Joint Air & Space Power Conference 2018
The Fog of Day Zero – Joint Air & Space in the Vanguard
Conference Read Ahead
Cyberspace and Cyber-Enabled Information Warfare
By Lieutenant Colonel Paul J. MacKenzie, CAN AF
Lieutenant Colonel Paul J. MacKenzie (RCAF), JAPCC Cyberspace SME, examines the many facets of Cyber as it relates to NATO Joint Air Power and from a defensive perspective through to the potential in exploiting offensive effects.
A ‘Fog’ Machine in Modern Conflict – Introduction
When considering military power, the elements that immediately come to mind for achieving operational objectives are the forces within the traditional Maritime, Air and Land Domains. Events in the Ukraine and Crimea, however, demonstrate that modern operations can be conducted below the threshold of war, so not to incite a military response, yet achieve operational effects all the same, through successful employment of actions both through cyberspace and against cyber targets and controlling information in and about the battlespace.
Control and manipulation of information for strategic and operational purposes, Information Warfare (IW), is nothing new. But, the explosive expansion of Information Technology (IT) and Computer and Information Systems (CIS) in the past few decades has acted as a force multiplier, and when exploited by a highly capable state, can prove instrumental in achieving political/military objectives; Russia is a prime example. Russia does not treat cyberspace as a domain. Rather, it categorizes attacks/exploitation through, and of IT/CIS as a component of IW.1 There is no direct correlation to what NATO refers to as the cyberspace domain, the closest equivalent term in Russian doctrine is ‘information-technology warfare’.2 As a consequence of the significant overlap of IW with cyberspace, analysts have adopted the term ‘Cyber-enabled IW’ (C-IW).3
This article focuses on cyberspace and the C-IW campaign in modern conflict with the aim of preparing participants of the JAPCC Conference (2018) by stimulating thought and promoting discussion, specifically with respect to the impacts on the projection of Joint Air Power.
Russian Information Warfare
Given NATO’s overall superiority in conventional arms, President Vladimir Putin’s philosophy is that Russia’s military approach must be based on ‘intellectual superiority.’4 Russia will pursue information superiority as a key enabler to victory in future conflicts, employing a mix of military and non-violent means including political, economic, information technological and environmental elements, where mass media and computer networks globally will be exploited,5 a practice which NATO’s critics claim is synergy the Alliance lacks.6 Furthermore, Russia will employ these measures through the spectrum of international relations, from peacetime (reconnaissance, espionage) to war (cyber-attacks on military systems and civilian infrastructure),7 to achieve national, strategic objectives. In this respect, because there are varying degrees of cyberspace activity underway continually, there is no real ’Day Zero’ in cyber conflict, with the possible exception of an unlikely attack causing severe injury or death, or extensive material damage to reach the threshold for justifying a conventional response by NATO or to trigger an Article 5 declaration.8
Conducting operations through cyberspace and against cyber infrastructure, Russia aims at subversion and destabilisation (long-standing practices now enhanced for the Internet age) to undermine confidence, disrupt relations, discredit and weaken authority and government/administrative structures.9 Through C-IW, including effective use of the Internet, the employment of conventional military resources can be reduced and to a point, as some senior Russian military personnel have indicated, that armed intervention may be avoided altogether.10
An excellent illustration of how to execute IW is highlighted in Keir Giles’ Handbook on Russian IW, in which he cites Russian Doctrine in a short synopsis of the principle objectives when exploiting the mass media:
- ‘Direct lies for the purpose of disinformation both of the domestic population and foreign societies;
- Concealing critically important information;
- Burying valuable information in a mass of information dross;
- Simplification, confirmation and repetition (inculcation);
- Terminology substitution: use of concepts and terms whose meaning is unclear or has undergone qualitative change, which makes it harder to form a true picture of events;
- Introducing taboos on specific forms on information or categories of news;
- Image recognition; known politicians or celebrities can take part in political actions to order, thus exerting influence on the world view of their followers;
- Providing negative information, which is more readily accepted by the audience than positive.’11
Creating misinformation and confusion by broadcasting these IW ‘tools’ through modern IT/CIS serves to intensify the ever-present ‘fog of war’ so common to all conflicts and with which one actor exploits the ambiguity and through which the opponent is left to sift and navigate to ascertain the most accurate picture of realty. The Russian military exploit the expanse of the Internet to not only create confusion but to attack an adversary’s decision-making and command and control networks. Extensive interconnectivity also allows penetration of a state’s entire information network with potentially devastating consequences. The explosion and exploitation of social media that catalysed destabilization activities in the Middle East (Syria) and Africa (Libya) are cited by Russian authorities as perfect examples of the existential threat posed by unregulated control of the Internet.12
Of course, cleverly packaging press releases to win the IW campaign or designing and initiating cyber weapons to take over the IT/CIS in order to control the message is completely unnecessary if one side is capable of taking physical control of the Internet infrastructure, which was done in the initial phase of the annexation of Crimea. Russian forces seized control of the Simferopol Internet Exchange Point and altered the connectivity/cabling to the mainland and achieved total information dominance on the peninsula.13 The significance of cyberspace as an enabler in modern operations is further evidenced by Russian SOF employment of telecommunications experts within their ranks. The reader should not be deceived into believing the extent of the influence is limited to tactical, unit-size targets, as Russia is increasing investigation into foreign Internet infrastructure and of international undersea telecommunications cables.14
In explaining the sense of urgency, Keir Giles quotes the US Director of National Intelligence writing ‘Russia is assuming a more assertive cyber posture based on its willingness to conduct operations even when detected’15 and supports the warnings in NATO’s Framework for Future Alliance Operations that NATO nations must be ready to function in the event of loss or degradation of cyber infrastructure, from servers to undersea cables, and where access to Internet services may be completely denied.16 Not to be excluded is Russia’s Electronic Warfare (EW) capability, also considered an element of IW in their doctrine, which was deployed in eastern Ukraine to spoof and jam GPS signals and defeat navigational and guidance systems. All this to say, NATO must be prepared to operate under conditions of degraded communications. Even Russian generals conceded that their own officers required retraining after becoming too dependent on IT/CIS and were unable to a conduct ‘low tech’ war.17
Cyber-enabled Information Warfare and the Ukraine
The successful operations by Russia against the Ukraine in 2014 ‘both included and relied upon cyber’18 and direct lines of correlation can be drawn to the doctrinal concepts explained above. While the West is resistant and philosophically divided on whether and how to exploit cyberspace militarily, Russia has many strategies and tactics where cyber is integrated to within a ‘whole of government approach’.19 It has been proposed that two distinct effects of cyberattacks were demonstrated in the Ukraine conflict, the strategic effect of reducing the will to fight (i.e. through impacting mass opinion) and the tactical effect to reduce military capability (i.e. interrupting service to military systems).20 There are conflicting opinions among Western cyber analysts as to whether the conflict in the Ukraine even constituted cyberwarfare. For instance, while the conflict revealed a plethora of cyber activity including espionage, defacements, hacktivism and denial of service attacks, in their entirety they do not constitute cyber warfare as currently defined by some Western cyber security analysts.21 This is in contrast to the assessments of other experts who referenced physical and digital attacks on servers, mobile phones and internet accounts, cutting of cables, commandeering and compromising infrastructure as phenomena characteristic of cyberwarfare.22 Another practice common in a cyber campaign is for states to carry out operations through proxies in order to permit plausible deniability. Yet, proxies played a very minor role in the action in the Ukraine,23 further evidence that Russia is not at all apprehensive about detection.
Cyber-enabled Information Warfare and Joint Air Power
In times of crisis air power assets are first to respond, the vanguard, due to their speed, reach and precision, and air power is in more demand today than ever because of the reluctance of deploying ground forces.24 Consequently, air power is a primary target for NATO’s opponents during an IW campaign and its significance is increasing. NATO’s adversaries typically claim that NATO is the aggressor, contravenes international law, bombs indiscriminately and kills innocent civilians, all with the intent to drive a wedge between the public and the Alliance and weaken NATO’s unity, determination and resolve to act.25 Unchallenged, an opponent’s campaign against air power can progress and develop rapidly, even to the extent where the international community can be convinced to develop laws restricting the use of some forms of Air Power weaponry. The 2010 Treaty banning the use of cluster munitions is such an example, where a rapid campaign was launched under the guise that the ban would save lives, while valid counter arguments that the use of alternative weaponry could result in greater loss of civilian lives were not equally debated. Consequently, most Alliance Air Forces can no longer use a weapon that would be of great use in a conventional war.26 Numerous mediation measures have been proposed and centre on the theme of establishing a robust and rapid counter-IW campaign plan. One Doctrinal Recommendation, to cite an example, includes quickly declassifying Bomb Damage Assessment (BDA) imagery and posting it to a website for the public.27 Achieving this is a challenge even within our own Alliance IT/CIS, but accomplishing this outside of NATO’s AOR in an operational area where the adversary has achieved information superiority and control over cyberspace would be unlikely. Critical to success will be NATO’s ability to maintain control over its Cyberspace infrastructure and defend its systems and networks, in accordance with the Enhanced NATO Policy on Cyber Defence28 and the Revised Cyber Defence Action Plan,29 as well as Alliance member nations honouring their commitment to defend their national Cyberspace, as described in the Cyber Defence Pledge of 8 July 2016.30
Ultimately, the primary objective in a C-IW campaign, as part of a comprehensive approach to warfare, is to influence the minds of the masses, and though the role that media plays (mass and social) must not be understated, Cyberspace is the principle enabler in this Internet-era. As an Alliance we must recognize that a well-executed C-IW Campaign can achieve strategic and operational effects that historically have been considered possible only by the employment of conventional forces. These campaigns are sustained by controlling (exploiting and attacking) Cyberspace. So, while the Alliance must be ready to deliver its own message to counter the opponent’s IW tools, it must also safeguard its cyberspace infrastructure, the primary means by which its message is promulgated, while at the same time being prepared to operate in a highly degraded environment if it fails.
Questions for consideration:
- Is the Alliance capable of adequately synergizing military and non-violent means to achieve a holistic approach, including Cyber effects, or are its critics correct in saying NATO lacks this synergy? If that is the case, what must be done to bridge this gap?
- Reconnaissance and espionage are generally acknowledged as accepted practices of statecraft (when done for purposes of national security only). Have we the indicators to be able to recognize when an opponent’s C-IW campaign has progressed beyond these accepted practices into subversion and even destabilization and are we, as an Alliance, ready to respond in kind?
- Is NATO doing enough to counter opponents’ IW ‘Tools’ particularly in that Keir Giles cites many as Doctrinal practices and what the Alliance should expect to see in future conflicts?
- NATO agencies commit a great deal of resources to defend our Systems and networks from Cyber-attacks. Do we work close enough with our civilian agencies to be able to understand that they do the same and are we aware of the degree to which nations are honouring the Cyber Defence Pledge, not only from a Cyber Security but a Physical Security/Force Protection point of view as well?
- Do our militaries accurately understand the dependence on cyberspace, enough to prepare be able to operate effectively in a severely degraded environment? Assuming the answer is currently ‘No’, should we be training and exercising for this scenario? What will it take for us to conduct exercises with degraded IT/CIS? Should we consider project options in the future that include retrograding vice upgrading the cyber systems we depend upon? Is Joint Air Power more dependent on Cyber and, therefore, more vulnerable to a degraded environment and does this exacerbate the vulnerability of the Alliance overall?