DEFENSIVE INFORMATION OPERATIONS (DIO) - A J6 Perspective
Defensive Information Strategy at United States Central Command
October 1998

By Maj Gen (Sel) Harry D. Raduege, Jr., USAF, Maj Michael Gasapo, USMC, and LTC Peter Barnes, USA

During February 1998, United States Central Command (USCENTCOM) responded once again to a crisis in the Middle East. As forces mobilized, planes flew and ships sailed to the Persian Gulf in preparation for Operation DESERT THUNDER - one element within USCENTCOM was already at war conducting DIO against asymmetrical computer network attacks from global foes with worldwide access to the Internet.

The USCENTCOM Command and Control, Communications and Computer (C4) Systems Directorate (CCJ6), with support from components and national agencies, operated a complex intrusion detection system that identified and blocked numerous attempts to penetrate or disrupt the USCENTCOM Command and Control (C2) structure. These attempted intrusions threatened a significant USCENTCOM advantage: the network-centric computing and communications infrastructure that processes, transports, stores and protects the information that our warriors need to maintain the speed of command.

In real time, sensors identify and rapidly report enemy activity to command centers, via our communications architecture, for fusion and plan development. The speed of this process leads to timely decisions that enable dominant maneuver, precision engagement and focused logistics that overwhelm our adversaries. In order to act decisively, we rely on the speed of communications as an information transfer system. Thus, any corruption of our C4 architecture can seriously degrade our ability to achieve information superiority and full spectrum dominance.

USCENTCOM operates within the Defense Information Infrastructure (DII) that is inextricably interlaced with the National Information Infrastructure (NII) and Global Information Infrastructure (GII). Information technology and supporting communications infrastructures have become prime components of our competitiveness as a nation and a center of gravity for our National power. In addition, DoD has become increasingly dependent on networked information and communication systems to conduct global military operations.

As such, Information Operations (IO) are playing a rapidly emerging, evolving and vital role in planning and executing the full range of national security flexible deterrent options. The desired end state of IO, regardless of the range of military operations, is "information superiority," defined as "the capability to collect, process and disseminate an uninterrupted flow of information while exploiting or denying an adversary's ability to do the same." (Joint Staff, Joint Staff Publication (JP) 3-13, Joint Doctrine for Information Operations, Second Draft, 2 July 1997.)

Unfortunately, our ability to network and communicate has far outpaced our ability to protect networks and communication infrastructures. The increased efficiency of our C4 systems and data transfer has come at the price of increased vulnerability to attack. As stated in Joint Vision 2010, "There should be no misunderstanding that our effort to achieve and maintain information superiority will also invite resourceful enemy attacks on our information systems." Consequently, minimizing risk to communication and information systems is critical to USCENTCOM's ability to conduct military operations unimpeded by an adversary's efforts to exploit friendly communication and information systems for their own purposes.

During future conflicts, the U.S. will be faced with potential threats requiring development of new weapons, tactics and planning methodologies. The future operational environment will likely include both nation-states and international/multinational groups with limited but strategically lethal weapons of mass destruction, access to air and missile defense systems, low-observable aircraft, cruise missiles, directed-energy weapons and IO capabilities. Additionally, potential adversaries will have access to extensive commercial capabilities with application to military operations (e.g., global positioning, communications, imagery and information networks). Because of U.S. military dominance, adversaries will also likely seek to avoid U.S. strengths and exploit vulnerabilities and centers of gravity through affordable and commercially available technologies to counter our advanced technologies.

Future strategic force application systems must be supported by a command, control, communications, computers, intelligence, surveillance and reconnaissance (C4ISR) architecture. It should rapidly manage information, provide simultaneous versus sequential processing and ultimately achieve boundary-free warfare by fully integrating C4ISR systems with space operations. As a result, target reconnaissance and weapons delivery timelines will overlap and approach near-real-time. Human decision making will become the primary delay point between processes. As a consequence, communications, data transfer and information systems will become the most critical operational node allowing tremendous improvements in the speed of decision making and command. Critical future USCENTCOM wartime operational, intelligence, communications and data transfer architectures must become survivable and enduring through all phases of conflict.

The impact of the speed and persuasiveness of information has revolutionized modern military operations. At the same time, the U.S. and other nations' national security postures are becoming more dependent on their NII and the larger GII. These infrastructures, while sophisticated, also possess their own unique vulnerabilities. Not surprisingly, potential U.S. adversaries and allies are also looking at these and other information infrastructures and technologies as critical targets. We must deduce, with the proliferation of advanced information technologies, that any adversary could attain some level of information parity with the U.S. and its military forces. The use of, and struggle over, information management, superiority, and systems as a primary military objective will increasingly characterize advanced conflict. Rogue nations of the information age could encounter information embargoes and the possibility of losing contact with the world community in the areas of commerce, travel, power, telecommunications, Internet access, news, weather, airspace control, shipping and navigational data.

Since information management is critical to our success, a mind-set change must take place. Infantrymen, tankers and front-end loader operators have to qualify with or obtain a license for their weapon systems prior to use. Additionally, these systems require mandatory re-qualification for continued use. However, computer system administrators and operators do not qualify on their systems. System administrators are appointed and computer users are issued a computer without having to qualify in the proper use of a computer weapon system. Misuse or abuse of these systems could seriously degrade or disrupt national assets yet access to these systems is granted to individuals who have not met any published DoD- or service- wide standards or certification.

Classifying computers and networks as weapon systems emphasizes their importance to successful operations. Computers store volumes of critical information, and networks transfer that information to decision makers as required. System administrators control networks, and computer users develop, store and access information. Therefore, a logical next step is to require user qualification prior to network access. Individual qualifications, combined with ongoing education and appropriate intrusion detection equipment, is the critical first step in establishing an information network defense-in-depth.

At USCENTCOM, DIO is a CCJ6 responsibility that integrates and coordinates all elements in providing Information Assurance (IA). It encompasses operations security, counter psychological operations, physical security and information protection of our C2 architecture and C4 systems. Since professional communicators within the CCJ6 and component communications units design, install, operate and maintain the C2 architecture, they are best able to develop the tactics, techniques and procedures and mechanisms necessary to protect it.

Today, USCENTCOM is faced with a rapidly evolving information technology based on open systems and robust connectivity. With this capability comes the risk of intrusion, disruption and compromise. Protecting USCENTCOM's networks revolves around continuously predicting, detecting and deterring information attacks prior to their occurrence and then isolating and recovering from any successful penetrations. As a member of USCENTCOM's Joint Targeting Coordination Board, the CCJ6 is the advocate for DIO. In this capacity, he advises the commander in chief, component commanders and senior staff on the impact of information attacks.

Cyber attackers have the same intent as any other foe: disruption or destruction of our operational abilities. In response to these threats, the CCJ6 may employ firewalls, encryption, alternate C2 paths, intrusion detection systems and recommended and approved offensive deterrence methods. In some instances, employing a kinetic weapon or conducting an electronic attack against a specific successful cyber attacker may be appropriate.

Recent operations within USCENTCOM show that IA and C2 protection provide definite advantages and have far reaching consequences. In preparation for USCENTCOM's major Command Post Exercise, INTERNAL LOOK (IL) 98, CCJ6 established DIO as a major focus area. We wanted to test our C4 systems and develop proper procedures as major exercise objectives. When DESERT THUNDER began, CCJ6 established our IL 98 DIO plan for immediate real-world use throughout USCENTCOM. Establishing the DIO architecture allowed USCENTCOM to quickly achieve information superiority but also identified a potential weakness in our DIO organizational structure.

Currently, information protection within USCENTCOM is conducted by specialized organizations in much the same manner as chemical and biological response teams provide support in response to a unique occurrence. Threats to and attacks on information systems and C2 architectures occurred without regard for day or time during DESERT THUNDER and impacted all levels of command. Every unit participating in DESERT THUNDER had to react to these threats, but only the 609th Information Warfare Squadron (IWS) had the resources to provide an active network security capability. The 609th IWS is a prototype unit built to provide the Air Force with an information warfare capability. The 609th effectively identified and blocked numerous attempts to penetrate or disrupt information systems. This service was transparently provided across the entire C2 architecture.

The threat posed by today's cyber intruders, however, is too serious to wait for organizations with a specific mission of protecting networks to activate. As units deploy, C2 protection and IA must already be an essential and integrated part of the communications element included in the force package. Just as perimeter security is an essential mission of all units, IA should be an organizational responsibility. Standard DIO procedures, systems and tools are required to ensure that internal organizational network security measures are seamlessly integrated into the overarching network security posture. In today's reduced manpower environment, we cannot afford numerous specialized defensive information units.

Since a network attack anywhere can potentially impact the entire Defense Information Systems Network, an effective network security program requires the concentrated effort of the entire DoD community. To ensure a uniform plan for IA and C2 protection, and standardized terminology to facilitate a coordinated response, IO requires Information Condition (INFOCON) levels similar to the threat condition system established by the Joint Chiefs of Staff. Given the relative ease of carrying out malicious attacks on critical information targets and the number of potential threats that could generate numerous incidents, it is crucial to establish methods of reducing the overall number of incidents and discriminate serious directed attacks from low- level pranks. Established INFOCONs would provide the structure to filter serious from non-serious incidents and standardize specific network protection measures throughout DoD.

As in all operations, warnings are crucial to DIO. Standardized reports describing network attacks should be forwarded to the appropriate service Computer Emergency Response Team (CERT), DISA's Global Operations and Security Support Center (GOSC), and unified commands. After national-level analysis, the GOSC or other DoD-level activity should generate Network Security Alerts to all DoD activities specifying the impact and prescribing the response. In this manner, successful network penetrations would be more effectively isolated and prevented across the entire DoD.

Train as you fight is a common rule-of-thumb within USCENTCOM. As our reliance on C2 and information systems increase so must our ability to protect those systems. Exercises that incorporate network attacks provide opportunities to take a command-wide view of our defensive information posture. Numerous organizations within DoD have the ability to act as exercise aggressors and attempt to penetrate our networks. In response, USCENTCOM will marshal the combined resources of Defense Information Systems Agency, Joint Command and Control Warfare Center and component CERTs. Our aim is to develop the best mix of defensive information capabilities to provide optimum network protection.

USCENTCOM emphasizes the use of our secure networks. The Defense Red Switch Network, secure telephone unit-IIIs, and the secure Internet protocol router network are proven methods of providing reliable and secure communications. DoD has invested heavily in these systems yet they continue to be under utilized. During DESERT THUNDER, only seven percent of the telephone calls originating in our area of responsibility were secure. A crucial portion of our DIO strategy is user awareness and education. Without the cooperation and vigilance of all network users, the secure systems that we have put in place will not be as effective as they could be.

CONCLUSION: For the ongoing improvement of its DII posture, USCENTCOM continues to assess its structure and plan its approach using available doctrine and systems provided by the Joint Staff and Services to decisively defeat all attempts to penetrate or disrupt our C2 networks and systems. Professional communicators within the CCJ6 are responsible for developing the plans and strategies required to accomplish this mission. Our plans integrate resources from outside the command into an information defense in depth structure. As we look to the future, DIO at USCENTCOM will continue driving to achieve the Joint Vision 2010 goal of information superiority.

About the Authors:

LT General Harry D. Raduege, Jr., USAF

MAJ Michael C. Gasapo, USMC

LTC Peter Barnes, USA