cyber-enabled information operations: the battlefield ... · cyber-enabled information operations:...
TRANSCRIPT
© 2018 IHS. No portion of this report may be reproduced, reused, or otherwise distributed in any form without prior written consent, with the exception of any internal client distribution as may be permitted in the license agreement between client and
IHS. Content reproduced or redistributed with IHS permission must display IHS legal notices and attributions of authorship. The
information contained herein is from sources considered reliable but its accuracy and completeness are not warranted, nor are
the opinions and analyses which are based upon it, and to the extent permitted by law, IHS shall not be liable for any errors or
omissions or any loss, damage or expense incurred by reliance on information or any statement contained herein.
Page 1 of 8
Cyber-enabled information operations: The battlefield threat without a face
[Content preview – Subscribe to Jane’s Defence Weekly for full article]
Information operations are entering a new dimension of cyber-enabled influence, which can
be used to shape the battlespace at both the tactical and strategic levels, as David Reynolds
reports
New technology in the cyber-influence domain is developing fast and presenting new challenges to
NATO, with Russia in particular embracing cyber-enabled information operations (CyIO). From
Ukraine to Syria and the Baltic states, the Russian army has exploited computer science in support
of its messaging campaign to project Moscow’s military power and further President Vladimir Putin’s
political aims. For more than a decade NATO’s military ‘main effort’ was directed towards insurgency
campaigns in Iraq and Afghanistan, but now the alliance and its member nations are focused on
cyber defence and its development.
Special operations units from across NATO pictured during an electronic warfare exercise in Lithuania. (Bob Morrison/DPL)
1717424
The first shots of the next major war are likely to be fired in cyberspace, delivering ‘effects’ in relation
to influence and perception that commanders may not be prepared for. Russia used cyber tactics
extensively in Ukraine, mastering this new asymmetric tool to manipulate its target audience before
using physical force. This influence can help change an adversary’s decision-making process and,
in doing so, deliver military success.
© 2018 IHS. No portion of this report may be reproduced, reused, or otherwise distributed in any form without prior written consent, with the exception of any internal client distribution as may be permitted in the license agreement between client and
IHS. Content reproduced or redistributed with IHS permission must display IHS legal notices and attributions of authorship. The
information contained herein is from sources considered reliable but its accuracy and completeness are not warranted, nor are
the opinions and analyses which are based upon it, and to the extent permitted by law, IHS shall not be liable for any errors or
omissions or any loss, damage or expense incurred by reliance on information or any statement contained herein.
Page 2 of 8
Thus, while CyIO does not fit the definition of warfare by Prussian general and theorist Carl von
Clausewitz as “an act of force to compel our enemy to do our will”, it does, meanwhile, conform to
his theory that war “is merely the continuation of policy by other means”. With its connotations of
soft power – such as propaganda, persuasion, culture, social forces, confusion, and deception –
CyIO additionally conforms to the belief of ancient Chinese military strategist Sun Tzu that the
“supreme art of war is to subdue the enemy without fighting”.
A fundamental function of information missions has been to undermine an adversary at all levels of
leadership and to influence its decision making. Conventional military operations have historically
used ‘influence’ to message intent and reinforce political objectives. One example of information
operations occurred during the non-combatant evacuation operation by the United Kingdom in Sierra
Leone in 2000, known as Operation ‘Palliser’, in which an amphibious assault was mounted to send
a message of potential intent to the rebel group West Side Boys, who had threatened violence.
Another example is the successful multinational coalition deception mission that accompanied
Operation ‘Eagle’s Summit’ in Afghanistan in 2008, when turbine components were moved to the
Kajaki dam across 300 miles of open desert in total secrecy: a mission that also highlighted the use
of direct community engagement as part of a wider information operation plan. During this mission
the coalition deployed speakers known as ‘sound commanders’ that played the noise of an Apache
attack helicopter and B-1B bomber during gaps in air cover to give the impression that the air
operation was constant.
These operations relied on a limited use of technology due to their remote environments, but if social
media had been available to the extent it is in more developed environments, operational security
would have been a greater challenge.
[Continued in full version…]
The Russian threat
Embracing the fact that information – and for that matter disinformation – is power, Moscow has
invested heavily in cyber operations to support Russia’s political power base and boost its global
influence. In February 2017 Russian Defence Minister Sergei Shoigu openly acknowledged, for the
first time, the formation of an information brigade within the Russian armed forces, saying,
“Information operations forces have been established that are expected to be a far more effective
tool than all we used before for counter-propaganda purposes.”
During the past decade Putin has directed the resurgence of Russia’s armed forces to support his
foreign policy goals and the notion of Russia as a resurgent great power. As well as hardware
projects for land, aviation, and naval warfare his plan has included more electronic listening stations
across Asia and the Middle East, airborne electronic warfare (EW) platforms, a fleet of surveillance
ships, and a new Russian footprint in the Arctic that includes facilities such as Arktichesky Trilistnik
military base. The intelligence garnered by such assets is collated by Moscow at a complex run by
the Federal Security Service (Federal’naya Sluzhba Bezopasnosti: FSB). It also manages cyber
propaganda and disinformation campaigns within Russia.
© 2018 IHS. No portion of this report may be reproduced, reused, or otherwise distributed in any form without prior written consent, with the exception of any internal client distribution as may be permitted in the license agreement between client and
IHS. Content reproduced or redistributed with IHS permission must display IHS legal notices and attributions of authorship. The
information contained herein is from sources considered reliable but its accuracy and completeness are not warranted, nor are
the opinions and analyses which are based upon it, and to the extent permitted by law, IHS shall not be liable for any errors or
omissions or any loss, damage or expense incurred by reliance on information or any statement contained herein.
Page 3 of 8
The Arktichesky Trilistnik [Arctic Trefoil] military base on Alexandra Land Island, part of the Franz Josef Land archipelago. The base forms part of Russia’s expanding footprint in the Arctic. (Russian MoD)
1717427
Russia’s capability to deploy CyIO has been observed in Ukraine, where Moscow tested its CyIO
capability across the country. In one example of a denial-of-service attack in December 2016, the
lights went out in Kiev as Russian cyber teams closed down a power station for several hours. The
cyber attack was not isolated and, in fact, during the past couple of years Moscow has mounted a
blitzkrieg of network assaults to undermine morale among the civilian community and discredit the
ability of the military and government in Kiev to stop such attacks. In an official statement Ukraine’s
President Petro Poroshenko said there had been 6,500 cyber attacks in a two-month period before
the end of December 2017. These extensive cyber attacks have been witnessed by British troops,
who are deployed in the western region of Ukraine to train government troops as part of Operation
‘Orbital’ and have experienced constant, albeit unsuccessful, attempts to attack their own systems.
[Continued in full version…]
NATO’s approach to cyber
The United States, the United Kingdom, and many NATO nations delayed their cyber development
in early 2000, mainly due to the fact that the alliance’s forces were fighting two major insurgencies
in Iraq and Afghanistan where cyber operations were not a priority. Ironically, just four years before
the first coalition troops arrived at Bagram Air Base in December 2001, NATO and the United
Kingdom were pioneering EW capabilities that could ‘close down’ enemy communications and
effectively stop a battlegroup from operating properly.
Called ‘fire-and-forget’ jammers, these small boxes, the size of an external hard drive, were
designed to be dropped across the battlefield by special forces and, once activated, transmitted a
frequency that ‘blocked’ all other communications and lasted for as long as the device’s battery life.
© 2018 IHS. No portion of this report may be reproduced, reused, or otherwise distributed in any form without prior written consent, with the exception of any internal client distribution as may be permitted in the license agreement between client and
IHS. Content reproduced or redistributed with IHS permission must display IHS legal notices and attributions of authorship. The
information contained herein is from sources considered reliable but its accuracy and completeness are not warranted, nor are
the opinions and analyses which are based upon it, and to the extent permitted by law, IHS shall not be liable for any errors or
omissions or any loss, damage or expense incurred by reliance on information or any statement contained herein.
Page 4 of 8
During the late 1990s the United Kingdom focused on EW development and 3 (UK) Division took part in a trial of a so-called ‘fire-and-forget’ jammer produced by Racal. The aim was for these small battery-powered units to be inserted onto the battlefield where, once activated, they would ‘freeze’ communication channels for as long as their batteries lasted. (Mike Hamilton/DPL)
1717430
In Afghanistan CyIO was not a priority, with defence scientists instead focusing on improving body
armour and vehicle protection systems against improvised explosive devices (IEDs). Afghan
insurgents did not have sophisticated information operation tools and, when mounting influence
operations that required direct communication with the indigenous population, the multinational force
delivered its message via newspapers and wind-up radios. As the NATO mission in Afghanistan
came to an end in 2014, however, Russia had already occupied Crimea and within months the
importance of CyIO was made clear.
Cyber defence is today at the centre of NATO’s core task of wider collective security and in
November 2017 NATO Secretary General Jens Stoltenberg announced that the alliance will
establish a new cyber operations centre and integrate cyber operations into all NATO functions. “We
have seen a Russia that has over many years invested heavily in their military capabilities,
modernised their military capabilities,” he said. “The cyber operations centre will be part of NATO’s
enhanced command structure and will be launched alongside a new maritime Atlantic command
and a new logistics command.”
Across the alliance many nations have formed dedicated specialist cyber units. In the United States
the Army Cyber Command (ARCYBER) has been established at Fort Gordon in Georgia with the
aim of developing responses to the persistent threat. The centre, which includes air force and navy
personnel, directs and conducts integrated EW exercises and provides training for information and
cyberspace operators. Estonia, Latvia, and Lithuania, as well as Poland and Romania, have been
developing cyber capabilities, while in the United Kingdom the Joint Forces Cyber Group (JFCyG)
is forming up and will operate alongside the National Cyber Security Centre (NCSC), which is part
© 2018 IHS. No portion of this report may be reproduced, reused, or otherwise distributed in any form without prior written consent, with the exception of any internal client distribution as may be permitted in the license agreement between client and
IHS. Content reproduced or redistributed with IHS permission must display IHS legal notices and attributions of authorship. The
information contained herein is from sources considered reliable but its accuracy and completeness are not warranted, nor are
the opinions and analyses which are based upon it, and to the extent permitted by law, IHS shall not be liable for any errors or
omissions or any loss, damage or expense incurred by reliance on information or any statement contained herein.
Page 5 of 8
of the Government Communications Headquarters (GCHQ). The NCSC is tasked with protecting
government systems and providing advisory guidance to businesses across the country. At the
same time the United Kingdom will form an Information Division to deliver ‘soft effects’, which will
include 77 Brigade: the British Army’s digital influence formation. This division, scaled at a reduced
manning level compared with a fighting formation, will be formed later this year.
So far this year the Baltic states have remained the focal point of NATO’s current influence attention,
with resources spread across the region in what has become a ‘surveillance and listening’
deployment in which Moscow and NATO are observing and trying to influence each other. The move
into the Baltics followed Russia’s intervention in Crimea and increased military activity on the Baltic
border, which raised concerns over the prospect of a second incursion by Putin’s forces.
Norwegian special operations personnel using a secure laptop during ISTAR training as part of Exercise ‘Iron Wolf 2017’ in Lithuania, which is one of many ongoing exercises as part of the NATO eFP deployment. (Bob Morrison/DPL)
1717423
In 2016 NATO agreed to deploy forces across the former Soviet territories of Estonia, Latvia, and
Lithuania, as well as Poland and Romania, for the first time. The mission, known as the enhanced
Forward Presence (eFP), is described as a ‘reinforcement of security’ of the Baltic states and
comprises four multinational battlegroups. Tension in the region has been simmering since 2007,
when a Second World War memorial was relocated within Estonia, angering the Kremlin because it
said the memorial was not in a prominent-enough location. The FSB consequently mounted a series
of denial-of-service cyber attacks that hit government systems and banks, demonstrating Moscow’s
ability to close down Estonia’s economy and sending a clear threat to the political administration.
There remains a constant fear and concern in Estonia, and among its neighbours, of Russia’s future
intent.
© 2018 IHS. No portion of this report may be reproduced, reused, or otherwise distributed in any form without prior written consent, with the exception of any internal client distribution as may be permitted in the license agreement between client and
IHS. Content reproduced or redistributed with IHS permission must display IHS legal notices and attributions of authorship. The
information contained herein is from sources considered reliable but its accuracy and completeness are not warranted, nor are
the opinions and analyses which are based upon it, and to the extent permitted by law, IHS shall not be liable for any errors or
omissions or any loss, damage or expense incurred by reliance on information or any statement contained herein.
Page 6 of 8
A British commander using secure communications during training with Estonian forces as part of the current eFP deployment. Allegations have regularly surfaced about Russian attempts to intercept NATO communications. (Bob Morrison/DPL)
1717425
NATO forces deployed in the Baltics have defended their networks against numerous attacks, which
suggests that Russian capabilities may not be as refined as they are perceived to be. However,
restrictions have been placed on the use of mobile phones and the four multinational battlegroups
constantly change crypto passwords. During a routine exercise at the Adazi training area in Latvia,
Lieutenant Colonel Wade Rutland, commanding officer of the Canadian-led NATO eFP battlegroup,
told Jane’s during an interview in November 2017 that his troops were very aware of the threat. “We
are aware there is a hybrid threat that has different facets, one of which is cyber,” he said. “We do
have the means to protect our networks, but we do not do offensive cyber here within the
battlegroup, although we do have specialists that ensure our networks are protected and not
breached.”
NATO has not provoked conflict, but has shadowed Russian activity and deployed air power and
naval resources in a high-profile display of military support for the Baltics. Armoured battlegroup
exercises have routinely been filmed and broadcast to influence Moscow.
Most recently UK Defence Secretary Gavin Williamson identified the growth in Russian cyber
operations in December 2017 when he accused Moscow of trying to damage British interests with
Twitter trolls. His concerns came as Air Chief Marshal Sir Stuart Peach, the UK chief of defence
staff, warned that Russian submarines have developed the technology to intercept the vital
underwater communications cables that link European internet and phone networks. Speaking at
the Royal United Services Institute in late December 2017, ACM Peach said that Russia was one of
a number of alarming new threats facing Britain and called for the United Kingdom to modernise its
defences.
© 2018 IHS. No portion of this report may be reproduced, reused, or otherwise distributed in any form without prior written consent, with the exception of any internal client distribution as may be permitted in the license agreement between client and
IHS. Content reproduced or redistributed with IHS permission must display IHS legal notices and attributions of authorship. The
information contained herein is from sources considered reliable but its accuracy and completeness are not warranted, nor are
the opinions and analyses which are based upon it, and to the extent permitted by law, IHS shall not be liable for any errors or
omissions or any loss, damage or expense incurred by reliance on information or any statement contained herein.
Page 7 of 8
[Continued in full version…]
The cyber players
China, Iran, North Korea, and Pakistan all have ‘active cyber capabilities’ and the use of influence
operations by an increasing number of cyber players is changing the shape of political diplomacy in
the 21st century. During the past year the world watched as US President Donald Trump used social
media to insult North Korean leader Kim Jong-un while the US fleet sat off the Korean coast,
eavesdropping on North Korea’s military.
Meanwhile, North Korea has for many years focused on its cyber development with a military force
of 6,000 cyber operators directed by the Reconnaissance General Bureau: North Korea’s equivalent
of the US Central Intelligence Agency. In 2014 North Korea was blamed for a major network attack
on Sony Pictures in a move to block the release of a film that ridiculed Kim Jong-un, although little
evidence was revealed publicly.
China is also a strong player in the cyber domain. The country has an established computer science
industry and is alleged to have a dedicated espionage force, which reportedly mounted a cyber
attack on the US government in Washington in 1999 after the Chinese Embassy was inadvertently
targeted during a bombing raid over Belgrade during the Kosovo conflict. In 2001 Chinese hackers
claimed to have hacked a US government network within the White House after a Chinese J-8 fighter
collided with a US EP-3E ARIES II signals intelligence aircraft off Hainan Island. The Chinese have
also been credited with a network attack against the US DoD in 2013 in which it was claimed that
China stole US military designs, including those for the V-22 Osprey, Black Hawk helicopter, and
the navy’s new Littoral Combat Ship.
[Continued in full version…]
Cyber ‘operational readiness’
While the nations across NATO are forming specialist cyber units and centres, questions have been
raised about the ‘operational readiness’ of these units. In 2017 the US Senate Committee on Armed
Services (subcommittee on cyber security), in receiving testimony from expert witnesses on cyber-
enabled information operations and threats heard that during the past three years Russia has
conducted the most successful influence campaign in history, using the internet and, more
importantly, social media.
© 2018 IHS. No portion of this report may be reproduced, reused, or otherwise distributed in any form without prior written consent, with the exception of any internal client distribution as may be permitted in the license agreement between client and
IHS. Content reproduced or redistributed with IHS permission must display IHS legal notices and attributions of authorship. The
information contained herein is from sources considered reliable but its accuracy and completeness are not warranted, nor are
the opinions and analyses which are based upon it, and to the extent permitted by law, IHS shall not be liable for any errors or
omissions or any loss, damage or expense incurred by reliance on information or any statement contained herein.
Page 8 of 8
A US Marine electronic warfare team. The US military has directed defence scientists towards the development of battlefield countermeasures to ensure it can defend against cyber-enabled information operations. (Andrew Chun/DPL)
1717431
Giving evidence, Michael Lumpkin, a retired special operations officer and the former acting
undersecretary of defence, highlighted his concerns about the development of information
operations, saying, “While the means and methods of communication have transformed significantly
over the past decade, much of the US government thinking on shaping and responding in the
information environment has remained unchanged, to include how we manage US government
information dissemination and how we respond to the information of our adversaries. We are
hamstrung for a myriad of reasons, to include: lack of accountability and oversight; bureaucracy
resulting in insufficient levels of resourcing; and inability to absorb cutting‐ edge information and
analytic tools, and access to highly skilled personnel.”
[Continued in full version…]
For the full version and more content:
For advertising solutions visit Jane’s Advertising
Jane's Defence Industry and Markets Intelligence Centre
This analysis is taken from Jane’s Defence Industry & Markets Intelligence Centre, which provides
world-leading analysis of commercial, industrial and technological defence developments, budget
and programme forecasts, and insight into new and emerging defence markets around the world.
Jane’s defence industry and markets news and analysis is also available within Jane’s Defence
Weekly. To learn more and to subscribe to Jane’s Defence Weekly online, offline or print visit
http://magazines.ihs.com/