Information Warfare E-Book

Table of Contents

Abbreviations

Introduction

Chapter 1: The United States

1.1. Information warfare in the 1990s

1.2. Information warfare in the 2000s

1.3. Other important concepts and reflections

1.4. Loss of information control

1.5. American concerns

Chapter 2: China

2.1. The concept of “information warfare”: a genesis

2.2. The American perspective on Chinese information warfare, modernization and informatization of the PLA

2.3. Relations between Beijing and Taipei

Chapter 3: India

3.1. Entry into information society

3.2. Information warfare: development and adoption of the doctrine

3.3. Understanding attacks against Indian cyberspace

3.4. Indian hackers

Chapter 4: Japan

4.1. Japanese cyberspace flaws

4.2. The challenges of cyberspace security

4.3. Information warfare: a specific Japanese approach?

Chapter 5: Russia

5.1. Estonia–Russia: information warfare?

5.2. Doctrines and components of the “information warfare” concept

5.3. Potential players of information warfare

5.4. The Russia–Georgia conflict: new information warfare?

Chapter 6: Singapore

6.1. Regional and global economic ambition

6.2. Challenges to security

6.3. Cyberspace and national security

6.4. Singapore armed forces in the information age

6.5. Players in information warfare

6.6. International cooperation and cyberspace protection

Chapter 7: Identifying Aggressors and Acts of Aggression

7.1. Statistical data

7.2. Attacks against personal information and information warfare

7.3. Classification of CNA type aggressions

7.4. The players in CNA type aggressions

7.5. One weapon amongst others: the virus

7.6. Understanding the possible strategies of attackers

Chapter 8: An Information Warfare Law?

8.1. Warfare and the law

8.2. Engaging in and conducting a war

8.3. Protecting combatants and non-combatants

8.4. The challenges of information warfare for international law

Conclusion

Bibliography

Index

First published 2007 in France by Hermes Science/Lavoisier entitled: La guerre de l’information © LAVOISIER 2007

First published 2009 in Great Britain and the United States by ISTE Ltd and John Wiley & Sons, Inc.

Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form or by any means, with the prior permission in writing of the publishers, or in the case of reprographic reproduction in accordance with the terms and licenses issued by the CLA. Enquiries concerning reproduction outside these terms should be sent to the publishers at the undermentioned address:

© ISTE Ltd 2009

The rights of Daniel Ventre to be identified as the author of this work have been asserted by him in accordance with the Copyright, Designs and Patents Act 1988.

Library of Congress Cataloging-in-Publication Data

Ventre, Daniel.

[Guerre de l'information. English]

Information warfare / Daniel Ventre.

p. cm.

Includes bibliographical references and index.

ISBN 978-1-84821-094-3

1. Business intelligence. 2. Trade secrets. 3. Information technology--Security measures. 4. Computer security--Management. 5. Data protection. I. Title.

HD38.7.V4713 2009

355.3'43--dc22

2009026202

British Library Cataloguing-in-Publication Data

A CIP record for this book is available from the British Library

ISBN 978-1-84821-094-3

Abbreviations

Introduction

While industry and society started imagining, creating and dreaming of new lifestyles for humanity with the evolution of information technologies, strategists were imagining new conflict scenarios for the 21st Century; how could we take advantage of information and information technologies to take the lead over our competitors or enemies?

The Gulf War in 1991 seemed to provide an early conclusive answer. Controlling information and its technologies is the key to victory against modern conflicts. The expression “information warfare” was recognized throughout the world as a new and major concept, becoming the object of concern for many decision makers and strategists, whether they were military or civilian.

During the 1990s, other concepts took root in these debates on the control, risks and challenges of information and new technologies, such as, for example, information operations, cyber warfare, computer network attack, network-centric war or cyber terrorism. Since then, international literature has abounded with books, articles, reports, studies, analyses and official, unofficial, serious, and even sometimes farfetched expert comments, describing these concepts and theories ad infinitum. Today, in the military field, we sometimes prefer the expression “information operation”, though we increasingly mention cyber warfare, infowar or cyber attacks; however, the basic concept remains the broader “information warfare”, which includes a range of operations carried out within the information world.

Information technologies, presented as the primary vector of international growth in the 21st Century, seem also to be our worst enemy, the Achilles heel of our societies dependent on information systems because, through them and with them, our adversaries and enemies can attack us.

And attacks are widespread in cyberspace. They may vary in type (spamming, phishing, intercepting, intrusions, data leaks, site defacements and DoS1 attacks) but they are all an attack. As for the attackers, they have long had the image of a hacker, sometimes a minor, wrongly portrayed as a prodigy of computer genius (as if one needed genius to type on a computer to attack systems), able to penetrate the computer systems of a bank or government agency alone, and even suspected of being able to launch a major and destructive attack against the networks of a nation. But attackers are not all teenagers desperate for a new game. There can be multiple profiles and motivations; attacks do not only take the form of hacker attacks.

More generally, the concern that cyber attacks can disrupt the economy of a corporation or a nation, or even affect global stability, has become the nightmare of countries dependent on information technologies. The world has become conscious that it has entered the information technology insecurity age, controlled by security vendors.

And, since it is no longer possible to do without information and information technologies, we might as well, while we’re at it, do well by them and, if possible, be harmful to our enemies. How can we use information and information systems to increase our defence capabilities? How can we dominate the enemy? How can we defeat them?

Information warfare must respond to these expectations. It must provide nations that do not have the resources to reach the level of more powerful nations on a military, technological, economic and digital basis, the means to rival them. But for all that, information warfare is not the weapon of the poor, the rock that must be thrown at the giant’s eye to blind him, because information warfare supposes that we have relatively significant technological means, financial means and, especially, strategies.

The expression “information warfare” has not found a single, consensual definition. The reason is undoubtedly in the terms that it is made up of. The term “warfare” is still the subject of many a debate and its definition is different whether we are a sociologist, anthropologist, economist, historian, political scientist or member of the military. As for “information”, it is approached in a different way whether we are a mathematician, computer specialist, sociologist, journalist, member of the military or economist.

This book, which introduces the concept of “information warfare”, is not meant to completely solve these questions of definition. Its objective is to analyze what information warfare can be, its multiple aspects and components (because information warfare cannot be reduced only to attacks against computer networks), to identify its players, challenges and possible strategies, as well as looking at the input of some of the larger nations, where the world’s economic, political and military balances are decided at the beginning of the 21st Century.

1. Denial of Service.

Chapter 1

The United States

The United States proved the undeniable power of their military with Desert Storm in 1991. Since then, their modern military and combat styles have served as examples to the rest of the world. Of course, the impressive volume of troops deployed to conquer Iraq explained, in part, their victory against an inadequate military. But what people have retained is the new face of war: information is now at the forefront and its “digital” nature clearly provides a new power to its users. Not only could the planet watch the launching of operations in real time, but optimized use of information and communication technologies to help troops, and the coordination and preparation of operations and the carrying out of attacks proved to be, if not the key to victory, at least a major player in not losing. The lessons drawn from this victory raised several questions: was this a new type of war? Should we call it “information age warfare” or “information warfare”? This first chapter is naturally dedicated to the United States since they have been used as a reference and as an object of observation for the rest of the world. They have also put forward a series of doctrinal texts and innovative concepts in the last 20 years.

1.1. Information warfare in the 1990s

1.1.1. Points of view from security experts

In 1994, in his book Information Warfare [SCH 94], Winn Schwartau, security expert and author of many reference publications in the field of information technologies, defined three categories of information warfare:

– personal information warfare (called Class 1 information warfare), created through attacks against data involving individuals and privacy: disclosure, corruption and intercepting of personal and confidential data (medical, banking and communications data). These attacks aimed at recreating or modifying the electronic picture of an individual by illicit means, or simply by using available open-source information, can often be simply carried out through technical solutions for standard catalog or Internet sales;

– commercial information warfare (called Class 2 information warfare) occurs through industrial espionage, broadcasting false information about competitors over the Internet. The new international order is filled with tens of thousands of ex-spies looking for work where they can offer their expertise. The United States is the target of economic and industrial espionage from Russia, from ex-members of the Eastern bloc, from Japan (which has almost destroyed the American information technology industry in Silicon Valley), and France and Germany who would not hesitate to use hackers to steal information;

– global information warfare (called Class 3 information warfare) aimed at industries, political spheres of influence, global economic forces, countries, critical and sensitive national information systems. The objective is to disrupt a country by damaging systems including energy, communications and transport. It is the act of using technology against technology, of secrets and stealing secrets, turning information against its owner, of prohibiting an enemy from using its own technologies and information. It is the ultimate form of conflict in cyberspace occurring through the global network. This class of information warfare generates chaos.

According to Winn Schwartau1, real information warfare uses information and information systems as a weapon against its targets that are information and information systems. This definition eliminates kinetic weapons (for example bombs and bullets). Information warfare can attack people, organizations or countries (or spheres of influence) via a wide range of techniques, such as breach of confidentiality, attacks against integrity, psychological operations and misinformation.

Information warfare is therefore not limited to the military sphere: it can be carried out against civil infrastructures, constituting a new facet of war where the target can be the national economic security of an enemy. On the other hand, methods for carrying out a war are not a military monopoly. A small group of antagonists can launch an information warfare offensive remotely, while comfortably seated in front of a computer and completely anonymous. A group of hackers could choose to declare war against a country, independently from any control of state power.

For Al Campen2, U.S. Air Force colonel, one of the main criteria for defining information warfare is what is different from the past; this difference involves dependence on a vulnerable technology (information technology). Al Campen3 limits the field of information warfare to information (data) in its digital form and to the software and hardware responsible for its creation, modification, storage, processing and distribution. From this point of view, psychological operations4 consisting of scattering leaflets over populations are not information warfare operations; public broadcasting and electronic manipulation of television images, however, are part of information warfare. The physical destruction of telecommunications devices is not information warfare, but disrupting or paralyzing communication with the help of a virus is.

For James F. Dunningan5, information warfare is attacking and defending the capability of transmitting information6.

For Fred Cohen, information technology security expert and inventor of the concept of the “computer virus”7, information warfare is a conflict in which information or information technology is the weapon, target, objective or method8.

Martin C. Libicki9 defines information warfare as a series of activities triggered by the need to modify information flows going to the other party, while protecting our own; such activities include physical attack, radio-electronic attack, attacks on systems and sensors, cryptography, attacks against computers, and psychological operations. His definition is not limited to military information warfare. In 1995, Libicki wondered about the nature of this new concept: was it a new form of war, a new art, or the revisited version of an older form of war? A new form of conflict that would exist because of the global information infrastructure, or an old form that would find new life with the information age? Is information warfare a field by itself? In order to attempt to define the parameters of this concept, Libicki identifies seven major components:

– command and control warfare (C2);

– intelligence warfare;

– electronic warfare;

– psychological operations;

– hacker warfare (software attacks against information systems);

– economic information warfare (through the control of commercial information);

– cyber warfare (i.e. virtual battles).

Some aspects of information warfare are as old as time: attempting to strike at the head of the enemy (C2 war), carrying out all sorts of deceptions (deceiving, abusing and misleading the enemy), and psychological operations. On the other hand, hacker warfare and cyber warfare are completely new methods linked to the revolution of information and communications technologies.

For Larry Merritt10, technical director for the Air Force Information Warfare Center (AFIWC), information warfare includes all actions undertaken to exploit or affect the capacity of an adversary to acquire a realistic image of the battlefield or to operate the command and control of his troops. Information warfare also includes actions undertaken for the protection of our own capabilities; electronic warfare, computer network attacks, intelligence, reconnaissance and surveillance are all defensive actions.

The “information warfare” concept creates multiple approaches which can be very different. The reason is in the nature of the terms making up the expression: what is “warfare”, what is “information”? The problem in defining the semantic parameters is the cause of the different points of view on information warfare.

But regardless of the approach, information warfare seems closely linked to our new social and technical structure, to the strong dependence now linking our exchanges (our social, economic, cultural and political transactions) to information technologies. Information warfare could be a type of battle for the control of the digital space involving the whole of society. Information and information systems can be used to attack and conquer the enemy. Some would prefer to call it “information age warfare” to define the capacity to control and use the information battlefield, which then becomes an additional factor in the war, in the same way that the capacity to control air and space did in conventional wars in the industrial age.

The major point that seems to define the debate on information warfare is framed by the following questions: can the war be carried out only in the world of information? Are wars, as fought by man since the beginning of time with their streams of increasingly lethal weapons and bloody battles, on the verge of disappearing? Will information technologies revolutionize societies to the point of revolutionizing the way we fight wars, i.e. imposing our political will on others only through battles in the information sphere? Or will they only be a new complementary method? Should we call it “information warfare” or “information age warfare”?

The information space, understood as a space of violence, conflict and battle completely replacing the more traditional fields of conflicts, is one of the major ideas in the development of the “information warfare” concept: “Information technology is the most relevant basis for modern warfare. It has become conceivable to fight a war solely with information, which is expressed by the term ‘information warfare’[…]. Information warfare could be defined as comprising all the means of accomplishing and securing information dominance so as to support politico-military strategies by manipulating adversary information and information systems and simultaneously securing and protecting one’s own information and information systems, and increasing their efficiency”11.

1.1.1.1. Official military documents

It is impossible to list all the publications, reports, commentaries, analyses, opinions and notices published and expressed by experts of all fields on the subject since the beginning of the 1990s.

But in order to understand as much as possible what the United States mean by “information warfare”, it is necessary to understand military doctrines which have endeavored to provide the definitions of key concepts, while keeping in mind the pragmatic needs of defense. The idea is not to theorize but to provide the military with guidelines and precise frameworks for their organization, strategies, operations and tactics.

The text that formally launched the concept of information warfare is a classified guideline of the Department of Defense, from 199212. Subsequent evolutions, however, enhanced the concept before it finally found its place within the different American military doctrines.

In an instruction from January 199513, the Navy defined information warfare as an action taken to support the national security strategy14 in order to reach and maintain a decisive advantage, by attacking the information infrastructure of the enemy, by using, paralyzing or influencing opposite information systems while protecting friendly information systems. For the American Navy, the term “information warfare” means that ICTs are a force multiplier authorizing more efficient operations: more efficient electronic warfare, better cryptology. The military can carry out the same operations as before but in a better way. ICTs provide improvement compared to the past. This improvement attracts more attention than the idea of radical transformation of ideologies, objectives or targets.

The Air Force document called “The Foundation of Information Warfare”15 makes a distinction between information age warfare and information warfare: the former uses computerized weapons and the latter uses information as a weapon, an independent field.

The Army, Navy and Air Force do not share a common doctrine. This trend will be more obvious in the coming years.

1.1.2. US Air Force doctrine: AFDD 2-5 (1998)

In August of 1998, the US Air Force published its doctrine on information operations (Air Force Doctrine Document — AFDD 2-5 — Information Operations16). Examining the content of this document with a comparative analysis of the official doctrine of the Joint Chiefs of Staff (JP 3-13)17 published the same year is interesting, as will be seen in section 1.1.3.

How is information warfare defined in this doctrine from the US Air Force? What are its components? Which concepts must be compared with the concept of information warfare?

1.1.2.1. Superiority of information

Superiority of information is the degree of dominance in the field of information providing friendly forces the possibility of collecting, controlling, using and defending information without actual opposition.18

Superiority of information, as considered by the Air Force, is a state of relative advantage, and not a capacity as presented in JP 3-13.

1.1.2.2. Information operations

This term groups actions taken to conquer, use, defend or attack information and information systems, including “information-in-warfare” and “information warfare” simultaneously. Information-in-warfare means conquering (acquiring) information and using it. Information warfare means attacking and defending.

1.1.2.3. Information warfare

Information warfare is made up of information operations carried out to defend our own information and our own information systems, or to attack and affect the information and information systems of an enemy. The definition introduces concepts that will not be found in the Joint Chiefs of Staff approach (JP 3-13): the concept of counter-information and its two subsets of offensive counter-information and defensive counter-information. Counter-information establishes the desired level of control over functions of information, enabling friendly forces to operate at a given moment and place, without prohibitive interference from the adversary.

Offensive counter-information group offensive operations in information warfare, carried out to control the information environment by paralyzing, deteriorating, interrupting, destroying or attempting to deceive information and information systems include:

– psychological operations (the definition adopted is the same as the one subsequently published in the JP 3-13 document);

– electronic warfare (the definition adopted is the same as the one published in the JP 3-13 document);

– military deception;

– physical attacks (the definition adopted is the same as the one in JP 3-13);

– information attack, an action taken to manipulate or destroy enemy information systems without visibly changing the physical entity in which they reside. This means attacking the content without leaving a visible trace on the outside. The closest term is CNA (Computer Network Attacks)19 in JP 3-13. The JP 3-13 document includes computer destruction.

Defensive counter-information group activities carried out to protect and defend friendly information and information systems include:

– information assurance;

– operations security;

– counter-intelligence;

– psychological counter-operations;

– counter-deception;

– electronic protection.

1.1.3. The doctrine of the Joint Chiefs of Staff committee: JP 3-13 (1998)

Information warfare is also defined in a publication from the Joint Chiefs of Staff (JCS) on October 9, 1998, called Joint Pub 3-13 “Joint Doctrine for Information Operations (IO)”20. The JCS text was published after the Air Force document. This detail is important because the JCS publication is intended, theoretically at least, to apply to all departments. Since the “Goldwater-Nichols Department of Defense Reorganization” Law21 of 1986, each department must ensure the compliance of its doctrine and procedures with the common doctrine established by the Joint Chiefs of Staff. Information operations doctrines, however, were developed concurrently.

The JCS publication provides the doctrinal basis for the conduct of information operations during joint operations.

1.1.3.1. Superiority of information

Acquiring “superiority of information” means being able to collect, process and distribute an uninterrupted flow of information, while using or blocking the possibilities of an opponent to do the same.

Document JP 3-13 defines superiority of information as absolute perfection, with the idea of “uninterrupted flow of information” for friendly forces, banning this flow to the enemy. The U.S. Air Force is not seeking such an absolute, considering instead that operations in the field of information cannot be perfect. It prefers to speak of “relative advantage”: opponents will try to disrupt information operations, but Air Force superiority of information will ensure that these attempts are unsuccessful.

The components of superiority of information are also different, and the common components are structured differently. For JP 3-13, there are three components: information systems, relevant information and information operations. The Air Force only has one component for superiority of information: information operations.

1.1.3.2. Information operations

Information operations are the actions taken to affect the information and information systems of the enemy, while defending our own information and information systems. There are two main sub-divisions in information operations: offensive information operations (gain) and defensive information operations (exploitation)22. Remember that for the Air Force, the two sub-divisions of information operations are information warfare and information-in-warfare.

For JP 3-13, the expression “offensive information operations” means actions aimed at affecting adversary decision-makers in reaching or promoting specific objectives. For the Air Force, offensive activities of information warfare are carried out to control the information environment.

The objective of offensive information operations, which can be carried out in a wide range of military operation situations, at all levels of warfare (strategic, operational and tactical) and that can have an even greater impact when carried out in times of peace or at the beginning of a conflict, is to affect enemy decision-makers or to reach specific goals. Offensive activities include, among others:

– operations security;

– military deception (deceive, trick, and set the enemy up to act against his own interests);

– psychological operations;

– electronic warfare;

– physical attack, destruction;

– special information operations; — computer attacks.

Defensive information operations integrate and coordinate policies, procedures, operations, resources and technologies for the defense and protection of information and information systems. They must ensure necessary protection and defense of information and information systems that joint forces depend on to carry out their operations and reach their objectives. They consist of:

– information assurance (IA);

– operations security;

– physical security;

– counter-deception;

– counter-propaganda;

– counter-intelligence;

– electronic warfare;

– special information operations.

Defensive and offensive operations are complementary and support each other. Offensive operations can support defensive operations through four processes:

– protecting the information environment;

– detecting attacks;

– restoration capabilities;

– responding to attacks.

Because of their relationship, it is important that all offensive and defensive operations components are integrated. If, theoretically, defensive and offensive are separate, in reality, they must be designed and taken as inseparable.

The report also identifies “special information operations”, a category of information operations that requires detailed examination and a process of approval because of their sensitivity, their effect or impact potential, their security needs or risks to the national security of the United States.

1.1.3.3. Information warfare

The superiority of information diagram, according to JP 3-13, does not include information warfare, only defined as the series of operations carried out during a crisis or conflict to reach or promote specific objectives over one or more specific adversaries23. Information warfare therefore is only a subset of information operations: simply operations conducted in times of crisis or conflict. In times of peace, we could not speak of information warfare. But the doctrine does not define the notions of “crisis” and “conflict” either.

This definition is quite different from the Air Force’s definition.

In both approaches, information warfare is an information operation. But even though JP 3-13 separates information warfare and information operations according to the time space in which they occur, the Air Force considers that we are constantly in a state of information warfare because the defensive side is always engaged. This approach (from the US Air Force) may seem more relevant considering the situation after over ten years. The United States (and many other nations) are the subject of permanent attacks launched against their information space (targeting the Pentagon and sensitive infrastructures of the country through massive and coordinated DDoS (Distributed Denial of Service) attacks in increasing intensity since 2005), imposing a state of permanent defense, a cyber security and cyber defense strategy applied to all levels of the grid, i.e. to civilian and military information infrastructures. This defense must be engaged despite the absence of specificly known enemies, in a period where peace, crisis and conflict are mixed without clear temporal boundaries.

Information operations cover peace and returning to peace periods because of their presumed deterring character, which should also apply to adversaries in times of crisis, making them hesitate in initiating actions. The ultimate objective of information operations remains to affect enemies or potential enemies, so that they put a stop to actions threatening the American national security interests. The 1998 text obviously did not take into account the terrorist threat. The question still remains today: can information operations be efficient enough to dissuade or intimidate any type of adversary? The dissuasive character seems implausible. The main quality of the information space is to provide any type of attacker the ways to bypass security and defense methods. No nation, military or police force has been able to implement totally dissuasive measures against determined players, to this day. The main reason resides in the operation of networks ensuring invisibility and thus impunity to all who want to become attackers. In 2009, it seems that the computer weapon as bypass weapon, and certainly not as a weapon of dissuasion, is an accepted fact.

1.1.4. Components of information warfare

It is necessary at this point to explain in more detail the fundamental concepts discussed previously, particularly those called components of information warfare that we invariably find in the different doctrines which are formulated in the United States, but also all over the world. They are Psychological Operations (PSYOPS), Electronic Warfare, military deception, Operations Security (OPSEC), Information Assurance (IA) and Computer Network Attacks (CNA).

1.1.4.1. Psychological operations

The sub-title of this section could be “The importance of psychology in battles between individuals or groups of individuals”. PSYOPS emerged way before the digital age and will probably outlive it. They can be summarized as the use of communication to influence behavior.

Communication is the process by which an individual influences another person, involving the spectrum of human actions (speaking, writing, etc.). Theories of communication (particularly those of Melvin L. Defleur for whom communication is the group of methods making it possible to exert social control, allocate roles and coordinate efforts) provide more detail. Communication is a tool for relations, not only for individuals between each other, but also for individuals with their historical perspectives. Communication consists of:

– controlling the media to control received and broadcast information; filtering real information, real but partially presented information (scaling of facts), creating and broadcasting false information. The presence of the media in the field during conflicts, or close to a conflict, makes it possible for PSYOPS to take action contributing to the success of military operations, as long as the media can be controlled;

– manipulating minds through information;

– using the emotional impact of words, images, speeches or sounds;

– launching “positive propaganda” operations intended for our own camp, and “intoxication” operations aimed at the enemy.

Psychological operations by misinformation, intoxication, deception, banning and propaganda24 are incredibly important in a period of conflict because they contribute to the success of military operations, help in dominating the opponent, are used to attempt to dissuade the enemy from pursuing the fight, get him to surrender weapons and to surrender himself, help in preserving the morale of our own troops, and also help in getting and maintaining support from the population and national and international public opinion.

Psychological operations also attempt to reach thoughts, opinions, beliefs and emotions in order to influence behaviors, attitudes and affect national interests.

Potential psychological operation applications have led to the idea of the “noosphere”, a field in which dominance of ideas, instead of dominance over land or populations, would be predominant.

The implementation of psychological operations presumes a deep knowledge of theories of communication and information, psychology of individuals, their behaviors and cultures. Nobody can pretend to really understand the direct or indirect impacts of these operations today.

1.1.4.2. Electronic warfare

Electronic warfare priorities are denial of service (jamming, mimicry, physical attack), deception (that can be directed at automated systems or people) and exploitation (intercepting/listening, obtaining any information with operational value from the enemy’s use of his electronic systems).

The goal of electronic warfare is to control the electromagnetic spectrum.

The American doctrine25 defines electronic warfare as any military action using directed electromagnetic energy to control the electromagnetic spectrum or to attack the enemy. The three main sub-divisions of electronic warfare are:

– Electronic Attack (EA) aimed at attacking people, equipment and installations with the purpose of deteriorating, neutralizing and destroying enemy combat capabilities by jamming, electromagnetic deception, the use of lasers and particle beam weapons. Attacking communications can reach different objectives: access contents, detect and destroy system nodes, jam communications to disrupt the adversary, destroy the opponent’s equipment with the help of high power microwaves and send instructions instead of enemy commands (deception). Deception is one of the major tools of electronic attacks. Deceiving the enemy by manipulating his perception in such a way that the relevance of his judgment and his capability of acquiring targets are deteriorated. Physical destruction is another important facet of electronic attack. Destruction or neutralization by jamming sensors and opposite communications is called soft kill; physical destruction is qualified as hard kill;

– Electronic Protection (EP) includes systems design resistant to jamming by any kind of attack. Cryptography (also called Comsec — Communications Security) is an element of electronic warfare;

– the objective of Electronic Warfare Support (ES) is to search, intercept, identify and locate sources of electromagnetic energy in order to recognize immediate threats. Electronic support provides necessary intelligence and the identification of threats for efficient attack and protection. Electronic support includes Sigint (signals intelligence) which is made up of Comint (Communications Intelligence, a collection of enemy communications such as the contents of messages and traffic data) and Elint (Electronic Intelligence, which captures enemy radar signals and other non-communicating electromagnetic energy sources). Before attacking the communications of an enemy, their network of communications must be mapped out; this is the role of SIGINT that will consist of extracting information from signal masses and from network traffic. Reception equipment today is able to pick up almost all signals transmitted, locate transmitters with precision and feed databases with the signals collected. Data collected must be analyzed. We must especially be able to select the traffic because trying to collect, process and analyze everything is not reasonable.

Electronic weapon systems are made up of sensors (radars, infrared, and sonars), communication lines (transporting data from sensors to command and control (C2) centers) and output devices (lasers, jammers, EMP).

These systems are part of the composition of C2 networks which transmit and receive data, voice and images. Communications must be secure between army commanders and political leaders, for example, so that messages and orders are not corrupted, intercepted or blocked. There are many methods threatening this security: cryptanalysis, sabotage, subversion of personnel, robbery of material, deception, jamming (such as jamming signals transmitted from a plane to the missile it just launched), physical destruction of networks and communication equipment, interception of unsecured communications (particularly if the communication uses methods such as public or radio telecommunication networks which can be the subject of interception), intercepting orders and replacing them with others, or using voice morphing techniques to substitute commands.

With the help of this series of methods, the military develops attack and defense strategies, which are generally a mix of possibilities.

1.1.4.3. Military deception

“Deception” is a series of measures designed to “deceive the enemy by manipulating, deteriorating or falsifying evidence to trigger a reaction that is detrimental to his interests”26.

For the American military, deception is aimed at enemy decision-makers, by affecting their information collection and analysis process and with dissemination systems. This deception requires an in-depth knowledge of the enemy and his decision-making processes. Anticipation is one of the keys. Command must imagine the way in which they think the enemy would act at critical times in the battle. These desired actions become the objective of deception operations. Military deception focuses on the desired behavior, and not only on deceiving the mind. Camp B must get Camp A command to form an inappropriate opinion of the capabilities and intentions of the troops in camp B, so that they make decisions contrary to their interests. Military deception operations depend on intelligence operations to identify the correct targets of the deception. We must be able to create a credible story and evaluate the efficiency of the deception plan and, to have the best chance of success for such an operation, a very small number of people may need to be kept informed, to reduce the risk of an information leak. But this type of operation may also have a disruptive effect among our own camp27.

1.1.4.4. Operations security

Operations security (OPSEC) is a methodology intended to keep an adversary from accessing “critical” information involving his camp and allies, i.e. information necessary to correctly evaluate the capabilities and intentions of the target.

The concept of OPSEC can be analyzed in the light of the doctrine in the official document titled “Operations Security — Joint Publication 3-13.3”, from 29 June 2006, which modifies the previous text from 24 January 1997, referenced 3-5428.

This new doctrinal text establishes the rules that the American military must follow in their activities and operations. It is divided into three major chapters discussing general aspects (definitions, context), operation security processes and operation security planning, consecutively. Appendices help in the practical understanding of the illustrated concepts.

The proposed definition highlights the main characteristic of OPSECs being one of the information operations. It is a process that:

– identifies critical information in order to determine whether allied actions can be observed by enemy intelligence systems;

– determines if the information obtained by adversaries could be interpreted in such a way that would be useful to them;

– executes selected measures eliminating or reducing the possibility for the enemy to use critical allied information29.

Security programs protect classified information. OPSEC identifies, controls and protects generally non-classified information that is associated with, or can be linked to, sensitive operations or activities.

On our side, we have:

– classified information, protected by security programs;

– non-classified information but which can be linked to sensitive activities or operations, then qualified as “critical” and thus must be identified and protected by OPSEC;

– “indicators”, which are a class of information associated to an activity in a significant way;

– a military that is visible to the public and enemy intelligence, in times of peace, training, drills or operations. Non-classified information, when correlated with other non-classified information, can become classified or reveal a sensitive operation.

And in the enemy camp, we find information intelligence, acquisition and exploitation systems that we have to protect against.

The OPSEC process consists of five distinct actions:

– the identification of critical information, i.e. information that is crucial to the enemy, making it possible to categorize information to only protect what is qualified as “vital”;

– the analysis of threats via intelligence, counter-intelligence and open information research and analysis to identify probable enemies. We must find the answer to the following questions: who is the enemy? What goals does the enemy have? What actions could the enemy take? What information does the enemy already have? What intelligence capabilities does the enemy have?

– the analysis of vulnerabilities via the investigation of each aspect of a planned operation to identify OPSEC indicators that could reveal critical information. The objective of OPSEC is to reduce the vulnerability of American or coalition forces with regard to the exploitation of critical information by the enemy. OPSEC applies to all military activities during operations. The following questions must be answered: which indicators of critical information that is unknown by the enemy will be created by allied activities? Which indicators can the enemy collect? Which indicators will the enemy be able to use against allied forces?

– the evaluation of risk by the analysis of vulnerabilities identified in the previous phase, and identification of possible OPSEC measures for each vulnerability. Possible measures include secrecy, concealment, camouflage, deception, intentional diversion in relation to habits, and direct strikes against enemy intelligence systems. Technical measures (see Appendix C) consist of not giving operations information in unsecure email messages, preparing for CNAs, placing vital operational information on disk, using cryptography to protect voice, data and video communications, controlling radio communication transmissions, using systems with low probability of interception and secure phone lines. Finally, we need to monitor the possible interaction of OPSEC measures; measuring OPSEC may create an indicator (concealing equipment that was not protected before may reveal the preparation of military action);

– the application of appropriate OPSEC measures by command, who must determine if the gain in security exceeds cost in resources. Then, during their execution, the enemy’s reaction must be observed to determine its efficiency.

The range of the spectrum involved by OPSEC implies a large number of players: army commands, Defense Intelligence Agency (DIA), National Security Agency (NSA), the OPSEC interagency and different Department of Defense (DoD) agencies.

The major problem lies in how to delimit the moving perimeter of “critical information”. Information will become “critical” according to context; one piece of information that is ordinary today can become critical because of the emergence of new events. Yesterday’s ally can become today’s enemy for example. Information can be critical according to the context in which it is used, whether for counterterrorism, hostilities, military intervention or diplomatic negotiations. Anything that is the product of the armed forces could be perceived as potentially critical. This is revealed by the bans or restrictions on military personnel being able to freely express themselves through newsgroups, chatrooms or other discussion tools and information sharing.

Annex A from JP 3-13 draws the limits of this perimeter by listing examples of “critical” information; information involving military capacities, target selection, logistic capacities, intentions, active forces and reserves, and timing of operations.

1.1.4.5. Information assurance

This concept groups the measures that protect and defend information and information systems by ensuring their availability, their integrity, their capacity to be authenticated, their confidentiality and their non repudiation. These measures include the restoration of information systems by incorporating protection, detection and methods of reaction30.

For the military31, “information assurance” is an information operation that protects and defends information systems by ensuring their availability, integrity, authentication, confidentiality and non repudiation. This security presumes the restoration of information systems with the incorporation of methods of protection, detection and reaction.

Information assurance consists of the protection and defense of information and information systems against unauthorized access and modification of stored, processed and transmitted information, and against denial of service for authorized users. Information assurance also includes the measures necessary to detect, describe and counter such threats. Information assurance is made up of computer security and communications security, also called INFOSEC32.

“Communication security” (COMSEC) is protection resulting from all measures taken to ban access to valuable information for unauthorized people or mislead unauthorized people in their interpretation resulting from the possession and study of information33. Communication security includes security by cryptography, security of transmissions and physical security of communication and information methods.

1.1.4.6. Computer network attacks

Definitions are provided in the doctrinal text JP 3-13, pages I-9 to I-11, GL-4 to GL-10.

Document JP 3-13 from 1998 defines computer network attacks (CNA) as operations intended to disrupt, prohibit access to, deteriorate, destroy and steal information contained in computers, carried by computer networks, or targeting computers and networks. CNAs include all forms of attacks carried out against or by computers and computer networks.

The method of attack characterizing CNAs is data flow. An electronic attack such as the use of electromagnetic forces does not fall under the CNA category but is part of electronic attacks. For example, jamming a radar is an electronic attack, not a CNA. Propagating a computer virus is a CNA, not an electronic attack. There are many ways to develop such a computer attack: access to systems, controlling systems, destruction and distortion of data (through viruses, worms and Trojan horses), and data interception.

We also speak of cyberwar to describe these forms of aggression.

1.2. Information warfare in the 2000s

1.2.1. Dictionary of the Department of Defense

The dictionary of the US Department of Defense of 200134 uses the definition adopted by the 1998 JP 3-13 for information warfare: a methodology of information operations.

Information operations are the actions that can be taken to distort the information and information systems of the enemy, while protecting our own information and information systems. Information operations are implemented in times of peace, crisis or conflict. Those implemented only in times of crisis or conflict constitute information warfare.

In the 22 March 2007 version of the dictionary35 the expression “information warfare” practically disappeared. We find it only in the list of abbreviations and acronyms, such as AFIWC (Air Force Information Warfare Center), FIWC (Fleet Information Warfare Center), IW-D (Defensive Information Warfare), IWSC (Information Warfare Support Center), LIWA (Land Information Warfare Activity), NIWA (Naval Information Warfare Activity) and TWI (Office for Information Warfare Support — DIA/Defense Intelligence Agency).

1.2.2. US Air Force: AFDD 2-5 (2005) and AFPD 10-7 (2006)

On 11 January 2005, document AFDD 2-5 “Information Operations” was published36. There again, as in 1998, the Air Force document was published before the document from the JCS.

The first major point to note on reading this document is that the expression “information warfare” is no longer used. Only the concept of information operations is still present, and the idea of their implementation at any time: peace, war or when returning to peace. Can the time of peace/war distinction no longer be relevant?

The acquisition and maintenance of “superiority of information” are critical tasks for commands and vital elements for kinetic and non-kinetic effect-based operations. Superiority of information is the degree of dominance in the field of information providing allied forces with the possibility of collecting, controlling, using and defending information without efficient opposition.

Information operations, carried out by the military in times of peace, war and returning to peace, are now:

– influencing operations to amplify the effects of traditional military operations, as well as for influencing in a different way than by just using force. The goal is to affect the perceptions and behaviors of leaders, groups and whole populations. These operations are psychological operations (PSYOPS), military deceptions (MILDEC), operations security (OPSEC), counter-intelligence measures (i.e. protecting against espionage, sabotage and assassinations), counter-propaganda operations and public affairs operations;

– electronic warfare operations: attacking, defending, supporting. This is the planning, use and evaluation of military methods to obtain desired effects through the electromagnetic spectrum, to support operational objectives;

– network warfare operations: attack (NetA), defend (NetD) and support (NS). This is the planning, use and evaluation of military methods to obtain desired effects through analog and digital interconnected networks in the battle space. These operations group the series of actions previously called computer network attacks (CNA). It is a war carried out through networks: destroying, disrupting and usurping information and information systems, and protecting against these attacks).

Information operations are the integrated use of these three capabilities, in collaboration with “integrated control enablers” (ICEs), to influence, disrupt, corrupt and usurp the human and automated decision process of the enemy while protecting our own.

The doctrine no longer speaks of “information-in-warfare” but of “integrated control enablers” (ICEs). These ICEs are not information operations but group methods of acquisition and exploitation; information operations only group defense and attack methods. ICEs must provide all available information.

ICEs include Intelligence, Surveillance, Reconnaissance (ISR) systems, network operations (NetOps — grouping systems, network management and information security), predictive battlespace awareness (PBA), and precision navigation.

Even though we no longer speak of information-in-warfare, the characteristics of war in the information age are described, as more emphasis is now placed on influencing political and military leaders, as well as populations, to solve conflicts. Information technologies have increased the methods of directly influencing populations and their leaders. ICTs have distributed the process of collection, storage, dissemination and processing of information. The US Air Force must use this technology as a powerful lever to acquire superiority of information and to be able to operate the cycle of decision (OODA loop) quicker than the opponent. This is what is called “decision superiority”: being able to Observe, Orient, Decide and Act (the OODA loop) more quickly and efficiently than the enemy.

The AFPD 10-7(Air Force Policy Directive) document called “Information Operations”37 of 6 September 2006 proposes a conversion chart of terminologies used by the US Air Force and JCS in the 2006 doctrines, revealing compatibility of terms used in both approaches.

Table 1.1.Distinction between Integrated Control Enablers (ICE) and Information Operations (IO)

1.2.3. The doctrine of the Joint Chiefs of Staff committee: JP 3-13 (2006)

On 13 February 2006, JCS published the new version of the doctrinal document JP 3-13 called “Information Operations”38.

The text eliminates the expression “information warfare” from its vocabulary. It also abandons the expressions “offensive information operations” and “defensive information operations”.

The five fundamental operations of information operations are: 1) psychological operations; 2) military deception; 3) operations security; 4) electronic warfare; and 5) computer network operations (including the now traditional attack, exploitation and defense operations: Computer Network Exploitation (CNE) and Computer Network Defense (CND), CNA. Computer network attacks consist of paralyzing, interrupting, delaying and destroying information and/or information systems. Exploitation consists of the collection, monitoring and falsification of information. Defensive operations consist of protecting, detecting, restoring and responding.

To support these five basic methods, intelligence actions collect, analyze and provide information on the environment as well as on physical attacks, information assurance, counter-intelligence and physical security.

In the doctrine, the international dimension of operations is now taking a more significant place. Through lessons and experience learned in the past by the American military, the doctrine introduces terms such as “tribe”, “family”, “culture”, “religion” and “alliances”, absent from the 1998 version. Psychological, cultural and cognitive dimensions now occupy a central place.

Also of interest in this document is the representation of the information environment proposed by the military. Three different aspects, or dimensions, constitute the space in which the military must evolve and information operations must be carried out: a physical dimension, made up of command and control systems, infrastructures, networks and computers; an information dimension, where information is collected, processed, stored, broadcast, displayed and protected (the space of information content and flow); finally, a cognitive dimension which includes the thoughts of decision-makers and target audience: it is the space of perception, visualization, decision and thinking, and it is this dimension where battles and campaigns can be won or lost. Factors influencing the cognitive dimension are emotions, state of mind, experience, spatial awareness, public opinion, perceptions, media and rumors.

Annex B of JP 3-13 is extremely interesting because it proposes a table identifying the possible conflicts between the different actions of information operations. An attack by computer networks could be in conflict with a psychological operation if that attack prohibited the enemy from receiving the message addressed to him in the context of a psychological operation. Or a CNA type attack could be in conflict with a military deception operation when, by absence of coordination between the two, the result would be attacking the wrong target. Or when, by absence of coordination, a physical attack and a software attack are launched at the same time toward the same target. This would be wasting time and ammunition.

1.3. Other important concepts and reflections

The very lively debate that has developed in the United States in the last 20 years involving the military, security experts, academics and other institutional and industry players have made it possible to produce a series of reflections on conflicts in the informational sphere or in the information age.

In the rest of this first chapter, some of the major themes will be discussed to either clarify concepts previously mentioned, or to introduce new ones that will be useful in the rest of the book.

1.3.1. Cyberspace and superiority of information

In a very general way, cyberspace is made up of computers, communication systems, networks, satellites, communication infrastructures and transport systems using information in its digital form ( in cars, trains, airplanes, elevators, etc.), sound, voice, text and image data that circulates and is processed, systems that can be controlled remotely via a network, all control systems operating energy supplies, digital watches, video cameras, robots, as well as weapons, missiles, GPS systems, all technologies and communication tools (Wi-Fi, laser, modems, satellites, local networks, cell phones, fiber optic, computers, storage supports, fixed or mobile equipment, etc.).

This world of interconnections and interdependence, where information circulates from one medium to another and is processed, duplicated and stored, where tools communicate, where information technology becomes ubiquitous, constitutes the world of information, the information environment and cyberspace.

This environment, however, is reserved for a small group of the global population: those who can afford to pay for it. The distinction between those who can and those who cannot is fundamental because it divides the world in two. The digital divide progressively diminishes in very wealthy and developing countries where access to information technologies is increasingly possible. But it persists in the gaps between wealthy and poor countries. The wealthiest countries on the planet are largely the beneficiaries of cyberspace.

The idea is mainly to acquire control of this sphere, an operation defined by the expression “info-dominance”, because this control would be one of the major assets directing or deciding the outcome of crises, battles or conflicts. We often incorrectly present info-dominance as the ultimate goal of the great war powers (mainly the United States actually), thus confusing methods and objectives. Even though the fight for domination of the information sphere transforms information into a target, into a new, possibly virtual, front line to attack and defend, info-dominance still remains a method at the service of higher objectives: victory and political objectives. Info-dominance must not be an end in itself, but a step, a transition, an object of conquest, in times of peace or war, which once captured can contribute to paving the way to success.

The advantage of having information about an opponent is called “superiority of information”. Superiority of information makes it possible to:

– obtain and process the best information;

– use this information more efficiently;

– see first, understand first, act first.

Superiority of information presumes:

– a capacity to collect, process and broadcast an uninterrupted data flow;

– being in a proactive situation. Being permanently in a state of reaction to operations carried out by the enemy prohibits information dominance.

The objective of superiority of information is to:

– affect the perceptions, attitudes, decisions and actions of the enemy;

– exploit capabilities by preventing the enemy from doing the same, as much as possible.

Superiority of information is characterized by:

– the central role that command must play, that must be able to direct operations, efficiently mobilizing methods, information systems and procedures. Information systems are a decision support tool;

– the series of methods that must be implemented: human, material and organizational methods;

– speed. Decisions must be taken quickly. Superiority of information confers the capacity of deciding and acting faster than the adversary. The objective is to lead the opponent at a pace at which he can no longer follow, that is detrimental to him, in order to keep him from being proactive. But the speed must not be detrimental to our own operations. Speed and obsession with “real time” are traps or illusions that command systems must be careful not to get into;

– the ephemera of the position of superiority. Nothing is definitive. The enemy also wants to have superiority of information. The situation permanently evolves; superiority is therefore transitory. Constant efforts must be made to retain this position;

– losing superiority of information means losing the initiative. From being proactive, we become reactive;

– aiming at the right objectives to acquire it:

- the enemy. We must understand his actions, prevent his access to, and exploitation of, his enemy’s information, influence his perception, actions, his leaders, deteriorate and destroy his decision processes;

- non-combatants. We must influence them so that they support our camp and offer no resistance;

- our own camp. We must protect our own decision processes, information, information systems and provide correct information to commands.

To reach superiority of information we must act on ISR (intelligence — surveillance — reconnaissance), on information management (IM) and on information operations (IO). When the effects produced by ISR, IO and IM synchronization are greater than those of the enemy, superiority of information is then acquired.

In a situation of superiority of information, perception is close to reality. For the enemy, perception is different from reality.

The American military formalized the concept of superiority of information through their doctrines:

– in July 1996, the Joint Vision 2010 (JV 2010)39