Information Operations

Information Operations (United States)

Information Operations is a category of direct and indirect support operations for the United States Military. By definition in Joint Publication 3-13, "IO are described as the integrated employment of electronic warfare (EW), computer network operations (CNO), psychological operations (PSYOP), military deception (MILDEC), and operations security (OPSEC), in concert with specified supporting and related capabilities, to influence, disrupt, corrupt or usurp adversarial human and automated decision making while protecting our own."[1]Information Operations (IO) are actions taken to affect adversary information and information systems while defending one's own information and information systems.[1]

Soldiers from the U.S. Army's 350th Tactical Psychological Operations, 10th Mountain Division, droped leaflets over a village near Hawijah in Kirkuk province, Iraq, on March 6, 2008.

U.S. Army PSYOP Force structure

NATO leaflet in Libya

PSYOP as an IO Core Capability. PSYOP has a central role in the achievement of IO objectives in support of the JFC. 

In today’s information environment even PSYOP conducted at the tactical level can have strategic effects. Therefore, PSYOP has an approval process that must be understood and the necessity for timely decisions is fundamental to effective PSYOP and IO. This is particularly important in the early stages of an operation given the time it takes to develop, design, produce, distribute, disseminate, and evaluate PSYOP products and actions. 

All PSYOP are conducted under the authority of interagency-coordinated and OSD approved PSYOP programs. The PSYOP program approval process at the national level requires time for sufficient coordination and resolution of issues; hence, JFCs should begin PSYOP planning as early as possible to ensure the execution of PSYOP in support of operations. A JFC must have an approved PSYOP program, execution authority, and delegation of product approval authority before PSYOP execution can begin. JFCs should request PSYOP planners immediately during the initial crisis stages to ensure the JFC has plenty of lead time to obtain the proper authority to execute PSYOP. PSYOP assets may be of particular value to the JFC in pre-/post-combat operations when other means of influence are restrained or not authorized. PSYOP must be coordinated with CI, MILDEC, and OPSEC to ensure deconfliction and control, CI operations are not compromised, and that all capabilities within IO are coordinated to achieve the objectives established in planning. 

There must be close cooperation and coordination between PSYOP and PA staffs in order to maintain credibility with their respective audiences, which is the purpose of the IO cell. PSYOP efforts are most effective when personnel with a thorough understanding of the language and culture of the TA are included in the review of PSYOP materials and messages. As the information environment evolves, the dissemination of PSYOP products is expanding from traditional print and broadcast to more sophisticated use of the Internet, facsimile messaging, text messaging, and other emerging media. The effectiveness of PSYOP is enhanced by the synchronization and coordination of the core, supporting, and related capabilities of IO; particularly public affairs (PA), MILDEC, CNO, civil-military operations (CMO), and EW.[3]

Psychological operations are planned operations to convey selected information and indicators to foreign audiences to influence their emotions, motives, objective reasoning, and ultimately the behavior of foreign governments, organizations, groups, and individuals.

4th Psychological Operations Group

Military Deception (MILDEC)

Main article: Military deception

See also: Category:World War II deception operations

Simulated OH-58C Kiowa helicopter and simulated fuel blivets during a deception operation on 10 November 1990 carried out by the XVIII Airborne Corps Deception Cell. This simulated forward arming and refueling point (FARP) at TL 139512 in the Eastern Province of Saudi Arabia was approximately 45 kilometers northwest of An Nuariya.

MILDEC is described as being those actions executed to deliberately mislead adversary decision makers as to friendly military capabilities, intentions, and operations, thereby causing the adversary to take specific actions (or inactions) that will contribute to the accomplishment of the friendly forces’ mission. MILDEC and OPSEC are complementary activities — MILDEC seeks to encourage incorrect analysis, causing the adversary to arrive at specific false deductions, while OPSEC seeks to deny real information to an adversary, and prevent correct deduction of friendly plans. To be effective, a MILDEC operation must be susceptible to adversary collection systems and "seen" as credible to the enemy commander and staff. 

A plausible approach to MILDEC planning is to employ a friendly course of action (COA) that can be executed by friendly forces and that adversary intelligence can verify. However, MILDEC planners must not fall into the trap of ascribing to the adversary particular attitudes, values, and reactions that "mirror image" likely friendly actions in the same situation, i.e., assuming that the adversary will respond or act in a particular manner based on how we would respond. 

There are always competing priorities for the resources required for deception and the resources required for the real operation. For this reason, the deception plan should be developed concurrently with the real plan, starting with the commander’s and staff’s initial estimate, to ensure proper resourcing of both. To encourage incorrect analysis by the adversary, it is usually more efficient and effective to provide a false purpose for real activity than to create false activity. OPSEC of the deception plan is at least as important as OPSEC of the real plan, since compromise of the deception may expose the real plan. 

This requirement for close hold planning while ensuring detailed coordination is the greatest challenge to MILDEC planners. On joint staffs, MILDEC planning and oversight responsibility is normally organized as a staff deception element in the operations directorate of a joint staff (J-3).[4]

MILDEC as an IO Core Capability. MILDEC is fundamental to successful IO. It exploits the adversary’s information systems, processes, and capabilities. MILDEC relies upon understanding how the adversary commander and supporting staff think and plan and how both use information management to support their efforts. This requires a high degree of coordination with all elements of friendly forces’ activities in the information environment as well as with physical activities. Each of the core, supporting, and related capabilities has a part to play in the development of successful MILDEC and in maintaining its credibility over time. While PA should not be involved in the provision of false information, it must be aware of the intent and purpose of MILDEC in order not to inadvertently compromise it.[4]

A message targeted to exploit a fissure between a key member of the adversary’s leadership who has a contentious relationship with another key decision maker is an example. That message could cause internal strife resulting in the adversary foregoing an intended course of action and adopting a position more favorable to our interests.[5]

http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA470825&Location=U2&doc=GetTRDoc.pdf

Operations Security (OPSEC)

See also: Operations security

OPSEC as an IO Core Capability. OPSEC denies the adversary the information needed to correctly assess friendly capabilities and intentions. In particular, OPSEC complements MILDEC by denying an adversary information required to both assess a real plan and to disprove a deception plan. For those IO capabilities that exploit new opportunities and vulnerabilities, such as EW and CNO, OPSEC is essential to ensure friendly capabilities are not compromised. The process of identifying essential elements of friendly information and taking measures to mask them from disclosure to adversaries is only one part of a defense-in-depth approach to securing friendly information. To be effective, other types of security must complement OPSEC. Examples of other types of security include physical security, IA programs, computer network defense (CND), and personnel programs that screen personnel and limit authorized access.[6]

What occurs, often, is that data is either leaked, stolen, or hacked online and the enemy has access to and can decipher what that information may say. This is especially true for defensive operational security. US servicemen and servicewomen may have Facebook, multiple blogs, or upload photos, which can lead to the enemy knowing troop movements and locations. With this information, setting up ambush and wreaking havoc on US and support personnel becomes much easier. Geo-tagging features of cellular phones especially, may cause this type of breach in OPSEC.[7][8][9]