Ask the cyber-insurgent: are information operations a decisive form of operational warfare?

Army Communicator, Wntr, 2008 by Jan C. Norris

[ILLUSTRATION OMITTED]

Little else is discussed on CNA as the details and processes are sensitive and classified. JP 3-13 does describe a notional joint IO cell but there is no specific emphasis placed on Cyberspace surveillance and targeting within this specific cell.

While combating the cyber-insurgent is a complex task akin to "a cat and mouse chase and finding a needle in a haystack", there are deliberate measures than can have impact. Creation of a Joint Cyber-Surveillance Targeting Cell inside of the U.S. military at the operational level is a start. In the Central Command theater of operations, for example, a JCST cell could be embedded within the MNF-I staff in Baghdad where it is currently needed most. In other regional combatant commands where active combat operations are not on-going, the cell would function at the RCC headquarters.

As this mission clearly falls in the information environment, the fifteen to twenty member cell would be lead by an IO officer (O-5 or O-6) and include Interagency cyberspace analyst representation from the CIA, NSA, STRATCOM, State Department as well as joint military intelligence open-source analysts and linguists, host nation linguists, and information technology specialists (both military and contractors) specializing in wide area network architecture and attack/infiltration. Manning the cell jointly would better educate and train military and government agencies for future joint cyberspace related operations. The JCST cell would conduct continuous scanning of the Internet for suspected insurgent/terrorist activity and employ developed technology that harnesses automation to search and capture web content. Acting much like a conventional joint targeting cell, a targeting model similar to the Decide-Detect-Deliver-Assess process could be used. With Joint Cyberspace Surveillance and Targeting, the process would change to Detect-Decide-D4-Assess, where D4 is disrupt, deny, degrade or destroy.

During JCST cell operations, suspected sites are detected and analyzed. If it is decided the site is a source contributing to insurgent or terrorists activities and can be targeted, then network technical specialists would move to take one of four actions: disrupt, deny, degrade or destroy the site, or let it remain as is to exploit for further information and analysis.

Efforts could also be made to re-direct individuals browsing the web looking for insurgent web sites to U.S. constructed sites providing counter propaganda to potentially dissuade an insurgent recruit.

Decisions to execute any action against a site ultimately rest with the JCST cell chief unless suspected sites involve external countries where action may involve political sensitivity.

In cases where the source or host of a terrorist site is outside of the U.S. (or U.S. combat zone) and targeting the host and/or associated network or server would impact other important non-insurgent users or organizations (i.e. a banking network), a target nomination would be sent via the targeting cell state department representative through state department channels to the source country for targeting clearance.