CYBER INFLUENCE OPERATIONS: A BATTLE OF WITS AND BITS

The Cauldron of Concepts and Terminologies
Sections
Introduction
Cognitive Domain Operations: An Interplay of Nebulous Concepts
Information Operations
Two Facets of IO: Technical vis-a-vis Cognitive Operations
Cyber Influence Operations
References

Introduction

The notion of Cyber Influence Operations (CIO) has invited huge attention over the last decade or so. The most significant trigger for this focus has arguably been the alleged interference by Russia in the US presidential elections of 2016 [1]. Other notable examples of power projection in cyberspace, in particular in the cognitive domain, include the cyber operations conducted against Estonia (2007), Georgia (2008) and Ukraine (2015 onwards) to achieve strategic effects, all of these purportedly at the behest of Russia [2, 3].

A literal understanding of the term CIO would suggest any activity undertaken to influence a target audience through the medium of cyberspace. However, a formal conceptualisation of CIO, together with associated terminology, is still a work in progress, and is closely intertwined with the relatively more mature concepts of Information Operations (IO), Cyberspace Operations (CO) and Influence Operations. This series is an attempt to study the inter se relationships of these information era paradigms, bring clarity to the concept and operational aspects of CIO, and emphasize its emerging importance in 21st Century conflicts, with special reference to the Indian security scenario.

This first article in the series attempts to disambiguate and achieve a degree of coherence in the cauldron of concepts and terminologies which surround the notion of CIO. An earlier work has dealt with the concept of IO in some detail. This piece, to begin with, highlights specific facets of IO which are relevant to arriving at a rigorous understanding of CIO. It then presents a notional model of CIO as a derivative of IO, and contends that there are distinctly different ‘technical’ and ‘cognitive’ facets associated with these operations. Follow-up articles will discuss how CIO may be operationalised for projecting soft power through cyberspace, the strategic impact of CIO in 21st Century conflicts, independently and as an important element of hybrid warfare, and what India needs to do to hone its capabilities for conducting CIO.

Cognitive Domain Operations: An Interplay of Nebulous Concepts

Influence Operations is an umbrella term which is theorised in many different ways in the literature. Having stated that, one popular understanding of the term finds its roots in Robert Dahl’s The Concept of Power, where he puts down his intuitive idea of power (influence) thus: A has power over B to the extent that he can get B to do something that B would not otherwise do. In a similar vein, the objective of influence operations is often stated to be the following: shaping the behaviour and opinions of a target audience through the dissemination of information and conveying of messages. However, neither these nor any other definition of the term has universal acceptance. Naturally then, the concept of influence operations is also characterized by diverse understandings.

The doctrinal formulations of Cyberspace and Cyberspace Operations (CO) are equally nebulous, and are dealt with at some length in earlier posts. In the context of military operations, Cyberspace is widely accepted as being the fifth domain/ dimension of warfare, the other four warfighting domains being land, sea, air and space. In this conception, the meaning of Cyber is taken to be synonymous with Information. Indeed, it has been argued by the author elsewhere [4] that, in order to avoid ambiguity, the fifth dimension should be designated as Infospace instead of Cyberspace. Notwithstanding this anomaly in terminologies, most military doctrinal literature considers CO to be a sub-set of IO, with Electronic Warfare (EW) and Psychological Warfare (Psy W) being the other two main components of IO.

As the term suggests, the paradigm of CIO lies at the confluence of influence operations and cyber operations. It follows therefrom that, with its two underlying concepts being ill-defined, the understanding of CIO would be equally vague. This conceptual conundrum is further accentuated by the fact that CIO are closely related to Psy W, another primary component of IO. In order to adequately address this issue, the fairly intricate inter-relationship amongst the notions of IO, CO and influence operations needs to be incisively analysed. Indeed, as this work will show, CIO is essentially a derivative of IO, though clearly not synonymous with it.

Another noteworthy aspect which merits mention at the outset is the changing nature of warfare in the 21st Century, in particular, the blurring of lines between peace and war, and the consequent obscuring of distinctions between military and non-military conflicts. Thus, while the use of the term ‘operations’ has a decidedly military flavour to it, and IO and CO have been mostly conceptualised as military doctrine, CIO as we know them are being conducted with equal vigour across the entire spectrum of conflict, using military as well as non-military capabilities. Finally, the arena for the manifestation of CIO is primarily the Internet, in particular the social networks thriving on this all-powerful global information infrastructure.

At this point it is worth flagging an observation that, in this work, the letter ‘I’ in various acronyms stands sometimes for ‘Information’ and at other times for ‘Influence’, and since both terms are central to this discussion, due care needs is to be taken while interpreting the acronyms.

Information Operations

A detailed treatment of IO has been given out in an earlier four-part series on IW Structures for the Indian Armed Forces [5]. The analysis given there discusses IO concepts and terminologies in use by major world militaries at some length. However, for the purpose of the current discussion, a brief overview is reproduced here. Fundamentally IO, in most conceptualisations, comprises of a set of three distinct types of operations, as depicted below:-

The term Psychological Warfare (Psy W) is used here in a generic sense, keeping in view existing usage over the years in the literature and military doctrine, although perhaps the term Cognitive Operations is a better fit here (please see the next section). Cognitive Operations, in turn, encompass a group of several distinctly different sub-disciplines, as depicted below:-

For a deeper understanding of the above concepts and terminology, the reader is referred to the series cited above. Aspects most relevant to the current work are highlighted in context in the discussion which follows.

Two Facets of IO: Technical vis-à-vis Cognitive Operations

Differentiation between ‘Technical’ and ‘Cognitive’ IO

At the conceptual level, it may be stated that the weapons used and/ or immediate targets in the conduct of EW, CO and Psy W respectively lie in the physical (ie, electromagnetic (EM)), information and perceptual/ cognitive domains. Within these realms, EW targets machines, the target of CO is information, while Psy W targets minds. The “weapon” used by EW is EM energy, CO uses computer code as an attack vector while in Psy W messages are weaponized [6].

As brought out in the previous section, a number of distinct IO capabilities are collectively termed as Psy W. Based on the above characteristics, there is merit in grouping various IO capabilities into two sub-classes, as under:-

  • Technical IO. Out of the three primary components of IO, CO and EW may be grouped together as Technical IO, since they target machines and information (at rest and in motion). Also, their successful execution requires technical proficiency in ICT disciplines, as the targets and weapons used for these operations clearly indicate.
  • Cognitive IO. On the other hand, Psy W comprises of a number of different strains of IO (in terms of US IO doctrine: MISO, MILDEC, PA and SC; in Chinese IO theory, the Three Warfares [7]). It may be more appropriate to term this class of operations as Cognitive IO instead of Psy W, for the following reasons: these are all designed to target cognitive processes in minds. Moreover, the term Psy W/ PSYOP is often used in a narrower sense [8]. Successful execution of Cognitive IO requires proficiency in the social sciences (psychology, sociology, political science, history, etc [9]).

The above differentiation between Technical IO and Cognitive IO finds resonance in the military doctrines adopted by the US, Russia and China, as explained in succeeding paragraphs.

United States

The US DOD IO Doctrine of 2006 designated EW, Psychological Operations (PSYOP), Computer Network Operations (CNO), Military Deception (MILDEC) and Operational Security (OPSEC) as Core Capabilities, in addition to several others as Supporting and Related Capabilities [10], while its current IO Doctrine of 2012/14 enunciates the concept of Information Related Capabilities (IRCs), encompassing all IO capabilities under this single category [11].

A fairly recent CRS Defence Primer on IO, in its elaboration on cyber-enabled IO, states that since much of present day IO is conducted in cyberspace, many consider IO as being synonymous with CO. However, it clarifies that within DOD, IO and CO are distinct doctrinal activities. Indeed, in the current DOD IO doctrine JP 3-13, CO is listed as one of the 14 IRCs which are used to conduct IO.

Furthermore, IO is not just about influence operations. For instance, in a military operation EW may be used to disable radars, CO to disrupt communications, etc. Such activities cannot be classified as influence operations, even though EW and CO fall under the ambit of IO [12].

Most notably, there is a RAND study which recommends that better conceptual clarity and functional effectiveness may be achieved if IO is split into two functional areas, namely, Information Technical Operations (ITO) and Inform and Influence Operations (IIO), with the former focussing on the information domain with machines as targets (CO and EW), and the latter on the psychological/ cognitive domain with people as targets [13].

Russia

Russian IW doctrine focusses on Information as the central theme, and does not have Cyberspace in its IO lexicon. Russian doctrine too shows a preference for classifying IW disciplines under the two major subdivisions of Information-Technology Warfare and Information-Psychological Warfare, concepts which are similar to the US ITO and IIO referred to above and which are defined as under [14]:-

  • Information-Technology Warfare. These target technical systems which receive, collect, process and transmit information, and are conducted during wars and armed conflicts.
  • Information-Psychological Warfare. These target personnel of the armed forces and the civilian population, and are conducted under conditions of natural competition, ie, permanently.

China

In the case of China too, there is a doctrinal delineation between CO and EW on the one hand and cognitive operations on the other. While CO and EW are captured under their doctrine of Integrated Network Electronic Warfare (INEW), cognitive operations find their conceptual roots in their Three Warfares doctrine, comprising of Psychological Warfare, Media Warfare and Legal Warfare components.

The above separation in technical and cognitive aspects of IO is reflected in PLA organisational structures as well. Prior to the raising of the Strategic Support Force (SSF), CO and EW were the charter of the General Staff Department’s (GSD’s) Third and Fourth Departments. On the other hand, the responsibility for the conduct of Three Warfares, also termed broadly as political warfare, was entrusted to the General Political Department (GPD). Within the GPD, political warfare at the strategic level was handled by the GPD’s Liaison Department, while at the operational level the execution of this concept was carried out by the 311 Base along with its six subordinate regiments, all of which were placed under the command of the GPD [15].

On creation of the SSF, responsibility for conduct of CO and EW has been moved to the Network Systems Department under the SSF. As regards cognitive operations (primarily flowing from the Three Warfares doctrine), it is believed that intra-party ideology related activities will now fall within the purview of the new CMC Political Works Department (CMC-PWD), while the operational effects of Three Warfares across the entire spectrum of conflict would be the responsibility of the SSF, thus achieving a decoupling between party and military requirements related to psychological/ cognitive operations.

India

In contrast to the doctrinal thinking in the US, Russia and China, the Indian Armed Forces have so far not made any distinction between the technical and cognitive aspects of IO.

Interestingly, India’s Joint Doctrine for Perception Management (PM) and Psychological Operations (Psy Ops) considers IO and Psy Ops as sub-disciplines of PM, which is conceptualized as encompassing all information and cognitive operations [16].

The Indian Army IW doctrine, which considers CO, EW and Psy W as the three primary components of IW, also does not treat technical and cognitive facets of IO differently.

The author, in a series on IW Structures for the Indian Armed Forces, argues that Indian doctrines should classify various functions of IO into the following two streams: Information-Technical Operations (ITO) and Information-Psychological Operations (IPO), with various IO functions clubbed under each as depicted below [17]:-

Cognitive Effects of Technical IO

Cognitive IO, as conceptualised above, directly target the minds of adversary/ friendly/ neutral audiences (here, ‘friendly’ does not imply ‘domestic’!). However, CO and EW too can be used as means to create cognitive effects. For instance, the 2015 cyberattacks against the Ukrainian electrical grid, which disrupted power for several hours for a large segment of the population, and the 2007 cyberattacks against Estonian e-governance networks, are two examples which entailed major cognitive repercussions. Indeed, both attacks had significant psychological effects on decision-makers as well as citizens.

It would, however, be incorrect to conclude from the above that the full spectrum of IO is covered under the paradigm of cognitive operations. Actually, all attacks have cognitive effects. For instance, an artillery barrage executed just before an Infantry attack would have a tremendous psychological impact on the defending troops, but that does not classify it as a cognitive operation. Moreover, arguably the majority of CO and EW attacks may not have any cognitive effects at all, indeed may not even be meant to have such an effect. For instance, the Stuxnet worm attack which destroyed Iran’s centrifuges was intended to be carried out silently, and thus was designed to have only a cyber-physical, not cognitive, effect. Similarly, an EW attack to jam military satellite communications during war would not classify as an attack in the cognitive realm.

The correct perspective here would be that while some CO and EW attacks may certainly be carried out with the sole intention of achieving cognitive effects, these IO capabilities operate in the information and physical realms respectively, and would not fall into the category of Cognitive IO.

Cyber Influence Operations (CIO)

Defining CIO

Cyber Influence Operations (CIO) as a concept is very new and still evolving. As such, there is no universally accepted definition of this term, nor does a formal definition of this term appear in any military doctrine as yet. However, a semantic understanding of the term would suggest that CIO refers to operations which lie at the confluence of Cyberspace Operations and Influence Operations. As we shall see, this understanding is not entirely correct.

The term Cyberspace Operations (CO) also does not have a universally accepted definition. In this case, however, a treatment of this term does exist in the US DOD doctrine on Cyberspace Operations. Here, broadly, CO are described as the employment of cyberspace capabilities where the primary purpose is to achieve objectives in or through cyberspace; specifically, CO imply the successful execution of offensive and defensive cyber operations, but also includes operation and maintenance of military networks [18, 19].

In the context of CIO, the question which needs to be addressed is whether simply passing messages over networks without the employment of intrusive and illegal/ illegitimate cyber activities, ie, any type of cyber-attack/ exploit, falls under the ambit of CO. The answer would be in the negative, as normal cyberspace messaging/ transactions would not classify as CO, which essentially refer to illegitimate/ illegal (except during war) activities comprising of a wide spectrum of cyber-attacks/ exploits. Thus, disseminating carefully crafted “cognitive effect” messages through the medium of social networking platforms would not classify as CO (Technical IO), but would clearly be categorised as Cognitive IO.

Based on the above considerations, and shying away from attempting a rigorous definition, a simple interpretation of the term Cyber Influence Operations (CIO) may be understood as “any influence operations carried out in and through cyberspace”.

Technical CIO vis-à-vis Social CIO

Against the backdrop of the foregoing discussion, there is merit in further classifying CIO into two sub-classes, as under [20]:-

  • Cyber-Enabled Technical Influence Operations (CeTIOs). Those CIOs which gain unauthorized access to networks and systems in order to destroy, alter, extract or inject information with the intention of influencing the attitudes, behaviors, or decisions of target audiences may be termed as CeTIOs. An attack on e-governance infrastructure of an adversary nation for psychological impact during a conflict would classify as a CeTIO. In the context of IO, CeTIOs are Technical IO (specifically, CO) carried out with the primary intention of achieving cognitive effects.
  • Cyber-Enabled Social Influence Operations (CeSIOs). In contrast to CeTIOs, this category of influence operations do not employ intrusive cyber capabilities (and thus do not fall under the ambit of CO), but function at the semantic layer of cyberspace (information content). Messaging over social networks for spreading a narrative amongst the target audience which aids the attacker in his mission would be an example of a CeSIO. Stated in IO parlance, CeSIO are Cognitive IO conducted in and through cyberspace.

The figure below depicts CIO and its two sub-streams emerging as the result of an inter-play between Influence Operations and CO within cyberspace:-

It is important to make a distinction between the Technical and Cognitive/ Social sub-classes within IO/ CIO, since this has significant implications on organisation and training aspects. This issue will be elaborated upon in follow-up posts, which will deal with operationalisation of CIO capabilities.

Integrated Employment of Technical and Social CIO Capabilities

In certain types of CIO, a combination of CeTIO and CeSIO may be resorted to for achieving the desired effects. For instance, a particular set of individuals may be targeted with suitably crafted messages on social platforms based on their psychographic profiles. In order to do this, CeTIO may be employed to first obtain their profiles using intrusive CO (eg, by hacking the database of social networking websites), followed by targeted messaging using CeSIO expertise. The Cambridge Analytica data breach and the follow-up tailored advertisements in the Ted Cruz campaign is an example of an integrated employment of CeTIO and CeSIO [21].

Conclusion

This article has analysed the evolving notion of CIO against the backdrop of the relatively mature concepts of Information Operations, Cyberspace Operations and Influence Operations, and presented a model which depicts how these overlapping, but significantly different, concepts relate with each other in cyberspace. It has highlighted the importance of making a distinction between two fundamentally different sub-classes within IO, namely Technical IO and Cognitive IO; and similarly, two sub-classes within CIO, namely CeTIO and CeSIO. A careful reading of the line of thinking presented here shows that the conceptual formulation of CIO is fully within the ambit of IO, albeit one which spans several sub-disciplines of IO (CO, PSYOP, PA, and SC), with their manifestation restricted to cyberspace.

Having thus presented a conceptualisation of CIO, the next article in this series will dwell on aspects related to operationalisation of the CIO concept, and the strategic effects that this emerging new form of warfare will continue to unleash with increasing intensity in 21st Century conflicts.

References

(1)     Sean Cordey, Cyber Influence Operations: An Overview and Comparative Analysis, Centre for Security Studies, ETH Zurich, 2019, pp. 5, Accessed 15 Oct 2020.

(2)     Michael Connell and Sarah Vogel, Russia’s Approach to Cyber Warfare, CNA Occasional Paper, Mar 2017, pp. 13, 17, 19, Accessed 15 Oct 2020.

(3)     Lt Gen (Dr) R S Panwar, Cyberspace: The Fifth Dimension of Warfare – Part II (Section: Cyberspace – No Longer Hype), Future Wars, 08 Jan 2018, Accessed 15 Oct 2020.

(4)     Lt Gen (Dr) R S Panwar, IW Structures for the Indian Armed Forces – Part I (Section: IW in 21st Century Battlespace), Future Wars, 31 Mar 2020, Accessed 15 Oct 2020.

(5)     Ibid.

(6)     Lt Gen (Dr) R S Panwar, IW Structures for the Indian Armed Forces – Part II (Section: Differences amongst IO Components), Future Wars, 31 Mar 2020, Accessed 15 Oct 2020

(7)     Lt Gen (Dr) R S Panwar, China’s Strategic Support Force and its Implications for India – Part II: Organisational Structures for Information Operations (Section: Three Warfares and Psychological Operations), Future Wars, 16 Jun 2020, Accessed 15 Oct 2020.

(8)     Lt Gen (Dr) R S Panwar, IW Structures for the Indian Armed Forces – Part I (Section: Operations in the Cognitive Realm), Future Wars, 31 Mar 2020, Accessed 15 Oct 2020.

(9)     Lt Gen (Dr) R S Panwar, IW Structures for the Indian Armed Forces – Part II (Section: Academic Nature and Complexity of IO Disciplines), ……

(10)   US DOD Joint Publication 3-13, Information Operations, Feb 2006, pp. II-1, Accessed 15 Oct 2020.

(11)   US DOD Joint Publication 3-13, Information Operations, Nov 2014, Accessed 15 Oct 2020.

(12)   Catherine A. Theohary, Defense Primer: Information Operations, US Congressional Research Service, 18 Dec 2018, Accessed 15 Oct 2020.

(13)   Isaac R. Porche III et al, Redefining Information Warfare Boundaries for an Army in a Wireless World, Pub. RAND Corporation, Santa Monica, CA, pp. 42, 59, Accessed 15 Oct 2020.

(14)   Keir Giles, Handbook of Russian IW, Fellowship Monograph No 9, NATO Defence College, Nov 2016, pp. 9, 36, Accessed 15 Oct 2020.

(15)   Lt Gen (Dr) R S Panwar, China’s Strategic Support Force and its Implications for India – Part II: Organisational Structures for Information Operations (Sections: Integrated Network Electronic Warfare; Three Warfares and Psychological Operations), Future Wars, 16 Jun 2020, Accessed 15 Oct 2020

(16)   Joint Doctrine for Perception Management (PM) and Psychological Operations (Psy Ops), HQ IDS, 25 Mar 2010, pp. 2-3, Accessed 15 Oct 2020.

(17)   Lt Gen (Dr) R S Panwar, IW Structures for the Indian Armed Forces – Part IV (Section: Proposed IW Structures), Future Wars, 31 Mar 2020, Accessed 15 Oct 2020

(18)   Cyberspace Operations, US DOD Joint Publication 3-12, Feb 2013, pp. I-2, Accessed 15 Oct 2020.

(19)   In the US DOD on IO, CO are referred to as Computer Network Operations (CNO), although the scope of the two terms is not identical.

(20)   Sean Cordey, Cyber Influence Operations: An Overview and Comparative Analysis, Centre for Security Studies, ETH Zurich, 2019, pp. 15-16, Accessed 15 Oct 2020

(21)   Facebook–Cambridge Analytica Data Scandal, Wikipedia, Accessed 15 Oct 2020.

1 Comment

  1. Maj Gen Harvijay Singh, SM (Retd)

    An interesting article. Integrated employement of Technical and Social CIO Capabilities as stated, will perhaps carry more impact and cause more damage in the Cognitive domain.

    Reply

Your Views

Recent Posts

Subscribe To The Future Wars Newsletter

Join this mailing list to receive a weekly newsletter about the latest posts from R S Panwar's Future Wars Blogsite.

Almost finished....To complete the subscription process, please click the link on the email we just sent you.

Share This