Home » Cyber-warfare » When Do Information Operations Become Cyber Warfare?

When Do Information Operations Become Cyber Warfare?

By Kevin Coleman
Defense Tech Cyber Warfare Analyst

An interesting question, well more than a question, it was an out and out argument that I got brought into via email last week. I thought this was the perfect venue to address the disagreement. The disagreement centered around the difference between IO (information operations) and CW (cyber warfare).

Definition:

JP 3–13 defines Information Operations (IO) as — “the integrated employment of electronic warfare, computer network operations, psychological operations, military deception, and operations security, in concert with specified supporting and related capabilities, to influence, disrupt, corrupt or usurp adversarial human and automated decision making while protecting our own.”

It should be noted that this term and its definition modify the existing term and its definition and are approved for inclusion in the next edition of JP 1–02. Read more here.

At this point there is NO formally accepted definition of cyber warfare. It is hard to believe but no one has come up with a decent answer to this extremely important question. At this point there are no clear and distinct rules for behaviors in the cyber warfare domain. Some believe the Obama administration has purposely delayed a formal definition of cyber war so that a response by the U.S would not be pushed if a cyber event meeting the criteria were to take place.

The question remains – what is the difference, if any, between “cyber warfare” and information operations? Using the IO definition above, we want to hear from you.

Share |

{ 8 comments… read them below or add one }

Ryan August 31, 2010 at 9:18 am

It seems rather clear from the JP 3-13 definition of IO that electronic warfare (inclusive of cyber warfare) is a subset of IO. After all, cyber warfare is mostly information denial (including disruption of communications), information seeking, or disinformation.

Even when cyber warfare is targeted at destroying or impairing infrastructure (power grid attacks etc), it does so via sending information in the more literal sense of the term. Of course, from a physics perspective, sending a bomb filled with chemical explosives is also sending information. Nonetheless, all forms of cyber warfare rely on sending information in a way that is more generally accepted as being actual information - that is computer code.

Ultimately I fail to see what's so confusing about this topic, or open to debate. Cyber warfare is a clearly specific subset of IO. IO certainly can be carried out by other means, so it is clearly the 'umbrella term'. What's to argue?

Reply

seymour01 August 31, 2010 at 11:01 am

Ryan in the comment above is correct. Having been in IO from 2001-2005 and deployed in support of IO, what is thought of as cyber warfare, as is popularly “defined” is a subset of Information Operations. By no means is all of IO centered around cyber anything. IO is centered around Information. Look at the components of what is considered IO. I hate to put it this way, but IO manages the information environment of both friends and enemies. For the record I was 31A qualified, and I currently work in the IT field in my civilian life now. I spent my time deployed working with the PAO, PSYOP, Civil Affairs, G2, and line grunts, not working with the digit heads in the commo shack.

Reply

Cliff W. Gilmore August 31, 2010 at 6:36 pm

Seymour01 raises a key point in his offhand distinction between the "…PAO, PsyOp, CA, G2 and line grunts…" vs. the "digit heads in the commo shack." Take this thought one step further and we arrive at a comparison between communication (sans "s") and communications. Often used as synonyms, the two terms actually mean something significantly different: Communication is grounded in social theory, communications in technical and mathematics theory. The military's current mindset is grounded in the technical school of thought. Consider: we use phrases like "deliver a message to a target audience" and "information environment." The former is pure monologue and when we operate within the paradigm of an information environment we focus our attention on information which is merely one — and arguably the least important — element of any holistic social communication model. It doesn't help that few of our Psychological Operations people actually have a background in Psychology and many of our communication practitioners (whether in PA or SC) don't actually have a background in Communication. Consequently we focus our effort either on information control and delivery (in this day and age the metaphorical equivalent of the Little Dutch Boy sticking his finger into an oncoming wave) or on the medium rather than on execution of a deliberate principle-based communication process of engagement and exchange that starts with defining an issue and focuses on ensuring our credibility is greater than that of our enemies. Back to the original topic — yes, the term "Cyber Warfare" needs to be defined if we hope to engage successfully in that domain and certainly the technical element plays a key role in perception warfare, but the debate over where the line between IO and Cyber Warfare should be drawn is at best a distraction: If we hope to succeed on the communication front we need to draw a line between technical and social communication and then cross over it to engage in the communication environment. Some might chafe at the idea, but when it comes to perception games PA, IO, PsyOp, SC and, yes, even Cyber are subsets of communication without that pesky "s".

Reply

Jacob August 31, 2010 at 1:32 pm

"Even when cyber warfare is targeted at destroying or impairing infrastructure (power grid attacks etc), it does so via sending information in the more literal sense of the term."

But how is shutting down a power plant via cyber attacks qualitatively any different from dropping a JDAM on the plant and shutting it down that way? It's just that one method attacks the hardware component of the power grid while the other attacks the software component.

Reply

Ryan September 1, 2010 at 9:00 am

The biggest difference is that smart use of cyber warfare can allow you to quickly undo the damage you've done. Just as you essentially sent a message telling the software to switch off, you can then send the message to turn back on. Cyber warfare attacks can therefore be used as resource denial instead of resource destruction.

Reply

Kevin August 31, 2010 at 2:01 pm

So then I have a question!!

Is IO now under Cyber Warfare since Cyber Command is up and charges with the mission?

Reply

Mike V September 2, 2010 at 12:18 pm

There is no real argument to be made. CNO supports IO just as Air Power supports Land Warfare (and for that matter aspects of IO will also support cyberoperations). CNO will support ops across the spectrum in multiple disciplines and domains. With the decision to identify Cyber as a domain the question of whether IO owns it or it owns IO is moot.

Reply

Joel H September 3, 2010 at 11:26 am

First, all cyber warfare is a part of information operations, but not all information operations are cyber warfare. General Keys is correct that IO is much more inclusive.

The definition of IO as published in JP 3-13 is roundly poo-poo'd across the board and I know the new definition is much more inclusive, not centered on an adversary and IO can be conducted in peace, crisis and war.

As Dr. Dan Kuehl often says in his talks, IO is about three things: Content, Communications/connectivity and Cognitive. Content is the message, communications is how we get the message to the recipient and Cognitive is how the person internalizes and thinks about the message, I'm grossly paraphrasing. Cyber, in this case, would be considered part of communications or connectivity. In this regard cyber and electronic warfare would be about degrading, destroying or denying the information to an adversarial leader, decision maker or a population. In my mind it's just using 'cyber' to wage war, but heck yes, war in the cyber world is different from any conventional definition of war. In cyberwar people don't die, at least not directly. Cyberwar doesn't destroy anything other than bits and bytes. Cyberwar will not cause the downfall of any governments.

Information Operations, but in this case I'll change the name to information warfare, does. If done correctly, in information warfare people may die, things can be destroyed and governments may fall. Perhaps not all at one time, but if those are the objectives, they can be caused to happen.

Reply

Leave a Comment

Previous post:

Next post: