24 June 2020

What Cyber Command’s ISIS operations means for the future of information warfare

Mark Pomerleau

The Defense Department’s information warfare leaders want to know what they can learn from U.S. Cyber Command’s online offensive against the ISIS.

Defense officials have been applying lessons learned in combat to the hotly contested information space. To date, this process has involved a variety of reorganization efforts across the services, but the approach is changing. One starting point includes Joint Task Force-Ares — U.S. Cyber Command’s online offensive against the Islamic State group — and its Operation Glowing Symphony, the command’s largest and most complex operation.

That operation targeted ISIS media and online operations, taking out infrastructure and preventing ISIS members from communicating and posting propaganda.

New documents received via the Freedom of Information Act reveal new details regarding Operation Glowing Symphony, Cyber Command's largest operation to date.
Mark Pomerleau

The task force’s former director of plans and strategy, Col. Brian Russell, is now leading II Marine Expeditionary Force Information Group, or MIG, one of the Marine Corps’ new information warfare units.


Russell, who assumed command June 10, told C4ISRNET that the Navy and Marine Corps can perform successful information operations by understanding how Joint Task Force-Ares organized and conducted cyber operations.

Those lessons include:
Military forces must be able to cohesively operate both in and out of combat zones because adversaries don’t contain themselves to those boundaries.
The best way to prepare for combat is to first work against that adversary in the gray zone.
Military forces must operate with nontraditional partners across the Defense Department and with allied nations to make the best use of those partners’ capabilities.

Russell said these lessons — and specifically operations in the gray zone — are applicable to the MIG. The group’s ability to operate across levels of war — ranging from strategic to operational to tactical — will be enhanced as the Navy and Marine Corps improve coordination, which has been a priority for Marine Commandant Gen. David Berger.

“Credible ‘lethality’ is only a part of the answer to this challenge — the ability to compete directly, daily and globally … is the missing piece,” Berger wrote recently.

Given the global nature of information warfare, Russell said, the MIG must be able to engage with adversaries on a regular basis to understand and manipulate their behavior.

Russell noted that information warfare — which takes place in cyberspace and on the electromagnetic spectrum, and involves intelligence, deception and psychological operations — often falls outside of what the military calls the traditional targeting cycle. But officials should reimagine how those teams can operate, he said.

Consider newly created teams that help protect digital assets on the battlefield by hunting and attacking enemy forces on the network. These groups are known as defensive cyberspace operations-internal defensive measures (DCO-IDM) companies.

“We can employ this capability to influence adversary decision-making by combining DCO-IDM operations with any other element of the Fleet Marine Force,” he said. “These operations, below the level of armed conflict (gray zone), enable us to understand the adversary, condition their behavior in advance of conflict, and even impose costs on their operations and strategic intent.”

Imposing costs

Adversaries have historically taken advantage of the information environment with little consequence. Academics and information experts have pointed to the low cost Russia paid for waging a cyber-enabled information campaign against the American public during the 2016 presidential election. Other countries have come to realize these types of operations may not merit a military response from the United States.

Now, U.S. military leaders are now trying to alter that calculus.

“We’re not allowing this provocative, aggressive change to the world order to happen without cost, without consequences. That’s kind of what you’re trying to do, is you want to make it cost something when Russia or China continues to do what they’re trying to do,” Lt. Gen. Lori Reynolds, deputy commandant for information, told C4ISRNET in March. “You want to make it cost. The way you do that is in the information environment. I think … we’re coming around to that, not sure we’re there yet.”

Russell explained how publicly outing or disclosing adversaries’ tools can disrupt their decision-making process and create an advantage in the information environment.

“Disclosure forces the adversary to ask: ‘How were those capabilities discovered?’ It causes them to investigate the cause of the disclosure, forcing them to spend time on something other than attacking us,” Russell said. “If I can plant a seed of doubt (messaging) that the disclosure might have been caused by someone working on the inside, it makes them question the system’s very nature, perhaps spending more time and resources to fix the system. This is the kind of cost-imposing, friction-inducing potential produced from disclosure that slows the adversary decision cycle and lets us maintain initiative in the information environment.”

Russell explained that during Operation Glowing Symphony, the steps taken in cyberspace forced ISIS leaders to act in a way that made them vulnerable in other arenas.

This is why partnerships and integration are so important, he said. Cooperating with partners and gaining their trust before operations ever take place are critical to success, he added.

No comments: