Information Operations

[SWJED]

Information Operations by Andrew Exum, Small Wars Journal

I have a few questions for the learned readership of Small Wars Journal. The first is, how many of you have ever looked up the official Department of Defense definition for ‘Information Operations?’

According to JP 3-13, Information Operations, the term is defined as “the integrated employment of electronic warfare, computer network operations, psychological operations, military deception, and operations security, in concert with specified supporting and related capabilities, to influence, disrupt, corrupt or usurp adversarial human and automated decision making while protecting our own.”

I am confident there exist more confusing definitions in the U.S. military lexicon, but surely there cannot be too many. In effect, the Department of Defense has taken the term ‘information operations’ as understood by cyberwarfare types and mashed it together with the term ‘information operations’ as understood by those of us waging wars of narratives in Iraq and Afghanistan. The resulting confusion has left us with a definition that tries to be everything to everyone while at the same time leaving us with a shoddy definition to communicate what we’re talking about as counter-insurgency theorist-practitioners when we use the term...

More at the link.

[Schmedlap]

I do not see where the confusion is. I regard field manuals and other publications to be about as useful and exciting as the ingredients label on my box of Lucky Charms (you'll never get your hands on them), but this is one definition that I think is pretty straightforward and fairly accurate.

Do we use IO as shorthand for psychological operations and message management?

Some people do, but that is because the use of the term "IO" by those unfamiliar with it was often equated with "talking points" in Bosnia or media relations in general or a military version of "strategic communication", and, of course, the dominance of PSYOP in the field, both in terms of personnel and the leveraging of assets, makes PSYOP and IO synonymous in the minds of many. I think if more officers actually read the definition, as the author has, then the confusion would be resolved. Then again, I know that Mr. Exum is a smart guy, so I guess we should do better.

Obviously, our definition of IO is different from the definition officially in use.

Not among the IO practicioners, but...

... what do we, as counter-insurgency theorists and practitioners, mean when we use the term “information operations?” ... So who out there can propose an alternate definition, and one which we can offer to those in the field in Iraq and Afghanistan? And is “information operations” even an appropriate term for that to which we’re referring?

A definition more readily accessible to all should be framed in terms of what we are shooting for: information superiority. To that end, it is basically creating a situation in which you can quickly process accurate information about the operating environment and make accurate assessments from it, you heavily influence the degree to which the enemy can process the information quickly and make accurate decisions from it, and others (the populace in the AO) are perceiving events as you wish them to be perceived.

The first part - quickly processing information and making accurate assessments from it - is where the surveillance and reconnaissance can come in, even though they are not "core" functions of IO. It is not enough to receive the information; we must also have some confidence in how accurate it is, to include knowing when the enemy is attempting a deception and when the enemy is acting upon false information of our own. And this also explains why the definition seems heavily influence cyberstuff. The speed and ease with which we gather and process information is important and CND is a factor.
The second part - influencing the degree to which the enemy can process the information quickly - is where core functions like EW and CNO come into play, as well as physical destruction - attacking the means by which he gathers and disseminates information. OPSEC is also at play, by denying him information about your activity and objectives. And whenever OPSEC is at play, related capabilities such as counterintelligence and the sub-function of the core CNO (CND) are also in play.
The third part - the enemy not being able to make accurate decisions from it - is where deception and counterdeception come into play. The enemy does not know if he is being deceived and does not know if his own deception plans are working.
The perceptions of others are where PSYOP and PA come in (yes, I dare use those two in the same sentence) - and PSYOP can also be leveraged for many of the other functions, especially deception, which makes it very versatile and helps to explain why PSYOP personnel and resources tend to dominate the IO field.

[MAJHefner]

I know what follows is not perfectly in line with the official FM/JP 3-13 definitions. Any time your definition requires a definition (who knows what information superiority is, anyway?) there is a real problem. It seems to me that the official definitions are sooo Cold War.

We talk about the art of war and we send folks to SAMS to make the proficient in the art of maneuver. IO is nothing more complicated than the art of influence.

Mao TseTong (sp?), if I may paraphrase, said the population is to the guerilla (insurgent) as water is to fish. Our initial efforts in COIN were something like standing on a riverbank with a fishing pole, congratulating ourselves on every catch and thinking somehow we would eradicate all fishes from the water. To eliminate fish (insurgents) you must make the water (population) untenable for them.

To achieve that we attempt to control information. The official definition of information superiorty speaks to controlling a greater quantity of information than the opponent. In my opinion, that is irrelevant. We need only to control the right information. All of the original 13 elements of IO play a part. IO (influence) cannot be net-centric because the population we are trying to influence is not net-centric. Regardless of how many hours you spend a day on the internet, you still, at some point, talk to actual people. You still are influenced by your culture, your nation, etc. First we must understand the influences on that population, then focus on what we can affect. While I don't like this terminology, the population, not the insurgent, is the target because the population is the insurgents center of gravity. First identify what it will take to influence the target, then bring that to bear. Just like you would not shoot a T72 with an M16, don't send PSYOP out to a village without water - send the resources to get them water that the insurgent cannot provide. I have heard of Vulnerability Assessment Teams (network stuff) going out to areas with a 30% literacy rate in support of below BDE ops. That reeks of "Sprinkle a little IO on it, the generals will be happy and we can go back to killing bad guys." Bad guys are like potato chips, kill all you want, they'll make more.

Influence is an art, something not subject to algorithms and cold logic. The current definition simply does not fit into current operations. IO will continue to be nothing more than a point of confusion until a relevant, current definition is provided.

[Stevely]

Influence is an art, something not subject to algorithms and cold logic. The current definition simply does not fit into current operations. IO will continue to be nothing more than a point of confusion until a relevant, current definition is provided.

Brilliant post. Your paragraph above get right to the point, but unfortunately it is cause for pessimism: institutionally we are obsessed with metrics-based thinking, and only really take seriously that which can be counted. Since arts can't be measured, expect us to remain in a state of confusion.

[marct]

Mao TseTong (sp?), if I may paraphrase, said the population is to the guerilla (insurgent) as water is to fish. Our initial efforts in COIN were something like standing on a riverbank with a fishing pole, congratulating ourselves on every catch and thinking somehow we would eradicate all fishes from the water. To eliminate fish (insurgents) you must make the water (population) untenable for them.

I have always had a problem with this metaphor based on a) the assumed stance of the perceiver and b) the assumption of non-action" by the "water". In regards to IO, again using this metaphor, it implies poisoning or draining the water such that the fish can no longer breath. This might make sense in some COIN situations (e.g. Bolivia), but does it make sense in places such as Afghanistan? Only to a limited degree I would suspect.

Influence is an art, something not subject to algorithms and cold logic. The current definition simply does not fit into current operations. IO will continue to be nothing more than a point of confusion until a relevant, current definition is provided.

Brilliant post. Your paragraph above get right to the point, but unfortunately it is cause for pessimism: institutionally we are obsessed with metrics-based thinking, and only really take seriously that which can be counted. Since arts can't be measured, expect us to remain in a state of confusion.

Actually, many "arts" can be measured, but the metrics tend to be meaningless to the particular institutional mind-set you are referring to Stevely. Let me give you an example of this: "music", as an art form, is composed of rhythm, pitch and timbre that are produced sequentially through time. Each of these three, let's call them "base measures", can be measured, as can several of the emergent properties coming out of them such as harmonics. Where we run into difficulty is with he measurement of the effects of such emergent properties on humans. In part, this is because the neurology of humans with regards to something like pitch is not fixed at birth but, rather, is fixed at the age of abut 6 months. Furthermore, the interpretation, at a psycho-neurological level, is conditioned by individual experiences with, or conditioning by if you prefer, a given musical genre over time. The reason why I chose the example of music is that, to my mind, it is a good analogy for the more generalized case of "Information Operation".

Let's consider how we should break them down analytically (and remember, I'm an academic, not an IO type ).

1. "Information" - defined as "a difference that makes a difference" (Gregory Bateson) is composed of
   1. something within the environment that may be so classed and,
   2. the perception (or sensing) of that something.
2. The interpretation of that information; which is composed of
   1. a symbol system that defined what is information within the system,
   2. analytic "tools" (actually symbolic manipulations) of that information to derive "meaning", and
   3. a prescriptive system for action based on interpreted "meaning" (all of this comes from Andrew Abbott's, the System of the Professions).
3. Actions taken based on the interpretation of that information.

Now, that is the simplified system, and it gets much more complex later on . In particular, there is another, cross-cutting, dimension to this which deals with the media of communications in all of these steps. All media, barring face-to-face (F2F; which I'll talk about latter), distort the default value of communications for humans (F2F is the default value in that we evolved as a species using this medium) in either (or both) time and space. These distortions effect how the gathering, analysis and conclusions of IO are conducted and interpreted.

Face-to-face communication is the basic form of communications we, as a species, evolved with and is our "default value" for communicative media. This doesn't mean that people tell the "objective truth" (if such a thing can be told!) when they are talking face to face. What it does mean, however, is that we have a lot of neural circuity that acts to detect "lying", "cheating". Also, F2F communications contains a lot more "information" that we have available for interpretation (e.g. tonality, body language, eye positioning, scent, pitch, rhythm, timbre, etc.). This additional "information" (actually, sensory output) allows for an increased number of emergent properties such as "charisma", "spinning illusions", etc.

You know, this is turning into a rather long response . I think I'm going to leave it there for now and write up a blog entry on it.

Marc

[Schmedlap]

I was surprised that there is so much confusion on this issue, but upon searching 3-24 I only found one passing reference to Information Superiority, and it was in Appendix E. However, in the old FMI 3-07.22, I found this, which sums it up pretty well, in my opinion:

The goal of IO is to gain and maintain information superiority at decisive points. Information superiority is the operational advantage derived from the ability to collect, process, and disseminate an uninterrupted flow of information while exploiting or denying an adversary's ability to do the same (FM 3-0).

I think that much of the discussion on this thread is borne of misperceptions of IO rather than of some defect in the concept of conducting operations in the information environment. The real issue is how we organize our staffs and how we task various assets to accomplish it.

[wm]

IO is really A PAIN:

Availability
Privacy
Authenticity
Integrity
Non-repudiation

In its offensive form (nutshell #1), one denies one's opponent the above attributes of information.
In its defensive form (nutshell #2), one assures one's own side of the same attributes.

PSYOPS, OPSEC, EW, Fires, Information Assurance(IA)/Cyberwar, etc. are all TTPs one may use to achieve the above goals. Like pretty much everything else in the world of operations, each is METT-TC dependent.

[Ron Humphrey]

I have agree about the definition and the need for somewhat more implicit guidance. The problem however as several of those among us who've been talking about it for a while know seems to be the my piece of the pie syndrom.

By this I simply mean that because real Information Operations is and should be inclusive of all the varied areas of study mentioned in joint pubs and more. With this being the case it has been my experience that those of any particular discipline percieve and approach it in that light. The EW guys can naturally find all the different ways to gain information superiority with their systems, the same goes for all other groups and as such what you generally get reflects who you've got.

The statement I've heard most often has been that it seems to get too complicated when you actually start breaking down all the various components and capabilities and there is often an assumption that those charged with doing it won't be able to do it well enough. I would tend to agree with MAJHEFNER in that

IO is nothing more complicated than the art of influence.

. It's just made harder by those who try to place it in their own boxes.

I would suspect that 99% of what a good IO planner works with and the skill sets used are not much different than what most anyone does within the confines of their own lives on a daily basis. That said OK lets get a definition that is more explicatory, the toughest part is going to be making it such that all who read it don't read too much, or too little into it, but rather accept it for what it is.

BTW remember I always like to over simplify things

[Bill Moore]

I tend to agree with Andrew's comments about IO. First, definitions are obviously very important, since we can't comunicate clearly without them. Of course we live in a gray world, but words still have meaning, and should provide as much clarity as possible, and you don't do that with the incorrect use of terms. Unfortunately, the definition of IO presents problems based on its current scope as defined by DoD.

When IO first developed, it was DoD's response to the rapidly emerging Information Age (largely technology based). It was offensive and defensive in nature, but technically focused. Somehow PSYOP got thrown into the mix, which I think was a serious mistake because we took a needed technical speciality and turned it into the overall art of war. Now IO means everything, so it really means nothing.

I tend to like the new terms in the Army's FM 3-0, and hope that eventually DoD will develop Joint terms along a similiar line of thought to help clarify the confuse that IO creates.

Influence Operations: to effect the behavior of the intended audience through coercion, information engagement, presence and conduct.

Information Engagement: the government's use of integrated employment of public information programs, psychological operations, and support leader and government activities (reparing a school, security force behavior) to influence a target audience.

While not perfect they are closer to what we are actually doing, but we still a definition for the high technology side of IO for computer attack and defense, etc. Everyone now has their biases, so it will be hard to fix this, but ideally would go to a clean slate and start over with these terms. I really wonder if there is any utility in lumping all those activities under one blanket term to begin with?

[joelhar]

I know what follows is not perfectly in line with the official FM/JP 3-13 definitions. Any time your definition requires a definition (who knows what information superiority is, anyway?) there is a real problem. It seems to me that the official definitions are sooo Cold War.

We talk about the art of war and we send folks to SAMS to make the proficient in the art of maneuver. IO is nothing more complicated than the art of influence.

Mao TseTong (sp?), if I may paraphrase, said the population is to the guerilla (insurgent) as water is to fish. Our initial efforts in COIN were something like standing on a riverbank with a fishing pole, congratulating ourselves on every catch and thinking somehow we would eradicate all fishes from the water. To eliminate fish (insurgents) you must make the water (population) untenable for them.

To achieve that we attempt to control information. The official definition of information superiorty speaks to controlling a greater quantity of information than the opponent. In my opinion, that is irrelevant. We need only to control the right information. All of the original 13 elements of IO play a part. IO (influence) cannot be net-centric because the population we are trying to influence is not net-centric. Regardless of how many hours you spend a day on the internet, you still, at some point, talk to actual people. You still are influenced by your culture, your nation, etc. First we must understand the influences on that population, then focus on what we can affect. While I don't like this terminology, the population, not the insurgent, is the target because the population is the insurgents center of gravity. First identify what it will take to influence the target, then bring that to bear. Just like you would not shoot a T72 with an M16, don't send PSYOP out to a village without water - send the resources to get them water that the insurgent cannot provide. I have heard of Vulnerability Assessment Teams (network stuff) going out to areas with a 30% literacy rate in support of below BDE ops. That reeks of "Sprinkle a little IO on it, the generals will be happy and we can go back to killing bad guys." Bad guys are like potato chips, kill all you want, they'll make more.

Influence is an art, something not subject to algorithms and cold logic. The current definition simply does not fit into current operations. IO will continue to be nothing more than a point of confusion until a relevant, current definition is provided.

Absolutely 100% spot on.

[selil]

In effect, the Department of Defense has taken the term ‘information operations’ as understood by cyberwarfare types and mashed it together with the term ‘information operations’ as understood by those of us waging wars of narratives in Iraq and Afghanistan.

This is of course quite true. In my research into cyber warfare I have found a variety of definitions and all most all of them under the heading of information operations. This suggests that cyber warfare, psychological operations, public affairs, and such are subsets of information operations. However, I am not sure that is the truth of it.

As an example network centric warfare has two specific connotations that are worlds apart yet under the same primary heading.

Example 1: The Arquilla/Ronsfeldt description of network centric warfare is the social networks of individuals and organizations without consideration of technology other than as a force multiplier.

Example 2: USAF literature describes network centric warfare as the network enabling tools found on the platform and between the weapons platform and command and control constituencies. Technology is the primary element in this paradigm.

It should be quite obvious that these two definitions are quite far apart yet have communication as a common component. The generalization is that regardless of the technology networks or associations between disparate parts exist and they can be examined and used/defeated based on their cohesion and utilization.

Then there is cyber warfare. It takes a moment to expand the idea most people have about information technology and computing. Information technology has existed since the written record first leapt from the cave wall to the papyrus scroll. The management and enabling technologies of information have merged with the act of war ever since. Whether it is Caesar tattooing messages to his generals on the shaven scalps of slaves (steganography), or combat telephones in the trenches of World War 1 France for command and control, information conduits are linked to war.

Thus like land, air, sea warfare and their battle spaces cyber warfare exists in it’s own shared space with them. In 1984 William Gibson on page 8 of “Neuromancer” coined the term “Cyber Space”. Cyber space is a construct and an agreement between entities to define the area we can not see where computers, telephones, and devices communicate and transact on a variety of paths. It is easier to use a known construct and expand upon that then to create a new one out of whole cloth. Cyber warfare exists in that space where command, control, communication, coordination, intelligence, surveillance and reconnaissance (C4ISR) exists.

When thinking about this space do not artificially limit yourself to the “world wide web” which is fairly small. Digging deeper below the “web” and the “Internet” is the actual battleground. Every unmanned aerial vehicle interacts with this new cyber terrain. The communication infrastructures of the battle groups and artillery units supporting Marines interact with the new terrain. Every message, command, logistics order, telemetry data packet, and email home crosses this terrain.

I will not go into to much detail as I have likely lost the interest of most people, but there are only five things I can do though I can do them a myriad of different ways. I can block your interaction and deny you the terrain, I can spy on your messages as you send them, I can change the content of your information or command and control, I can make you distrust what have you have received, and finally I can violate the “who” of whom you are speaking. In that I have those five techniques available cyber warfare is linked to the information conduits and information operations paradigm. Even though it is totally discrete much like our two examples of network centric warfare are discrete but linked.

A variety of technology authors and conflict authors have written about cyber warfare and whether it exists or not. The fact is that all of the elements of cyber warfare have been with us since the beginning of conflict between humans. The metaphors for the information technologies are lifted from the real world aspects of information operations and translated to a new terrain in cyber space. The common refrain that cyber space has little relevancy in the real world as a kinetic attack vector falls quickly to the realization that the network centric battlefield gives the cyber warrior the ability to use the enemies weapons against the enemy.

Suddenly the cyber-terrain takes on the aspects of a guerilla war where scavenging from the enemy and prosecuting conflict in an asymmetric manner realizes the goals of information advantage and kinetic results in the real world. If I take over your UAV through cyber-warfare and blow up your troops by violating the command-control and telemetry systems that is a real world effect through cyber warfare. If for example the bullets for front line troops in dire need are translated to beans the operational and kinetic capability of the troops is degraded in the real world through the cyber. Is that still in the realm of information operations?

My challenge for this website’s readers, then, is the following: what do we, as counter-insurgency theorists and practitioners, mean when we use the term “information operations?” Do we use IO as shorthand for psychological operations and message management?

I would say simply yes this is true. The reason for the mashup by the cyber-warfare types is that what ever is created in the real world can likely be translated to the cyber realm fairly quickly.

[Tom Odom]

Originally Posted by Andrew Exum
My challenge for this website’s readers, then, is the following: what do we, as counter-insurgency theorists and practitioners, mean when we use the term “information operations?” Do we use IO as shorthand for psychological operations and message management?

Andrew,

In the current operational context, absolutely. In a more conmventional setting probably not--then the cyber war or EW ened would come back into play. That siad, it is NOT always that way. In 94 the world lost the IO war that driected the genocide in Rwanda. We lost the message war. We obviated our roles in the influence war. And we never took up the cudgel part of IO to shut down Radio Milles Collines.

Tom

[MTanji]

You have highlighted a long-standing issue that has yet to be addressed with any level of effort as far as I know: IO tends to be what you want it to mean based on your discipline. Spend time in cyber-centric shops and they will tell you they do IO; same goes for PSYOP orgs or shops full of head shrinkers. Do they all do _aspects_ of IO? Sure. Who does IO writ-large? No one and that's always been our problem. Doctrine we have, organization, not so much. Find me any other military discipline that does not have a single proponent or "parent."

One could argue that since discrete parts of IO can be used in a lot of places in a lot of ways that it makes sense to roll your own as you go along. The problem with that is self evident with the duplication, repetition and sometimes cross-purposes we've been running into over the past decade-plus. There is nothing like standing up in front of an allied audience explaining US IO doctrine and then not having a decent answer to the obvious questions: "So is this how you are organized?" and "Where is your national IO office?"

There was a time when I knew personally or by reputation most if not all the major players in the IO space (IW back in the day). Just a few years later that was not the case. Is that good or bad? It's good in the sense that people recognize the value and we achieved critical mass; bad in that it is in essence a Hydra we can't get our hands around.