Experts grapple with how to achieve information dominance, and what to do with this once U.S. forces can seize it. Meanwhile, the proliferation of information appliances such as laptop computers and wireless personal digital assistants raise the specter of information channels falling into the wrong hands.
It has been Pentagon gospel since the Persian Gulf War that battlefields of the future will — whether countering terrorism or combating an enemy state — be digital and victory will go to the side that can achieve and maintain information superiority. This term, in fact, has become so interwoven into defense parlance it has become an initialism: IS. Achieve IS and you will have ID — information dominance.
IS and ID involve much more than simply advanced computers and software. Some of the most imposing military challenges of the information age revolve around not only defining exactly what information superiority and information dominance are, but also what military and counter-terrorism forces must do to achieve them.
A 2001 report from the RAND Corporation, entitled "Measures of Effectiveness (MOE) for the Information-Age Army," helps put these issues in perspective. "The high degree of superiority that one side can conceivably obtain over another in the Information Age is what makes this variable, on the one hand, so critical and potentially revolutionary," the report states. "On the other hand, if neither side can achieve information dominance over the other — or even significant degrees of information superiority — the technologies of the Information Age and their much-heralded benefits may not prove to be as one-sided or decisive, for either side, as enthusiasts tend to assume."
Among the most important of these so-called MOEs are those that measure how to achieve and maintain information superiority and, if possible, information dominance, the report points out. Thus information warfare (IW) is more than just the hardware, software, and networks that enable the digitized force. Information warfare is the offensive and defensive capabilities that protect one's own data while compromising that of the enemy.
Top officials in the new Bush Administration have indicated they want to increase the pace at which the military moves toward light, fast, and mobile forces — those that depend on information for their effectiveness and survival. Examples of these forces are the U.S. Army's Interim Brigade Combat Teams and Objective Force next-generation ground forces. That has led to yet another new level of IW — taking IS and ID as a means of achieving what is being termed Decision Superiority.
Earlier this year, the Acquisition and Technology Policy Center of RAND's National Defense Research Institute issued a report entitled "Assessing the Value of Information Superiority for Ground Forces — Proof of Concept." It defines Decision Superiority as "the ability to make better decisions and to arrive at and implement them faster than an opponent can react. Decision Superiority is viewed as the essential or desired output of having IS — and IS is viewed increasingly as important to the command decision-making process. Therefore, to evaluate the true military value of C4ISR [command, control, communications, computers, intelligence, surveillance, and reconnaissance] systems, one should evaluate and take into account the quality of the information provided by C4ISR systems to the command decision-making process."
IW, however, is not a traditional weapon. The IW battle, in fact, may not always be co-located with the traditional battlefield, with the 21st century's complex interweaving of an increasingly computerized and data-dependent society.
Changing definitions"The distinction between the local tactical battlefield and the whole infospace is going to have to be reshaped as we move into the era of the Information Age and warfare that centers around information," says Mike Grady, chief technology officer for Northrop Grumman Information Technology in Herndon, Va. "By its very nature, infowar is global in implication and asymmetric in application. In order to affect something on the battlefield in Kosovo, we may do something in Denmark that has an effect in Italy that will change a behavior in the Balkans. All of the traditional thinking about 'I'm here and the enemy is there' will change."You may have so compromised and confused the enemy's information resources and his feeling that he is working with adequate information as to change the dynamic of the battlefield," Grady explains. "It's not just saying, given the traditional tactical data link environment we have, how does infowar play into that. If we do it effectively, it will so radically change the whole battlefield environment that itself becomes the weapon."
Information attacks can manifest themselves in a wide variety of ways. A nuclear explosion in low Earth orbit, for example, would knock out virtually every non-military satellite in use today. Modern commercial satellites are not hardened against electromagnetic pulse (EMP) or that type of radiation since the United States and Soviet Union stopped testing nuclear weapons in the atmosphere decades ago. While military satellites are protected, the loss of civilian communications still would drastically reduce military communications capability and have a dramatic influence on military operations.
The same is true with attacks on commercial computer systems. For example, interfering with U.S. Federal Aviation Administration (FAA) or even an individual airline's computers could keep military personnel flying commercial airlines from reaching their duty stations, which in the short term is just as effective as killing those individuals.
"In the heyday of the Cold War, government subsidized parts of the infrastructure to harden and provide redundant capabilities; right now, that doesn't seem to be in the scheme of things except in some very narrow areas," says retired Air Force Maj. Gen. John Casciano, now group senior vice president at the SAIC Secure Business Solutions Group in McLean, Va.
"That means your economic security is at stake and you have to debate within the country what role the government has in economic security," Casciano says. "There are a lot of fragile elements to the infrastructure that, if they go down, could have a devastating effect, not only in the U.S., but across the world. Just look at what happened in California when they had to curtail some operations due to the energy shortage. At some point, we in this country need to have a serious discussion about what role the government should play in protecting these infrastructures and what incentives from the tax coffers and regulations can be offered."
Although it would take a more sophisticated effort, such attacks also would work on the battlefield. Take a situation where an adversary changes a database that lists the munitions available at a local facility so that the commander believes he only has enough for eight sorties, where in reality he has enough for 40. The adversary effectively has grounded 32 sorties as if he had destroyed 32 aircraft. This adversary later may be able to capture that airfield, collect 32 undamaged aircraft, and turn a previously neutralized threat into an active one for the other side.
"We no longer talk in terms of absolute security — we talk in terms of risk management and how to do that in a smart way," Casciano admits. "One thing we do at SAIC is test commercial products companies want to sell to the government against very specific standards set forth by NIAP [the National Information Assurance Program]."
Cyber attacks on a nation's utilities, transportation, communications, and finance could be devastating on a broader level. As one cyberwar expert asks: who is more powerful, the Navy admiral with a fleet of ships, or a computer expert able to devalue the adversary's currency at will? In that scenario, the goal of the information warrior is to capture the "hearts and minds" of the decision-makers. It is a weapon defense experts say can make an individual terrorist — foreign or domestic — more powerful than a battle-hardened army.
Shifting landscape"Information warfare will change the total landscape of how political objectives are met in the Information Age," Grady says. "The enemy can be anybody who has an issue to raise with the U.S. government, even individuals, terrorists, Third-World countries — anybody with an issue can grab our attention. It is incumbent upon the developers of modern technology — especially soft technology, such as information — to think about the downside of the vulnerabilities being created by it, but that doesn't mean we shouldn't be every bit as aggressive as we can in exploiting these technologies."The Geneva accords really don't reflect the way terrorism plays a role in the world today,: Grady explains. "Rules and decorum are out the window. That works for us and against us. For the U.S., it puts us in a vulnerable position; we no longer have two big oceans and two big, friendly countries around us to protect us. Anyone anywhere can access any computer anywhere — and any computer connected to it. Everyone is trying to protect their IP networks today, but if even one computer on a network has a modem attached, that is an access point to the entire network."
There are defenses against cyber attacks — firewalls, encryption, virus detection, and eradication software. But as has always been the case with armor/anti-armor, every new defense gives rise to a newer and better offense — and vice versa.
An excellent example occurred in late August, when the aircraft carrier USS Constellation sailed into Hong Kong harbor. While an implicit show of U.S. regional military power to the Chinese, it also was greeted by that nation's military as a major IW opportunity. While all official message traffic in the fleet is encrypted and secured, the estimated 20,000 daily e-mails sent and received by individual sailors on board the carrier and its escort ships are not. And the Chinese were almost open in their monitoring of those e-mails to glean whatever intelligence information they might find.
"Collecting uncensored e-mails from an aircraft carrier or military base is perfectly plausible," Casciano says. "The real protection comes from how well trained our military personnel are in operations security. And that has been a concern throughout military history. Look back to the old 'loose lips sink ships' posters of World War II."
And, he adds, such private e-mail also can be used in a more direct attack mode, sending individuals false messages about spousal affairs or a child's involvement in drugs: "The offensive use of e-mail to affect the morale of troops is an interesting situation," Casciano points out. "Again, we could all do a better job of training our forces for these kinds of threats, just as we did to desensitize them to Tokyo Rose, but that is a 21st-century problem."
The information warfare weapon also could be turned against the home front, he notes: "Imagine if today we were fighting a very unpopular war in Vietnam, with the dependence on the Internet and modern communications technology we now have. Would the adversary propaganda machine be doing what it did with POWs — or trying to get to the morale of our troops by reaching back to their families and the American public at large? It certainly would have changed the complexion of things. Would all of those protestors be out with placards — or be involved in virtual ops against part of the military infrastructure or civil infrastructure?"
Paul Zavidniak is information warfare program manager at Northrop Grumman Information Technology, a recent reorganization that brings together all IW elements across Northrop Grumman — including Logicon. He says that compromising troop morale through their families is a clearly stated part of some nations' military strategy for future conflicts.
"The Chinese can leverage what happens on the battlefield by making things happen off the battlefield to impact your will to fight," he says. "So if the battlefield goes poorly, they will extend their information warfare to the enemy's homeland. It will be a different war than the warrior has ever seen before."
This approach represents an evolution of psychological warfare — at which Casciano says the U.S. is not particularly adept. "Because of the nature of our society, we are probably not as sophisticated at psywar as others. But there is enough experience out of recent military operations that suggest we need to get more sophisticated about it," he warns. "That has to do with public affairs, with diplomacy — open or otherwise — with how you handle perception on the other side. That's tough and involves a lot of knowledge of cultures and human nature, which we may not be as good at as we could be."
IW also does not necessarily mean the same thing to all players within the U.S. military.
"The services, as they look to information warfare, look to employ it in different settings because a lot of the roles have been allocated already," Zavidniak says. "So some of the services that are more tactical in orientation, such as the Army, have taken a very tactical approach to infowar. Those more strategic, such as the Air Force, have a much more global perspective of what they can do and what they can influence on and off the battlefield."
Other challenges loom on the horizon. The implementation of IW technologies between the U.S. and its allies does not always go smoothly, he adds: "We have a tough time just communicating with our allies in coalition operations and, as we continue to press forward, we leave them farther behind. What we've found in lessons learned from actual combat experience is we haven't done a very good job of integrating infowar into the battlefield effectively. We tend to compartmentalize the IW guys away from everyone else. It's difficult enough to go across services, but to go with allies becomes very problematic."
That kind of integration is of increasing importance because, as the RAND report notes, the growth of IW as a factor in military planning and strategy will dramatically change the way force and weapons are employed in battle.
"The quest for information superiority leading to dominance might also change the nature of land power and ground warfare in the future. The direction of this change, as the Army evolves from its current force structure to Army-21 and, beyond that, to the AAN (Army After Next), could result in a reconfiguration of current relationships between firepower and maneuver on the battlefield. The historical balance between firepower and maneuver, which tended to favor firepower throughout much of the 20th Century, could change, thanks largely to the role of information versus other technologies and systems," the report says.
"By the time the AAN arrives in 2025 or beyond, Information Age developments might already have enabled Army maneuver units to fight dispersed across both the length and the depth of future battlefields. In other words, ground forces may no longer measure success or failure by their ability to maintain a continuous FLOT [front line of troops] but, rather, by the amount of both immediate and surrounding battlespace a given unit can control at a particular time. Even if FLOT movement continues to endure as an important yardstick, measuring it will be affected by the role that information plays in such calculations. The ability to maneuver ground units more effectively than at present (to maximize their operational reach) is what Information Age technologies promise to provide."
Network securityAs with anything else, the total information network is only as secure as the weakest link, a factor that becomes increasingly complicated given the coalition nature of most global military operations today."It's one thing to do certifications and accreditations on our own systems, but we become very dependent on the security and assurances of coalition systems," Grady says. "Add to that the fact that, in some countries, there is no distinction between the military and civil infrastructure, which opens you out into the whole Internet, and you present a unique challenge to the battlefield commander. Even in the U.S., there is so much interplay between the domestic computer infrastructure and [U.S. Department of Defense] infrastructure, it makes computer network defense a national priority, not just from a military or government perspective, but also from an industry perspective.
"The entire network-centric warfare grid, with various platforms communicating through tactical datalinks on the battlefield, has us looking at the vulnerabilities of tactical datalink and how can those vulnerabilities be exploited from the perspective of our adversaries and how can we protect those assets," Grady continues. "On that front, everybody is working with firewalls and intrusion-detection systems. We believe, in the operational battlefield environment, there are some unique aspects to intrusion detection and detection of datalinks that don't have a direct corollary in commercial space. We're also working on how to recover key tactical systems in a minimal amount of time with a minimal amount of loss once you know they have been compromised."
The growing U.S. dependence on such information thus could be seen as a vulnerability, especially when facing a less-sophisticated adversary with less dependence on such technologies. However, Casciano says it would be extremely difficult for any likely adversary to overcome the overwhelming U.S. capability.
"One of the real advantages of the system of systems we are setting up is there are so many redundancies that there might be degradations at various times and places and the tempo of an operation might be set back temporarily, but it would not limit our ability to act," he says. "We're really the beneficiaries of a military that may need some things in terms of modernization, but still has tremendous capabilities we can field."
This, he adds, does not mean the U.S. has resolved all of the issues it must to implement the benefits of IS/ID.
"What we're seeing now about using America's advantage in modern technology to leverage our forces on the battlefield is starting to take the form of a real serious effort to integrate command and control with intelligence, surveillance, and reconnaissance," the 32-year Air Force ISR veteran says. "If you're going to do all this, you not only need to have all these capabilities, but to link them in a way that is safe and secure. Otherwise, smart and brilliant weapons become essentially dumb weapons."
Four basic componentsCasciano says there are four basic components to achieving information superiority on the battlefield: Gain, exploit, defend, and attack. For the latter, attack can be either kinetic or cyber."We're used to thinking about heat, blast, and fragmentation on command centers, but there are other ways of achieving similar goals that are not as well developed or understood or integrated into military planning and execution. These are things that can be done in cyberspace, in the RF environment — such as jamming and spoofing — or a combination of the kinetic and non-kinetic, such as using special ops forces to go out and harm parts of the enemy's command and control system," he says.
"Modern technology allows the use of non-kinetic means to influence the other side's view of the battlefield and therefore the efficiency of their execution. However, today that is not a major part of what the military can do nor does it apply to every potential adversary. The more sophisticated and reliant on ones and zeroes an adversary is, the more vulnerable he is. That is why it is good to retain a full toolbox of both kinetic and non-kinetic weapons."
However, Grady says the current state of IW offensive weapons in the U.S. arsenal is very crude.
"It is relatively easy to take out the telecommunications systems of the southwest United States, but much more difficult to take out the system 10 square blocks around city hall in Atlanta. One thing we are working on at Northrop Grumman is how to model weapons effects and develop a sense of how to deploy these infowar tools in a way as to achieve the desired objective and only the desired objective," he says. "If you want to take down a bridge, there is a manual you can turn to see what explosives you need to take down X amount of concrete; there is no such manual for infowar. We're moving toward looking at that now from a cyber warfare perspective."
On the defense side, U.S. and allied reliance on information superiority and smart and brilliant weapons means an increased responsibility to protect access to information. That involves taking precautions throughout the entire range of capabilities, determining their vulnerabilities, and building defenses into those systems to protect against the most likely kinetic and non-kinetic threats an adversary might have.
"All of this works because of our ability to move information around quickly and have it readily available in databases that can be shared by every part of the system. So the importance of being able to protect and insure fiber optic circuits on the battlefield or point-to-point connections or networks deployed for the digitized battle fleet becomes very important. How much security can you put into this system you are relying on for the execution of a battle plan?" Casciano says.
"We have invested fairly significantly in providing those defensive capabilities, but you will never catch up in this cycle because there are new vulnerabilities discovered every day. What we are really talking about is how do you manage this risk? Like the rest of the defense budget, there's just not enough money to do everything needed at once, so you begin with the most critical components and work out from there."
RF intrusionsZavidniak says as the military becomes more and more network centric, and moves data-transfer capabilities further down the chain of command, such issues as jamming and spoofing of computers and radios become increasingly important. Even so, he adds, there are only a few government efforts in progress — such as those at the Air Force Research Lab in Rome, N.Y. — looking at detecting intrusions that come over radio waves."As you move data down to the battlefield and give soldiers computers, you are doing a very effective thing in sharing information, but a very scary thing in giving someone who is in the battle access to data," Zavidniak warns. "In a battle, you lose people and face capture and overrun situations. And that means losing data, giving access to an adversary. At the field level, what have we done to protect that data terminal, whether it is a laptop, a PDA, or whatever? Not much, because we trust that soldier. But what happens if he loses his terminal?
"The technologies we're working involve how do you know when you've lost something and how do you maintain the flow of information to your own forces and deal with an adversary who now has the equipment you lost. This is a huge task that only stands to get larger faster as we race forward with products in the digital battlefield," Zavidniak continues. "For industry, the challenge is to assure at the same pace that we deploy and not let deployment get ahead of defenses — or vice versa — because then we don't have the right balance we need."
The first response to information assurance and protection on one side and acquisition and intrusion on the other tends to take the form of encryption and decryption. But Zavidniak says technology ultimately may not be as important as doctrine once the battle is met.
"Perhaps we spend an inordinate amount of time worrying about breaking encryption when the real problem is following the doctrine in place, because it is really tough to get communications up and keep them up in a real-world battlefield environment," he says. "We have to be careful we don't take shortcuts in actual battle to keep the circuit up and compromise our systems that way. When you do what you're supposed to, encryption isn't so much a worry as it is if you don't."
