On-Line Education For Terrorists & Wannabes

I have been an on-line instructor for American Military University since 2009. My students are not easy to categorize except they are mostly either serving or former military or individuals seeking to break into the intelligence community as a career.

AMU and its parent, APUS, offer asymmetrical courses. This means the students and the instructors are not on-line at the same time. The materials started out like traditional, brick and mortar schools meaning they were a combination of documents and books.

Video is generally considered a way to make the ‘classroom’ more inviting. I fact, when I developed a course for AMU entitled “Cyber & The Intelligence Cycle”, my supervising Faculty Director told me I had to provide 20 minutes of ‘entertainment’ for the students. If you’re interested, let me know and I’ll send you a like to one of the PPT lectures that I recorded with my voiceover.

Apparently the use of videos in on-line education is an international trend. While researching for this week’s Blog post I saw some information about Wilaya Ninwa, the propaganda arm of ISIS. In rummaging around the Internet I came across a new source (see: http://bit.ly/2qt4rIv, which is also the photo source).  The reference to the trigonometric formula that the tangent = the opposite/the adjacent was not lost on me and indicates a unique analytical perspective.

They featured a 35 minute video among others. The referenced link offers some analysis of the video as well as some clips.

I was struck, not by the fact that they were using videos, but the length. Given the probable target demographic I was quite surprised that the video is over 10 minutes long. Perhaps this because the video is meant to be a recruiting tool or a subliminal persuader and not a being a training vehicle.

As I learn more about video, it appears that 10 minutes is the sweet spot. I’d be very interested in learning what readers have to say on the subject.

“The Truth” – You Can Make Fun of the Truth!

With apologies to Jack Nicholson, AKA COL Jessup, USMC (see: http://bit.ly/2pyEKCd), sometimes you help people handle the truth through fiction and even satire.

Duffleblog.com is in my opinion, one of the more acerbic and generally accurate satirical military sources. However, I’m often reluctant to repost or ‘Like’ their posts because candidly I think some people who are not familiar with the military will take the posting as ‘real’ rather than the satire it is.

They outdid themselves with “Pentagon Creates New Meme Warfare Center to Counter Online Propaganda” (see: http://bit.ly/2qUGxXb, which is also the photo source).

First of all the dateline is Fayetteville, NC the home of Fort Bragg which houses the Army Special Operations Command, parent of active duty MISO and the US Army Civil Affairs and PSYOP Command, parent of USAR PSYOP (not called MISO yet).

Fittingly the lead quote contains a misnomer. It says ‘make them go virus’ instead of ‘viral’ implying that the writer doesn’t know anything about the subject matter. They proclaimed that the boss of this organization would be a 65-year-old two star (Major General). I did a bit of research and it appears that for the mandatory retirement age for General Officers is 62 (see: http://tfumux.wikia.com/wiki/Average_ages_per_rank_in_US_Military).

MG Farmer has two strikes: he’s over the mandatory age and given the rest of the article – doesn’t really know very much about the Internet or popular culture. The implication may be that while DOD, and the Army in particular, may recognize that something is important and requires attention, the response isn’t always well thought out or appropriate.

The point for MISO/PSYOP professionals is that you can often use fiction to do what non-fiction cannot. A prominent former White House Staffer under several Presidents once told me ‘you can say more with fiction than you can with non-fiction’.

Enjoy the Food for thought.

PSYActs – What you do effects your audience.

Once upon a time, in a far away land called IGMR (Indiantown Gap Military Reservation) an intrepid young Army ROTC cadet was leading his squad down a road when an enemy tank rumbled out in front of us. That event had quite a psychological impact.

Fast forward to March 2017 when the same cadet was a retired Colonel SME orchestrating an influence campaign designed to convince an adversarial military CDR not to lead a convoy on an attack mission. While the 'shock action' of tanks was not appropriate, one avenue that open was to have a couple of ‘fast movers’ fly over the convoy sending the not so subtle message – if you move forward, the next time these jets won’t be so benign.

There is a great deal to be said in favor of non-lethal action to get results. One technique is to employ lethal weapons in a PSYAct – a psychological action – designed to send a strong sensory message.

One of my favorite military sources is “Task & Purpose”. Their May 5, 2017 e-mail included  “F-35 Pilot Shares How Stealthy Fighter Psychologically Wrecks Enemies” (see: http://bit.ly/2pOoAX8; which is also the photo source)

In the article the author describes “a sense of dread” which is precisely the kind of impact you want to have on an enemy. The message sent by the F-22 was “you can’t find us, you can’t fight us.”

Other PsyActs do not have to be as dramatic. While I was in SFOR Bosnia US personnel were generally dressed in ‘full battle rattle’, meaning helmet, flak vest, etc. The British on the other hand were not.

In a confrontation the Americans had little in the way of non-lethal options while the British Army could simple go to their vehicles and ‘suit up’ in their battle gear sending a pretty strong message.

The bottom line is that all manner of influence can be employed and the psychological impact of kinetic weapons in a non-lethal message can be quite effective.

Everyone’s A Critic

I spent a fair bit of my career in marketing. I often said “marketing is like drumming, everyone thinks they can do it”.  In today’s 7x24 social media world any one can be a critic. In it’s   April 27, 2017 print edition, The Economist ran an article “The declining quality of Venezuela’s Propaganda” (see: http://econ.st/2oUcdHF, which is also the photo source).

The article addresses how even a totalitarian regime can fall on its sword when it comes to Social Media. Nicolas Maduro, the country’s president is trying to paint a positive picture of life there, much to the dismay and consternation of Venezuelans.

The power of images is reflected in the comments noted in the article. In particular pictures of obviously well-fed government officials does not play well in a country where poverty and food shortages have flourished in the past two years.

From a PSYOP/MISO perspective the message is pretty clear – you can’t turn an elephant into a giraffe. Influence campaigns need to be grounded in truth. Campaigns that are predicated on falsehoods will be quickly exposed and discredited.

While this principle has been around for a while, the 21^st Century Social Media explosion has reinforced it.

Politicians Can Be Part of a PSYOP Campaign – Whether They Realize It Or Not

Many of us remember then President George W. Bush declaring victory in Iraq under a “Mission Accomplished” banner on the USS Abraham Lincoln in San Diego on May 2, 2003 (see: https://opinionator.blogs.nytimes.com/2009/01/25/mirror-mirror-on-the-wall/comment-page-14/?_r=0, which is also this picture’s source.)

This week Vice President Pence decided to break protocol and, according to various media, stare down the North Korean troops at the DMZ (see: http://thefederalistpapers.org/us/new-video-shows-pence-stare-down-north-korean-troops-at-dmz, which is also the photo source.) The picture is actually a still taken from the CNN video. 

Antics of one type or another across the DMZ have ranged from the comical to the tragic and the Vice President’s face making is just one of the latest. On April 29, 2016 Task & Purpose ran a story “North Korea Whines About US Troop Faces At Its Border Guards” (see: http://taskandpurpose.com/north-korea-whines-us-troops-making-faces-border-guards/, which is that photo source.)

Of course, one could also conclude that neither Mr. Bush nor Mr. Pence were posing for our adversaries but were courting the American Public.

Mr. Pence’s rebellious (if you could call it that) seems to follow the pattern of the new Commander-in-Chief, that is act first and think later. This time there doesn’t seem to be much of a downside. However, it is fair to say that actions by Heads of State and other senior government leaders, whether attended or not, can have significant impact due to the 7/24 news cycle and social media.

Images can be taken out of context and used for purposes quite opposite of their original intent. A little forethought can prevent our adversaries from getting even more information ammunition.

How You Look Matters

One of my favorite military sources, Task & Purpose featured this little video about a Florida Police Department and their mission to combat drugs in their Florida County (see: http://bit.ly/2o6A6eE; which is also the picture source).

While the Sheriff certainly has the best of intentions, he and his deputies  come across as something between King Cobra’s gang (see picture at left; source: http://bit.ly/2o5Ojrx) and ISIS. The climax of the video when he and his coterie march off doesn’t help either.

An unfortunate fact of life is that many people will judge you by how you look. Many of us remember our mothers checking us out before we were permitted to leave. Some of us of have wives who fulfill the same purpose today.

In the MISO/PSYOP world there are two contexts WRT appearance.

1.     The Audience

You need to dress to have your audience feel positively about you. In sales training we often say “the prospect has to be listening to you and like you as a person before they will consider buying anything from you”. In the case of an audience that you are attempting to influence, such as the population of Lake County, you need to adapt your uniform to engender the trust of the people you are attempting to serve, yet adhere to appropriate force protection measures.

A very good example were the Brits in Bosnia. While the US troops were always in “Battle Rattle” – meaning helmet and body armor, the Brits were not. They wore soft caps and no body armor. This means if they came across a situation where a non-lethal response was preferred as a first step, the could upgrade to body army and helmets as a way of showing business.

Clearly this lesson was lost on Lake County. Of course it’s possible that the Sheriff thought only the bad guys would watch this video and get scared, but of course, that would never be the case in today’s world.

2.     The Supported Unit

MISO never works alone. We are always supporting a unit wither SF or Conventional and we need to look like we are a part of that unit in the military context.

Any potential negative impact of the Sheriff’s video may not be known, but it is at least a pretty good example for instructive purposes.

Small Unit Tactics Are Fundamental

I just finished my most recent stint as the IO SME for a Joint Public Affairs Contingency Course. As a part of the operational play I had to devise an influence campaign to try and stop a BN CDR from attacking the capitol city as ordered by his BDE CDR.

I must admit I wasn’t the best map-reader in the Army. I always tried to pair myself up with someone who was good at it. However it was clear to me that even before I could even develop my own MISO CONOP I had to understand the military operation. This meant assessing the convoy route, determining how long the convoy would be allowed to travel before being attacked from the air, etc. This analysis complemented the media analysis of how to reach the unit’s leadership.

Many people feel the same way about the cyber realm. In developing a graduate course for American Military University (AMU), “Cyber & The Intelligence Cycle” I have one lesson which is a practical exercise. I thought it would be appropriate to provide some insight into cyber attack and defense along the lines of a class military piece on small unit tactics.  My version is a couple of pages and can be found below.

Duffer’s Drift (found at: http://www.globalsecurity.org/military/library/policy/usmc/fmfrp/12-33/fmfrp12-33.pdf) is regarded as a classic in the realm of small unit tactics. It is set in the Boer War and describes dreams that a LT has while being charged with the defense of a key piece of terrain. You can find a copy of the book on Amazon at: http://amzn.to/2nBB0j8 (which is also the photo source).

In this version I’ve brought it up to date and analogized the small unit infantry tactics to the cyber world of today. 

There is a USMC authored Rand version for Information Operations Practitioners which is 50 pages worth and can be found at: http://bit.ly/2oL1XRI

First Dream

“Do not put off defense” can be interpreted to mean employ an active, layered defense or defense in depth means to employ a number of complementary security products and services in your defense. These include multi-factor authentication, firewalls, intrusion prevention systems, etc.

“Locals” we can define to be contractors, visitors, temporary employees and similar stakeholders. In the defense context the principles relating to ‘locals’ means that you treat everyone as a security risk who must adhere to the same policies and procedures as employees and who must be subject to the same sort of cybersecurity technology products and services as others. Security needs to be uniform across all personnel seeking to access the organization’s information technology resources.

“Tents” in the cyber context means insure that all devices and networks have at least a minimum amount of security to avoid casual use by unauthorized personnel and to discourage would be cyber trespassers.

Second Dream

The second dream makes a strong case for cyber concealment and deception. Techniques here can include honey-pots and sandboxes. Honeypots and sandboxes are technical means whereby systems and/or networks are set up that are totally isolated from actual systems and networks. They are designed as decoys to attract, study, and entrap attackers. Both of these induce the attacker into an area where they can do no harm.

As to locals in this dream – the implication is that the organization treats the employees well so that they don’t covet the contractor’s position. Contractors should not be given favorable treatment to include the need to cover shifts beyond the normal day shift/week day work schedule.

Third Dream

The third dream makes the case for stringent ‘local’ management. This may also alluded to the 21^st century enchantment with Social Media and that family members might unwittingly be security risks or even targets. Executives and those in sensitive positions need to take special care to insure that the organization’s sensitive data, prototypes, plans, etc. are not accidently exposed on social media by family members. This bid for OPSEC means that family members should be aware of the dangers of social media and should have clear guidelines as to what they cannot do.

Comments with respect to trenches can be taken to mean that there is a need for advanced security architecture. Architecture should also consider how organizations should maintain security in the face of advances in smartphones, tablets, etc. Systems should be designed with cyber security as a core foundational element rather than as an add-on feature after the systems or applications are fielded.

Fourth Dream

There are several key points contained in the 4^th dream. First of all, the dream correctly realizes that cyber is everywhere. This is especially critical given the growth of the Internet of Things (IoT) as the 21^st century version of Supervisory and Data Acquisition (SCADA) systems. Advice about guarding your rear could easily be interpreted as watch out for intentional (created by bots perhaps) or unintentional backdoors. Today’s software is highly complex and contains tens of thousands of lines of code. Product flaws, whether or known or unknown, can offer inviting entry points for attackers.

Huddling the men could be interpreted as meaning - don’t put all your sensitive data in one spot. This principle is a driving force behind cloud architectures software as a service. Data Centers are giving way to web services for a variety of reasons with cost reduction being a primary consideration and advanced security such as provided by Amazon Web Services (AWS) being another. Not that AWS is impregnable. They make it clear that the client bears a heavy responsibility for security as well.

Concealment needs to be addressed physically and logically. Physically it is not a good practice to make it easy to find your data center. Data centers should be concealed to add to their security and they should be buffered with appropriate physical security measures.

Interestingly enough the 4^th Dream makes a case for penetration testing – “Look from the enemy’s view.” As a practical matter, penetration testing should be holistic. While employing white hat (good guy) hackers to test your IT security postures is a good idea, Human Intelligence (HUMINT) operatives should be considered to test resistance to social engineering and other people based efforts.

Fifth Dream

Makes a case for deception. Read industry expert Bruce Schneier’s brief summary at: https://www.schneier.com/blog/archives/2014/08/us_air_force_is.html.

Sixth Dream

Use everything you have learned in all the other dreams to come up with the best possible cyber defense in your own situation.