March 24, 1999
 

"Conflict in the Information Age"
 

I am going to come at this a little aggressively. I happen to think the time is past for conversations. I voted for Information Warfare, not Information Operations. I think it masks the issues and confuses us to talk about Information Operations. But I will use IO so that we all stay on some common understanding. At least, from an Air Force perspective, we’ve had the Air Force Information Warfare Center since the early 1990s. We’ve had the Joint Command and Control Warfare Center since the early 1990s. Both are described as accurately focused. We don’t necessarily have to back away from the notion that this is really combat.

I want to paint a picture of technology. Then I want to mess around a little bit with what I think is occurring. We act as if there is an offense and a defense, and there isn’t. It is all common technology. It is more like playing soccer; you’ve got to know where you are on the field. Then there are some real applications, but it is not a jump start system. You can’t call Friday night and say “what can you do for me Saturday.” You’ve got to shape the battle space. There is a lot of preparatory work that has to be done. We need to get on with it.

Let me rumble through some thoughts for you. I think it is pretty important to note that we are heading for a content or knowledge-centric infrastructure in the 21^st century. We are spending far too much time talking about this as thought it were computer-oriented or psychologically oriented or something like that. The nation’s strategic coin is shifting from its industrial base to its information infrastructure technology. But the value in that is not the infrastructure or the network; it is the content. Our job is to develop the ability to stay relevant to the nation’s strategic coin, which is going to be its knowledge or content. That is not that far away.

Secondly, the world wide web is growing at such a rate that we are well on the other side of our youngsters understanding this from a combat perspective. We dumb them down when we bring them in and train them to be intelligence or communications or operations when they know full well that the paradigm has shifted. It has become a software-oriented world. We have to get to the condition where we understand software as easily as we did hardware in the industrial age.

And concerning the issue of processing, I want to signal that I think we are working the wrong end of the problem. We’ve acted as though a massive amount of information would confuse the war fighter. I don’t think that is the case. We can now build a CRAY computer that fits in the palm of your hand. You can have all the information you want. It can be processed and tailored to fit your needs. The question is, when will we put it in our infrastructure and use it?

If you want to know where technology is going, don’t go visit the Services because they are not spending any of this money. If we don’t have major commercial leaders come and talk to us, then we are not tuned in to where the nation’s investment is.

I will make this point once: it is all global, stupid. It isn’t air; it isn’t space; it isn’t Service oriented. It is all global. We are going to work in a completely different analytical paradigm than the one we are accustomed to applying to our missions.

I was sent to the Bill Gates’ off-site about a year ago with the top 100 CEOs. I was the designated tow target for Defense. I was supposed to go there with these guys and convince them they had national security responsibilities. I thought that was a pretty fair fight, and I came away feeling pretty good about our ability to interact with that group. One of the things you notice is that they plan to reinvent their companies every three or four years. They plan in web years every three months. When we have ideas which we believe we will look at next year, develop a plan for, put in play the year after that and then invest in 02 and 03, the future is accelerating away from us at that rate of change. We have to get our rate of change up, which means driving decisions down to much lower points in our organizations than we settled for in the 1980s and 1990s as we sat on autopilot through the end of the Cold War. In addition, we are going to have major threats to our infrastructure. It is going to become as important as electricity, and you will not be able to envision operating without it.

And I am going to get back to this notion of knowledge because your workforce becomes an important part of the investment. We are not investing in that group. We have to switch and think about people as the knowledge that we need. We are going to have to invest in them to keep them.

Let me shift off of that. Remember, all these kids who are joining us have spent time being customers. When we bring them in and say, no, you don’t get it, you are going to be an Air Intelligence Analyst, they have actually spent all of their time having all the information they want in very rich access. Then we slap their hand and say, don’t touch that software. Every time my son visits, he changes the software in our computer. I hate it. But he is accustomed to that. That is the way they operate. They are not leaving us because they want more money. They are leaving us because we don’t get it, and when we signal that we don’t get it, then the money becomes interesting. But they are interested in national security and they can bring great capacity into our services.

I used to use the term battle space, but General Fogleman’s cheeks would wrinkle up and he would say, “I do not want to have that discussion with you anymore.” It is advanced commercial technology. It is not a battlefield like we think of it where we isolate the force structure in such a way that we can create ratios and environments in which we would like to operate. That $7 trillion a year is building the battle space in which we will operate. It is driven by commercial technology, and it is all global, and we are going to operate in it. That brings great opportunities and huge vulnerabilities. It also tells you something about your new important partners in the 21^st century.

If you think of war and peace as a continuum, I think you will see that we are on the other side of peace. I’ll make the argument that we are at war all the time. The more important parts of the iceberg we are not aware of right now. It is all international, and it is all commercial. So, most of our analytical paradigms, which envision the U.S. only, and some ability to cause a Defense context, absent partnering with commercial industry, are not going to work because the commercial world owns most of the battle space. They do most of the investment and if it is all global, consider the notion that in any context, you are going to find you have a partner somewhere that you weren’t counting on having.

When General Joulwan swung by, he was going into Bosnia, and I was at the Defense Intelligence Agency, he said, “hey Ken, I want you to fix up an intel system that allows NATO, non-NATO, the French and the Russians all to see the battle space the same way.” I said, “who are you, really?” He said, “I’m serious.” We set that up and it worked pretty well. Then he swung by and said, “I’m changing the mission. Now we are going to go after these criminals. I don’t want the Russians in on this anymore.” I said, “you didn’t tell me you wanted to disconnect this, too.” My point is, when the scenario changes, we have to have the ability to move back and forth among our partnerships.

If something has changed that is opportunistic, it is this notion of virtual. It lets us see the adversary in a different analytical template. It allows us to target vulnerabilities, and it drives us to think about dispersed operations. What outfit would you think would fit comfortably into using lethal and non-lethal as a coherent whole and operate like that all the time? You would think we would be very comfortable in operating in that context. It is the heart of the envelope -- the way we like to do things.

If you look in the context of what it means to us, it gives us this opportunity for lethal and non-lethal. When I am finished, you will have only heard non-lethal from me. My view is we are adding arrows to the quiver. We are not building two distinctive quivers. There is no place for computer network defense if there isn’t a place for computer network attack. There is no place for you to conduct the offense if you choose not to do the defense at the same time. Like in playing football, we’ve got both teams on the field at the same time. Exploiting that medium is what it is going to be all about.

That said, here are a couple more thoughts. Let’s try to take apart this paradigm that says I can analyze a battlefield. I am suggesting first -- if we are going to play chess, not checkers -- that we are going to leave Clausewicz behind. All the pieces don’t move in a straight line. Each has different capacities, but we have to have the same strategy across them all. We have to see the end game. We have to be thinking ahead, so the fight is on everyday.

That’s the first thought. Second, I want to suggest you really are in an era when there is the death of distance. When was the last time you worried when you sent an email how far it was going to go? You’ve reached the point now where, in terms of affecting the battlefield, it doesn’t matter where we are in the globe. As a matter of fact, what would we like? Rich global access. We create the conditions that allow us to operate in that environment, and we create them in such a way that we can take advantage of them. So our analytical paradigm is not physically centric, it is technologically centric.

What are some differences? My industry, my citizenry, my allies, my adversaries are all in this together. In terms of the complexity of the planning, it can’t be left as though it is a unique capacity. It has to be a part of the general way we operate. The ideas that we parade right now, even when we get down to the special annexes, take you into an environment where you isolate yourself. You have preserved the stove pipes down into the Services while integrating the joint. Until you get that down farther, it is not going to be very effective.

I want to touch on the defense a little bit. Creating this commercial environment is an ARPANet. The builders of the environment from a conceptual perspective are people who are in the room or who worked on projects like that in the past. It was intended to be open and not secure. It is like a 1930s party line. You have no idea who is in it. You don’t have any set of security services, and the side show is this notion of having privacy. Industry, as it invests in electronic commerce for the 21^st century, is unable to secure its investment. Every time you see it try to go global, it has to be withdrawn because it can be abused by what I would describe as the novice - the two kids in California level. If it can be abused by that, don’t you just start wondering what is going on in the rest of the iceberg?

If you focus on Solar Sunrise in that context, those are relatively capable folks, but as a culture, their intention is to be discovered because they want credit for the operation. What if your intention were to not be discovered? What if it were to operate in the rest of that iceberg? You don’t know I was there. You don’t know what I took. You don’t know when I left, and you don’t know when I am coming back. If that is your intention, and you are in the rest of that iceberg, that is where we want to operate. There are peer groups in there. That unstructured threat is what we are focused on. We ought to be focused on a full, robust, structured threat, which is operating in our information infrastructure today.

Any exercise we run shows that the red teams succeeds. I hear a lot of whining about Eligible Receiver. It was my idea to make NSA the red team, but you’ll hear people say, “yeah, but you used the first team and we didn’t.” Well, yes, but we had to use hacker techniques, we didn’t use these thing we’ve developed. “Well, yeah, but you worked it hard.” We had to obey the law. For the red team to obey the law, use hacker techniques and succeed 100 percent of the time should worry us.

What is at risk though? Let’s go back to that strategic coin. What you see is the infrastructure emerging as exposed. As you move from your industrial base to this information infrastructure that is being built, the extension of the industrial base has great exposure and it cuts across the different commercial templates. So, banking has a different interest than electric power. Electric power has a different interest than transportation. Who is going to look through those all and see them connected? That is going to fall to the Services and the Department of Defense. That leadership role is going to go to the Service that starts to connect the relevance of what it wants to do to the templating and vulnerabilities and opportunities and then builds a coherent strategy to both exploit it and protect it.

What is needed here is a strategy. We call it information assurance. It fits distinctly. If you are going to use Information Operations, you might argue, you want to defend first. I’ll make that argument a little more aggressively in a moment. If you are worried about being offensive using warfare, then you ought to be offensive using assurance. Don’t say, defense. We can be assertive in using the term information assurance. What it talks about is having a rich sense of your vulnerabilities.

Then it says, if it is all global, stupid, then what I am looking for is a civil defense-like context. Where civil defense saw the industrial base, now we want to see the information infrastructure base. We want to see that global opening. So why would I want a DoD defensive line? I am defending right in my back yard. I want to push my defense as far as I can from a national security perspective. Now I need a set of services, not just encryption, not just confidentiality. We need to know what sort of business we want to perform in this industry. I’d like to know that you have digital signature. When you send me an email, I want to know it is you. I want to know that nobody messed with the data. I want to know that you complied with what I asked you to do. I want to know that you disconnected yourself when you left and you didn’t leave anything behind. If I can’t establish that trust, what are the odds we are going to use the $7 trillion a year annually that is being invested? They are remote. Defense is going to have to display an interest in that. When the DoD topline was raised, there is not one penny in it to enhance our defense of our own infrastructure.

We can then see mission critical mission components, and we can see our industry relationships. We can fight our way through the battle space and we get out to the warfighter. If we have all this technology, why wouldn’t we bring it to the fight? Why would we not make Milosevic rue the day that he ever thought about conducting these operations? Why narrow it to a field of play that he believes he can survive in? Desert Fox was a replay of Desert Storm 10 years after. Why would we allow that to occur without using some of our massive technology?

That said, we need a partnership with industry. There is a partnership with industry from an intelligence perspective. Where is the partnership with industry from a Defense or Service perspective? Just like we used to build partnerships with industry, when we understood the model of flying airplanes at a time when no one understood that medium and no one spent that time, we are at our best when the medium is free and open. In this case, it is free and open beyond what most of us would have imagined. But that is not unlike the challenges faced by those who came before us when they were only talking about airplanes or when they started talking about space. Now we are global.

We have to spend some time connecting ourselves, and I am going to switch now from a defensive perspective, and I am going to become aggressive. What do indications and warnings look like for those worried about an electronic Pearl Harbor. What is it we are going to do? Because, we want these things in our kit bag, now we are going to become active in defense, just like we are active in attack.

We need a scheme to do that. This is my second template. It says, now I put the sensor and shooter peripherals in play on the battlefield. I’ve loaded the policy maker in. When is Wes Clark a policy maker and when is he a CINC? He needs to move easily between those two. I have shown you that you have the network transportation in virtual layer. We’ve had the death of distance. Now we want to shape that environment and we’ve agreed we are playing chess not checkers, and that we’ve got offense and defense on the field at the same time. Go back and examine all of the initiatives which are in play, and they are all narrowly based on functionalities like offense, defense, computers psychology. They are not broadened over this analytical paradigm. This is where we want to shape that battle space. The dominant lesson learned in Desert Storm is we fought in a shaped battle space.

I put Information Operations on next. I’ve removed peace as the componentry, and I am now offering Information Operations. I’ll transition to Information Warfare if you wish. Where do you want to draw that line so that we in uniform have some set of those responsibilities in our Title X authorities? Where would you like that to be? And how would you want to operate? If you want to conduct information operations today against nations or adversaries which we are not in combat with, but we may be, how do you do that? Where are the authorities? Where is this notion of an attack to distinguish a criminal activity? We’ve yielded the entire front end to the domain of law enforcement. We’ve shown no interest in it from a warfighting perspective.

Next is imagery. If you want to know what has happened, take a picture. If you want to know what is going to happen, work with Baker [Air Intelligence Agency Commander] tomorrow. If you simply say that if the analytical paradigm for a hard target is what is there, wouldn’t you rather see, say, Iran, in its virtual context than only its geophysical? Would you rather see that analytical context given all this technology we have? If you want to know where Iran is going to be in five years, look at the country’s technology engine room. It is residual Soviet and West European. Where would I be analyzing what that is going to look like, and wouldn’t I like to help shape it? Wouldn’t I want to be a part of understanding what that is going to look like? And if I want to know the battle space 10 years from now, where does the engine move for that technology? It is right here in the United States, it is that $5 trillion a year annually. We have to learn about how that battle space is going to be generated in order for us to operate in it.

There are many items on the menu of things we need in Information Operations, but there are two that are most important. I want to get at modeling and simulation first, and I want to get at the term participation.

If I went to General Shaud and said, “today we are in Saudi, and you are going to go flying. They’ve got some SA-2s up there to illuminate you, but we have non-lethally disabled the target traffic. Trust me, you can fly safely. With all this stuff going on, it will be just fine. I can’t go with you because I am an intel guy, but I will debrief you when you get back.” General Shaud would say as General Dixon did to me one day in Vietnam, “jump in the back seat Ken, we’ll go together.” We have not modeled, simulated, trained and then exercised it. So why would the operator put it in the same quiver with the other arrows they get to model, simulate, train and exercise. It is perfectly capable to be fitted, and we can practice and exercise, but we have to start to put some money into it.

Participation is the other term. We are on the other side of talking about some of the force as supporting. We need to talk about them as participants. They are inextricably tied to our success. We need to quit training people to support military operations and train them to participate in military operations because that is where we need them, and they are not being trained to that level right now. We owe them much better training than they are being given. It would be a great place to start major change. The only other thought I want to share with you in that sense is this notion of diagnostics. My view is that we have yielded most of the debate to law enforcement. If law enforcement people were here today, they would tell you about a new national infrastructure protection center. They'd tell you about investments and all they are doing to fight crime. They did Solar Sunrise. They have a rich set of criminal initiatives because we have not defined anything that is an attack. We have not asserted that anything that occurs within our infrastructure, which is important to us, we will not necessarily view as a crime. We may not call the OSI. But by not asserting that, we haven’t removed ourselves from what I would describe as the criminal aspects of investigating in order to talk about it from a diagnostics perspective. Why wouldn’t we start to look forward in terms of our modeling and predict -- and then conduct -- active defense. We would be defending in global cyber space. We would not be certifying that we’ve been attacked. We would now bring in asynchronicity to our advantage. We wouldn’t have to respond in kind. We have a lot of arrows in our quiver. The question is, what do you have that is vulnerable? We want to threaten that.

Active defense says we don’t deal too much in forensics. I remember one day that we were having some problems with STRATCOM, and they had called the FBI, and I was told we can’t tell the CINC because it is a law enforcement issue, and they put a yellow tape around it, and they were going to investigate it. You can’t live with that, but that is where we are, essentially. We have all this activity going on, and none of it is seen as an attack on our military context. What this would let us do is carve out an area where we would like to work. We would bring very rich Service capabilities back into play.

Lastly, simultaneity. What would you like to do if you were an outfit like this? You’d like to have global capability to regionally focus for the purposes of establishing dominance. You want to do it at several places at the same time. We want to dominate Kosovo. We want to dominate Iraq. We want to prepare and dominate a NEO. We need an outfit that sees globally. That has this rich set of quivers and it can operate in simultaneity. It doesn’t choke when you say, “I’m going to do another one.” We have planned on that. We understand the technology. It happens all day commercially, so it is not that difficult. But it does require a brand new command and control system, a brand new concept for the way we want to operate in the 21^st century. How do we fly airplanes in it? Sail boats? People? What is that kid doing to process all that? Remember, the network doesn’t have any control, it wasn’t built that way, and it doesn’t have any security services. You expect us to be a customer for those.

What I’ve got then is, my team is building for me. I need a lot of global partners. I’ve got to work with industry. C4ISR means a little something different to me. I’ve got participants, not just supporters. I have this global context for cyber space. There is an outfit out there which has grown up operating in that context.

We talk about a warfighting team. But maybe the term warfighter eliminates too many people. If it is a team, how do I train them? How do I put them together? How do I get them to operate like that so they come together as one entity rather than these different functionalities like we’ve historically trained them? They are ready to be put together as that team.

If you owned Microsoft, and you owned General Motors, and you sold off all of their infrastructure, which set of people would you like left? Half of Microsoft’s value is in its people. Half of our value is in our people.

The systems administrator is the code clerk of the 21^st century. In Ineligible Receiver, we kidnapped them and couldn’t get PACOM to report them as kidnapped, so NSA was running away with all the passwords. Finally, I called and said, “would you guys at least call in that your system administrator got kidnapped so we can stop doing this and move on.” We didn’t recognize how important that knowledge was as a vulnerability for ability to operate. We have to value those people and bring them in that context. They are not leaving us for money in the first instance. They are leaving us because they don’t think they fit, and we are not taking advantage of their knowledge.

Information superiority is not a right of citizenship. If it is all global and it has a big commercial component, then we need an outfit that thinks like that and this one does, and has historically. This just happens to be one of those challenges along the way.

I will finish up with a couple more thoughts. Shaping is very important. Shaping starts with modeling, simulating, training and exercising. It means investing in technology. It means building real capability, putting arrows in a quiver and then using them in a normal way. It has to be done so those modern technologies are seen as global. You have to defend yourself so you can’t take things like the technology and separate them. You can’t say, “I’ll only do computer network defense.” That will not work. You have to have a very rich context of how it is done. Then you have to build a work force that values its knowledge. That is the way it will operate. They become part of the warfighting team, inextricably tied to its success every day.

I want to circle back on the point I made on the CRAY computer in your hand. We are managing the wrong part of the problem. We are managing a problem as though we have insufficient processing to get all the information we want. In fact, we are entering an era where even your kids at home can have any information they want. Why wouldn’t we want to fight from that same high ground? What we want to do is build the processing capacity that is necessary, tailor it so it suits our needs, create our own strategic sanctuary and create an environment in which we operate. No one else can bring that to the fight. Whose team do you want to be on? America’s team with that strategic capability, or you pick the other one. America’s team is the one that will be the strongest.

There are a couple of speed bumps. Which will be the first Service to put intel under ops? Not very elegant. Integrating intel ops into communications is very elegant and has great opportunity. How are you going to exploit and defend? How will we start to model this rich relationship so we can actually start to see it and show it to our warfighters and have them talk about how they would like to use it to begin to shape that battlespace? How do we build warfighting teams so that everyone is elevated to a level where we can count on them to do their part? What is the BDA of a virtual, non-lethal attack? How do I know it really happened, and how can I count on it? I think information warfare is OK. But I think what you are really studying in seminars like this is conflict in the information age. We need to be relative to America’s strategic coin. Its strategic coin has shifted from its industrial base to its content-oriented information infrastructure base. This is when the Air Force is at its best, when those major shifts in technology are occurring, that is when we are the lead-tied to doctrine and best focused on how to conduct warfighting.

I like to say some will get it right and some won’t just to signal to you I don’t think it is assured that we come out of this OK. If there is an electronic Pearl Harbor or something that threatens our strategic psyche, right now, we are going to turn to law enforcement, not Defense. Remember when the Soviets had Sputnik? The U.S. built NASA. They didn’t turn to DoD.

Nice being with you again.

General Shaud: First question, some senior Air Force leaders suggest components of the Air Force info ops world are doing well, but some still are fragmented. How do you read the strengths and weaknesses of our Air Force IW programs?

General Minihan: I think it is an excellent question. I would agree with the notion that some are doing well and some are fragmented. I would give us good marks early for moving quickly in establishing what I would describe as a good weighted investment in the warfare center and things like that. We have excellent EW skills in our background. I’d give us high marks. I’d give us low marks for exploiting that investment in the last two or three years. What I hear is discussions about further stove piping rather than what I would do, which is move in a powerful way to provide the nation an entity which would provide information dominance. That would cause me to build a functional organization which I would then dole out and provide CINCs. I think there is an opportunity there, but the thinking right now is actually to continue the stove piping and separateness.

General Shaud: In implementing operationalized information ops at the installation or wing level, the barrier is the reliance on fallout money for life cycle network support. Do you see these critical systems ever being given the same priorities as other weapon systems?

General Minihan: I would be less than positive about the advocacy issue. I love to tell Eberhart when he’s about to putt that I think we should turn an F-16 wing in and the putt usually goes off base. I mentioned that when we raised the DoD topline by $100 billion, not one penny was spent on that. All of that said, I don’t know what Chuck Cunningham is going to tell you, but I think you are going to see some leadership at the DoD level to force the Services into investment, and they are going to force them into investment down the defensive side. The question is going to be, which Service grabs defense and makes it active so we spin off of that and become offensively oriented. I don’t see the Services going to that investment on their own.

General Shaud: If one of the major goals of information operations is to affect the decision maker prior to hostilities, what is our track record during the short period we have been trying to implement this strategy?

General Minihan: I am not sure I agree with the premise that it is to affect the decision maker. I don’t think you should see separateness. We don’t want to say, because we have an Air Force, we do IO. We want to say, we are going to do IO because we have an Air Force. You want to fit it into the things we do. It is not necessarily the case that I am going to pick one or the other, and that will affect the decision maker. In Ineligible Receiver, the Joint Staff pitched up and out of the fight because it lost trust in its ability to communicate. It didn’t lose any communications, but it lost trust in the ability for it to do its job. It derived to a point where it couldn’t move.

What you are looking at here are two phenomena which I think are important. First, you want to use your lethal and non-lethal as a coherent whole. You don’t want things over in the black world. Secondly, you don’t want to have an expectation that any one thing will turn the tide. We want to have strategic control and keep adversaries from using their strategic capabilities. Milosovic should not believe he can control that situation. But he does. He thinks he can hunker down. That is because we haven’t used any of our technology against him.

General Shaud: We can logically expect a spike of information operations activity to synchronize with the Year 2000. Do you agree with this? Please comment.

General Minihan: I agree, and I think it will be greatly exploited. We set up a specific cell at NSA. We are actually learning now to use global R&W, and we’ve had some successes. This ought to be something we are all interested in. We will have some ability to detect those things. There will be people who take advantage of it. You would hope that one of the great initiatives that CINCSPACE could take is to pick up a part of that global front end at Cheyenne Mountain and think of the continental aspects of it, work with the Canadians and say, we think we have something we can do for the nation. From that success, we should then garner additional investment.

General Shaud: Thank you.

Return to the Defense Colloquium on Information Operations Page