Chris Fogarty
It is often said that we’re living in the information age. Yet quite what the implications of modern communications technology will be for armed forces in the 21stcentury remains far from clear. Many militaries are focussing their efforts on the acquisition of cutting-edge technology and the development of new concepts structures suitable for various interpretations of the future operating environment. However, these developments often come at the expense of being able to ‘fight tonight’ and are lacking in focus when it comes to policies, permissions and process. More concerningly, the people required to conduct operations in the information age often appear only as a mere afterthought. If we want to have a force capable of fighting in the information age, we need to think about technology, process andpeople, including the potential benefits of new and innovative employment models – which will be the focus of this article.
Britain has always been an outward looking nation. And against adversaries upping their spending… investing in new technologies… we have to respond. If we do not, we will find ourselves with fewer options when we face the challenges and the threats in the future.
In his RUSI speech in February of this year, the UK Secretary for Defence acknowledged the importance of investing in technology during the information age. This follows on from the release of the UK’s Joint Concept Note 2/18 on Information Advantage, which provides a broad conceptual framework. This is not exclusively a UK issue, there are a number of new US publications which are being introduced which include the Joint Concept for Operating in the Information Environment (JCOIE) paper. Every week new articles are being published, however new technologies and concepts will only get you so far.
Chris Inglis, the former Deputy Director of the NSA spoke at an Oracle event in 2016 about the three aspects of Cyberspace – technology, process and people. These aspects are equally applicable to the information environment and need to be focussed on in equal measure. The real concern is that militaries around the world, specifically the UK and US are seduced by exquisite technology, new concepts and restructuring of organisations (yet again), but forget about the process and more importantly the people. This is particularly prevalent in the information age, when new technologies are being developed and adopted readily in the commercial sector. The military often plays ‘catch-up’ but lacks a thorough understanding of how to exploit the technology. This is due in part to a lack of suitably qualified and experienced personnel, but also to the lack of understanding about information warfare, which until recently was been the preserve of specialists, not generalists. On 7 Mar 2019 the UK Chief of the General Staff (CGS), Mark Carleton-Smith addressed the US Army staff college in Fort Leavenworth, stating that “People are not just in the Army, people are the Army”, which is a rather timely reminder that we must bring our people with us on this journey.
Technology does not provide information advantage by itself, it also requires process and the correctly trained people. It can be argued that the adoption of AI will remove the human in the loop. The is true, to a degree and with the exploitation of AI and autonomous networks, more decisions could actually be devolved. The recent Joint Concept Note 1/18 on Human-Machine teamingstates “AI enabled command and control systems could also be proactive in prompting decision-makers to examine emerging issues and anticipate demands.” This will provide the ability for information to pass from sensor to decision maker faster than an adversary, which is essential for decision advantage, however this is different from information advantage, which is about using information as an enabler, an effector, to provide resilience and to deny it from an enemy/adversary.
It is therefore evident that technology will feature heavily within any future force, however this has arguably always been the case, in old parlance these are simply ‘revolutions in military affairs’ such as network-centric warfare. The real difference in the 21stCentury is the pervasive nature of information and that ‘war is now amongst the digital people’, therefore we need a comprehensive contemporary solution blending technology, process and people. As recent example of this was the International Security Assistance Force (ISAF) Joint Command centre in Afghanistan, who created an assessment cell. Their role was to conduct a wide range of analysis through the exploitation of big data; including the review of IED attack patterns, analysis of rural market places and also blue force tracking data. This permitted a correlation of data, which measured the effect of ISAF patrols aligned to the confidence of the locals to attend the market.[1] By using this deluge of data and new analytical tools provided through technology, trends could be successfully analysed, which provided greater understanding. This provided quantitative data sets and enabled ISAF to measure effect and also to predict trends, identifying cause and effect relationships in new and more accurate ways.[2] By adopting new tools, techniques and technology; aligning them through processes and importantly utilising correctly trained and empowered personnel, ISAF generated informational advantage.
Technology will provide solutions, but needs to be nested (as it was within ISAF) in process, which allows it to be exploited. This requires the correct policies and permissions as well as organisational structures. The British Army has been aligning information capabilities for some time now, and introduced the lexicon of Information Manoeuvre back in 2016 and then structural change in 2018, with the creation of the Information Manoeuvre Division, which was developed in support of Joint Action and elevated Information Activities and Outreach to the same level of importance as Fires and (both ground and air) Manoeuvre. The Royal Air Force have also made organisational changes by forming 11 Groupwhich focuses on multi-domain operations. With all of this progress there remains a danger that single services will develop capabilities in stove-pipes. The key to achieving information advantage is utilising a joint/multi-agency approach. There are many benefits to the US approach of having a Multi-domain Task Force, which include a purpose built force and the development of specialist personnel, but again there are risks of having isolated capabilities and wider integration issues with the rest of the force.
Having the correct structures in place is key, but this in itself does not provide the policy and permissions to operate. Something that needs further refinement are the information targeting rules of engagement. Commander’s often feel constrained with their use of the information environment. Having the specialists and structures in place along with the correct relationships will ease some of these restrictions, however an acceptable balance between strategic, operational and tactical activities needs to be found to enable the rapid exploitation of information and therefore the ability to gain advantage. The recent publication RESIST – counter-disinformation toolkit from the Government Communication Service provides an excellent guide for identifying and combatting disinformation, but it does not specifically provide permissions. Having more explicit standard operating procedures for the information environment will ‘normalise’ this new frontier and importantly empower commanders and their subordinates. Some progress has been made with the introduction of project CLARION which provides a refreshed social media policy for the British Army. When this is aligned with better education and training, our people will become more comfortable with taking risk, which will solve the current problem of enabling mission command in the information environment.
As CGS mentioned ‘people are the Army’ and this of course is true of all the services. The British Army launched programme Castle which aims to accelerate generational change by modernising career structures, training, education and management. This is absolutely required and a step in the right direction but there is also a real opportunity to use the diversity of people within Defence to exploit the information environment, giving reach, credibility and also wider cultural and linguistic understanding. Those either involved in specific regions, such as the UK Army’s regionally aligned Brigades or the US’ aligned commands need to be fully integrated into their respective information environments. This will also require 21stCentury mission command, involving collectivism with decision making authority delegated down to a practicable level and a ‘shared consciousness’. The information environment also needs to be fully understood through a detailed target audience analysis. People are our greatest asset and with a globally connected world we can use this organic resource more wisely. Our people have a multitude of diverse backgrounds and can offer insights, understanding and networks which are essential in the information age.
All of this needs to be managed whilst protecting our people. There have been recent examples of adversaries exploiting social media including the fitness application Strava to map US military bases. In addition, terrorist organisations such as Daesh have called on their supporters to use social media sites like an online ‘Yellow Pages’ to collect personal information about service personnel. This is not exclusively a UK or US issue, a recent NATO report from the Centre of Strategic Communications highlighted that open source data from social media could easily be collected on soldiers and then used to successfully influence the target audience (NATO), changing their behaviours. The issue is wider than just NATO, recently the Russian government voted to prohibit its military forces from using personal electronic devices or to post anything relating to their military service. Limitations and policies are sensible, but must be realistic and complimented with low-level training and awareness, making personnel more OPSEC and PERSEC aware. In essence a risk-based approach, which is used widely for almost every other military activity, needs to be adopted. When this is aligned to better training and education, it will protect our people. There is of course another option regarding the issue of personnel, a new employment model or contracting aspects out to industry.
If the UK MOD wishes to provide the correct level of volume and persistence in the information environment now, some other personnel/employment models are worthy of investigation. There are broadly three options; firstly the adoption of a civilian volunteer force in a similar manner to that of the Lithuanian Elves or the Ukrainian hacker groups, which essentially crowdsources the protection of the national information environment out to the general public. A second option which is broadly aligned to this has been adopted by the UK Police Force. The part-time ‘specials’ were formerly employed in generic police duties, however in the last few years the police have expanded this model to include cyber securityand financial experts. By opening up this new role, their gap in specific skills and expertise has been bridged. This would be a much broader interpretation of the current Whole Force approach used by the UK MOD, but would provide a welcome increase in the required specialisms. The final option is to use Private Military Security Companies (PMSCs). At the 2014 summit in Wales, NATOacknowledged the use of PMSCs stating that “military, paramilitary, and civilian measures are employed in a highly integrated design”. There are already a number of countries that hire specialists to monitor or provide an effect in the information environment.
A recent example of a PMSC is a US company – Cyber Point, which had a branch ‘Project Raven’ based in the United Arab Emirates. Cyber Point were employed as cyber specialists with the tools, techniques and expertise to conduct sophisticated ISR within the information environment, targeting other nation states and civilians within UAE who were deemed a threat to national stability. This approach covers the technical aspects of the information environment, however there are also strategic communication companies that provide information and communication services for nation states and can then monitor/analyse the information environment to measure effect. This does however, carry risk to reputation; Cambridge Analytica made headline news through the Facebook scandal in which millions of users had their personal data harvested and were then targeted with personalised adverts. Another firm Bell Pottinger was employed by the US military between 2007-2011 to ‘support’ the local Iraqi government, but allegedly also included fake al-Qaeda propaganda videos that could track viewers through web-based analytics. These individuals were then targeted. These examples highlight a number of ethical and moral issues that relate to contracting out the management of a nation’s information environment.
Whilst the current skills gap is being slowly addressed by growing the relevant skills organically within the military, in the interim a new employment model needs to be adopted if we are to ensure optimal effectiveness in the short to medium term. How to deliver this is yet to be decided, but whichever measures are adopted may feature one or more of the models identified above. One thing is inevitable: the rate at which technology is being developed and adopted in the contemporary information environment will not slow down. Both the UK and US have introduced new technologies, concepts and amended organisational structures to accommodate these changes, but must ensure that they have the processes, permissions and most importantly the people to be able to operate in the 21stCentury multi-domain information environment.
No comments:
Post a Comment