Tuesday, March 15, 2011

Something Different: IO and Terrorists

Today's posting is something a bit different. Following is a concept paper I drafted for a colleague. Essentially I took the IO capabilities of DoD and then provided analysis on Terrorist employment of those same capabilities.

Comments and input are welcome of course.

Photo Source: http://samsonblinded.org/blog/osama-too-good-to-be-true-part-1.htm

Terrorist Use of Information Operations (IO)

COL (R) Lawrence D. Dietz; General Counsel & Managing Director Cyber Security,
TAL Global Corporation

I Introduction
The US Department of Defense employs Information Operations to influence the course of battle and act as a combat multiplier. Terrorists are also very successfully employing IO and technology to their advantage. This short paper will give you an overview to assist you in future research.

II Department of Defense IO Capabilities

Reference: http://www.carlisle.army.mil/usawc/dmspo/Publications/Information%20Operations%20Primer%20AY11%20Web%20Version.pdf; Accessed 15 Mar 11

A. Core Capabilities

1. Psychological Operations (PSYOP) now Military Information Support Operations (MISO) – operations designed to influence the behavior of the target in line with CDR’s Concept of the Operation (CONOP)

2. Military Deception (MILDEC) – actions taken to shield true capability from the enemy (e.g Patton’s fake Army in the UK as a decoy for the Normandy invasion.

3. Operations Security (OPSEC) – all measures taken to shield information from adversaries and enemies

4. Electronic Warfare (EW) – dominance of the electronic spectrum, actions can include jamming to deny the enemy is communication, actions taken to identify enemy electronic emitters to facilitate identification of their units, other order of battle information, targeting for interception or jamming.

5. Computer Network Operations (CNO)
a. Computer Network Attack (CNA) – denying the enemy the use of their IT networks.
b. Computer Network Exploitation (CNE) – using the enemy’s network for friendly advantage, e.g. intelligence collection, communications medium, storage of hostile software code, etc.
c. Computer Network Defense (CND) – defending one’s own network

B. IO Supporting Capabilities

1. Counterintelligence
2. Combat Camera (Air Force Unit that provides still and video camera support)
3. Physical Attack
4. Physical Security
5. Information Assurance – protecting electronic information

C. IO Related Capabilities

1. Public Affairs = Public Relations; a conduit to the media and creator of print, and broadcast media.
2. Civil Military Operations – military forces employing civilian skills to improve the life and infrastructure of a local population.
3. Defense Support to Public Diplomacy – Department of Defense support to the Department of State’s Public Diplomacy Operations

II Terrorist Use of IO Capabilities

A. Core Capabilities

1. Propaganda – Terrorists are making exceptionally good use of the Internet as a means to inform, influence and recruit. They are also being supported by ‘friendly’ media such as Al Jazeera which tends to spin the news in a way that is favorably received by the Arab Street. Terrorist propaganda is especially effective due to the speed with which they capitalize on events that serve their purpose. This rapid response is indicative of a streamlined or de-centralized chain of command and abbreviated approval cycle.

Allied information support operations tend to be much more cumbersome due to the heavy ROE and complex approval schema which can often include both military and civilian command cycles.

2. Military Deception (MILDEC) – In my view terrorist operations tend to be decentralized although they employ deception to shield their true intentions and make very effective use of ‘cover’ identities.

3. Operations Security (OPSEC) – Terrorist cells are generally quite secure due to their decentralized nature. Most terrorist organizations appear to have a very healthy respect for Signals Intelligence and will avoid electronic means of communications such as mobile phones to avoid detection. Trade craft to include steganography (the concealment of messages in pictures) is also employed along with other measures such as compartmentalized chat rooms, common password schemas, etc.

4. Electronic Warfare (EW) – Improvised Explosive Devices (IED) are often remotely detonated via mobile phones, garage door openers, etc. I am unaware of any large scale terrorist jamming efforts to date.

5. Computer Network Operations (CNO)

a. Computer Network Attack (CNA) – Experts believe that terrorists will employ cyber attacks in conjunction with a kinetic or physical attack. CNA may be employed prior to or subsequent to the kinetic attack depending on the type of operation.

b. Computer Network Exploitation (CNE) – Terrorists, and nation states for that matter are routinely probing networks of interest. Terrorists are likely to employ a combination of human agents to infiltrate target organizations to be in a better position to exploit networks directly or to insert malicious code (such as the Stuxnet reported planted to damage the Iranian Nuclear Research program) for later execution.

Exploitation can also include gathering intelligence from the network. Terrorist cells must be self-financing. Harvesting data (personally identifiable information or PII) that allows them to steal identities which in turn allows monetization through theft of funds, goods or services is very effective.

Terrorist cells can also exploit networks by gathering information that may be of use to the movement in some way such as to identify potential funding sources or gather target information.

Terrorists are employing the Internet as a cost effective and for the most part, relatively secure communications channel. Their global operations lend themselves to Internet communications for availability, cost and security reasons.

c. Computer Network Defense (CND) – Unable to comment.

B. IO Supporting Capabilities

1. Counterintelligence – No comments

2. Combat Camera – Terrorist organizations make effective use of still and video cameras. They also exploit images captured by other sources such as the media.

3. Physical Attack – Mumbai type attacks are very likely to increase. They require a small footprint, are relatively low in cost and very difficult to defend against. They are very effective at exploiting soft targets which in turns results in dramatic chaos which is then exploited through the media and by the Terrorists’ own sources.

4. Physical Security – No Comment

5. Information Assurance – See Opsec Above

C. IO Related Capabilities

1. Public Affairs = Public Relations; Terrorists are exceptional PR professionals. They understand the value of publicity, especially the emotional appeal of images. They are able to appeal to ‘friendly’ media to a very great extent.
2. Civil Military Operations – Hezbollah and the Taliban have been quite successful at using social welfare as a means to ingratiate themselves with local populations.
3. Defense Support to Public Diplomacy – Governments tend to hide their association with terrorist organizations.

No comments: