Assessment of Russia’s Cyber Relations with the U.S. and its Allies

Meghan Brandabur, Caroline Gant, Yuxiang Hou, Laura Oolup, and Natasha Williams were Research Interns at the College of Information and Cyberspace at National Defense University.  Laura Oolup is the recipient of the Andreas and Elmerice Traks Scholarship from the Estonian American Fund.  The authors were supervised in their research by Lieutenant Colonel Matthew Feehan, United States Army and Military Faculty member.  This article was edited by Jacob Sharpe, Research Assistant at the College of Information and Cyberspace.  Divergent Options’ content does not contain information of an official nature nor does the content represent the official position of any government, any organization, or any group.


Title:  Assessment of Russia’s Cyber Relations with the U.S. and its Allies

Date Originally Written:  August 7, 2018.

Date Originally Published:  October 1, 2018.

Summary:  Russia frequently employs offensive cyber operations to further its foreign policy and strategic goals.  Prevalent targets of Russian activity include the United States and its allies, most recently culminating in attacks on Western national elections by using cyber-enabled information operations.  Notably, these information operations have yielded national security implications and the need for proactive measures to deter further Russian offenses.

Text:  The United States and its allies are increasingly at risk from Russian offensive cyber operations (OCOs).  Based on the definition of the Joint Chiefs of Staff, OCOs are operations which aim “to project power in or through cyberspace[1].”  Russia utilizes OCOs to further their desired strategic end state: to be perceived as a great power in a polycentric world order and to wield greater influence in international affairs.  Russia uses a variety of means to achieve this end state, with cyber tools now becoming more frequently employed.

Since the 2007 cyber attacks on Estonia, Russia has used OCOs against the United States, Great Britain, France, and others[2].  These OCOs have deepened existing societal divisions, undermined liberal democratic order, and increased distrust in political leadership in order to damage European unity and transatlantic relations.  Russian OCO’s fall into two categories: those projecting power within cyberspace, which can relay kinetic effects, and those projecting power indirectly through cyberspace.  The latter, in the form of cyber-enabled information operations, have become more prevalent and damaging. 

Throughout the 2016 U.S. Presidential election, Russia conducted an extended cyber-enabled information operation targeting the U.S. political process and certain individuals whom Russia viewed as a threat[3].  Presidential candidate Hillary Clinton, known for her more hawkish views on democracy-promotion, presented a serious political impediment to Russian foreign policy[4].  Thus, Russia’s information operations attempted to thwart Hillary Clinton’s presidential aspirations. 

At the same time, the Russian operation aimed to deepen existing divisions in the society which divided U.S. citizens along partisan lines, and to widen the American public’s distrust in their democratic system of government.  These actions also sought to decrease U.S. primacy abroad by demonstrating how vulnerable the U.S. is to the activity of external actors.  The political reasoning behind Russia’s operations was to promote a favorable environment within which Russian foreign policy and strategic aims could be furthered with the least amount of American resistance.  That favorable environment appeared to be through the election of Donald J. Trump to the U.S. Presidency, a perception that was reflected in how little Russia did to damage the Trump operation by either OCO method.

Russia also targeted several European countries to indirectly damage the U.S. and undermine the U.S. position in world affairs.  As such, Russian OCOs conducted in the U.S. and Europe should not be viewed in isolation.  For instance, presidential elections in Ukraine in 2014 and three years later in France saw cyber-enabled information operations favoring far-right, anti-European Union candidates[5]. 

Russia has also attempted to manipulate the results of referendums throughout Europe.  On social media, pro-Brexit cyber-enabled information operations were conducted in the run-up to voting on the country’s membership in the European Union[6].  In the Netherlands, cyber-enabled information operations sought to manipulate the constituency to vote against the Ukraine-European Union Association Agreement that would have prevented Ukraine from further integrating into the West, and amplified existing fractions within the European Union[7].

These cyber-enabled information operations, however, are not a new tactic for Russia, but rather a contemporary manifestation of Soviet era Komitet Gosudarstvennoy Bezopasnosti (K.G.B.) techniques of implementing, “aktivniye meropriyatiya,” or, “‘active measures’”[8].  These measures aim to “[influence] events,” and to “[undermine] a rival power with forgeries,” now through the incorporation of the cyber domain[9]. 

Russia thus demonstrates a holistic approach to information warfare which actively includes cyber, whereas the Western viewpoint distinguishes cyber warfare from information warfare[10].  However, Russia’s cyber-enabled information operations – also perceived as information-psychological operations – demonstrate how cyber is exploited in various forms to execute larger information operations [11].

Although kinetic OCOs remain a concern, we see that the U.S. is less equipped to deal with cyber-enabled information operations[12].  Given Western perceptions that non-kinetic methods such as information operations, now conducted through cyberspace, are historically, “not forces in their own right,” Russia is able to utilize these tactics as an exploitable measure against lagging U.S. and Western understandings of these capabilities[13].  Certain U.S. political candidates have already been identified as the targets of Russian OCOs intending to interfere with the 2018 U.S. Congressional midterm elections[14].  These information operations pose a great threat for the West and the U.S., especially considering the lack of consensus towards assessing and countering information operations directed at the U.S. regardless of any action taken against OCOs. 

Today, cyber-enabled information operations can be seen as not only ancillary, but substitutable for conventional military operations[15].  These operations pose considerable security concerns to a targeted country, as they encroach upon their sovereignty and enable Russia to interfere in their domestic affairs. Without a fully developed strategy that addresses all types of OCOs including the offenses within cyberspace and the broader information domain overall Russia will continue to pose a threat in the cyber domain. 


Endnotes:

[1] Joint Chiefs of Staff. (2018). “JP 3-12, Cyberspace Operations”, Retrieved July 7, 2018, from http://www.jcs.mil/Portals/36/Documents/Doctrine/pubs/jp3_12.pdf?ver=2018-06-19-092120-930, p. GL-5.

[2] For instance: Brattberg, Erik & Tim Maurer. (2018). “Russian Election Interference – Europe’s Counter to Fake News and Cyber Attacks”, Carnegie Endowment for International Peace.; Burgess, Matt. (2017, November 10). “Here’s the first evidence Russia used Twitter to influence Brexit”, Retrieved July 16, 2018 from http://www.wired.co.uk/article/brexit-russia-influence-twitter-bots-internet-research-agency; Grierson, Jamie. (2017, February 12). “UK hit by 188 High-Level Cyber-Attacks in Three Months”, Retrieved July 16, 2018, from https://www.theguardian.com/world/2017/feb/12/uk-cyber-attacks-ncsc-russia-china-ciaran-martin; Tikk, Eneken, Kadri Kaska, Liis Vihul. (2010). International Cyber Incidents: Legal Considerations. Retrieved July 8, 2018, from https://ccdcoe.org/publications/books/legalconsiderations.pdf; Office of the Director of National Intelligence. (2017, January 6). “Background to ‘Assessing Russian Activities and Intentions in Recent US Elections’: The Analytic Process and Cyber Incident Attribution” Retrieved July 9, 2018, from https://www.dni.gov/files/documents/ICA_2017_01.pdf. 

[3] Office of the Director of National Intelligence. (2017, January 6). “Background to ‘Assessing Russian Activities and Intentions in Recent US Elections’: The Analytic Process and Cyber Incident Attribution” Retrieved July 9, 2018 https://www.dni.gov/files/documents/ICA_2017_01.pdf p.1.

[4] Flournoy, Michèle A. (2017).  Russia’s Campaign Against American Democracy: Toward a Strategy for Defending Against, Countering, and Ultimately Deterring Future Attacks Retrieved July 9, 2018, from http://www.jstor.org/stable/j.ctt20q22cv.17, p. 179. 

[5] Nimmo, Ben. (2017, April 20). “The French Election through Kremlin Eyes” Retrieved July 15, 2018, from https://medium.com/dfrlab/the-french-election-through-kremlin-eyes-5d85e0846c50

[6] Burgess, Matt. (2017, November 10). “Here’s the first evidence Russia used Twitter to influence Brexit” Retrieved July 16, 2018, from http://www.wired.co.uk/article/brexit-russia-influence-twitter-bots-internet-research-agency 

[7] Cerulus, Laurens. (2017, May 3). “Dutch go Old School against Russian Hacking” Retrieved August 8, 2018, from https://www.politico.eu/article/dutch-election-news-russian-hackers-netherlands/ ; Van der Noordaa, Robert. (2016, December 14). “Kremlin Disinformation and the Dutch Referendum” Retrieved August 8, 2018, from https://www.stopfake.org/en/kremlin-disinformation-and-the-dutch-referendum/

[8] Osnos, Evan, David Remnick & Joshua Yaffa. (2017, March 6). “Trump, Putin, and the New Cold War” Retrieved July 9, 2018 https://www.newyorker.com/magazine/2017/03/06/trump-putin-and-the-new-cold-war 

[9] Ibid.

[10] Connell, Michael & Sarah Vogler. (2017). “Russia’s Approach to Cyber Warfare” Retrieved July 7, 2018, from  https://www.cna.org/cna_files/pdf/DOP-2016-U-014231-1Rev.pdf ; Giles, Keir. & William Hagestad II (2013). “Divided by a Common Language: Cyber Definitions in Chinese, Russian and English”. In K. Podins, J. Stinissen, M. Maybaum (Eds.), 2013 5th International Conference on Cyber Conflict.  Retrieved July 7, 2018, from  https://ccdcoe.org/publications/2013proceedings/d3r1s1_giles.pdf, pp. 420-423; Giles, Keir. (2016). “Russia’s ‘New’ Tools for Confronting the West – Continuity and Innovation in Moscow’s Exercise of Power” Retrieved July 16, 2018, from https://www.chathamhouse.org/sites/default/files/publications/2016-03-russia-new-tools-giles.pdf, p. 62-63.

[11] Iasiello, Emilio J. (2017). “Russia’s Improved Information Operations: From Georgia to Crimea” Retrieved August 10, 2018 from https://ssi.armywarcollege.edu/pubs/parameters/issues/Summer_2017/8_Iasiello_RussiasImprovedInformationOperations.pdf p. 52. 

[12] Coats, Dan. (2018, July 18). “Transcript: Dan Coats Warns The Lights Are ‘Blinking Red’ On Russian Cyberattacks” Retrieved August 7, 2018, from https://www.npr.org/2018/07/18/630164914/transcript-dan-coats-warns-of-continuing-russian-cyberattacks?t=1533682104637

[13] Galeotti, Mark (2016). “Hybrid, ambiguous, and non-linear? How new is Russia’s ‘new way of war’?” Retrieved July 10, 2018, from Small Wars & Insurgencies, Volume 27(2), p. 291.

[14] Geller, Eric. (2018, July 19) . “Microsoft reveals first known Midterm Campaign Hacking Attempts” Retrieved August 8, 2018, from https://www.politico.com/story/2018/07/19/midterm-campaign-hacking-microsoft-733256 

[15] Inkster, Nigel. (2016). “Information Warfare and the US Presidential Election” Retrieved July 9, 2018, from Survival, Volume 58(5), p. 23-32, 28 https://doi.org/10.1080/00396338.2016.1231527

Caroline Gant Cyberspace Jacob Sharpe Laura Oolup Matthew Feehan Meghan Brandabur Natasha Williams Option Papers Psychological Factors Russia United States Yuxiang Hou

An Assessment of Information Warfare as a Cybersecurity Issue

Justin Sherman is a sophomore at Duke University double-majoring in Computer Science and Political Science, focused on cybersecurity, cyberwarfare, and cyber governance. Justin conducts technical security research through Duke’s Computer Science Department; he conducts technology policy research through Duke’s Sanford School of Public Policy; and he’s a Cyber Researcher at a Department of Defense-backed, industry-intelligence-academia group at North Carolina State University focused on cyber and national security – through which he works with the U.S. defense and intelligence communities on issues of cybersecurity, cyber policy, and national cyber strategy. Justin is also a regular contributor to numerous industry blogs and policy journals.

Anastasios Arampatzis is a retired Hellenic Air Force officer with over 20 years’ worth of experience in cybersecurity and IT project management. During his service in the Armed Forces, Anastasios was assigned to various key positions in national, NATO, and EU headquarters, and he’s been honored by numerous high-ranking officers for his expertise and professionalism, including a nomination as a certified NATO evaluator for information security. Anastasios currently works as an informatics instructor at AKMI Educational Institute, where his interests include exploring the human side of cybersecurity – psychology, public education, organizational training programs, and the effects of cultural, cognitive, and heuristic biases.

Paul Cobaugh is the Vice President of Narrative Strategies, a coalition of scholars and military professionals involved in the non-kinetic aspects of counter-terrorism, defeating violent extremism, irregular warfare, large-scale conflict mediation, and peace-building. Paul recently retired from a distinguished career in U.S. Special Operations Command, and his specialties include campaigns of influence and engagement with indigenous populations.

Divergent Options’ content does not contain information of an official nature nor does the content represent the official position of any government, any organization, or any group.


Title:  An Assessment of Information Warfare as a Cybersecurity Issue

Date Originally Written:  March 2, 2018.

Date Originally Published:  June 18, 2018.

Summary:  Information warfare is not new, but the evolution of cheap, accessible, and scalable cyber technologies enables it greatly.  The U.S. Department of Justice’s February 2018 indictment of the Internet Research Agency – one of the Russian groups behind disinformation in the 2016 American election – establishes that information warfare is not just a global problem from the national security and fact-checking perspectives; but a cybersecurity issue as well.

Text:  On February 16, 2018, U.S. Department of Justice Special Counsel Robert Mueller indicted 13 Russians for interfering in the 2016 United States presidential election [1]. Beyond the important legal and political ramifications of this event, this indictment should make one thing clear: information warfare is a cybersecurity issue.

It shouldn’t be surprising that Russia created fake social media profiles to spread disinformation on sites like Facebook.  This tactic had been demonstrated for some time, and the Russians have done this in numerous other countries as well[2].  Instead, what’s noteworthy about the investigation’s findings, is that Russian hackers also stole the identities of real American citizens to spread disinformation[3].  Whether the Russian hackers compromised accounts through technical hacking, social engineering, or other means, this technique proved remarkably effective; masquerading as American citizens lent significantly greater credibility to trolls (who purposely sow discord on the Internet) and bots (automated information-spreaders) that pushed Russian narratives.

Information warfare has traditionally been viewed as an issue of fact-checking or information filtering, which it certainly still is today.  Nonetheless, traditional information warfare was conducted before the advent of modern cyber technologies, which have greatly changed the ways in which information campaigns are executed.  Whereas historical campaigns took time to spread information and did so through in-person speeches or printed news articles, social media enables instantaneous, low-cost, and scalable access to the world’s populations, as does the simplicity of online blogging and information forgery (e.g., using software to manufacture false images).  Those looking to wage information warfare can do so with relative ease in today’s digital world.

The effectiveness of modern information warfare, then, is heavily dependent upon the security of these technologies and platforms – or, in many cases, the total lack thereof.  In this situation, the success of the Russian hackers was propelled by the average U.S. citizen’s ignorance of basic cyber “hygiene” rules, such as strong password creation.  If cybersecurity mechanisms hadn’t failed to keep these hackers out, Russian “agents of influence” would have gained access to far fewer legitimate social media profiles – making their overall campaign significantly less effective.

To be clear, this is not to blame the campaign’s effectiveness on specific end users; with over 100,000 Facebook accounts hacked every single day we can imagine it wouldn’t be difficult for any other country to use this same technique[4].  However, it’s important to understand the relevance of cybersecurity here. User access control, strong passwords, mandated multi-factor authentication, fraud detection, and identity theft prevention were just some of the cybersecurity best practices that failed to combat Russian disinformation just as much as fact-checking mechanisms or counter-narrative strategies.

These technical and behavioral failures didn’t just compromise the integrity of information, a pillar of cybersecurity; they also enabled the campaign to become incredibly more effective.  As the hackers planned to exploit the polarized election environment, access to American profiles made this far easier: by manipulating and distorting information to make it seem legitimate (i.e., opinions coming from actual Americans), these Russians undermined law enforcement operations, election processes, and more.  We are quick to ask: how much of this information was correct and how much of it wasn’t?  Who can tell whether the information originated from un-compromised, credible sources or from credible sources that have actually been hacked?

However, we should also consider another angle: what if the hackers hadn’t won access to those American profiles in the first place?  What if the hackers were forced to almost entirely use fraudulent accounts, which are prone to be detected by Facebook’s algorithms?  It is for these reasons that information warfare is so critical for cybersecurity, and why Russian information warfare campaigns of the past cannot be equally compared to the digital information wars of the modern era.

The global cybersecurity community can take an even greater, active role in addressing the account access component of disinformation.  Additionally, those working on information warfare and other narrative strategies could leverage cybersecurity for defensive operations.  Without a coordinated and integrated effort between these two sectors of the cyber and security communities, the inability to effectively combat disinformation will only continue as false information penetrates our social media feeds, news cycles, and overall public discourse.

More than ever, a demand signal is present to educate the world’s citizens on cyber risks and basic cyber “hygiene,” and to even mandate the use of multi-factor authentication, encrypted Internet connections, and other critical security features.  The security of social media and other mass-content-sharing platforms has become an information warfare issue, both within respective countries and across the planet as a whole.  When rhetoric and narrative can spread (or at least appear to spread) from within, the effectiveness of a campaign is amplified.  The cybersecurity angle of information warfare, in addition to the misinformation, disinformation, and rhetoric itself, will remain integral to effectively combating the propaganda and narrative campaigns of the modern age.


Endnotes:

[1] United States of America v. Internet Research Agency LLC, Case 1:18-cr-00032-DLF. Retrieved from https://www.justice.gov/file/1035477/download

[2] Wintour, P. (2017, September 5). West Failing to Tackle Russian Hacking and Fake News, Says Latvia. Retrieved from https://www.theguardian.com/world/2017/sep/05/west-failing-to-tackle-russian-hacking-and-fake-news-says-latvia

[3] Greenberg, A. (2018, February 16). Russian Trolls Stole Real US Identities to Hide in Plain Sight. Retrieved from https://www.wired.com/story/russian-trolls-identity-theft-mueller-indictment/

[4] Callahan, M. (2015, March 1). Big Brother 2.0: 160,000 Facebook Pages are Hacked a Day. Retrieved from https://nypost.com/2015/03/01/big-brother-2-0-160000-facebook-pages-are-hacked-a-day/

Anastasios Arampatzis Assessment Papers Cyberspace Information and Intelligence Information Systems Justin Sherman Paul Cobaugh Political Warfare Psychological Factors

Assessment of Violent Extremism: The Push of Identity Crisis and the Pull of Ideologies

Linn Pitts holds a B.S. in Marketing/Organization Management and a M.S. in Criminal Justice from the University of South Carolina.  He also has studied Public Policy on a graduate level and holds an Ed.S. in Educational Leadership from Liberty University.  Linn spent a decade in law enforcement prior to transitioning into teaching on a university level.  He presently teaches as an Assistant Professor in the Social Science Department at Shorter University.  He can be found on Twitter @Professor_Pitts and is writing a dissertation on gatekeepers in Countering Violent Extremism programs in the United States.  Divergent Options’ content does not contain information of an official nature nor does the content represent the official position of any government, any organization, or any group. 


Title:  Assessment of Violent Extremism: The Push of Identity Crisis and the Pull of Ideologies

Date Originally Written:  November, 7, 2017.

Date Originally Published:  February 26, 2018.

Summary:  Successful recruitment of individuals into violent extremist organizations involves a recruiter leveraging the lack of social capital and identity capital to convince the radical-to-be that the organization will meet their needs.  Unless potential recruits have an established identity, resilience to deal with the overtures of recruiters, or have trusted individuals in their life that they can turn for help, the individual will be at risk for recruitment into violent extremist organizations.

Text:  Social Capital involves the problem and the potential solution to violent extremism due to the social identity that is sought by individuals at risk of recruitment for extremist groups.  Robert Putnam[1] identified that social capital aids society via collective action and empowerment.  On the opposite end of the spectrum, Lester, Maheswari, and McLain[2] noted that negative influences within family connections can create negative social capital.  In particular, groups that may exhibit extremist tendencies may seem like viable avenues for individuals struggling with identity.  James Côté[3] has further established that a branch of social capital is that of identity capital.  Identity capital is the manifestation of discovering one’s own distinctiveness and plotting their life course.   Therefore, individuals will seek purpose in their life and may turn to extremist movements if they perceive an injustice[4].  Berbrier[5] had previously found that white supremacists will take on a victim identity to exacerbate the sense of injustice of their group’s persona in order to become more attractive to individuals struggling with this aspect in their life.

Ilardi found that recruitment of potential jihadist may not be a top-down recruitment process but it may be more of an individual attraction once introduced to the material such as the messages of radical clerics or videos depicting violence in the defense of religion.  Moreover, Futrell and Simi[6] identified similar activities among white supremacist as occurring at free spaces such as home-based Bible studies, small local bars not frequented by outsiders, or private concerts.  One can easily understand that charismatic leaders may be knowledgeable of these places via organizational ties as noted by Wood[7].  Extremist groups recruit at-risk but willing volunteers, who are seeking purpose in their life.  Though Wood primarily looked at the recruiting methods of the Islamic State, researchers[8] found similar recruiting efforts of white supremacy terror groups.

The key to successful violent extremism recruitment is at-risk individuals and their vulnerabilities such as the following factors discussed by Mitchell[9] while citing Bartlett and Miller, “four often overlooked elements that can move some people toward violent extremism: an emotional impulse to correct an injustice; the thrill of doing something ‘cool’; peer pressure; and attaining a certain status in a hierarchy.”  Three of these, (thrill/cool factor, peer pressure, and status seeking,) directly relate to identity capital as defined by Côté, especially in his discussion of adolescents struggling with the transition to adulthood and identity formation.

Though no apparent correlation to the work of Côté, the emotional impulse concerning an injustice is a view parlayed by Nawaz[10] as he recounted the story of his own radicalization and described the moment of empowerment.  Nawaz’ radicalization occurred while he accompanied his brother and a group of friends when they were accosted by several white nationalists.  He noted his brother mentioned to the white nationalist’s leader that he was carrying a bomb in his backpack [see author’s note].  The incident quickly ended, the white nationalists fled, and Nawaz’s feelings of legitimate identity associated with Islamist ideology.  In this case, it is easy to see Nawaz’s lack of understanding of the radical Islamist ideology, but his nascent view of the identity traits found an appealing association and it related to Côté from the aspect of an altered life-course.  Nawaz and his immigrant family had relocated Essex, England did not feel readily accepted in his transplanted home.  It is not uncommon to find cultural identity struggles faced by second-generation immigrants[11].  In comparison, it may not be limited to strictly struggles faced only by immigrants.  According to Al Raffie[12], “[s]tudies on radicalization find identity to stand at the fore of the radicalization process.  Success partially lies in the radical’s ability to provide the radical-to-be with a distinctive identity[p. 67].”  This identity may be based on an extremist religious ideology or a distinctive worldview such as white nationalism, but the radical-to-be does not fully comprehend the lifestyle they are pursuing and may become indoctrinated because they are seeking the identity.  Consider the life-course of Frank Meeink[13], as he struggled with identity growing up as the product of a broken home, eventually moving in with his father in his preteen years.  Meeink noted that he was constantly harassed/assaulted on the way to school by African-American youth in his South Philadelphia neighborhood.  The turning point for Meeink was a summer with his cousin in a rural area of Pennsylvania that introduced him to white supremacy.  Meeink noted that it made sense to him through the lens of a child that despised African-Americans in his home neighborhood.  It should be further noted this fits Ilardi’s view and that of Lester et al. as identity struggles led to an ideology fit via causal interactions.  Therefore, factors in Nawaz’s radicalization was the result of mistreatment due to his immigrant status akin to Meeink being of a different race in his South Philadelphia neighborhood.  Meeink’s and Nawaz’s story of deradicalization also share similar themes.

In examining societal structures, Cole, Alison, Cole, and Alison[14] cited Munchie’s 1999 work as they discussed that poorly applied preventions may further embolden anti-social identities which was discussed by Mitchell.  The significance of this discussion is that individuals struggling with aspects of self-concept will experiment with different identities and will seek reactions when they sample these new identities such as forms of different dress and customs.  Ultimately, this search leads to a cognitive opening as identified by Carpenter, Levitt, and Jacobson[15] that an extremist recruiter can exploit.  It is further supported by Horgan[16] that individuals joining radical groups do not understand the ideology, but become entrenched in the ideology when isolated from their typical peers.  Therefore, Mitchell’s findings in British Columbia Schools concerning moments where youth were on the fringe of radicalization became teachable moments.  It’s worth noting Mitchell’s respondents felt training concerning bullying and safe school communities offered them the ability to diffuse situations though they had not had formal training on radicalization.

Author’s note:  Some news sources have discredited this personal account by Nawaz, though it is symbolic of his apparent beliefs.


Endnotes: 

[1] Putnam, R. D. [1995]. Bowling alone: America’s declining social capital. Journal of democracy6[1], 65-78.

[2] Lester, M., Maheshwari, S. K., & McLain, P. M. [2013]. Family Firms and Negative Social Capital: A Property Rights Theory Approach. Journal of Behavioral and Applied Management15[1], 11.

[3] Côté, J. E. [2005]. Identity capital, social capital and the wider benefits of learning: generating resources facilitative of social cohesion. London review of education3[3], 221-237.

[4] Ilardi, G. J. [2013]. Interviews with Canadian radicals. Studies in Conflict & Terrorism36[9], 713-738.

[5] Berbrier, M. (2000). The victim ideology of white supremacists and white separatists in the United States. Sociological Focus, 33(2), 175-191.

[6] Futrell, R., & Simi, P. (2004). Free spaces, collective identity, and the persistence of US white power activism. Social Problems, 51(1), 16-42.

[7] Wood, G. (2016). The Way of the Strangers: Encounters with the Islamic State. Random House.

[8] Simi, P., Windisch, S., & Sporer, K. (2016). Recruitment and Radicalization among US Far Right Terrorists Recruitment and Radicalization among US Far-Right Terrorists.

[9] Mitchell, M. R. [2016]. Radicalization in British Columbia Secondary Schools: The Principals’ Perspective. Journal for Deradicalization, [6], 132-179.

[10] Nawaz, M. [2012]. Radical: My journey from Islamist extremism to a democratic awakening. Random House.

[11] Zhou, M. [2003]. Growing Up American: The challenge confronting immigrant children and children of immigrants. Annual Review of Sociology. 23. 63-95. 10.1146/annurev.soc.23.1.63.

[12] Al Raffie, D. [2013]. Social identity theory for investigating Islamic extremism in the diaspora. Journal of Strategic Security6[4], 67.

[13] Meeink, F. and Roy, J.M. [2010]. An Autobiography of a Recovering Skinhead: The Frank Meeink Story. Hawthorne Books.

[14] Cole, J., Alison, E., Cole, B., & Alison, L. [2010]. Guidance for identifying people vulnerable to recruitment into violent extremism. Liverpool, UK: University of Liverpool, School of Psychology

[15] Carpenter, J. S., Levitt, M., & Jacobson, M. [2009]. Confronting the ideology of radical extremism. J. Nat’l Sec. L. & Pol’y3, 301.

[16] Horgan, J. [2008]. From profiles to pathways and roots to routes: Perspectives from psychology on radicalization into terrorism. The ANNALS of the American Academy of Political and Social Science618[1], 80-94.

Assessment Papers Linn Pitts Psychological Factors Violent Extremism

Options for Next Generation Blue Force Biometrics

Sarah Soliman is a Technical Analyst at the nonprofit, nonpartisan RAND Corporation.  Sarah’s research interests lie at the intersection of national security, emerging technology, and identity.  She can be found on Twitter @BiometricsNerd.  Divergent Options’ content does not contain information of an official nature nor does the content represent the official position of any government, any organization, or any group.


National Security Situation:  Next Generation Biometrics for U.S. Forces.

Date Originally Written:  March 18, 2017.

Date Originally Published:  June 26, 2017.

Author and / or Article Point of View:  Sarah Soliman is a biometrics engineer who spent two years in Iraq and Afghanistan as contracted field support to Department of Defense biometrics initiatives.

Background:  When a U.S. Army specialist challenged Secretary of Defense Donald Rumsfeld in 2004, it became tech-innovation legend within the military.  The specialist asked what the secretary was doing to up-armor military vehicles against Improvised Explosive Device (IED) attacks[1].  This town hall question led to technical innovations that became the class of military vehicles known as Mine-Resistant Ambush Protected, the MRAP.

History repeated itself in a way last year when U.S. Marine Corps General Robert B. Neller was asked in a Marine Corps town hall what he was doing to “up-armor” military personnel—not against attacks from other forces, but against suicide within their ranks[2].  The technical innovation path to strengthening troop resiliency is less clear, but just as in need of an MRAP-like focus on solutions.  Here are three approaches to consider in applying “blue force” biometrics, the collection of physiological or behavioral data from U.S. military troops, that could help develop diagnostic applications to benefit individual servicemembers.

1

US Army Specialist Thomas Wilson addresses the Secretary of Defense on base in Kuwait in 2004. Credit: Gustavo Ferrari / AP http://www.nbcnews.com/id/6679801/ns/world_news-mideast_n_africa/t/rumsfeld-inquisitor-not-one-bite-his-tongue

Significance:  The September 11th terrorists struck at a weakness—the United States’ ability to identify enemy combatants.  So the U.S. military took what was once blue force biometrics—a measurement of human signatures like facial images, fingerprints and deoxyribonucleic acid (DNA) (which are all a part of an enrolling military member’s record)—and flipped their use to track combatants rather than their own personnel.  This shift led to record use of biometrics in Operation Iraqi Freedom and Operation Enduring Freedom to assist in green (partner), grey (unknown), and red (enemy) force identification.

After 9/11, the U.S. military rallied for advances in biometrics, developing mobile tactical handheld devices, creating databases of IED networks, and cutting the time it takes to analyze DNA from days to hours[3].  The U.S. military became highly equipped for a type of identification that validates a person is who they say they are, yet in some ways these red force biometric advances have plateaued alongside dwindling funding for overseas operations and troop presence.  As a biometric toolset is developed to up-armor military personnel for health concerns, it may be worth considering expanding the narrow definition of biometrics that the Department of Defense currently uses[4].

The options presented below represent research that is shifting from red force biometrics back to the need for more blue force diagnostics as it relates to traumatic brain injury, sleep and social media.

Option #1:  Traumatic Brain Injury (TBI).

The bumps and grooves of the brain can contain identification information much like the loops and whorls in a fingerprint.  Science is only on the cusp of understanding the benefits of brain mapping, particularly as it relates to injury for military members[5].

Gain:  Research into Wearables.

Getting military members to a field hospital equipped with a magnetic resonance imaging (MRI) scanner soon after an explosion is often unrealistic.  One trend has been to catalog the series of blast waves experienced—instead of measuring one individual biometric response—through a wearable “blast gauge” device.  The blast gauge program made news recently as the markers failed to give vibrant enough data and the program was cancelled[6].  Though not field expedient, another traumatic brain injury (TBI) sensor type to watch is brain activity trackers, which CNN’s Jake Tapper experienced when he donned a MYnd Analytics electroencephalogram brain scanning cap, drawing attention to blue force biometrics topics alongside Veterans Day[7].

 

2

Blast Gauge. Credit: DARPA http://www.npr.org/sections/health-shots/2016/12/20/506146595/pentagon-shelves-blast-gauges-meant-to-detect-battlefield-brain-injuries?utm_medium=RSS&utm_campaign=storiesfromnpr

Risk:  Overpromising, Underdelivering or “Having a Theranos Moment.”

Since these wearable devices aren’t currently viable solutions, another approach being considered is uncovering biometrics in blood.  TBI may cause certain proteins to spike in the blood[8]. Instead of relying on a subjective self-assessment by a soldier, a quick pin-prick blood draw could be taken.  Military members can be hesitant to admit to injury, since receiving treatment is often equated with stigma and may require having to depart from a unit.  This approach would get around that while helping the Department of Defense (DoD) gain a stronger definition of whether treatment is required.

3

Credit: Intelligent Optical Systems Inc http://www.intopsys.com/downloads/BioMedical/TBI-Brochure.pdf

Option #2:  Sleep.

Thirty-one percent of members of the U.S. military get five hours or less of sleep a night, according to RAND research[9].  This level of sleep deprivation affects cognitive, interpersonal, and motor skills whether that means leading a convoy, a patrol or back home leading a family.  This health concern bleeds across personal and professional lines.

Gain:  Follow the Pilots.

The military already requires flight crews to rest between missions, a policy in place to allow flight crews the opportunity to be mission ready through sleep, and the same concept could be instituted across the military.  Keeping positive sleep biometrics—the measurement of human signatures based on metrics like amount of total sleep time or how often a person wakes up during a sleep cycle, oxygen levels during sleep and the repeat consistent length of sleep—can lower rates of daytime impairment.

4
The prevalence of insufficient sleep duration and poor sleep quality across the force. Credit: RAND, Clock by Dmitry Fisher/iStock; Pillow by Yobro10/iStockhttp://www.rand.org/pubs/research_briefs/RB9823.html

Risk:  More memoirs by personnel bragging how little sleep they need to function[10].

What if a minimal level of rest became a requirement for the larger military community?  What sleep-tracking wearables could military members opt to wear to better grasp their own readiness?  What if sleep data were factored into a military command’s performance evaluation?

Option #3:  Social Media.

The traces of identity left behind through the language, images, and even emoji[11] used in social media have been studied, and they can provide clues to mental health.

Gain:  It’s easier to pull text than to pull blood.

Biometric markers include interactivity like engagement (how often posts are made), what time a message is sent (which can act as an “insomnia index”), and emotion detection through text analysis of the language used[12].  Social media ostracism can also be measured by “embeddedness” or how close-knit one’s online connections are[13].

 

5

Credit: https://twitter.com/DeptofDefense/status/823515639302262784?ref_src=twsrc%5Etfw

Risk:  Misunderstanding in social media research.

The DoD’s tweet about this research was misconstrued as a subtweet or mockery[14].  True to its text, the tweet was about research under development at the Department of Defense and in particular the DoD Suicide Prevention Office.  Though conclusions at the scale of the DoD have yet to be reached, important research is being built-in this area including studies like one done by Microsoft Research, which demonstrated 70 percent accuracy in estimating onset of a major depressive disorder[15].  Computer programs have identified Instagram photos as a predictive marker of depression[16] and Twitter data as a quantifiable signal of suicide attempts[17].

Other Comments:  Whether by mapping the brain, breaking barriers to getting good sleep, or improving linguistic understanding of social media calls for help, how will the military look to blue force biometrics to strengthen the health of its core?  What type of intervention should be aligned once data indicators are defined?  Many tombs of untapped data remain in the digital world, but data protection and privacy measures must be in place before they are mined.

Recommendations:  None.


Endnotes:

[1]  Gilmore, G. J. (2004, December 08). Rumsfeld Handles Tough Questions at Town Hall Meeting. Retrieved June 03, 2017, from http://archive.defense.gov/news/newsarticle.aspx?id=24643

[2]  Schogol, J. (2016, May 29). Hidden-battle-scars-robert-neller-mission-to-save-marines-suicide. Retrieved June 03, 2017, from http://www.marinecorpstimes.com/story/military/2016/05/29/hidden-battle-scars-robert-neller-mission-to-save-marines-suicide/84807982/

[3]  Tucker, P. (2015, May 20). Special Operators Are Using Rapid DNA Readers. Retrieved June 03, 2017, from http://www.defenseone.com/technology/2015/05/special-operators-are-using-rapid-dna-readers/113383/

[4]  The DoD’s Joint Publication 2-0 defines biometrics as “The process of recognizing an individual based on measurable anatomical, physiological, and behavioral characteristics.”

[5]  DoD Worldwide Numbers for TBI. (2017, May 22). Retrieved June 03, 2017, from http://dvbic.dcoe.mil/dod-worldwide-numbers-tbi

[6]  Hamilton, J. (2016, December 20). Pentagon Shelves Blast Gauges Meant To Detect Battlefield Brain Injuries. Retrieved June 03, 2017, from http://www.npr.org/sections/health-shots/2016/12/20/506146595/pentagon-shelves-blast-gauges-meant-to-detect-battlefield-brain-injuries?utm_medium=RSS&utm_campaign=storiesfromnpr

[7]  CNN – The Lead with Jake Tapper. (2016, November 11). Retrieved June 03, 2017, from https://vimeo.com/191229323

[8]  West Virginia University. (2014, May 29). WVU research team developing test strips to diagnose traumatic brain injury, heavy metals. Retrieved June 03, 2017, from http://wvutoday-archive.wvu.edu/n/2014/05/29/wvu-research-team-developing-test-strips-to-diagnose-traumatic-brain-injury-heavy-metals.html

[9]  Troxel, W. M., Shih, R. A., Pedersen, E. R., Geyer, L., Fisher, M. P., Griffin, B. A., . . . Steinberg, P. S. (2015, April 06). Sleep Problems and Their Impact on U.S. Servicemembers. Retrieved June 03, 2017, from http://www.rand.org/pubs/research_briefs/RB9823.html

[10]  Mullany, A. (2017, May 02). Here’s Arianna Huffington’s Recipe For A Great Night Of Sleep. Retrieved June 03, 2017, from https://www.fastcompany.com/3060801/heres-arianna-huffingtons-recipe-for-a-great-night-of-sleep

[11]  Ruiz, R. (2016, June 26). What you post on social media might help prevent suicide. Retrieved June 03, 2017, from http://mashable.com/2016/06/26/suicide-prevention-social-media.amp

[12]  Choudhury, M. D., Gamon, M., Counts, S., & Horvitz, E. (2013, July 01). Predicting Depression via Social Media. Retrieved June 03, 2017, from https://www.microsoft.com/en-us/research/publication/predicting-depression-via-social-media/

[13]  Ibid.

[14]  Brogan, J. (2017, January 23). Did the Department of Defense Just Subtweet Donald Trump? Retrieved June 03, 2017, from http://www.slate.com/blogs/future_tense/2017/01/23/did_the_department_of_defense_subtweet_donald_trump_about_mental_health.html

[15]  Choudhury, M. D., Gamon, M., Counts, S., & Horvitz, E. (2013, July 01). Predicting Depression via Social Media. Retrieved June 03, 2017, from https://www.microsoft.com/en-us/research/publication/predicting-depression-via-social-media/

[16]  Reece, A. G., & Danforth, C. M. (2016, August 13). Instagram photos reveal predictive markers of depression. Retrieved June 03, 2017, from https://arxiv.org/abs/1608.03282

[17]  Coppersmith, G., Ngo, K., Leary, R., & Wood, A. (2016, June 16). Exploratory Analysis of Social Media Prior to a Suicide Attempt. Retrieved June 03, 2017, from https://www.semanticscholar.org/paper/Exploratory-Analysis-of-Social-Media-Prior-to-a-Su-Coppersmith-Ngo/3bb21a197b29e2b25fe8befbe6ac5cec66d25413

Biometrics Emerging Technology Option Papers Psychological Factors Sarah Soliman United States

“Do You Have A Flag?” – Egyptian Political Upheaval & Cyberspace Attribution

Murad A. Al-Asqalani is an open-source intelligence analyst based in Cairo, Egypt.  Divergent Options’ content does not contain information of an official nature nor does the content represent the official position of any government, any organization, or any group.


(Author’s Note — “Do You Have A Flag?” is a reference to the Eddie Izzard sketch of the same name[1].)

National Security Situation:  Response to offensive Information Operations in cyberspace against the Government of Egypt (GoE).

Date Originally Written:  May 15, 2017.

Date Originally Published:  June 1, 2017.

Author and / or Article Point of View:  This article discusses a scenario where the GoE tasks an Interagency Special Task Force (ISTF) with formulating a framework for operating in cyberspace against emergent threats to Egyptian national security.

Background:  In 2011, a popular uprising that relied mainly on the Internet and social media websites to organize protests and disseminate white, grey and black propaganda against the Mubarak administration of the GoE, culminated in former President Mubarak stepping down after three decades in power.

Three disturbing trends have since emerged.  The first is repeated deployment of large-scale, structured campaigns of online disinformation by all political actors, foreign and domestic, competing for dominance in the political arena.  Media outlets and think tanks seem to primarily cater to their owners’ or donors’ agendas.  Egyptian politics have been reduced to massive astroturfing campaigns, scripted by creative content developers and mobilized by marketing strategists, who create and drive talking points using meat and sock puppets, mask them as organic interactions between digital grassroots activists, amplify them in the echo chambers of social media, then pass them along to mainstream media outlets, which use them to pressure the GoE citing ‘public opinion’; thus, empowering their client special interest groups in this ‘digital political conflict’.

The second trend to emerge is the rise in Computer Network Attack (CNA) and Computer Network Exploitation (CNE) incidents.  CNA incidents mainly focus on hacking GoE websites and defacing them with political messages, whereas CNE incidents mainly focus on information gathering (data mining) and spear phishing on social media websites to identify and target Egyptian Army and Police personnel and their families, thus threatening their Personal Security (PERSEC), and overall Operation Security (OPSEC).  The best known effort of this type is the work of the first-ever Arabic Advanced Persistent Threat (APT) group: Desert Falcons[2].

The third trend is the abundance of Jihadi indoctrination material, and the increase in propaganda efforts of Islamist terrorist organizations in cyberspace.  New technologies, applications and encryption allow for new channels to reach potential recruits, and to disseminate written, audio, and multimedia messages of violence and hate to target populations.

Significance:  The first trend represents a direct national security threat to GoE and the interests of the Egyptian people.  Manipulation of public opinion is an Information Operations discipline known as “Influence Operations” that draws heavily on Psychological Operations or PSYOP doctrines.  It can render drastic economic consequences that can amount to economic occupation and subsequent loss of sovereignty.  Attributing each influence campaign to the special interest group behind it can help identify which Egyptian political or economic interest is at stake.

The second trend reflects the serious developments in modus operandi of terrorist organizations, non-state actors, and even state actors controlling proxies or hacker groups, which have been witnessed and acknowledged recently by most domestic intelligence services operating across the world.  Attributing these operations will identify the cells conducting them as well as the networks that support these cells, which will save lives and resources.

The third trend is a global challenge that touches on issues of freedom of speech, freedom of belief, Internet neutrality, online privacy, as well as technology proliferation and exploitation.  Terrorists use the Internet as a force multiplier, and the best approach to solving this problem is to keep them off of it through attribution and targeting, not to ban services and products available to law-abiding Internet users.

Given these parameters, the ISTF can submit a report with the following options:

Option #1:  Maintain the status quo.

Risk:  By maintaining the status quo, bureaucracy and fragmentation will always place the GoE on the defensive.  GoE will continue to defend against an avalanche of influence operations by making concessions to whoever launches them.  The GoE will continue to appear as incompetent, and lose personnel to assassinations and improvised explosive device attacks. The GoE will fail to prevent new recruits from joining terrorist groups, and it will not secure the proper atmosphere for investment and economic development.

This will eventually result in the full disintegration of the 1952 Nasserite state bodies, a disintegration that is central to the agendas of many regional and foreign players, and will give rise to a neo-Mamluk state, where rogue generals and kleptocrats maintain independent information operations to serve their own interests, instead of adopting a unified framework to serve the Egyptian people.

Gain:  Perhaps the only gain in this case is avoidance of further escalation by parties invested in the digital political conflict that may give rise to more violent insurgencies, divisions within the military enterprise, or even a fully fledged civil war.

Option #2:  Form an Interagency Cyber Threat Research and Intelligence Group (ICTRIG).

Risk:  By forming an ICTRIG, the ISTF risks fueling both intra-agency and interagency feuds that may trigger divisions within the military enterprise and the Egyptian Intelligence Community.  Competing factions within both communities will aim to control ICTRIG through staffing to protect their privileges and compartmentalization.

Gain:  Option #2 will define a holistic approach to waging cyber warfare to protect the political and economic interests of the Egyptian people, protect the lives of Egyptian service and statesmen, protect valuable resources and infrastructure, and tackle extremism.  ICTRIG will comprise an elite cadre of highly qualified commissioned officers trained in computer science, Information Operations, linguistics, political economy, counterterrorism, as well as domestic and international law to operate in cyberspace.  ICTRIG will develop its own playbook of mission, ethics, strategies and tactics in accordance with a directive from the political leadership of GoE.

Other Comments:  Option #1 can only be submitted and/or adopted due to a total lack of true political will to shoulder the responsibility of winning this digital political conflict.  It means whoever submits or adopts Option #1 is directly undermining GoE institutions.  Since currently this is the actual reality of GoE’s response to the threats outlined above, uncoordinated efforts at running several independent information operations have been noted and documented, with the Morale Affairs Department of the Military Intelligence and Reconnaissance Directorate running the largest one.

Recommendation:  None.


Endnotes:

[1]  Eddie Izzard: “Do you have a flag?”, Retrieved from: https://www.youtube.com/watch?v=_9W1zTEuKLY

[2]   Desert Falcons: The Middle East’s Preeminent APT, Kaspersky Labs Blog, Retrieved from https://blog.kaspersky.com/desert-falcon-arabic-apt/7678/

Cyberspace Egypt Murad A. Al-Asqalani Option Papers Psychological Factors

U.S. Options to Develop a Cyberspace Influence Capability

Sina Kashefipour is the founder and producer of the national security podcast The Loopcast.  He  currently works as an analyst.  The opinions expressed in this paper do not represent the position of his employer.  Divergent Options’ content does not contain information of an official nature nor does the content represent the official position of any government, any organization, or any group.


National Security Situation:  The battle for control and influence over the information space.

Date Originally Written:  May 18, 2017.

Date Originally Published:  May 29, 2017.

Author and / or Article Point of View:  The author believes that there is no meat space or cyberspace, there is only the information space.  The author also believes that while the tools, data, and knowledge are available, there is no United States organization designed primarily to address the issue of information warfare.

Background:  Information warfare is being used by state and non-state adversaries.  Information warfare, broadly defined, makes use of information technology to gain an advantage over an adversary.  Information is the weapon, the target, and the medium through which this type of conflict takes place[1][2][3].  Information warfare includes tactics such as misinformation, disinformation, propaganda, psychological operations and computer network operations [3][4][5].

Significance:  Information warfare is a force multiplier.  Control and mastery of information determines success in politics and enables the driving of the political narrative with the benefit of not having to engage in overt warfare.  Information warfare has taken a new edge as the information space and the political are highly interlinked and can, in some instances, be considered as one[6][7][8].

Option #1:  The revival of the United States Information Agency (USIA) or the creation of a government agency with similar function and outlook. The USIA’s original purpose can be summed as:

  • “To explain and advocate U.S. policies in terms that are credible and meaningful in foreign cultures”
  • “To provide information about the official policies of the United States, and about the people, values, and institutions which influence those policies”
  • “To bring the benefits of international engagement to American citizens and institutions by helping them build strong long-term relationships with their counterparts overseas”
  • “To advise the President and U.S. government policy-makers on the ways in which foreign attitudes will have a direct bearing on the effectiveness of U.S. policies.[9]”

USIA’s original purpose was largely designated by the Cold War.  The aforementioned four points are a good starting point, but any revival of the USIA would involve the resulting organization as one devoted to modern information warfare.  A modern USIA would not just focus on what a government agency can do but also build ties with other governments and across the private sector including with companies like Google, Facebook, and Twitter as they are platforms that have been used recently to propagate information warfare campaigns [10][11].  Private sector companies are also essential to understanding and limiting these types of campaigns [10][12][13][14].  Furthermore, building ties and partnering with other countries facing similar issues to engage in information warfare would be part of the mission [15][16][17].

Risk:  There are two fundamental risks to reconstituting a USIA: where does a USIA agency fit within the national security bureaucracy and how does modern information warfare pair with the legal bounds of the first amendment?

Defining the USIA within the national security apparatus would be difficult[18].  The purpose of the USIA would be easy to state, but difficult to bureaucratically define.  Is this an organization to include public diplomacy and how does that pair/compete with the Department of State’s public diplomacy mission?  Furthermore, if this is an organization to include information warfare how does that impact Department of Defense capabilities such as the National Security Agency or United States Cyber Command?  Where does the Broadcasting Board of Governors fit in?  Lastly, modern execution of successful information warfare relies on a whole of government approach or the ability to advance strategy in an interdisciplinary fashion, which is difficult given the complexity of the bureaucracy.

The second risk is how does an agency engage in information warfare in regards to the first amendment?  Consider for a moment that if war or conflict that sees information as the weapon, the target, and the medium, what role can the government legally play?  Can a government wage information warfare without, say, engaging in outright censorship or control of information mediums like Facebook and Twitter?  The legal framework surrounding these issues are ill-defined at present [19][20].

Gain:  Having a fully funded cabinet level organization devoted to information warfare complete with the ability to network across government agencies, other governments and the private sector able to both wage and defend the United States against information warfare.

Option #2:  Smaller and specific interagency working groups similar to the Active Measures Working Group of the late eighties.  The original Active Measures Working Group was an interagency collaboration devoted to countering Soviet disinformation, which consequently became the “U.S Government’s body of expertise on disinformation [21].”

The proposed working group would focus on a singular issue and in contrast to Option #1, a working group would have a tightly focused mission, limited staff, and only focus on a singular problem.

Risk:  Political will is in competition with success, meaning if the proposed working group does not show immediate success, more than likely it will be disbanded.  The group has the potential of being disbanded once the issue appears “solved.”

Gain:  A small and focused group has the potential to punch far above its weight.  As Schoen and Lamb point out “the group exposed Soviet disinformation at little cost to the United States but negated much of the effort mounted by the large Soviet bureaucracy that produced the multibillion dollar Soviet disinformation effort[22].”

Option #3:  The United States Government creates a dox and dump Wikileaks/Shadow Brokers style group[23][24].  If all else fails then engaging in attacks against adversary’s secrets and making them public could be an option.  Unlike the previous two options, this option does not necessarily represent a truthful approach, rather just truthiness[25].  In practice this means leaking/dumping data that reinforces and emphasizes a deleterious narrative concerning an adversary.  Thus, making their secrets very public, and putting the adversary in a compromising position.

Risk:  Burning data publicly might compromise sources and methods which would ultimately impede/stop investigations and prosecutions.  For instance, if an adversary has a deep and wide corruption problem is it more effective to dox and dump accounts and shell companies or engage in a multi-year investigatory process?  Dox and dump would have an immediate effect but an investigation and prosecution would likely have a longer effect.

Gain:  An organization and/or network is only as stable as its secrets are secure, and being able to challenge that security effectively is a gain.

Recommendation:  None


Endnotes:

[1]  Virag, Saso. (2017, April 23). Information and Information Warfare Primer. Retrieved from:  http://playgod.org/information-warfare-primer/

[2]  Waltzman, Rand. (2017, April 27). The Weaponization of Information: The Need of Cognitive Security. Testimony presented before the Senate Armed Services Committee, Subcommittee on Cybersecurity on April 27, 2017.

[3]  Pomerantsev, Peter and Michael Weiss. (2014). The Menace of Unreality: How the Kremlin Weaponizes Information, Culture, and Money.

[4]  Matthews, Miriam and Paul, Christopher (2016). The Russian “Firehose of Falsehood” Propaganda Model: Why It Might Work and Options to Counter It

[5]  Giles, Keir. (2016, November). Handbook of Russian Information Warfare. Fellowship Monograph Research Division NATO Defense College.

[6]  Giles, Keir and Hagestad II, William. (2013). Divided by a Common Language: Cyber Definitions in Chinese, Russian, and English. 2013 5th International Conference on Cyber Conflict

[7]  Strategy Bridge. (2017, May 8). An Extended Discussion on an Important Question: What is Information Operations? Retrieved: https://thestrategybridge.org/the-bridge/2017/5/8/an-extended-discussion-on-an-important-question-what-is-information-operations

[8] There is an interesting conceptual and academic debate to be had between what is information warfare and what is an information operation. In reality, there is no difference given that the United States’ adversaries see no practical difference between the two.

[9] State Department. (1998). USIA Overview. Retrieved from: http://dosfan.lib.uic.edu/usia/usiahome/oldoview.htm

[10]  Nuland, William, Stamos, Alex, and Weedon, Jen. (2017, April 27). Information Operations on Facebook.

[11]  Koerner, Brendan. (2016, March). Why ISIS is Winning the Social Media War. Wired

[12]  Atlantic Council. (2017). Digital Forensic Research Lab Retrieved:  https://medium.com/dfrlab

[13]  Bellingcat. (2017).  Bellingcat: The Home of Online Investigations. Retrieved: https://www.bellingcat.com/

[14]  Bergen, Mark. (2016). Google Brings Fake News Fact-Checking to Search Results. Bloomberg News. Retrieved: https://www.bloomberg.com/news/articles/2017-04-07/google-brings-fake-news-fact-checking-to-search-results

[15]  NATO Strategic Communications Centre of Excellence. (2017). Retrieved: http://stratcomcoe.org/

[16]  National Public Radio. (2017, May 10). NATO Takes Aim at Disinformation Campaigns. Retrieved: http://www.npr.org/2017/05/10/527720078/nato-takes-aim-at-disinformation-campaigns

[17]  European Union External Action. (2017). Questions and Answers about the East Stratcom Task Force. Retrieved: https://eeas.europa.eu/headquarters/headquarters-homepage/2116/-questions-and-answers-about-the-east-

[18]  Armstrong, Matthew. (2015, November 12). No, We Do Not Need to Revive The U.S. Information Agency. War on the Rocks. Retrieved:  https://warontherocks.com/2015/11/no-we-do-not-need-to-revive-the-u-s-information-agency/ 

[19]  For example the Countering Foreign Propaganda and Disinformation Act included in the National Defense Authorization Act for fiscal year 2017 acts more with the issues of funding, organization, and some strategy rather than legal infrastructure issues.  Retrieved: https://www.congress.gov/114/crpt/hrpt840/CRPT-114hrpt840.pdf

[20]  The U.S Information and Educational Exchange Act of 1948 also known as the Smith-Mundt Act. The act effectively creates the basis for public diplomacy and the dissemination of government view point data abroad. The law also limits what the United States can disseminate at home. Retrieved: http://legisworks.org/congress/80/publaw-402.pdf

[21]  Lamb, Christopher and Schoen, Fletcher (2012, June). Deception, Disinformation, and Strategic Communications: How One Interagency Group Made a Major Difference. Retrieved: http://ndupress.ndu.edu/Portals/68/Documents/stratperspective/inss/Strategic-Perspectives-11.pdf

[22]  Lamb and Schoen, page 3

[23]  RT. (2016, October 3). Wikileaks turns 10: Biggest Secrets Exposed by Whistleblowing Project. Retrieved: https://www.rt.com/news/361483-wikileaks-anniversary-dnc-assange/

[24]  The Gruqg. (2016, August 18). Shadow Broker Breakdown. Retrieved: https://medium.com/@thegrugq/shadow-broker-breakdown-b05099eb2f4a

[25]  Truthiness is defined as “the quality of seeming to be true according to one’s intuition, opinion, or perception, without regard to logic, factual evidence, or the like.” Dictionary.com. Truthiness. Retrieved:  http://www.dictionary.com/browse/truthiness.

Truthiness in this space is not just about leaking data but also how that data is presented and organized. The goal is to take data and shape it so it feels and looks true enough to emphasize the desired narrative.

Capacity / Capability Enhancement Cyberspace Option Papers Psychological Factors Sina Kashefipour United States

Evolution of U.S. Cyber Operations and Information Warfare

Brett Wessley is an officer in the U.S. Navy, currently assigned to U.S. Pacific Command.   The contents of this paper reflect his own personal views and are not necessarily endorsed by U.S. Pacific Command, Department of the Navy or Department of Defense.  Connect with him on Twitter @Brett_Wessley.  Divergent Options’ content does not contain information of an official nature nor does the content represent the official position of any government, any organization, or any group.  


National Security Situation:  Evolving role of cyber operations and information warfare in military operational planning.

Date Originally Written:  April 19, 2017.

Date Originally Published:  May 25, 2017.

Author and / or Article Point of View:  This article is intended to present options to senior level Department of Defense planners involved with Unified Command Plan 2017.

Background:  Information Warfare (IW) has increasingly gained prominence throughout defense circles, with both allied and adversarial militaries reforming and reorganizing IW doctrine across their force structures.  Although not doctrinally defined by the U.S. Department of Defense (DoD), IW has been embraced with varying degrees by the individual branches of the U.S. armed forces[1].  For the purposes of this paper, the definition of IW is: the means of creating non-kinetic effects in the battlespace that disrupt, degrade, corrupt, or influence the ability of adversaries or potential adversaries to conduct military operations while protecting our own.

Significance:  IW has been embraced by U.S. near-peer adversaries as a means of asymmetrically attacking U.S. military superiority.  Russian Defense Minister Sergei Shoigu recently acknowledged the existence of “information warfare troops,” who conduct military exercises and real-world operations in Ukraine demonstrating the fusion of intelligence, offensive cyber operations, and information operations (IO)[2].   The People’s Republic of China has also reorganized its armed forces to operationalize IW, with the newly created People’s Liberation Army Strategic Support Force drawing from existing units to combine intelligence, cyber electronic warfare (EW), IO and space forces into a single command[3].

Modern militaries increasingly depend on sophisticated systems for command and control (C2), communications and intelligence.  Information-related vulnerabilities have the potential for creating non-kinetic operational effects, often as effective as kinetic fires options.  According to U.S. Army Major General Stephen Fogarty, “Russian activities in Ukraine…really are a case study for the potential for CEMA, cyber-electromagnetic activities…It’s not just cyber, it’s not just electronic warfare, it’s not just intelligence, but it’s really effective integration of all these capabilities with kinetic measures to actually create the effect that their commanders [want] to achieve[4].”  Without matching the efforts of adversaries to operationalize IW, U.S. military operations risk vulnerability to enemy IW operations.

Option #1:  United States Cyber Command (USCYBERCOM) will oversee Military Department efforts to man, train, and equip IW and IW-related forces to be used to execute military operations under Combatant Command (CCMD) authority.  Additionally, USCYBERCOM will synchronize IW planning and coordinate IW operations across the CCMDs, as well as execute some IW operations under its own authority.

Risk:  USCYBERCOM, under United States Strategic Command (USSTRATCOM) as a sub-unified command, and being still relatively new, has limited experience coordinating intelligence, EW, space and IO capabilities within coherent IW operations.  USSTRATCOM is tasked with responsibility for DoD-wide space operations, and the Geographic Combatant Commands (GCCs) are tasked with intelligence, EW, and IO operational responsibility[5][6][7].”  Until USCYBERCOM gains experience supporting GCCs with full-spectrum IW operations, previously GCC-controlled IO and EW operations will operate at elevated risk relative to similar support provided by USSTRATCOM.

Gain:  USCYBERCOM overseeing Military Department efforts to man, train, and equip IW and IW-related forces will ensure that all elements of successful non-kinetic military effects are ready to be imposed on the battlefield.  Operational control of IW forces will remain with the GCC, but USCYBERCOM will organize, develop, and plan support during crisis and war.  Much like United States Special Operations Command’s (USSOCOM) creation as a unified command consolidated core special operations activities, and tasked USSOCOM to organize, train, and equip special operations forces, fully optimized USCYBERCOM would do the same for IW-related forces.

This option is a similar construct to the Theater Special Operations Commands (TSOCs) which ensure GCCs are fully supported during execution of operational plans.  Similar to TSOCs, Theater Cyber Commands could be established to integrate with GCCs and support both contingency planning and operations, replacing the current Joint Cyber Centers (JCCs) that coordinate current cyber forces controlled by USCYBERCOM and its service components[8].

Streamlined C2 and co-location of IW and IW-related forces would have a force multiplying effect when executing non-kinetic effects during peacetime, crisis and conflict.  Instead of cyber, intelligence, EW, IO, and space forces separately planning and coordinating their stove-piped capabilities, they would plan and operate as an integrated unit.

Option #2:  Task GCCs with operational responsibility over aligned cyber forces, and integrate them with current IW-related planning and operations.

Risk:  GCCs lack the institutional cyber-related knowledge and expertise that USCYBERCOM maintains, largely gained by Commander, USCYBERCOM traditionally being dual-hatted as Director of the National Security Agency (NSA).  While it is plausible that in the future USCYBERCOM could develop equivalent cyber-related tools and expertise of NSA, it is much less likely that GCC responsibility for cyber forces could sustain this relationship with NSA and other Non-Defense Federal Departments and Agencies (NDFDA) that conduct cyber operations.

Gain:  GCCs are responsible for theater operational and contingency planning, and would be best suited for tailoring IW-related effects to military plans.  During all phases of military operations, the GCC would C2 IW operations, leveraging the full spectrum of IW to both prepare the operational environment and execute operations in conflict.  While the GCCs would be supported by USSTRATCOM/USCYBERCOM, in addition to the NDFDAs, formally assigning Cyber Mission Teams (CMTs) as the Joint Force Cyber Component (JFCC) to the GCC would enable the Commander influence the to manning, training, and equipping of forces relevant to the threats posed by their unique theater.

GCCs are already responsible for theater intelligence collection and IO, and removing administrative barriers to integrating cyber-related effects would improve the IW capabilities in theater.  Although CMTs currently support GCCs and their theater campaign and operational plans, targeting effects are coordinated instead of tasked[9].  Integration of the CMTs as a fully operational JFCC would more efficiently synchronize non-kinetic effects throughout the targeting cycle.

Other Comments:  The current disjointed nature of DoD IW planning and operations prevents the full impact of non-kinetic effects to be realized.  While cyber, intelligence, EW, IO, and space operations are carried out by well-trained and equipped forces, these planning efforts remain stove-piped within their respective forces.  Until these operations are fully integrated, IW will remain a strength for adversaries who have organized their forces to exploit this military asymmetry.

Recommendation:  None.


Endnotes:

[1]  Richard Mosier, “NAVY INFORMATION WARFARE — WHAT IS IT?,” Center for International Maritime Security, September 13, 2016. http://cimsec.org/navy-information-warfare/27542

[2]  Vladimir Isachenkov, “Russia military acknowledges new branch: info warfare troops,” The Associated Press, February 22, 2017. http://bigstory.ap.org/article/8b7532462dd0495d9f756c9ae7d2ff3c/russian-military-continues-massive-upgrade

[3]  John Costello, “The Strategic Support Force: China’s Information Warfare Service,” The Jamestown Foundation, February 8, 2016. https://jamestown.org/program/the-strategic-support-force-chinas-information-warfare-service/#.V6AOI5MrKRv

[4]  Keir Giles, “The Next Phase of Russian Information Warfare,” The NATO STRATCOM Center of Excellence, accessed April 20, 2017. http://www.stratcomcoe.org/next-phase-russian-information-warfare-keir-giles

[5]  U.S. Joint Chiefs of Staff, “Joint Publication 2-0: Joint Intelligence”, October 22, 2013, Chapter III: Intelligence Organizations and Responsibilities, III-7-10.

[6]  U.S. Joint Chiefs of Staff, “Joint Publication 3-13: Information Operations”, November 20, 2014, Chapter III: Authorities, Responsibilities, and Legal Considerations, III-2; Chapter IV: Integrating Information-Related Capabilities into the Joint Operations Planning Process, IV-1-5.

[7]  U.S. Joint Chiefs of Staff, “Joint Publication 3-12 (R): Cyberspace Operations”, February 5, 2013, Chapter III: Authorities, Roles, and Responsibilities, III-4-7.

[8]  Ibid.

[9]  U.S. Cyber Command News Release, “All Cyber Mission Force Teams Achieve Initial Operating Capability,” U.S. Department of Defense, October 24, 2016.  https://www.defense.gov/News/Article/Article/984663/all-cyber-mission-force-teams-achieve-initial-operating-capability/

Brett Wessley Cyberspace Information and Intelligence Option Papers Planning Psychological Factors United States

Government of Iraq Options for Islamic State Detainees

Loren Schofield is a retired U.S. Army Special Forces Non-Commissioned Officer with 16+ years’ experience in Special Operations and Unconventional Warfare.  Divergent Options’ content does not contain information of an official nature nor does the content represent the official position of any government, any organization, or any group.


National Security Situation:  With the renewed offensive against the Islamic State (IS) by the Government of Iraq (GoI), what should be done with captured IS fighters and how can the GoI prevent future incursions?

Date Originally Written:  February 20, 2017.

Date Originally Published:  February 27, 2017.

Author and / or Article Point of View:  This article is written from the point of view of the GoI as they consider what to do with captured IS fighters.

Background:  Mosul is the last major stronghold in Iraq for IS.  This past week the GoI launched an offensive to take back the western side of Mosul which will prove to be much tougher than retaking the eastern half of the city.  Non-Governmental Organizations (NGO) warn that there could be up to 650,000 civilians trapped in territory still controlled by IS[1].  The offensive started just as graphic videos appeared on social media showing men in Iraqi Security Force (ISF) uniforms beating and killing unarmed people on the streets of Mosul[2].

Significance:  The manner in which the ISF treats captured IS fighters, as well as civilian non-combatants, will have long-term effects for the GoI.  How IS fighters and civilian non-combatants are handled post-capture will affect the rebuilding of Iraq, the GoI’s reputation within the international community, and will be watched by the GoI’s enemies.

Option #1:  The GoI and ISF treat all captured IS fighters and civilian non-combatants in accordance with the Geneva Convention and other applicable laws related to human rights and armed conflict.

Risk:  Option #1 will force the GoI and ISF leadership to take a firm hand with their personnel who are caught violating the Geneva Convention and other applicable laws related to human rights and armed conflict.  Option #1 forces the GoI to take a very unpopular position (unpopular with Iraq’s own people as well as the ISF) which could risk GoI political positions during the next elections.  Punishment of ISF who mistreat captured IS fighters and civilian non-combatants could even cause some of the ISF to mutiny thus splitting the force when cohesion is needed.

Gain:  By adhering to the Geneva Convention and other applicable laws related to human rights and armed conflict it puts the GoI and ISF on the moral high ground and shows the world that even in this difficult situation, the GoI and ISF place a priority on human rights and international law.  This will encourage NGO’s and other organizations that provide aid to come in and help the Iraqis rebuild their country.  Option #1 prevents members of the coalition from potentially removing their forces at the time the ISF is most in need should ISF mistreatment of captured IS fighters become publicly known and politically sensitive.  Option #1 will set a precedent and show the Iraqi people who were stuck in territory controlled by IS that they will be treated humanely once freed.

Option #2:  The Supreme Court of Iraq classifies IS as an invading force, tries every IS member on Iraqi soil in absentia, finds them guilty of crimes against humanity or a similar charge, and sentences them to death.  The GoI announces this verdict through all manner of media, to include leaflet drops over IS territory.  The GoI makes it clear that IS fighters will not be captured.  In essence, the GoI uses IS propaganda videos and the understanding of how IS trains and brainwashes their own fighters against them.

Risk:  With IS fighters knowing that surrender is not an option they will dig in and fight harder.  Even though there are many IS fighters who already plan to do this, there will always be a percentage that might potentially surrender.  With Option #2’s declaration those IS fighters who would surrender has been turned to zero.  The fighting will now be more dangerous and more brutal and cause more ISF fatalities.  The fighting will take longer, cause more civilian casualties, and cause worse damage to existing infrastructure.

Gain:  Option #2’s psychological element is as important as the actual military operation to destroy IS.  This psychological element will weaken IS by using the same type of fear that they are known for against them.  If a route to Syria is left open, some IS fighters may attempt to flee instead of face certain death (probably the same percentage of fighters will consider this as would consider surrendering).  Option #2 will also prevent long-term and expensive trials where detainee status (combatant, prisoner of war, criminal, insurgent etc.) may be used by lawyers to delay or extend trials.  The strategy of not capturing IS fighters as they are considered an invading force by the Supreme Court of Iraq will send a message to unfriendly State or non-state actors and may act as a deterrent.  If Option #2’s death sentence is only used on actual IS fighters, and not against the civilian non-combatants who were forced to support IS, the military and political leadership will likely see mass approval from Iraqi citizens.

Other Comments:  While the legalities of the Supreme Court of Iraq trying every IS fighter in absentia may be questionable, it allows coalition forces who want to support the GoI to continue in their support.  It may be a gray area, but sometimes gray is good enough.

Recommendation:  None.


Endnotes:

[1]  Graham-Harrison, Emma, Fazel Hawramy, and Matthew Taylor. “Iraq Launches West Mosul Offensive as Torture Videos Emerge.” The Guardian, February 19, 2017. http://www.theguardian.com/world/2017/feb/19/torture-videos-cast-shadow-over-iraqi-forces-west-mosul-offensive

[2]  Graham-Harrison, Emma. “Iraqi PM Announces West Mosul Attack as Images of Security Forces’ Brutality Emerge.” The Guardian, February 19, 2017. http://www.theguardian.com/world/2017/feb/19/violent-videos-threaten-iraqi-campaign-mosul.

Detention Iraq Islamic State Variants Loren Schofield Option Papers Psychological Factors