Library

Volume 4, Number 3, November 2001

Information Operationshow Meaningful Is Io Doctrine?

    Abstract

    It has been claimed that, for the most part, meaningful IO doctrine is non-existent. This paper explores that claim focusing on US IO doctrine. First, internal issues relating to doctrine architecture are examined. Possible uses of IO contained in the doctrine are broad, but can be viewed as going some way to incorporate the potential of IO into the relatively static environment of doctrine. Doctrinal IO components include a variety of activities that influence the information domain, and these too are generalised enough to accommodate development in IO. However, staff structures and processes on which current US IO doctrine is based are ill-suited to IO. In addition, the doctrine fails to adequately deal with vulnerabilities derived from connectivity between the DII and deployed force networks, and an over-emphasis on the role of IT in IO introduces weaknesses into IO doctrine. Secondly, external issues are addressed. Legal problems associated with the conduct of IO compromise the meaningfulness of IO doctrine, as do problems encountered when conducting IO in multinational environments. Also, the lack of adequate national IO policy adversely affects both the conduct of IO and the ability to protect military IO vulnerabilities. Overall, although current US IO doctrine contains much that is useful, the points of weakness are fundamental and do indeed significantly degrade the overall meaningfulness of IO doctrine as it stands today.

    Introduction

    At the beginning of the Twenty First Century it seems safe to say that IO is not simply the latest military fad, but rather is a concept that has come of age at one of those crossroads of history where intent and capability coincide. Information has always been an essential element in military victories and defeats, but only in the Information Age have we acquired the capabilities to better harness the potential benefits and minimise the potential risks of using information as a weapon to influence the mind and decision-making ability of an opponent.

    The process by which the concept of IO is embraced by military forces is, of course, the development of military doctrine?the set of fundamental principles that a military force uses to guide actions in support of national objectives. Military IO doctrine seeks to take the principles of IO and translate them into guidelines for the conduct of IO.

    In a paper assessing the effectiveness of IW in Kosovo, Frederic H. Levien comments that: “Much of the most exciting technology of IW is still in its infancy and, for the most part, meaningful doctrine is non-existent.” [1] A thought-provoking assertion. The aim of this paper is to assess just how meaningful current IO doctrine is by examining a number of issues pertinent to the on-going development of military IO. These issues will be classified as either internal or external, with internal issues being those directly related to IO doctrine architecture, while external issues are matters which affect how meaningful IO doctrine is in practice.

    Before proceeding, the scope of the paper should be defined. Although many states have developed or are developing IO doctrine, the United States military has led the way in both doctrine development and implementation. For that reason it is US IO doctrine that is the focus of this paper. [2]

    Internal Issues

    IO Uses and Components

    In US doctrinal terms, IO are a tool a commander can use to dominate the information environment and thereby influence an adversary’s decision making and ability to act. Together with information management, and supporting activities such as Civil Military Affairs, Public Affairs and intelligence, IO are conducted to achieve the overarching goal of information superiority (IS), defined as:

    “The ability to collect, process, and disseminate an uninterrupted flow of information while exploiting or denying an adversary’s ability to do the same. It is a window of opportunity created by focused efforts that allows the actions or beliefs of the adversary commander to be influenced in support of decisive operations.” [3]

    US doctrine allows for the use of IO across the range of military operations?from military operations other than war (MOOTW) through to conflict and war?and across the spectrum of conflict?from peace, through escalation and conflict, to cessation of conflict. Doctrine also accommodates the use of IO at all levels of war, from strategic, through operational, to tactical. Further, offensive IO (IO-O) may be conducted as a stand-alone operation, as the main effort of an operation, as a supporting effort (force multiplier) within a conventional campaign, or as a phase of an operation. [4]

    Is this meaningful, or is the doctrine simply having a bet all possible ways? The answer to this question brings us back to IO theorist Martin Libicki’s analogy of a blind man and an elephant?the blind man may think he is touching many quite separate and different animals when in fact all parts belong to one large whole. [5] IO encompasses age-old pursuits such as psychological operations and deception, more recent activities such as command and control warfare (C2W), and quite recent activity of cyberwarfare. It has many different parts and many possible uses, and the beast is still evolving. Military doctrine lags behind evolutionary trends and, once formulated, is slow to change. So, the broad descriptions of how doctrine envisions IO being used in a military environment could be viewed as an attempt to incorporate the potential of IO into the relatively static environment of doctrine.

    Can the same be said for the activities doctrine groups under the IO umbrella? Within US doctrine, IO-O activities include PSYOPS, EW, deception, destruction, OPSEC and computer network attack. Activities included in defensive IO (IO-D) doctrine are EW, physical security, counterdeception, counterpropaganda, counterintelligence and OPSEC. Is this list meaningful? Yes, because what all these components have in common is that they can be used to influence the information domain. Doctrine acknowledges that not all IO components will be used at all levels of war and in some operations some components will predominate. Doctrine also states that the list is not exhaustive?other activities may be added to IO as required. Is this just a catch-all phrase to cover all future bases? Probably. Is it meaningless? Probably not. It is doubtful whether anyone can really see clearly into the future to know what form IO may take even five years from now, so it makes sense for doctrine to acknowledge that activities that would be used within an IO campaign are not set in stone.

    There is of course the danger that if the doctrine is too broad and all encompassing in the way it deals with uses of IO and IO components then it will lose meaning. On the other hand, the level of flexibility current IO doctrine exhibits in this regard can be a strength as long as commanders bear in mind the principles and aims of IO, and as long as there is adequate coordination of whatever means are used to conduct IO within whatever environment, type of operation, or level of war.

    Staff Structures and Processes

    By contrast, staff structures and planning processes embodied in IO doctrine are firmly stuck in the here and now. US IO doctrine relies mainly on existing staff structures and is superimposed on familiar methods and processes, such as the Joint Operation Planning and Execution System and the Military Decision Making Process. However, the consensus in the IO literature is that IO will require changes to the structure of headquarters staff, and to military forces in general, because networked organisations are better equipped to deal with warfare in the information age than the existing hierarchical organisational structures of most armed forces today. Indeed, the Division Advanced Warfighting Experiment in 1997 concluded that the current continental staff system organisation should be replaced by battle staffs organised around three info-age core functions: situational awareness, synchronisation, and systems administration, built on a battlefield operating system foundation. [6] Such developments are yet to be incorporated into doctrine.

    Because US doctrine superimposes IO onto orthodox military planning doctrine, headquarters staff face some unique problems in terms of planning, synchronisation, and combat assessment. Some of these difficulties already existed, for example when OPSEC and deception are conducted within the same military operation. Others are derived from the fact that some IO components, such as physical destruction, have traditionally been used to achieve conventional military aims. However, many are new. For example, combat assessment processes are better suited to assessing damage caused by a cruise missile than to determining the effect of a virus inserted into an opponent’s computer network.

    US Army IO doctrine attempts to solve such problems through a variety of means, but with limited success since the underlying problems of staff structures and processes remain unresolved. One doctrinal solution is the provision of timely and accurate intelligence. This is a tall order, since intelligence itself is based on structures and processes designed to serve the needs of conventional military operations. New sources and types of threats in an IO environment present new challenges. Even identifying threats will be difficult and intelligence analysts will need to be capable of analysing increasingly technical data. At the same time, there is the danger of becoming overly reliant on technical collection sources. Another problem was encountered by the US force in Bosnia, in that “analysts were trained for hard targeting based on analysis supporting military courses of action, they were not as well prepared for ‘softer’ analysis of political issues, treaty compliance, civil unrest, vigilante activities, election support, refugee movements, and faction and population intentions.” [7] In addition, with the proliferation of information available in the Information Age, intelligence analysts must avoid being ruled by information and instead develop ways of effectively filtering and analysing information. Otherwise traditional intelligence processes may fail to “keep up” with the IO activities of a less hierarchical and more networked adversary. Even the experience of the Gulf War showed that traditional intelligence cannot always keep up with the pace of operations under conditions of information superiority. Finally, as boundaries between military and civilian sources of threats are increasingly crossed, traditional areas of overlap between various national intelligence agencies will become more blurred, perhaps resulting in reactive rather than predictive intelligence.

    Doctrine also attempts to solve planning and synchronisation problems through close coordination between intelligence and other staff, and through use of staff aids in the form of a variety of matrices to deconflict activities. However, this very plethora of staff processes and aids gives rise to another problem?the need to accommodate the increase in operational tempo engendered by the application of modern information technology to the battlefield. The implications of this trend are not reflected in US IO doctrine, except for an acknowledgement that orthodox planning methods such as lengthy intelligence estimates and staff deliberations will not be effective given information age operational tempos. Instead, there will be a requirement for “pre-planned IO branches and sequels, derived by a series of “if, then” staff excursions”. [8]

    The fact that current US IO doctrine is based on existing staff structures and processes does not appear to have degraded the effectiveness of IO on recent operations, for example in Kosovo in 1999. However, not only was the IO conducted on these operations limited in scope, the operations themselves were conducted against adversaries far less advanced in IO, in terms of capabilities, doctrine, or organisation. Should the US attempt to conduct IO against an adversary with well developed IO doctrine and capabilities, even if that opponent is technologically inferior, then current doctrinal IO staff structures and processes could be expected to prove too cumbersome. IO doctrine that is not based on staff structures and processes tailored to IO will quickly lose meaning. The one bright point on the horizon is that finding solutions to problems related to staff structures and processes may actually be precipitated by the fact that such problems will gradually affect all military operations as the battlefield become increasingly digitised and we move towards network-centric warfare. Whatever the case, suitable staff structures and processes are essential to successful IO. As Arquilla and Ronfeldt point out:

    “What distinguishes the victors is their grasp of information?not only from the mundane standpoint of knowing how to find the enemy while keeping it in the dark, but also in doctrinal and organizational terms.” [9]

    Dii and Defensive IO

    Although the importance of defensive IO seems to be better appreciated in military circles these days, there is one area of IO-D which is not adequately dealt with in IO doctrine, namely IO attacks on the DII (Defence Information Infrastructure). Current US doctrine treats this problem as an internal security threat only. JP 3-13 states that “while domestic [IO] threats may be a counterintelligence issue, they are handled via law enforcement channels in accordance with intelligence oversight regulations” [10]. More specifically, “intentional information systems incidents or intrusions should be reported to military criminal investigators and counterintelligence agents to coordinate appropriate action”. [11] However, this response is not adequate because connectivity between deployed forces and the DII, combined with the hierarchical nature of military decision-making processes, mean that attacks on the DII would place a deployed joint commander in the position of having to tolerate vulnerabilities originating from IO attack against which that commander would have neither a mandate nor a capability to defend.

    That the problem exists is probably a result of a number of issues. For one, there is a certain amount of unease in the doctrine over the expansion of the battlespace by IO weapons and the lack of “fixed boundaries in the information environment”. [12] It may also be that the flow-on effects of IO attack on the DII is too immense a problem to contemplate, or too improbable?Winn Schwartau’s picture of the mayhem wreaked on the US economy by a couple of disaffected computer hackers may seem fanciful to some, but this is perhaps simply because it has not yet been experienced. In addition, commanders may be unconvinced of the power of offensive IO, because there is a tendency to understate the risks involved in situations of which one has no experience, and therefore to fail to adequately protect oneself against them. But protect against them military forces must, because a Liddell Hart-type indirect approach using IO techniques is arguably the most insidious threat a military force could face?a sort of Archilles Heel of IO-D. Meaningful IO doctrine should better reflect the need to protect this vulnerability.

    Role of Information Technology

    While some writers seem to equate IO with information technology (IT). Others, like Arquilla and Ronfeldt take a more balanced approach: “IW is not so much about tactical measures to disrupt an opponent’s hardware, as it is about the use of information to impose ones will upon an adversary—often via cyberspace, but more often by traditional means (for example, public diplomacy, propaganda, psychological operations, and perception management).” [13]

    Is this approach reflected in US IO doctrine? JP 3-13 states that “human decision making processes are the ultimate target for offensive IO” [14], and that IO are used to “affect the information-based process, whether human or automated”.[15] Joint doctrine also states that “the personnel who make decisions and handle the transmitted information constitute a critical component of the GII [Global Information Infrastructure]”[16], and that “information environment protection applies to any information medium or form, including […] human”.[17] Similarly, US Army IO doctrine states at the outset that IO is used to influence the actions and beliefs of an enemy commander. [18] In discussing the implications of connectivity with the GII, FM 100-6 warns of adversaries’ use of the GII to adversely influence public opinion or troop morale.

    However, although JP 3-13 acknowledges the IO end state of influencing minds and decision-making, this focus tends to get lost in the chapters dealing with IO-O and IO-D, where discussion focuses on adversary IT vulnerabilities to be exploited and friendly IT vulnerabilities to be protected. The situation as regards US Army IO doctrine is somewhat better. The components of IO are the same in joint and Army doctrine, but the FM 100-6 actually discusses in some detail how each, from IT-oriented physical destruction and electronic warfare to perception-oriented PSYOPS and deception, plays a role in offensive and defensive IO. Overall, then, the more conceptual content of JP 3-13 manifests a greater IT-orientation than the more practical, nuts and bolts content of FM 100-6.

    Why has US IO doctrine, at the joint level at least, become so IT-oriented? There are at least two possible reasons for this: first, in technologically advanced armed forces such as in the US, IT is central to decision-making processes and to the information domain; and secondly, US offensive IO doctrine has grown out of both US capabilities and analysis of US IO vulnerabilities, both of which are IT-oriented. For US forces, IT dominates the means to conducting IO and protecting against IO attack to the extent that it is all to easy to forget that IT is the means to an end, and not the end itself.

    The tendency of US IO joint doctrine to emphasise IT introduces at least two risks to the successful conduct of IO. First, understanding of IO could become too narrow in scope. This could result in a failure to make full use of IO opportunities. It could also result in a failure to protect all IO vulnerabilities if an adversary were technologically inferior. Arquilla and Ronfeldt report that: “Both the Russians and the Chinese are focusing on information-based concepts of strategy, doctrine, and organization?putting these at least on a par with technology, while avoiding a single-minded intent on it. In this regard, Americans may have much to learn from both the Russians and the Chinese?about concepts of non-linearity, about military networks, and about notions that the more technologically advanced an opponent is, the more he may be vulnerable to disruptive attack.” [19] Secondly, there is a risk that an imbalance could be created or reinforced between IT as a means to the conduct of IO and as an end in itself. After all, there is no point attacking an adversary’s IT if it does not yield some sort of advantage. Thus, IO doctrine will lack meaning if efforts are not made to find the balance between IT as the means and information dominance as the ends of IO.

    External Issues

    Legality

    The legal problems associated with IO have been well documented. Most derive from the sheer breadth and depth of connectivity between all spheres of IT-advanced societies. This level of connectivity blurs distinctions between combatants and non-combatants, between military and civilian targets, between jurisdictional boundaries, and even between peace and conflict.

    IO raises legal problems at almost every turn. For example, if an IO attacker is a non-combatant individual or group, then military force is not appropriate?remedy must be sought through the judiciary, rather than through the panoply of agreements that come into play when belligerents are states. On the other hand, where criminals carry out hostile acts as surrogates for belligerent states they may well lose their non-combatant status. [20] There is also the question of whether electronic IO attack constitutes an armed attack warranting a military response in terms of Article 51 of the United Nations Charter, or whether it should stay in the Article 41 category of lesser coercive measures, which do not warrant military retaliation. However, there is growing recognition of the fact that war is transforming and that definitions of “armed attack” should be challenged. [21]

    What is obvious to most observers is that IO targeting and methods of attack are problematic. The Law of Armed Conflict allows the employment of only those means or method of warfare that can effectively discriminate between military personnel and civilian noncombatants. [22] However, the level of interconnections between military and civilian computer networks and the dependence of the military on civilian electronic infrastructures often render IO attacks, whether hard or soft, not only indiscriminate, but potentially devastating militarily, politically, or economically. This point is reflected not only in recent attempts to have IO weapons declared weapons of mass destruction, but also in reports that during the 1999 NATO campaign in Kosovo, military hackers reportedly had the capability to hack into Yugoslav President Slobodan Milosevic’s bank accounts or into the Serbian financial system, but “plans were shelved for fear of committing war crimes”. [23]

    This last legal problem is particularly pertinent to the following element of US joint IO doctrine:

    “IO target information or information systems in order to affect the information-based process, whether human or automated. Such information dependent processes range from NCA-[National Command Authorities-]level decision making to the automated control of key commercial infrastructures such as land- and space-based telecommunications and electric power.” [24]

    To compound the problem, US joint doctrine also states:

    “Offensive IO may be conducted in a variety of situations and circumstances across the range of military operations and may have their greatest impact in peace and in the initial stages of a crisis.” [25]

    Indeed, the very distinction between IO and IW, where IW is IO conducted in times of crisis, implies that IO may be conducted in time of peace. US IO doctrine implies that targeting of civilian infrastructure is not only legitimate, but that such targeting in times of peace or in the initial stages of a crisis is legitimate IO practice too. One could argue that not all IO activities involve the “threat of force” in a conventional sense and therefore their use in time of peace could be legal. However, as mentioned above some “non-force” IO activities may actually be found to fit the definition of “attack” by virtue of their consequences or cumulative effect. [26]

    Questions of the legality of the conduct of IO are acknowledged in US IO doctrine [27], but that is all. Doctrine is meaningless if there are legal impediments to implementation, as was experienced during the 1999 Kosovo crisis when legal problems limited the scope and effectiveness of the IO campaign. Thus, for doctrine to have substance there is a need to develop a legal framework for the conduct of IO. As an external issue affecting the meaningfulness of IO doctrine, solving legal problems requires a collaborative approach. Charles Dunlap writes that the “velocity of this metamorphosis [into the Information Age] threatens to overcomes the law’s ability to accommodate change unless we engage in immediate, forward looking thinking.”[28]

    IO Deterrence

    Related to the issue of legal problems is the matter of IO deterrence. According to US joint IO doctrine, “the initial IO goal is maintaining peace, defusing crisis, and deterring conflict.” [29] and “IO may have their greatest impact as a deterrent in peace and during the initial stages of crisis”. [30] Deterrence is, then, an important element of IO doctrine, but how meaningful is it to give IO a deterrent role?

    There are many issues which would erode the credibility of IO deterrence. For example, there may be problems identifying an adversary. If an adversary is not a state, but is rather an individual or group, then there may be legal impediments to IO response to an attack, meaning deterrence would fail to be credible. Even worse, if an adversary could not be identified at all, or of an IO response were deemed illegal, then deterrence would not even get off the ground.

    Setting aside for the moment questions of legality, there is also the problem of the mutually destructive effects of IO. For example, the US may be reluctant to unleash IO attack for fear of a mutually destructive reprisal. There is some suggestion that this was the case during the Kosovo campaign with regard to computer network attack. [31] If a potential adversary is aware of this reluctance, then deterrence based on the threat of IO attack would fail. Looked at from another angle, Russia’s “declaratory strategic policy seeks to deter information attack by threatening the possibility of Russian nuclear retaliation”. [32] Again, reluctance to invite that manner of possible response could erode the credibility of IO deterrence. IO as a deterrent could turn into a stalemate at best or a game of brinkmanship at worst. Either way, while it may be admirable that US doctrine should advocate IO deterrence, its feasibility is doubtful.

    Catering for IO in a Multinational Environment

    One of the main limitations on the conduct of IO in Bosnia was the need to operate within a coalition environment, because coalition IO doctrine was essentially non-existent for UN, NATO and other IFOR member states. [33] The NATO IO campaign in Kosovo was hampered by similar problems. At that time initial NATO IO policy documents existed, but NATO IO doctrine still did not. Consequently, “it was extremely difficult for the US to attempt a concerted IO effort against Yugoslavia within the framework of the NATO alliance”. [34]

    Conduct of IO in a multi-national environment not only creates difficulties in planning, conduct and coordination, it also creates vulnerabilities for the force as a whole, as points of difficulty became weaknesses that could be exploited by an adversary. IO vulnerabilities are also introduced into a multinational environment due to high levels of electronic connections and ever greater reliance on information and information systems among increasingly digitised forces.

    The April 1999 ABCA Quadripartite Advisory Publication Information Operations (IO QAP) sums up the need for a comprehensive approach to IO in a coalition environment as follows:

    “Multinational IO is a particular vulnerability. It can include expanded HQs, staffs, liaison structures, the proliferation of national communications, electronic interference and a range of differing perceptions to the conflict and practices for handling the media, rules of engagement (ROE) and other key issues. While all these issues must be addressed separately, they must also be part of the overarching IO plan in order to protect the integrity of the MJTF [multinational joint task force], and ensure coherent use of IO measures to support the Commander’s intent.” [35]

    Since the Bosnia conflict, multinational military groupings have begun to develop coalition IO policy and doctrine, largely based on US doctrine. For example, NATO has published MC 348 (C2W) and MC 422 (IO), and the ABCA armies have issued the draft IO QAP. While these developments go some way to addressing problems coalition operations bring to the conduct of IO, it can be expected that the issue will still raise important concerns in the future as coalitions rarely consist of neat groupings such as NATO and ABCA. Thus, the lack of meaningful IO doctrine in coalition environments can be expected to be a concern for some time to come. In the meantime, although the US can take the IO initiative in multinational forces and conduct an IO campaign, either on its own or with like-minded allies such as Britain, the problem will continue to limit the scope and success of coalition IO.

    National IO Policy

    US joint IO doctrine recognises that effective IO requires national policy direction and interagency cooperation, but it does not address the issue of the problems that a joint force commander may face in conducting IO without the fulfillment of those requirements. In Kosovo the absence of US national IO policy limited the ability of the US force element to realise the full potential of IO, “because much of a national IO campaign must take place in the interagency environment, outside of a regional commander in chief’s span of control”. [36] It should also be noted, however, that IO campaigns are as subject to political micro-management and hidden agendas as conventional military operations. So, even if national IO policy were extant, IO may be still be limited by politics. For example, after the 1999 Kosovo crisis General Wesley Clark is reported to have criticised US strategy, saying that more could have been done to electronically isolate Yugoslavian President, Slobodan Milosevic and avoiding the need to conduct a bombing campaign. [37] On this point Steve Tomoana asserts: “the [IO] capability was there but the will to use it effectively was not”. [38]

    Not only can the lack of adequate IO national policy affect offensive IO, it also has important implications for defensive IO. Many IO theorists warn of the vulnerability of the military to IO attack through interconnections between the DII, the NII (National Information Infrastructure), and the GII.[39] Such vulnerability is compounded by hierarchical decision-making processes. JP 3-13 acknowledges that “although much of DOD information flows depends on commercial infrastructure, in many cases the protection of these infrastructures falls outside the authority and responsibility of the Department of Defense.” [40] Furthermore, “the authority to implement this level of protection for the NII has yet to be assigned to any USG department or agency”. [41] JP 3-13 advocates a collaborative approach to the problem, but one is strongly reminded of Winn Schwartau’s 1994 discussion of IW as a national security issue lacking, but desperately needing, a focused and coordinated national solution.

    Conclusion

    Many of the issues that affect the value of current IO doctrine relate to the fact that it attempts to accommodate IO into traditional military operations doctrine, when in fact IO represents a paradigm shift in warfare with some quite different doctrinal imperatives. For example, existing staff structure and processes struggle to cope with the expanded battlespace, volume of information, and increased tempo of military operations in the Information Age, let alone of IO now and in the future.

    Other issues reflect the need to come to grips with the implications of advances in IT. Too much emphasis on IT threatens to narrow the focus of IO. This may prove more dangerous in the future as the technological gap between US forces and potential adversaries increases?US vulnerabilities could be expected to increase and there may be a failure to adequately tailor IO-O to a technologically inferior adversary.

    The vulnerabilities introduced through increased connectivity between information systems and networks vertically and horizontally has not yet been adequately addressed, in terms of both US national policy and IO doctrine. While this is the case, IO doctrine tends to assume freedom of action which may be all too easily denied. The immensity of the IO-D problem needs to be acknowledged at all levels from strategic to tactical, and within various force structures from joint to multinational, if the two-edged sword characteristic of IO is not to become imbalanced in favour of potential adversaries.

    The best IO doctrine in the world is of little value if legal problems constrain IO practice, and it is pointless to laud the benefits of IO in deterring or avoiding conflict if legal requirements and other problems pull the activity’s teeth. Likewise, given the reality of the increasingly multinational characteristic of military operations, sound individual IO doctrine cannot fully compensate for a lack of coherent coalition IO doctrine.

    An expectation that mature IO doctrine could evolve overnight is unrealistic. Doctrine as it exists today represents merely the beginning. In terms of is use in recent operations, it has been meaningful enough to produce successful IO campaigns, but this is probably in no small part due to the absolute IO advantage the US currently enjoys. So, is meaningful IO doctrine for the most part non-existent as Levien claims? Almost, because even though much of the current US IO doctrine is useful, the points of weakness, such as unsuitable staff structures and processes and a lack of legal framework to support IO in practice, are fundamental. Needless to say, IO doctrine development must continue to be a work in progress.

    References

    [1] F. Levien, “Kosovo: An IW Report Card”, in Journal of Electronic Defense, Vol. 22(8), August 1999, at http://www.jedonline.com.jed/html/new/aug99/policy.html, p. 5.

    [2] US joint IO doctrine is contained in Joint Publication 3-13 (Joint Doctrine for Information Operations), published 9 October 1998. JP 3-13 “provides the overarching operational guidance for information operations (IO) in the joint context (to include information warfare) throughout the range of military operations”.(p.i) US Army IO doctrine was first published in August 1996 as Field Manual FM 100-6 Information Operations. Since then, the initial draft of an extensively revised FM 100-6 has been published on 30 April 1999. This 1999 draft is the version referred to in this paper.

    [3] JP 3-13, pp. I-10 to I-11. See also FM 100-6, p. 1-1.

    [4] JP 3-13, pp. VI-1 to VI-2 and FM 100-6, pp. 2-3 and 3-6.

    [5] M. Libicki, What is Information Warfare?, INSS, Washington, 1996.

    [6] S. Garrett, “Evolving Information-Age Battle Staffs”, Military Review, http://www-gsc.army.mil/milrev/English/MarApr98/ garrett.htm, pp. 2-3, Mar/Apr 1998.

    [7] L. Wentz, “Coalition Information Operations: The IFOR Experience” in Alan D. Campen and Douglas H. Dearth (eds.), Cyberwar 2.0: Myths, Mysteries and Reality, AFCEA International Press, Virginia, pp. 211, 1998.

    [8] FM 100-6, p. 2-1.

    [9] J. Arquilla and D. Ronfeldt, “Cyberwar is Coming!”, in G. Stocker and C. Schoepf (eds.), Info War, Springer, p. 24, 1998.

    [10] JP 3-13, p. III-6.

    [11] JP 3-13, p. III-10. The DOD has formed the Joint Task Force Computer Network Defense, based at the Defense Information Systems Agency. Its role is to specifically defend DOD C2 information systems from outside attack from any source.

    [12] JP 3-13, p. I-13.

    [13] J. Arquilla and D. Ronfeldt, “A New Epoch and Spectrum of Conflict”, in J. Arquilla and D. Ronfeldt (eds), In Athena’s Camp: Preparing for Conflict in the Information Age, RAND, p. 14, 1997.

    [14] JP 13-13, p. II-1.

    [15] JP 3-13, p. I-11.

    [16] JP 3-13, p. I-14.

    [17] JP 3-13, p. I-14.

    [18] FM 100-6, p. 1-1.

    [19] Arquilla and Ronfeldt, “A New Epoch and Spectrum of Conflict”, op cit, p. 13.

    [20] See A. Campen, “Outsourcing Command and Control”, in A. Campen and D. Dearth (eds.), Cyberwar 2.0: Myths, Mysteries and Reality, AFCEA International Press, Virginia, p. 248, 1998. This point has particular implications for military dependency on civilian contractors for IT support. Should specialists providing support to an operation be captured, then “they are entitled to treatment as prisoners of war …[but] if they took action against a party’s armed forces, they risk being characterized as unlawful combatants, lose immunity … and can be tried and punished for the same things for which a uniformed combatant would be immune.” (C. Dunlap Jr., “The Law of Cyberwar: A Case Study from the Future” in, A. Campen and D. Dearth (eds.): Cyberwar 2.0: Myths, Mysteries and Reality, AFCEA International Press, Virginia, p. 248, 1998) Thus, civilian experts involved in hostile acts may well require protection in the form of endowing them “with military status [that] would support recognition as lawful combatants under international law.” (Dunlap, op cit, p. 144)

    [21] For example, Dunlap notes that if armed attack relates to intensity of coercion imposed, then damage caused by electronic means may be of sufficient scale and scope to equate with “armed attack”. (Dunlap, op cit, p. 142.). Jacobson explores: war as acts of non-physical, non-lethal, force to compel and enemy to do our will (M. Jacobson, “War in the Information Age: International law, Self-Defense, and the Problem of ‘Non-Armed’ Attacks” in Journal of Strategic Studies, Vol. 21, No.3, pp. 3 and 11, September 1998); electronic attacks as precursors to a larger scale conventional attack and therefore be attacks in themselves. (Jacobson, op cit, p. 8); and Nadelstichtaktik – the idea that a series of electronic attacks, while comparatively insignificant in isolation, may add up to a significant attack warranting a proportionate response. (Jacobson, op cit, p. 13.)

    [22] See Dunlap, op cit, for discussion on this point.

    [23] See Major S. Tomoana, IO and the Kosovo Conflict, unpublished paper, p. 6, dated September 2000.

    [24] JP 3-13, p. I-11.

    [25] JP 3-13, p. viii.

    [26] The legal implications of IO use against civilian targets and in peacetime is discussed at length by W. Church, “Developing an Information Operations Treaty”, Infowar.com Ltd, http://www.infowar.com/info_ops/info_ops030399a_j.shtml.

    [27] See JP 3-13, pp. I-12 to I-13 and II-13.

    [28] Dunlap, op cit, p. 139.

    [29] JP 3-13, p. II-7.

    [30] JP 3-13, p. I-3.

    [31] Tomoana, op cit, p. 7. Major Tomoana reports that IO analysts such as M. Libicki and J. Arquilla believe that NATO hackers refrained from disrupting Serbian computer networks to avoid attracting retaliatory attacks on US computer networks.

    [32] Arquilla and Ronfeldt, “A New Epoch and Spectrum of Conflict”, op cit, pp. 13-14.

    [33] Some insights into problems encountered by the US force conducting IO within a multi-national framework are discussed by Wentz, op cit, pp. 205-222.

    [34] LTC Z. Hubbard, “Information Warfare in Kosovo”, Journal of Electronic Defense, p. 58, November 1999.

    [35] ABCA Quadripartite Advisory Publication Information Operation, p. 1, April 1999.

    [36] Hubbard, op cit, p. 58.

    [37] Tomoana, op cit, p. 4.

    [38] Ibid. This may be true, but one should not lose sight of the fact that at the end of the day, IO, like war, is merely an extension of politics and as such is ultimately subject to political direction. Any military operation, whether IO or otherwise, will be subject to limitations imposed by politics.

    [39] See for example W. Schwartau, Information Warfare: Chaos on the Information Superhighway, Thunder’s Mouth press, 1994; B. Berkowitz, “Warfare in the Information Age” in J. Arquilla and D. Ronfeldt (eds), In Athena’s Camp: Preparing for Conflict in the Information Age, RAND, pp175-189, 1997; and D. Dearth, “Deception, Human Factors and Information Operations”, in A. Campen and D. Dearth (eds.), Cyberwar 2.0: Myths, Mysteries and Reality, AFCEA International Press, Virginia, pp.191-198, 1998.

    [40] JP 3-13, pp. I-11 to I-12.

    [41] JP 3-13, p. I-15.

    Author

    Captain Amanda Jane Brosnan is an officer in the New Zealand Army. She has a B.A. (Hons) in German and Economics, and a M.A. (Hons) in Defence and Strategic Studies. Most recently Captain Brosnan was employed as a Project Officer with the NZ Army. She is now on parental leave with her fourth child.