2013-11-22

Narratives of Life: fifties

When I reached fifties I took time and effort in changing and integrating cultures of my organization by gradually involving them into new challenges and offering mentoring and help tailored in their specific needs. I even fabricated some crises to weld people together by outside threat. I was also distributing projects so that there were always parallel paths in process. If one path was delayed, another path was advancing and I met my goals on time. I was able to deliver planned services with my organization but not successful in transforming them to capabilities.

Users were more keen on clinging existing tools and procedures than adapting any new ways of working. My technical level effort was not transformed to new procedures and further capabilities. I was using advanced technology, good practices and people to deliver world class information services, but my superiors were seeing me more an expense rather than enabler. Successes inside were not translated as achievements outside of my organization.

I tried to create examples. I asked Commander to act as an example, use new services himself and demand his subordinates to utilize them also. I was using collaboration tools weekly to manage my own distributed organization and thus create examples for my people to market to their organizations. I required my staff to utilize wiki to manage both current operations and planned issues. We were really flat and effective Information and Communications Technology (ICT) organization, but still users were shy to adopt new tools.

Together with other process owners we initiated process transformations: renewed fighting with Chief of Operations and inspectors of Infantry and Sappers utilizing battlefield management system; improved reconnaissance with head of Intelligence; enhanced artillery fires with inspector of artillery; standardizing the Command and Control processes with chief of readiness and maintenance of programmable electronics with head of Logistics.

We defined progressively advancing measures for each field exercise for troops and instructors to improve their new skills. We composed joint exercises to give meaning for co-operation and new tasks to benefit from new ICT-services. We produced concepts, guides, presentations and videos to utilize by instructors in their changed training. Every occasion was used to reward any behavior towards future model. We planned an information operation to get people and units to change their behavior and culture. This was possible only with shared understanding and unified effort to make change for bigger goals than any one unit or branch were able to accomplish.

Only after core business owners started transformations I was able to gain capabilities defined and my staff started to feel being a part of something bigger and doing meaningful work. I learnt that if you want to make a change, first you have to get people moving to be able to steer the movement.

Today I sometimes think that I know how world is running. For these occasions I have a wall paper titled Egocentricity. Human being has a tendency for being like this:
  • Egocentric memory is a natural tendency to forget information that does not support the adopted line of thinking. 
  •  Egocentric myopia refers to thinking within an overly narrow point of view. 
  •  Egocentric righteousness is a tendency to feel superior based on the belief that one has actually figured out how the world works. 
  •  Egocentric blindness is the natural tendency not to notice facts and evidence that contradict one’s beliefs or values.


After this reminder I continue humbly my journey and try harder to understand better how world is functioning, people behave, societies interact and technology develops towards more complex and integrated global system of systems. Remembering that even producing a simple toaster from A to Z is not possible for any one man alone.

2013-11-16

Narratives of life - forties


When I was in my forties I thought that managing programs, making sense of everything, meeting people and telling stories of safe road and better future were the keys to make things to happen. I was managing programs of hundreds of millions euros, which were meant to change behavior of thousands of people. Since time table was really tight and I had to detach money from current operations to finance the change, I was forced to use a lot of outside help in planning and executing the transformation. I did manage change through the whole Doctrine, Organization, Training, Material, Leadership, Personnel, Facilities, Information and Integration sphere extending over four years. Transformation was done gradually and I did my best to walk my talk among people.

I was lucky to work with some bright and executive people so technical transformation went well according the time table partly also because it was supported strongly by outside experts. But I failed miserably with my own people. I was hoping of joint effort within integrated project teams. Wishful thinking! In planning phase my own people took role of auditing rather than co-planning. In design phase they adapted role of judgement and criticism rather than sharing information and gaining competence. In implementation phase they were good only to comment advance from seats of stand. In the operation phase they were not capable to take new systems under their administration as an organization, but I had to hand pick individuals and give them responsibility in operating new systems. Despite the time and money spend in my people, they were not ready to take new steps towards future and grow along program.


I had stumbled on the culture of workplace. I thought that people I had worked with were eager to make changes after some years of lower activity, but I was wrong. The culture and attitude had reversed from where I had left them four years earlier. They had lost their common spirit and were divided into small groups of “tribes” with different mindsets. Some people were almost aggressive in their reaction declaring that “world sucks and you are from deep behind with your talks”. Most were is status that “we have already tried that – it won’t work”. And some people were trying to shine more than actually doing something. As organization they were not ready to start any journey of transformation so they marginalized themselves to be audience rather than players in the field.

I lost those people. It was not enough to give people as clear technical concepts as possible. It was not enough to appoint capable managers to head projects. It was not enough to have talks with individuals and motivate them. Social structure, common spirit and adhered procedures kept good people from changing. I had to work around this group of people and just feel miserable of their situation.

Later I learnt about organizational cultures and their readiness for change. I studied social structures in workplaces, how culture eats systems for breakfast and challenges of tribal leadership.

To be continued...

2013-11-11

Basics of Information Operations 3/4

This is part 3/4 of the whole paper

3. ABOUT INFORMATION DEFENCE OF GLOBALISED SOCIETY


In all military art of operation asymmetry, deception and unconventional execution is a basis of planning. No single dominance can only outperform asymmetric opponent for longer period. When human being is a part of system, he is almost always the weakest link or single point of failure that may be exploited by adversary. Even though sustaining military secrets and complexity of post-modern societies makes effective attacks difficult, the basic principles of human behaviour are mostly known and thus exploitable.  Defence of one’s information freedom does require asymmetric methods as well as attack and, since people believe the first information better than post-explanations, attack is often the best way of defence.

A very good example of asymmetry is the case with North Korea, who has been waging computer network attack against its opponents South Korea, Japan and USA for last four years. Although its own digitalization degree is very low, vulnerability for computer network attacks is diminutive and state propaganda machine has very strong grip of in-state information, they have built strong computer network attack arm that is launching information operations outside of their country. They infiltrate to information systems, inject malware in critical points utilizing zero day vulnerabilities and activate effects simultaneously like it was done on 20th of March 2013, when South Korean bank and media outlets were jammed and about 32 000 computers boot records were wiped out in ongoing operation called “DarkSeoul”. DarkSeoul operation is depicted in the following picture.


Picture 19: Four years of DarkSeoul activity explained by Symantec.com

This is a typical asymmetric strategy, when attacking society itself is almost immune to IO, but their opponents are very vulnerable. Attacks are further disguised to come from different parts of Internet and it has taken long time from global security companies to gather factual evidences on North Korea malevolent actions. Attacker has also improved their attack profiles as defender has increased their countering capabilities. Both have learned from other similar operations elsewhere in Internet.

3.1 Information technology as target

Information technology itself is a very dynamic target. Processor capacity is doubling every 18 months according Moore’s law. Since software has become very complex interactive entities, there are more mistakes and possible vulnerabilities, thus software providers have to publish new versions every month or at least twice a year to patch their products. Amount of digital information in world is multiplied by 3.6 every year as shown in following picture by IDC.


Picture 20: IDC estimate on how volume of information will grow but number of IT professionals is not increasing in proportion

IT-architecture is changing roughly every 5 years. If one follows computing architectures during last 30 years there are following waves of change:

  • Early computing before 1980's utilized centralized computer ending with mainframes with virtual structures. Users were using terminals i.e. only screen and keyboard and connected to mainframes by data communications when all processing was done in centralized computers.
  • 1980 to 1990's integrated circuits and personal computing enabled distribution of processing and software. Even mainframe tasks were distributed by local servers usually serving only one function. Application development was driven by singular functions of administration or industrial process, which ended up having several information systems within enterprise doing each tiny bit of processing in isolated stovepipes.
  • 2000's saw first attempts to integrate separate systems in to larger entities to cut down the amount of manual data re-typing and integration costs. Enterprise resources management started to centralize computing again with thinner clients using n-Tier -structured applications and cloud computing (new version of mainframe computing) was introduced in Internet domain. 
  • 2010's is seeing cloud computing continuing strongly but new wave of distributed computing is being invented. Internet of devices is being defined and plenty of research is done in peer-to-peer communications and computing between different machines.
  • 2020 might see IT-architecture extending to networked devices (to TV's, car's, wearable devices, domestic devices), knowledge improved industry, personal information management (digital real time diary) to name couple of examples. It is either more networked society between people and machines or the wave will change towards closed information societies. 

Although information and telecommunications technology is changing fast, hence it is more difficult to build lasting countermeasures, it opens also new avenues and vulnerabilities to be exploited by attacker. More complex interrelationships between people and machines create opportunities for attack and Internet becomes so integrated, big and important, that there is problems to patch vulnerabilities of the very core protocols and functions.

3.2 Information as an asset for industry, governance and military force

Information structures and containers have changed as well:

  • From files in folders to documents in web pages
  • From file downloads to live data streams
  • From files to relation databases and further to web-service structured information services.

Information defence has a main problem with dynamic structure of the defended assets. Legislation and policies tend to be too late, because technology and utilization of information is changing so quickly, opening new possibilities for humans and machines to interact and process information. Information and ICT -systems are interconnected globally creating an entirely new space of cyberage. The Cyberspace without nationality, without international legislation, pervading to each part of living from human birth to death. This is making citizens, states, industry, economy and defence more dependent on ICT-technology and Information Assurance (Confidentiality, Integrity and Availability) than any time before.

Information Management has been the major enhancer of productivity in private enterprises and public organizations. The Information Technology structure has changed with technical innovations, but also with business integration requirements:

  • During 1980 - 1990 Metaframe information processing was distributed to function specific servers and applications. Information was modelled within single function and stored in relational databases. Interoperability was done manually, mainly retyping information from papers or printouts to other systems. Information was processed mainly locally because connecting sites with high capacity networks was just happening. Security was accomplished mainly by physical and personal security measures in fixed locations.
  • During 2000 function based data processing was integrated into branch, division or enterprise level systems. First Enterprise Resource Planning systems was implemented and extended internationally. Digital transactions (EDI..., X.400, ANSI X12) between companies were established to improve integrity of information and speed up interaction. Information models got complex and federated models was introduced. Information assets concentrated to big systems and their integrity and availability become issue. Information Assurance focused mainly on systems security and implementing security controls and devices. 
  • During 2010 integration went further. Enterprise Resource Management Systems were built and networked with other enterprises by transaction broker services utilizing XML-structures (XML, SOAP). Information processing systems become n-Tier structured, strong identification and role based access was introduced. Users went mobile with mobile IP and roaming over multichannel access. Clients become thinner (browser) and personal terminals were multipurpose (business, pleasure, social media together in same device). Information process is faster allowing Business Intelligence kind of applications, which make information even more valuable for business.
  • Towards 2020 integration of machines, enterprises and people to effective systems is a quest. Information is handled as a service with address, metadata and other features and issued as a service (Semantic web, SOAP). Business knowledge is defined with ontologies that create a bases for technical systems artificial intelligence. Information processing perceives all other technical systems. Information integration opens new possibilities in all levels of life.

Information and information processing has become an essential part of any business from agriculture to art. Information is a part of almost all products, information is needed in production phase and sometimes information is also raw material as seen in next picture.


Picture 21: Information and ICT has changed both business, governance and living within last three decades

Knowledge working in Information society supported by eGovernance and living provided by eCommerce are post-modern phenomena. Digital transactions between entities has become a standard. Strategic supply chain management of networked companies has become advantage in global markets. Almost every product includes information. This requires interagency, inter-enterprise and international agreements on how to exchange information between organizations in value adding chain depicted in next picture.


Picture 22: Networked society needs defined rules of information exchange between entities

These agreements are based on either standards or increasingly on "de facto" policies of:

  • Architecture of datawarehouses, where all needed data is collected into huge base and structured with one data model. Or there might be virtual integration, where data remains where it is been stored originally and queried only just-on-time for different needs.
  • how to connect gateways and do transaction brokering between entities
  • what wrappers, containers or schemas to utilize when querying and transferring data
  • how to protect data in between entities from man-in-the-middle intrusion
  • how to agree and certify that data has been delivered and responsibility is handed over to other party according to contract
  • copyrights, data ownership and responsibilities with coming with that, data integrity and non-repudiation policies between organizations.
  • how to update appendixes of contract, service level agreements (SLA) or operator level agreements (OLA) with sanctions etc.

Co-operation between entities with different status and role ends up with weak value chains, where weakest link will define the sustainability of whole supply chain. Strengthening the chain against information operations requires common practices of:

  • Security policies on how to manage secure information at same level of risk through whole chain of entities


    1. Enforce similar policy (legislation or norms) for every participant of the chain. This is for example case in NATO and EU where same security levels and main requirements for each level is given to each nation by declarations. This gives national security authorities (NSA) the common criteria and authorization to approve and control security measures of both public and private sectors of that country.
    2. Extend enterprise level information system of the hub of value chain with appropriate security to all partners, providers and stake holders of the network.
    3. Have trust for each singular organizations own abilities to maintain security in technical, policy and cultural levels. One may also utilize third party auditors for sequential inspections to ensure of shared security level.


  • Computer Emergency Response Team (CERT) practices on how to confront cyber crises when they appear and how to continue working around problem. All organization based CERT-teams should co-operate together in really flat matrix to be swiftly response to incidents or create synchronized proactive plan to tackle with existing vulnerabilities.
  • Labelling information content similarly in every organization through the chain of value. Sometimes this is done nationally with national security legislation and agreed also internationally. If this is not the case, then agreement must be included into contract between all parties.
  • Similar security labelling is a base for equal information assurance measures, where people have adapted common culture, especially in cross domain situations, when information is changed manually. Same labelling and categorization of information enable individuals continue information management at similar security level.
  • Utilization of similar security measures and systems through whole chain of organizations or consortium to be able to maintain similar level of security. This is increasingly done by common application service provider or cloud service provider as depicted in following picture.



Picture 23: This is showing the evolution of value chain’s ICT-services where autonomous organizations gradually integrate in supply chain and finally out-source their ICT to either hub organization of their chain or to third party like specialized ICT-service provider or cloud service provider.


  • At national or global enterprise level these ICT-service providers are very important for continuation of main business and in governmental approach also main targets for malevolent functions since service downtimes will lose money and immaterial assets. Thus business continuation management should consider thoroughly all force majeure chapters of contracts with ICT-service or cloud providers. 

Information and other immaterial assets are more important to all functions of society. Some nations and coalitions have constructed common criteria and security auditing functions to build equally followed security culture. Still there is a need to include security chapters that are followed through value chain with common ability to conduct synchronized counter measures against any hostile or malevolent action.

3.3 Information Assurance of a virtual value chain

Information Assurance, IA and Business Continuation Management, BCM used to concentrate on triad of CIA (Confidentiality, Integrity and Availability) with emphasis on confidentiality and have simple seven measure approach  to protect these qualities with onion structure, where physical measures were main solutions. This approach is depicted in next picture.


Picture 24: Enterprise security and business continuation approach that focused on physical security.

Physical boundaries have been main base for almost all security measures. Different inter-limited areas have created clear zones of access and areas to manage confidential information. Military have especially utilized this to utmost with structures to prevent all kinds of emission to extend to outsiders (TEMPEST), minimizing all connections out from their camps, shred all their paper waste, grind their used data storage devices and prevent any cameras or electronic devices to be brought in premises for easy content capturing.

Value added networks, force integration and supply chains have made it impossible to sustain site centered onion security structure. While virtual value chain of entities at same maturity level will increase their joint value exponentially according Metcalf’s law, there is also the Beach’s law expressing that with unequal entities the vulnerability of chain is increasing also exponentially as number of entities is growing expressed in next picture. This makes it understandable to outsource Information Services to 3rd party and simultaneously equal all shareholders Information Assurance at same level. When one service provider is offering ICT-services from cloud i.e. shared platform and application structure, a question is risen of trust and crosstalk between different clients on the same platform.


Picture 25: Beach’s law of increasing vulnerability with growing number of entities in chain

Virtual value chain has risks in six qualities of information assurance which are confidentiality, possession, integrity, authenticity, availability and utility.  To achieve in sustaining these qualities the ISO/IEC 27002:2005 Code of practice for information security management recommends the following be examined during a risk assessment session: security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management, business continuity management, and regulatory compliance.

When integrated value chain is out-sourcing their ICT-services to cloud computing service provider, information assurance is implemented within one technical structure, but facilities, people, information content and procedure measures are still to be aligned. Cloud Computing security reference architecture points that there may be 3rd party auditor who inspects and analyses security, privacy and performance issues of each cloud provider or broker as seen in next picture.


Picture 26: Cloud Computing Security Reference Architecture according to NIST.

Furthermore it is important to understand that in cloud computing there is Main provider, a Hub, and then there are subcontractors or operators in a chain of ICT-service providers. Thus Cloud Brokering is essential to manage subcontracted services like communications services, information content services, transaction brokering services, etc. In this model ICT Hub is responsible of maintaining security and business continuation according contract with customer. If this co-operation network is intensive and defined as strategic then there are three qualities in value chain that are better in crises than basic contracted task. First there might be collective action that is intentionally developed and managed inter-organizational co-operation between stake holders in a value chain. Second there might be value driven management that is leading organizational values towards integration rather than fragmentation or differentiation of chain. Third there might be long history of practised co-operation along all levels of organizational interaction, which has amalgamated their behaviour and assumptions to a level of matrix co-operation culture that extends over all boundaries of hierarchical organizations.

Attacking against technical Cloud Structure might be done for example via software, hardware or physical avenues. The software attack is at most cost-efficient if program patching or version delivery can be misused to distribute malevolent patch or software update. This was the case in Iraq operation early 1990’s when malevolent software was distributed via virus detection fingerprint updates. Thus man-in-the-middle attack is most probable and service provider’s programmable electronics maintenance system should be audited and specially secured.

Hardware attack may be more costly and at best requires arrangements in advance. There are possibilities that some foreign sale integrated circuits do include back doors to provide access to manufacturer to prohibit use of IC. Other theories claim that by manipulating IC-production process, a change in thickness of lead inside circuit can affect random generator within each circuit. There has also been alleged misuse of hardware provider chain for Iranian nuclear plants in famous STUXNET-case, where retailer injected malevolent software to devices that were used in controlling centrifuges. Normally hardware attack is requiring resources and time not to be very cost-effective, but maybe security devices like encryption machines or key delivery systems might be valuable targets.

The physical destruction has been main measure in both operations of U.S. lead alliance attack against Iraq command and control of their defence systems. In operation Iraqi Freedom A-day deliveries more than 500 cruise missile strikes and about 700 aircraft strikes, carried out across Iraq, went after command and control, communications, and Republican Guard headquarters and facilities.  If computing and communications grid is not distributed enough, few nodes are fixed, recognisable and vulnerable targets not only directly but also indirectly through electricity, sewer or air conditioning systems.

To be continued...

2013-11-10

Narratives of life - thirties

When I was in my thirties just out from General Staff College and active student of telecommunications technology, I thought that if I just make sense of every technical detail and interface them properly I would be able to build better world. I spend hours in making sense of complex C4I systems, designing better information and telecommunications structures and defining better processes for telecommunications network operations. I drafted orders that gave very detailed instructions on how to install routers and modems in telco facilities. I thought that strict project management was key to success. People and systems would bend to my will if they were just managed in a strictest way and controlled all the time.

By collaborating with my peers and subordinates I was successful in building technical systems but almost all attempts to change people processes were failing. I tried to build bridges between telecommunications and information technology people by showing them designs where telephone and PC were combined and describing them use cases where both network and session engineering was needed to make whole OSI-stack functioning. I had no success in bringing them closer. Not even placing their rooms close to each other made any changes in their confrontation. I tried to introduce common processes to improve their combined service production with no results. I was doing my best in sense making and designing systems. I spend numerous night in drawing logical charts on how process should be running. Although all logic was speaking towards change, people were afraid, not sharing same language and not trusting to each other. And I was not able to take them in to forest to overcome some difficulties.

I threw myself into studies of change management and iterative development. There I found my first understanding and tools to lead changes by using my personality and human social behaviour. I withdrew my previous requirements for big, one time change and went on with little steps. I invited people in exercises to share their problems and define combined solutions. I spoke with people, visited their working sites, listened to them and gave my appreciation to their skills and achievements.


Later I realized that I was educated to approach all subjects in systematic way. All the time in General Staff College and in University of Technology was preparing me to understand and design material and immaterial systems, not more complex systems that are a mixture of people and machines interrelations. I was given a lot of tools to change technical systems but non to make human being to leave his/her area of comfort. My communication based only on analytical and logical facts and they were not enough to move people from their comfort zones they had built in their history. I did not touched their feelings nor was I able to help them to process their fears of new and unclear things. My education was taking human being just a piece of machinery that followed technical procedures. With my logical explanations and demands I was perceived more as a threat than a leader that would take everyone along a safe route towards better future.

To be continued...

2013-11-09

Basics of Information Operations 2/4

This is second part of IO basics

2. ABOUT INFORMATION OPERATIONS AGAINST NETWORKED SYSTEMS

2.1 Information Operations generally

Information Operations, IO (earlier called as Information Warfare, C2 struggle, etc.) has many lines of effect and some say it is not to be parted from normal military operations or comprehensive approach –strategy.


Picture 9: A Classical model of means of Information Operations
Most classical IO lines of effect are physical means, electro-magnetic means, cyber or computer system means and psychological means. These means of effect are supported always by Intelligence, verification of targets, training and logistics. Post-modern space of operation does not see the clear line between peace and war but some agreement in International law. Information Operations are ongoing because they can be seen as a part of political, socio-economical or finance confrontation. In operations generally, there is always confrontation, conflict of interests and offensive and defensive stake holders.
The analyses of information operation may be from system engineering, political or socioeconomic science point of view. The following explanation is presenting IO from more system engineering point of view. The adversary in this context is simplified to have means of effect (electronic, kinetic, cyber, propaganda and psychological tools) and intention to utilize because of possible gaining value measured by some logical means. The target is depicted as a system of systems with lot of human elements interacting with information and communication tools. Defender is assumed to have some defensive or information assurance measures, being able to detect in coming attack, being able to actively effect on attack and having assets in reserve to be able to continue after attack. The attacker is planning a course of action following simple multiplication function where

Maximum output of attackers deeds = cost of having tool X cost to breach trough defence / value of the node destroyed
or
Maximum output = Vulnerability of target X cost to manoeuvre through defence X cost of available warhead

In the equation variants are normalized so that costs are minimized whereas value is maximized. This is the simplest method of modelling information operation conflict with quantitative tools.

In USA Defense one approach for Information Operations divides it in offensive and defensive parts as in general model as seen in next picture. Offensive operations do include besides classical means also special information operations, deception and Command&Control warfare means. Defensive part includes counter-propaganda, counter-intelligence and operations security.


Picture 10: Information Operation from U.S.A and Russian view
Russian approach for IO includes also High Frequency Weapons (HFW), Electro-Magnetic Pulse (EMP) weapons and Biological/Chemical weapons. The absence of Electronic Warfare may be explained with fact that Russian Army has integrated EW as normal fires effects of their more kinetic operations. Other aspect also is that IW weapons in Russian category are non-conventional and thus possibly planned to use in operation before any lethal weapons. When this categorization is integrated with Russian military doctrine in next picture, following conclusions may be drawn:


Picture 11: Offensive profile of Military Doctrine in Russia since 2000

  • Russian Information Warfare means are well suited to utilize in creating favourable conditions for more conventional measures of force utilization
  • Information Operations are joint with economical and psychological operations before actual conflict as a pure Clauzewitzian model of having military force as an extension to other means in order to achieve political goals.
  • Strategic electronic shock effect in creating strategic surprise is most probably including many information operation arms.

Col Komov describes also information blocking, deception, information over-flow, threatening, provoking, manipulation of public opinion and pressuring as means or goals of information operation in Russian’s IO doctrine.

Western military society has two concepts of The Effect Based Operations and Comprehensive Approach. They have process model on Information Operations effect focusing to change targets behaviour as depicted in next picture. This model is applicable on both individuals and societies.


Picture 12: Effect Based Operations approach in using measures to effect Information layer in a system of systems structure

Both concepts have process approach, where adversary is modelled with three layer system of systems. Physical layer is material, infrastructural and corpus layer, where conventional arms kinetic effect is causing incidents and losses, that create information in sensor systems or human information management level. Information is being transferred to feelings and thoughts in human cognitive level. There it is recognized, labelled and compared to existing and memories – both feelings and logic. This understanding is creating change in behaviour of adversary’s force, society and political leadership.

Information and psychological means are targeted directly to information layer, where it is being processed by human or technical information systems. This non-lethal effect creates emotional-logical understanding at cognitive layer and targeted change in behaviour. A mixture of different avenues is being used, when small terrorist group executes relatively small missions at physical level, but publishes it in Internet. It might be amplified with feelings and timing by news channels, mobile phone and Internet at information layer to a degree, which creates stronger feelings of fear within greater audience. This is the case for example in Iraq, where Al Qaeda element are “hyper-empowered” by information channels and media. According General McChrystal :” Through posting grisly videos of their suicide bombings online, for example, they magnified their actions in the eyes of the world audience, drummed up recruits and donations from sympathetic spectators, and made themselves all the more terrifying to Iraqis.”

2.2 Psychological operations

Psychological Operations, PSYOP or Military Information Support Operations (MISO) are intentional operations to influence audiences emotions, motives, reasoning and behaviour by utilizing information and indicators via selected channels of media. PSYOP can encourage popular discontent with the opposition's leadership. As Sun Tzu has said, one has to know his opponent, understand the thinking of his opponent and attack the coalition, trust and plan of his opponent before engaging in armed conflict.  One can combine persuasion with a credible threat to degrade an adversary's ability to conduct or sustain military operations.
By lowering the adversary's morale and then its efficiency, PSYOP can also discourage aggressive actions by creating disaffection within their ranks, ultimately leading to surrender.

An example of strategic PSYOP is from 2002-2003 US – Iraq operation where President of U.S.A did utilize psychological tools himself trying to create favourable public opinion in USA, Globally and in some measures also within Iraq people. See quotes in next picture.


Picture 13: An example of PSYOP themes U.S. was executing before coalition attacked to Iraq in spring 2003

In PSYOP plan there is main themes that are repeated to create deeper feeling and intended perception. In confrontation between U.S. led Coalition and Iraq, the U.S side had major theme of “Saddam’s Regime being threat to rest free world” but behind that there were other Courses of Action like improving national integrity with 911, turning citizens focus outwards from domestic problems and in the end preserving access to oil resources. Iraq in the other hand emphasized themes of “Innocent, good governance and suffer caused by economical ban”. Behind that façade were attempts to sustain the regime and drive to be “a head” of Arab world.

With Internet and global media PSYOPs and former Propaganda have extended the area of operations and introduced many more stake holders like sponsors, supporters, conformists, opponents, fame seekers, etc. that are actively using media to create images. In Iraqi Freedom operation some European countries were proclaiming U.S. illegal action against Iraq, because of pressure coming from their own Muslim minority, status of their own economy, home politics and vote fishing attempts or out of fear of creating unmanaged risks. Some extreme Muslim societies did use the opportunity to emphasize their confrontation with U.S. to gain more support among their followers.

One of the widest utilization of PSYOP has been Natzional-Socialist Regiment lead by Adolf Hitler. They had observed Socialist-Marxist movement and I WW parties and concluded that:
Propaganda is means, thus judged with regard to its end.
Propaganda is directed to masses to create first impressions.
“It [Propaganda] is a means and must therefore be judged with regard to its end. It must consequently take a form calculated to support the aim which it serves. It is also obvious that its aim can vary in importance from the standpoint of general need, and that the inner value of the propaganda will vary accordingly.”
“It [Propaganda] must be addressed always and exclusively to the masses. … The function of propaganda does not lie in the scientific training of the individual, but in calling the masses' attention to certain facts, processes, necessities, etc., whose significance is thus for the first time placed within their field of vision.”

2.3 Electronic Warfare

Electronic Warfare, EW is including every action involving the use of electromagnetic and directed energy to control the electromagnetic spectrum or to attack the enemy usage of electromagnetic space. Electronic warfare may be divided to electronic countermeasures (ECM) that are tools to attack in electronic way (also called Electronic Attack, EA); electronic counter-counter measures (ECCM), that are tools to protect from electronic effects (also called Electronic Protection, EP) and electronic support measures (ESM). One of the first electronic warfare operations was conducted during Battle of Britain, where Luftwaffe was using radio beams to direct their night bombers over United Kingdom. British defence utilized various means of jamming and distortion to deceive incoming German bombers.

An example from 1990 operation Desert Storm in Persian Gulf. Iraq air defence system was depressed with following tactics using both EW and kinetic power in next picture:


Picture 14: Example of Electronic Warfare in operation Desert Storm 1990

  • Wild Weasel platforms were used to jam Iraq ground based air defence (GBAD) radars, when fighters prevented any airborne radar usage. 
  • Helicopters attacked with missiles advancing beneath radar coverage and destroying some of the jammed radar stations. This created caps in air surveillance system for others to fly through deeper into adversary air space.
  • Fighter-attackers were mounted with radiation homing missiles (HARM) and supported by Wild Weasel escort jamming they hit a number of radar stations. Just before launching the missile, fighter-attacker did transmit particular signal to be received by enemy Ground Based Air Defence. 
  • Later, when threat indicators of radar signals were identified aboard F/A, it only needed to send this particular signal and radar stations were shut down by their operators. This is a school book example of changing human behaviour in military environment.

In Russian military operations Electronic Warfare is being utilized widely starting from tactical level, where jamming adversary’s receivers is considered as normal fires as any artillery or air-to-ground support. Russian divisions are being supported by vast amount of electronic counter measure platforms both from land and air, which are able to paralyze all radio based command and control systems in the area of major strike. At strategic level Red Army has plans to utilize small nuclear warheads to create strategic electronic shock effect by high altitude electromagnetic pulse, (HEMP). This is done by detonating a small warhead above mid-stratosphere, where gamma rays are converted to electromagnetic radiation, which induces as fast high voltage and current burst in any metal conductors. Burst destroys modern digital electronics and integrated circuits. In an example burst detonated roughly 100 km high will give effective range of over 1 000 km radius. Electromagnetic wave hits area of effect within couple of milliseconds. Wave might have peak field of 50 kV/m, which generates over 5 000 volts burst in 10 cm long cord. Wave is faster and more powerful than lighting and it destroys any unprotected digital radio or wired IC in the area of effect.

2.4 Computer Network Operations

Computer Network Operations, CNO are comprised of computer network attacks, computer network defence, and related computing assets exploitation enabling operations also called cyber operations, computer attacks etc. These operations are using processors, applications and networks to attack or defend information assets or capabilities. Information Assurance (IA) measures are utilized in defensive computer network operations.

Autumn 1988 student Robert Morris typed few commands in to Cornell University campus computer, hit enter and went to dinner. He had created an experiment of how program would slowly copy itself from computer to computer around Arpanet. When he returned he found out that program had reproduced itself to totally overburden thousands of computers within Arpanet’s military, university and corporate society. This was the first network worm – Morris worm that contaminated large amount of computers within couple of hours.

During Desert Shield operation in autumn 1990 the U.S. led coalition force had wide x.25 network to connect all sites in the area of operation with IP-services. They also had virus detection programs running in networked computers. During operation Signals noticed that the fingerprint file they used to update their virus scanners did include some malevolent code.

1993 two immigration lawyers send their advertisement to all users of Usenet discussion groups. This was one of the first mass spams called Green Card Spam.  Accelerated with Internet, enabled by naïve people and driven by economics this phenomena fills average 70% of today’s email-systems of which over 60% is coming from China, USA, South Korea and Italy.

During 2002 – 2003 Iraq operation in Internet was utilized by many different parties of hackers (USA patriots, pro-Islamic groups, peace activists, fame seeking persons), that actively participated in computer network operation. Network attacks resulted having over 200 web pages tampered right after H –hour of military attack. Computing assets were exploited by several malevolent software like Lioten, Prune and Ganda.

Estonian “bronze soldier” crises on 2007 was defined by alleged Russian Distributed Denial of Service (DDoS) attack against Estonian governmental Internet accesses and all sites of governmental services. This episode gives good view on the process, which defence has to manage in computer network defence operations:

  • first every defender is trying individually to seek and solve the root cause for the malfunctioning services since they do not possess awareness of situation widely
  • via national CERT collaboration wider understanding of sphere of the attack is created and counter-planning starts in co-operation between government, site administrators and network service providers
  • unrest among citizens is increasing and politicians are heavily questioned by uninformed people and media that wants business benefits from this interest
  • collective counter-counter measures are launched and they start limiting the effect of DDoS attacks. Global Computer Network Defence companies come to offer their services and surveillance information.
  • unrest and speculation is still going on because individuals feeling of safety has been tampered and rumours are spreading in social media. Government uses lots of energy and time to explain situation to people and change their attitude created with first impression.
  • feeling of insecurity remains with people although in practice all services are functioning normally = ADVERSARY HAS MET HIS GOALS IN POLITICAL AND SOCIAL LINES OF OPERATION

Estonian government learnt their lessons from this. NATO established their newest cyber defence centre in Estonia and government distributed their Internet access to many channels and addresses. Governmental service portals changed to cloud services that allowed them to be served via many different addresses and name servers.

During 2010’s an alleged U.S. and Israeli operation against Iranian nuclear program created malevolent software called “STUXNET”. It was injected through all security procedures and over “air cap” isolation finally penetrating to centrifuge controlling systems and accelerating them to their destruction. Early 2013 a single malevolent Platform as a Service (PAAS) –provider launched a DDoS-attack against core Internet operators causing the biggest overloading attack against Internet core switches this far.
From 1990’s computer network operation capability has been under heavy development as states have constructed their cyber defence and attack forces, advanced hackers provide vast variety of tools to more simple users to attack virtual targets. Next picture is giving an example of this development.


Picture 15: An example graph that shows how computer attack sophistication has increased while requirements for intruder knowledge has decreased

2.5 Command and Control warfare as a special application of Information Operations 

Command and Control warfare is a special kind of Information Operation that is targeting adversary’s line of command, C4I-systems, command posts and commanders thinking. Military structures have mostly been hierarchical and sometimes line of command may be very long. There have been commanders that have restricted vastly their subordinates freedom of operation due lack of trust or in fear of losing control. Centralised command and control without mission command or delegated authority is easy to take apart by eliminating the top part of C2 chain. USSR military advisors constructed centralized Air Defence system in Iraq during early 1990’s, which U.S. lead Allied forces targeted cutting cable lines and destroying command posts thus disintegrating whole system to useless components. Similarly U.S. lead alliance tried to decapitate Saddam Hussein in Iraq Freedom operation during their first strategic hits in order to remove the very Center of Gravity. Different command and control topologies and their vulnerability is presented in next picture.


Picture 16: Command and Control warfare targeting principles against different C2 structures
If command and control structure is following normal military hierarchy, then adversary is targeting it from top to bottom. This has been one of the strategies in ISAF operation, where special operation units and remotely piloted vehicles have been hitting against Taleban hierarchical command and control structure.

To counter this single point of failure in their command and control structure societies have adapted mission command methods, where subordinates are given only commanders intentions and authority to plan and execute their mission with their best understanding and effort. These delegated commanders do collaborate with each other to synchronize their efforts via modern C4I-systems. This was utilized very effectively by Napoleon with his Army Corps and in Wehrmacht of II WW, where Brigade commanders were independently executing missions and Allied Forces leadership was having trouble to meet their pace. Not until they were able to take down the communications between commanders, they were successful in disintegrating the C2 structure.

Al Qaida and some other insurgency groups have adopted an organization where small cells do operate distributed with no apparent command and control structure. This kind of structure requires first communications and signals intelligence to analyse who is talking with who and then targeting the nodes that are more active.

2.6 Deception

Deception is a base of any art of operation and tactics. Deception requires some facts at physical level but presents distorted or converted data at information level to give false understanding at cognitive level. Information operation is multiplying the effect of deception because modern information channels deliver information almost directly from source to potential receivers.

As Sun Tzu has said one has to know his opponent, understand the thinking of his opponent and attack the coalition, trust and plan of his opponent before engaging in armed conflict.  If one has insight his adversary’s personality and method of thinking, one might be able to amplify already set impressions with false information and in physical world execute operation in entirely different way.

Deception is effective if it is based on realistic operation plan, having some real troops and preparations in place and furthermost enforcing some presumption that adversary has already made. Human being has a tendency for being egocentric. Egocentric memory is a natural tendency to forget information that does not support the adopted line of thinking.  Egocentric myopia refers to thinking within an overly narrow point of view.  Egocentric righteousness is a tendency to feel superior based on the belief that one has actually figured out how the world works.  Egocentric blindness is the natural tendency not to notice facts and evidence that contradict ones believes or values. This is general psychological base for military deception since officers are trained to be exceptional confident in respect to both validity and correctness of their views.

2.7 Information operation examples from history

Information operation is not a new thing and when successful it is executed jointly with other courses of action and lines of operation. An example of successful joint operation is from WW II when Germany attacked against Allied Forces in Northern France.

  • When comparing pure military force, there was no advantage for Germans but forces were almost equal in strength. No higher military officer with lessons from I WW could have estimated any success for attacker. See balance in next picture.


Picture 17: A simplified comparison between military structures of Allied and German sides before “Blitzkrieg” operation that break up allied British and French forces 1940.

  • Allied high command had been in WW I and their experience was restricted to slow defensive battle. That impression was amplified by German Army Group B, which was making similar preparations than before the initial attack of Schlieffen plan in 1914. Within Allied lead there was few or none doubts that their right flank would be breached.
  • Germans utilized their forces in combined armed way massing main battle tanks together with supported motorized infantry, very mobile reconnaissance units advancing on motorcycles and Stuka (Sturzkampfflugzeug)-dive bombers air-to-ground fire support. German forces and leaders learnt their lessons from operation in Poland, practised all year combined arms attack and kept the spirit high within soldiers and home front.
  • Allied Force prepared for different kind of fighting. They kept their arms in regiments, centralised their hierarchical command, did not train much and troops had lots of free time, which resulted lack of co-operation between troops, low discipline in ranks and low initiative with midlevel leaders. 
  • At same time European socialist movement did pro-national socialist propaganda, launched numerous strikes in French factories and NSDAP  utilized this groundwork further along Goebbels propaganda plans.
  • In the end General Heinz Guderian executed a motorized flanking operation that reached Atlantic shores behind disintegrating Allied Army within 10 days. That was faster than any land operation before this. Army Group A slashed Allied lines of command, beat Brigadier Gaulle’s distributed tank troops, destroyed soldiers fighting spirit and disintegrated the whole force. German operation was swifter than anything Allied military planning was anticipating or prepared for and pace of incidents overloaded Allied Command and Control system. 

GERMAN UNCONVENTIONAL COMBINED ARMS OPERATION AT PHYSICAL LEVEL GAINED INFORMATION DOMINANCE OVER ALLIED FORCE AND SEIZED ALL CONTROLLED BEHAVIOUR DRIVING UNITS TO CHAOS.

Information asymmetry is one term that is defining information dominance. In 2003 operation against Iraq forces U.S. lead allied forces gained asymmetry with air based information technology as depicted in next picture.


Picture 18: An example of Allied information technology dominance from Iraq operation 2003

  • Iraq Forces standard Armoured Personnel Carrier (APC) was manufactured between 1950 – 1970 and had roughly 10 mm armour and 12.7 or 14.5 mm heavy machine gun with effective range approximately 500 m in good visible light conditions.
  • A formation of Iraq APCs was detected by Unmanned Arial Vehicle, UAV flying at altitude of 10 km.
  • Targets were identified and positioned with UAV flying 3 km above.
  • Decision to engage were made hundreds kilometres away enabled by airborne network.
  • A stand-off -warhead or Precision Guided Bomb was launched from 15 - 100 km away from air-borne platform and target was hit without practically no warning to crew in APC.

The space of information operations is wider and deeper than any other means of operation (Land, Air, Maritime). Information operation maybe waged along all lines of operation: military, political, economic and social. Information operation may be targeted against physical system, information asset or human being so all layers of target structure may be effected: physical, information and cognitive. Information operation may be launched not only towards adversary forces or people but also to change behaviour of allied, neutral or own forces, people or leaders. To be effective information attack needs to be observed, to pass over the threshold of human attention, create change in human attitude and finally change human behaviour.

To be continued ...

2013-11-08

Narratives of life - twenties

When I was in my twenties just out from Military College, I thought that being the best operator of all systems and example in everything were only things that was needed to be a leader in Signals. I hated every undefined feature in Signals procedures and spend hours to write how things should be done. I pressed my subordinates with both lengthy instructions and energetic behaviour. I competed with my peers and superiors in being most skillful, strong and strict young officer in the field of Signals business.

Up to a certain level everything went well. Conscripts followed my instructions, sometimes out of fear towards my temper and overarching skills and sometimes just to get things over with and return back to barracks. My peers did not like me because of constant competition and I did not gain any close friendship with them. My superiors either disliked me and turned their attention somewhere else or trusted me and gave freedom of operation.

I felt left alone with my role of being the best. Gradually I changed my behaviour to be more supportive towards my peers. I shared my work with them and helped them in their problems. I teamed up with some really good fellows to study together and we all were successfully passed in entry exams to General Staff College. I learned that sharing will enable collegial support and that will get you further than selfish hoarding of information and constant comparison of your skills and capabilities.


Later I realized that I had been risen to behave like that. The whole education system was driven by individual values and competition was constant as we were set in order of superiority every time in exams and tests. Only in conscript training some credit was gained by team, when we together were able to ski through dark forest, settle a camp and counter enemy attack just before sun rise. Even that was ruined, when excess holidays were given on basis of individual success in shooting, running or exams. Team sociology was educated in Military College only in theory when competition between cadets was constant and only sanctions would have been addressed in team basis. After graduation I was given a task to compose integrated teams out of heterogeneous conscripts in my responsibility. I did not have any practical experience on that but taking them out in the woods and giving them challenges that they together were able to overcome. My superior skills and using them to humiliate my conscripts or peers were only counterproductive.