Defensive Counterinformation

[Skip to Content | Skip to Navigation | Skip to Lesson Index]

Title: Defensive Counterinformation

Action: Begin by showing the graphic from the introduction that depicts the synergistic application of air, space, and information systems. Then transition into a graphic that shows how intelligence has improved from lanterns and signaling mirrors in 1300-1400 to global information structures of today. Also, show the following bullets that link to static html pages:

Computer Network Defense, Counterdeception, Counterintelligence, Counterpropaganda, Electronic Protect, PA Operations, OPSEC, and Information Assurance

Voice: Since information plays such a large part in air and space power, we’ve come to increasingly depend upon it. This dependency breeds a certain vulnerability. Without information dominance, air and space power would be much less effective. To protect the information dominance that we’ve come to rely upon, we must defend our information and information systems. Not surprisingly, defensive counterinformation activities are, for the most part, the defensive reflection of OCI activities but also include the proactive security measures of OPSEC and information assurance. You can learn more about each of these by clicking on the links.

Computer Network Defense (CND):

Computer Network Defense (CND) - is actions taken to plan and direct responses to unauthorized activity in defense of Air Force information systems and computer networks. CND actions include analyzing network activity to determine the appropriate course of action (COA) to defend Air Force networks.

Analysis often requires fusion with information assurance, intelligence information, counterintelligence information, and operational considerations to determine the nature of the threat to friendly systems
Analysis assists in development of one or more defensive COAs
Commanders select most appropriate COA(s)
Post-event analysis leads to protective measures to combat tactics and techniques used by attackers

Counterdeception:

Counterdeception: the effort to gain advantage from, or negate, neutralize, or diminish the effects of, a foreign deception operation.
Counterdeception activities:

Ensure friendly decision makers’ awareness of adversary deception
Enable friendly decision makers to take appropriate action
Are enhanced by intelligence, surveillance and reconnaissance activities

Upon identification of an adversary deception operation, commanders can choose among several courses of action:

Ignore – reaction to adversary deception may compromise the methods used to detect it
Expose – can embarrass the adversary or add to his operational friction
Exploit – “play along” with the deception until an operational culminating point and then react in an unexpected manner
Eliminate – destroy or degrade the adversary deception capabilities and resources

Counterintelligence

“The enemy’s spies who have come to spy on us must be sought out, tempted with bribes, led away and comfortably housed. Thus they will become double agents and available for our service.”
Sun Tzu, The Art of War

Counterintelligence (CI) – protects operations, information systems, technology, facilities, personnel, and other resources from illegal clandestine acts by foreign intelligence services, terrorists groups, and other elements.

Counterintelligence capabilities include:

Identification of threats through investigations and operations
Assessment of threats through reactive and predictive analysis
Notification of the threat through ISR processes and counterintelligence products
Neutralization and exploitation of threats through investigation and operations

The Air Force Office of Special Investigations (AFOSI) initiates and conducts all Air Force counterintelligence investigations, activities, operations, collections, and other related CI activities. AFOSI provides the commander a uniquely flexible ability that can quickly transition from direct counterintelligence support to law enforcement.

Counterpropoganda:

Counterpropoganda - involves those efforts to negate, neutralize, diminish the effects of, or gain advantage from foreign psychological operations or propaganda efforts. Counterpropaganda efforts can range from public affairs (PA) operations to physical destruction of adversary psychological operations resources and capabilities. PA operations can use truthful, accurate information to counter adversary propaganda

Gain and maintain the information initiative
Organization that is first out with information can control its context and frame the public debate

Especially important in case of friendly force mistakes and blunders

Accurate, timely information from PA operations can make PA the preferred source of information by domestic and international media
Combat Camera is an on-demand source for imagery and multimedia materials
PA operations are prohibited, by law, from intentionally misinforming the US public, Congress, or US media about military capabilities and intentions in ways that influence US decision makers and public opinion

Electronic Protection:

Electronic Protection - is primarily the defensive aspect of electronic warfare. It is focused on protecting personnel, facilities, and equipment from any effects of friendly or enemy employment of electronic warfare that degrade, neutralize, or destroy friendly combat capability.

EP methods include:

Emission control — The selective and controlled use of electromagnetic, acoustic, or other emitters to optimize command and control capabilities while minimizingenemy detection.
Electromagnetic hardening — Action taken to protect personnel, facilities, and/or equipment by filtering, attenuating, grounding, bonding, and/or shielding against undesirable effects of electromagnetic energy.
Frequency deconfliction — A systems management procedure to coordinate the use of the electromagnetic spectrum for operations, communications, and intelligence functions.

Public Affairs Operations:

Commanders should make public affairs (PA) operations part of their defensive counterinformation planning. PA operations should be coordinated closely with, and can also directly support other defensive IW activities such as OPSEC and counterpropaganda efforts

Public affairs plays a key role in OPSEC
Only PA is authorized to release information
Balance security with use of information for promoting national will or influencing enemy
Critical Information List - info prohibited for release
Security and policy review – review for items on critical information list
Practice security at the source – control release of information to media rather than censorship of what media prints
PA operations is the first line of defense against adversary propaganda and disinformation in the news media (see counterpropaganda page)

Operations Security (OPSEC):

Operations Security (OPSEC)

“Little minds try to defend everything at once, but sensible people look at the main point only; they parry the worst blows and stand a little hurt if thereby they avoid a greater one. If you try to hold everything, you hold nothing.”
Frederick the Great, The Art of Modern War, 1940

“OPSEC is a process of identifying critical information and subsequently analyzing the friendly actions that accompany military operations and other activities to:
a. Identify those actions that can be observed by adversary intelligence systems;
b. Determine what indicators hostile intelligence systems might obtain that could be interpreted or pieced together to derive critical information in time to be useful to adversaries; and
c. Select and execute measures that eliminate or reduce to an acceptable level the vulnerabilities of friendly actions to adversary exploitation.”

OPSEC is a process that can be applied to any military operation, whether offensive or defensive. To comprehend the definition above you must know:
Critical information – Specific facts about friendly intentions, capabilities, and activities vitally needed by adversaries for them to plan and act effectively so as to guarantee failure or unacceptable consequences for friendly mission accomplishment
Indicators - Friendly detectable actions and open-source information that can be interpreted or pieced together by an adversary to derive critical information
Vulnerability - A condition in which friendly actions provide OPSEC indicators that may be obtained and accurately evaluated by an adversary in time to provide a basis for effective adversary decision making

Information Assurance (IA):

Information Assurance (IA) - those measures to protect and defend information and information systems by ensuring their:

Availability - access when needed
Integrity – free of unauthorized or accidental changes
Authenticity – validation of originator
Confidentiality – no unauthorized disclosure
Non-repudiation – undeniable proof of participation of sender and receiver

IA is implemented as a defense-in-depth. IA activities are often closely integrated with computer network defense and and electronic protection activities and may appear to overlap with them. IA includes measures to detect, document, and counter threats to our information and information systems and encompass:

Communications Security (COMSEC) – includes measures and controls taken to deny unauthorized persons information derived from telecommunications while also ensuring telecommunications authenticity. Communications security includes cryptosecurity, transmission security, emission security (EMSEC), and physical security of communications security materials and information.
Computer Security (COMPUSEC) – involves the measures and controls taken to ensure confidentiality, integrity, and availability of information processed and stored by a computer. These include policies, procedures, and the hardware and software tools necessary to protect computer systems and information.

[Back: Offensive Counterinformation | Next: Information Services]