Information systems bring revolutionary capabilities—and increased vulnerabilities—to the battlefield.
Revolutionary changes are under way in warfare, at least in part stemming from changes in information systems and their associated capabilities. In assessing the impact of those changes on military organizations and operations, much of the discussion has revolved around command and control, communications, computers, and electronic warfare. This focus on the tangible and familiar made some sense; nevertheless, it is also clear that what is now being called “information warfare” includes elements that transcend computers, communications, and electronic warfare. These broader aspects of information warfare have far-reaching implications for military strategy and policy.
Ambiguity
Information warfare (IW) seems to lend itself to ambiguity, including the issue of deciding that a war has begun in the first place. It is not at all clear that information-warfare steps by a potential adversary would be readily detectable; the “How do you know you are at war?” question may be quite difficult to answer. This is particularly true in the case of such IW elements as computer attacks, deception operations, and conditioning using what used to be called propaganda. The rapid growth of interconnections—already manifest in communications and banking—presents more opportunities to do grievous harm, quickly and with little or no warning, with a minimal signature. In many cases, even when some suspect activity is detected, it may be very difficult to trace the origins of an IW attack, to discern connections between seemingly random actions, or to convince policymakers that the detected activity was done with hostile intent. Accordingly, the indications and warning associated with the outset of warfare will have to change.
Information warfare in 2015 also portends a very different set of potential responses by the United States, if a possible adversary should be detected acting in a hostile or potentially hostile fashion. IW measures that the United States could take at the outset of such crises might require quite different rules of engagement than have been contemplated up to now. This is both good news and bad news. The good news is that there may be many new tools available, short of lethal attacks, to signal to an adversary that warfare with the United States might be a bad idea. The bad news is again the inherent ambiguity in some information warfare methods—it might be hard to signal clear intentions or even to ensure that a signal is perceived at all. In any case, much thought is required to examine threats and the threat-detection process, requirements for intelligence, and new rules of engagement.
Changing Vulnerabilities and Organizations
Countering an adversary’s command and control always has been a feature of warfare, but in the continental United States we have not been particularly vulnerable to such measures. One clear implication of warfare in 2015 is that almost any enemy will try to degrade the U.S. information system. The United States must be prepared for that eventuality. Paradoxically, although the technology of information systems is becoming ever more capable and sophisticated, this does not guarantee security; in fact, it may make it harder to secure the U.S. information infrastructure from attacks.
There are a host of reasons why this is true—one of which is that information warfare generates problems at the national security level (rather than at a single-service or Department of Defense level). Such problems will not be solved by creating a new organization within the armed forces; they reach beyond the armed forces to include the entire regional security infrastructure. As this infrastructure grows and elaborates, its reach expands beyond the control of any single entity and any single nation, and it opens access points at myriad places. The 1994 military organizational structure is likely to be ill-suited to manage the complexities of information warfare in 2015.
Another deficiency is the lack of a coherent approach to offensive and defensive considerations for information warfare—except at the operational or tactical level. Nowhere in our system do we bring together and integrate these considerations, nor is there a single locus for requirements generation and claimancy in the acquisition process for information warfare.
The Defense Information Systems Agency has been actively pursuing “information assurance” as a part of their charter to take in hand all information-system responsibilities for DoD, but this is not an operational command. The Chairman of the Joint Chiefs has designated the J-3 (operations) and J-6 (command, control, communications, and computers) organizations as the loci, respectively, of offensive and defensive IW planning, but this does not provide a single focus for wartime command, either.
Much of the discussion of open or distributed architectures and “information pull” approaches to supporting operations implies that we can approach planning and execution with a view that the communications pipes will be available and that there will be little to concern operators in the overall architecture or in the nature and characteristics of those pipes. In at least two regards—addressing potential vulnerabilities during planning and adjusting organization concepts for effective IW war fighting—operators may require more hands-on familiarity with the ways we knit together our commands in order for them to execute our strategy effectively.
There are two simple examples of the problems we can anticipate if such operational information awareness is not an element of the force. One is logistics information systems, which tend to be both elaborate and critical to successful military operations and yet generally subject to less stringent security measures than other military information systems. This is not just an issue of cryptologic security, although that is one area in which logistics communications lag behind their operational counterparts. The system could be cryptologically secure but still quite vulnerable; an enemy could introduce significant disruption by merely denying us information—by interfering with logistics transmission links—or by introducing random errors into the system. An operational commander unaware of the details of his logistics communications is unaware of significant potential IW vulnerabilities.
A second example, affecting the approach to organizing for combat, is the presence of automated systems on the battlefield—systems likely to be considerably more widespread in 2015. The commander who knows his human systems, but who does not understand his automated systems, will be vulnerable to surprise, possibly to defeat. Knowing the automated systems entails understanding the rules under which these systems are programmed—the software will be (and is now) part of the command-and-control system.
There are already many autonomous systems available to the commander, including unmanned aerial and undersea vehicles, smart mines, Tomahawk cruise missiles, and other guided weapons. The integration of battlefield robots also may pose a potential IW vulnerability.
Organizing for Operations
In dealing with the information revolution, the armed forces seem to be “polishing the stove pipes,” i.e., working to improve performance elements within the current organizational structure, rather than coming to grips with the implications of systems and capabilities that do not fit within that structure. This is a fundamental issue. The military has viewed information services (traditionally, intelligence and communications) as supporting inputs to the actual warfare functions of fire, maneuver, and strike.
But information warfare might not always be a supporting function; in some future campaigns, it might take a leading role. This makes it both increasingly important and challenging to get the organizational issue right. By 2015, the requirements of the battlefield will be such that traditional hierarchical command-and-control arrangements may be obsolete. The trend toward decentralization is already well established. Efforts to work the time lines of sensor-to-shooter linkages are pressing such requirements on the Navy. Information technology is making distributed systems commonplace, and (as one observer remarked) “virtual organizations” are growing like cultures on a Petrie dish. The speed of action and adaptation of such new organizational entities suggests some strengths that the military would be wise to examine.
Modeling
It is apparent that such changes are already under way. Their impact on military systems, organizations, and operational concepts, however, is just beginning to be appreciated—and projecting the course and outcome of such impact for 2015 is a major challenge. One approach involves using models, simulations, and war gaming to examine the changes, with an eye toward identifying the character and extent of the influence information warfare will have on future battlefields. In fact, one aspect of the use of information systems in warfare involves employing simulation much more extensively for everything from individual training to supporting large-scale exercises and mission planning.
Large-scale, interactive simulations that incorporate widely distributed, actual and semi-automated joint forces, such as those planned for Simulation Network/Distributed Interactive Simulation (SIMNET/DIS), are being designed and procured today. These and other simulation capabilities are and will be used to support training, mission planning and practice, and operational planning. In view of the critical part these systems will play in the future U.S. military, it is important to note that practically none of them address operational or strategic level vulnerabilities of U.S. forces to information attacks; nor do they allow more than the tactical-level play of information warfare (in reality, just end-game electronic warfare).
Moreover, the basic measures of effectiveness and algorithms upon which these simulations are based do not address most (if any) of the aspects of information warfare at any level—there are simply no measures for judging warfare outcomes from information-warfare inputs. Although some attention has been paid to offensive information actions (mostly at a tactical level or in support of targeting), information-warfare attacks against U.S. forces in such simulations primarily are just assumed away, and no useful measures of the relative combat value of intelligence, communications, deception, or other information-warfare applications exists in any simulation, model, or game.
At the same time, we are seeing trends that presage a rapid increase in the attention paid to information warfare as a key element of future U.S. military practice, a rapid growth in simulation and gaming dependency for U.S. forces, and a growing deployment of information systems across all warfare areas in the field and in the fleet. In many cases, this infrastructure extends well beyond the Department of Defense, as operating forces increasingly use leased commercial communications and commercial imagery, inter alia, in support of their requirements. Many of the communications routes are obscured to the user: he does not know where his communications may be routed, going out or coming in. In many ways, this transparency is also true of the measures of effectiveness and assumptions built into the simulations and games being widely used in DoD—off-the-shelf models that have been designed for other purposes are used or become the basis for new models, without explicit attention to the underlying assumptions that were part of the design process many years ago.
In any case, the new attention to information warfare means that these models and their assumptions require a detailed reexamination. At best, they may be incomplete; more likely, they are unable to take into account the key determinants of future warfare outcomes—and thus simulations and games using these models will be misleading or wrong.
Targeting ... Us
The changes under way m warfare also fundamentally change the target for enemy exploitation. If we change our logistics infrastructure to use transponders on every container of material we ship (a step planned by the Army Material Command to improve logistics visibility and reduce handling), a sentient enemy will look for ways to activate the transponders to provide targeting of logistics nodes. Adversaries in 2015 will develop measures to take advantage of newly perceived vulnerabilities. Systems such as Aegis, airborne warning and control, joint surveillance and target attack radar (JSTARS), space communications, computers, and the associated networks, are not only strengths of the new military, they are also new targets.
As this new system of systems grows, its vulnerabilities must be identified so we can adjust and maintain our military effectiveness. Presence of the “nodes” in the continental United States no longer implies invulnerability. A teenager with a modem and phone line can now access U.S. targets in an instant—and so can a smart adversary. Unfortunately, modeling of these new targets, of new ways to attack them, and particularly of their interactions and networks is not part of most simulations.
Gaming
The situation in gaming is, if possible, even worse. Gaming of information warfare has only just begun. There is no automated gaming system that includes any of the major elements of information warfare in any fidelity.
Where addressed at all, it has been done off-line, with human experts—usually experts in electronic warfare, space systems, or communications. When games have introduced any disruption of the sort possible with a concerted information-warfare attack, they quickly have come to a halt. Rather than analyzing whether the disruption might truly reflect a potential wartime outcome, such results have been banished from games as being disruptive of game play and an interference with higher objectives of the game. Their occurrence, if allowed at all, is treated off-line. This is as true for Navy gaming as it is for gaming in the other services.
As information-warfare concepts and the associated systems and techniques move into the U.S. force structure, gaming should change to reflect the new approach and new threats. For as we change, so will our adversaries. This will require a dedicated effort to develop new measures, models, scenarios, gaming techniques, and games.
Sensible projections of future force effects on the battlefield cannot be done without this fundamental underpinning. In short, modeling the impact of information warfare always has been difficult and therefore has not been done. And now the target is being changed rapidly by the geometric growth of military and commercial information systems and the spread of those capabilities across the globe. We must work out what information warfare gaming should look like and think through the many issues that such gaming poses for modeling.
The Challenge
Information warfare is a key element of a potential revolution in military affairs and may become a crucial determinant of warfare outcomes; the U.S. Navy will have to come to grips with the intelligence, policy, conceptual, organizational, and modeling issues it presents. They are at least as important as the technological changes that are rapidly altering the military battlefield. Today, information technology is spreading worldwide; by 2015, many states may have technologies comparable to those in the United States. Achieving revolutionary effects depends upon developing the concepts and organizations to take full advantage of the technology. By 2015 someone else might get these elements right. The imperative for the United States and the U.S. Navy is to get there first.
A former naval intelligence officer, Mr. Kraus is a senior analyst in the Strategic Assessment Center of Science Applications International Corporation. He has extensive background in military and naval operational and intelligence analysis and comparative analysis, technology assessment, scenario development, war-gaming design, and the use of gaming to support analysis. He currently leads a multiyear study for the Office of the Secretary of Defense, focused on information warfare.