Cyber-enabled information operations: The battlefield ... · Cyber-enabled information operations:...

© 2018 IHS. No portion of this report may be reproduced, reused, or otherwise distributed in any form without prior written consent, with the exception of any internal client distribution as may be permitted in the license agreement between client and

IHS. Content reproduced or redistributed with IHS permission must display IHS legal notices and attributions of authorship. The

information contained herein is from sources considered reliable but its accuracy and completeness are not warranted, nor are

the opinions and analyses which are based upon it, and to the extent permitted by law, IHS shall not be liable for any errors or

omissions or any loss, damage or expense incurred by reliance on information or any statement contained herein.

of 8

Cyber-enabled information operations: The battlefield threat without a face

[Content preview – Subscribe to Jane’s Defence Weekly for full article]

Information operations are entering a new dimension of cyber-enabled influence, which can

be used to shape the battlespace at both the tactical and strategic levels, as David Reynolds

reports

New technology in the cyber-influence domain is developing fast and presenting new challenges to

NATO, with Russia in particular embracing cyber-enabled information operations (CyIO). From

Ukraine to Syria and the Baltic states, the Russian army has exploited computer science in support

of its messaging campaign to project Moscow’s military power and further President Vladimir Putin’s

political aims. For more than a decade NATO’s military ‘main effort’ was directed towards insurgency

campaigns in Iraq and Afghanistan, but now the alliance and its member nations are focused on

cyber defence and its development.

Special operations units from across NATO pictured during an electronic warfare exercise in Lithuania. (Bob Morrison/DPL)

1717424

The first shots of the next major war are likely to be fired in cyberspace, delivering ‘effects’ in relation

to influence and perception that commanders may not be prepared for. Russia used cyber tactics

extensively in Ukraine, mastering this new asymmetric tool to manipulate its target audience before

using physical force. This influence can help change an adversary’s decision-making process and,

in doing so, deliver military success.






of 8

Thus, while CyIO does not fit the definition of warfare by Prussian general and theorist Carl von

Clausewitz as “an act of force to compel our enemy to do our will”, it does, meanwhile, conform to

his theory that war “is merely the continuation of policy by other means”. With its connotations of

soft power – such as propaganda, persuasion, culture, social forces, confusion, and deception –

CyIO additionally conforms to the belief of ancient Chinese military strategist Sun Tzu that the

“supreme art of war is to subdue the enemy without fighting”.

A fundamental function of information missions has been to undermine an adversary at all levels of

leadership and to influence its decision making. Conventional military operations have historically

used ‘influence’ to message intent and reinforce political objectives. One example of information

operations occurred during the non-combatant evacuation operation by the United Kingdom in Sierra

Leone in 2000, known as Operation ‘Palliser’, in which an amphibious assault was mounted to send

a message of potential intent to the rebel group West Side Boys, who had threatened violence.

Another example is the successful multinational coalition deception mission that accompanied

Operation ‘Eagle’s Summit’ in Afghanistan in 2008, when turbine components were moved to the

Kajaki dam across 300 miles of open desert in total secrecy: a mission that also highlighted the use

of direct community engagement as part of a wider information operation plan. During this mission

the coalition deployed speakers known as ‘sound commanders’ that played the noise of an Apache

attack helicopter and B-1B bomber during gaps in air cover to give the impression that the air

operation was constant.

These operations relied on a limited use of technology due to their remote environments, but if social

media had been available to the extent it is in more developed environments, operational security

would have been a greater challenge.

[Continued in full version…]

The Russian threat

Embracing the fact that information – and for that matter disinformation – is power, Moscow has

invested heavily in cyber operations to support Russia’s political power base and boost its global

influence. In February 2017 Russian Defence Minister Sergei Shoigu openly acknowledged, for the

first time, the formation of an information brigade within the Russian armed forces, saying,

“Information operations forces have been established that are expected to be a far more effective

tool than all we used before for counter-propaganda purposes.”

During the past decade Putin has directed the resurgence of Russia’s armed forces to support his

foreign policy goals and the notion of Russia as a resurgent great power. As well as hardware

projects for land, aviation, and naval warfare his plan has included more electronic listening stations

across Asia and the Middle East, airborne electronic warfare (EW) platforms, a fleet of surveillance

ships, and a new Russian footprint in the Arctic that includes facilities such as Arktichesky Trilistnik

military base. The intelligence garnered by such assets is collated by Moscow at a complex run by

the Federal Security Service (Federal’naya Sluzhba Bezopasnosti: FSB). It also manages cyber

propaganda and disinformation campaigns within Russia.






of 8

The Arktichesky Trilistnik [Arctic Trefoil] military base on Alexandra Land Island, part of the Franz Josef Land archipelago. The base forms part of Russia’s expanding footprint in the Arctic. (Russian MoD)

1717427

Russia’s capability to deploy CyIO has been observed in Ukraine, where Moscow tested its CyIO

capability across the country. In one example of a denial-of-service attack in December 2016, the

lights went out in Kiev as Russian cyber teams closed down a power station for several hours. The

cyber attack was not isolated and, in fact, during the past couple of years Moscow has mounted a

blitzkrieg of network assaults to undermine morale among the civilian community and discredit the

ability of the military and government in Kiev to stop such attacks. In an official statement Ukraine’s

President Petro Poroshenko said there had been 6,500 cyber attacks in a two-month period before

the end of December 2017. These extensive cyber attacks have been witnessed by British troops,

who are deployed in the western region of Ukraine to train government troops as part of Operation

‘Orbital’ and have experienced constant, albeit unsuccessful, attempts to attack their own systems.


NATO’s approach to cyber

The United States, the United Kingdom, and many NATO nations delayed their cyber development

in early 2000, mainly due to the fact that the alliance’s forces were fighting two major insurgencies

in Iraq and Afghanistan where cyber operations were not a priority. Ironically, just four years before

the first coalition troops arrived at Bagram Air Base in December 2001, NATO and the United

Kingdom were pioneering EW capabilities that could ‘close down’ enemy communications and

effectively stop a battlegroup from operating properly.

Called ‘fire-and-forget’ jammers, these small boxes, the size of an external hard drive, were

designed to be dropped across the battlefield by special forces and, once activated, transmitted a

frequency that ‘blocked’ all other communications and lasted for as long as the device’s battery life.






of 8

During the late 1990s the United Kingdom focused on EW development and 3 (UK) Division took part in a trial of a so-called ‘fire-and-forget’ jammer produced by Racal. The aim was for these small battery-powered units to be inserted onto the battlefield where, once activated, they would ‘freeze’ communication channels for as long as their batteries lasted. (Mike Hamilton/DPL)

1717430

In Afghanistan CyIO was not a priority, with defence scientists instead focusing on improving body

armour and vehicle protection systems against improvised explosive devices (IEDs). Afghan

insurgents did not have sophisticated information operation tools and, when mounting influence

operations that required direct communication with the indigenous population, the multinational force

delivered its message via newspapers and wind-up radios. As the NATO mission in Afghanistan

came to an end in 2014, however, Russia had already occupied Crimea and within months the

importance of CyIO was made clear.

Cyber defence is today at the centre of NATO’s core task of wider collective security and in

November 2017 NATO Secretary General Jens Stoltenberg announced that the alliance will

establish a new cyber operations centre and integrate cyber operations into all NATO functions. “We

have seen a Russia that has over many years invested heavily in their military capabilities,

modernised their military capabilities,” he said. “The cyber operations centre will be part of NATO’s

enhanced command structure and will be launched alongside a new maritime Atlantic command

and a new logistics command.”

Across the alliance many nations have formed dedicated specialist cyber units. In the United States

the Army Cyber Command (ARCYBER) has been established at Fort Gordon in Georgia with the

aim of developing responses to the persistent threat. The centre, which includes air force and navy

personnel, directs and conducts integrated EW exercises and provides training for information and

cyberspace operators. Estonia, Latvia, and Lithuania, as well as Poland and Romania, have been

developing cyber capabilities, while in the United Kingdom the Joint Forces Cyber Group (JFCyG)

is forming up and will operate alongside the National Cyber Security Centre (NCSC), which is part






of 8

of the Government Communications Headquarters (GCHQ). The NCSC is tasked with protecting

government systems and providing advisory guidance to businesses across the country. At the

same time the United Kingdom will form an Information Division to deliver ‘soft effects’, which will

include 77 Brigade: the British Army’s digital influence formation. This division, scaled at a reduced

manning level compared with a fighting formation, will be formed later this year.

So far this year the Baltic states have remained the focal point of NATO’s current influence attention,

with resources spread across the region in what has become a ‘surveillance and listening’

deployment in which Moscow and NATO are observing and trying to influence each other. The move

into the Baltics followed Russia’s intervention in Crimea and increased military activity on the Baltic

border, which raised concerns over the prospect of a second incursion by Putin’s forces.

Norwegian special operations personnel using a secure laptop during ISTAR training as part of Exercise ‘Iron Wolf 2017’ in Lithuania, which is one of many ongoing exercises as part of the NATO eFP deployment. (Bob Morrison/DPL)

1717423

In 2016 NATO agreed to deploy forces across the former Soviet territories of Estonia, Latvia, and

Lithuania, as well as Poland and Romania, for the first time. The mission, known as the enhanced

Forward Presence (eFP), is described as a ‘reinforcement of security’ of the Baltic states and

comprises four multinational battlegroups. Tension in the region has been simmering since 2007,

when a Second World War memorial was relocated within Estonia, angering the Kremlin because it

said the memorial was not in a prominent-enough location. The FSB consequently mounted a series

of denial-of-service cyber attacks that hit government systems and banks, demonstrating Moscow’s

ability to close down Estonia’s economy and sending a clear threat to the political administration.

There remains a constant fear and concern in Estonia, and among its neighbours, of Russia’s future

intent.






of 8

A British commander using secure communications during training with Estonian forces as part of the current eFP deployment. Allegations have regularly surfaced about Russian attempts to intercept NATO communications. (Bob Morrison/DPL)

1717425

NATO forces deployed in the Baltics have defended their networks against numerous attacks, which

suggests that Russian capabilities may not be as refined as they are perceived to be. However,

restrictions have been placed on the use of mobile phones and the four multinational battlegroups

constantly change crypto passwords. During a routine exercise at the Adazi training area in Latvia,

Lieutenant Colonel Wade Rutland, commanding officer of the Canadian-led NATO eFP battlegroup,

told Jane’s during an interview in November 2017 that his troops were very aware of the threat. “We

are aware there is a hybrid threat that has different facets, one of which is cyber,” he said. “We do

have the means to protect our networks, but we do not do offensive cyber here within the

battlegroup, although we do have specialists that ensure our networks are protected and not

breached.”

NATO has not provoked conflict, but has shadowed Russian activity and deployed air power and

naval resources in a high-profile display of military support for the Baltics. Armoured battlegroup

exercises have routinely been filmed and broadcast to influence Moscow.

Most recently UK Defence Secretary Gavin Williamson identified the growth in Russian cyber

operations in December 2017 when he accused Moscow of trying to damage British interests with

Twitter trolls. His concerns came as Air Chief Marshal Sir Stuart Peach, the UK chief of defence

staff, warned that Russian submarines have developed the technology to intercept the vital

underwater communications cables that link European internet and phone networks. Speaking at

the Royal United Services Institute in late December 2017, ACM Peach said that Russia was one of

a number of alarming new threats facing Britain and called for the United Kingdom to modernise its

defences.






of 8


The cyber players

China, Iran, North Korea, and Pakistan all have ‘active cyber capabilities’ and the use of influence

operations by an increasing number of cyber players is changing the shape of political diplomacy in

the 21st century. During the past year the world watched as US President Donald Trump used social

media to insult North Korean leader Kim Jong-un while the US fleet sat off the Korean coast,

eavesdropping on North Korea’s military.

Meanwhile, North Korea has for many years focused on its cyber development with a military force

of 6,000 cyber operators directed by the Reconnaissance General Bureau: North Korea’s equivalent

of the US Central Intelligence Agency. In 2014 North Korea was blamed for a major network attack

on Sony Pictures in a move to block the release of a film that ridiculed Kim Jong-un, although little

evidence was revealed publicly.

China is also a strong player in the cyber domain. The country has an established computer science

industry and is alleged to have a dedicated espionage force, which reportedly mounted a cyber

attack on the US government in Washington in 1999 after the Chinese Embassy was inadvertently

targeted during a bombing raid over Belgrade during the Kosovo conflict. In 2001 Chinese hackers

claimed to have hacked a US government network within the White House after a Chinese J-8 fighter

collided with a US EP-3E ARIES II signals intelligence aircraft off Hainan Island. The Chinese have

also been credited with a network attack against the US DoD in 2013 in which it was claimed that

China stole US military designs, including those for the V-22 Osprey, Black Hawk helicopter, and

the navy’s new Littoral Combat Ship.


Cyber ‘operational readiness’

While the nations across NATO are forming specialist cyber units and centres, questions have been

raised about the ‘operational readiness’ of these units. In 2017 the US Senate Committee on Armed

Services (subcommittee on cyber security), in receiving testimony from expert witnesses on cyber-

enabled information operations and threats heard that during the past three years Russia has

conducted the most successful influence campaign in history, using the internet and, more

importantly, social media.






of 8

A US Marine electronic warfare team. The US military has directed defence scientists towards the development of battlefield countermeasures to ensure it can defend against cyber-enabled information operations. (Andrew Chun/DPL)

1717431

Giving evidence, Michael Lumpkin, a retired special operations officer and the former acting

undersecretary of defence, highlighted his concerns about the development of information

operations, saying, “While the means and methods of communication have transformed significantly

over the past decade, much of the US government thinking on shaping and responding in the

information environment has remained unchanged, to include how we manage US government

information dissemination and how we respond to the information of our adversaries. We are

hamstrung for a myriad of reasons, to include: lack of accountability and oversight; bureaucracy

resulting in insufficient levels of resourcing; and inability to absorb cutting‐ edge information and

analytic tools, and access to highly skilled personnel.”


For the full version and more content:

For advertising solutions visit Jane’s Advertising

Jane's Defence Industry and Markets Intelligence Centre

This analysis is taken from Jane’s Defence Industry & Markets Intelligence Centre, which provides

world-leading analysis of commercial, industrial and technological defence developments, budget

and programme forecasts, and insight into new and emerging defence markets around the world.

Jane’s defence industry and markets news and analysis is also available within Jane’s Defence

Weekly. To learn more and to subscribe to Jane’s Defence Weekly online, offline or print visit

http://magazines.ihs.com/

https://ihs.uberflip.com/aerospace-defence-security

http://www.ihs.com/jdim

http://magazines.ihs.com/

Cyber-enabled information operations: The battlefield ... · Cyber-enabled information operations:...

Documents

Transcript of Cyber-enabled information operations: The battlefield ... · Cyber-enabled information operations:...