You are on page 1of 34

Lieutenant General William B.

Caldwell IV On New Media in Military Operations


An Interview with Commander of the US Armys Combined Arms Center and Fort Leavenworth Kansas

Editors Note: This interview was conducted by the editor of IO Sphere with LTG Caldwell via email exchange. Mr. Anton Menning assisted with the completion of the interview. Mr. Menning is a member of LTG Caldwells staff and co-authors numorus articles with him. We sincerely thank both of them. IO Sphere Editor: Sir, at IO Sphere we consider your documented views, insights, and leadership on emerging information technologies to be at the cutting edge of operational thinking. I want to first thank you for your time and for sharing your thoughts with the readers of IO Sphere. LTG Caldwell: Its a pleasure to engage with IO Sphere. As you are no doubt aware, todays operational environment is very dynamic. The U.S. Army must adapt to that environment. Some traditional means of communication have become less relevant, and the rise of Web 2.0 confronts us with a fresh set of challenges and opportunities. IO Sphere Editor: Sir, it is well known that you have strong views on emerging information technologies, including blogs, personal video sharing sites such as youtube and social networking media like Facebook and Twitter. You have already referred to these New Media technologies and capabilities as Web 2.0. Many military leaders express varying degrees of concern over these technologies and their application. What are your views? Should we ignore the promise and surrender to our misgivings or should we embrace these technologies and adapt them to our advantage as we confront the future? LTG Caldwell: Web 2.0, or social media, provides unique opportunities for interaction. One-way communication models are horseand-buggy. People around the world are now both consumers and contributors. The open-ended and even democratic nature of the new media allows users to bypass traditional gatekeepers such as editors and producers. The capacity for bypass also allows users of new media to set agendas and to construct online communities.

For these reasons and more, it is vital for the U.S. military to actively engage in these spheres. Our adversaries are adept at doing just that for their own purposes. Why should we cede the high ground by ignoring or shortchanging the new media? Many of our senior leaders may be digital migrants, but it is important to remember that our young Soldiers are digital natives. They instinctively embrace the world of Web 2.0. In more ways than ever before, the new media can tell our Armys story to the American people. Even in a season of economic downturn, when business woes dominate the conventional news cycle, the new media allows us to continue informing the American people about the tremendous service and sacrifices of our Soldiers and their families. .IO Sphere Editor: Some senior US and allied military leaders are concerned about the operational security implications of new media technology and the possibility of disclosure of both classified and unclassified critical information to adversaries. As a supporter of the use of new media, how do you address these concerns?

Lieutenant General William B. Caldwell IV

24

Summer 2009

LTG Caldwell: Operational security is an enduring concern for military operations. However, we cannot take counsel of our fears at the expense of new media applications. As always, we must strike a balance between caution and engagement. As new technologies continue to emerge, there will be even more challenges to the risk/benefit balance. If we surrender to our fears, we surrender a big chunk of the high media ground. Commanders accept risk in any operation. We are not talking about rejection of risk, but rather about the parameters of the risk, were willing to accept. With the emphasis, senior leaders are placing on Web 2.0, I remain confident the Army will find the proper balance. IO Sphere Editor: Many of your views about new media center on the Strategic Communications value inherent in the new media technologies.

Do you think there is a downside to these technologies to the extent that they involve tradeoffs of traditional control in favor of engagement and of traditional media in favor of untested and less reliable media? LTG Caldwell: Change is a constant in life. We must embrace in fact consider it an opportunity if we are to be effective leaders. The contemporary evolution of the news industry is simply a fact we need to adjust to. By actively engaging the new media, we are availing ourselves of more opportunities than ever to tell the Armys story. Last year, a Pew Poll revealed that the ongoing conflicts in Iraq and Afghanistan failed to make the top 15 news stories of the year. Even if only a snapshot, such results demonstrate an important disconnect between the American public and the life-or-death concerns of those who serve in uniform. New media can help us bridge this gap.

The American people can now digest our story without a filter. IO Sphere Editor: In the May-June issue of Military Review Mr. Dennis Murphy, Mr. Anton Menning, and you co-authored an article titled, Learning to Leverage New Media. To buttress your thesis on the importance of the new media, you referred to recent Israeli military operations in Lebanon and Gaza as examples of both good and bad use of new media. What do you think about reporting on the recent demonstrations in Iran over disputed election results as still another and more recent example of new medias reach? LTG Caldwell: The new media definitely held their ground, and with an impressive degree of power. We are learning that it has become almost impossible to stop the flow of information from a given country, especially if the population is

Iraqi officer using computer as part of an advanced computing class Source: defenseimagery.mil

25

US Marine Using Tactical Computer in Kwaitt Source: defenseimagery.mil

technically adept. Even as traditional media was largely shut out, new media emerged to inform the world of events in near real time. Beyond Iran, look at the recent events in Moldova Twitter is showing just how dynamic it is because of its ability to function across multiple platforms. We are witnessing a democratic revolution in how information is disseminated. As senior leaders, we must be familiar with new media and be aware of how it can shape and affect operations. However, there is no such thing as the proverbial free ride. We must know how to utilize new media, and we must understand its capabilities and limitations. IO Sphere Editor: As the commander of the Combined Arms Center at Fort Leavenworth Kansas you play a very important role in the education of future military leaders. What ideas or focus areas have you recently instituted to stress the importance of these technologies and their effective employment in the contemporary operational environment? LTG Caldwell: One of our biggest programs requires all students who attend the U.S. Army Command and General Staff College to blog as a requirement for graduation. They must also complete three other outreach requirements, including writing an article for publication and submitting it, participating in a news interview (print, radio, television) and undertaking some

sort of public engagement, for example formally addressing an audience. These requirements serve to educate our future leaders and to ensure they are comfortable telling the Army story. To facilitate blogging, we founded a blog library that now has more than 40 blogs and 100,000 visits per month. It is utilized by many of our subordinate organizations to solicit feedback on public events, to disseminate information about upcoming opportunities here at CAC, and engage a broader audience on a variety of issues ranging from training for full spectrum operations to helping Soldiers stay safe when riding motorcycles. In fact, COL Mark McKnight, the commander of Battle Command Training Program a sort of virtual Combat Training Center wrote a letter that was published in the August issue of Army Magazine where he described the benefits of using blogging as an organization. He said the value of openly sharing best practices and how-tos in a transparent manner, within the constraints of operational security, helps the public understand an element of the Combined Arms Center and therefore, our Army. Another of our subordinate organizations, the Information Operations Proponent, trains FA30s or Information Operations specialists. Within its curriculum, instructors teach students the basics of Web 2.0 with the understanding those specialists

26

Summer 2009

will often advise their superiors on the nuances of social media. An additional part of the curriculum requires the students to write a paper discussing the pros and cons of allowing Soldiers access to social media sites. They are also instructed about how adversaries use social media to influence the American public. Beyond blogging, we started a CAC YouTube page, a Twitter site and a Facebook page. The challenge we face with much of this activity is resourcing it while simultaneously establishing sound operating procedures. I suspect many organizations across the Department of Defense are working through some of these same issues. Our use of new media does not stop with what Ive already mentioned. CACTraining established the Army Training Network earlier this spring. Instead of publishing a companion manual to our capstone-training manual, weve made the process virtual. Through ATN, trainers throughout the Army learn best training practices across a wide field of specialties. Any Soldier or civilian with a common access card can update the site with their specific insights. The site even features a wiki that is self updated and policed by our community of users. Finally, on July 2nd, we began a pilot program that converted seven field manuals into a wiki format that will

make them living, breathing documents under the rubric of Army Tactics, Techniques and Procedures, or ATTP. We plan to eventually convert more than 200 field manuals into wikis. By using a wiki, we can ensure that the lessons learned in the field are rapidly assimilated and disseminated to the operational force. Moreover, wikis allow for enhanced collaboration across the entire Army, including its civilian work force. After 90 days, we will assess the pilot program and determine a course for the way ahead with this project. IO Sphere Editor: How do you consider the knowledge of these technologies and the ability to employ them in operations? Can effectiveness in their utilization be equated with effectively operating in the field or employing a weapon system? LTG Caldwell: Absolutely. Soldiers today require core competencies that embrace the full spectrum of operations from peacekeeping to the employment of kinetic means. Whatever the situation, we know that future operations will be conducted among the people. The ability to communicate across a wide variety of platforms will remain central to reaching various audiences for various reasons. We must never cede either the ground on which we choose to engage or the means.

IO Sphere Editor: Sir, thank you for your time and your leadership on this subject. At IO Sphere, we strive to challenge our readership to think about and create solutions to many difficult and controversial subjects in Information Operations. Your views and leadership on the use of new media in military operations are an important addition to the dialogue and we appreciate it very much. LTG Caldwell: Thank you for this opportunity. I have enjoyed the opportunity to engage on such important subjects.
For More Information on LTG Caldwell Log on to:www.leavenworth.army.mil or http://usacac.army.mi/blog For a youtube message on blogging search youtube with-LTG Caldwell and 2008 Milblogging Conference.

Lieutenant General William B. Caldwell, IV is the Commanding General of the US Army Combined Arms Center and Fort Leavenworth Kansas. He is also the Commandant of the US Army Command and General Staff College and the Director of the Joint Center for International Security Assistance. He also serves as the Deputy Commanding General for the US Army Training and Doctrine Command. He is a graduate of the US Military Academy and West Point and has served 33 years in the US Army.

Soldier from Denmark During NATO Exercise Combined Endeavor Source: defenseimagery.mil

27

The Commander of US Strategic Command Opening Remarks at the USSTRATCOM and Armed Forces Electronics Associations 2009 Cyber Symposium
Editors Note: The inaguaral USSTRATCOM and Armed Forces Electronics Association International (AFCEA) cyberspace symposuim was held in Omaha Nebraska from 7-8 April 2009. Below is the text of General Chiltons Opening Remarks. These remarks are largely unedited.

General Kevin P. Chilton on Cyberspace

ts great having the Lieutenant Governor here. Mr. Schneider (President and CEO, AFCEA International), what a great partnership with AFCEA. Thank you for being here. I want to recognize Lieutenant General John [Dubia], whos worked so closely with the STRATCOM staff to make this historic first Cyberspace Symposium here in Omaha hosted by US Strategic Command and AFCEA what it is already, which is a resounding success with this outstanding turnout here. Flag officers from all around the world are here. Military members from every staff of every combatant command, from every service are present here today. We have friends and allies here from around the world that are participating. Great community sponsorship and support from the local community. And of course our industry partners from the great contract community that is so vital to this mission set are also here today, along with our STRATCOM men and women. Thank you all for coming and being a part of this conference today. These are indeed exciting times at US Strategic Command, and in fact exciting times in US history. Particularly when we start thinking about whats going on in cyberspace. So whats the origin of this first ever conference here at STRATCOM in Omaha? Quite frankly, it goes back to the videotape [shown] here. When I arrived back in 2007 and we started, focusing on what was most important day in and day out in the command, and those are, as demonstrated in the tape, our three lines of operations. Of those three, certainly a mission set of deterrence is one that we well understand and have been involved in for many years in this command. Although I would point out its going to be a new game and it is a new game in the 21st Century, obviously, as compared to the Cold War. Space, weve been working that line of operation for quite a long time as well. Certainly the least mature of our lines of operations and arguably one of the most important is the line of operation in cyberspace. When you look at what the President of the United States has asked US Strategic Command to do -- to direct the operations every day of the Global Information Grid that supports our combatant commands and services all around the world every day, to operate it, to defend it, both in peacetime

General Kevin P. Chilton Source: IO Sphere Staff Photographer

and at war; to be prepared to plan and when directed conduct offensive operations through this medium for this domain; to synchronize operations between combatant commanders in the regions and across the globe; and to be the principal advocate for the capabilities and needs for the warfighters in this domain -- it made perfect sense to bring you all together here in Omaha to help us get our heads around this great mission set that weve been given, this daunting mission set weve been given. Ill tell you what, we know we dont have all the answers, and often times dont even know what the right questions are to ask. Thats why its so important, if I could echo Mr. Schneider, for you to be a participant in this conference and not just a note taker. Im going to encourage controversy here. I want to hear both sides of the arguments. And if there are three sides I want to hear the third side as well. I want you to challenge the speakers, challenge the panels, be involved. Theres a lot we can learn and theres a lot we must learn. Youve heard in the film, and youve heard Kevin Williams (GISC Director) talk about cyberspace as a domain. Thats the way I think about it. In fact I try to break things down pretty simply for myself, just so I can get my head around it. We have the air domain, we have the land domain, we have the maritime domain, we have the space domain, and we have the cyberspace domain. The first three can be pretty much defined by geography

Summer 2009

or range of operation. The last two are absolutely global in nature. In fact they are agnostic to the artificial lines that we may draw on a map. They can care less about the location of continents and oceans. Space and cyberspace are crosscutting domains, but theyre every bit as much like air, land and sea -- warfighting domains, domains that we can expect to be challenged in, domains that we need to and depend on to conduct full military operations as well as commerce that supports the economy. They demand freedom of action, each one of those domains, and so does cyberspace. For the seas, the maritime domain, demands freedom of action for commerce and in wartime for logistic resupply and movement of troops and ammunition and equipment forward to far-off theaters. The global cyberspace domain is how we move information. Its how we move

orders. Its how we move thought. We need that to be secure and available to us to freely operate in, both in peacetime and at war. Id like to give a little perspective on where I feel like we are in this great venture of taking on the mission set in cyberspace. Im going to flash back, use my time in the military and set it back in the same period of time or the same length of time back in history. Ive been in the Air Force, commissioned for 33 years now, so Im going to take us back to 1893 and Im going to commission 2nd Lieutenant Chilton, graduating from the US Military Academy at West Point where I probably spent a lot of time studying land warfare. I probably spent a lot of time studying lessons learned from the Civil War and increased firepower and the power of defensive positions versus frontal assault. I probably learned

a few things about what happened to Custer in 1876 and operations in the west. I probably didnt think or was not educated one iota about the thoughts of how one might use a new domain for warfare called air beyond maybe balloons for artillery spotting. 1893. Why did I pick that year? Because 10 years later, in 1903, the Wright Brothers flew. Suddenly there was a new domain available. It was nascent, but it was there. And 33 years later, after being commissioned 2nd Lieutenant Chilton found himself in 1926. And not only had they had added manned flight to that thought in that domain in World War I, he was thinking about how he was going to fight the next fight in that domain and how important it was to protect that domain, and the growing importance of that domain to commerce and freedom and transportation and the development of this country.

Senior Leader Panel Discussion at the Cyberspace Symposium Source: IO Sphere Staff Photographer

to 256K. [Laughter]. Thats the computer we still use today to go to and from orbit in the space shuttle -- 256K. The pace of change in this domain has been absolutely outstanding. If I could continue on with the airplane metaphor and take us back to World War I, I think there may be some analogies there as well. In the early days of World War I the German aviators would be up and the French aviators would be up on the other side of the line, and really they were kind of looked at as noncombatants. Mostly what they were doing was observing or spying, collecting information from that domain. They were even known on occasion to pass close enough to see each other in cockpits and wave to each other as they went by -- a rather gentlemanly approach to this new domain. We were enemies, they said, but we should not forget the civilities. Now theres a legend told about one fateful day when a German and French pilot passed each other, and the German pilot must have had a bad morning because he shook his fist at the French pilot as he went by, as the Frenchman said in a rather blustery and caddish way. Well, the next day when the German approached he hurled some sort of missile at the French pilot as he rode by, and the French pilot was so incensed that he dove at the enemy, and I love this part, drew a small flask of port wine from his pocket -- [Laughter] -- and bounced it off the exhaust manifold of his boorish antagonist. I love it. Flying with a bottle of wine. [Laughter].
Cyber Symposium Vendor and Organization Display Area Source: IO Sphere Staff Photographer

In 1976 when I entered the Air Force as a commissioned Air Force officer I was one year past having turned in my slide rule and buying my first HP-35 handheld calculator for $275. [Laughter]. The concept of a laptop or a desktop computer was not taught at the Air Force Academy when I was there. Yet 10 years later, in 1986, when I arrived at NASA someone came in and put this thing on my credenza, moved my files out of the way and moved some books out of the way and set this screen on my credenza and a keyboard and shoved something under my desk and said here is your computer. It was a Wright Brothers moment, if you will, in cyberspace for me. [Laughter]. Now, 33 years later, in 2009, I am dependent on cyberspace. Im dependent on it in my personal life. This countrys dependent on it for commerce and its economy. And warfighters around the world are dependent on it to conduct operations not just in cyberspace, but in every other domain. Thirty-three years this happened. Faster than the revolution of flight. Just think about it. In 1981 there was this really bright young man named Bill Gates who said you know, I think 640K of memory is about enough for anybody to use. I cant imagine ever needing more than that. Bill Gates, 1981. Talk about change. In 1991, I remember in NASA we upgraded the space shuttle main computer. We doubled its computing capacity from 128K

As the legend goes, that marked the end of courtesy in the air domain and the beginning of hostilities. What followed, though, was a dramatic change in three areas, in my view. There was a change in culture, in the warfighting culture, and how we thought about using this new domain. There was a change in conduct, in rules of engagement, on how we valued and treated this new domain of air. And there was a dramatic and measurable change in the capabilities and the treasure we would invest to develop those capabilities in this domain. We have moved past the civilities in the cyber domain. US forces and those of our adversaries now rely heavily on their computer networks for command and control, for intelligence, for planning, for communications, for conducting operations. But these architectures are vulnerable. In fact for more than 15 years the US government and DoD networks have come under increasing pressure to attacks and probes from adversaries, as diverse as nation states, to the disgruntled individual or bored teenage hacker. And while we have detected illicit activity on our networks for more than 15 years and employ resources to offer a comprehensive multi-disciplinary approach to protecting our networks, we need to do more. All of us, all of us -- me included -- are making it too easy for our adversaries to exploit our networks today. Like the World War I aviators we need a change in our culture, our conduct, and in our capabilities if were going to advance the state of art and provide the protection and freedom of action we need in this domain. Let me begin first with culture.

Summer 2009

Cyberspace really grew up as a confluence of technologies that evolved in todays globally connected networks. In fact I reflected on my experience at NASA, I remember after they put that computer on my desk I successfully ignored it for about a month. Id have to dust it on occasion and I would gripe about it being in the way of my in-box on occasion, but inevitably one day I missed a meeting. I asked the person who had organized the meeting, I said why didnt you tell me the meeting was happening? They said well, I sent you an electronic message. I said why didnt you just call me? Why didnt you just holler at me? We shared a desk in the same office. This person had moved on and I had not begun the cultural shift into cyberspace. And in fact what happened then, in my view, is the culture that we developed because of the way it grew was one of cyberspace as a convenience. It wasnt

convenient for this person to call me, and they couldnt be interrupted long enough or thought I was too busy to be interrupted as I worked at my desk so they sent me an electronic message. We didnt call them e-mails in those days. Think about it. When there was a problem with your computer, who did you call? The smart young technician, the information assurance person that works in your office. Or do you call the J6 or the A6, N6, G6, and say get down here and fix my darn computer -- its not working. And they did. And they do. And they come and fix those machines. And we developed this culture, in my view, that the cyber domain, the computers on our desks are there just for convenience. They are not part of a warfighting domain. But in fact, they are. And they are not just J6 problems. It is commanders business.

And this is a cultural shift that we must make. We must think about this domain and the tools in this domain and the readiness of this domain as commanders, as essential to successful operations. When I was a wing commander of the U-2 (Beale AFB, CA) I reviewed the maintenance statistics on my airplanes every day. Why? Because I couldnt fly them if they werent maintained properly and if they werent prepared to operate. We need to review the maintenance statistics and the readiness of our cyber networks -- were commanders and we depend on them -- and I challenge anyone to claim theyre not -- every day. Thats a mindset change. Its not a convenience any more, its a dependency. We need to recognize that we need this domain and we need these systems to conduct our fight today and tomorrow. We need to recognize that we

US STRATCOM and AFCEA Cyberspace Symposium Entrance Source: IO Sphere Staff Photographer

can fight in this domain just as an air-to-air fighter can fight in the air domain; and we can fight through this domain and affect other domains just as an airplane can drop a bomb on a land domain and create affects across a domain. And as commanders we must appreciate the vulnerability of this domain, not just its importance. We have to transition from a culture of convenience to a culture of responsibility. We must recognize vulnerability -- the vulnerability that one system can create here on the other side of the world, not just locally. Every Soldier, Sailor, Airman, Marine in the military is on the front line of cyber warfare every day. If you think about the guards who guard your bases, who stand there at the gate and make sure only the right people come in and keep the wrong people out -- thats everybody who has a computer on their desk in these domains today. They are part of the front line of defense and in fact theyre engaged in cyber operations that matter every day, whether they know it or not. Changing this culture is absolutely important and its going to take, I believe, the longest period of time. Conduct. How do we conduct ourselves? If you look at every other domain and every other system, one of the first principles, one of the first things we focus on is our people and their training. Correct? Land warfare, sea warfare, air warfare, special operations. We think about the training of our people because we know, tools aside, thats our leverage point in any conflict.

Im required to train on cyberspace security by my service, by my command, every year. I get a little thing that blinks up on my computer that says you are due for information assurance training, General Chilton. Get it done by this date. Once a year. Once a year! And I get to read and study year-old adversary tactics, techniques and procedures against an adversary whos changing those every day. Perhaps every hour. Were not training right. We need to adjust that. Inspections. As the commander of an aircraft wing I expect my higher headquarters to come down and give me an annual operational readiness inspection to make sure I can do the mission Ive been given. So what did I pay attention to in the way of that machine? I paid attention to maintenance, logistics, the readiness of my air crews, their ability to fly the mission and do the job and get back. What didnt I pay attention to? The cyberspace tools that I needed to get them off the ground. Where are all the tech orders now that our people use to maintain our airplanes? Are they on paper any more? Are they on classified networks? No, theyre on unclassified networks and theyre on laptop computers or handheld devices that are vulnerable. Change the tech orders on your maintenance manuals on the flight line and watch what happens. Is cyberspace essential to operations today? Should we be inspecting the readiness of every organization that relies on cyberspace to conduct their operations? Should commanders care about that? Should they be graded about that? I believe they should.

Cyberspace Symposium Conference Room Source: IO Sphere Staff Photographer

10

Summer 2009

When an airplane crashes, when a ship runs aground, if a tank goes off the road and rolls inverted in a ditch, whats one of the very first thing commanders do? They stand up an investigation board, a mishap board, because they want to get to the root cause, they want to fix the root cause. They study that, they take lessons learned, they promulgate it through training, and they make sure the force learns from those mistakes or learns from those tragedies. Then they also go down and find out why it happened and if there was any culpability involved in that. Do we do that today in cyberspace? Do we have the tools to hold people accountable for not following rules and regulations? We do. We do. Its called the UCMJ. Weve got all the authority we need to do that, but we cant get this backwards. We cant hold people accountable if we havent properly trained and equipped them. We need to do that. Properly train, properly equip, properly educate, conduct mishap investigations when they happen, and then hold people ultimately accountable for their behavior. There are lots of violations that occur today in cyberspace and on our military networks. It happens today. People think the rules dont apply to them, for whatever reason. Operational necessity is viewed in their minds, laziness, whatever. But Ill tell you what, when we do that there are adversaries out there who are today taking advantage of that misbehavior and that lack of discipline. Another point on conduct. When we think about how were going to conduct operations and ensure the defense of the network. This is anathema to many many folks. Its the concept of centralized command and decentralized control. Its absolutely necessary in my view in this global domain that requires people to be compliant, requires hardware to be upgraded quickly, and requires defensive systems that are going to operate and work properly. When I asked last year how many SIPRNET and NIPRNET machines were on the DoD network it took over 45 days

to get the answer. Im not sure I got the right answer after 45 days, ladies and gentlemen. Now if I asked General Casey how many M-16s there were in the Army he could tell me, Ill bet, within 48 hours. I know Chief Schwartz could tell you how many M-9s there are in the Air Force because every one of them is signed in and signed out; theres 100 percent accountability for those weapons, that if we lose control of might be used to hurt somebody within the ballistic range of that weapon. And yet we have computers out there that we dont know the configuration of, we dont know the location of, we dont know whos on them, who if misused can affect operations on the other side of the world, not just in the room youre sitting in. Culture change, conduct change, and the way we address this. I shouldnt have to ask how many computers are out there. We should know and we have the technology today. We need to deploy it so that we know every day whats on our network, whats plugged in, what its configuration is. Does it have the latest anti-virus injected in it and updated in it? Have the latest orders gone out? Hows our training? Et cetera. That should be machine to machine and it should be automated. We can do it. We need to get on with it. Changes to culture, conduct, capabilities. Our people need better tools out there today, particularly at the command and control level, at the operational level of war, at JTF GNO, at JFCCNW, our operational component commanders who operate, defend and do the missions in this domain. They need the tools that allow them to better manage the operation of and the defense of this network at network speeds. As long as were depending on the human element, which we can never forget, but as long as thats our principal dependence is on the human element and we operate at human speeds we will be outside the turning circle of our adversary. We need to operate at machine to machine speeds. We need to operate as near to real time as we can in this

domain. We need to be able to push software upgrades automatically. AOL does that on my home computer, why cant we? We need to have our computers scanned remotely with the last anti-virus software. We need the host base security system deployed this year, not five years from now when we can afford it, because we can ill afford not to have these technologies available for us today. We need common operating pictures, just like commanders in every other domain demand. Today if you look at our common operating picture in cyberspace, as General Polletts command and control center, you will find places in the United States of America that are black holes. Black holes. Why? Because we dont know whats going on there. And you know whats around those black holes typically? The fences of one of our military installations, because we have put up artificial barriers to keep the centralized command and control authority -- the mission assigned by the President to operate and defend, outside our perimeter. They say its my network. No, its not. And a vulnerability in your network is a vulnerability to the entire GIG. This concept of centralized command and control, decentralized execution I believe is absolutely necessary for our operations in this command. But you know, at the end of the day I believe we ultimately have to be even faster than network speed if were going to defend this network appropriately. How do you do that? Im not defying the laws of physics here. You do it by focused high-tech intelligence. You do it by focused high-tech intelligence, focused all-source intelligence, that tries to get you out and anticipate threats before they arrive. You have to be able to anticipate them and when you can preempt those threats and preempt those attacks before they arrive at your base, post, camp or station, or at your laptop on your desk. Finally, what we need in the capabilities area is more people. More people dedicated and focused in this mission area. The services are great at organizing,

11

training and equipping air, land, sea and space domain forces. We need to move forward in organizing, training and equipping cyber forces to conduct these critical operations for the Department of Defense. Ladies and gentlemen, today as you heard the Lieutenant Governor say, leaders in government, business and academia have moved from ruminating about threats in cyberspace to treating them as real and present dangers. We know we must make this transition. We have seen government networks probed in the past, and I firmly believe these intrusions will only continue to increase as we move forward. The cost has been in the hundreds of millions of dollars. We do a poor job of quantifying it, but they are real dollars and real costs. The cost has been in lost and exploited information that can be used against us in future conflicts to interdict our operations, to inhibit our operations, or put us in a position to be less effective in the other domains as well as in cyberspace. Our challenge will be to prevent attacks on our networks and cross-domain servers by coming through our networks. Our challenge will be to find ways to interdict attacks when theyve been launched. And when they are successful our challenge will be to make the adversary stop the attack. I think the most difficult challenge that we have today will be the challenge of continuing to operate our networks when we come under attack. Think about any other domain. I think about my training in the Air Force. When we went to Condition 4 at the base incoming ballistic missiles with chem/bio gear, chem/bio attack potential. Yeah, we got it for the initial explosion, but then we went out into that hostile environment with our MOPP gear on and we fixed airplanes and we loaded airplanes and we got in airplanes, we took off and flew, we conducted operations in a hostile environment. Thats what cyberspace is going to be, and the hardest thing is going to be to fight through attacks in the future and ensure that the domain continues to operate in at least an adequate fashion so we can continue operations in every other warfighting domain. Ladies and gentlemen, this conference I believe provides a unique opportunity for all of us to get at the latest cutting edge ideas from a cross section of cyberspace stakeholders. From the technologists to the warfighters to the operators to the intelligence community to the wire pullers to folks in other domains who dont think much about cyber day in and day out but understand and know in the back of their minds they are dependent on this domain. You all are here today and we have a great opportunity as we move forward for the next couple of days to share ideas and challenge paradigms and look for the problems we need to solve and the potential solutions to solve them as we move forward. Folks, I want to really particularly thank Mr. Kevin Williams and his [GISC] staff for the great work that they have done in

putting this conference together and giving us this opportunity to get together; AFCEA for all the great partnership we have with you; for government, industry and academia partners who are here today, who have taken so much time from their busy schedules, to get us ready and go forward. Weve got an all star lineup of speakers and panelists that are going to entertain you, but hopefully more importantly challenge you, and I look forward to hearing your thoughts and questions over the next couple of days. We must leave no stone unturned. The mission we have today in the US Strategic Command is focused on DoD networks. But lets not fool ourselves. The threat to America goes beyond that. The threat to cyberspace entities in America that can affect our economy, our industrial base, our power and telecommunications, our banking, our finance systems, the threat is real today. We need to be thinking about how that is going to be protected in the future. Remember, all of our DoD networks run on the same wires so theres synergy there in thought when we think about how were going to move forward in both the DoD and the broader Department of Homeland Security effort to secure America against pending threats. Finally, I particularly want to challenge everybody thats come from out of state, from around the country and indeed around the world, to take home what youve learned, what you will learn here in the next few days; to challenge people back home; share the information, share your ideas. But without you today going home and spreading the word we cannot begin to change our cyber culture, our cyber conduct or our cyber capabilities. Thanks, ladies and gentlemen. Its great to be with you here this morning.

General Kevin P. Chilton is Commander, United States Strategic Command, Offutt Air Force Base, Nebraska. He is responsible for the global command and control of U.S. strategic forces to meet decisive national security objectives. USSTRATCOM provides a broad range of strategic capabilities and options for the President and Secretary of Defense.

12

Summer 2009

The US Military and Soft Power


Major John Garcia, US Army Lieutenant Commander Michael Rak, US Navy Major David Yunt, US Army
Editors Note: This article was first published as an academic submission to meet requirements of the Joint Staff Officers Course at the Joint Forces Staff College in August of 2008. he National Military Strategy of the United States of America lists three specific National Military Objectives that provide focused guidance for the implementation of the military instrument of national power. They are: Protect the United States, Prevent Conflict and Surprise Attacks, and Prevail against Adversaries.1 These are clearly in keeping with the traditional role of the Armed Forces. On 26 November 2007, Secretary of Defense Robert M. Gates delivered a speech at Kansas State University which depicted a future shift in the application of the U.S. instruments of national power. In short, based on my experience serving seven presidents, as former Director of CIA and now as Secretary of Defense, I am here to make the case for strengthening our capacity to use soft power and for better integrating it with hard power.2 In the wake of this policy speech, it is necessary to evaluate the role of the military instrument of national power in future action as part of the broader National Defense, and National Security Strategy. After close study, it becomes evident that the U.S. Military must adopt the capability to project soft power as a means of shaping the international communitys support for U.S. values and interests and effectively communicate the success of soft power operations. In order to provide background to the necessary reshaping of not only the National Military Strategy, but the potential

by

Joint Task Force Horn of Africa Kenyan Officer Training Graduation Ceremony Source: defenseimagery.mil

16

Summer 2009

capability shift of U.S. forces, the issue must be examined from several angles. The military instrument of power must learn how to utilize soft power as a means of shaping the views of foreign government and their populaces in order to capitalize on our foreign policy successes. Additionally, military leaders and strategists must provide a model for the future doctrine and necessary force structure, should the U.S. military hope to meet its soft power projection objectives. The term soft power is first attributed to Professor Joseph Nye, from his 1990 book Bound to Lead: the Changing Nature of American Power. Professor Nye, in a 2003 Editorial defined soft power as: The ability to get what you want by attracting and persuading others to adopt your goals. It differs from hard power, the ability to use carrots and sticks of economic and military might to make others follow your will but attraction is much cheaper than coercion, and an asset that needs to be nourished. Professor Nyes advice from the 2003 editorial is still prescient today. Now that we Americans have a big stick, we should learn to speak softly.3 Soft power should not be seen as a propaganda campaign. It is an opinion-shaping tool through action, not merely through message. Theater Security Cooperation Plans, as developed currently by the Geographic Combatant Commander, in order to shape the security environment in their Area of Responsibility (AOR) must focus on traditional military tasks such as security assistance, Foreign Internal Defense (FID), and presence operations. The focus of these activities needs to be reexamined in order to provide a persistent positive image of the U.S. and its armed forces in critical areas. Humanitarian and Civic Assistance Programs (HCA) are separate and distinct from disaster relief operations and are governed under Title 10, USC Section 401. This type of assistance may be provided in conjunction with military operations and exercises, and must fulfill unit training requirements that incidentally create humanitarian benefit to the local populace.4 Future theater security cooperation plans need also to focus on shaping opinions and ideas. Although this is not a traditional mission for a military focused on fighting and winning the nations wars; the size, skills, and expeditionary capability of the U.S. Armed Forces make it uniquely suited to influence foreign opinion through attraction, while maintaining the capability for coercion. Although there may be limitations as to what can be done under current laws, recent operations as well as publications by the U.S. Department of Defense and its leaders, indicate a change in the strategic direction of the use of military forces for HCA activities. These changes are not incidental to operations, but in fact, the focus of the planned activities. A Cooperative Strategy for 21st Century Seapower, a document giving strategic direction to the sea services, and signed by the Chief of Naval Operations, and the Commandants of the U.S. Coast Guard and Marine Corps, gives emphasis to the use of soft power as a shaping tool. In the subsection of the strategy titled Globally Distributed, Mission-Tailored Maritime Forces, the need for relationship building with international

partners is emphasized. Working on the premise that trust and cooperation cannot be surged,5 coupled with the expeditionary and forward deployed capability of the sea services gives a solid strategic foundation for operational planning to include soft power. Building and reinvigorating these relationships through Theater Security Cooperation requires an increased focus on capacity building, humanitarian assistance, and regional frameworks for improving maritime governance and cooperation in enforcing the rule of law.6 The naval components of the joint force are already putting this plan into action. More than just a strategic paper written by he uniformed leaders of the services, it has become a reality as evidenced by the statistics of HCA operations provided by the Navy in 2007. Working alongside non-governmental organizations and foreign medical officers, Navy people visited more than 20 countries; treated more than 130,000 medical patients, 29,000 dental patients, and 20,000 animals; conducted more than 1,400 surgeries; completed more than 60 engineering tasks; and spent more than 3,000 man-days in

US Pacific Command Commander ADM Keating Receives Gift from the Samoan Prime Minister Source: defenseimagery.mil

17

community relations projects.7 While it is clear that current deployment levels of ground component forces to the Central Command AOR for combat operations in Iraq and Afghanistan make larger commitments to HCA operations impractical in the immediate future, once force levels committed to those operations decrease, more personnel should become available. As Chief of Naval Operations Admiral Gary Roughead has stated, these missions of support, compassion, and commitment are enduring, and they are codified in our maritime strategy.8 The United States Southern Command (SOUTHCOM) is currently restructuring its organization and could serve as a model for other geographic combatant commands. When Admiral James Staviridis assumed Command of SOUTHCOM in October 2006, He recognized that Latin America is a different sort of theater in which

traditional military requirements may no longer be appropriate. Many of our allies have already switched their military focus and adopted strategies to improve social conditions and humanitarian response efforts. 9 SOUTHCOM is even restructuring its organization, breaking the Napoleonic paradigm and creating directorates such as the Security and Intelligence Directorate, the Policy Directorate, the Stability Directorate, and perhaps most relevant, the Inter-Agency Partnering Directorate.10 The use of military force in its traditional roles of fighting and winning the nations wars has not gone away. Through strategy and action, the services and the Combatant Commands are beginning to realize that long term stability must come from a combination of hard and soft power. The U.S. National Strategy for Public Diplomacy and Strategic Communication published June 2007 states there are three strategic objectives to govern

Americas public diplomacy and strategic communications with foreign audiences. Those objectives are as follows: I. America must offer a positive vision of hope and opportunity that is rooted in our most basic values. II. With our partners, we seek to isolate and marginalize violent extremists who threaten the freedom and peace sought by civilized people of every nation, culture and faith. III. America must work to nurture common interests and values between Americans and peoples of different countries, cultures, and faiths across the world.11 Soft power can be a major tool used by Geographic Combatant Commanders to shape the operating and information environments to support U.S. policies and interests.

US Public Diplomacy Officer Meets with Iraqi Counterpart Source: defenseimagery.mil

18

Summer 2009

World opinion of United States policies and its people has been on a steady decline since 2002.12 The challenge is many of the low ratings are coming from countries we would consider our steadfast allies. A 2006 poll taken by the Pew Global Project indicates that only 39% of the populations of Great Britain, Germany, Spain, and France had favorable opinions of the U.S. and it policies and only 68% of the population of the same countries had a positive opinion of the American people.13 In Muslim countries, the ratings are even lower, for example in countries such as Jordan, Indonesia, Egypt, Pakistan, and Turkey only 23% of the populace had favorable opinions of the U.S and its policies.14 Many of the low opinions stem from U.S. involvement in Iraq and the reasons for going to war. In a recent Eurobarometer poll, many of the worlds people believe the U.S. has hindered progress toward alleviating global poverty, protecting the environment, and that the U.S. has failed to maintain peace.15 Whether these opinions are justified, it does not matter because in the eyes of people; perceptions are reality. The concern with the low opinions and perceptions is that nations are becoming more hostile diplomatically to our national interests and National Security Strategy, thus making it hard to accomplish missions.16 A good example is when the Government of Turkey, a historically cooperative ally of the United States, refused to allow the U.S. to use Turkish soil to establish a northern front in the opening days of Operation Iraqi Freedom. There is hope to reverse the declining tide of public opinion. The U.S. received positive ratings for its tsunami relief efforts for tsunami victims in Indonesia and other affected areas. This is one reason soft power is so important. Combatant Commanders are presently using various types of soft power to shape their areas of operations. For example, U.S. Southern Command conducted several medical related missions in South America to aid underprivileged children and stop the spread of disease through vaccinations.17 This operation could increase positive perceptions of the U.S. and the U.S. military in the AOR if accompanied by a wellplanned information operations campaign. The challenge with operations such as these are that they only appear in local or military publications thereby, failing to influence the intended international target audience. If the U.S. is to gain support for its policies and national interests, the U.S. must bolster its strategic communication campaign to maximize all the elements of national power. In future planned soft power operations, Combatant Commands must be proactive in attracting the attention of the international and national media by granting the media access to all facets of the operation. Combatant Commands should also maximize its capability to document the operation using DOD Combat Camera to capture the video and images for historical purposes and allow for the timely release of public affairs articles. Leaders should also encourage subordinate personnel to tell the stories in their own words through the use of BLOGS and webpages. Ambassadors of affected countries must use their influence to appear on U.S. or international media outlets and emphasize strategic themes and messages.

Provincial Reconstruction Team Member Hangs Map in Iraqi School Source: defenseimagery.mil

Joint Task Force Commanders have a key role in ensuring the overall strategic communication plan is executed during soft power operations. Commanders have numerous capabilities at their disposal to physically effect the information environment. Psychological Teams integrated with the soft power force can have enormous positive effects in the area. Psychological Teams can poll the populace and determine the major challenges of that particular community. In Iraq, for example, U.S. Forces would often build schools and drill wells to demonstrate progress when the community actually only needed seeds for spring planting-that is why Psychological Teams assessments are key to determining the needs of the populace in order to influence them. Joint Task Force and subordinate commanders must get out and conduct face-to-face engagements with local leaders in order to build trust and confidence. Often, local leaders have strong ties to the national government and media. Codifying those relationships will ensure the Joint Task Force Commanders message is reinforced. The Joint Task Force Commander can also use Psychological Teams to produce products specifically tailored to the area. As an example, an effective product could be a calendar with pictures of the local or international soccer teams with key messages that the commander wants to emphasize. This method proved to be highly effective in Operations Iraqi Freedom in 2007 after Iraq won the Asian Cup.18 Combatant Commanders should also focus soft power at certain demographics in order to achieve 19

the long-term desired effects of support for U.S. interests. Often overlooked target audiences are youth and women. The youth audience is important because it will play a role for years to come and tends to be less critical of the United States. According to the Pew Global project survey,19 women should be a priority according to the U.S. National Strategy for Public Diplomacy and Strategic Communication. Commanders can shape the target audience by participating in programs with partner nations to establish and build womens centers that include computer training and education.20 Appealing to the female demographic is critical because in many nations the laws that suppress women are being lifted. Many women attend college and own private businesses. In Algeria for example, Muslim women are gaining more power in a society once thought to be very restrictive to women. In Algeria, women drive locomotives, hold positions

as judges, and make up a majority of students in colleges. There are more girls enrolled in high school than boys, and almost 61% of university graduates are women.21 The long-term effect of influencing these particular audiences will be support to the United States and its policies. These types of information operations campaigns are greatly important to the overall mission of the U.S. Geographic Combatant Commanders. Bringing to bear the full weight of various U.S. instruments of power and telling not only the affected populace, but also the U.S. public and the international community about soft power operations, gives an even greater effect than simply conducting the operation without positive exposure. International development already has many advocates; from the U.S. State Department to the U.S. Agency for

International Development (USAID) and a multitude of public corporations. Unfortunately, in these organizations, the manpower is often not present to make a real, and lasting difference. The U.S. military, however, is one of the few organizations with the budget, manpower, and planning staffs vast enough to cover large areas and various projects. With the strategic-level implications to conduct international development and realizing the information operations value, it is now important to develop soft power strategy and execute down to the operational level. Recently, the U.S. State Department implemented a new civilian nationbuilding team focused on reconstruction efforts called the Civilian Response Corps. 22 This corps consists of roughly 250 federal employees from various agencies, with more than 2,000 employees in a reserve status to respond to any necessary contingency. This is

US Public Diplomacy Reconstruction Officer Greets Iraqi Girl Source: defenseimagery.mil

20

Summer 2009

the type of model the military should borrow. Although the Civilian Response Corps is geared towards a reactive mode, a proactive approach can easily be built within the same type of framework. Each Geographic Combatant Command must establish a directorate of International Development that will work closely with the U.S. State Department and USAID. With close coordination, they will develop the proper balance of military development assistance that support diplomatic efforts within their regions. Building upon the establishment of the International Development Directorate, the U.S. must develop quick reaction forces to focus U.S. efforts and ability to respond to a crisis or deploy to various areas on peace building missions for limited amounts of time. In addition, units must be built that can be deployed for achieving longer-term gains. Several programs are already in place and need to be expanded. The Navys use of their hospital ships, the Pacific based USNS Mercy and the Atlantic based USNS Comfort, are great examples of units that take civilian and military professionals to areas in need of expertise and can get there quickly. In late 2008 the USNS Mercy embarked on a four month deployment titled Pacific Partnership. It was described as a humanitarian civic assistance (HCA) mission. Pacific Partnership brings together host nation medical personnel, partner nation military, medical and construction personnel, and non-governmental organizations (NGOs) to provide medical, dental, construction, and other HCA services ashore and afloat in Southeast Asia and Oceania.23 This type of involvement not only sends out a positive message about the United States, but also allows U.S. personnel to gain valuable experience working within their profession while at the same time training the indigenous populace on how to improve their livelihood. For this program to really serve the needs of the Combatant Commanders, it must be expanded. Several ideas have already been put forth ranging from expanding the number of dedicated hospital ships to converting aging amphibious ships into HCA platforms.24 While the exact model of shipbuilding or conversion required to meet the mission is beyond the scope of this paper, a vessel which could act not only as a humanitarian disaster relief vessel, but simultaneously provide sustainment to engineering, as well as medical and civil affairs personnel is critical. A minimum of two additional ships, one for each coast, should be considered, giving the U.S. more capability to impact a greater number of people more often. This capability would also allow the U.S. to cover more area in the case of multiple natural disasters with a greater range of response. In addition, these vessels would increase the capability for a persistent presence and projection of soft power in non-crisis situations, and be available for training medical, and civil affairs personnel from both the military and civilian joint venture programs. While expanding afloat soft power capability is a necessity, a land based version, more focused on building, developing, and instructing, must also be conceived. A model such as the above-

mentioned State Department Civilian Response Corps could be blended into a deployable military version of the Peace Corps created by President John F. Kennedy in 1961 to promote peace and friendship. Another idea is to build on the British model of a national support element 25 with a logistics support unit consisting of medical, dental, veterinary, security, engineering and logistics personnel, in a pre-established deployable unit. This would give military planners a deployable option available for tasking instead of creating an ad hoc organization when needed. Taking a sheet from the Peace Corps playbook, Combatant Commanders could place groups of military members with specific backgrounds, i.e. construction, medical or educational, along with coordinated employees of various U.S. agencies, and place them somewhere in their AOR for an extended amount of time. Two to three of these teams should be formed and would work and train together stateside until such time as they are needed by a Geographic Combatant Commander. These teams would only be deployed when the soft power need is of enduring quality. Therefore, they should be thought of as units that will deploy and build projects in a locale for a minimum of six months. This length of time would give the team not only time to build more extensive programs of construction and education, but also allow for more sophisticated interaction with the populace. This would

US Diplomatic Reconstruction Team Soldier Organizing School Supplies in Iraq Source: defenseimagery.mil

21

US Public Diplomacy Reconstruction Team Meeting with Iraqi Officials Source: defenseimagery.mil

lead to higher quality programs and a better understanding of the United States throughout the respective region receiving the assistance. Additionally, this type of program will give deployed Americans a better understanding of the true needs of the indigenous population. The question may arise as to why the military should take on this role instead of civilian programs such as the Peace Corps, USAID or the State Department. The answer is numbers and flexibility. The military has the personnel, reachback resources, and planning staffs available to truly make these types of missions succeed. The Peace Corps only has slightly more than 8,000 volunteers and trainees (as of Sept 2007) serving in 70 countries.26 A military peace force will significantly contribute to these numbers while bringing more trained technological experts to a location to hone their skills. More importantly, these military based teams would, more importantly, give combatant commanders first hand knowledge of the actual ground situation in regions of concern. If tensions were to flare up, the military staffs would have personnel in place with extensive knowledge of local customs, culture, and conditions. This type of knowledge would be instrumental in mobilizing a timely and accurate response should a more traditional military mission be necessary.

Building a consolidated U.S. effort to structure the U.S. Military that focuses more on the conditions that may lead to hostility will take a large investment in both time and funding. In addition, spending money on overseas programs where the U.S. populace cannot see a direct correlation to their safety or economic benefit is not an easy sell, but with wise use of the media, this can be achieved. The strategic importance of these events cannot be overstated. Spending time and money now on preventative programs is better for our economy, prestige, and security. The U.S. must live up to its superpower status and must stand up and focus its efforts on preventing the conditions of war by providing food, health, and technological development instead of spending larger sums of money later on kinetic operations, peacekeeping, and peace enforcement operations. Using soft power, appropriately directed as an opinionshaping tool, followed up by a focused, insightful information operations campaign and public affairs support to publicize developments must become part of the military mission set. Investing time, money, and personnel in areas before they become a breeding ground for discontent is a true use of soft power. Although it may be expensive to build peace, wars are much more expensive.

22

Summer 2009

Footnotes:
1. Office of the Chairman, Joint Chiefs of Staff, National Military Strategy of The United States of America, (2004), 2. 2. Robert M. Gates, Landon Lecture at Kansas State University (November 26, 2007): www.defenselink.mil/speeches (accessed on July 21, 2008). 3. Nye, Joseph, Propaganda Isnt the Way: Soft Power, International Herald Tribune, January 10, 2003. 4. U.S Department of Defense, Joint Publication 3-0, Joint Operations:. Incorporating Change 1, (February 13, 2008), VII-7 5. U.S. Department of Navy, A Cooperative Strategy for 21st Century Seapower (October 2007) 11. 6. Ibid 11. 7. Truver, Scott C. U.S. Navy in Review. U.S. Naval Institute Proceedings (May 2008): pg 66. 8. Ibid. 66 9. Paterson, LCDR Pat, USN SOUTHCOM turns to Soft Power. U.S. Naval Institute Proceedings (July 2008): 57. 10. Ibid. 57. 11. U.S. Department of State, U.S. National Strategy for Public Diplomacy and Strategic Communication, (June 2007). 12. Pew Global Attitudes Project, Americas Image Slips, But Allies Share U.S. Concerns Over Iran, Hamas, (June 2006), http:// pewglobal.org/reports/display.php?PageID=825, (accessed on August 3, 2008). 13. Ibid. 14. Ibid. 15. Nye Jr., Joseph S. The Decline of Americas Soft Power. Foreign Affairs 83.3 (May-June 2004): 16. 16. Ibid. 10.

17. LCDR Pat Paterson, USN, SOUTHCOM turns to Soft Power U.S. Naval Institute Proceedings (July 2008) pg. 57. 18. Multinational Forces Baghdad PSYOP Company Product Book 2006-2008 19. Pew Global Attitudes Project, Americas Image Slips, But Allies Share U.S. Concerns Over Iran, Hamas, June 2006, http://pewglobal. org/reports/display.php?PageID=825, (accessed 3 Aug 2008). 20. U.S. Department of State, U.S. National Strategy for Public Diplomacy and Strategic Communication, (June 2007), 19. 21. Fred Stopsky.. Muslim Women In Algeria Gain Power, http:// theimpudentobserver.com/world-news/muslim-women-in-algeriagain-power/, February 1, 2008 (accessed August 3, 2008). 22. Nicholas Kralev, Rice hails corps to rebuild nations, Washington Times, http://www.washingtontimes.com/news/2008/jul/17/rice-hailscorps-to-rebuild-nations/; (accessed August 3, 2008). 23. U.S. Department of Navy, Commander, US Third Fleet Press release; USNS Mercy to Deploy on Pacific Partnership 2008, http:// www.mercy.navy.mil/htm/09-08%20USNS%20MERCY%20Set%20 to%20Deploy.pdf (accessed August 3, 2008). 24. See Daniel K. Richardson and Lane Packwood, A Great White Fleet for the 21st Century, U.S. Naval Institute Proceedings, (January 2008) and Jim Dolbow. Lets have a Fleet of 15 Hospital Ships U.S. Naval Institute Proceedings (February 2008). 25. http://www.army.mod.uk/ (accessed August 13, 2008). 26. Fast Facts about the Peace Corps, http://www.peacecorps.gov/ index.cfm?shell=learn.whatispc.fastfacts; (accessed August 10, 2008).

23

Online Postings: The New Dumpster Diving


Dr. David C. Hurley, PhD
Editors Note: Dr. Hurleys views in this article are with the mainstream of thinking in the military culture about the emerging technologies of social networking. It is a contrast to the views expressed in the interview with LTG Caldwell. Both Dr. Hurley and LTG Caldwell have valid points on the subject and their views should stimulate thought among IO professionals. ew technology often brings new benefits to the U.S. military. These technological advancements help sustain the U.S. as the premiere, most modern military force in the world. These technological developments such as the Internet have opened new possibilities and avenues for the military particularly in the field of Information Operations (IO). The Internet as a tool makes it possible to reach and influence in manners never before thought possible. While these technical advancements have created a boon for military IO as evidenced by a recent article published by Major James Efaw titled Social Networking Services: The New Influence Frontier, there is also a dark side to these advancements for what we have developed can also be used against us. These new social networking technologies allow individuals to broadcast information to audiences, which were previously considered unattainable. However, these same technologies can be used to discover and collect information in ways formerly not feasible. The adversarys information is the key component to developing intelligence. The United States as the worlds premier super power has a variety of technical and non-technical methods (HUMINT, SIGINT, COMINT, ELINT, MASINT, OSINT, etc) to collect various types of information for intelligence products. Those actors and nation states that cannot afford satellites and sophisticated electronics still have the need to be able to collect information to analyze for intelligence products. Hence, Foreign Intelligence Services (FIS) are often forced to gather information via other less expensive, less complex means. Traditionally trash, often considered poor mans intelligence, was one such method. One of the typical ways to gather information via this process was to dive through the targets trash for information, as important documents were often inadvertently thrown away and could yield essential elements of friendly information (EEFI). Moreover, information can come in many forms; for example, several unclassified pieces of information can be harmless when viewed individually, but when analyzed together they can paint an operational picture. Trash intelligence or TRASHINT, due to its simplicity, has several advantages over other types of intelligence collection. First, TRASHINT is generally very inexpensive with the main cost being the man-hours necessary to collect and shift through the garbage. TRASHINT has the added advantage that the collector does not have to physically breach the facility where the sought after information is being produced. Hence,

by

US Pacific Command Computer Network Defense Operations Source: defenseimagery.mil

30

Summer 2009

TRASHINT is often relatively easy to acquire, can be collected from a distance, and requires no direct personal contact with the adversary. Moreover, there is little regulation on the collection of garbage particularly when in foreign environments. No complex equipment is required. Only patience and a keen mind is needed to collect and analyze this type of INTEL. The best defense against the collection of TRASHINT is adequately shredding/ destroying all susceptible information mediums (paper, CDs, thumb drives, etc) before they leave the facility. To protect against adversarial EEFI collection efforts, counterintelligence (CI) teams are responsible for ferreting out potential OPSEC vulnerabilities. As the U.S. military transitions to paperless technologies, TRASHINT becomes more difficult to collect. As the new technologies emerge, FIS will attempt to exploit them in their efforts to collect information. The need for information never goes away; technology merely alters the manner in which it is gathered. This paper explores possible uses of online postings and proposes that the Internet is a replacement for traditional dumpster diving.

Online posting refers to the amount and type of information that is available through open source Internet searches i.e. blogs, email, websites (both official and unofficial), and social networking sites. A recent USAF study of a social networking site found that 60% of the USAF personnel posting on that site made themselves vulnerable to adversarial targeting by voluntarily posting too much information. For the purpose of this paper, online postings only refer to information that can be gathered without any form of solicitation or hacking, for example a service members MySpace page or online blogs or articles opened to the public. When compared to TRASHINT, online information may offer the same advantages of TRASHINT and in many ways may be even more effective. The collection of TRASHINT will be compared to online information (See Figure 1). Surprisingly, online collections not only have many of the same advantages as TRASHINT but in many categories online collection seem to be superior. The following categories of cost, distance, regulation, detection, speed, and acquisition were designed to clarify the advantages and disadvantages of each type of collection effort. These

categories are not mutually exclusive; in fact, each category cascades into the next. There are two types of cost when considering collection start up and maintenance costs. The startup for the collection of TRASHINT is minimal, the main expense being travel, which is relatively cheap if collectors are operating in their own country, for example French collectors targeting American facilities located in France. Collecting TRASHINT outside of ones country brings other associated difficulties, but in terms of expense, it becomes exponentially more costly. Online collection is going to require the start up cost of a computer, Internet connection, and an adequate facility from which to operate the equipment. There may be an additional cost for either finding or training an individual to perform the online searches. The maintenance cost for both is mainly associated with the man hours put into the collection efforts. While TRASHINT is cheap, this method will probably cost more in man-hours as collectors must spend time traveling, locating, penetrating, collecting, and sifting through the trash. With online collection, an adversary can gather information on multiple units at multiple locations without ever leaving his or her office. In terms of cost, the edge goes to online collection. Distance refers to how close the collector needs to get to his target. TRASHINT has a similar advantage with online

JTF-Liberia Communications Specialist Using Computer Source: USAF Communications Agency

31

Figure 1. A Comparison Between Trash and Compter Generated Intelligence

collections in that both can be done at a physical distance. For TRASHINT, while the information in the dumpster is the tangible target of the collection, the actual target is the facility and the individuals producing that information. The collector is not just collecting trash to collect trash; instead,

he or she intends to gather EEFI produced by individuals at that facility. The major advantage to TRASHINT is that the facility itself does not need to be penetrated to acquire the information it produces. Dumpster diving often happens in one of three ways:

Afghan Election Ballot Source: defenseimagery.mil

32

Summer 2009

Mail Call in Afghanistan Source: defenseimagery.mil

1. The trash receptacle location is the site of the collection, is generally somewhat close to the facility, and the information of interest is collected onsite. 2. The trash is collected covertly, moved, and sorted at another location. 3. The trash is removed normally and then collected and sorted at the dump location. Methods one and two both require the collector to expose themselves with some form of physical presence at the collection point. The third method while having the benefit of no possible exposure suffers two serious drawbacks. First, it is generally a less timely method because of the need to wait until trash is collected. Second, it is generally more time consuming because there are additional volumes of trash that need to be sorted. Information obtained from OSINT Internet sources such as online

Waste Management Dumpster Source: flickr.com

33

Mail Room at US Marine Base in Afghanistan Source: defenseimagery.mil

newspaper articles concerning units status, as well as, social networking sites and blogs can provide a wealth of information. Consequently, online collection methods do not require that collectors and their targets even be in the same country. Hence, the ability to gather information over great distances provides a definite advantage to online collection method over TRASHINT methods. There are regulations, rules, and laws that govern the collection of trash. While TRASHINT collectors may have to violate laws to get to the actual collection site, AKA the dumpster, their intent to spy on government entities may be illegal, few laws protect the privacy or ownership of what is thrown away. The U.S. Supreme Court denied the right of privacy to trash in California v. Greenwood, 486 U.S. 35, 39 (1988). While the right to someone elses trash itself may be legally protected in a practical sense, onsite trash collectors are generally going to have to break a number of laws to get next to where the dumpster of interest would be located. While collecting the trash often circumvents any serious legal problem, the aforementioned disadvantages with its collection method still exist. To date, the author is unaware of any laws or regulations against the open source collection of online information. The events of 9/11 characterized how members from relatively low-tech societies could exploit our technology and use it against us. The fact that many of the 9/11 hijackers lived and trained in the United States could be evidence enough of how difficult detection can be if security is not constant and vigilant. In low-level conflicts such as terrorism and guerilla warfare,

good intelligence becomes paramount to direct operational activities. Pre 9/11, the collection of TRASHINT via all three methods was relatively safe with little risk of detection. Since 9/11, access to government and military installations are much more difficult. The major drawback on TRASHINT, particularly for methods one and two is that it requires a physical presence. Because individuals collecting TRASHINT are engaged in activities that some would consider being out of the ordinary, there is a high likelihood that their activities may be reported. This could lead to arrest, detention, or counterintelligence (CI) directed toward these individuals. While most individuals would not notice the removal of items from the dumpster (after all the garbage it is there to be removed), TRASHINT collectors are removing something both tangible and physical from the site. While the risk of detection from the removal of TRASHINT is very low, the risk of detection while passively perusing the Internet is at best miniscule. Online collections, once again, have the advantage of cyberspace in that no actual physical presence is necessary to collect online information. The information collected, while itself is real, is not either tangible or physical, thus no trace is left. This is one of the most dangerous forms of collection when the target is unaware of their vulnerabilities. Even if the target discovers lapses in their OPSEC, there is little chance of knowing the depth of the problem i.e. who has collected against you and what they have collected. Speed refers to how fast the information can be found, collected, and analyzed. This is where the advantages of online collections clearly win. With online data collection there is no travel,

34

Summer 2009

particularly important when collecting from multiple sites that are not colocated, and there is no physical, manual labor utilized in locating, collecting, and sorting the information. Search engines and data mining tools can assist the online collector in locating the desired postings. Even if a large amount of information is collected via data mining, tools can quickly sort through and find the relevant material. Moreover, all of the collected information is already in some form of electronic format. This means any information or data collected can be processed via e-tools without any additional processing of the physical material from cyberspace. Acquisition examines the ability to collect information but also considers the quality of information. Both in a sense are easy to acquire but trash and refuse, by definition is material that is no longer desired, while the Internet has added a ubiquitous component to social networking. Based on the first five factors, the online collection is clearly superior over traditional TRASHINT. It could be surmised that on this criteria alone, online collections are a more suitable replacement for dumpster diving. This assumes that both methods will collect the same quality of information. This could be a perilous assumption and would need to be further investigated before a definitive conclusion could be reached.

and little risk to the collector. While the Internet posses clear cut advantages in many of these categories, the ability to collect on multiple targets at multiple locations by a single analyst from their office highlights the speed and the advantages of online collection. The one unknown is whether the quality of the information gathered by both collection efforts is similar or if one, and which one, is better than the other one. Future research should compare both the type and quality of the information obtained through both of these methods. The dangers posed by online posting of information should not be overlooked. This problem can be expected to grow exponentially. First, online social networking becomes more prevalent as the younger more tech savvy generation matures. Second, future generations may well grow up and consider online social networking as common as we find the automobile today. Third, the Internet will increasingly become more available

to all parts of the world, particularly the third world. As more people from more parts of the world become interconnected through the Internet, we may find that the Internet has become the new universal dumpster.

Conclusion
The needs of our adversaries, particularly in the collection of information, have not changed. New developments such as blogs, social networking sites, and web pages have changed the location of where information can be found. As TRASHINT gets more difficult to collect in a paperless age and new technologies and ways of doing business emerge, FIS will explore other means of obtaining information. TRASHINT and online collection efforts have many of the same advantages. Both are simple, inexpensive, and collected from a distance with little regulation

35

Multivariate Analysis of the Complex Emergency Operation


Dr. Dusan Marincic
by

Introduction
At the beginning of the 21st century, the International Community was dominated by the democratization of information, technologies and finances.1 Security threats to contemporary society are not only military, but also political, cultural, environmental, economic, demographic and others. Because of these threats, complex emergency operations are dynamic non-linear processes in which the International Community, with the help of military forces, rebuilds fundamental societal values and norms. The definition of a complex emergency operation (CEO) used in this article is an operation to address a humanitarian crisis in a country, region or society where there is total or considerable breakdown of authority resulting from internal or external conflict and which requires an international response that goes beyond the mandate or capacity of any single agency and/or the ongoing United Nations (UN) country program.2

The term CEO encompasses peacemaking, peacekeeping, societal reconstruction, disaster relief operations and their combinations. Such complex emergencies are typically characterized by extensive violence and loss of life; massive displacements of people; widespread damage to societies and economies; the need for large-scale humanitarian assistance; the hindrance or prevention of humanitarian assistance by political and military constraints; and significant security risks for humanitarian relief workers. The basic requirements of CEOs are a strengthened military capacity, the need for coordination between different organizations and the creation and maintenance of a safe and secure environment by military forces to allow humanitarian help and societal rebuilding of the affected area. Despite non-linearity, each CEO has a development cycle with specific phases: a) identifying root causes of conflict; b) decision making process for intervention; c) planning and execution; and, d) assessment of the CEO in the area of operation.3 Assessment of CEOs has been conducted

Figure 1. Theoretical Systemic Model of Complex Emergency Operation (CEO)

37

via observation and systemic analysis of the effects on essential societal security dimensions of the affected society. A systemic approach enables common understanding of the situation and operational planning in line with the needs of local authorities and population.

Potential of Societal Security Dimensions


A systemic approach towards a complex emergency situation has enabled the International Community to recognise the crisis area, gain an understanding of root causes and implement the decision-making process for intervention and planning for execution of operation, in a timely manner. Wherever CEOs are employed, the International Communitys efforts are affected by many internal and external influences. Those intervenes include local politics, media, population demands, different international organizations (IOs), and non-governmental organizations (NGOs), just to mention a few. Right or wrong, the International Community is sometimes blamed for its failure to create a stable and secure environment. Examples like Kosovo in the Balkans and more recently, Afghanistan and Iraq, indicate that despite all efforts by the International Community, a permanent solution to conflict situations has not yet been achieved. Rebuilding societies is one of the most complex and important challenges the International Community faces today. It is absolutely critical to identify a proper methodology for the achievement of the desired end-state of a return to normality in a more efficient way and ensure the future commitment of the International Community to solve challenges elsewhere. Normality in this context includes a sustainable security, reconciliation and a structured society, which guarantees the basic needs of the local population. The theoretical systemic model (Figure 1) shows three key systems that have an impact on CEOs: the International Community, the Area of Complex Emergency and Peace Forces.

International and national societal environments influence the structure and activities of Peace Forces. During decision-making processes concerning interventions, the Security Council (SC) considers the different options available as a security instrument of the UN, which often consists of military, police and civil components. Military forces play an essential role in complex emergencies, not only for establishing a safe and secure environment, but also in enabling other institutions to fulfil their duties as required. This demands a mutual understanding of each others capabilities, strengths and weaknesses. So far, experience has shown that cooperation between the different entities in a conflict area is not effective. A clear distinction between roles, tasks and responsibilities does not exist, nor does an integrated body that could enhance cooperation well before a conflict emerges. A more structured approach is therefore essential to achieve sustainable development for an affected society, based on a return to normality, which is the desired end state. A proper analytical methodology for better understanding of the area of CEO has therefore become a necessity. My proposal is to use multivariate analysis of available indicators in the area of CEO (Fugure 3). The methodology consists of systematic collection and analysis of empirical data about various security dimensions. The results of multivariate analysis will help explain the interactions and relations between structures, events and processes. To achieve desirable effects of CEO in the area of interest it is necessary to coordinate local needs, international capabilities and local capabilities for reconstruction. The need of societal reconstruction could be explained by the triangle of societal reconstruction (Figure 2), where societal reconstruction (SR) depends on international capabilities (IC) and local capabilities (LC) or with descriptive formula SR = IC + LC. These three elements form the triangle of societal reconstruction in the area of CEO.4With the good knowledge about societal security

Figure 2. Triangle of Societal Reconstruction Source: Doyle and Sambanis, 2000, p.45

38

Summer 2009

dimensions in the area of CEO (economy, demography, governance, landscape and environmental issues), the International Community can successfully monitor crisis areas through different phases: root causes, decision to intervene, planning and execution of CEO and analysis of efficiency of CEO (Figure 1). Collected data are analysed by a reactive model, which enables assessment of effectiveness of peace forces, and produce measured effects on Local Capability for Societal Reconstruction. Despite the global dimensions of contemporary security, the national (state) dimension remains a key factor: the state ensures security to its own citizens with an active national security system. The effectiveness of this state is not only measured by the level of protection of its own fundamental societal values from external and internal threats, but also by the ability to provide economic, political, scientific, technologicaltechnical, social, cultural, ecological and other well-being issues for the population. Above all, the effectiveness of the state is measured by its ability to encourage sustainable development. The fundamental structural elements of a national security system are the operational capabilities of the society that can provide its own security. Contemporary political science has recognized the municipality/ province as the main local governance entity, which is needed to enable the overall societal security for its own population. Holistic societal analysis requires the proper selection of demographic, social, political, economic and environmental

Figure 3. Multivariate Analitical Model of Afghanistan Provinces on SPSS

variables at the municipality/province level in order to measure the potential of each security dimension and Local capability for Societal Reconstruction as a whole. At the centre of the peace forces and others preoccupations, the population constitutes a major player in stabilization. The support of the local population for the activities of military forces is therefore a prerequisite to success in stabilization. Hearts and minds must be won in the period immediately after the deployment of forces, which is a very small window of opportunity. The population, often in a state of shock and hoping for a radical change to the situation, is at best open-armed and at worst expectant. In a situation where the social structures are often degraded and where the state apparatus is in decline, or has even disappeared, formal and informal networks quickly arise and fill the administrative and security gaps. In order to increase efficiency of CEOs, we need to establish new methodical and applicable forms of cooperation, coordination and analysis in the areas of CEO. The expected outcome includes recommendations for better results that are

necessary for societal reconstruction of the affected society.

Case Study Afghanistan


For proper risk and capability assesment of local authorities, it is necessary to determine functions and societal areas for analysis. They could be connected with the object of risks, areas of risks and how the local authorities are dealing with possible threats and developing their own skills for decreasing vulnerabilities. Vulnerability of the local community is in correlation with its capabilities to manage complex security conditions and therefore, also level of survivability for the population. Local authorities with acceptable level of vulnerability could be defined as capable and flexible enough. The most appropriate statistical methods for multivariate analysis of local capability are cluster analysis and factor analysis that allow the researcher to define typology and clusters of municipalities/ provinces by groups of variables (graph 1, table 1). I investigated local capabilities for societal reconstruction in 34 provinces of Afghanistan, at the end of 2006. Variables for secondary analysis were collected from open sources on the Internet, data from the Statistical Office of Afghanistan, the Afghanistan Information Management Service, ISAF HQ, United Nations High Commission on Refugees (UNHCR), UN Office

39

Graph 1. Local Capability for Peace in Afghanistan

on Drugs and Crime and from some other humanitarian organisations. For populating the multivariate analytical model (Figure 3) the province was used as a basic, twodimensional statistical unit that was defined by the name and size of the area. All 34 provinces were compared by 42 variables structured as follows: 9 demographic, 10 social, 11 economic, 6 political, and 6 environmental. With the help of statistical computer software SPSS 11.0, it was possible to compare similarities between provinces by descriptive and numerical variables. Cluster analysis produced a clear picture of three distinctive groups of provinces (graph 1): one (Kabul) very capable, 4 (Balkh, Herat, Kandahar, Nangarhar) capable and 29 less capable for self sustained societal reconstruction. Kabul had the highest level of measured variables above statistical average, which is twice as good as the second capable group of 4 provinces. 85 % of the provinces in Afghanistan showed levels of societal dimensions below statistical average. They would require additional international capability for sustainable development. With the cross tabulation of two variables, Province and Local Capability for Peace (table 1), it was obvious which province belongs to which distinctive group. These results can be visualized by the GIS layer (Figure 4). Cross tabulation than allows the researcher to compare Local Capability with the single indicator of societal dimensions in order to produce short-term planning for peace forces activities. For long-term planning the factor analysis (Figure 5) showed two main factors or latent variables Societal Development and Black Economy and Insurgency. Cross tabulation between Local Capability and the two most influenced factors is explained by 43.9 % of variance, thus

Table 1: Cross Tabulation Province and Local Capability for Peace

40

Summer 2009

Figure 5. Factor Analysis

Figure 4. Regional Reactive Analitical Model of Afghanistan

41

showing ways for the International Community to correctly address the complex situation in Afghanistan. Kabul is clearly the most developed province in the country. The intention of the International Community should be to bring the majority of provinces to the top left quadrant with the high Societal Development and weak Black Economy and Insurgency. Recent research of public opinion made by UNODC 5 in 508 villages in all 34 provinces discovered that in 95,3 % of the cases the main reasons for black economy are linked to the social and economic dimension. Local authorities are not capable to deal with the poverty and severe poverty prevalent throughout the country.

In addition, the applied methodology of multivariate analysis, as a contemporary science, can transparently improve living conditions for the affected population and enable sustainable development of the society as a whole.

Footnotes:
1. Thomas L. Friedman, The Olive tree: understanding globalization. New York: Anchor Books a Division of Random House, Inc, 2000, pp. x, xi. 2. Relief Web website, http://www.reliefweb.int/library/documents/ocha handbook on.htm Office for the Coordination of Humanitarian Affairs OCHA Orientation Handbook On Complex Emergencies, 1999. 3. Institute for International Studies website, http://www.brown.edu/ Departments/Watson_Institute Cindy Collins and Thomas G. Weiss An Overview And Assessment Of 1989 - 1996 Peace Operations Publications. Providence: Thomas J.Watson Jr. Brown University, Occasional paper 28, 1997, p.14 A Theoretical and Quantitative Analysis. Princeton in Washington: American Political Science Association, Princeton University, The World Bank, 2000.p.9. 5. UNODC (2007) Afghanistan Opium Winter Rapid Assessment Survey. Vienna: UN Office on Drugs and Crime.Vienna International Centre,P.O.Box 500, Austria, 2007, p.9. 4. Doyle, Michael W. and Nicholas Sambanis, International Peace building:

Conclusions
Systematic data collection and multivariate analysis of security dimensions in the area of complex emergency, allows the International Community to carry out a quantitative assessment of short and long-term effects of CEO. This methodology has so far been used on computer assisted exercises (EURASIAN STAR 04, VIKING 05) for analysis of the efficiency of peace forces in a synthetic environment. With the holistic approach to the Local Capability for Peace in the real operational environment, it would be possible to react in a more timely manner and with appropriate international forces and measures to increase the capabilities of the International Community.

42

Summer 2009

The Dark Side of Social Networking


by Mike McGannon and Dr. David Hurley, PhD
Editors Note: Mr. McGannons and Dr. Hurleys views on social networking and the possibilities of unwarranted disclosure are pertinent and relevant to operations security concerns of all organizations. This article provides a relevant perspective for that point of view. web 2.0 technology and allow users to broadcast their every interest and most minute detail about their lives across to their networks of friends. These advances in technology have changed interpersonal communication and the manner in which people socialize. The upside to these websites for users is that they are fun while still offering a means to communicate with their friends and offer the ability to share photos, videos, links, RSS feeds, games, and other applications. Literally individuals through online technology can be interconnected worldwide. While individuals are no longer geographically bound in their communication and socialization, these new freedoms bring new dangers, with a hazardous downside, for those users who are also in or support the military and the intelligence community. The rapid expansion in the number and sophistication of social networking websites and blogs in the online community, coupled with a dramatic increase in the number of personnel participating on these websites, have increased the need for focused Operations Security (OPSEC) awareness. According to news reports our adversaries are quite proficient in the use of online tools and research methods. They are cognizant of the intelligence bonanza to be reaped through exploitation of unclassified online source.1,2 They also are adept at employing the Internet as a communications medium. The free flow of personal information that is often posted on these websites may be of interest to adversaries of the United States and all too frequently the posted information is in violation of standard OPSEC rules and regulations. Moreover, imprudent use of social networking websites makes the unwary user vulnerable to Cyber Threats, Adversary Influence Operations, and Foreign Intelligence Services who may be using these websites to gather information or to target United States personnelhence the dark side of online social networking. In 2007, the Air Force Research Lab Human Effectiveness Directorate Special Projects office published the report The Impact of Internet Social Networking on the Vulnerability of United States Air Force Personnel to Adversary Influence Operations. The purpose of the study was to examine the potential vulnerability that Untied States Air Force (USAF) personnel may incur through their online social networking behavior. The research team collected a data sample from 500 MySpace profiles and several findings stood out: according to the study, 60.4% of USAF personnel posting on MySpace supplied enough personal details to make themselves vulnerable to adversary targeting. Their MySpace pages included critical information such as first name, last name, hometown, home state, duty location, and job type.3 Of the remaining posters, 25.4% were found to be fair targets, and only 14.2%

he 1990s saw access to the Internet rise from the computer scientist and hacker realm to a common household service such as cable television and telephone services. In the first decade of the 21st century with the advent of more powerful smart phones, PDAs and netbooks, and high speed Internet services, online access can be achieved by anyone, anytime even in the most remote locations in the world. For this new generation of users who have always had Internet access, a new form of website has come on the scene: the social networking website a cross between the old bulletin board services, weblogs (blogs), fan pages and instant message services. These websites offer the latest in

US Marine Using Tactical Computer Source: defenseimagery.mil

13

were found to be poor targets. Also, the study concluded that age is the variable most highly correlated with a propensity to post personal information on MySpace. Approximately 68% of the USAF MySpace postings were done by individuals under the age of 26. Approximately 90% of USAF MySpace posters were under 30 years old. Variables highly correlated with age, such as marital status (unmarried) and rank (lower enlisted and company grade officers), also proved to be significant indicators.The enormity of this problem should not be understated. The significance of the age variable goes much deeper than highlighting the imprudence of youth. Simply put, we do not expect large numbers of individuals to age out of this behavior because the age variable seems less an indicator of youth and more of a gauge to their generation. As this younger tech savvy cohort matures, they bring with them new manners of socializing and communicating based on technology unavailable to previous generations. Hence, as this generation of USAF personnel matures, we would expect the age variable to increase as well, meaning over time we only expect this problem to grow.

targets. The following are examples from a MySpace profile, but most of the major social networking websites have the same general categories.

Interest and Personality Section


Social networking website users generally provide lengthy and often very detailed information about themselves in the Interest & Personality section. While the user may believe this information to be innocuous, it is exactly the type of information that an adversary can leverage for use in Influence Operations planning, with the user as the primary target. Persons with whom the primary target has relationships with are also imperiled by this information if it is posted and freely shared on the site.

that being online does not mean that one is anonymous. As the recent troubles of Olympian Michael Phelps can attest, even photos can be compromising to ones image and financial opportunities.

Education and Employment


Educational and employment information can be valuable to an adversary because it provides yet another avenue to obtain desired details about a targets life. Targeteers can use such information to gain additional data via second-tier individuals identified through such sources such as alumni magazines and company websites.

OPSEC Implications
There are many OPSEC implications with regards to social networking websites and while there is no harm in using these websites, users do need to be aware of what they should and should not be posting about themselves, their duty station, and their operations. Users should always refer to their specific organizations OPSEC regulations if they are unsure of what information they can talk about in a public forum, however, as a general rule they should keep in mind that critical information that constitutes what the adversary needs to know about an organizations operations or programs to achieve their goals. Users should always ask themselves when creating or updating their profile information Could this information be exploited by an adversary in any way or pieced together with other information? While the individual user may not post detailed information about themselves, their friends or family members who are linked to their profile may be posting every little detail about their lives. Users should never underestimate the capabilities or conviction of our adversaries when it comes to collecting information on their targets.

Privacy Act Information


Personal information that is covered by the Privacy Act, such as full name, date of birth, hometown, and address, is of particular value to an adversary. Such information can form the basis of a payfor-service record/background check and each iteration can provide increasingly more detailed information suitable for refining a target folder, as well as for identify theft.

Why Users are Vulnerable


The problem goes beyond just the seven critical variables identified in the study, users are also able to post as much or as little information as they choose to in the general profile fields. When these fields are completely filled in, they provide even more details for an adversary to target the online poster. This is an additional adversary benefit, because they have a baseline via social networking to contact and solicit additional information from the user, their friends, or family members. This information can be crosschecked by conducting more detailed searches of public records information and for initiating professional (charge-forservice) background checks. Because the profiles also list friends of the user, the potential adversary obtains another avenue through which to gather information and perhaps additional 14

Military Information
Social networking website users should never provide sensitive, but unclassified, military information on their websites. Sensitive military information includes current duty station, current organization, occupational specialty (especially such sensitive specialties as: security forces, intelligence, nuclear weapons, aviation career fields, etc.), deployment location, and ongoing or future operations. Indeed, any information that would be covered in an OPSEC briefing should not be posted on a website or online profile where it can be accessed by the general public.

Lifestyle Information
Lifestyle details can be an adversarial point of influence if a user has posted information that he or she has not or cannot divulge to superiors, coworkers, and friends. Such information includes homosexual orientation, illegal drug use, and similar data. Users should be aware

The Counter Intelligence Problem


There is a common misconception that counter intelligence deals with spies collecting information on other spies and this is simply not the case. Adversaries of the United States, both traditional and Summer 2009

emerging threats (terrorist organizations, non-state actors, etc.), will use the best collection tools at their disposal to gather information. Everyone has the ability to access the Internet and social networking websites, so it is a reasonable assumption that users on these websites could become the target of overt or even covert collections by a foreign entity.

Cyber Threats
Once an adversary has collected enough information on a target they may choose to carry out some form of cyber attack against the individual, which could include identity theft, viruses or other malware, or even Influence Operations. Social networking websites lend themselves to such cyber attacks because users are lulled into a false sense of security and do not think that any of the applications or other tools they are using on the website pose a threat. Adversaries could easily create applications to harvest information, install malware or simply monitor the user. In the realm of Influence Operations, an adversary is likely to employ robust means of influence that are not restricted by official doctrine or rules of engagement. For example, the toolkit of adversarial influence methods may include bribery, criminal acts, blackmail, humiliation, kidnapping, and harm or threat of harmboth to the primary target and/or their loved ones.

Conclusion
The use of social networking websites as a tool will only increase as web and mobile computing technologies evolve and while the new generation of soldiers, sailors, airmen and marines enter the service with the web presence in tow, they need to be made aware of the implications that using these websites have on their careers and how they can affect their units operations.

Footnotes:
1 Chris Fowler, 24 April 2007, Posting Online Videos Can Be Boom or Bust for U.S. Service Members, Stars and Stripes [Internet, WWW]. Available: 529 14th St NW, Washington, DC 20045 ADDRESS: http://stripes.com/article.asp?section=104&article=528 66&archive=true, [Accessed: 24 June 2007]. 2 Alexis Debat, 10 March 2006, Al Qaedas Web of Terror, ABC News [Internet, WWW], Available: ABC NEWS INC., 47 W 66TH ST #800, New York, NY, 10023, ADDRESS: http://abcnews.go.com/ Technology/Story?id=1706430&page=1, [Accessed: 24 June 2007]. 3 The study found that these seven variables were the key ones to track and locate an individual. How much information individuals voluntarily provided on these seven critical pieces of information determined the easy and probability of finding them. Individual providing between 0-3 of the critical variables were found to be poor targets, due to the lack information needed for targeting efforts. While individuals providing 4-5 critical variables were categorized as fair targets because they able to be targeted some of the time, and those posting 6-7 variables were categorized as good targets because their targetability was high.

15