You are on page 1of 27

Using Decision Analysis to Increase Commanders Condence for Employment of Computer Network Operations

By: Rudolph Reb Butler, Major USAF, Dr. Dick Deckro and Jeff Weir, Lieutenant Colonel, USAF Editorial Abstract: This article is an abridged version of a research project by the same name. To read, the full report, please contact the authors.

ilitary operations are by their vary nature complex. These activities range from humanitarian operations to homeland defense to various intensities of combat operations. Commanders and their staffs organize, train, exercise and practice for their assigned tasks in preparation of real operations. The tools and tactics deployed and employed during training and exercises become familiar to the commanders and their staffs. Through training, exercises and evaluations, commanders gain an understanding of the capabilities provided and the risks involved in employment. The condence gained from training and exercises is enhanced during preparation and execution of actual operations. Information operations (IO) is increasing in importance in military campaigns. The tools and tactics employed in information operations, particularly when enhanced by command, control, communications, computers and intelligence (C4I) advances, are relatively new options available to military commanders. IO plays a significant role in ongoing military operations. Janes Defense Weekly, in an article titled, US Air Force Renes Information Operations, suggests there are several key lessons the USAF is reviewing. In the article, senior

USAF ofcials are quoted as stating, one of the most important aspects of the expanding use of IO is the capacity to test and evaluate these capabilities in controlled environments (Janes, 2004:10). Another key point emphasized by senior USAF ofcials was the ability to increase condence in IO tools within senior leadership: to build condence among the US Department of Defenses (DoDs) senior leadership in IO systems. The ability to employ these capabilities may migrate in many cases from seniorlevel positions to the tactical commander in the eld, once the leaders are convinced of the reliability and utility of the IO tools (Janes, 2004:10). IO integration requires methods to understand the baseline capabilities provided and the risks involved in employment of emerging tools and tactics. IO capabilities will continue to grow and evolve. A key aspect of IO is Computer Network Operations (CNO). Incorporating lessons learned from Operation IRAQI FREEDOM (OIF) into evolving CNO capabilities will be a challenge. Currently, CNO is considered to consist of three parts: (1) Computer

Network Attack (CNA), (2) Computer Network Defense (CND) and (3) Computer Network Exploitation (CNE). CNA and CND have received the greatest attention from national and international leaders in recent times.

Nature of the Problem

A fundamental problem in the rapid adoption of CNO is to determine methods to increase commanders condence in CNO tool and tactics. Are there ways to facilitate communication or dene a common understanding of the issue from the operational commanders perspective so that other key decision makers in the acquisition and evaluation processes can reduce risk, reduce uncertainty and aid in building confidence in newly elded capabilities? Could this common understanding or framework be used as a baseline starting point to reduce variation in programmatic guidance when leadership changes in all the key jobs? This paper uses decision analysis techniques, specifically influence diagrams/decision trees, to provide a structure and graphical representation of the problem to support all of the decision makers involved in acquiring, testing and employing CNO tools and tactics. By having a dened structure based on the operational commanders point of view,


nodes represent relevance (Clemen and Reilly, 2001:56). Conditioning refers to having a conditional probability relationship between events. Wackerly, Mendenhall and Schaeffer describe conditional probability as the probability (relative frequency of occurrence) of the event given the fact that one or more events have already occurred (Wackerly, 2002:50). This concept plays a major role in inuence diagrams. The relationships represented in an inuence diagram are those that are important. Kirkwood points out that influence diagrams reveal more information about Figure 1: Inuence Diagram the structure of the decision problem than many other representations and are good for studying more complex the various decision makers impacting 1998:6). In an influence diagram, decisions (Kirkwood, 1997:326-328). the acquisition and test processes (1) gain different decision elements are modeled The decision to employ any weapon greater insight on the factors, risks and in the diagram as different shapes. In system, especially CNO capabilities, is uncertainties operational commanders this effort, yellow rectangles represent a complex decision. face, (2) allows decision The influence diagram makers to work from a common Decision analysis is a method to provide described in this section is the understanding/structure of the structure and a systematic framework for result of extensive consultation problem, and (3) allows better and interaction with IO and CNO making hard decisions. communication ow between the subject matter experts (SMEs) various decision makers. This from the Air Force, Navy and common understanding/baseline Army. These SMEs work within structure becomes more important as decisions, green ovals represent chance a variety of organizations including the the Joint Capabilities Integration and events (uncertainties) and blue rounded Air Staff, the Army Staff, Air Combat Development System (JCIDS) process rectangles represent values (Applied, Command, Fleet Information Warfare evolves. 1998:6). Center, COMOPTEVFOR, Eighth Air A decision node represents an Force, and First Information Operations Decision Analysis opportunity for decision maker to choose Command, among others. An inuence Decision analysis is a method between alternative states of the world diagram could be the decision framework to provide structure and a systematic (Applied, 1998:99). A chance node for almost any capability, but has framework for making hard decisions. represents an event with two or more been specifically tailored to discuss Decisions, by their nature, are complex, outcomes that are uncertain. The chance CNO capabilities, both offensive and contain uncertainty and may have more node reects the state-of-information defensive. The CNO Employment than one objective. Three of the key that a staff or commander/decision inuence diagram that is the center of terms to dene in decision analysis are maker has about an event (Applied, this approach is given in Figure 2. This CNO Employment inuence diagram (1) decision, (2) risk and (3) uncertain 1998:155). Relationships between the different models the decision whether to employ events. A decision is defined as an irrevocable allocation of resources. Risk types of nodes are indicated using arrows a particular CNO tool/tactic against a as dened in JP 1-02 is the probability or arcs. In general, an arc can represent selected target or target set. The purpose and severity of loss linked to hazards. either relevance or sequence (Clemen of the CNO Employment influence Uncertain events are dened as events and Reilly, 2001:55). Arcs pointing to diagram is to capture and investigate decision nodes represent information the items that influence the decision where the outcome is unknown. An inuence diagram was selected available at the time of the decision to employ CNO tools and tactics. The to model the decision for employing and hence represent sequence and all influence diagram developed here CNO capabilities. An inuence diagram others represent relevance (Clemen and provides commanders and decision is a graphic representation of the Reilly, 2001:52-57). Figure 1 shows the makers a common framework for elements in a decision problem and the difference of relevance and sequence. discussion and an aid in understanding relationships among them (Applied, Arcs/arrows into chance or payoff the very complex problem of whether or


Fall 2005

not to employ CNO tools and tactics to options available to the commander. It tool and/or tactics are allowed to be used attain desired effect(s). has been assumed in this preliminary based on political situation/sensitivities A key consideration is that the CNO model that in Phases One and Four, and any legal restrictions and (2) if the Employment model was designed for CNO tool(s) and tactic(s) have a higher target is sensitive to political issues and both CND and CNA. The word, target, military utility due to the limited choices qualies as a legal target by the laws of is used in the model and could lead some of kinetic military capabilities available armed conict and other treaties. readers to the conclusion this model is for employment. In all phases of Ability for Assessment only for offensive operations. The use of operations, CND tool(s)/tactic(s) are (Chance Node) target is based on its joint denition. As employed to protect information and dened in the DoD Dictionary, target is information systems. In Phase Three, The Ability for Assessment dened as an area, complex, installation, CNO capabilities will compliment other chance node represents any uncertainty force, equipment, capability, function, or military capabilities both as primary associated with the ability to get the behavior identied for possible action options and as force multipliers. To necessary feedback and determine to support the commanders objectives, emphasize this point on using CNA, the success or failure associated with guidance, and intent (JP 1-02, 2003). employing the Threats become CNO tool(s)/ targets when action tactic(s) against a is going to occur particular target/ against them. For target set. This example, a threat to feedback includes computer systems a munitions becomes the effectiveness target of defensive assessment and operations. the battle damage Understanding assessment. the model and This ability to its nodes is an measure the important step for result of actions gaining insight is important and the ability to to phasing, tailor the model determining to a given realwhether the nonworld operation. kinetic response The next sections was effective, and describe the various in determining components of this the effect(s) on Figure 2: CNO Employment Inuence Diagram model. the battlespace. What is Phase of Operation? (Decision Node) The Phase of Operation decision node represents the decision to determine which phase of military operations the commander is in. As stated in JP 3-0, there are traditionally four phases in joint operations; Phase 1 (Deter/Engage), Phase 2 (Seize Initiative), Phase 3 (Decisive Operations) and Phase 4 (Transition). The capabilities available for employment during each phase typically vary. CNO tool(s)/tactic(s) are available in all phases of operations. In some phases, CNO capabilities may be the primary options. In other phases, CNO capabilities are one of many Denning stated, Cyber attacks may be used as an ancillary tool in support of other operationssupport, but not replace, more conventional military operations (Denning, 1999:72). Staff Review (Legal/Pol Mil) (Chance Node) The Staff Review chance node represents the uncertainty of whether the CNO tool(s), tactic(s) and the target sets are approved through specic staff review functions. Each CNO tool, tactic and its intended target will be reviewed, at a minimum, by the Political-Military and the Legal portions of the commanders staff to determine whether (1) the CNO Forecasted Cumulative Effects (Chance Node) The Forecasted Cumulative Effects chance node represents the uncertainty associated with predicting the cumulative effects produced by a CNO tool(s) and tactic(s) against a specic target or target set. Cumulative effects are dened as effects that result from the aggregation of direct and indirect effects (Mann et al, 2002:96). Effects include rst order, second order, third order and higher effects produced. Subsets of cumulative effects are collateral and cascading effects. Collateral effects are dened as an unintended/unanticipated effect that results from an action or


set of actions (Mann et al, 2004:95). Cascading effects are defined as indirect effects that ripple through the system (Mann et al, 2004:95). Cascading effects may be intended or unintended. Cumulative effects contain various key planning factors for employment, including collateral damage, unintended consequences and need for deconiction. Perceived Value of Exploited Data (Chance Node) The Perceived Value of Exploited Data chance node represents the uncertainty associated with the predicted value of exploited data gathered through CNE and other intelligence operations. Some governmental organizations consider the term, intelligence gain/loss assessment, as an equivalent term. If data containing intelligence information is coming from a source that is being considered as a potential target, then a commander and his/her staff must evaluate the option of exploiting the source versus employing capabilities against that source. The data coming from the source has some value. This value will depend on the type of target/ target set and other factors. In addition, over time, this predicted value may change based on the conduct of the campaign. It will be important for recurring decisions to re-evaluate this predicted value each time the decision is made. Perceived Understanding of CNO Tool/Tactic (Chance Node) The operational commanders and their staffs perceived understanding of the CNO tool(s) and tactic(s) under consideration will influence their employment considerations. The Perceived Understanding of CNO Tool/ Tactic node could evaluate a single tool and a single tactic or could evaluate the combined effect of multiple tools and tactics working together toward a common effect on the battlespace. There are many factors that will contribute to this perception: cost, the type of tool, 36

the type of tactic, level of formal testing accomplished, performance in actual operations and many others. The cost to use the CNO tool and tactic must be accounted for in the perception of its understanding. Cost is a function of money, resources expended, technology exposed, and potentially human lives saved or lost. If a CNO tool and tactic are expensive to employ, there may be other less costly options that alone or in concert with other measures can produce the same or similar effects at a lessen cost. Can/Should CNO Tools/Tactics be Used? (Decision Node) This decision node determines whether a selected CNO tool(s)/tactic(s) can be used against a particular target/ target set. This node is conditioned upon (1) Staff Review, (2) Ability for Assessment, (3) Forecasted Cumulative Effects, (4) Perceived Value of Exploited Data and (5) Perceived Understanding of CNO Tool/Tactic. The What is Phase of Operation? node serves as a military utility factor affecting the resulting values of this decision. All the outcomes of the previously articulated nodes will be known prior to the model evaluating the USE decision. Detailed Target Information (Chance Node) The Detailed Target Information chance node represents the uncertainty associated with understanding the target or target set. Intelligence is often imperfect. Denning states that for a CNA launching it would require considerable knowledge about target systems and interconnectivities (Denning, 1999: 65). There will be some unknowns and risk associated with the actual target, especially when dealing with CNO. Actual Understanding of CNO Tool/Tactic (Chance Node) This chance node represents the level of uncertainty associated with the actual understanding of the CNO tool(s)/tactic(s) under consideration.

The outcome of this node is determined after the decision to use CNO capabilities has been made. In the past, there was high risk in employing CNO tools/ tactics because the CNO tools or tactics were untested, immature or poorly understood outside of specic circles. In recent years, CNO tools and tactics have undergone increased testing and evaluation events prior to elding, but the process is still maturing. This node is based on the actual understanding of the CNO tool/tactic used in response to the target/target set that exists at the time of employment. Actual Value of Exploited Data (Chance Node) This chance node represents the uncertainty associated with the actual value of the exploited data gathered through CNE and other intelligence operations. The outcome of this node is determined after the decision to use CNO capabilities has been made. As stated earlier some governmental organizations consider the term, intelligence gain/loss assessment, as an equivalent term. This chance node accounts for the tradeoff between the intelligence value of the data versus the value for employing or not employing CNO capabilities. Actual Cumulative Effects (Chance Node) This chance node represents the uncertainty associated with the actual effects produced as a result of employing or not employing CNO tools/tactics against a particular target or target set. These effects include known rst, second, third and higher order effects produced. For this model, unexpected effects are undesirable outcome(s) even if the contribution to friendly operations is positive Response (Adversary/Third Party) (Chance Node) This chance node represents the uncertainty associated with the response by an adversary or third party to the decision. Some of the responses that could be modeled by this node are Fall 2005

(1) no response, (2) probability of detection, (3) probability of attribution, (4) counterattacks by the adversary and (5) third party responses. Weights 1-6 (Calculation Nodes) The weight nodes represent the perception of importance to the operational commander of the six variables feeding into the payoff function. A weight factor is developed for each of the variables feeding into the payoff function. Weight factors provide exibility in the model as the perception of importance changes for the different variables based on new leadership, new technology, different operational conditions and objectives or a variety of other things. These nodes have only one outcome, a weight represented as a number. This weight is the percentage of the overall response (i.e. payoff function) their assigned variable represents. The summation of all weight nodes must equal 100%. Intended Effect Produced on Battlespace (Calculation/Payoff Node) This payoff node uses an equation that rolls up and scores the overall response to the decision based on all of the factors involved.

uncertainties, (1) forecasts and (2) test and evaluation. Reducing Uncertainty in Forecasts In Figure 2, four nodes in the decision structure serve as forecasts of anticipated and actual outcomes for the decision maker. These nodes are (1) Forecasted Cumulative Effects, (2) Perceived Understanding of CNO Tool/ Tactic, (3) Perceived Value of Exploited Data and (4) Ability for Assessment. The rst step to increase commanders confidence in CNO tool(s)/tactic(s) is to ensure instruments or processes exist to provide the required forecasts. Assuming the instrument or process is in place, there must be mechanisms or procedures created and put in place to provide historical data to rene the forecasting instruments or processes. Preferably, such data would be from real-world operations. Forecast models are typically based on historical data. To be effective, the forecasts should produce actionable outputs that predict results close to reality. The greater the forecast error, the greater the risk imposed on the operational commander should he or she select such an approach. Historical data from the last three major contingencies (Kosovo, Afghanistan and Iraq) needs to be fed back into the mission planning system(s), tactics manuals and models used to determine the outputs of these forecasts. This strategy has been employed for some CNO capabilities. Using Test and Evaluation to Reduce Uncertainty Test and evaluation serves a role for increasing commanders condence in CNO capabilities. Traditionally, developmental test and evaluation has focused on the operation of the system while operational test and evaluation has focused on system performance under combat or operational conditions. As the Department of Defense transitions from a platform-centric viewpoint to a capabilities-based viewpoint, test and evaluation must, and will, evolve.

The new Air Force Instruction (AFI) 99-103, Capabilities Based Test and Evaluation, incorporates this formal transition. AFI 99-103 states the purpose of test and evaluation is to mature systems designs, manage risks, identify and help resolve deciencies as early as possible and ensure systems are operationally effective and suitable (AFI 99-103, 2004:6). AFI 99-103 denes capability-based testing as a missionfocused methodology of verifying that a capabilities solution will enable operations at an acceptable level of risk (AFI 99-103, 2004:55). In the model, test and evaluation directly contributes to the Perceived Understanding of CNO tools/ tactics and Actual Understanding of CNO tools/tactics nodes. It can also aid in reducing uncertainty in the following nodes as well; (1) Detailed Target Information, (2) Ability for Assessment, (3) Forecast of Cumulative Effects and (4) Actual Cumulative Effects. CNO tools and tactics, to be fully accepted and become an integrated arrow in the quiver of the commander, need to evolve to the point where they are evaluated under a Weapon System Evaluation Program (WSEP) approach. AFI 99-103 describes WSEP as the following: WSEP is a tailored type of Force Development Evaluation designed to provide end-to-end evaluation of elded weapon systems and their support systems using realistic combat scenarios. In addition, WSEP conducts investigative rings to revalidate capability or better understand munitions malfunctions (AFI 99-103, 2004: 13) Such an approach covers the other identied nodes previously mentioned. The support systems for employment of CNO tools/tactics include targeting and assessment. Firing CND and CNA tools and tactics will provide data on the cumulative effects produced and predicted. To achieve a WSEP approach, the necessary range infrastructure must be in place to support ring of the CNO capabilities.

Insights Gained from the Decision Model

To demonstrate and test the research, the authors populated the decision model and ran a series of trials to determine the most inuential variables within the model. Please reference the paper for the methodology and results. Operational commanders and decision makers can use this inuence diagram to identify key chance nodes. The uncertainty in these chance nodes be can reduced through range infrastructure, force structure investment and other methods (mission rehearsal, deconiction, forecasting, etc) making future decisions easier. The next sections highlight two strategies for reducing


Transformation is a difcult action because it drives people outside their comfort zones and embraces change. Todays transformation hinges on more than technology. People must look for new organizations, doctrine and capabilities to meet the new challenges. CNO capabilities will be part of the militarys transformation in response to the Information Age. Increasing commanders confidence in CNO and other non-kinetic capabilities is an absolute requirement if the U.S. military is going to be successful against asymmetric and traditional warfare. Providing a common framework to stimulate discussion between operational commanders, planners and technologists is a key step.

Bibliography: Applied Decision Analysis LLC. DPL 4.0: Professional Decision Analysis Software Academic Edition. Pacic Grove, CA: Duxbury Thomson Learning, 1998. Clemen, Robert T. and Terence Reilly. Making Hard Decisions with Decision Tools. Australia, Duxbury Thomson Learning, 2001. Denning, Dorothy E. Information Warfare and Security. Boston, MA: Addison-Wesley, 1999. Department of the Air Force. Capabilities Based Test and Evaluation, Air Force Instruction (AFI) 99-103. Washington: HQ USAF, 6 Aug 2004. Department of Defense. DoD Dictionary of Military and Associated Terms, Joint Publication (JP) 1-02. Washington: JCS, 5 Jun 2003, as amended.

Doctrine for Joint Operations, JP 3-0. Washington: JCS, 10 Sep 2001. Kirkwood, Craig W. Strategic Decision Making: Multiobjective Decision Analysis with Spreadsheets. Belmont, California: Duxbury Press, 1997. Mann, Edward C., Gary Endersby and Thomas Serle. Thinking Effects: Effects-Based Methodology for Joint Operations, CADRE Paper 15. Maxwell AFB, AL: Air University, October 2002. US Air Force Refines Information Operations, Janes Defense Weekly, 2 Jun 04:10. Wa c k e r l y, D e n n i s D . , Wi l l i a m Mendenhall III and Richard L. Schaeffer. Mathematical Statistics with Applications. Pacic Grove, CA: Duxbury Thomson Learning, 2002.


Fall 2005

Counterpropaganda: An Important Capability for Joint Forces

By Christian Cali and Marc Romanych, Major USA (Retired) Editorial Abstract: The authors address a topic given little attention in current IO doctrine and planning, counterpropoganda. With the explosion of low cost, easily accessible media production and communication capabilities, any individual or group can access a wide target audience to spread a message. Countering propaganda must be given more attention by IO planners.

What role, if any, does IO actually have in countering propaganda? Current IO doctrine pays little attention to this increasingly important supporting IO capability. A review of doctrine reveals a lack of guidance and tactics, techniques, and procedures (TTP) for counterpropaganda. In fact, JP 3-13, Joint Doctrine for Information Operations, mentions counterpropaganda only ve times and fails to include a discussion on how IO staffs implement propaganda countermeasures that involve IO capabilities other than psychological operations (PSYOP). Furthermore, Joint doctrine casts counterpropaganda operations in a passive light, defining it as activities that identify adversary propaganda, contribute to situational awareness, and serve to expose adversary attempts to inuence friendly populations and military forces.1 This perspective incorrectly implies that counterpropaganda commences upon discovery of opponent propaganda and therefore does not actively seek to mitigate propagandas effects before its onset. In reality, in todays operating environment, propaganda and counterpropaganda are ongoing phenomena, and the most effective counterpropaganda measures are pro-active in nature. This article presents a different view, arguing that Joint forces must expand the scope of counterpropaganda beyond the

realm of PSYOP, to the employment of other IO capabilities that can actively counter hostile propaganda, and for that matter, to counteract any opposing information, to include misinformation and disinformation.2

A Muqtada al-Sadr poster Photo by: SSG. MICHAEL NASWORTHY

What is Propaganda?
The DoD denition for propaganda is Any form of communications in support of national objectives designed to influence the opinions, emotions, attitudes or behavior of any group in order to benefit the sponsor, either directly or indirectly.3 However, the use of national is a misnomer. As the costs of spreading propaganda decline, many non-state actors are now capable of disseminating propaganda on a scale equal to the old state model. Historically, the sources of mass propaganda were government-sponsored

entities or well-funded groups. But now, with the advent of the Information Age, propaganda is becoming less centralized as non-state actors political movements, insurgencies, and even social causes can afford mass communications means. Furthermore, classical propaganda forms and media such as art, architecture, opinioneditorials, posters, and novelty items are being supplanted by new innovative electronic forms such as interactive web sites, quality videos, and podcasts. As these and other information technologies become cheaper, the use and localization of propaganda will increase among our adversaries and their target audiences. For these reasons, it may be more useful to think of propaganda as the manipulation of information to promote attitudes and behaviors that advance the ideology and objectives of its sponsor.

Analyzing Propaganda
Army FM 3-05.301, Psychological Operations Tactics, Techniques, and Procedures, is the doctrinal reference for counterpropaganda. It details how to embed counterpropaganda into the PSYOP planning and development processes. This article does not argue for the removal of primary responsibilities for propaganda analysis and counterpropaganda activities from PSYOP personnel, who are typically the most qualified and experienced 11

personnel for those activities, but rather, separate out the propaganda, it is necessary as newsworthy events, it is useful to is concerned with employing all Joint to identify adversary capabilities to examine the media within the framework force IO capabilities by building upon develop and spread propaganda, as of propaganda analysis. Additionally, established PSYOP processes. This well as the receptiveness of key target news clips and images may appear in position is in line with PSYOP doctrine audiences to the adversarys lines of propaganda products if the adversary which states, All elements of IO can persuasion. Under normal circumstances attempts to exploit the credibility of news and will support the counterpropaganda this is a PSYOP task, conducted using organizations in the eyes of the target. plan, but the focal point for such objective analysis, subjective analysis, or Finally, a database should be operations should remain with the source-content-audience-media-effects constructed to catalog and share identied PSYOP forces.4 (SCAME) analysis for individual pieces propaganda with higher and lower To effectively counter opponent or instances of opponent propaganda and echelons of command in order to provide propaganda, the Joint force must rst series analysis to grasp the operational a common view of opposing information understand the environment in which impact of the opponents propaganda.7 in the operating area. In sum, these the propaganda exists. Under the best The IO staff can facilitate these analyses efforts can establish propaganda trends of circumstances this is a difcult task, by assisting intelligence and PSYOP and patterns and provide long-term as effective propaganda includes the personnel in the collection of suspected outlooks that will carry over beyond the reinforcement of societal myths that propaganda, as reected in FM 3-05.301: tour of duty of rotating personnel. are so deeply imbedded in a culture PSYOP forces do not have the organic The culmination of the working that it is often difcult to recognize a ability to collect all available information. groups efforts is an understanding of message as propaganda.5 Generally, In addition, PSYOP personnel may how the opponent is affecting the content propaganda will be effective when its be lured by the obvious propaganda and ow of information in the operating lines of persuasion match the existing appearing in the AO and miss collecting environment, how its propaganda impacts attitudes of the receivers.6 the more subtle and potentially effective the various target audiences, and perhaps For the purposes of IO, propaganda propaganda being disseminated through most importantly, what needs of the is the opponents argument that justies the local media.8 target audiences are being preyed upon its actions and bolsters its by the propagandists. legitimacy. By communicating To mitigate or nullify the effects of the Countering with the populace, and at propaganda, the IO staff must determine times our forces, the opponent Propaganda the appropriate countermeasures, as offers a window into its Counterpropaganda is a philosophy, goals, objectives, well as anticipate the effects of those difcult and complex challenge. and operations. Therefore, countermeasures and the opponents To mitigate or nullify the effects propaganda may provide a of the propaganda, the IO staff useful insight into how to defeat response. must determine the appropriate the adversary in the information environment. One way to establish the A possible staff solution is to countermeasures, as well as anticipate context of propaganda is to determine the assemble a working group consisting the effects of those countermeasures and interrelationship between information of a handful of personnel from the the opponents response. This is more indigenous to the operational area and IO, PSYOP, public affairs (PA), and than a matter of merely coordinating the culture and history of the target intelligence staffs who can use fuse two the assets and competing requirements audience. Much of this information is core analytical functions propaganda of the core, supporting, and related often available in the PSYOP appendix analysis and media analysis with the capabilities. Success rests with the to the commands operations plan. current intelligence estimate. Although IO staffs ability to correctly direct the The IO staff can enhance this effort by the exact functions of the working group Joint forces capabilities at affecting expanding its intelligence preparation of are variable by echelon and mission, in specic information content and ow the information environment to include general it must acquire and document to the target audience. An effective PSYOP target audience analysis. suspected opponent propaganda in counterpropaganda effort selects the Next, the Joint force must have a each sub-sector of the operational area, appropriate assets, both IO and non-IO, way to identify opponent propaganda preferably at regular, periodic intervals. and determines how these assets can be from other forms of information in the Another task of the working employed to match or overmatch the operating environment. Propaganda group is to fuse the PA media and effects of opponent propaganda. Efforts to counter propaganda will is likely to be subtle and nuanced, PSYOP propaganda analyses. Because and in todays operating environment, propaganda is often carried by news most likely become a long-term operation. misinformation and disinformation may media in opinion-editorials, news For this reason, counterpropaganda can be intermixed with the propaganda. To articles and broadcasts, and publicized easily take the form of an IO objective.


Fall 2005

When developing an objective for counterpropaganda, particular attention should be paid to the effects of the propaganda on the target audience. An essential component of this process is PSYOP pre-testing because it provides the opportunity to capture the social dimension of propagandas impact on the target audience.9 However, complete knowledge of the attitudinal or behavioral effects resulting from a particular set of countermeasures is unlikely. Therefore it may be necessary to identify a series of likely outcomes stemming from the countermeasures.10 Chances are slim that any one set of countermeasures will apply a silver bullet solution. The effects of the opponent propaganda and friendly countermeasures will likely develop in a non-linear fashion, hence a constant process of analysis and application is necessary. To do this, the IO staff must monitor any effects produced by the countermeasures, changes to the operating and information environments, adversary responses to the countermeasures, and then if applicable, reengage the target audiences with new countermeasures. Furthermore, because countering propaganda will unlikely be a simple matter of churning out more PSYOP posters and handbills, extensive coordination for operational or strategic assets, or even the use of civilian media may be necessary.

techniques for quantifying the effects of opponent lines of persuasion, and tactics to employ friendly countermeasures. Endnotes: 1 The denition of counterpropaganda operations is from Joint Publication 1-02, DoD Dictionary of Military and Associated Terms. The authors of this article prefer the Army denition: Programs of products and actions designed to nullify propaganda or mitigate its effects (FM 3-05.301, Psychological Operations Tactics, Techniques, and Procedures). 2 Misinformation is unintentionally incorrect information emanating from virtually anyone for reasons unknown, or to solicit a response or interest that is not political or military in origin. Disinformation is information disseminated primarily by intelligence organizations or other covert agencies designed to distort information and deceive or influence U.S. decision makers, U.S. forces, coalition allies, and key actors or individuals via indirect or unconventional means (FM 3-05.301).

Joint Publication 1-02, DoD Dictionary of Military and Associated Terms. 4 FM 3-05.301, Psychological Operations Tactics, Techniques, and Procedures, p. 11-3. 5 Jowett, G. & V. ODonnell. Propaganda and Persuasion. Sage Publication, London, United Kingdom, 1992, p. 212. 6 Jowett, G. & V. ODonnell. Propaganda and Persuasion. Sage Publication, London, United Kingdom, 1992, p. 153. 7 For an in-depth depiction of the SCAME technique see pp. 11-10 to 1116 of FM 3.05.301. 8 Ibid, p. 11-5. 9 In a sound summary of effects research, Jowett and ODonnell argue: It is also important to pay attention to the historical and cultural contexts in which propaganda and persuasion occur, and especially to recognize that people construct different meanings according to their social experiences. 10 Smith, Edward E. Effects Based Operations. CCRP, November 2002, p. xvii.

This paper provides little more than a starting place for the application of a supporting, albeit critical, IO capability. Unfortunately, the absence of a methodology to determine the effects of opponent propaganda and predict the effectiveness of friendly countermeasures remains a major gap in the IO staffs TTP. Aside from the pre-testing techniques typically used by PSYOP forces, little is available for the IO staff to predict whether the selected countermeasures are appropriate. Therefore, three worthwhile future efforts are the development of procedures for identifying, dissecting, and cataloguing opponent propaganda;


Strategic Communications: How to Make it Work?

By Marshall V. Ecklund, Major, USA Editorial Abstract: Major Ecklunds essay is the 2005 winner of the United States Army Command and General Staff Colleges 2004/2005 Excellence in Joint Command, Control, Communications, Computers and Intelligence (JC4I)/Information Operations (IO) Writing Award, jointly sponsored by the Armed Forces Communications and Electronics Association (AFCEA) and the CGSC Department of Joint and Multinational Operations.

United States strategic communication lacks sustained Presidential direction, effective interagency coordination, optimal private sector partnerships, and adequate resources. Tactical message coordination does not equate with strategic planning and evaluation. Personal commitment by top leaders has not been matched by needed changes in the organizations they lead or in a dysfunctional interagency process. - Report of the Defense Science Board Task Force on Strategic Communication

ew Americans would argue that the U.S. is not currently and countering hostile propaganda by disseminating truthful experiencing the result of a gradual decline in its global information to both domestic and foreign populations. In image, especially with regard to the Middle East and countries theory, the USG should have a mechanism to provide its that are predominantly Muslim. LTC Stephen M. Tanous decision makers an integrated, comprehensive, and complete attributes this resentment of the U.S. government (USG), and strategy to pursue national interests vis--vis the interdependent more specically its foreign policies, to poorly articulated capabilities of the combined instruments of national power. and inconsistently applied foreign policies, poor cultural However, unlike the diplomatic, military, and economic understanding of foreign values and beliefs,1and a pervasiveness instruments of national power, no single government agency of American power constantly on display. is responsible for providing the strong leadership and strategic An underlying cause for the USGs cumulative failures direction necessary to operationalize the nations vast portfolio at articulating persuasively its values, beliefs, and policies of informational assets. in ways that encourage support from ambivalent foreign The implementation of a national information strategy nations and attain acceptance from hostile nations has will require a separate standing bureaucracy to coordinate been its inability to harness the information dissemination informational (psychological) across the USG. Centralized instrument of national power. control is essential for the topThis essay will prescribe a new down direction required for paradigm for managing strategic the development of prioritized, communications within the coherent, consistent themes and framework of information as an messages based on current U.S. instrument of statecraft. interests and positions on key Informational power refers issues, and coordinated across 2 to a countrys ability to control agency lines. Historically, and influence world opinion the strongest periods of USG through informational channels. strategic inuence had several Facets of this inuence include common features, including the collection and dissemination permanent, rather than ad of critical information and hoc organizations; specific intelligence to strategic decision charters outlining roles and makers, protecting information responsibilities for all agencies; and information systems from 200,000 anti-war on Iraq demonstrators in Rabat, Morocco top-level interest, guidance, and 3 (AN) attack and unauthorized access, cover; and full-time staffs. 5

to direct, coordinate, and provide strategic communication guidance to all USG departments. Because strategic inuence transcends organizational boundaries and functional disciplines, it is an inherently difcult process to manage. This notwithstanding, the Commander-inGeorge Creel (1876Chief must take charge of his information agenda and articulate 1953) headed the U.S. a national informational strategy with vision as broad and information effort during 6 encompassing as the Cold Wars strategy of containment. World War One Currently, there is no single lead agency with formal tasking authority responsible for developing an information strategy for promoting and magnifying the USGs goals and objectives of fostering democratic principles worldwide, and providing targeted global audiences with truthful and factual information on USG activities. Additionally, no interagency organization Furthermore, these successful organizations had dedicated currently conducts adequate target audience analysis, or misinformation, and hostile full-time staffs with direct access to critical policy decision counters hostile disinformation, 7 makers. The Committee of Public Information and the Ofce propaganda directed at the USG. However, in stark contrast of War Information (OWI) are two examples of organizations to the majority of recommendations made by numerous that avoided interagency rivalries with the support of the White committees and boards studying the issues of strategic communications and the Department of Defenses (DoD) House. President Woodrow Wilson authorized the formation of Information Operations (IO) since 9/11, this essay argues that the Committee of Public Information, more popularly known a new paradigm will be necessary to harness the potential of the informational element as the Creel Committee in 1917. With the committees Currently, there is no single lead agency of national power. While objectives of encouraging with formal tasking authority responsible recent writings hazily discuss strategic communications domestic loyalty and unity, for developing an information strategy in terms of anything and promoting understanding for promoting and magnifying the USGs dealing with information and support for U.S. foreign policy objectives abroad, goals and objectives of fostering democratic or communications, one should limit such broad George Creel used every means of communication principles worldwide, and providing targeted g e n e r a l i z a t i o n s t o t h e available to shape opinion, as global audiences with truthful and factual instrument of national power itself. well as to control, centralize, information on USG activities. F r o m t h i s a u t h o r s and even censor information analysis of the issue, strategic until 1919. This was the last time that any government organization controlled both the communication is actually one of two components of the foreign and domestic media, had adequate funding to complete informational instrument of national power. One could refer to its informational mandate, and possessed an approval authority the other component as information activities, including the 4 use of psychological effects and information as a weaponas to further U.S. national goals and objectives. Similarly, President Franklin D. Roosevelt established with IO. The DoD-recommended change to the denition the OWI in June 1942 to consolidate wartime information of IO from the classied Information Operations Roadmap and psychological warfare activities into one agency with a is (U) The integrated employment of the core capabilities full-time focus on strategic communications, and to coordinate of Electronic Warfare [EW], Computer Network Operations better with the increasing number of agencies involved [CNO], Psychological Operations [PSYOP], Military in wartime propaganda. The OWI reported directly to the Deception and Operations Security [OPSEC], in concert with president, and had the responsibility for both domestic and specied supporting and related activities [including Public overt psychological warfare. With its overseas and domestic Affairs and Civil Military Operations], to inuence, disrupt, operations branches, the OWI designed, prepared, and executed corrupt or usurp adversarial human and automated decision8 information programs to promote an understanding of the status making while protecting our own. DoDs joint IO goal is to and progress of USG war efforts, and the5 policies, activities, attain information superiority, or a capability to collect, process, and aims of the USG at home and abroad. Both the OWI and and disseminate an uninterrupted ow of information while the Committee of Public Information illustrate what is possible exploiting or denying an adversarys ability to do the same. The most significant differences between the two from organizations that have a permanent staff, have sufcient authority to direct the coordination and implementation of components of an informational strategy are time, effects, and policy decisions, and are able to rise above interagency rivalry perceptions of truth. The results of a liberally-applied notion of

(First World

Fall 2005

communication in the conduct of information activities usually involve actions or deeds, and are typically short-term in focus and duration. For example, a one-week PSYOP campaign that successfully persuades an enemy unit to capitulate does little to change long-term behaviors and attitudes concerning USG policies in the region. This is not to say that PSYOP cannot have a strategic impact, rather the result of IO are typically not strategic in terms of winning the war of ideasthe heart of strategic communication. Nonetheless, a tactical action that contradicts USG-espoused values such as respect for human rights can have a grave impact on the USGs credibility, legitimacy, and public support as it did with the recent scandal at Abu Ghraib prison in Iraq. When the USGs deeds and actions are inconsistent with its words, the success of strategic communications is highly improbable.

Which image is perceived as communicating the real USG message?

DoD IO, and the similar tactical and operational information activities conducted by the other instruments of national power, typically focuses on hostile audiences and targets. Information-specic effects-based operations sought by such activities could include degrade, deceive, counter, protect, deny, and collect. Inherent in achieving many of these effects against an adversary or short-term interest are matters of truth and perception. PSYOP, grey and black propaganda, covert actions, and deception operations conducted by the USG could all potentially employ varying degrees of misdirection, half-truths, misleading information, negative propaganda, and out-right lies. While the most effective deception and PSYOP operations include mostly elements of truth, the mere association with the purposeful manipulation of facts in the realm of strategic communication is politically unsound. This same rationale arguably explains the fundamental concern that has plagued the majority of the USGs previous efforts at managing strategic inuence, such as DoDs internally sabotaged the Ofce of Strategic Inuence (OSI).

The image of Abu Ghraib

Defense Link

Former Under Secretary of Defense for Policy, Douglas Feith On 30 October 2001, DoD established the OSI under the direct supervision of the Under Secretary of Defense for Policy (USD-P). The OSI provided DoD with a series of information policy options and programs based on worldwide and targetspecic analysis and opinion polls. The OSI also initiated programs to counter hostile propaganda, misinformation, and disinformation directed by foreign nations against the USG 9 and its allies. As OSI executed pro-USG inuence programs abroad, the Assistant Secretary of Defense for Public Affairs (ASD-PA) lobbied the USD-P for the authority to approve the OSIs PSYOP themes and related overt IO activities. Probably fearing that the OSI would plant false messages and misinformation in overseas media, which would

U.S. Marine Staff Sgt. W.P. Ybarra plays with a young Iraqi while his fellow Marines provide food and water to the family during a patrol in Fallujah.

subsequently be reported in the U.S. as fact, the ASD-PA inuence and support to public diplomacy. Objectives should wanted to make certain that it would not be given the unenviable include adversarial and hostile audiences as well as the job of rebuilding trust and support with a hostile public, or audiences of allied and neutral countries. The strategy should regaining the USGs damaged credibility. On 20 February 2002, concentrate equally on 1) changing the long-term attitudes and a series of coordinated press releases containing intentionally behaviors of target audiences and 2) explaining USG policies 15 leading disinformation about the OSIs charter fueled a media to foreign audiences. frenzy. The damage the media controversy and exposure Referring again to the differences between the two caused was too great to overcome, so DoD opted to close the components of the informational instrument of national OSI on 26 February rather than counter the internally-spread powertime, effects, and perceptions of truthstrategic and unsubstantiated disinformation, or take action against communication optimally results in either a transfer and 10 the source of the leaks. The only remaining organization acceptance of ideas, or a change in beliefs or attitude vis--vis involved with strategic inuence in OSD is the small Ofce a long-term, proactive approach. The effects sought through of Information Activities (OIA) that retained responsibility strategic communications might include inform, persuade, for policy oversight of military PSYOP under the direction of inuence, disseminate, legitimize, and build. Additionally, the Assistant Secretary of Defense for Special Operations and policies, conicts of interest, cultural differences, memories, 11 Low Intensity Conict (ASD-SOLIC). time, dependence on mediated information, and other factors The ASD-PAs concern over possible perception of all shape perceptions and limit the effectiveness of strategic 16 media manipulation through public affairs channels illustrates communication. the most critical, yet least recognized, nuance of strategic This effectiveness also depends on the USGs ability communicationthe consequences of transmitting anything to communicate effectively with many different audiences, other than truths destroys the USGs credibility, erodes vital including enemies, friends, coalition partners, disinterested public support, strengthens the enemys IO, and complicates masses, and the American public. Since each USG agency has future attempts its own mission, each at successfully habitually targets Rumsfeld Kills Pentagon Propaganda Unit communicating. different audiences, News Reports Decried As Damaging, Inaccurate A strategic with different By Thomas E. Ricks communication messages, through Washington Post Staff Writer strategy is a different channels. Wednesday, February 27, 2002; Page A21 coordinated plan By communicating for disseminating different messages Defense Secretary Donald H. Rumsfeld emphatically killed a c c u r a t e to multiple the Pentagons new Ofce of Strategic Inuence, saying information audiences at home yesterday that inaccurate news reports had damaged the about the United and abroad, the USG new propaganda coordination ofce beyond repair. States, designed to risks the perception communicate our of being seen as nations goals and intentions clearly, truthfully, and12 deliberately disingenuous. However, policy actions ultimately speak to audiences around the world and at home. Strategic louder than any words in a communications strategy, but both communication is not an opportunity to politicize a message or should be mutually supportive given that policy mistakes can intentionally lead a target audience to believe something that is quickly negate even the best-planned strategic communication 17 not accurate; it allows the USG to tell its story, set the record strategy. Trust and credibility is the basis for effective straight, and correct misinformation. Additionally, strategic strategic communication, so the USG must never compromise communication provide truthful and timely information in this most basic tenet of the nations values. Once compromised, order to overcome a target audiences information decit, or in no amount of strategic communicating will be able to deliver a some cases, to counteract anti-USG propaganda from hostile message representative of genuine USG objectives. regimes. By providing nothing less than accurate information, The primary tools of a strategic communication strategy allies and adversaries alike can make informed decisions with are public diplomacy, formal diplomacy, foreign policy, the 13 regard to USG policies and actions. national security strategy, and public affairs. Through the Strategic communication describes a variety of instruments exchange of people and ideas, public diplomacy seeks to used to understand global attitudes and cultures, engage in inuence attitudes and mobilize publics in ways that support a dialogue of ideas between people and institutions, advise policies and interests by building lasting relationships and 18 policy makers, diplomats, and military leaders on the public acceptance for a nations culture, values, and policies. opinion implications of policy choices, and inuence attitudes In 1998, the Foreign Affairs Reform and Restructuring 14 and behavior through communications strategies. A strategic Act disestablished the formerly independent United States communication strategy should clearly link national interests Information Agency (USIA) and merged its functions and and objectives with themes and messages that will guide missions into the Department of State (DOS), under the Under all departments independent and coordinated strategies of Secretary for Public Diplomacy and Public Affairs. Since 8 Fall 2005

strategic communication and the portfolio of information activities in order to have a single point of contact to hold accountable for managing the informational instrument of national power. Whether referred to as a Special Assistant to the President for Information Activities, a National Information Adviser (NIA), or a Strategic Communication Advisor to the President, this advisor requires a full-time staff with experts 24 from all agencies dealing with strategic communication. By combining the existing Policy Coordinating Committees at the inheriting the USIA, the DOS has become the nominal lead in National Security Council (NSC), the NSC could establish an the USGs strategic communications with foreign audiences, Executive Secretariat to manage execution oversight for short19 including public diplomacy. Additionally; DOS is still term strategic communications interests, while simultaneously responsible for practicing formal diplomacy, or those traditional maintaining a focus on long-term strategic communications diplomatic interactions between governments. planning. DOS and DoD both employ public affairs to facilitate the Top leadership for the USGs strategic communication free ow of information needed to communicate timely and architecture would likely be a political appointment, and closely accurate information relating to government goals, policies, afliated with the Presidents agenda, however the Executive and actionsprimarily to inform and inuence the U.S. media, Secretariat must be a nonpartisan fusion team able to provide American public, and select internal audiences. Both explain continuity of purpose regardless of the changing political 25 the rationale behind the USGs foreign affairs and policies. administrations. If While public affairs focus established in a manner primarily on the domestic similar to the OWI, this media, their advocacy organization would be activities reach allies and less likely to become adversaries around the distracted by other globe. The conceptual important strategic distinction between information needs, and the target audiences of would have a favorable public affairs and public opportunity to secure diplomacy is losing interagency acceptance validity in the world of and support. This would global media, global increase the overall audiences, and porous probability of its success 20 borders. in communicating F i n a l l y, n o t h i n g the USGs intentions, shapes USG policies and policies, and actions to global perceptions of the world. U.S. foreign and national With a centrally President Bush and Secretary of Defense Rumsfeld security objectives more controlled strategic powerfully than the communication direction and leadership inherent in the Presidents statements mechanism to focus and integrate all strategic communication and actions, and those of the USGs senior ofcials. assets into a holistic strategic communication strategy, the USG Interests, not public opinion, should drive foreign policies could nally leverage all instruments of national power through and national security strategy formulation; however, one can 21 never separate policies and strategic communications. This the president needs someone that he notwithstanding, Tanous cites a troubling statement from the 2002 Report of the U.S. Advisory Commission on Public can assign overall responsibility for Diplomacy: U.S. foreign policy has been weakened by a failure the strategic communication and the to systematically include public diplomacy in the formulation 22 and implementation of policy. Without an interagency public portfolio of information activities in diplomacy strategy, the risk of making communication mistakes order to have a single point of contact damaging to USG public diplomacy efforts is high; a lack of to hold accountable for managing the strategy diminishes the efciency of public diplomacy efforts 23 across all departments of government. informational instrument of national In todays Information Age, the president needs power someone that he can assign overall responsibility for the

Trust and credibility is the basis for effective strategic communication, so the USG must never compromise this most basic tenet of the nations values.

Defense Link

the NSC and the Special Advisor to the President. Furthermore, with adequate resources, sustained effort, and talent from the private sector, a nationally directed strategic communication strategy can finally move past parochial interests and interagency rivalries by removing those information activities out from under the strategic communication umbrella. By removing all activities from strategic communication that could possibly tarnish its truth-based strategy to inuence world opinion, strategic communication can better foster democratic principles worldwide, and provide targeted global audiences with truthful and factual information on USG activities without concern for chance miscues with information activities. Endnotes: 1 Lt Col Stephen M. Tanous (USAF), Building a Psychological Strategy for the U.S.: Leveraging the Informational Element of National Power, U.S. Army War College Strategy Research Project, 7 April 2003, 2. 2 Ibid., 25. 3 LTC Susan L. Gough (USA), The Evolution of Strategic Inuence, U.S. Army War College Strategy Research Project, 7 April 2003, 34. 4 COL Brad M. Ward, Strategic Inuence Operations The Information Connection, U.S. Army War College Strategy Research Project, 7 April 2003, 3-4, 25. 5 Ellen K. Haddock, Winning with Words: Strategic Communications and the War on Terrorism, National Defense University, National War College Paper, 2002, 31; also Gough, 2003, 4.

Gough, 2003, 34-35; also Arnold J. Abraham (OSD), The Strategic Communications Process-How to Get Our Message Out More Effectively, National Defense University, National War College Paper, 2004, 11. 7 Ward, 2003, 16-17. 8 Donald H. Rumsfeld, Department of Defense Information Operations Roadmap, 30 October 2003, 22. 9 Ward, 2003, 12. 10 Ibid., 13; also Gough, 2003, 31 11 Gough, 2003, 31. 12 Haddock, 2002, 4. 13 Ibid. 14 Ofce of the Under Secretary of Defense for Acquisition, Technology, and Logistics, Report of the Defense Science Board Task Force on Strategic Communication, September 2004, 11. Hereafter referred to as the DSB Report. 15 Gough, 2003, 35. 16 DSB Report, 2004, 15. 17 Haddock, 2002, 11-12, 14. 18 DSB Report, 2004, 12. 19 Gough, 2003, 26. 20 DSB Report, 2004, 12. 21 Ibid., 30. 22 Tanous, 2003, 9. 23 Jess T. Ford, Director International Affairs and Trade, statement in U.S. Public Diplomacy: State Department and Broadcasting Board of Governors Expand Post-9/11 Efforts but Challenges Remain, 23 August 2004, 9. 24 Gough, 2003, 34; also Haddock, 2002. 25 Abraham, 2004, 11


Fall 2005

Tor: An Anonymous Routing Network for Covert On-line Operations

By Nicholas A. Fraser, Captain, USAF , Richard A. Raines, Major, USAF (Retired) and Rusty O. Baldwin, Major, USAF (Retired) Center for Information Security Education and Research Air Force Institute of Technology Wright Patterson AFB Editorial Abstract: The authors discuss the functionality of Tor, an anonymous Internet communication system with potential applications for both friend and foe in the area of computer network operations. In 2002, a computer hacker belonging to a sophisticated hacker group gained access to an unclassied USAF computer system located at an unnamed Air Force base. A review of the logs from the victim computer system disclosed the hacker sent emails from the victim to an address registered to an U.S. Internet Service Provider (ISP). After obtaining necessary court orders, the ISP turned over to investigators the connection logs indicating the IP addresses used to check the account and also the content of emails still residing on the ISPs servers. An analysis of the connection logs disclosed the intruder likely resided in Romania and was using the account to record and save the IP addresses for over a hundred other compromised computers. Clearly, the success of the investigation, in terms of attribution and intelligence, was due to the hackers ignorance of the ISPs policy of recording account connections. Had he known better, the hacker could have shielded from the ISP his true IP addresses and avoided arrest. All he needed to do was check his web email using the anonymous Internet communication system Tor. The Tor system [1,5] provides anonymity to individuals using interactive Internet services like the World Wide Web (WWW), Internet Relay Chat (IRC), or secure shell (SSH). Tor is an overlay network, rst introduced in 2002 and originally sponsored by the Naval Research Laboratory. It is now sponsored by the Electronic Frontier Foundation and developed under the Free Haven Project [4]. Tor provides anonymous message delivery with minimal latency by routing messages through special servers called onion routers (ORs). These ORs are administered by volunteers with over 200 currently online in more than 20 countries. Users connect to Tor via an onion proxy (OP) that is installed on individual computer systems. When a user, Alice, wishes to send messages to a server, Bob, on the Internet, her OP constructs a circuit or path through three ORs (see Figure 1), the last of which is responsible for connecting to Bob. Once the circuit is established, Alice sends her messages. The rest of this paper is organized as follows: First, a detailed description of the Tor circuit establishment and hidden services is discussed in Section 2. This is followed by a discussion of the application of Tor to enemy cyber operations and American Information Operations (IO) in Section 3.

How does Tor Work?

Tor is based on the concept of onion routing where messages are wrapped in layers of encryption before being sent. When a message arrives at the rst OR on a circuit, the outer layer of encryption is removed and the message is forwarded to the next OR. This process is repeated until it reaches the nal OR on the circuit. At this point, the message is decrypted (revealing clear text) and forwarded to the destination address. Layered encryption is a common technique used in anonymous communication systems, however, to achieve low-latency various other techniques that strengthen anonymity are omitted. Mixing is one such feature. A server is said to be a mix if it takes in a collection of messages called a pool, transforms (usually through encryption or decryption), reorders, and delays the pool, and nally ushes the pool by forwarding each message according to the new order. Mixing increases latency to the extent that interactive services cannot be supported. Instead, mixing is most commonly used by anonymous communication systems specializing in email delivery. Tor operates using xed 512 byte cells (or packets) for stronger anonymity and the Transport Layer Security (TLS) protocol for authentication and privacy. Figure 2 is a timeline showing the steps Alice takes to communicate with Bob. First, Alices OP randomly selects three ORs. Next, Alice establishes a TLS connection to OR1. Alice then sends a create cell containing the rst half of a secret key exchange. This message is encrypted using OR1s public key. OR1 responds to Alice with the second half of the secret key and a securely hashed value of the symmetric key. Alice can be

Figure 1: The Tor Overlay Network


Fall 2005

that anyone wishing to bring down the service via a distributed denial of service (DDoS) attack is forced to target Tor.

Information Operations Applications

Tor is a tool that can aid unsophisticated hackers, terrorist organizations, and foreign information operators. URL-based attacks that take advantage of simple vulnerabilities in web servers, like the Unicode vulnerability in Microsofts Internet Information Server 4.0 [2], can be effectively launched using Tor. Additionally, Tor could be used by an adversary to control botnets. Such attack networks are typically established by exploiting computer systems via malicious email attachments or web scripts. They are specically targeted because they have constant Internet connectivity and their users are unlikely to notice additional connections and CPU degradation. The use of botnets is a growing problem as most present uses target the propagation of spam and adware. Future uses may be much more malicious. The combined use of botnets and systems such as Tor can have severe negative impacts on national defense and law enforcement. With Tor the adversary can send instructions to his zombie computers without concern that his command and control location will be discovered. Terrorist organizations can also make good use of the Tor network. Tor could serve as a conduit to Internet communication channels known to be used by terrorist organizations like web pages and web-based email. Furthermore, Tor can be used to research targets and weapons construction techniques without fear of being located or identied. Finally, Tors hidden services, intended to aid in countering government censorship, can be used as a digital drop box where terrorist leaders can secretly execute command and control. Tor is vulnerable to a number of attacks aimed at both denying service and degrading anonymity. DDoS attacks targeting an ORs CPU are possible due to Tors dependence on TLS. Such attacks force an OR to execute so many public key decryptions that it can no longer route messages. An additional attack, available to organizations with enough resources and reach, populates the Tor network with ORs that can be used to monitor communication habits. Although targeting specic users would be difcult given a circuits ORs are randomly selected, an attack exists wherein a malicious server can mark a users path through Tor [3]. This means if information operators can mislead Tor using cyberterrorists into becoming dependent on front company services, they can deny the service at a time critical moment like immediately before an attack and without revealing the service as a front. Tor is clearly advantageous to organizations opposing U.S. information superiority, but it can also be used by U.S. intelligence organizations. Cyber operations, either proactive or initiated in response to a hostile action or an intelligence need, require specialized tools/services like Tor to establish believable cover stories for cyberspace operations. For example, many organizations are collecting intelligence using open source web pages. Some organizations go even further and engage individuals in chat rooms. These operations often identify reliable sources capable of providing IO operators early warning of network attacks and hacker tool development. Such operations can use Tor to ensure sound operations security, 45

Alice builds a three-hop circuit and sends a message to Bob assured that OR1 is who he says he is and has done so without providing any information as to her identity or location. The above protocol creates a distinct circuit between Alice and OR1. This allows for multiple circuits to be established over the same TLS connection. Additionally, messages between Alice and OR1 can only be decrypted during the lifetime of the circuit (usually measured in minutes) and so if the circuit is destroyed (or recycled), messages can never be decrypted again. This capability is called forward secrecy. If Alice wishes to extend the circuit to OR2, she sends OR1 a message containing the address of OR2 and the rst half of the secret key exchange between Alice and OR2. This content of the message to OR1 is encrypted using OR2s public key. OR1 then establishes a TLS connection with OR2 and sends the encrypted key to OR2. OR2 responds to OR1 with the second half of the key exchange and a hash of the key. OR1 cannot determine the key because he was unable to observe the rst half of the key exchange. Next, OR1 forwards the reply from OR2 to Alice. If the message is authentic, Alice and OR2 have a set of secret symmetric keys but without OR2 knowing he is communicating with Alice. This same process is similar for OR3 and once complete forms a circuit through Tor. Next, Alice tells OR3 to open a connection to Bob. Finally, when Alice has formed a message for Bob she wraps it in layered encryption rst using OR3s secret key and concluding with OR1s. The encrypted message is then sent through the circuit, begin unwrapped as it traverses each OR until it reaches OR3 and is forwarded to Bob. Tor also allows for hidden services to be established on the Internet. This means a web server for example can be accessed without the publisher identifying readers and also without readers identifying the publishers IP address. If a user, Alice, wishes to establish a hidden service, she rst advertises a collection of ORs as contact points for users wishing to access the service. If another user, Bob, wishes to connect to the hidden service, he must rst protect his own identity by connecting to an OR that will serve as a rendezvous point (RP). Next, Bob connects to one of Alices contact points and tells her of the rendezvous point he wishes to use to connect to the hidden service. If Alice agrees to provide service to Bob, she connects to the RP. An additional advantage to this capability is

thus hiding from adversaries U.S. targets, IO techniques, and tools. To protect against DDoS attacks like the one already mentioned we are studying the use of client puzzles as a mitigation technique. Servers employing client puzzles force a requesting client, whether they are honest or malicious, to complete a puzzle before it allocates a resource. As a result, the attacker is forced to nd additional resources, i.e. more zombies, in order to degrade service. In the case of Tor, puzzles are used to keep ORs from having to complete the large number of decryption operations forced upon it during an attack. Of additional concern is the impact this defense has on latency and anonymity.


Tor was developed so individuals could hide their Internet activity from snooping governments and corporations. Given that this tool is free and the source code is available for download, it is likely that adversarial governments have added this technology to their asymmetric arsenal. On the other hand, cyberspace intelligence collection is still very much dependent on human interaction. It may not be possible to locate sources or verify their true identity, but that does not exclude them from being valuable resources to U.S. information operations.

Access to the individuals developing zero-day exploits or participating in state-sponsored operations does not occur without rst establishing trust and credibility. Oddly enough, establishing trust often requires an individual demonstrate an ability to use concealment tools like Tor. U.S. information operators, particularly those specializing in online collection, should consider Tor for future operations and if an offensive purpose cannot be identied, they should, at a minimum, acknowledge its possible use by American adversaries. Endnotes: [1] Dingledine, Roger, Nick Mathewson, and Paul Syverson. Tor: The Second-Generation Onion Router. Proceedings of the 13th USENIX Security Symposium. August 2004. [2] Microsoft IIS 4.0 / 5.0 vulnerable to directory traversal via extended unicode in url (MS00-078). Vulnerability Note VU#111677, US-CERT, October 2000. [3] Murdoch, Steven J. and George Danezis. Low-Cost Trafc Analysis of Tor. Proceedings of the 2005 IEEE Symposium on Security and Privacy. IEEE CS, May 2005. [4] The Freehaven Project, August 2005. http://freehaven. net [5] Tor: An Anonymous Internet Communication System, November 2004.


Fall 2005

A Framework for Social Network Analysis

By Michael J. Hannan, Lieutenant Commander, USN Editorial Abstract: LCDR Michael Hannan examines the Operational Net Assessment process. He draws from current literature on the ONA template and reviews the construct in order to create a truth in lending approach. LCDR Hannan attempts to identify the present limitations of ONA and provide recommendations and areas for improvement. He contends for ONA to be relevant, its level of condence must be clearly understood by the warghter.

Operational Net Assessment:

The difculty of accurate recognition constitutes one of the most serious sources of friction in war.1

- Carl von Clausewitz

perational Net Assessment (ONA) is an analytical process designed within the Department of Defense to enhance decision-making superiority for the warghting Commander. ONA plans to integrate people, processes, and tools using multiple information sources and collaborative analysis. The goal is a shared knowledge environment, with supporting information tools, for planners and decision-makers to focus capabilities. The ONA process uses collaboration technologies and subject matter expertise to transform data into actionable intelligence. Link and network analyses are harnessed to assess the adversary and his systems.2 ONA is a core competency planned for the new Standing Joint Force Headquarters (SJFHQ) concept. The SJFHQ is a team of operational planners and information specialists who form the core of a Regional Combatant Commanders Joint Task Force command structure. Using collaborative planning tools, the SJFHQ develops a pre-crisis knowledge base of the adversarys systems and capabilities for the creation of ONA. The SJFHQ becomes a repository for theater perspective and knowledge of the Commanders area of responsibility, key issues, and regional players.3 Unfortunately, doctrinal explanations of ONA focus on results (ends) to the exclusion of process (ways or means). Discussion of potential bias within information or analyst perceptions is lacking. Human nature prevents total objectivity: The process of intelligence analysis and assessment is a very personal one. There is no agreed-upon analytical schema, and the analyst must use his belief system to make assumptions and interpret information.4 As Robert Deutsch notes about American culture: Attempts at image creation are now an invasive part of our environment; some pollute and some enhance human experience.5 Whether the image created is driven by the ONA process itself, information provided by outside Agencies, or the way we apply modern technology;

limitations must be observed and understood. The level of condence in the analysis must be a core component of the end product for the warghter. We must be always wary of the hard facts of capability and the soft assumptions of intention.6

ONA and the SJFHQ: Background and Denitions The secret of a sound, satisfactory decisionhas always been that the responsible ofcial has been living with the problem before it becomes acute.7
--- President Dwight D. Eisenhower Joint Forces Command (JFCOM)s ultimate goal for ONA is to predict adversary actions as resultant effects from our own efforts. Doctrine explains this as a long-term analytical process where the SJFHQ and its ONA element delve into a Commanders prioritized regional concerns long before a crisis brews. Current literature frames ONA as interpreting signicance from an adversary through the lens of systems.8 A critical portion of ONA is System-of-Systems Analysis (SoSA), which seeks to identify, analyze, and relate the goals and objectives, organization, dependencies inter-dependencies [and] inuences of an adversary under investigation.9 The SoSA process is heavily reliant upon information provided to the ONA team by groups within and outside the U.S. Government. Non-governmental organizations (NGOs) are listed as core elements of ONA input, along with Centers of Excellence: Academic institutions, laboratories, and think tanks.10 Measurement identies causal relationships between friendly actions and enemy effects within all elements of national power: Diplomatic, Information, Military, and


Economic (DIME).11 Adversary capabilities or organizations are analyzed in six areas: Political, military, economic, social, information, and infrastructure (PMESII).12

Data Requirements for ONA We could have talked about the science of Intelligence, but the science of Intelligence is yet to be invented.13
--- Charles Allen Generating a mature ONA for a single focus area will likely entail thousands of nodes and associated relationships, tasks, and potential effects.14 Voluminous data compiled for analysis in a network construct requires sophisticated technical assistance through computer simulation modeling. Emphasis on computational analysis constrains the understanding of social and cultural nuances; however, most conceptual modeling is not suitable for crisis action planning. Transitioning data sets from a static (but robust) conceptual model to a more dynamic (and rapid) computational effort is required. The tools available now cannot handle both types of information at a delity required by ONA.15 The layers of conceptual detail gathered by human intelligence are lost. This skews true effects determination, which is the rationale for ONA within Effects Based Operations. One must not lose focus on conceptual processes when technology assists. The effort must be a concept-driven activity rather than an external datadriven activity.16 The System-of-Systems Analysis process cannot be slanted toward a single discipline. There are various examples of programs created within the last few years to enhance social network analysis (SNA).17 Simulation designers have addressed the need to plug in rule sets derived from conceptual modeling. This can be accomplished by translating conceptual-derived data into computational algorithms and programmable agents in a synthetic environment, so the conceptual model (and its social fabric information) is embedded in the procedures.18 Although this capability is assumed in doctrinal ONA publications, the technology is not yet there. Owen Cate, the Assistant Director of Security Studies Program at MIT, lauds the continuing research into SNA advances, but notes: I think its one of these cases when all the methodology, all the fancy software and all the other stuffif its garbage in, its going to be garbage out, so the question boils down to how much do we know about these groups if we dont know much about these groups, then I dont think these models will have much utility.19 While Cates statement may seem negative, his point does support the need for integrated conceptual, humanistic, and cultural knowledge applied within any SNA simulation tool.

The ONA brochure glosses over current limitations and imparts an almost infallible capability: [ONA provides] pertinent expertise and information for holistic analysis [emphasis mine] of adversaries and the potential effects operations might have on them.20 The issue remains that current technologies cannot account for behavior related to the social or political context.21 Information Operations personnel engaged in the Millennium Challenge 2002 exercise noted this shortfall: Inadequate resources existed for producing integration of cultural intelligence, psychological operations, public affairs, and civil affairs into simulation models.22 Future simulation and modeling systems must pull in these disparate variables. Dr. Kathleen Carley of Carnegie Mellon University, a leading researcher of next-generation social network systems, is also concerned: At the theoretical level, little is known about individual differences in balancing social, political, and group level concerns and goals. At the empirical level, the validity, collection, and bias issues are distinct and little is known about how to calibrate data across levels.23 The assumption that current off-the-shelf nodal analysis tools can provide complete, accurate data is simply wrong.24 Missing and erroneous information must be accounted for during application. ONA doctrine lacks discussion on information vetting processes and quality assurance measures. Understanding the limitations of data input must be addressed to shape the boundaries of resultant computations.

Understanding Data: Quality, Quantity, and Value One should never use elaborate scientic guidelines as if they were a kind of truth machine.25
--- Carl von Clausewitz In any computational model, validity of information must be calculated or weighed. Analysts must identify the data as valid for whom?26 This is especially true when calculating metrics of success. ONA doctrine labels interagency and Center of Excellence coordination as a validation metric.27 Some may argue the amount of data provided or the number of organizations involved is signicant for System of Systems Analysis. In reality, quality assurance of the information analyzed and prepared for dissemination should be a considerable part of the effort, and subsequently made part of the process. This is difcult for social network analysis. Traditional analytic tools are data greedy: Very detailed information is required to establish nodal understanding and rudimentary relationships.28 When one contemplates shifting analysis from


Fall 2005

static to dynamic networks (such as terrorist organizations or economic agents), data requirements become even more demanding. The ONA organization subsequently concentrates on quantity of input in order to keep up with the changes. Analysts must resist this desire to create the largest string of data and instead focus on information selection and quality. An effect of pushing intelligence down the road of science is the tendency to view quantiable capabilities as more accurate and also more important then qualitative intentions.29 Current network modeling xates on rapid calculations and data compilation.30 This approach establishes speed of information input as the metric of choice, leveraging the exploitation phase of the Process, Exploitation, and Dissemination (PED) intelligence cycle. While analysts may have more time to review the simulation output, the mantra of trust, but verify should be remembered. If analysis does not begin until the initial simulation runs are complete, how much error (or deception) has the product already absorbed? Some may argue the reduction of all adversary mechanisms into a network model is the most effective procedure to create rapid, computational products through social network analysis. Cognitive, conceptual analysis takes time, and narrative research does not translate into quick action. In a crisis situation, a purely qualitative approach would be detrimental, even infeasible. However, boiling down all of an adversarys relationships or organizations through a network cookie cutter can be a square-peg-in-round-hole situation. Many (particularly economic, social and political systems) may also be usefully represented other ways, for example as hierarchies/organizations, small group decision-making bodies, individuals engaged in bargaining collective action [and all] subject to social and cognitive biases.31 Black markets within an economy, illegal imports and exports, social demographics, and physical and political structural changes affect our ability to determine cause.32 This discussion is particularly relevant when a JTF is involved in Security and Stability or Flexible Deterrent Operations. During these conditions, inuence and not destruction is the prime objective. In these situations, a network model must weigh values based on social and conceptual information precisely where the Intelligence Community falls short. This is a challenge, as cultural factor weights are very difcult to shape, and they involve some level of subjectivity.33 Because ONA drives a network-mapping focus, some may argue that System-of-Systems Analysis should simply connect the dots [and] isolate the key actors who are often dened in terms of their centrality to the network.34 This approach, however, may be unacceptably austere. Nodes and ties resulting from a simulation are inuenced by the inherent biases obtained by a given sampling procedure.35 The model (or the analyst) can over- or under-sample certain types of relations, which in the output will strategically misreport specic ties and links.36

As ONA capabilities mature, they must be linked to improved social network model simulations, taking into account the dynamic, cognitive data faced throughout the spectrum of military tasks, not just higher-level war-making. Models also need to respect a signicant degree of irreducible uncertainty associated with the psychological, inter-personal, and bureaucratic processes within future US adversaries.37 Globalization, failed states, and economic changes all lead to increased uncertainty in todays world. Not only must newer generation network simulation models factor in these scenarios, but intelligence professionals must also operate under a scalable threshold of certainty for relevancy to the warghter.

Potential for Bias and Error The facts are mugged long before they reach decision-makers.38
--- Alexander Buttereld That cultural differences exist to a certain degree between military services within the Defense Department is a given; however, the differences between governmental agencies are vast, and those outside of government are even further removed. One organizations view of mission, legal denitions, and constraints may all vary from that of the Standing Joint Force Headquarters.39 This is especially true outside of government, where NGOs, academia, and think tanks (the Center of Excellence core for ONA input) become involved. Desire for independence and non-alignment may prevent certain organizations from working with the military altogether or cloud the information provided. Each agency or organization will have a specic solution space they can provide for analysis; whether that space is fully exhausted or contiguous with the question will affect the reliability of analysis.40 Value weight dissonance among different Subject Matter Experts and Centers of Excellence requires debate among the ONA analysts and the collaborative network group. Models may be laden with information intentionally misleading, inaccurate, out-of-date, and incomplete.41 Faulty assumptions become inherent and skew any displayed relationships among the proposed network and negatively affect results that will be used for decision-making. The quantity is quality factor must be eliminated: The number of experts consulted does not a fool-proof simulation make.42 Bias and analyst perceptions are factors that cannot be adjusted in any simulation modeling process. You cant just wish it away or algorithm it outta there.43

Social Network Analysis: The Limitations of Uncertainty Models are to be used, not believed.44
--- H. Theil


In order to conduct analysis to determine what-if to analyze why and how algorithms compute what they do. scenarios, we can look to social and business decision aids Identifying higher (or lower) condence values and cueing as examples. 45 System simulations have the ability to test further examination should be measurement objectives. various policies (actions and inuences) to determine effects. 46 Although Joint and Service advocates for ONA and network However, the analyst and the warghter must always understand modeling desire a tool for use now, science cannot yet support the simulation is nothing more than just a model. There are this level of capability. specic limitations, fully understood by programmers and Analysts and planners must not only be conscious of researchers, but routinely ignored or dismissed as assumptions simulation and data limitations, but also cognizant of the in ONA doctrine. level of error or model adaptability permitted. Because ONA Current applications used by government agencies in the cannot only be focused on baseline, long-term data analysis, the eld deal with traditional social systems comprised of small, construct applied must be scalable to support the Commanders bounded networks.47 There are problems when one is tasked timeline for decision. An example is what the author has termed to run analysis upon covert networks (such as a terrorist the Buttereld Scale, based on a prior study of analysis and organization) or other security and stability situations involving judgment indicators by Alexander Buttereld:52 signicant missing information. SITUATION TOLERANCE EXAMPLE The current network analysis tools do not scale well in these Peacetime Low Tolerance for error ONA baseline efforts cases, and grow exponentially Low rate of change awed due to error with increased network size. There is no graceful Tensions Medium tolerance for error Crisis build-up degradation catch within the Medium rate of change algorithms.48 The missing data can be somewhat mitigated by Wartime Friction accepted OIF Phase III increasing the amount of empirical Metric is speed of assessments knowledge used; however, that requires many specics (back to The Buttereld Scale the data greedy concept) and can be extremely difcult.49 Evaluating data in order to tailor Understanding the cognitive aspect of simulation model effects and results across a Regional Combatant Commanders input improves the capability to discern potential fault area of responsibility can be increasingly tricky. lines within the results. As the intensity of action increases, Additionally, the current DIME construct within ONA simultaneously with the desire for rapid assessments, scalability does not effectively factor other sources of U.S. national must be applied and some delity tossed over the side. power that can affect the simulation model, such as The Buttereld Scale provides a framework for ONA Special Operations Forces activities, intelligence collection, and its requisite tools to remain relevant across the spectrum humanitarian assistance, and law enforcement.50 With many from major combat to Security and Stability Operations. variable factors, one must be cautious when relying upon Analysts can generate truth in lending condence levels for the network as a template for analysis under every situation. the Commander. Promising peacetime levels of granularity and Philip Cerny touches on this premise in his theory of a growing prediction when speed of dissemination is paramount places neomedievalism among societies: the analyst in a situation of writing checks he cannot cash. Indeed, many PMESII effects require a signicant amount of As in the Middle Ages, occupational solidarity, time to materialize. Substantial Intelligence, Surveillance, and economic class, religious or ethnic group, ideological Reconnaissance planning efforts are necessary to coordinate preference, national or cosmopolitan values, loyalty the sensing of those effects.53 to or identity with family, local area, region, etc., will no longer be so easily subsumed in holistic Conclusion and Recommendations images [emphasis mine] or collective identities National identities are likely to become increasingly When I have a particular case in hand, I divorced from real legitimacy, system affect, or love to dig up the question by the roots and even instrumental loyalty.51 Maintaining accurate computations in light of ever greater qualitative change is the challenge for future social network analysis tools. Prediction is difcult and can be dangerous when presenting surmised resultant effects. Any missing data or uncertainty will degrade the prediction as holes are extrapolated throughout the model. Tools are required

hold it up and dry it before the res of the mind.54

--- Abraham Lincoln Improving ONA requires the acknowledgement of shortfalls. Bias, error, and subjectivity will always remain;


Fall 2005

therefore, future work in ONA is needed to understand limitations and provide degrees of condence. Social network analysis tools cannot be honestly sold as the sole determinant for success. Ideas, systems, and metrics are moving in the right direction, but gaps remain.55 While analysts cannot fully eliminate preconceptions and error, they can leverage effort to tamp it down.56 One must select the models that best t and ignite the white heat of analysis. Joint Forces Command, in concert with the Intelligence Community, must engage Centers of Excellence to develop more adaptive social network research capabilities. We do not yet have reliable devils advocate analytical systems, and work is needed to improve analytical tools for military decision-making and planning.57 A realistic ONA process, subsequent to a baseline of critical self-analysis and validity knowledge, must be the goal for future research at Joint Forces Command and within the developing Standing Joint Force Headquarters. Endnotes: 1 Carl von Clausewitz, On War, ed. and trans. Michael Howard and Peter Paret, indexed ed. (Princeton: Princeton University Press, 1984), 117. 2 Joint Forces Command, About Operational Net Assessment, Electronic document, available from about/fact_ona.htm; Internet, accessed 12 January 2005. 3 Joint Forces Command, About the Standing Joint Force Headquarters, Electronic document, available from http://; Internet, accessed 12 January 2005. 4 Rob Johnston, Developing a Taxonomy of Intelligence Analysis Variables, CIA Studies in Intelligence 47, no. 3 (2003), available from vol47no3/article05.html; Internet, p. 3, quoting Ephraim Kam, Surprise Attack: The Victims Perspective (Cambridge, MA: Harvard University Press, 1988), 120. 5 Robert D. Deutsch, Probing Images of Politicians and International Affairs: Creating Pictures and Stories of the Mind, Indoctrinability, Ideology, and Warfare: Evolutionary Perspectives, ed. Irenaus Eibl-Eibesfeldt and Frank K. Salter (New York: Berghahn Books, 1998), 303. 6 Alexander Butterfield, The Accuracy of Intelligence Assessment: Bias, Perception, and Judgment in Analysis and Decision (Advanced Research Project student paper, United States Naval War College, Newport, RI: 1993), 16. 7 President Dwight Eisenhower, quoted in William B. Pickett, George F. Kennan and the Origins of Eisenhowers New Look: An Oral History of Project Solarium, Princeton Institute for International and Regional Studies, monograph series, no. 1 (2004): 11. 8 Johnston, Developing a Taxonomy of Intelligence Analysis Variables, 3. 9 Joint Chiefs of Staff, Doctrinal Implications of Operational Net Assessment (ONA), Joint Warghting Center Doctrine Pamphlet 4 (Washington, DC: 24 February 2004), 5.

Joint Chiefs of Staff, Standard Operating Procedure & Tactics, Techniques and Procedures for the Standing Joint Force Headquarters (Core Element), draft version (Washington, DC: 14 July 2004), 2-8. Many of these Center of Excellence groups would not be pleased knowing they were de facto intelligence sources. 11 Joint Chiefs of Staff, Draft Standard Operating Procedure for the Standing Joint Force Headquarters, 2-5. 12 Ibid. 13 Johnston, Developing a Taxonomy of Intelligence Analysis Variables, p. 2, quoting Charles Allen, Associate Director of Central Intelligence for Collection, at a public seminar on intelligence at Harvard University, Spring 2000. Available from id+518; Internet. 14 Douglas K. Zimmerman, Understanding the Standing Joint Force Headquarters, Military Review (July-August 2004), 31. 15 Kathleen M. Carley, Estimating Vulnerabilities in Large Covert Networks (paper presented as part of the Dynamic Networks project supported by the Ofce of Naval Research, 2004), available from speakers/Carley1.pdf; Internet, pp. 2-3. 16 Johnston, Developing a Taxonomy of Intelligence Analysis Variables, p. 3, quoting J.R. Thompson, R. Hopf-Weichel, and R. Geiselman, The Cognitive Bases of Intelligence Analysis (Alexandria, VA: Army Research Institute, Research Report 1362, 1984), AD-A146, 132, 7. 17 Computer Programs for Social Network Analysis, available from; Internet; 03 November 2004. These include Apache Agora (for visual representation), daVinci (which draws ordered relations for users), the Ecosystem Network Analysis (providing quantitative methods that systematically teases most pertinent information from the full, complicated network), KeyPlayer (nodal removal analysis), and MetaSight (a SNA toolset that derives relationships via e-mail trafc). 18 Rebecca Goolsby, <GoolsbR@ONR.NAVY.MIL>, Further Research Information, [E-mail correspondence with the author], 31 January 2005. 19 Karen Roebuck, CMU Project Targets Terrorism, Pittsburgh Tribune Review, 19 June 2004; available from http://www.; Internet, p. 1. 20 Zimmerman, Understanding the Standing Joint Force Headquarters, 30. 21 Carley, Estimating Vulnerabilities in Large Covert Networks, 15. 22 Mark W. Maiers and Timothy L. Rahn, Information Operations and Millennium Challenge, Joint Forces Quarterly, no. 35 (2004): 84. 23 Carley, Estimating Vulnerabilities in Large Covert Networks, 15. 24 Rebecca Goolsby, Developing Social Science Based Applications for the Navy: Lessons from ONR (PowerPoint brieng presented to the Navy Enterprise Conference, 05 August 2004), available from


conferences/rd_partner/docs/misc/aug5/ 02goolsby.pdf; Internet, slides 9-10. 25 Clausewitz, On War, 168. 26 L. R. Gay, Educational Research: Competencies for Analysis and Application, 5th ed. (Saddle River, NJ: Prentice-Hall, 1996), 139. 27 Joint Forces Command, Interagency Working Group E-Newsletter, Electronic document, September 2004; available from ITEA/storage/558/September%2004% 20Newsletter.pdf; Internet, p. 5. 28 Ronald Breiger, Kathleen Carley, and Philippa Pattison, ed., Dynamic Social Network Modeling and Analysis: Workshop Summary and Papers (Washington, DC: National Academies Press, 2003), 4. 29 Buttereld, The Accuracy of Intelligence Assessment, 20. 30 Defense Advanced Research Projects Agency, Integrated Battle Command; available from http://www.darpa. mil/ato/solicit/IBC/faq.htm; Internet; accessed 22 January 2005. 31 Jim Miller, Operational Net Assessment: What Are the Real Challenges? Defense Adaptive Red Team Working Paper 03-1 (Arlington, VA: Hicks and Associates, Inc., 2003).


Ibid. 33 Barry Render and Ralph M. Stair, Jr., Quantitative Analysis for Management, 6th ed. (Saddle River, NJ: Prentice-Hall, 1997), 562. 34 Carley, Estimating Vulnerabilities in Large Covert Networks, 2. 35 Ibid., 13. 36 Ibid. 37 M i l l e r, O p e r a t i o n a l N e t Assessment. 38 Butterfield, The Accuracy of Intelligence Assessment, 17. 39 Rebecca Goolsby, <GoolsbR@ONR. NAVY.MIL>, Research Request, [Email correspondence with the author], 29 December 2004. 40 G o o l s b y, F u r t h e r R e s e a r c h Information, e-mail correspondence, 31 January 2005. 41 Ibid. 42 Carley, Estimating Vulnerabilities in Large Covert Networks, 3. 43 G o o l s b y, F u r t h e r R e s e a r c h Information, e-mail correspondence, 31 January 2005. 44 Henri Theil, Principles of Econometrics (New York: Wiley, 1971).


Render and Stair, Jr., Quantitative Analysis for Management, 714. 46 Ibid. 47 Carley, Estimating Vulnerabilities in Large Covert Networks, 6. 48 Ibid. 49 G o o l s b y, F u r t h e r R e s e a r c h Information, e-mail correspondence, 31 January 2005. 50 Miller, Operational Net Assessment, 7. 51 Philip G. Cerny, Terrorism and the New Security Dilemma, Naval War College Review 58, no. 1 (Winter 2005): 26-27. 52 Butterfield, The Accuracy of Intelligence Assessment, 71-75. 53 Defense Advanced Research Projects Agency, Integrated Battle Command. 54 Abraham Lincoln, quoted in Gene Griessman, The Words Lincoln Lived By (New York: Fireside, 1997), 99. 55 Breiger, Carley, and Pattison, Dynamic Social Network Modeling and Analysis, 14. 56 Butterfield, The Accuracy of Intelligence Assessment, 66. 57 G o o l s b y, F u r t h e r R e s e a r c h Information, e-mail correspondence, 31 January 2005.


Fall 2005

Thoughts on the Application of Military Theory to Information Operations and Network Centric Warfare
By Dr. Roland Heicker Deputy Research Director Swedish Defence Research Agency Editorial Abstract: Information Operations has a become integral component of planning for military forces around the world. Dr. Roland Heicker of the Swedish Defence Research Agency provides his view of network centric warfare as a holistic approach directed against a number of networks each having unique characteristics.

The move to a warfare concept based on network enabling capabilities is a truly revolutionary step. It will affect military development in many areas for many years to come. One important part of the new era is the ability to conduct Information Operations (IO). In general terms these are operations related to information in order to inuence the decision process of an adversary. The overall goal is to persuade the adversary to act in a manner that best suits your own objectives and purposes. Other important parts of IO are to gain and retain control of your opponents communication systems and networks while protecting and retaining control of your own systems. IO includes ve capabilities1: electronic warfare (EW), psychological operations (PSYOP), operation security (OPSEC), military deception and computer network operations (CNO). In order to conduct a successful operation all these capabilities should be used together in an attack or defense situation. The level of success depends on the coordination of all available resources in time and space. In a network centric warfare approach it is important to understand the opponents network structure and communication system and how they use these resources. Equally important is to understand your own network structure in terms of strengths and weaknesses. Every type of network has it own vulnerabilities in the form of vital nodes, links and platforms, regardless of whether it is a communications, organizational or biological network. If you understand your own structure as well as your opponents, the chances of effective IO increase greatly. Hence, a fruitful way to develop a methodology for IO in a network centric warfare context is to use theories based on centers of gravity (COG) and critical vulnerabilities (CV). The paper rst discusses the logic of networks in general terms and then considers different types of networks and their respective abilities to resist attacks of different kinds before drawing some conclusions.

of disciplines. Humans have always acted in a networked manner but owing to the IT revolution people have access to various kinds of information from the ether and may through this gain information superiority over an opponent. The net may also create more possibilities to act locally with global consequences. The growth of the network depends on the number of links and nodes within it. The number of combinations could be more or less innite. The advantage of the network is the ability to coordinate and muster strength against a target. The total effect should be higher than using single, unconnected nodes. For instance, it is not a coincidence that the terror organization alQaida organizes itself in a loose network of networks. Within the network structure it is possible to reroute information, services, people and equipment depending on the situation. There are four different categories of networks2; hierarchical, centralized and decentralized as well as distributed. All of them have their own advantages, strengths and weaknesses in relation to the needs of coordination, security and function and these are further discussed in Table 1.

Center of gravity and critical vulnerability in different types of networks

Center of gravity (COG) is a basic term used in military theory. For many years a number of theorists have put a lot of effort into understand the concept and its consequences. Clausewitz was the rst person to discuss the concept. His theory is that a COG is some kind of a central point of force and speed for a state that everything should be related to3. Strange et al4 on the other hand, say that a central point is related to the force of an enemy. The characteristic of that type of force is either physical or moral and may exist at a strategic, operative and tactical level. In NATO doctrine5 COG is dened as a capability or place where a nation, an alliance, a military force or other type of grouping set their standards for freedom of action, physical strength and willingness to ght. Echevarria6 uses a somewhat different denition. He proposes that a COG is not strength as Strange et al propose or a quality as in the NATO denition but a centripetal force that glues an enemys different systems together. By taking a holistic approach in order to study the factors that bind the parts together it is possible to nd the centre of gravity of the enemy. Warden7 takes a similar approach. He argues that an enemy should be studied as a system that is built up from a number of interrelated parts. The basic component of the

The logic of networks

The basis of all modern warfare concepts is the network. The network concept is built on the idea that it is possible to interconnect and cluster minor parts into subsystems and whole structures into a net of networks. It comprises not only platforms, nodes and links in a technical sense but could also include social interactions between individuals, groups of people and organizations. The term is used in a wide range 24

Fall 2005

system is energy of different when planning to attack centers the understanding that there are a kinds: physical energies (people, of gravity. In this paper both buildings, communications and number of critical points is also the rst terms are used in combination weapons) as well as psychological and related to different types of energies (will power, capability step to carry out an effective operation networks as shown in table 1. and capacity). If it is possible When discussing different against them. If several COGs are to inuence the ow of energy kinds of structures it is important in a specic direction by hitting attacked at same time in parallel, the best to point out that a mega network certain parts, the whole system could contain both distributed effect should be achieved. will be affected. He also points out and decentralized networks as that within a system that is built up of a number of nodes and well as centralized and decentralized ones. In some cases the links (e.g. relations between units in a network), there should growth of a network is uncontrolled or organic and the form be only a small number of nodes and links that are critical for it ends up in the long term is not necessary predictable. The the system as whole. best example of this is the Internet. In theory, if it is possible to identify the nodes with most Furthermore, ad-hoc network structures are used for links you have also identied the critical points. Some military networks that are constantly recongured according to situation theorists argue that there is not one single COG in a system but and needs. They can have all of the above mentioned structures. many that can exist simultaneously. Hence, the understanding If an activity requires a certain type of structure the ad-hoc that there are a number of critical points is also the rst step to network wakes up and in similar way closes down when carry out an effective operation against them. If several COGs the tasks are fullled. This will of course affect the overall are attacked at same time in parallel, the best effect should robustness and vulnerability of the network. In general terms be achieved. By using all resources together, the possibility the two most secure types of networks are the decentralized of achieving a system change should increase dramatically and distributed ones. But as shown they also have their critical and in the longer term it may lead to a total collapse of the points that may form the target for an information operation. enemy structure. Times, co-ordination of resources and good Conclusion preparatory work are consequently vital factors that determine The transformation into a world based on communication if the operation will succeed or not. Warden also points out the importance of not mixing the term COG with critical and information, leads to IO becoming more important than vulnerabilities (CV). The rst exist because they are essential ever. Thus, there is a need to develop new methodologies for to the existence of the whole system, the latter are interesting successful IO, taking account of the change towards network

Table 1: COG, Vulnerabilities and robustness in different network structures

Type of Network Hierarchical General Description Well defined command & control structure. Clear chain of command with good ability to execute orders at a rapid pace. Vulnerabilities and COG The structure lacks exibility. Hierarchical networks could be attacked using a top-down approach, e.g. using traditional C2 warfare. Similarly such networks are also time critical in the sense that it is possible to cause strategic consequences by disrupting levels of command and/or the central node. It is also possible to achieve tactical advantages through inuencing sensors in the chain. The information ow could also be manipulated at sensor level. In a centralized network all sub A centralized type of network nodes are under command of the is not very flexible but with central node which simplies C2 delegation some agility can be activities. achieved. The central mode is vulnerable. If it is choked or saturated it will affect the total network. It acts as a bottle neck through which all information has to pass. There is always some restriction in the information ow because all the information has to be approved by the main node. Robustness Generally hierarchical networks are quite robust against internal fuzzes such as mutiny at lower levels. Due to their structure, it is possible to separate different levels from each other and through this control them.


Centralized structure should be attacked in a similar way to hierarchical structures, e.g. try to hit the central node as well as to deceive the sensors at the extreme points of the network.



Decentralized networks consists of a number of interconnected centralized sub-networks. All local nodes/sub networks are independent of the others and the central node.

In this type of network both the main node and the sub-networks central nodes are vulnerable to attacks.


A distributed network lacks hierarchy in a traditional sense. Hence, all information should be received all nodes in the network. In a distributed network information could be rerouted between nodes. If some part of the network is knocked out other parts could execute the tasks. An advantage is that it is possible to use the whole network as a common resource for a combined and coordinated attack.

A possible vulnerability is related to an unclear command and control function. A distributed network is also sensitive to rumors and misleading information due to the fact that all nodes are interconnected to each others. In the same way it is also robust. It is always possible to get a second opinion in order to verify the truth of the information. A problem is that information should be given all nodes more or less in real time, which opens the network to saturation attacks. The amount of signaling that is required in order to coordinate all parts of the network can be very signicant.

A distributed control mechanism gives greater power to the edge, in this case the sub-networks. The structure it is relatively robust against saturation attacks on a tactical level. Through delegation the analysing/executing capacity could be carried out in lower levels of command. If the capacity of the central node is reduced the network could reorganize itself and every subnetwork could continue their respective activities. It is possible to short-circuit those parts of network that are under attack and retain the ability to act. Because all nodes are more or less interconnected the prerequisite for combined attacks and protection is good. Effective and fast routing of information gives an advantage. Due to its structure the network has in-built redundancy. This is the most robust network against physical attack but may be the most vulnerable to deception or saturation attacks.

enabling warfare capabilities. A fruitful way forward is to use theories based on center of gravity and critical vulnerabilities. Regardless of structure all networks have their own weakness and strength and by knowing your enemys as well as your own you can obtain advantages that may be decisive in an eventual conict. Endnotes: 1 Lamb, C (2005) Information Operation as a core competence. JFQ-article: issue thirty six 2 Baran, P. (1964). On distributed communications. Introduction to distributed communications networks. Santa Monica, USA: RAND Memorandum RM 3420PR 3 Clausewitz, C-V (1832). On War. Swedish translation by Mrtensson, Bhme och Johansson (1991). Stockholm, Sweden: Bonnier Fakta Bokfrlag 4 Strange, J, Iron R. (2001). Understanding Centres of Gravity and Critical Vulnerabilities. Research paper. 5 NATO (2003). Guidelines for operational planning 6 Echevarria A, J. (2003). Clausewitzs center of gravity its not what we thought. Naval War College Review. Vol. LVI, No1. 7 Warden, J (2004). Centers of gravity in military

operations. Preliminary draft. Royal Swedish Defence College 8 In Wardens argument there is a clear connection to manoeuvre warfare theory: to get inside the adversaries decision cycles (OODA- loop) and through this to achieve a system collapse.


Fall 2005