Information operations

Overview


Information operations (IO) refers to the integrated employment of the core capabilities of electronic warfare, computer network operations, psychological operations, military deception, and operations security, in concert with specified supporting and related capabilities, to influence, disrupt, corrupt or usurp adversarial human and automated decision making while protecting our own.

IO comprise those actions taken to gain, exploit, defend, or attack information and information systems and include both information-in-warfare and information warfare and are conducted throughout all phases of an operation and across the range of military operations. IO capitalize on the growing sophistication, connectivity, and reliance on information technology. IO target information or information systems to affect the information-based process, whether human or automated.

Capabilities supporting IO include information assurance (IA), physical security, physical attack, counterintelligence, and combat camera. These are either directly or indirectly involved in the information environment and contribute to effective IO.

IO apply across all phases of an operation, the range of military operations, and at every level of war. They are a critical factor in the joint force commander’s (JFC) capability to achieve and sustain information superiority. Many different capabilities and activities must be integrated to achieve a coherent IO strategy. Intelligence and communications support are critical to conducting offensive and defensive IO. The thoughtful design and correct operation of information systems are fundamental to the overall conduct of IO. Additionally, to achieve success, IO must be integrated with other operations (air, land, sea, space, and special) and contribute to national and military objectives.



Offensive information operations
Offensive IO involve the integrated use of assigned and supporting capabilities and activities, mutually supported by intelligence, to affect adversary decision makers and achieve or promote specific objectives. These assigned and supporting capabilities and activities include, but are not limited to, operations security (OPSEC), military deception, psychological operations, electronic warfare (EW), physical attack/destruction, and special information operations (SIO), and may include a computer network attack.

Offensive IO may be conducted in a variety of situations and circumstances across the range of military operations and may have their greatest impact in peace and the initial stages of a crisis. Beyond the threshold of crisis, offensive IO can be a critical force enabler for the JFC. Offensive IO may be conducted at all levels of war &mdash; strategic, operational, and tactical &mdash; throughout the battlespace.

Offensive IO training should include integration of all available and potentially available offensive IO capabilities, to encompass multinational and other DOD and non-DOD offensive capabilities, as well as individual and organizational training. It should also focus on offensive IO training as the main effort and as a supporting function.

Defensive information operations
Defensive IO integrate and coordinate policies and procedures, operations, personnel, and technology to protect and defend information and information systems. Defensive IO are conducted through information assurance, OPSEC, physical security, counterdeception, counterpropaganda, counterintelligence, EW, and SIO. Defensive IO ensure timely, accurate, and relevant information access while denying adversaries the opportunity to exploit friendly information and information systems for their own purposes. Offensive IO also can support defensive IO.

Defensive IO ensure the necessary protection and defense of information and information systems upon which joint forces depend to conduct operations and achieve objectives.

Four interrelated processes support defensive IO: information environment protection, attack detection, capability restoration, and attack response. Because they are so interrelated, full integration of the offensive and defensive components of IO is essential. JFCs and their subordinate commanders should plan, exercise, and employ available IO capabilities and activities to support integrated defensive IO.

Defensive IO training should consist of the integration of all available defensive capabilities, to include commercial and other DOD and non-DOD defensive IO capabilities, and encompassing both individual and organizational training. Defensive IO training should build upon the routine peacetime information and information systems protection and defense procedures used throughout the Department of Defense and other U.S. Government and commercial activities.



Legal and policy issues
IO may involve complex legal and policy issues requiring careful review and national-level coordination and approval.


 * IO planners must understand the different legal limitations that may be placed on IO in peacetime, crisis, and conflict (to include war). Legal analysis of intended wartime targets requires traditional Law of War analysis.
 * IO planners at all levels should consider the following broad areas: (1) domestic and international criminal and civil laws affecting national security, privacy, and information exchange. (2) international treaties and agreements and customary international law, as applied to IO. (3) structure and relationships among U.S. intelligence organizations and general interagency relationships, including nongovernmental organizations.
 * Geographic combatant commanders should ensure that IO are considered in the development of their theater strategies and campaign plans.

Additional legal considerations include:


 * The legal aspects of transitioning from defensive to concurrent offensive operations.
 * Special protection for international civil aviation, international banking, and cultural or historical property.
 * Actions that are expressly prohibited by international law or convention. Examples include, but are not limited to: (1) destruction resulting from space-based attack (International Liability for Damage Caused by Space Objects); (2) violation of a country’s neutrality by an attack launched from a neutral nation (Hague Convention V); and (3) PSYOP broadcasts from the sea, which may constitute unauthorized broadcasting (U.N. Convention on Law of the Sea).