March 24, 1999
 

"Information Operations, Operational Level Support to the JFC"

What an honor to be here.

Information Operations has evolved from some pretty good traditional military activity done for some number of years. When I was in the Joint Staff from 1985 to 1987, we were working very hard on C3 counter measures and doctrine for C3 counter measures (C3CM). I remember briefing General Dugan at an NSA seniors meeting on C3CM.

C3CM is different today, although we’ve used some of the doctrine from C3CM, including OPSEC, jamming and construction and deception to build what is today our doctrine for Information Operations to include psyops, computer network defense and computer network attack.

What is different is the tremendous interest in this business. I felt like I was paddling upstream in 1987. But not today. Everybody’s got a different idea in every agency around the United States and around the world about what IO is all about. But I think we are fortunate in that we have a base of understanding, especially in our Air Force, and I am proud of our Air Force as we comprehend the multidimensional battlefield. We understand the sensor-to-shooter cycle. We understand how good it is to fool the aggressors as they cross the fire line coming into Alamo air space. And, if you can put something different on their radar, something different in their head, you are going to win in a decision cycle that is a matter of seconds sometimes. We understand that, and it helps.

The Services, the joint warfighters, are right along with us, I promise you. The discussion today will focus not just on where C3 counter measures and where IO has come to today, but really what the challenge is.

IO is a busy business in the Pentagon now and an active business in the U.S. European Command Area of Responsibility. Commanders in Chief across the board have adopted and incorporated IO into their deliberate planning process. Almost every regional CINC has a standing planning order for an IO effort within his geographic area. In addition to that, in OSD policy, we are fortunate to have Dr. Jim Miller, who reviews every annex and every plan that comes through the system, and he truly understands what IO and IO policy is all about. The Under Secretary of Defense for policy coordinates for ASC3I. With Mr. Money, we are getting a good scrub of our plans and our deliberate planning process as we look at including IO appendices to annexes in the plans business and ensuring the right annexes are put together to support IO deliberate planning.

The organizational charts for how the Joint Staff approaches Information Operations are very telling about the culture of IO. They show not only what IO is about, but how it is being put into the battle rhythm. They also show something else. IO is not made up of only people with electronic warfare backgrounds. I need to make that point over and over. We have some kinetic warriors, some real bullet shooters, in this business. My deputy is Navy Captain Tom Enright, who was a wing commander twice - once at the top gun school, the other at Oceana Naval Air Station, Va. The J capabilities division is run by Navy Captain John Brownell. He is very capable and has an EP3 background. The guy who owns the stock, the operations and planning division, is an Army artilleryman who just came from regimental command. My psyops boss, Army Colonel Bob Trost, is probably one of the best psyopers in the world. That brain trust is supported by truly some 150-pound brains in the business. These are unsung heroes. These are great men and women who put this business together primarily to keep the Services on the same sheet of music, and that can be a challenge. But most importantly, it is to support the Chairman and to support the CINCs. As we take on support for various interagency meetings that the Chairman or the Vice Chairman might attend, IO is part of that discussion thanks to these smart, smart people.

As we get focused in the Pentagon on a system and a capability and a nifty new technology, one of the challenges we have is operationalizing that specific capability. We battle that every day, sometimes, especially, in the areas of compartmented programs that can support a CINC in terms of his ability to get ahead of the decision cycle of his enemy.

There are some challenges that I’ll go through. The first one, getting IO into the battle rhythm, is not done by pulling a trigger. This is not even done via the three-day or two-day planning for an ATO. To get after these guys’ brains is a long-term planning cycle. Unfortunately, the challenge is the immediacy of the threats from around the world. From Iraq to North Korea to Asama Bin Laden, we get caught up in the day-to-day challenges of moving forces around the world and taking on immediate threats rather than dedicating time to the long-term objective of making sure we stay ahead of the bad guys’ brain processes.

Concerning Joint Vision 2010, I would offer that we have Joint Publication 3-13 that, although not perfect, was fairly current last October when it was signed by our Chairman. There is a great deal of discussion among the Services and in the joint warfighting community around the world -- certainly between the FBI, DoD, CIA, and NSA -- that indicates that this isn’t too bad a document for a foundational piece of paper.

I just spent the morning with the Joint Command and Control Warfare Center folks. Their CINC teams used Joint Pub 3-13, and the consistency that they are able to generate with their advice to CINCs is pretty well enabled by the document itself. That 3-13 defines IO as an integrating strategy is critical, although we still have stove pipes. We have stovepipes at the strategic level of warfare, and we have stove pipes at the operational and tactical levels of warfare. Bringing in the capabilities within Services and or the unified commands and breaking down the walls at the strategic and interagency levels -- Department of State, FBI, CIA -- is critical to making IO work in the long term.

I’ll tell you a quick story about what I’ve learned in the last four months. I’ve spent about a month and a half trying to figure out how to establish a couple of new memorandums of understanding between a couple different agencies. We’ve had two-hour, three-hour, four-hour meetings, which I hate anyway, which accomplished nothing because we were talking about broad organizational principles having to do with what we thought might move IO ahead. I’ll tell you bluntly what I’ve done now. I just go visit everybody as much as I can. God bless America, because once you get down to my level and below, we will lean into the harness together to help work the problem. That includes the CIA, NSA, FBI and anybody else.

There are enough challenges in this IO business today, I promise you. Whether it is Russians trying to attack our DoD information systems, or figuring out how to get the leverage out of operational kinds of campaigns we are about to enter over Yugoslavia, there is enough hard work to do and enough stuff to make you hurt your head. There is also a lot of spirit of cooperation and understanding to work together.

The terms we use in joint doctrine help further define IO. I am not saying these are the correct terms, but they are the terms we plan from, starting with Defense Planning Guidance down through the Joint Strategic Capabilities Plan, right into the deliberate planning process.

At the strategic, operational and tactical levels, adding on to what we used to call C3CM with psyops and C&A and C&B, rounds out what you see in most warplans or in the unified commands. Look at General Habiger. The U.S. Strategic Command is into this harness in a big way as they look at a number of IO types of options to leverage what traditionally STRATCOM has done for a living over the years. The U.S. Space Command is also starting to get its arms in a big way around IO, and I’ll talk about that a little bit more as I talk about JTF computer network defense toward the end of the presentation.

General Minihan says, and he is right on, that the threat, is driven by commercial growth. It is driven by the tremendous explosion in the information technology business. That is what is different about IO today from C3CM a few years ago. As we watch the information technology world, certainly those technologies and those capabilities translate into the adversary’s intent sometimes, and certainly his ability to wreak havoc not just on command and control. But they also make sure we have the decision edge on the tactical, operational and strategic levels of warfare as we enter our next conflict.

If you talk to the intelligence community folks, they will tell you that the granularity and intelligence to support IO is hard. They don’t have enough people. They won’t say it is too hard, they’ll say they are resource limited. They will say they don’t have nearly the number of people or the focus to answer the burgeoning amount of questions that operators like J-3s and JTF commanders are asking to effectively carry out their IO campaign plan. The intelligence community and intelligence requirement for IO is tough. What that tells me as an operator -- and I try very hard, I work every day with the intel guys -- is to refine my question, refine my tasking, so I don’t ask for the world, but have some very clear objectives. I’ll show you a planning tool I use here to try to nail down the overall intelligence requirement.

It is important, and we address this in 3-13, that IO extends from peace, through crisis, through conflict, to peace again. Our doctrinal pub will tell you one of the best places, best fields of endeavor, best AORs for IO is prior to conflict. As the pressure gets greater for an adversary, he may be more susceptible to perception management and psyops capabilities. He may be susceptible to a theme or a message that comes from both the strategic or operational level. This may change an adversary’s mind and convince him that he doesn’t want to go to the conflict level. Certainly how we manage the battlefield, post conflict, how we achieve an end state in any one of a number of countries you can think of right now where we’re engaged, becomes an important task for Information Operations.

The Joint Warfare Analysis Center and the Joint Command and Control Warfare Center are filled with 150-pound brains. The Joint Warfare Analysis Center down at Navy Dahlgren (Va.) is a national resource. They can tell you not just how a power plant or a rail system is built, but exactly what is involved in keeping that system up and making that system efficient. One of the terms I’ve learned from these guys is SCADA -- Supervisory Control and Data Acquisition. If you have that acronym in the IO business, you are well ahead of the fight. SCADA basically is the computer control for a power system or railroad or sewer system or water system. We rely more and more on those kinds of systems as potential targets, and sometimes very lucrative targets, as we go after adversaries.

There are a lot of agencies in Washington interested in IO, including FBI and the Department of Energy. Working with those folks is fun, and they are great and essential people. For example, when we have a State Department spokesman talking about an Iraq, Iran and North Korea, it’s important for what he says to match the CINCs IO plans for that area. That is one simple, but important, and sometimes very hard to do, point at the strategic level of IO.

When you look at a diagram of an IO cell right out of 3-13, you’ll see right away that there is no way we have that many people on the CINC staff to do IO. Within the deliberate planning process, each of those people probably only has time to chop on the plan. That is the first step. The second step is a battle rhythm challenge. Today at EUCOM or the U.S. Central Command finding an IO cell is variable. The components sometimes do a better job of this. The United States Air Force in Europe, now led by General John Jumper, has a very model for an IO cell. Other commands have more trouble pulling all of this together. The Joint Command and Control Warfare Center guys will tell you that every CINC and every JTF commander understands the value of IO. Their challenge is to find the people and the time and the long-term planning space to put together an effective IO plan to integrate the elements we talked about earlier that are defined in 3-13.

There are many agencies in the IO business supporting the CINC. The challenge with those many agencies is to pull their capability and their support together coherently so that the CINCs really use what they bring to the fight in a timely basis.

I’d like to talk about a couple of those organizations. One is the Information Operational Technical Center. I will tell you that, as an operator, I can walk in as the J-3 and the PACOM guys can walk in and get face-to face with these experts and find out what they can do for us. It’s a real education for us as operators to learn about the capabilities that are out there. We did just that with an exercise about a month ago at Fort Meade, Md., where they have always had tremendous capability.

Within the area of computer network exploitation, there is tremendous investment, which, with a little bit of fine tuning, can be turned into a computer network attack capability. The IOTC is a great organization that has a bright future.

Joint Task Force Computer Network Defense was created in response to what we call Solar Sunrise, an attack on our computer systems run by Major General Soup Campbell, now in DISA Space in Arlington, Va. DISA does a great job of monitoring multiple probes and potential attacks on DoD computer systems worldwide. They are supported by lots of computer response teams around the world to give us a good handle on the tremendous volume of reporting every day on probes against our computer systems.

Among the Air Force, Navy and the Army, there is a relatively higher investment by the Air Force in numbers of people committed to this effort. As LEWA opens for business, and as the Navy capabilities have been created, they have come to AFWIC for information as the model program. I was over at AFWIC this morning. The men and women there are very engaged in the IO business right now with what is going on in the world.

Let me say a word about how we plan for Information Operations. We begin with the Joint Strategic Capability Plan down through Annex C, the operations annex, and appendices to that. There are a couple of other annexes that go into IO planning besides Annex K, which comes out of the J-6 community. The overall goal is a plan for integrated strategy for the CINC to use. The deliberate planning process is critical in the area of IO. It is tough, however. I’ve been in subordinate unified commands, and I’ve worked on plans a lot, and it is tough sometimes to find the time to get into the detail of a plan, and it is especially tough when the threat changes every day. It wasn’t as tough when we had a senior threat and a Cold War, but when the threat changes every day in terms of who it is, what it is and what it brings to the fight, the plans and maintenance process become very important, and the long-term planning requirements for IO make a deliberate planning process even more important. We work this hard, and we focus IO planning on strategy to task methodology.

Let me tell you about some of the things I hear. IO is special access programs. IO is just computer network attack. IO is this, and IO is that. Joint Pub 3-13, IO builds a pretty good framework for IO objectives.

I’d like to step you through a tool that we use that some of you may be familiar with. There are a tremendous number of variables in putting together an IO campaign plan. When you get into the disciplines of IO, including psyops, deception, destruction, computer network defense and attack, there are a lot of things going on in the CINC AORs that must be tracked if we are to keep our ability to synchronize them and make them mutually supportable. It is an additional complication that some of those things are from different cultures, and there are different people, sometimes, who don’t necessarily always talk to one another.

Keeping track of exercises and the roles of different organizations is a constant challenge. We take a year-long calendar in a geographic CINC’s area and we look at the exercise play. Certainly we’ve all known for years that exercises can send a message. We overlay what may be an on-going psyops campaign to ensure that it is synchronized. We hoped for a good country team effort to ensure we’ve got the State Department talking and saying the same things the CINC is saying.

We update CINC regional objectives, and with feedback from the intelligence community, start to look at the vulnerabilities that might exist within a hostile or an adversary regime. Or, we could go past the conflict part of an operation and into the post-conflict end state to look at how that can be managed. An example would be deterring terrorism associated with the sponsoring country. We look at the number of tools we could bring to that fight and how we can synchronize them over time to achieve the overall objective of deterring terrorism funding and the political will to support terrorism. Then, when we overlay all of the IO actions and activities in support of each objective, we start to understand, on a day-to-day basis, what we are doing.

Finally and this is important as we lay out this matrix, there are always opportunities. You can never predict tomorrow what is going to happen. We have to continually posture, and this is a pretty good tool for doing that for the 911 calls. What are we going to do with an assassination? In response to that, how are we going to work through this? We have done a pretty good job in a couple of different areas of making this whole thing work and getting the right themes out through the public affairs community inside the United States or overseas. The goal is to ensure the truth is told as opposed to allowing an adversary to use his public affairs campaign to beat us to the punch in the international media. Sometimes we haven’t done so well, but there have been some wins.

I’m constantly looking for ways to educate folks on IO, and one of the methodologies I use is getting out and talking to as many people as I can about the challenges and the opportunities associated with IO. Long lead time and interagency coordination are two other of my biggest areas of effort.

Concerning the Joint Task Force Computer Network Defense, we are not asleep at the switch. There is a growing level of effort to get into our systems. We will watch this closely, because it isn’t going to go away. I almost see this as an air superiority fight. We have known for some years that the other side, the bad guys, would continue to build a greater fighter. We are just going to continue to build better fighters than they build. As I see some of these kids in and out of uniform, I know we are ahead. We are ahead if we can organize. We’ve got to make sure there are no stove pipes and if we can hook them together virtually, with some of these kids who have earrings, they will keep us safe. Not only will they keep us safe, they will keep the other side defensive. They are wonderful. And they’re all about 25 years old. It may be the first time in the history of warfare that the expert age group is at that level. Every time I talk with one of them, I am impressed and learn more about how to handle this whole area of information technology.

Historically, there are some things that we learn the hard way. Concerning the requirement for computer network defense, Eligible Receiver was an exercise that people are still talking about. It demonstrated to the leadership around the country and to military and civilian employees and OSD the weaknesses we have across the board. Presidential Directive 63 gives us some more guidance.

Solar Sunrise got our attention. Two young California teenagers, mentored by an Israeli hacker, bored into DoD systems. The FBI did a good job of coordinating with DoD and picked up the two kids in California and the young man in Israel. We needed to do that. We needed to send a message that we wouldn’t stand by for people breaking laws and coming into systems and into our information structure that don’t belong there.

The JTF C&D right now gives operational control to the Deputy Secretary of Defense, Dr. Hamre. The current Unified Command Plan language has them moving towards a supporting CINC, and that is SPACECOM, and I underline supporting CINC. As JTC C&D starts to stand up under the umbrella of CINCSPACE, we are also addressing computer network attack being under the umbrella of CINCSPACE. This does not mean, and it does not help us to say, this is CINC IO. CINCs IO need to be the regional CINCs so they can continue to put together IO strategically to integrate IO within their overall battle plan and do what they need to do within their geographic area. We need to keep that in mind. The logic may be, and the natural evolution may be, that SPACECOM eventually changes its overall roles and missions. Right now, General Myers would tell you that getting his arms around JTF C&D with a look at a future for C&A is as much as he wants to bite off.

Thanks for the opportunity to talk to you.

General Shaud: It probably took some doing to come up with this joint publication on Information Operations and warfare. What were some of the larger difference among the Services as you formed this joint doctrine?

General Wright: I wasn’t necessarily there. I had input to it, but was not in the Joint Staff during the building of Joint Pub 13. There was a lot of discussion about do we call it information warfare or Information Operations. As near as I can tell we came down on the side of Information Operations in order to not just broaden the definition, but to be non-provocative. We could debate that all day long, but that is the way I understand it.

Command and control warfare and where that fits under IO was also a matter of discussion. That has evolved to incorporating Joint Pub 3-13.1, which is currently command and control warfare, in a revision to 3-13, or rewriting it.

I don’t think the psyops community fought this too hard. They appreciated the representation in IO.

General Shaud: From your perspective at JCS, do the Services have enough EW/IW systems to support what needs to be done for their CINCs?

General Wright: Probably not. But you can say that about a lot of systems. The challenge is, which kind of system do we need the most: the leverage of IO systems, if we are talking capabilities; enough EA-6Bs to go around; or the C4ISR assets to support the tremendous intelligence load to do effective IO. All certainly need constant attention. As I talk, we are hooked in very closely with General Camblin and the J-8. His challenge and our challenge is, which one do we need most when? Is it a new capability to shoot further, or is it a capability to leverage that shooting capability with non-lethal suppression of the enemy? The one thing I will say that is needed is advocacy. It is still tough. It is swimming uphill a lot of times to help our warfighting community understand the value of non-lethal capability. I call it the Ph. D level of warfare. I am serious about that. I’ve been a bullet shooter. I’ve dropped a lot of laser guided bombs. I know what HARMs can bring to the fight, what a jammer can bring to the fight, what a good deception can bring to the fight, and I really like psyops. The Army guys grew up and never shoot a bullet with a psyops campaign.

Return to the Defense Colloquium on Information Operations Page