. Navy photo by Carla M. McCarthy/Released)
PENSACOLA, Fla. (Jan. 23, 2016) Information warfare Sailors from the Center for Information Dominance Unit Corry Station mentor high school students during CyberThon, an event designed to develop the future cybersecurity workforce. Hosted by the Blue Angels Chapter of the Armed Forces Communications and Electronics Association, CyberThon challenged the students to play the role of newly hired information technology professionals tasked with defending their company’s network. (U.S. Navy photo by Carla M. McCarthy/Released)

Naval Warfare Publication (NWP) 3-56, subject: Composite Warfare Commander, Feb 2010, Paragraph 3.7 identifies twenty-three typical functions assigned to the “Information Operations Warfare Commander (IWC)” that are summarized below:

  • Planning IO, EW, Military Deception, Operations Security, PSYOP, and Spectrum Usage.  
  • Developing, coordinating, and practicing preplanned responses for counter-surveillance, counter-influence, and counter-targeting in response to changes in the tactical situation.        
  • Recommending the EMCON profile and coordinating with ASWC to manage acoustic emissions in response to changes in the tactical situation.
  • Controlling ES and EA assets, and coordinating employment of ES and cryptologic sensors.
  • Conducting computer Network Defense (CND) and COMSEC monitoring.
  • Paragraph 4.3.4 states; “The IWC establishes and maintains the tactical picture….” It also states: [T]he IWC ….. achieves and maintains information superiority….and supports other warfare commanders.”

The term Information Operations is officially defined and documented. The term Information Warfare, though used extensively within the Navy, is not clearly defined, nor is it linked to Information Operations, resulting in confusion and limited progress.

VADM Jan Tighe assumed duties as OPNAV N2/N6 and Director of Naval Intelligence in July 2016. Image credit: US Navy
VADM Jan Tighe assumed duties as OPNAV N2/N6 and Director of Naval Intelligence in July 2016. (U.S. Navy photo)

For example, within the OPNAV Staff the N-2/N-6 carries the title Deputy Chief of Naval Operations for Information Warfare. He/she leads the “Navy Information Warfare Community” which so far is composed only of the legacy support specialties of Intelligence, Cryptology, METOC and IT. To date, there is little to suggest that the OPNAV N-2/N-6 has assumed responsibility for mission analysis, requirements definitions, and structuring, training, and equipping the fleet to achieve superiority over an adversary through Information Operations. Moreover, there is little suggesting recognition that Information Operations Warfare Commander (IWC) functions require performance in a command capacity (IWC), specialized training, and substantial systems functionality that has to be integrated with, rather than separate from, the combat systems that support other warfare areas.

CNO NAVADMIN 083/12, DTG 121702ZMAR12, Subject: OPNAV Realignment, lays out that the DCNO for Warfare Systems (N9) “is responsible for the integration of manpower, training, sustainment, modernization, and procurement readiness of the Navy’s warfare systems.” The N9 supplies leadership, guidance, and direction to the directors of Expeditionary Warfare (N95), Surface Warfare (N96), Undersea Warfare (N97), and Air Warfare (N98). The organization also oversees requirements and resource allocation across these warfare areas. Information Operations is not mentioned. From all indications, the N9 is not responsible for integrating IW/IO combat system functionality with the combat systems that support planning and execution in the traditional warfare areas. Given the functions of the IWC summarized above, combat systems integration is essential for mission success. This suggests the need for a well defined relationship between the N-9 and the N-2/N-6.

In order to eliminate confusion and realize the potential contribution of Information Operations to naval warfare, the U.S. Navy needs to formally (1) define the IW mission, (2) specify IW functions to be accomplished by personnel, organizations, and systems, and (3) assign IW organizational responsibilities. The following are proposed definitions.

Mission

Per JP 1-02, Information Operations is “the integrated employment, during military operations, of information-related capabilities in concert with other lines of operation to influence, disrupt, corrupt, or usurp the decision making of adversaries and potential adversaries while protecting our own.”  

This definition, focused on “operations” or “employment” would be retained.  However, it does not satisfy the JP 1-02 criteria of “mission”: “The task, together with the purpose, that clearly indicates the action to be taken and the reason therefore.”  The mission statement should be focused not on employment, but on the warfare task, purpose, action to be taken and the reason therefore. This translates to the need for the term “Information Warfare.” The following is offered as a statement of the mission of Naval Information Warfare:

That portion of naval warfare in which operations are conducted to influence, disrupt, corrupt, or usurp the enemy’s human and automated decision making to gain warfighting advantages over the adversary, while protecting our own.

Functions

JP 1-02 defines “Function” as: “The broad, general, and enduring role for which an organization is designed, equipped, and trained.” The following is offered as a statement of the functions of Navy Information Warfare:

Naval Information Warfare functions are to achieve superior situation awareness and combat command decisions; influence enemy decisions; deny the enemy information superiority; disrupt enemy decision making; and  protect and defend own force information and information systems from external or internal threats.

Tasks

JP1-02 defines “Task” as: A clearly defined action or activity specifically assigned to an individual or organization that must be done as it is imposed by an appropriate authority. A discrete event or action that enables a mission or function to be accomplished.”

IW tasks are those tasks considered essential for the accomplishment of assigned or anticipated missions. After defining IW mission and functions, mission area analysis can proceed to identify mission essential tasks, and define required operational capabilities derived therefrom.

In summary, IW is a predominant warfare area that has the unrealized potential to be a major factor in prevailing in naval warfare with a near-peer adversary through the employment of Information Operations. A clear definition of IW missions, functions, and assignment of responsibilities for requirements, resource sponsorship, acquisition, and combat systems integration would serve to place this warfare area on a firm footing and serve a foundation for the realization of its significant potential contribution to combat success.  

Richard Mosier is a former naval aviator, intelligence analyst at ONI, OSD/DIA SES 4, and systems engineer specializing in Information Warfare. The views express herein are solely those of the author.

Featured Image: PENSACOLA, Fla. (Feb. 3, 2011) The Center for Information Dominance (CID) has become the first non-operational shore command approved for the newly created Enlisted Information Dominance Warfare Specialty pin. (U.S. Navy photo by Gary Nichols/Released)