Pointing to several recent high-profile events, media reports suggest that Russia is engaging in activities that some may describe as Information Warfare (IW): the range of military and government operations to protect and exploit the information environment. These alleged events include "hacks" of servers of U.S. political parties and other groups; releases and possible manipulation of sensitive documents in an attempt to influence the upcoming U.S. presidential election; and the manipulation of publicly available information on Russian activities in Ukraine. The scale and frequency of attacks on U.S. information architecture raise issues for the United States, including whether the Department of Defense adequately conceptualizes and is organized to counter IW.
Russian doctrine typically refers to a holistic concept of "information war," which is used to accomplish two primary aims:
Tactics used to accomplish these goals include damaging information systems and critical infrastructure; subverting political, economic, and social systems; instigating "massive psychological manipulation of the population to destabilize the society and state"; and coercing targets to make decisions counter to their interests. Recent events suggest that Russia may be employing a mix of propaganda, misinformation, and deliberately misleading or corrupted disinformation in order to do so. And while Russian organizations appear to be using cyberspace as a primary medium through which these goals are achieved, the government also appears to potentially be using the physical realm to conduct more traditional influence operations including denying the deployment of troops in conflict areas and the use of online "troll armies" to propagate pro-Russian rhetoric.
Collection and analysis of information is routinely conducted by intelligence agencies of other countries. Yet to many scholars and practitioners, recent events appear to have transitioned from routine activities to more aggressive operations. These events include:
The Department of Defense conceptualization of IW has evolved along with changing definitions for related concepts and capabilities. IW currently has no formal definition in DOD doctrine, but is commonly understood as the process of protecting one's own sources of battlefield information while seeking to deny, degrade, corrupt, or destroy those of an adversary. The means through which this may be accomplished are known as Information Operations (IO). IO takes place within the information environment, which consists of individuals, organizations, and systems that collect, process, disseminate, or act on information. Related dimensions include the physical, including command and control systems; informational, where information is stored, disseminated, and protected; and cognitive, which encompasses the minds of those who use information. An information-related capability is a tool, technique, or activity that can be used within the information environment to create effects and operationally desirable conditions.
Following the evolution in conceptualization and definitions, organizational constructs and components related to IO have also been restructured. Until recently, IO was divided into five subsets: computer network operations, psychological operations, electronic warfare, military deception, and operation security. With the growing prevalence of large-scale, seemingly state-sponsored cyber attacks and with the creation of the U.S. Cyber Command, cyberspace operations, including offensive and defensive, were separated from information operations doctrine. IO is now defined as the integrated employment, during military operations, of information-related capabilities in concert with other lines of operation to influence, disrupt, corrupt, or usurp the decisionmaking of adversaries and potential adversaries while protecting our own.
Cyberspace, as a global domain within the information environment, is considered to be a battlefield through which some information-related capabilities may be deployed. While joint publications note the relationship between cyberspace operations and information operations, the structures supporting each set of capabilities are bifurcated. Additionally, cyberspace operations tend to focus on computer network attacks rather than the cognitive and strategic effects of information. As such, Congress may explore whether current organizational and doctrinal constructs support the full integration of these capabilities to maximize their effects, and whether ongoing conceptual confusion has inhibited DOD's ability to respond to IW challenges. Another consideration may be the efficacy of IW as a military function or a whole-of-government responsibility.