29 March 2020

Doctrinal Confusion and Cultural Dysfunction in the Pentagon Over Information and Cyber Operations

By Herb Lin 

In a Lawfare post earlier this year, I questioned the wisdom of referring to cyber operations as psychological operations. These campaigns are the bread and butter of U.S. Cyber Command’s operational activities. My interest in this question stemmed from two recent articles, one on NPR and one in the Washington Post. The former discussed past activities of U.S. Cyber Command and the latter discussed possible future activities. Taken together, both articles used terms such as “information warfare,” “information operations,” “psychological operations” and “influence operations” to describe these activities.

I closed that post with a promise to comment on the doctrinal and conceptual confusions within Defense Department policy regarding all of these concepts. This post makes good on that promise.

Here’s a review of Department of Defense doctrine on “information warfare” and related terms. This review suggests that even within the Department of Defense, the terms have had elastic, imprecise and ambiguous meaning and are often used interchangeably to describe activities that are divergent in nature.


Until 2018 U.S. joint military doctrine recognized just six joint functions that were common to operations at all levels of warfare: command and control, intelligence, fires, movement and maneuver, protection, and sustainment. This changed in October 2018 with the publication of JP 3-0 Joint Doctrine (2017 Incorporating Change 1 2018), which added the information function. Importantly, these seven functions (including the information function) are described as essential to all military operations. The information function includes three sets of activities: understanding information in the operational environment, leveraging information to influence the behavior of relevant actors, and supporting friendly human and automated decision-making.

The Department of Defense defined “information warfare” in JP 3-13 Joint Doctrine for Information Operations (1998) as information operations “conducted during time of crisis or conflict (including war) to achieve or promote specific objectives over a specific adversary or adversaries.” At that time, the Defense Department defined “information operations” as “actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Interestingly, this definition is remarkably similar to what the Department of Defense understands today as “cyberspace operations.”

In 2006, the Department of Defense abandoned the term “information warfare” in favor of “information operations.” The department defined “information operations” in the 2006 version of JP 3-13 Information Operations to include electronic warfare, psychological operations, military deception and operations security—in addition to computer network operations. JP 3-13 (2006) also introduced the concept of the “information environment,” defining it as “the aggregate of individuals, organizations, and systems that collect, process, disseminate, or act on information,” noting that “the information environment is where humans and automated systems observe, orient, decide, and act upon information, and is therefore the principal environment of decision making.”

The Department of Defense updated the definition of “information operations” in JP 3-13 Information Operations (2012). This definitional change emphasized the importance of the information environment. It also changed the stated focus of information operations from a list of operations to a more broadly defined group of activities—information operations became “the integrated employment, during military operations, of information-related capabilities in concert with other lines of operation to influence, disrupt, corrupt, or usurp the decision making of adversaries and potential adversaries while protecting our own.” By eliminating the list of activities that had previously constituted information operations, JP 3-13 (2012) further emphasized that those conducting information operations should be focused on the use of information-related capabilities to create a desired “information” effect.

There is no formal Department of Defense definition of the term “influence operations,” but a 2009 Rand Corp. study defined “influence operations” as the “application of national diplomatic, informational, military, economic, and other capabilities in peacetime, crisis, conflict, and post-conflict to foster attitudes, behaviors, or decisions by foreign target audiences that further U.S. interests and objectives.” Rand views are not necessarily authoritative, but Rand has been a primary analytical resource for the Department of Defense, though an independent one, for many decades.

JP 3-13.2 Psychological Operations (2010) and its follow-on Military Information Support Operations (incorporating Change 1 20 December 2011) define “psychological operations” (PSYOPs or military information support operations [MISO], as they are now known in the department’s lexicon) as the conveyance of “selected information and indicators to foreign audiences to influence their emotions, motives, objective reasoning, and ultimately the behavior of foreign governments, organizations, groups, and individuals in a manner favorable to the originator’s objectives.” Other military operations, such as kinetic strikes, can and will have psychological impacts but are not considered PSYOPs because their primary purpose is to affect something in the physical environment. Notably, this definition of PSYOPs does not include counterpropaganda activities. It also does not explicitly acknowledge the possibility that U.S. audiences can be the target of adversary PSYOPs.

The Department of Defense first introduced the term “cyberspace operations” in JP 3-12(R) Cyberspace Operations (2013) and later revised the definition in JP 3-12 (2018). Both versions define a cyberspace capability as “a device, computer program, or technique, including any combination of software, firmware, or hardware, designed to create an effect in or through cyberspace,” and cyberspace operations as “the employment of cyberspace capabilities where the primary purpose is to achieve objectives in or through cyberspace.” All cyberspace operations are part of one of three cyberspace missions: Department of Defense Information Network operations, defensive cyberspace operations or offensive cyberspace operations. JP 3-12 (2018) notes that cyberspace is a medium through which information-related capabilities may be employed.

The preceding review of joint military doctrine, which is widely considered the most authoritative source for the meaning of various terms and how they are used to describe U.S. military thought, suggests that these terms have a somewhat confused and tangled history even within the Department of Defense context. So, it is not surprising that the U.S. public, and even the Department of Defense itself, often uses the terms “information warfare,” “information operations,” “psychological operations,” “influence operations” and possibly “cyberspace operations” interchangeably, even when they are not synonymous.

What accounts for the confusion about concepts such as “information warfare,” “information operations,” “psychological operations” and “influence operations”?

I suspect that the Department of Defense cultural hierarchy (aka the pecking order) deems kinetic military specializations (for example, armor, infantry, surface warfare) as worthy of a higher degree of respect than nonkinetic specializations. Consider, for example, that formulations of joint doctrine prior to 2018 did not regard the information function as being of comparable importance to the other joint functions (as indicated by the Department of Defense’s introduction of the information function in that year). So, it would not surprise me if the lack of respect accorded the nonkinetic operations translated into a lack of significant attention to such matters. Everyone is busy, and incentives to familiarize oneself with matters deemed of lesser importance are likely to be scarce.

Sensitivity to public perceptions also play a role in the confusing nature of the definitions. In 2011, for example, the term “psychological operations” (PSYOPs) was superseded by “military information support operations” (MISO) on the directive of then-Secretary of Defense Robert Gates whose explanation for the name change was that “the term PSYOP tends to connote propaganda, brainwashing, manipulation, and deceit.”

The history and evolution of Department of Defense doctrinal constructs in these domains have shaken out in such a way that Department of Defense personnel not specializing in cyber or MISO often view terms and concepts such as “information warfare” and “information operations” more similarly to how these terms are used in societal discourse than to how cyber and MISO specialists at the Defense Department understand them.

These inconsistencies ultimately create conceptual confusion that, in turn, can also result in misallocation and misalignment of resources and capabilities. For example, such confusion may make it more difficult for the Department of Defense to recruit, hire and train the right people for cyber and MISO positions due to a lack of understanding about what different missions entail and what skill sets they require. Performance evaluation is also more difficult without a clear articulation of what effective mission performance means.

The preceding discussion also reflects a degree of cultural dysfunction within the Department of Defense regarding information operations (vice kinetic operations) and more so for psychological operations. Cyber Command has made a commendable foray into the use of cyber operations to create psychological effects, and indeed at least a few individuals with expertise in psychological operations are billeted with Cyber Command. But I have not changed my view that the strong technical emphasis of the Department of Defense cyber warfare community and more broadly the department’s view of psychological operations does not position the department as a whole to embrace and integrate the psychological aspects of information operations into cyberspace operations. I remain concerned that the Department of Defense community will continue to face an uphill effort to fully incorporate psychological operations (and information operations more generally) into military operations. The doctrinal confusion is a symptom of that very struggle.

This post is a summary of an article of the same name that will appear in a special edition of the Cyber Defense Review (CDR) in summer 2020: https://cyberdefensereview.army.mil/.

No comments: