Infocon Magazine Issue One,
Information Operations Interview with Professor Dan Kuehl, London,
Wanja Eric Naef
opinions expressed in this document are those of the interviewee.
They do not reflect the official position of the US Government,
the Department of Defense, or the National Defense University
Dr. Dan Kuehl is Professor of Systems Management at the Information
Operations and Assurance Department, Information Resources Management
College, of the National Defense University in Ft. McNair, Virginia
is the author of ‘What is Information Warfare’ and
teaches the largest Information Operations course within
the US Department of Defense.
1. How would you define Information Operations & Information
Dan Kuehl: The American Department of Defense
has had a definition of Information Operations and Information
Warfare for several years and as you would expect it
is constantly under revision--which is the nature of
doctrine. I think of it with a somewhat different perspective.
I like to define IW and IO in terms of the environment
in which those operations are conducted, which is the
information environment. So I like to characterize Information
Operations from a military perspective – the things
that the military does offensively and defensively particularly
in conflict situations in warfare operationally to use
leverage and control the military information environment.
The reason why I think that it is a useful definition
is that that it is very close to the way we would look
at air operations & warfare, naval operations & warfare,
the use of the air, the use of the sea.
IW is a small subset of a larger thing called Information
Operations that in my lexicon includes not only the military,
but it also includes the government and certainly from
the information protection standpoint, Information Assurance,
it includes parts of the private sector as well. It is
conducted not only in crisis, conflict and warfare in the
operational sense, but is done all the time. I will give
you an example of that, Radio Free Europe which featured
the use by the US government of the information environment—radio--
during peace time, not during war time, and sought strategic
objectives that served national security and national strategy
objectives. That is the way I like to approach IW and IO.
DOD is evolving towards a new perspective on IO that focuses
more narrowly on the purely military aspects of IO. This new
definition will emphasize the five “core capabilities” of
IO—Psyops, Military Deception, Operational Security, Electronic
Warfare, and Computer Network Operations—to affect adversarial
human and automated decision making. Where this will leave such
key aspects as influence or information assurance is unknown, but
this is the direction in which the DOD is heading.
2. What is the ultimate objective & target of such operations?
Is it more the human decision maker or computer systems?
Kuehl: The ultimate objective must be focused on the human. It
might be a decision maker, but it might also be 5 million inhabitants
of a country. Radio Free Europe for example was not focused specifically
on any decision maker; it was focused on the populations that lived
behind the Iron Curtain and tried to influence those populations
which then in turn have an effect in the long term on a whole series
of decision makers. That is one of my concerns. The way NATO, the
MoD and the evolving US perspective on IO is going, is that the
focus on the decision maker is a bit too narrow, maybe even the
ultimate decision maker is a bit too narrow, but surely the ultimate
objective is on human beings. You are influencing. You are doing
things to hardware and software networks as a means of influencing
Q: 3. But would you still say that decision superiority is the
ultimate aim of IO?
Kuehl: Decision Superiority might be the ultimate aim for the
military perspective of IW and IO. Perhaps in a larger sense when
you are talking about influencing populations. For example the
Information Operation campaign being waged globally right now as
part of the global war against terrorism. I do not know whether
you can say that the objective there is decision superiority as
we are trying to influence people around the world to see the perspective
of the United States and our allies in this war against terrorism.
That is not decision superiority, but rather is focused on a more
Q: 4. When would you say the first state and sub-state group conducted
Kuehl: I do not know whether you can pull out an answer to that.
I could start giving you examples from history and I am not sure
where I would stop. My favourite example of Strategic Information
Warfare was on the 5th of August 1914 which is when the Royal
cable ship Telconia sailed into the North Sea about 36 hours
into World War I, pulled up all five of the underwater telegraph
cables that came out of Bremen in Germany, cut the cables and
took the ends back to the UK which thus isolated Germany from
what was in 1914 the strategic command and control medium of
that era – undersea intercontinental telegraph cables.
That is long before the computer era.
let’s go back to about 600 BC when the Assyrians who
lived in that region of the world which we now call the Middle
East. I have an image in my mind of a carving I saw once of an
Assyrian King on the side of a mountain and at his feet with heaped
up skulls from his enemies. Why did they do that? To influence
us in the Year 2002 of how bad the Assyrians were? No, they were
trying to influence their contemporaries to think ‘don’t
mess with the Assyrians or you will lose your head’. That
was an Information Operation using stone carvings on a mountain.
So I cannot tell you the “first” example, but I can
go back 2000+ years and give you an example!
Q: 5. So would you say that IO always existed and nowadays it became
more important as we are highly dependent on information systems
and as we have news tools such as CNO (Computer Network Operations)
and so on??
Kuehl: That is a very appropriate way to portray my opinion--that
Information Operations has always been around, but what has changed
over the several centuries are the technologies that are available
to employ IO. And of course those technologies have just exploded
at the end of the 20th century.
Q: 6. Can a kinetic attack be an Information Operation?
Kuehl: Yes, because I do not only include the means used when looking
at Information Operations. I also look at what is the effect
that you are trying to generate as we move in this era of effect-based
operations. On the first night of Desert Storm when I was a Gulf
War air campaign planner, we destroyed what we called the ‘Baghdad
AT&T Building’ with a two thousand pound laser guided
bomb. Why did we do that? We did it to create an information effect.
We did it to sever the Iraqi strategic C3 links. We got something
kinetic to cause an information effect or in the future we might
do something informational, i.e. a computer network attack that
generates a kinetic effect.
Q: 7. What is the threshold level for using IO, especially CNO?
And what is your opinion about the argument made by some military
officers who say that we can use CNO many times as it really cheap?
Is that a bit short-sighted?
Kuehl: It may be a bit short-sighted in some ways. It may well be that
you develop a two thousand pound laser guided bomb and
yes you can use that technology over and over again to destroy
different things whether it is in Kosovo or in Iraq or some place
else. But if you develop a piece of computer software that will
get inside that particular computer system to negate it, that might
have a one time use capability, because the victim says “oh
well I won’t let that happen again”. And so CNO in
a very large sense is reusable over and over again, but the details
of any specific piece of that might be a one-time deal.
Q: 8. So you say that the threshold level to employ CNO would be
quite high as you lose the element of surprise, counterintelligence
and so on?
Kuehl: Yes and those pieces of CNO are also the same you would
find in any military operation. That is why I offered you the observation
that Intelligence is not the same as IW and IO. But it is absolutely
necessary, just as it is absolutely necessary to Air Warfare, Economic
Warfare, or any other kind of warfare.
Q: 9. Are contemporary notions of strategy sufficient to understand
Information Operations and Information Warfare?
Kuehl: They are as valid as long as you take the new capabilities
and the new battle space into account. I teach strategy at our
War College in Washington and the framework we have for developing
strategy and evaluating strategic questions is certainly valid.
But if you do not ask the IO or information questions that now
need to be included in that strategy then you have done an incomplete
job of analysis and you may have developed an ineffective strategy.
Q: 10. Doctrine is always playing catch up with technology. Do
you think the US DOD will have an IO doctrine that will enable
it to conduct IO?
Kuehl: One question that is often raised is whether or not the
constant revision of terminology, the constant flux that it is
in, is a sign of IO’s immaturity. Maybe, but the example
I always use is: “give me a room of air force officers
from all the air forces of the world and let me ask them what
strategic air power is, and now I have just started an argument
because there is no agreement on that despite the fact that we
have been doing it for nearly 100 years.” So the fact that
the terminology of IO is in a nearly constant revision does not
surprise me at all. It would surprise me and disappoint me if
it were not so, because we are still learning about it. Two of
the four American services have published doctrines on this,
the Army and the Air Force. The Marines are in the process of
developing doctrine for this. That is what you would expect.
The fact that those doctrines are different, that they reflect
the Air Force or Army perspective on war fighting or from the
joint perspective and they have an organizational or procedural
emphasis to it, I think that is what you would expect. I think
the doctrinal process is coming along where it should be.
Q: 11. In comparison to air strategy are we with IO more at the
time of Douhet and Trenchard than at the time of the Gulf War
Kuehl: I am retired from the Air Force and used to write air power doctrine.
We formed concepts and theories for the military use
of air power in the twenties and thirties. We put it to the test
in the nineteen forties, some parts of it were right on the money,
and some parts of it needed revision. We did that. We came to the
Persian Gulf War where we had air power doctrine that we used and
then revised it in light of the experience. That is the nature
of doctrine, that you develop theories of how you are going to
conduct operations, you develop technology that you use and then
you gain experience from the use of that technology and the use
of those concepts and then you change them! That is a normal part
of the doctrinal process. I’ve often used the analogy of
the airpower theorists such as Hugh Trenchard or Billy Mitchell,
who wrote about airpower in the 1920s when we were still flying
fabric-covered open-cockpit biplanes. They knew that airpower would
be a powerful, perhaps even decisive, force in the next war, and
it was, even though not all of their theories worked as predicted.
That’s where we may be with IO right now…it is already
a powerful element of warfare and for national security, even though
we are learning as we go along.
Q: 12. Once the doctrine is fully available do you think it will
be fully understood and implemented by senior military staff
Kuehl: It depends what you mean by fully. The military is by nature
a conservative entity. It tends to rely on the tried and true
that seems to have the authority of experience and of “we
have done this before and it worked.” We tend to be a little
standoffish when it comes to being theoretical, visionary and pushing
ahead. Frankly, if you base a war plan around an untested concept
or technology and it does not work you are in deep trouble. On
the other hand, and this where I think we come up a bit short,
is if you do not take advantage of new concepts, new technologies
and new doctrines and factor them into in how you are going to
operate you may find yourself at the mercy of those who have done
a better job at analyzing. The classic example of that is probably
mobile armour warfare, May 1940. Both sides had the same technologies,
but one side had done a better job of thinking through the potentials,
the capabilities, and the other side did not. And so the Germans
Q: 13. You mention that intelligence is very important for IO.
Do you think US intelligence agencies need to change in order to
support such operations?
Kuehl: On a larger scale the American intelligence network is
undergoing a fairly intense self-examination and examination
from outside as well in terms of how it links together and does
things. We are big and we have a plethora of intelligence organisations.
The key question: first of all how do you link them together?
The technology to do that is easier than the human part of it.
There are turf issues involved. There are legal issues involved.
For example, the FBI can gather information on an American citizen
as part of a criminal investigation. If the NSA does this it
becomes intelligence gathering and someone will go to jail for
So we have legal impediments within our system to do some of these
things. It probably hinders a lot of things. Probably IO more so
than naval warfare, but that is one of the prices you pay for having
the democratic system. I mean nobody said democracy was clean and
efficient and neat. There is a lot of friction and grey areas,
but that is the price you pay for a system that has lots of checks
and balances built into it.
Q: 14. How can deterrence work in E-Space?
Kuehl: It depends first upon who you are trying to deter. Deterrence
at its nature is about fear. It is about “I am fearful of
doing this because if I do it bad things are going to happen back
to me.” If the hacker community gets convinced that anyone
that eventually breaks into a DOD system will be arrested, prosecuted
and sent to jail there will be a deterrent effect there. Obviously,
this does not happen, but that is an example of how it can work.
So deterrence can be small ‘d’ against individuals
to not commit criminal acts. Deterrence can be capital ‘D’ against
nation states not to do things. The question has often been asked
about infrastructure attacks, why have we not seen them happen
yet? And my answer to that is that from a nation-state level, no
nation state has yet seen sufficient strategic advantage to do
something to a national infrastructure to outweigh the price of
when they find out about it they are going to “whack me.” That
is an example of big ‘D’ deterrence.
As we said in our National Security Strategy in 1999, the fact
that you use an electronic means to harm an infrastructure element
does not mean that we will not use a 2000 pound laser guided bomb
to come back and tell you that we are upset about this. So there
are cross-border means of doing things here both electronic E-Space
as well kinetic.
Q: 15. In the new US Security Strategy IO is only mentioned once.
What is the significance of this?
Kuehl: I have read the new US Security Strategy. It is from the
information perspective very interesting. There is only one reference
to Information Operations, which I think, is a step backwards
from its predecessor. Only one mention in there of Infrastructure
Protection, which I think is a tremendous step backwards from
its predecessor, and only three references to Public Diplomacy/public
information. What you are seeing there is perhaps the reaction
to September 11. What’s missing, in my opinion, is a sense
of the power and synergy of information as an element of national
power, and I hope this omission is rectified in the next such
National Security Strategy.
Q: 16. Can IO fulfil the Just War criteria and withstand any legal
challenges if deployed?
Kuehl: I teach a course on the law of war and Just War. There
are two important and distinct pieces of this. There is jus ad
bellum which is just war the reasons for going to war. And there
is jus in bello, justice in war, which focuses on the conduct
of operations. You can have (and I am being critical of American
history here) a war that is fought completely in accordance of
the norms of practice, as in the case of the Mexican War in the
1840S. It fairly clearly was outside the bounds of just war in
why we waged that war – “I want that territory,” a
war for territory -- that does not measure up in the criteria
of just war theory. Or you can have a conflict that is being
waged completely in accordance with just war theory in terms
of the causation, to overcome oppression, to free a conquered
country, but is waged outside of the rules of warfare. You have
to look at the ways that the conflict is waged from the standpoint
of justice in war. I am not sure that anything about IO or Cyberwar
would fall under the first part of this discussion in terms of
the reason for causation--or maybe it would. Clearly if the other
country’s army invades my country that is a just cause
for going to war with them. If they conduct Computer Network
Attack against my infrastructures, however, is that a just cause
for going to war? The answer is that we do not know yet and we
are still trying to figure that out. From the perspective from
the UN charter, articles 2(4), 38, 39, armed force, armed attack,
armed regression, I am not sure that any of these things about
infrastructure attack measure up to that language, even though
the effects may well match the effects of kinetic actions.
From the second half of the equation and the second question, “what
are the means used,” we are having a difficulty right now
from a legal standpoint of “can we employ a Computer Network
Attack against the site X?” How can do that? And that is
a legal issue we are still trying to work our way through. It
would seem to me from a justice in war perspective, if I can
negate the other sides military network or some other kind of
network and not run the risk of “oh the two thousand pound
laser guided bomb went dumb and hit the apartment complex” that
would seem to me to be an improvement. That would seem to me
to be a potential way maybe to lessen casualties. The short answer
to the question to which I have just given a long answer to is
you are going to have to go through the same kind analysis for
computer operations that you have to go through for kinetic operations.
Q: 17. Is Strategic Command the right command for CNO or should
the US military create a new military service for IO like the
Kuehl: This is a question I ask my students. An answer I propose,
I am not saying it is the answer, is if you look at warfare in
the past one hundred years--a hundred years ago we had two main
services: There was an army, “you do things on land.” There
was a navy, “you do things on the water.” And then
they invented the air plane and that was a big problem because
now we were using a new technology to exploit a new physical environment,
the air that impacted and overlapped both land and sea. The answer
to that conundrum between 1920 and 1945 to 1950 was in most militaries
in the world to create a separate organisational entity called
the air force. So the army operates on land, navy on the sea, air
force in the air. There have been several Chief of Staffs of the
United States’ Air Force including a very recent one, General
Mike Ryan, offered the opinion that sometime in the future it may
be necessary to create a separate organisational entity for outer
space. If we are willing to buy the logic I just laid out-- army
- land, navy - sea, air force - air, federation - outer space!--
It might well be useful to create an organisational entity whose
mission it is to operate in the fifth dimension in cyberspace,
in the infosphere. My answer to that is yes, but I do not know
when or if that will ever happen.
Q: 18. Imagine there would be an IO command. Would the IO command
be a supported or supporting command?
Kuehl: It could be both. It could be lending assistance to some
other entity or it might be the primary means itself.
Q: 19. Do you think the military is capable of understanding the
full potential of IO as it requires an understanding of the complex
interdependence and synergies of information systems and critical
and no. The military has the same difficulties that the civil
sector has in seeing how both sides work together. For
example of 90% of the DOD’s communications travel over civilian
owned and operated information systems. That makes us partners.
But we, the military, except for small pockets do not understand
that. The private sector, except for small pockets, does not understand
that. Neither side, public nor private sector, fully understands
that paradigm. Having said that I think the military as a whole
probably better than the private sector understands the totality
of the interface between the public and private in this area.
Q: 20. Do you think there can be a virtual centre of gravity?
Kuehl: There can most definitely be a virtual centre of gravity.
In fact from the information standpoint going back to one of your
opening questions, if the key target is a human thing then your
key centre of gravity is almost certainly going to be virtual.
Q: 21. How has the fog of war changed with information technology
and information operations?
fog of war and friction have not gone away. They have changed.
Clausewitz would not have understood the terms “data
smog” or “information overload” whilst we are
intimately familiar with these terms as we wage it on ourselves
every single day. That is a new form of fog and friction. Now the
argument that technologies from the information revolution make
fog and friction go away is in my opinion ludicrous. But what may
very well happen is that if we can reduce ours and increase theirs
that differential will be a war winning advantage for us. That
is a possibility which I believe we just saw in action in Iraq.
Q: 22. Other nations also doing research on IO. Do you think most
of these nations will focus on Influence Operations as the technological
part of IO is difficult to master?
Kuehl: Focus on perhaps, but not focus on to the exclusion of anything
else, because when you live in a computer dependent world
in which the expertise to do things is not solely held by the military
the opportunity is there for someone to literally hire capability.
We may see the return-- or in fact I am going to argue that we
already did-- of the mercenary. I call them ‘cybermercenaries”,
for example the Dutch hackers in 1991. If Saddam Hussein had accepted
their offer to help him for pay that is what they would have been.
We have seen several examples of peoples in the past decade doing
things of that nature. You may well find a situation in the near
future where a nation state or a political entity goes and hires
their IO capability.
Q: 23. Do you think Joint Information Operations are difficult
to achieve and coordinate?
Kuehl: It is difficult to coordinate but it is very doable. We did it
in Kosovo and we are doing it in Afghanistan, and we saw
it in Iraq as well. But it is not easy to coordinate, especially
when you are speaking about more than just the strictly narrowly
military piece of how do I coordinate PsyOps and EW into a theatre
plan. When you are trying to coordinate State Department and other
entities and even some coalition or allied entities…how do
you bring all those together? That is not very easy to do.
Q: 24. Where do you see the future of Information Operations?
Kuehl: I see it not as a replacement for existing military operations.
I see it as something which can stand along side of them in its
own distinct and unique sense, and changes how all of them are
conducted to exploit the relationships and synergies among them.
Q: 25. Do you think in future conflicts will we see more IO activities?
Kuehl: I have said publicly that in my opinion the next time we
see a major international conflict between two somewhat technologically
advanced countries, and I do not mean the coalition versus Afghanistan,
but maybe countries such as India and Pakistan, in my opinion you
are going to see cyberattacks and cyberactivities going along side
of the physical activities.
The Interview was conducted as part of an IWS research project
on IO Computer Network Attacks.
IWS welcomes suggestions
regarding site content and usability. Please use our contact
form to submit your comments.
30 December, 2007
by Wanja Eric Naef
IWS Copyright © 2000 - 2008