Information OperationsNewsletter

Compiled by: Mr. Jeff Harley

Army Forces Strategic CommandG39, Information Operations Division

Table of Contents

ARSTRAT IO Newsletter on OSS.net at shortcut: http://www.oss.net /IO

Page 1

The articles and information appearing herein are intended for educational and non-commercial purposes to promote discussion of research in the public interest. The views, opinions, and/or findings and recommendations contained in this summary are those of the original authors and should not be construed as an official position, policy, or decision of the United States Government, U.S. Department of the Army, or U.S. Army Strategic Command.

Table of ContentsVol. 9, no. 11 (25 April – 8 June 2009)

1. Cyber Operations Standup Approaches

2. A Cyber-Attack on an American City

3. N. Korea has Cyber War Unit Targeting S. Korean, U.S. Military: Sources

4. Al-Qaida used Hotmail, Simple Codes in Planning

5. Winning the Information War in Afghanistan and Pakistan

6. Countering the Taliban's Message in Afghanistan and Pakistan (Interview)

7. ‘First with the Truth’

8. Pentagon Needs New Electronic-War Plan

9. Zombies Wild in Washington

10. Anti-U.S. Hackers Infiltrate Army Servers

11. Analysis - Information Operations: US Deficient in Af-Pak

12. 10 Things You Didn't Know About Cyberwarfare

13. Is Cryptology Dead?

Page 2

ARSTRAT IO Newsletter on OSS.net

Cyber Operations Standup ApproachesBy Erik Holmes, Air Force News, Apr 25, 2009With only a couple of months before the standup of a numbered Air Force dedicated to cyberspace, the officials overseeing its creation have plenty to do.24th Air Force under Air Force Space Command will have three wings and 6,000 to 8,000 personnel when it stands up this summer.The Air Force will announce a headquarters location by the end of June.One of those officials keeping busy is Brig. Gen. Mark Schissler, the service’s director of cyber operations at the Pentagon.Q. When will 24th Air Force be operational?A. We hope to be able to stand up in July. ... To get to July, we need to begin to tell people ... you’re on assignment to the new 24th Air Force at a particular location. Until we have a [headquarters] location, we can’t tell them they’re on assignment there. It very much is about personnel and the ability to assign them so they can show up to work.Q. What constitutes a standup? Will the organization be operational by then?A. What we need is about 100 people as a start at the new location to begin doing the tasks of the numbered Air Force and being responsive to the [Air Force Space Command]. Then over time, over months you could add in the second hundred people [for the headquarters], and at some point, you need to move things like the operations center so it’s collocated [with the headquarters].Q. Defense Secretary Robert Gates has talked about the need to train more cyber personnel. Have you figured out how to do that?A. We have to get not 10s or 20s of people through training, and we need both enlisted … technician-level people as well as officer leaders, planners [and] strategists. ... Air Education and Training Command is looking at how and what the requirements would be for [training more] enlisted cyber technicians and cyber operators, which could be enlisted or officers. ... I think it will be probably a several-year effort, to both develop courseware ... that’s useful to us and grows us a cyber force that’s fully capable.Q. What will the role of the Guard and Reserve be in cyber operations?A. Within our Guard and Reserve, we have lots of people currently working in the [technology] industry in their full-time [civilian] jobs. ... If they already know a lot of things because of where they work in their day jobs, wouldn’t it be smart for us to take advantage of that? ... Interestingly, some of those people work for major hardware and software companies, and they’re currently employed maybe as aircraft mechanics or logistics planners. We may be able to use them as cyberspace planners or operators in the near future.Q. What would a Guard and Reserve cyber unit look like?A. A cyber squadron might only be 30 or 40 [people] and be completely effective. And then there’s also the case of reservists, where one-sy and two-sy people can make a significant contribution because they already possess the skills and we can deploy them as [individual mobilization augmentees] or in other positions singly as opposed to unit contributions.Table of Contents

A Cyber-Attack on an American CityBy Bruce Perens, Business Insider, Apr. 25, 2009Just after midnight on Thursday, April 9, unidentified attackers climbed down four manholes serving the Northern California city of Morgan Hill and cut eight fiber cables in what appears to have been an organized attack on the electronic infrastructure of an American city. Its implications, though startling, have gone almost un-reported.That attack demonstrated a severe fault in American infrastructure: its centralization. The city of Morgan Hill and parts of three counties lost 911 service, cellular mobile telephone communications,

Page 3

land-line telephone, DSL internet and private networks, central station fire and burglar alarms, ATMs, credit card terminals, and monitoring of critical utilities. In addition, resources that should not have failed, like the local hospital's internal computer network, proved to be dependent on external resources, leaving the hospital with a "paper system" for the day.Commerce was disrupted in a 100-mile swath around the community, from San Jose to Gilroy and Monterey. Cash was king for the day as ATMs and credit card systems were down, and many found they didn't have sufficient cash on hand. Services employees dependent on communication were sent home. The many businesses providing just-in-time operations to agriculture could not communicate.In technical terms, the area was partitioned from the surrounding internet. What was the attackers goal? Nothing has been revealed. Robbery? With wires cut, silent alarms were useless. Manipulation of the stock market? Companies, brokerages, and investors in the very wealthy community were cut off. Mayhem, murder, terrorism? But nothing like that seems to have happened. Some theorize unhappy communications workers, given the apparent knowledge of the community's infrastructure necessary for this attack. Or did the attackers simply want to teach us a lesson?Although they are silent on the topic, I hope those responsible for emergency services, be they in business or government, are learning the lessons of Morgan Hill. The first lesson is what stayed up: stand-alone radio systems and not much else. Cell phones failed. Cellular towers can not, in general, connect phone calls on their own, even if both phones are near the same tower. They communicate with a central switching computer to operate, and when that system doesn't respond, they're useless. But police and fire authorities still had internal communications via two-way radio.Realizing that they'd need more two-way radio, authorities dispatched police to wake up the emergency coordinator of the regional ham radio club, and escort him to the community hospital with his equipment. Area hams dispatched ambulances and doctors, arranged for essential supplies, and relayed emergency communications out of the area to those with working telephones.That the hospital's local network failed is evidence of over-dependence on centralized services. The development of the internet's communications protocols was sponsored by the U.S. Department of Defense, and they were designed to survive large failures. But it still takes local engineering skill to implement robust networking services. Most companies stop when something works, not considering whether or how it will work in an emergency.Institutional networks, even those of emergency services providers, are rarely tested for operation while disconnected from the outside world. Many such networks depend on outside services to match host names to network addresses, and thus stop operating the moment they are disconnected from the internet. Even when the internal network stays up, email is often hosted on some outside service, and thus becomes unavailable. Programs that depend on an internet connection for license verification will fail, and this feature is often found in server software. Commercial VoIP telephone systems will stay up for internal use if properly engineered to be independent of outside resources, but consumer VoIP equipment will fail.This should lead managers of critical services to reconsider their dependence on software-as-a-service rather than local servers. Having your email live at Google means you don't have to manage it, but you can count on it being unavailable if your facility loses its internet connection. The same is true for any web service. And that's not acceptable if you work at a hospital or other emergency services provider, and really shouldn't be accepted at any company that expects to provide services during an infrastructure failure. Email from others in your office should continue to operate.What to do? Local infrastructure is the key. The services that you depend on, all critical web applications and email, should be based at your site. They need to be able to operate without access to databases elsewhere, and to resynchronize with the rest of your operation when the network comes back up. This takes professional IT engineering to implement, and will cost more to manage, but won't leave you sitting on your hands in an emergency.Communications will be a problem during any emergency. Two-way radios have, to a great extent, been replaced by cellular "walkie-talkie" services that can not be relied upon to work during an infrastructure failure. Real two-way radios, stand-alone pager systems, and radio repeaters that

Page 4

enable regional communications are still available to the governments and businesses that endure the expense of planning, acquiring, maintaining, and testing them. Corporate disaster planners should look into such facilities. Municipalities, regardless of their size, should not consider abandoning such resources in favor of the less-robust cellular services.Satellite telephones can be expected to keep operating, although they too depend on a land infrastructure. They are expensive, and they frequently fail in emergency situations simply because their users, administrative officials rather than technical staff, fail to keep them charged and have no back-up power resource once they are discharged.A big plus for Morgan Hill was that emergency services had an well-practiced partnership with the local hams. Since you can never budget for all of the communications technicians you'll need in an emergency, using these volunteers is a must for any civil authority. They come with their own equipment, they run their own emergency drills and thus are ready to serve, and they are tinkerers able to improvise the communications system needed to meet a particular emergency.Which brings us to the issue of testing. No disaster system can be expected to work without regular testing, not only of the physical infrastructure provided for an emergency but of the people who are expected to use it, in its disaster mode. But such testing takes much time and work, and tends to trigger any lurking infrastructure problems, creating outages of its own. It's much better to work such things out as a result of testing than to meet them during a real disaster.We should also consider whether it might be necessary to harden some of the local infrastructure of our communities. The old Bell System used to arrange cables in a ring around a city, so that a cut in any one location could be routed around. It's not clear how much modern telephone companies have continued that practice. It might not have helped in Morgan Hill, as the attackers apparently even disabled an unused cable that could have been used to recover from the broken connections.Surprisingly, manholes don't usually have locks. They rely on the weight of the cover and general revulsion to keep people out. They are more likely to provide alarms for flooding than intrusion. Utility poles are similarly accessible. Much of our infrastructure isn't protected by anything so tough as a manhole cover. Underground cables are easily accessible in surface posts and "tombstones", boxes often located in residential neighborhoods. These can be wrecked with a screwdriver.Most buried cable cuts are caused by operating a back-hoe without first using one of the "call before digging" services to mark out the location of all of the buried utilities. What's done accidentally can also be done deliberately, and the same services that help diggers avoid utilities might point them out to an attacker.The most surprising news from Morgan Hill is that they survived reasonably unscathed. That they did so is a result of emergency planning in place for California's four seasons: fire, floods, earthquakes, and riots. Most communities don't practice disaster plans as intensively.Will there be another Morgan Hill? Definitely. And the next time it might happen to a denser community that won't be so astonishingly able to sustain the trouble using its two-way radios and hams. The next time, it might be connected with some other event, be it crime or terrorism. Company and government officers take notice: the only way you'll fare well is if you start planning now.Table of Contents

N. Korea has Cyber War Unit Targeting S. Korean, U.S. Military: Sources

From Yonhap News, 5 May 2009SEOUL, May 5 (Yonhap) -- North Korea operates a cyber warfare unit that seeks to disrupt South Korean and U.S. military networks and visits U.S. military sites more frequently than any other country, intelligence sources in Seoul said Tuesday.The General Staff of the North's Korean People's Army has been operating for years a "technology reconnaissance team," which is exclusively in charge of collecting information and disrupting military computer networks in South Korea and the U.S., the sources said on condition of anonymity.

Page 5

Roughly 100 hackers, mostly graduates of a leading military academy in Pyongyang, work on the team, hacking into South Korean and U.S. computer networks, withdrawing classified information and establishing combat simulations, they said."This unit tries to hold control of South Korean and U.S. military information system by hacking into their computer networks and taking out classified data. When necessary, they may spread computer viruses to disrupt the networks," one of the sources said.After years of tracking which countries access U.S. military Web sites and networks, the U.S. military has found that users inside North Korea logged on most frequently.The North Korean unit has also set up simulated war training softwares and extensive data on South Korean high-ranking military personnel, according to the sources.South Korea and the U.S. signed a memorandum of understanding on April 30 to bolster cooperation in fighting cyber terrorism against their defense networks.The U.S. maintains 28,500 troops in the South as a deterrent against North Korea.Table of Contents

Al-Qaida used Hotmail, Simple Codes in PlanningBy Pamela Hess, Washington Post (The Associated Press), May 2, 2009 WASHINGTON -- In the days following the Sept. 11 terrorist attacks, alleged al-Qaida operations mastermind Khalid Sheikh Mohammed intended to use his free Hotmail account to direct a U.S.-based operative to carry out an attack, according to a guilty plea agreement filed by Ali Saleh Kahlah al-Marri in federal court. The document shows how al-Qaida, at least in 2001, embraced prosaic technologies like pre-paid calling cards, public phones, computer search engines and simplistic codes to communicate, plan and carry out its operations. Al-Marri also surfed the Internet to research cyanide gas, using software to cover his tracks, according to the document filed Thursday in federal court in Peoria, Ill. He marked the locations of dams, waterways and tunnels in the United States in an almanac. The government claims this reflects intelligence that al-Qaida was planning to use cyanide gas to attack those sites. As a result of his guilty plea, al-Marri could be sentenced up to a maximum 15-year term in federal prison. In a stipulation of facts filed as part of the plea agreement, al-Marri admitted that he trained in al-Qaida camps and stayed in terrorist safe houses in Pakistan between 1998 and 2001. There, he learned how to handle weapons and how to communicate by phone and e-mail using a code. After arriving in the U.S. on Sept. 10, 2001 _ a day before al-Qaida's long-plotted terror strikes in New York and Washington _ Al-Marri stored phone numbers of al-Qaida associates in a personal electronic device. He used a "10-code" to protect the numbers _ subtracting the actual digits in the phone numbers from 10 to arrive at a coded number, according to a person close to the investigation. In a 10-code, eight becomes a two, for example. Other al-Qaida members used the same code, according to the plea agreement. Al-Marri sent e-mails to Khalid Sheikh Mohammed's hotmail account _ HOR70@hotmail.com _ addressed to "Muk" and signed "Abdo." The details of that code were included in an address book found in an al-Qaida safehouse in Pakistan. An attempt by The Associated Press to reach that address did not indicate the account had been closed, but it went unanswered. Al-Marri initially tried to use a Yahoo e-mail account to contact Mohammed, but it failed to go through. So he switched to Hotmail as well. When al-Marri arrived in the United States, he created five new e-mail accounts to communicate with Mohammed, using the 10-code to send him his cell phone number in Peoria.

Page 6

From September to November, al-Marri tried and failed to contact members of al-Qaida in Pakistan using prepaid calling cards and public phones, sometimes traveling 160 miles to use a different phone. Al-Marri was arrested in December 2001, three months after entering the U.S. on a student visa. He was shortly thereafter declared an "enemy combatant" and taken into military custody. The "enemy combatant" designation was dropped when he was indicted by a federal grand jury in Illinois. Suspected as an al-Qaida sleeper agent, he was held without charge for more than five years. His attorneys say he was tortured while in military custody. There is no indication in the plea agreement that al-Marri ever made contact with other alleged al-Qaida agents inside the United States. Al-Marri admitted that before entering the U.S., he met and had regular contact with Khalid Sheikh Mohammed and with Mustafa Ahmad al-Hawsawi, who allegedly helped the Sept. 11 hijackers with money and Western-style clothing.Table of Contents

Winning the Information War in Afghanistan and Pakistan By Greg Bruno, Council on Foreign Relations, May 11, 2009IntroductionWith overwhelming firepower, Western armies rarely lose in combat to Taliban fighters in Afghanistan. But in the communications battle, the militants appear to hold the edge. The gap has grown especially wide in the Afghan war zone, analysts say. Using FM transmitters, the Internet, and threatening notes known as "night letters", Taliban operating from the border region of Pakistan and Afghanistan have proven effective at either cowing citizens or winning them over to their message of jihad. U.S. special representative Richard Holbrooke told journalists in March 2009 that "the information issue--sometimes called psychological operations or strategic communication" has become a "major, major gap to be filled" before U.S.-led forces can regain the upper hand. As part of its new strategy for the Afghan war, the White House has called for an overhaul of "strategic communications" in Afghanistan "to improve the image of the United States and its allies" and "to counter the propaganda that is key to the enemy's terror campaign." But U.S. officials have acknowledged an institutional weakness in coordinating strategic communications across agencies, as well as broader disagreements on definitions and tactics. "A coordinated effort must be made to improve the joint planning and implementation of strategic communications," says the Pentagon's 2008 National Defense Strategy.Militants' Media MachineThe Taliban leadership began using media as a promotion tool during the 1990s. Taliban warlords renovated printing presses; launched new publications in Dari, Pashto, Arabic, and English; and maintained Voice of Sharia, a radio station, for dissemination of Taliban ideas and statements. After its ouster by U.S.-led forces following the 9/11 terror attacks, the Taliban leadership polished its media approach in exile. Days after coalition forces rolled into Kabul, Taliban chief Mullah Omar told Voice of America (VOA) that the military intervention was not about terrorism or capturing Osama bin Laden but rather about hijacking Afghanistan's religious traditions. "America has taken Islam hostage," Omar said in the interview (parts of which were later temporarily pulled by the State Department, which argued airing it would give terrorists a platform). "If someone follows the path of Islam, the government arrests him, tortures him, or kills him. This is the doing of America." Such propaganda continued after Afghanistan's Taliban leadership established itself inside Pakistan's tribal region.By early 2009 Afghan and Pakistan Taliban factions were operating hundreds of radio programs, distributing audio cassettes, and delivering night letters to instill fear and obedience among their targeted populations. Media outreach has been especially dominant in Pakistan's Swat Valley, where dozens of stations broadcast nightly dictates on "un-Islamic" activities. Maulana Qazi Fazlullah, nicknamed "Radio Mullah," is widely seen as being among the most effective users of radio transmission; Pakistanis listen to his daily dictates if not out of interest, then out of dread.

Page 7

"Nobody likes it, but everybody is afraid because he summons the people and he lets them know that they are targets," one Pakistani told the BBC in February 2009.In Afghanistan, militant media is often aimed at foreign, rather than domestic, audiences. Retired Marine Col. Thomas X. Hammes wrote in a 2006 book that the Taliban uses "all available networks--political, social, economic, and military--to convince the enemy's political decision-makers that their strategic goals are either unachievable or too costly for the perceived benefit." A growing use of "spectacular" suicide bombings, a July 2008 International Crisis Group study of Taliban propaganda notes, aims to generate headlines around the world. The Taliban also maintains a website for the posting of press releases, videos, and an odd collection of reports (one on banking, another a comprehensive diary of CIA conspiracy theories). CFR Senior Fellow Stephen Biddle says media is part of the Taliban's broader operational fabric, and militants often plan attacks for the biggest public relations punch (al-Qaeda also uses the tactic in Iraq). For instance, if the Taliban leadership wants to convey a message that the Afghan government is unable to protect the population, Taliban commanders might plan an ambush, arrange for the attack to be photographed, and distribute the footage online, via cell phone videos, or to international media outlets. "The whole purpose of the military activity," Biddle says, is "to create video."An Effective Message?It's unclear whether those messages hit their mark. As the International Crisis Group concludes, militant communications appears to have helped weaken public support for nation-building, "even though few actively support the Taliban." And despite the proliferation of Taliban media on both sides of the border, public opinion polls offer conflicting evidence on whether violent messaging garners widespread support for the Taliban cause. A 2008 survey of Afghan attitudes by the Asia Foundation found that nearly 39 percent of the country believes they are more prosperous today than during the Taliban's five-year rule in the late 1990s. By the same token, fewer Afghans in 2008 said they felt threatened by the Taliban, despite widespread recognition that security was getting worse. Given the discrepancies, some analysts believe Pakistani, Afghan, and coalition officials must do a better job of linking Taliban doctrine with the oppressive and poor living conditions that most in the region live under. But while the urgency may be fresh, calls for action are not. As early as June 2007, British defense analyst Tim Foxley, writing in a Stockholm International Peace Research Institute policy paper, called for a media campaign "to challenge the Taliban to explain their actions and intent," and promote a broader discussion of "the Taliban's legitimacy, their interpretation of Islam, what constitutes a jihad, and the morality of killing civilians."Turning the TablesWhile U.S. civilian agencies, like VOA and Radio Free Afghanistan, already broadcast extensively in local languages, military officials are looking for outlets to increase the flow of information from the battlefield and among Afghans. Under President Barack Obama's directive, the army is rewriting its information operations manual, FM 3-13, last updated in November 2003. Lt. Col. Shawn Stroud, who until May 2009 served as director of strategic communication at U.S. Army Combined Arms Center in Fort Leavenworth, Kansas--which is coordinating the update--says previous versions of the army information doctrine gave senior officers far from the battlefield the responsibility for making decisions on communication and outreach. The goal of the new manual, scheduled to be released in late 2009, is to "empower commanders" closer to the fight. The need for swifter communications decisions is especially pressing in Afghanistan, where Taliban fighters--who often accuse U.S. troops of killing civilians during operations--are believed to stage civilian deaths and post videos of the fabricated footage. Stroud says U.S. field commanders need the tools to combat counterproductive messaging quickly, like speaking directly to the news media or even filming operations and posting their own combat footage online before the Taliban can. "It's almost like we've surrendered the information battlefield and said, 'Well, we don't play by the same rules as them because we have to tell the truth,' " Stroud says. "The key is, we've got to be first with the truth. So we've got to build systems that do that."The Pentagon is considering even broader changes for the Afghanistan-Pakistan theater. Rear Admiral Gregory J. Smith, director of communications for U.S. Central Command, which has operational authority over the Afghan war, tells CFR.org possible new approaches include funding an expansion of radio transmission towers and news stations to allow local broadcasters to connect

Page 8

with indigenous publics, or protecting cell phone towers "so more people can have access to cell phones to communicate amongst themselves through text messaging or just voice communications." The bottom line, Smith says, is to foster debate among Afghans, not preach American values.Afghan officials say they support U.S. military efforts to improve communications capabilities. Defense Minister Gen. Abdul Rahim Wardak, in an April 2009 interview with CFR.org, said Kabul--which has made efforts to improve its image among the population--nonetheless needs help countering the Taliban's messaging prowess. But that will not be easy, noted Michael Doran, a former deputy assistant security of defense, in a lecture on public diplomacy at the Heritage Foundation in February 2008. Doran said that in Afghanistan, U.S. forces carry out an operation "and within 26 minutes--we've timed it--the Taliban comes out with its version of what took place in the operation, which immediately finds its way on the tickers in the BBC at the bottom of the screen." The solution, Doran said, is much in line with what Lt. Col. Stroud says the army is discussing--empowering U.S. and allied commanders to communicate more directly with local publics.Beyond doctrinal changes, the Pentagon is also considering jamming Taliban radio transmissions and disrupting militant websites, a strategy CFR Senior Fellow Daniel Markey advocated in an August 2008 report and Pakistan's ambassador to the United States endorsed in an April 2009 Wall Street Journal op-ed. (The Afghan Taliban criticized the plan in a statement on its website). But some experts suggest that instead of blocking information, governments should disclose more and challenge Taliban motives and methods. CFR's Biddle says coalition forces should consider focusing more on matching words with actions. "In places like Kunar Province, we have successfully designed integrated military-politico-economic operations to connect local Afghan populations with the government and create a political narrative that puts the Taliban on the outside, killing innocent Afghans, and ourselves on the inside, defending them," he says. Biddle says this strategy makes for "more effective communications" because words are matched by action.Communicating Beyond Af-PakEven if the U.S. military prevails in upending the Taliban's media supremacy in Afghanistan and Pakistan, a broader debate continues over authority and definitions in U.S. strategic communications strategy. Some analysts say the principle challenge will lie in bridging the gulf between civilian and military approaches to outreach. Marc Lynch, an expert on public diplomacy at George Washington University, writes in The National newspaper that the military defines strategic communications as a means to dominate the information battlefield, shape the message, and defeat the enemy. By contrast, the State Department's public diplomacy efforts are "about relationships: building trust, creating networks, establishing credibility." To influence hostile publics--and to win hearts and minds--Lynch suggests a new model of diplomacy is needed that combines elements of civilian and military approaches. Col. Lindsey Borg, an Air Force public affairs officers, argues that the United States needs an overarching national strategy. "Without this," he wrote in February 2008, "the leaders of each department, agency, and office are left to decide what is important. In most cases the answer is to use the organization's communication efforts to advance its own interests".Christopher Paul, a social scientist at the RAND Corporation and an expert in U.S. public diplomacy, says the Pentagon remains the only U.S. government agency with an official definition of strategic communication. As early as 2004 the Defense Science Board, which advises the U.S. military, noted that changes to U.S. outreach efforts abroad were "critical for achieving our national objectives", and the Pentagon has since crafted plans for delivering and targeting messages to audiences in both Iraq and Afghanistan.Civilian agencies, meanwhile, continue to grapple with message crafting and delivery. Analysts are looking for signals on how the Obama administration will use public diplomacy tools beyond the president's widely attended overseas speeches. Judith A. McHale, the former top executive of Discovery Communications, has been nominated as undersecretary for public diplomacy and public affairs. Under current practice, most civilian international broadcasting funded by the United States is managed by the Broadcasting Board of Governors, which has devoted much of its new funding post-9/11 to TV and radio broadcasts in Arabic and Persian.

Page 9

Table of Contents

Countering the Taliban's Message in Afghanistan and Pakistan (Interview)

Interviewee: Rear Admiral Gregory J. Smith, Director of Communication, United States Central Command Interviewer: Greg Bruno, Staff Writer, CFR.org, May 11, 2009U.S. President Barack Obama has called for a new "strategic communications" plan to counter what has so far been a very effective effort by the Taliban to stir up discontent in Afghanistan and Pakistan. Modeled after efforts in Iraq, the Afghan approach, Obama says, should use electronic media, cell phones, and radio to try to win the support of local populations. Rear Admiral Gregory J. Smith, director of communication for the U.S. Central Command, says success will depend on the ability to deliver news quickly and accurately and equip locals with the tools to communicate freely with each other. Smith, who helped craft the Pentagon's definition of strategic communication, says an effective approach in Afghanistan could be "empowering conversation" among Afghans by supporting indigenous broadcasting, protecting radio towers, and fostering debate.In his new Afghanistan-Pakistan strategy, President Obama called for a strategic communications plan to counter Taliban and al-Qaeda messaging. Specifically, the president said the United States needs a strategy that includes electronic media, telecom, and radio, and he made a point to reference the Iraq campaign as being successful. Implicit in those remarks is that the Afghan campaign hasn't gone well. Why?

What we had going for us in Iraq was a better balance between actions and words, that we had a COINed [Counterinsurgency] force, a truly COINed force. In COIN, the force itself is one of your most powerful strategic communication elements, the actions of that force. And by being as strong and as capable to do war in terms of a distributed force around the whole of Iraq, we were really able to influence populations directly by our actions and our direct interface as a COINed force. And that's where we drove the message to the people of Iraq that al-Qaeda in their case, and the struggles they were facing, were ones that they would have to address themselves and make a choice about whether they wanted a life and a future that was designed around a stable government that they could put their trust and faith into. You can say [that] in words, you can say [that] from podiums in Washington, or even Baghdad. That made little difference. It really was the ability of a force that was in their neighborhoods, stayed in their neighborhoods, that showed them that with our support they could realize some measure of peace and stability in their neighborhoods, and that sort of built from there.

Going back to the Afghan example, then, is the problem in essence that you just don't have the resources?

I think everyone has agreed it's been an economy of force in Afghanistan, and therefore we really haven't touched the lives of people the way we were able to touch the lives of people in Iraq in the same way. You did what you had to do with the force you had, but largely it was clear an area, but seldom did you ever hold it or certainly build upon that, and also did it with a much different set of constraints: geography, culture, history you didn't have in Iraq.

When a lot of people hear the term 'strategic communication,' they think of little more than radio and print messaging.

You think of just the message. You think of it being a theme or a talking point. I'm a career public affairs guy, and I certainly understand the role that the traditional messaging plays in getting out factual, contextual, correct information. In Iraq, we really had to be first with the truth, and there was a role for communicators in doing that, but the reality is again if our actions are being seen as supportive and instructive, what they're also hearing us say has a much more reinforcing component to it. So I define strategic communications really as the sense of the whole purpose of your organization, and what you're doing, and how it is affecting the environments you live among.

Even with the addition of seventeen thousand troops in Afghanistan plus an additional four thousand trainers [part of Obama's announced increase in overall U.S. forces there], will we have achieved the force needed to ensure our words and actions meet?

Page 10

That remains to be seen. Obviously the commanders on the ground have developed what they believe is a way forward that has asked for additional forces. The president has agreed to those additional forces, and he's committed to seeing it through the election cycle in particular in Afghanistan. Is this a critical juncture? Clearly the security inside Afghanistan must allow for the Afghan people to have the ability to vote without intimidation. So this is a critical period. And again, if we're saying to the people of Afghanistan, 'Your vote counts. It's important for you to vote,' and yet there's not a sense that they have the ability to do that because of the insecurity, the instability of the areas where they live, then I think those are shallow comments to make.

CENTCOM is working to finalize a white paper on strategic communications policy in the region, per the president's directive. Any preview you can offer in terms of broad changes we might see?

There has to be a realization of being first with the truth. So the government of Afghanistan, ISAF [International Security Assistance Force] as an organization, the U.S. government as an organization, must be seen by the Afghan people as credible, as providing them with the truth and being first with that truth. The problem, right, is that in many of the parts of Afghanistan, the message that they're hearing is coming by way of intimidation: night letters by the Taliban, radio broadcasts that really are required listening, and if they don't, they face death. We've got to be able to counter that with our own penetration into those communities, and it's not easy to do in Afghanistan because most of it is through tribal word of mouth [and] by radio. So there's going to have to be a real investment in having the ability, principally for the government of Afghanistan, secondarily for the coalition and U.S. forces, to be out there with the right content, the context, and accuracy of what's really happening.

How do we do that? Do we build radio transmission towers around the country? Do we hand out radios?

We can do a couple of things. We can empower indigenous radio broadcasting. The Moby group as an example, a large media outfit, TOLO, already has a great deal of penetration. So they understand that power of radio. We've got to be able, and the government has to be able, to find the credible voices that they can speak for themselves. I term this 'empowering conversation.' It's not about us having the message and owning the message and all that. We obviously need to create capacity that allows for strong indigenous voices to be heard amongst that population.

So does that potentially mean employing indigenous radio producers or broadcasters or journalists?It could mean nothing more than financially finding the wherewithal through the private donations, maybe through our own efforts, to make certain that there are radio broadcast towers that remain up, that aren't destroyed. Or radio stations that a private owner could operate with some security. We did that a lot in Iraq, where radio stations run by local governments, by local mayors, early in times in Iraq, clearly when security was not that great. A lot of those were done inside our fenceline, if you will, inside our security zone, just to give those individuals the freedom to be able to speak knowing that they weren't going to be prosecuted or persecuted for that. That's the kind of thing that I think we've got to do in some parts of Afghanistan, where clearly the insurgency, the insurgents there, control and intimidate most of the population.

This opens up a whole new avenue of discussion, in essence asking Afghans to listen to messages that are being put out by U.S.-funded transmission wires.

I don't want to make this sound as if we're talking about establishing a propaganda network or any kind of dirty term or bad term associated with it. Really what I think we're talking about is, there are plenty of Afghan people who lack the wherewithal simply to have a vehicle to have a voice. And if it's a matter of increased cell phone towers so more people can have access to cell phones to communicate amongst themselves through text messaging or just voice communications, if it's the lack of penetration of existing FM transmissions of an indigenous radio station...that simply [needs] the wherewithal to extend their reach, that's where we need to partner, not necessarily create wholly-owned subsidiaries of the U.S. government, certainly that's not the intent here.

How about any hand in programming?Most of the time you really don't need to control or create that kind of oversight with the program. If you go into universities in Afghanistan, young students are interested in the ability to

Page 11

communicate, yet the radio stations that are at these universities are dilapidated and in need of great repair. So if you can go in and help them reestablish their radio program, the instructors come back, the students come to that, and their voices will be their voices. You don't need to control the message. You really need to create the opportunity for a dialogue. Because I think really in the end, you're talking about people who have the ability to express themselves freely. That automatically runs counter to the principles of insurgency that tries to control the people's views. And so it's not about controlling the message; I think it's really about giving the capacity to have a conversation in the first place.

Now in regions where we don't actually have a physical presence, such as the FATA in Pakistan, where Taliban elements broadcast nightly, how do we deal with that?

Some would say simply find ways to jam and eliminate the insurgents' ability to use that medium. Unfortunately, we're talking about a medium that's very low cost, very easy, very mobile, very, very difficult, again based on geography. I think the real sense again is, and the Pakistan government is understanding this as well, you've got to create an opportunity for the content to overpower the negative message. So if they can create a news channel, an entertainment channel, a culture channel that people are more interested in listening to, over time there'll be less, there's just less space then for the Taliban to intimidate. That I think is the general sense of how to counter a lot of this radio broadcasting. To the degree that there can be technical means to shut down illegal broadcasts, that certainly should be done, but it's not the panacea that one might think.

Is there any effort on either side of the border to conduct monitoring of what's being said over these airwaves?

Oh yeah. There needs to be an active listening of insurgent messages so that we, one, are aware of the message, what the message really is, and also where are they moving that message to? In the case of Pakistan, you can rest assured that as insurgency moves further south and, as we saw most recently, closer and closer to the capital, along with that is coming a message. They're obviously creating a network and the capacity to use what they used in Swat and other places as the vehicle to reach audiences, and so monitoring that and knowing what's being said is a responsibility I think both the government of Afghanistan and Pakistan take, and we certainly do from a technical point of view.

Table of Contents

‘First with the Truth’ By James Warden, Stars and Stripes, Mideast edition, Tuesday, May 5, 2009PAKTIA PROVINCE, Afghanistan — Residents in rural Paktia province got a treat when soldiers with Troop B, 1st Squadron, 40th Cavalry Regiment rolled past their grazing lands during a three-day patrol this weekend. Afghans more accustomed to receiving supplies of food and blankets beamed when they saw that the boxes soldiers gave them actually contained small radios. The radios aren’t intended to help the Afghans listen to their favorite tunes, though. They’re part of a top-to-bottom system aimed unabashedly at getting the official Afghan and American story out to Paktia before the insurgents have a chance to weigh in.It’s a public relations battle that analysts once said Americans were losing because of a too-rigid adherence to hierarchy. Broadcasts would take too long to be approved, they said. The Americans have set up transmitters across the province in eastern Afghanistan, hired local employees for the stations and developed a process to put out information updates on incidents such as roadside bomb explosions. Maj. Herb Skinner, the 1-40 executive officer, said the system is key to combating Taliban misinformation that often blames coalition forces for civilian deaths caused by its own attacks. Taliban propagandists even take advantage of failed attacks, said 1st Lt. Josh Payne, the 1-40 information operations officer. A couple of weeks ago, the Americans didn’t do an announcement after a roadside bomb detonation because the explosion didn’t hurt anyone. The Taliban, however, put out their own message saying that people died and two vehicles were destroyed.

Page 12

"If we don’t send anything out, they’re going to make up what they want the people to hear," Payne said. The military has occasionally been accused of blurring the line between propaganda and public affairs and information operations. Payne said the broadcasts are squarely in the more-benign information operations category. They broadcast details about coalition forces mistakes, such as when a mortar accidentally kills civilians, as well as Taliban attacks. The whole strategy, he said, is to be "first with the truth." "We’re not trying to deceive anyone," Payne said. "We’re just trying to get the news out there. … We’ll jazz it up to put the blame on the bad guys, but we stick with the facts." The radio approach is particularly suited for Paktia. The eastern Afghanistan province is an extremely rural area where most communication is done by word of mouth, Payne said. Newspapers and TV stations are rare outside Gardez, the capital and the province’s largest city. Even radio is uncommon; Gardez and Zormat are the only cities with good access to local stations. "Except for those two areas, there’s really not a lot of competition," he said. The foundation of the whole system is what the Americans call a "60-minute battle drill." Payne’s unit writes a radio story as soon as an incident happens and e-mails it to the line units so their disc jockeys can broadcast the news — all within an hour and sometimes in half that. Meanwhile, American leaders contact the subgovernor, the head of a district, to let him know about the incident and ask for advice on how to handle it.They’re also careful to follow up on the story so the Taliban can’t insert their own twist later. News alerts might tell listeners about a wounded neighbor’s status — and how they’re being tenderly cared for in an American hospital.The follow-up alone can generate a public following as in the golden age of radio. Listeners tracking the story of a little girl who fell into a cooking pit sent a box of thank-you letters after they heard U.S. forces took her into a combat outpost and flew her to medical care. The Americans have hired a local crew to broadcast local programming that will have people listening to the stations when a news alert comes over the air. Each troop is supposed to have two locals working on the radio, and that will climb to three in the coming days. One is the actual DJ. The second is a journalist who interviews local officials for rebroadcast over the air. The third is a technician responsible for keeping the equipment running. Troops in rural areas lack DJs, though. Capt. Gary McDonald, the Troop B commander, said the long drives and lower standard of living away from the cities made it hard to keep employees in these areas. Instead, a continuous loop of music can keep the people entertained while interpreters can get the message out in a pinch.Programming is heavy on national news, which Paktia residents love but have a hard time getting. The stations also have religious programming, children’s shows, sports and lots of music. Gardez has an agricultural call-in program in which the brigade’s agribusiness development team offers tips to local farmers, a particularly popular program in an area where farming and herding dominate the economy. Payne said he uses a light touch with regard to programming and rarely tells the local staff what to play because he wants staff members to be the face and voice of the stations. A lot of them even write their own stuff. But American cultural advisers listen to the programs to ensure that the DJs don’t broadcast anything the Americans don’t want out there.To make sure residents can actually catch the broadcasts, line units distribute the small hand-cranked radios that can also run off solar and battery power. Soldiers with the 1-40 have distributed 1,200 radios in the three months they’ve been in Paktia. Leaders were careful to choose a type that insurgents can’t use to detonate roadside bombs.Payne prefers that the Afghan army or police hand out the radios and explain how they work and what station to tune in to, although members of Troop B simply passed them out from the Humvee turret to ecstatic local residents.

Page 13

Like the radios, the transmitting equipment is relatively modest technology, similar to what a stateside ham radio operator might own. Small combat outpost FM setups run about $5,000. The AM transmitter at Forward Operating Base Gardez is a more substantial $50,000 rig that has a farther reach. The price is well worth it to McDonald. The area he controls has seen little American presence in the past. Troop B soldiers are trying to change that, but it takes hours just to get to the most remote villages. They’ll likely never be able to hit each village as much as they’d really like. But the radio — along with humanitarian aid and other efforts — gives McDonald a sort of virtual presence to remind villagers that coalition forces are nearby. "Presence is something you have to establish and maintain. You can’t just pass through," McDonald said. "[The radio station] shows presence even when I’m not there."Table of Contents

Pentagon Needs New Electronic-War PlanBy Loren B. Thompson, UPI, May 18, 2009 ARLINGTON, Va., May 18 (UPI) -- It isn't easy to be nostalgic about the Cold War, but back then military planners had at least one advantage that they no longer enjoy today: Everybody agreed on what the big threats were. They originated mostly in Russia, and they were really, really serious. So serious, in fact, that the survival of civilization depended on dealing with them effectively. Nowadays the threats are more diverse, they come at planners from every direction, and there's no way of knowing which ones will be most pressing over the long run.So maybe it isn't surprising that experts disagree about which capabilities should get highest priority. But there are at least a few core principles that most planners can embrace, and one of them is that in the information age, if you can't control the electromagnetic spectrum, then you probably can't win wars. Every facet of combat is permeated today by technology such as sensors, networks, navigation aids and smart bombs that depend on access to the electromagnetic spectrum in order to function.Even terrorists depend on electronic technology to communicate with each other and trigger their bombs -- which is why the joint force spends a lot of time trying to monitor, jam or manipulate the frequencies on which the most common enemy devices operate.In big state-on-state conflicts, both sides try to dominate the spectrum, and the resulting rivalry is called electronic warfare. It isn't quite the same thing as information warfare, but if you can shut down the enemy's radars or scramble his communications, it produces similar benefits on the battlefield.So being good at electronic warfare is important to the joint force. It protects American war fighters from improvised explosives and enables U.S. aircraft to operate in contested airspace.Unfortunately, the U.S. Navy is the only service that has given the mission proper priority since the Cold War ended. The U.S. Air Force thought it could substitute stealth for jammers in combating enemy air defenses and was slow to grasp how new information technologies were empowering non-traditional adversaries. The U.S. Army and Marine Corps had unique requirements that never got funded at the rate needed to generate good solutions. Meanwhile, the U.S. Navy forged ahead on its own to develop a new jamming aircraft.Fast-forward to the Obama administration. The U.S. Navy's solution to future electronic warfare needs, dubbed the EA-18G Growler, is ready to debut. The service plans to buy 88 of the planes, based on the Boeing F/A-18E/F Super Hornet, to field the 10 squadrons its carrier air wings require. The U.S. Air Force has started and stopped two programs to provide its own aircraft with jamming in the future, and now has no clear plan. The U.S. Army has canceled the Aerial Common Sensor to localize battlefield emitters. And the U.S. Marine Corps plans to fly legacy jamming aircraft for another 10 years until it fields a nebulously defined alternative to the Growler.The problem is that just because the joint force lacks a coherent plan for meeting future electronic warfare needs doesn't mean our adversaries are in similar disarray. The U.S. Air Force is in

Page 14

especially deep trouble, since it has been depending on aged U.S. Navy aircraft for jamming support, and those planes are all due to be retired by 2013. Maybe it has some secret plan to deal with the emerging threat to its aircraft. If it doesn't, though, then planners need to take a serious look at buying more Growlers because right now, all the planes the U.S. Navy plans to buy are dedicated to Navy missions.Table of Contents

Zombies Wild in WashingtonBy Anne Davies, Sydney Morning Herald, May 30, 2009 A FEW weeks ago, in the offices of a Washington company that has close links to the Obama Administration, a server crashed, setting off an alarm.The chief technology officer was puzzled. This sort of computer should not crash, so he printed out a log of the incident and then rebooted it.Over the next few days, staff reported that their computers were sluggish and the technology officer started to suspect that the earlier alarm might have been the harbinger of a cyber attack.Because of the sensitive nature of the work it was doing, the company called in the FBI. The log revealed that the server had been talking to a computer that runs the switchboard in a large hotel, even though it was not supposed to talk to anyone outside the company.Records of the hotel's internet service provider showed that its system had been regularly talking to a computer in Shanghai, which was using the hotel computer as a command-and-control centre to relay instructions to compromised computers - the "zombies" - in the Washington office of the firm.The zombies were coming alive each night and disgorging emails, directories, personal financial information and documents to a hacker in Shanghai, who investigators believe is part of a team sponsored by the Chinese Government to probe computers in the US.The FBI knows who the hacker is. He left his initials in the virus - undetectable by more than 40 commercial antivirus programs. After visiting hacking chat rooms, the FBI identified a man with the initials in question and has even seen his photo on Facebook, but it is no closer to catching him.During the 2008 election campaign the Obama and McCain campaigns reported similar attacks as hackers tried to trawl for information.The Dalai Lama's offices and computers in the Indian embassy were hacked in March, and there is the well-publicised case of Lockheed Martin, whose computers were broken into by hackers over two years seeking information on the F-35 fighter project (see graphic).If hackers can penetrate a military contractor, why not air traffic control, the electricity grid, the transport system, the financial system, a chemical plant?"Perhaps it is no longer necessary for a terrorist to step aboard a plane or plant a chemical weapon," said Larry Clinton, president of the Internet Security Alliance, an industry association that is trying to tackle this issue in conjunction with Carnegie Mellon University."Exercises show it's possible to get into the US electricity grid, potentially causing enormous economic and physical damage. It's probably also possible to slip into the computer system of a major chemical company and send a toxic cloud floating down the Jersey Turnpike," he says.Now the tech-savvy Barack Obama has announced plans for a multimillion-dollar initiative and the creation of a cyber security office within the White House.Soon after coming into office he appointed Melissa Hathaway, who worked on cyber security for the previous administration, to conduct a 60-day review of the scope of the problem. Her review was due to be released yesterday.The President was also expected to appoint "a cyber tsar" - possibly Ms Hathaway - whose job will be to ensure the many agencies dealing with internet security are working together.Last month, giving a preview of her work, Ms Hathaway acknowledged what every IT person in the room knew: the internet was designed to be an open system engineered for interoperability. It is not secure or resilient enough for what we use it for today or will use it for in the future.

Page 15

"This poses one of the most serious economic and national security challenges of the 21st century," she said.Terrorist groups are already using the internet to organise, recruit and raise funds, Mr Clinton said. The question is: are they likely to take the next step and attack via the internet? He thinks a cyber terrorism attack is not imminent, but cybercriminals are not fussy about to whom they sell their wares.Mr Obama's new cyber tsar will have his or her hands full just dealing with the existing threats: spying and snooping by foreign governments, financial crimes by cyber gangs, and mischief-making by individuals.But there is no doubt cyber attacks are the new frontier and the potential for massive damage is now an advanced and persistent threat.Table of Contents

Anti-U.S. Hackers Infiltrate Army Servers By Paul McDougall, InformationWeek, May 28, 2009 A known computer hacking clan with anti-American leanings has successfully broken into at least two sensitive Web servers maintained by the U.S. Army, InformationWeek has learned exclusively. Department of Defense and other investigators are currently probing the breaches, which have not been publicly disclosed. The hackers, who collectively go by the name "m0sted" and are based in Turkey, penetrated servers at the Army's McAlester Ammunition Plant in McAlester, Okla., and at the U.S. Army Corps of Engineers' Transatlantic Center in Winchester, Va. The breach at the McAlester munitions plant occurred on Jan. 26, according to records of the investigation obtained by InformationWeek. On that date, Web users attempting to access the plant's site were redirected to a Web page that featured a protest against climate change. On Sept. 19, 2007, the same hackers electronically broke into Army Corps of Engineers' servers. That hack sent Web users to www.m0sted.net. The page, at the time, contained anti-American and anti-Israeli rhetoric and images, records show. It currently appears to be an Internet landing spot that features airline reservation links. Beyond the redirects, it's not clear whether the group was able to obtain sensitive information from the Army's servers. The hacks are the subject of an ongoing criminal investigation by Defense Department officials and members of the U.S. Army's Judge Advocate General's Office and Computer Emergency Response Team. Investigators have executed records search warrants against Microsoft, Yahoo, Google, and other Internet service and e-mail providers as part of their efforts to unmask the hackers' true identities. Investigators believe the hackers used a technique called SQL injection to exploit a security vulnerability in Microsoft's SQL Server database to gain entry to the Web servers. "m0sted" is known to have carried out similar attacks on a number of other Web sites in the past -- including against a site maintained by Internet security company Kaspersky Lab. The hacks are troubling in that they appear to have rendered useless supposedly sophisticated Defense Department tools and procedures designed to prevent such breaches. The department and its branches spend millions of dollars each year on pricey security and antivirus software and employ legions of experts to deploy and manage the tools. Equally troubling is the fact that the hacks appear to have originated outside the United States. Turkey is known to harbor significant elements of the al-Qaida network. It was not clear if "m0sted" has links to the terrorist group. Defense Department officials did not immediately return calls seeking comment on the case.Table of Contents

Page 16

Analysis - Information Operations: US Deficient in Af-PakBy Saurabh Joshi, StratPost – South Asian Defense & Strategic Affairs, 02 Jun 2009There has been discussion of the relative success or failure of US Information Operations in the Af-Pak region recently. Your correspondent sat with a senior Information Operations expert at the Indian Ministry of Defense, who explained the concept and the way ahead for the US.“The first recorded use of Information Warfare that I can recall is from the Mahabharata. Ashwatthama, the son of the commander of the Kaurava army Dronacharya was said by Yudhishthira to have been killed, when instead it was an elephant of the same name that died. Upon hearing this, Drona laid down his weapons and was killed by Dhrishtadhyuna, the son of his mortal enemy.Information warfare requires credible information, a credible source and a clear medium. The information was that of Ashwatthama’s death, which was possible and credible and while, in itself, was not such a great blow, led to the killing of Dronacharya, the army commander. The source was Yudhishthira, renowned for his truthfulness and adherence to righteousness,” he explains.“Fast-forward to Mao. His methods of Information Warfare came to be known as Propaganda. Now to make it more palatable and subtle the concept was renamed Psychological Operations (PsyOps) and then Perception Management,” he rattles off the terms. Smiling, he says, “Now we call the exercise ‘Shaping the Information Environment’ or simply Information Operations. Information Operations is a larger concept of which Information Warfare is a subset.”Elaborating further, he warms up, “Information Operations depend upon several factors. The geographical reference, defined population/audience, religion, socio-economic and political aspects and taboos. These factors are understood population terrain mapping, which is really an analysis of a people and their environment. So what becomes important for conducting an Information Operation are circles of influence on a population, which could include mediums of transmission of information, family, society, religion, leadership and village elders. This list is not exhaustive.”“Next, one also has to figure out the kinds of media available to oneself to transmit one’s message. It could range from a leaflet to a mobile phone. The purpose of the operation has to be subtle information dominance, even though this sort of perception management can take a generation to bear fruit,” he warns.He prescribes the message, “To do this effectively, one has to play on themes that are relevant to a population. There has to be message customization to meet local aspirations. The idea has to be to achieve a shift in attitudes from inimical to neutral to favorable. When the last is achieved, that’s when one can establish a partnership for progress in meeting aspirations.”“And what would those aspirations be in Af-Pak? Safety, security and a better future for families and children. Those are the obvious basic things that everyone wants.”The brasshat then looks at the US approach, opining, “The US has so far relied more on kinetic means of victory. Guns, bullets, drones, bombs and airstrikes – that sort of thing. They have to move towards softer means of success. They have not managed to convince the population of their sincerity and their interest in stabilizing the region and creating an environment where the population’s future is secure. Their dominance has to come from sincere measures for protecting the people. Otherwise, even though the Taliban may be on the run, they still evoke fear in people, which means they still dominate the population. Their message to the population is ‘If you collaborate with the US, we’ll come back and get you when they leave’.”“And that is the challenge here,” he goes on, “The Taliban have a natural advantage, in that, many of them come from the local population, speak the language, know their ways and know how to exploit these factors. The whipping of a girl is captured on a mobile phone and the video, when circulated creates terror. That is how they dominate the mainstream. By force.”The senior officer explains the counter for this, saying, “The US has to transmit an effective message that they are here to stay till the local population can defend itself. These messages need to be tailored very carefully for maximum impact, understanding and acceptance.”“Look at us. We have the right to claim that the best operational conduct in the world, both in terms of Counter Insurgency Operations (COIN Ops) as well as in terms of Information Operations. Nobody

Page 17

can deny that the people of Jammu and Kashmir know that we are here to stay. This message goes down especially well also because we have not been indiscriminate in the conduct of COIN Ops in Jammu and Kashmir. And it has taken us decades, but at least now it can be safely said that the majority of the population is neutral towards us. Now it is actually time to convince them and those across the border too of our strengths.”Table of Contents

10 Things You Didn't Know About CyberwarfareBy Carolyn Duffy Marsan, Network World, 06/08/2009NEW YORK CITY -- Imagine a situation where a powerful country wants to annex its small neighbor, so it launches a week-long campaign of cyberattacks aimed at disrupting the financial, energy, telecom and media systems of its neighbor's biggest ally. A week later, the aggressor launches a full-scale cyberwar on its neighbor that includes air and naval defenses. With its ally's defenses weakened, the neighbor agrees to become a province of the aggressor in less than a week.This scenario is not so far-fetched, according to several experts from the National Defense University who spoke at the Cyber Infrastructure Protection Conference held here last week.The panel discussion on cyberwarfare is timely given the Obama administration's push to raise awareness and federal spending on cybersecurity initiatives. The president issued a cybersecurity plan earlier this month that includes naming a new high-level cybersecurity coordinator who reports to both the National Security Council and the National Economic Council.President Obama has said it's clear that the cyberthreat is "one of the most serious economic and national security challenges we face as a nation. It's also clear that we're not as prepared as we should be, as a government, or as a country." Experts from the National Defense University, the premier academic institution providing professional education to U.S. military forces, say it is critical for the private sector to realize it will be a target of future cyberwarfare."Our adversaries are looking for our weaknesses," says Dan Kuehl, professor of information operations at the National Defense University. "We conduct military operations that are increasingly information dependent and becoming more so. We have a global society that is increasingly dependent on critical infrastructure, and those infrastructures are increasingly interconnected in a global economy."Kuehl points out that it's inexpensive for terrorists or hactivists to launch a cyberattack, but it's very expensive and difficult for a country such as the United States to defend its networks and systems against these threats."The weaker party may have a very important asymmetric advantage," Kuehl says. "And the first actor may have a very important advantage….Winning in the cyber realm may decide the course of the war."One example of how weaker parties have an advantage in cyberwarfare is the recent terrorist attacks in Mumbai. Stuart Starr, distinguished research fellow at the National Defense University, said the attackers used Google Earth and GPS technology to locate themselves with respect to everybody else."They took advantage of hundreds of billions of dollars of investment by buying low-end equipment," Starr said. "These guys are getting a phenomenal benefit from taking advantage of commercial investments."Based on conventional wisdom of these military experts, here is a list of 10 things you probably didn't know about cyberwarfare:1. You need to win the first battle.In conventional warfare, the country that wins the first battle doesn't necessarily win the war. Think Pearl Harbor. But with cyberwarfare, you need to win the first battle because there may not be a second. The enemy may have so wiped out your critical infrastructure through coordinated cyberattacks that you can't mount an effective defense and are forced to surrender.

Page 18

2. The first battle could be over in nanoseconds.Unlike Pearl Harbor, cyberattacks are stealthy. The enemy has already penetrated your networks, attacked your systems and stolen or manipulated your data before you realize that anything is wrong. Once you discover the cyberattack, you have to figure out who did it and why. Today, this type of computer forensics can take days or weeks. By then, you may have lost the war.3. Cyberwarfare may involve subtle, targeted attacks rather than brute force.Most people equate cyberwarfare with the massive denial-of-service (DoS) attacks that Russian activists aimed at Estonia in 2007. But cyberwarfare doesn't need to be waged on such a large scale. Instead of taking out the entire electric grid, a hacker could take out a substation that supports a particular air defense system. Much as we have precision-guided missiles in conventional warfare, we may have precision-guided cyberattacks.4. The enemy's goal may be to cause chaos rather than destruction.We tend to think about an enemy blowing up buildings or transportation systems during war. But the political objective of cyberwarfare may be to generate chaos among citizens rather than to destroy infrastructure. For example, what if an enemy launched a cyberattack against a country's financial systems and it appeared that everyone's money was gone from their banks? That kind of attack wouldn't require bombing any bank buildings to create chaos.5. Data manipulation -- rather than data theft or destruction -- is a serious threat.During the Persian Gulf War, a group of Dutch hackers allegedly penetrated dozens of U.S. military computer systems and offered to provide their help to Saddam Hussein. When the breaches were discovered, the military had to stop some deployments and verify that the data in their databases were accurate and hadn't been manipulated by the hackers. This incident demonstrates how misinformation inside hacked computers systems could harm a country's ability to respond to a cyberattack.6. Private networks will be targets.Most of our country's critical infrastructure -- energy, transportation, telecommunications and financial -- is privately owned. The companies that operate these networks need to understand that they are certain to be targeted in cyberwarfare, and they need to spend money accordingly to secure their networks, systems and data. This is one reason military experts recommend that operators of critical infrastructure engage with government officials and set up procedures and protocols before they are attacked.7. When private sector networks are hit, the Defense Department will assume control.There's a misconception that the owners and operators of critical infrastructure are responsible for cybersecurity. That perspective won't hold up in the face of cyberwarfare, experts predict. Just as the military is responsible for securing the airspace and ground around an electricity plant, so it is going to assume responsibility for the cybersecurity of that plant if a cyberattack should occur, they warn.8. Private networks might be used to launch a cyberattack.If companies don't properly secure their networks, their systems may be taken over by a botnet and used in a cyberwarfare incident. For example, two-thirds of the computers used to launch DoS attacks against Estonia were inside the United States although they were controlled by Russian hactivists, experts say. Typically, the machines used in a cyberattack are not owned by the attacker. Most companies don't realize they are vulnerable to having their network assets being used for cyberwarfare.9. Don't ignore the insider threat.One of the biggest vulnerabilities in networks is from insiders with legitimate access to computers and data. The same threat exists in cyberwarfare. One way this threat might occur is for the enemy to kidnap a family member of a network operator and then force the network operator to install malware. That's one reason government agencies and private companies running critical infrastructure need adequate security controls over their employees.10. Cyberwarfare is warfare.

Page 19

Looking at cyberwarfare as separate from traditional warfare is a mistake; it has to be tied to physical warfare, experts say. For example, an enemy might blow up a building on the ground that disables a satellite, which in turn disables Internet access. In a cyberwar, network attacks will likely be combined with physical attacks. So protecting against cyberwarfare needs to be considered as part of a broader military strategy.Table of Contents

Is Cryptology Dead?Blog from US Naval Institute, June 2009Annual commemorations of the victory at Midway have a special significance for Navy cryptologists. Also called SIGINTers, these intelligence professionals recall Midway as the battle which brought cryptology and Communications Intelligence to the fore.Thanks to then-Commander Joe Rochefort and his Sailors, the Navy knew with great certainty – even if many didn’t necessarily believe it – where the Japanese were going to attack.  Two simple letters, AF, proved that the Imperial Japanese Navy target was Midway.  Trusting in a still new art and science, Admiral Chester Nimitz committed his forces and defeated the Japanese.  A defeat from which they would never recover…a defeat that set the stage for victory in the Pacific.Recently, however, decades of cryptologic history and success, not to mention continuing operational significance, have been ignored.  The tide changed in October 2005 when the Naval Security Group merged with Naval Network Warfare Command.  At that time, NETWARCOM became responsible for all things SIGINT in the Navy, and the discipline has been largely ignored ever since.The final nail in the coffin of cryptology and signals intelligence might not have been hammered home, but rational change is needed if these disciplines are to be saved.  They remain vital to our national security and they deserve our attention. In August 2008, a widely distributed NETWARCOM Command Renaming Communications Plan provided details about the intended renaming of Naval Network Warfare Command (NETWARCOM) as Naval Cyber Forces Command (CYBERFORCOM).  (The document appears to have a typo in the date, as it is dated 6/4/2009 vice 2008.)  A NETWARCOM junior officer later described this as the “fake email” but corrected himself and said it was not supposed to be released, at least not when it was. Regardless of how it was released, or whether or not the plan ever comes to fruition (and it did not as scheduled by October 2008), the consideration of renaming as Cyber Forces Command is shortsighted and demonstrates a lack of emphasis on traditional intelligence capabilities.Operations in the cyber domain are expanding and are important factors in information warfare and effects-based operations; but cyber is by no means the be all and end all of information operations and intelligence.  Adversaries, potential adversaries, and allies still use traditional communications which are the historical niche of Navy cryptologists.  Moreover, disruption of electronic communications during combat may necessitate shifting existing cyber communications back to traditional modes.  We ignore these factors at our own risk.Successful intelligence operations continue in the SIGINT realm, and more specifically in Communications Intelligence.  If the renaming communications plan is any indicator, NETWARCOM has all but forgotten the art and science of COMINT.  Save for one passing reference to past Cryptologic Officers now comprising the Information Warfare Officer community, there is NO MENTION of SIGINT or COMINT in the entire 13-page document.The overemphasis on cyber is even more troubling considering NETWARCOM’s role as the Type Commander for Intelligence.  Traditional Naval Intelligence tasks are being similarly ignored by renaming the command CYBERFORCOM.  The NETWARCOM communications plan listed CYBERFORCOM’s role as the “Fleet advocate for all ISR capabilities and ISR readiness.”  This command might be capable of being an advocate for fleet ISR to external audiences, but they don’t appear as such to their internal audiences whose expertise is not cyber space.  A considering the naming scheme excludes all but cyber, it’s difficult to believe the other disciplines will be adequately represented.

Page 20

One justification included in the plan was that NETWARCOM “is leading the way in cyberspace.”  I hope and believe that is in fact true, but the command should similarly state leadership in all other forms of intelligence, including the various SIGINT disciplines.  If they are leading the way for all disciplines, there should not be so much emphasis on just one.NETWARCOM’s overemphasis on creating a new identity by distancing the command from historical organizations actually dilutes the identity of the command itself.  All forms of intelligence share a common goal – information superiority regardless of the spectrum.  Did NETWARCOM leadership consider alternatives?  How about Navy Information Command?  That name recognizes our goals for information superiority regardless of the information source while not ignoring the need to command the cyber domain.  You can call it whatever you want, but careful consideration of internal customer reaction is warranted.  True cyber specialists make up a very small percentage of NETWARCOM.  Even a well-crafted communications plan may not overcome Sailors’ perception of their ‘new’ command and its lack of recognition of their skill sets.Information professionals deliver significant capabilities – before, during, and after the fight.  Navy and IW leadership recognize these contributions, yet IW officers still do not have the status they deserve.  In spite of the legal hurdles, it’s time to change the Information Warfare Officer designation from Special Duty Officer to Unrestricted Line.  Their weapons may be non-kinetic, but they are shooters nonetheless and the capabilities they unleash damage, disrupt, and deny adversaries the use of military capabilities much like kinetic weapons.Cryptology isn’t dead, but it’s being treated as if it was, and more than a name change is needed to resurrect it.  Naval Network Warfare Command, as the information warfare combatant commander under any name, needs to emphasize the contributions of all of its Sailors in all intelligence disciplines and have an Information Warfare Officer with a blue three-star flag in charge.Table of Contents

Page 21