Then we had Information Warfare (IW) and life was good.
Then in the mid 1990s we got politically correct and called it Information Operations (IO), because State doesn’t DO anything associated with warfare. And life was good. In the latest edition of Joint Publication 3-13, Information Operations, the official acronym IW was dropped by the US military.
Now we have all kinds of acronyms – IO, IW, SC, PD, IIA, IE, you name it, all strategies seeking to influence others. There are tons of companies that say they do IO, but when I call them up I usually spend the first five minutes in ‘discovery mode’, finding out which flavor of IO they ‘do’.
Roughly 80% of the time the companies really mean they do cyber, and almost 99.99% of the time when they say cyber they mean cyber defense aka cyber security or even Information Assurance (IA). I know a few companies that do offensive cyber, but now we’re talking in very hush-hush terms about mostly highly classified programs and normally closely associated with the military.
I have to really dig to find companies that ‘do’ Military Information Support Operations (MISO), which used to be called Psychological Operations, but there are a few niche companies who do. It’s a very close knit field consisting of mostly people who come from Fort Bragg, NC. I’m hoping to see more MISO requirements originating from the 4th MISO group and OSD.
Electronic Warfare (EW) is a small high-tech community that is becoming integrated with existing and developing systems, unfortunately they are scrambling for recognition in many cases – senior EW leaders feel maligned or neglected by the IO community in some cases. The EW community ‘fights’ within the Electromagnetic Spectrum (EMS) but don’t get a lot of headlines.
Cyber cannot exist without full use of the EMS, the USCyberCommand realizes this, but it is not widely recognized nor understood. At one point there was a mission statement released for draft from Cyber Command where four of their bullets addressed the EMS, but, alas, this public recognition seems to have disappeared. The relationship between Cyber Command and the EW community is being tenderly nurtured by some within the EW community.
Nobody seems to do Operational Security (OPSEC) in the corporate world because everybody does operational security. There are a few commercial models to protect data from being exfiltrated, my favorite being a small company called Azos, who make data disappear if it doesn’t have permission to be shared. Neat concept. Again, cyber is the environment (I can’t call it a domain in this case); information protection is the action.
Military Deception is a niche field for planners, most corporate entities supplying this expertise to the military and the government on a semi-permanent basis, and then it’s on a need to know basis.
The IO field is maturing and evolving, life is good. So WHY do I keep running into the phrase Information Warfare?
In 2009 I attended a conference on cyberwar in Moscow, Russia, on the second day of the conference there was a seminar on Information Warfare. I attended and the only thing discussed was cybersecurity. I was depressed, I really wanted to hear a spirited conversation about IW, because the Russians “get it”.
They understand that by using information you can cause an Arab Spring, you can overthrow governments and lots of people may be killed standing up for freedom. That is why the Russians (and the Chinese, et al) seek to control information so rigorously.
Recently I attended a conference on the Fundamentals of Chinese Information Warfare, but all we talked about was cyber. Only one of the speakers, Dr. James Mulvenon, spoke about IW briefly and then again only after being asked about it, directly, by a attendee from DARPA.
Dr. Mulvenon mentioned Timothy L. Thomas, of US Army FMSO, citing his work for more detail in IW, but that was almost the extent of the discussion of real IW. Again, I was disappointed.
If the discussion is about cyber and warfare in cyberspace, why use the phrase Information Warfare? Has cyber ‘anything’ become so overused that we need to resort to using a much broader term to interest people in a cyber discussion?
Cross-posted from To Inform is to Influence