The U.S. Army recently updated the Information Operations Primer, which provides an overview of U.S. Department of Defense Information Operations (IO) doctrine and organizations at the joint and individual service levels.
Information Operations are the integration of capabilities involving information and information systems in order to gain a military advantage. This concept is similar to Joint Operations, which are the integration of service capabilities or Combined Operations, which are the integration of two or more forces or agencies of two or more allies. The integration envisioned within the IOs, however, is not mere deconfliction, but the synchronization of activities leading to action, and in turn, achieving desired effects that are significantly greater than the sum of the individual components.
Recognizing the importance of operations in cyberspace, the last IO update addresses the evolving nature of cyberspace, specifically focusing on its influence on, and implications for, all instruments of national power.
Below we report a few excerpts from the IO Primer, discussing interesting themes on Cyber Defence in the military domain.
As cyberspace becomes a contested global common, will this require new definitions for war and deterrence? No consensus answer to this question has emerged yet. There is no internationally accepted definition of when hostile actions in cyberspace are recognized as attacks, let alone acts of war.
Current U.S. military doctrine is developing along philosophical lines that distinguish between the warfighter role of cyberattack and the intelligence role of cyberexpolitation. Terminology to describe cyberspace operations in general, as well as specific concepts of attack, defense, and the electromagnetic spectrum, still varies among Services. Completion of the new Joint Publication 3-12, "Cyberspace Operations" and USSTRATCOM's Cyberspace Joint Operating Concept should enhance unity of effort.
Developing cyberspace deterrence is a complex and challenging task still in its infancy. Traditional Cold War deterrence experience should be studied, but its model of assured retaliation may have limited application in cyberspace, given the capabilities of nonstate actors as well as the possibility of cyberattacks originating from co-opted servers in neutral countries.
In July 2011, the U.S. DoD Strategy for Operating in Cyberspace was publically released as "the first DoD unified strategy for cyberspace and officially encapsulates a new way forward for DoD's military, intelligence and business operations." Such strategy is built upon five strategic initiatives:
- Treat cyberspace as an operational domain to organize, train, and equip so that DoD can take full advantage of cyberspace's potential.
- Employ new defense operating concepts to protect DoD networks and systems.
- Partner with other U.S. government departments and agencies and the private sector to enable a whole-of-government cybersecurity strategy.
- Build robust relationships with U.S. allies and international partners to strengthen collective cybersecurity.
- Leverage the nation's ingenuity through an exceptional cyber workforce and rapid technological innovation.
These initiatives mesh well with the tenets of the June 2010 NATO Policy on Cyber Defence, which "provides a solid foundation from which Allies can take work forward on cyber security" emphasizing prevention, resilience, and non-duplication. The Cyber Defence Programme includes a NATO Computer Incident Response Capability (NCIRC) planned to be fully operational in 2012.
References: U.S. Army (1)