![]()
1
INTRODUCTION
Christopher Whyte, A. Trevor Thrall, and Brian M. Mazanec
If prompted, technologists, military practitioners and scholars alike might all repeat the oft-cited maxim that cyber conflict is something both old and new. It has been three-and-a-half decades since the United States and other Western countries faced their first crises of national security born of the malicious use of networked computer systems. At the same time, cyber-enabled or -augmented threats to national security continue to manifest in new – often unpredicted – forms to this day. The past several decades have seen an evolving panoply of threats to national and international security that might be said to be of a cyber nature. From the broad-scoped theft of intellectual property to the disruptive targeting of commercial ventures, critical infrastructure and military systems, the era in which the Internet has become globally significant has been defined by a consistent broadening and diversification of vectors by which national security might be assailed. Arguably, there are few areas where this is clearer than with the scope and practice of information warfare (IW).
Cyber warfare and information warfare are different beasts. To be sure, the two are consistently held by experts to be adjacent concepts or approaches to contestation. Both concern information; but where the former does so exclusively in its digitized and operationalized form, the latter does so in a much broader sense. With IW, information itself is the weapon. In cyber conflict, information systems are leveraged as terrain over which diverse effects might be realized. Even given such a distinction, however, the space between cyber and IW has often seemed minimal to the point of negligible. Early Western experiences with cyber conflict through the 1980s and into the 1990s led experts like John Arquilla and David Ronfeldt to describe the threat to the West from cyberspace as one of counter-command/control warfare (C2W), where adversaries would infiltrate military and government networks to interfere with the function of decision-making processes and operational communications. Though not all cyber engagement is information warfare, C2W waged via cyber means certainly is. After all, C2W constitutes a process by which the value and credibility of information is degraded by the interference of digital saboteurs.
Today, the question of how cyber instruments aid and abet – and even constitute – information warfare activities is murkier than it ever has been. In the West, approaches to thinking about and operationalizing cyber-conflict processes have not much focused on or been nested in the context of information warfare beyond C2W. Elsewhere in the world, however, different lessons have been learned and mentalities adopted. Specifically, adversarial, authoritarian governments have consistently linked the potentialities of digital infrastructure to mechanisms of societal manipulation and control – i.e. to the informational substrates of modern society beyond the singular shape of new digital infrastructure. In China, for instance, early encounters with online dissidence through the 1990s inspired the rapid rise of a sophisticated digital censor. Thus, alongside efforts to develop an information economy, Chinese interest in mitigating sources of societal unrest has led to cyber strategy focused on how the information revolution has altered both the technical basis of international interactions and the ideational content of politics. By contrast, recent incidents have demonstrated that IW remains an underexplored strategic concept among scholars in the West, particularly in the United States. Cyber operations employed by the Russian Federation as part of a sophisticated campaign to influence political processes in Ukraine, the United Kingdom, the United States, France and nearly twenty other Western countries since 2013 indicate that national strategies for success in cyber conflict must adapt to focus on defeating a broader IW threat than has previously been imagined.
This book aims to help scholars, analysts and policymakers think smarter about IW – which we define broadly as “the deliberate manipulation or use of information by one party on an adversary to influence the choices and decisions that the adversary makes in order for military or strategic gain” – within the context of cyber conflict.1 Twenty years ago, such a book may have focused exclusively on the informational impact of cyber intrusion on military decision-making and operational process. In the 2020s, such a book faces a different threat landscape that is defined by the blended manipulation of digital systems – i.e. by the use of cyber alongside the exploitation of mechanisms of discourse and communication online – by Western adversaries to achieve large-scale disruptive, psychological impacts.
Editors of this kind of volume typically begin their introductions with an attempt to establish the importance of the topic at hand. In this case, however, that is hardly necessary. Even the most casual observer of the world today recognizes the growing importance of IW, whether they recognize it as trolling, hacking, disinformation, propaganda or any other of a number of popular terms. In the United States, unless one has been living under a rock, it has been impossible to escape the extended outcry, investigations and debate over the aforementioned Russian 2016 election interference that has recently elevated the subject of IW from niche issue to center stage in the national security realm.
If we were going to try to convince readers that this topic is worth investigating – now more than ever – we might make any of three related arguments. First, thanks to the convergence of digital technologies, IW of the style increasingly encountered over the past decade – i.e. the blended use of cyber intrusions alongside multifaceted interferences in the form and function of digital media platforms – is easier to conduct, especially over great distances, than at any previous point in history, and as a result is more popular than ever. Ubiquitous tools of outreach like Twitter, Reddit and Facebook in the West join the ecosystems of Weibo and RenRen and others elsewhere in the world as growing, self-replicating and natural venues for the conduct of IW.
Second, thanks to the migration of much of the world’s population onto the Internet via social media, online news sites, etc., more of the world is targetable with information operations than ever before. The Internet is estimated to be growing at the rate of more than eleven users per second, or 1 million new users each day, with 57% (4.4 billion) of the global population online with a year-over-year growth rate of 9%.2 That translates to about 4.4 billion people, which is a 9% growth from 2018. In reality, of course, the argument about the “onlining” of the world’s population as a reason why IW is more relevant today than it may have been in decades past is conditioned on our first point above. It is not just that so many global citizens are now using the Internet; it is that their digital lives are governed by the systematic algorithmic, commercial and sometimes governmental correlates of new information environments.
Third, there are the subsequent implications of all of the above for impact at scale. Thanks to the rapidly increasing reliance of individuals, businesses and governments on networks and digital tools to do more or less everything, the potential impact of IW is higher than ever. It is also much of the time less direct in its pressure on social and political processes. The attack surface of IW – meaning the sum of vulnerabilities of a system, in this case entire national societies, to exploit – is immense and multilayered. As such, IW effects can manifest extremely broadly and across diverse targets, often without obvious patterns of interconnection. Information warfare is also partly more prospectively impactful and diffuse in its shape due – at least where the two things intersect – to the inherent unpredictability and potential for collateral damage associated with cyber operations. The ever-changing innovations in enterprise architecture and network operations, as well as any IT interdependencies, makes predicting the precise effects of cyber operation – including cyber-enabled IW – very difficult.
While cyber warfare itself is mere decades old, IW is age old. In his Art of War, Sun Tzu famously stated that “all warfare is deception,” a game of information perception and misperception understanding of which determines victors and losers more assuredly than does simple amassment of military resources. In the modern era, world history is replete with instances of famous military campaigns preceded or augmented by IW in the form of C2W, military deception and psychological warfare. George Washington, at the time a General commanding the Continental forces of the American revolution, began his historic Valley Forge attack with an information operation intended to mislead his counterpart, General Howe. Specifically, Washington deftly manipulated circumstances so that Howe rushed the bulk of his forces back to Philadelphia and away from major elements of America’s fledgling military forces.3 Prior to the D-Day landings, Allied forces deceived German intelligence operations by staging blow-up tanks and other fabricated troop emplacements at alternative invasion launch sites away in southern England. And both Louis XIV and Ivan the Terrible conducted widespread propaganda operations against populations in Central and Eastern Europe ahead of military campaigns in order to ease the path to conquest.
In the age of the Internet, the list of notable IW campaigns sponsored by national governments is not only long, but striking insofar as it lines up so neatly with a list of major foreign policy incidents over the course of the 2010s. Such incidents and operations might notably include:
- Russian efforts to influence Western democratic processes across more than twenty countries (Way and Casey 2019) since 2013. In the best-known example of such efforts – against the United States’ presidential election process – it was concluded by the Office of the Director of National Intelligence (ODNI) with high confidence that Russian President Vladimir Putin “ordered an influence campaign in 2016 aimed at the U.S. presidential election” in order to “undermine public faith in the U.S. democratic process, denigrate Clinton, and harm her electability and potential presidency”;4
- China’s use of fake social media accounts to manipulate political discourse in Taiwan through 2018 and the parallel promulgation of disinformation during the protests in Hong Kong in the summer of 2019;
- The efforts of the Islamic Republic of Iran to utilize Twitter, Facebook and other platforms to shape conversation about American foreign policy between 2016 and 2019;
- Russia’s pairing of social media manipulation with other unconventional tactics in its direct prosecution of civil conflict in Ukraine since 2014; and
- The use of social media by the so-called Islamic State of Iraq and Syria (ISIS) to spread information, to recruit and to amplify the effects of terror.
It is these incidents and others in the same vein that we and the authors whose work is represented in this volume seek to explore in greater detail. The 21st century has seen a dramatic increase in incidence of IW, much of the time linked with some use of cyber operations. In many cases, it is that element of the thing – cyber activity – that consumes the focus of pundits and commentators who report on such incidents. We argue that, while understandable, this is a fundamentally misleading and disadvantageous perspective on what is unique about IW in the age of cyber conflict, and so devote the proceeding sections and chapters to rectifying this imbalance.
Defining information warfare in the age of cyber conflict
Even if readers accept the importance of IW, what this introductory chapter yet needs to make clear is exactly what we mean – and don’t mean – when we use the term IW. Our first task in doing so is to define and situate IW with respect to cyber conflict and other things Internet-related. Thanks to the rapid proliferation of new technologies and humanity’s love of catchy new labels, keeping track of what various terms mean and how they relate to one another in the digital world is difficult. With respect to national security alone, the Internet has brought us cyberspace, cyberwar, cyber-attacks, cyber crime, cyber espionage, cyberterrorism – the list goes on and on.
Unfortunately, as with all buzzwords, the word “cyber,” though certainly sexy, quickly lost whatever meaning it may have once had after it got attached to everything. In the 1980s and 1990s, after the word was introduced first into popular culture in the book Neuromancer and then into national security parlance in reports like the Marsh Commission document that followed the Oklahoma City bombings, calling something “cyber” was usually an effort to make something sound both new and more important than it used to be, whether it was or not. In particular, the word “cyber” appealed to anyone trying to promote a threat as new and, because of the implied Internet tie-in, uniquely dynamic. Labelling a problem “cyber” evoked a sense of the vast, the unpredictable, and certainly of negative consequences. What it didn’t do, however, was help people understand what whatever the nature of the problem being described really was.
Cyber’s overuse as a marketing term well into the new century does not, of course, mean that there is nothing new, different or threatening about developments in cyberspace. After all, there is a reason that terms like “cyberwar,” “cyberspace” and “cyber conflict” persist and now define entire fields of study and industry. To a greater extent even than television, the Internet and its associated technologies have disrupted old patterns of behavior in every realm, laying waste to traditional forms of communication, governance and economics while simultaneously creating new forms. Policymakers must clearly respond to associated threats and researchers must attempt to better understand how conflict and security are continuing to evolve in the digital age.
The rise of the cyber age in the latter years of the 20th century, in fact, led many observers to believe that fundamental concepts of strategy and conflict would have to be rethought, in much the same way that the nuclear revolution affected strategic thinking in the 1950s and 1960s. It was in part this sort of thinking that led the United States, alongside other institutional and cultural pressures, to create U.S. Cyber Command. There, the assumption was that cyber was not only generically new and important, but that cyber principles were somehow new enough and cyber effects ubiquitous enough that a single Department of Defense (DoD) component should be put in charge of dealing with it.
In contrast with such perspective, many scholars decided – after the initial excitement over all things cyber wore off – that most cyber issues were in fact mostly old wine in new bottles, and that their digital nature had done little to alter fundamental dynamics of conflict or espionage.5 A second wave of research that followed initial alarmist writings was critical of any broad-brush approach to cyber issues. Some argued that attempting to combine electronic warfare, psychological operations, surveillance, etc. under a single cyber umbrella did more harm than good.
Given all the light and heat surrounding cyber conflict, a good place for us to start here is to contrast what most people mean by “cyber conflict” with what we mean in this volume by “information warfare”. Though there are probably as many published definitions of cyber conflict as there are of terrorism, a useful working definition might simply be that cyber conflict consists of offensive cyber operations (OCO) comprised of computer network attack (CNA) leveraged towards digital disruption, effects beyond cyberspace and espionage. Such a definition leaves out any question of effects and limits the scope of cyber conflict only to instances where offensive digital instruments are employed for malicious purpose. Operations that center on the use of such instruments, OCO, are the employment of cyber capabilities over Internet infrastructure against a network-connected target for some objective. Such objectives might involve disruption, degradation of adversary capabilities, espionage or an attempt to enable one of the preceding objectives via a secondary action. The capabilities themselves are multiform and multipurpose. Cyber actions taken to enable espionage – most often differentiated as computer network exploitations (CNE) – often go hand-in-hand with intrusions aimed at disruption or degradation. After all, CNE is often conducted to collect information and conduct reconnaissance for a future assault. As...
