Infocon Magazine Issue One, October 2003

Information Operations Interview with Professor Dan Kuehl, London, July 2003

Interviewer: Wanja Eric Naef


The opinions expressed in this document are those of the interviewee. They do not reflect the official position of the US Government, the Department of Defense, or the National Defense University

Dr. Dan Kuehl is Professor of Systems Management at the Information Operations and Assurance Department, Information Resources Management College, of the National Defense University in Ft. McNair, Virginia

He is the author of ‘What is Information Warfare’ and teaches the largest Information Operations course within the US Department of Defense.


Q: 1. How would you define Information Operations & Information Warfare?

Professor Dan Kuehl: The American Department of Defense has had a definition of Information Operations and Information Warfare for several years and as you would expect it is constantly under revision--which is the nature of doctrine. I think of it with a somewhat different perspective. I like to define IW and IO in terms of the environment in which those operations are conducted, which is the information environment. So I like to characterize Information Operations from a military perspective – the things that the military does offensively and defensively particularly in conflict situations in warfare operationally to use leverage and control the military information environment. The reason why I think that it is a useful definition is that that it is very close to the way we would look at air operations & warfare, naval operations & warfare, the use of the air, the use of the sea.

Now, IW is a small subset of a larger thing called Information Operations that in my lexicon includes not only the military, but it also includes the government and certainly from the information protection standpoint, Information Assurance, it includes parts of the private sector as well. It is conducted not only in crisis, conflict and warfare in the operational sense, but is done all the time. I will give you an example of that, Radio Free Europe which featured the use by the US government of the information environment—radio-- during peace time, not during war time, and sought strategic objectives that served national security and national strategy objectives. That is the way I like to approach IW and IO.

The DOD is evolving towards a new perspective on IO that focuses much more narrowly on the purely military aspects of IO. This new definition will emphasize the five “core capabilities” of IO—Psyops, Military Deception, Operational Security, Electronic Warfare, and Computer Network Operations—to affect adversarial human and automated decision making. Where this will leave such key aspects as influence or information assurance is unknown, but this is the direction in which the DOD is heading.

Q: 2. What is the ultimate objective & target of such operations? Is it more the human decision maker or computer systems?

Kuehl: The ultimate objective must be focused on the human. It might be a decision maker, but it might also be 5 million inhabitants of a country. Radio Free Europe for example was not focused specifically on any decision maker; it was focused on the populations that lived behind the Iron Curtain and tried to influence those populations which then in turn have an effect in the long term on a whole series of decision makers. That is one of my concerns. The way NATO, the MoD and the evolving US perspective on IO is going, is that the focus on the decision maker is a bit too narrow, maybe even the ultimate decision maker is a bit too narrow, but surely the ultimate objective is on human beings. You are influencing. You are doing things to hardware and software networks as a means of influencing humans.

Q: 3. But would you still say that decision superiority is the ultimate aim of IO?

Kuehl: Decision Superiority might be the ultimate aim for the military perspective of IW and IO. Perhaps in a larger sense when you are talking about influencing populations. For example the Information Operation campaign being waged globally right now as part of the global war against terrorism. I do not know whether you can say that the objective there is decision superiority as we are trying to influence people around the world to see the perspective of the United States and our allies in this war against terrorism. That is not decision superiority, but rather is focused on a more cultural impact.

Q: 4. When would you say the first state and sub-state group conducted Information Operations?

Kuehl: I do not know whether you can pull out an answer to that. I could start giving you examples from history and I am not sure where I would stop. My favourite example of Strategic Information Warfare was on the 5th of August 1914 which is when the Royal cable ship Telconia sailed into the North Sea about 36 hours into World War I, pulled up all five of the underwater telegraph cables that came out of Bremen in Germany, cut the cables and took the ends back to the UK which thus isolated Germany from what was in 1914 the strategic command and control medium of that era – undersea intercontinental telegraph cables. That is long before the computer era.

Or let’s go back to about 600 BC when the Assyrians who lived in that region of the world which we now call the Middle East. I have an image in my mind of a carving I saw once of an Assyrian King on the side of a mountain and at his feet with heaped up skulls from his enemies. Why did they do that? To influence us in the Year 2002 of how bad the Assyrians were? No, they were trying to influence their contemporaries to think ‘don’t mess with the Assyrians or you will lose your head’. That was an Information Operation using stone carvings on a mountain. So I cannot tell you the “first” example, but I can go back 2000+ years and give you an example!

Q: 5. So would you say that IO always existed and nowadays it became more important as we are highly dependent on information systems and as we have news tools such as CNO (Computer Network Operations) and so on??

Kuehl: That is a very appropriate way to portray my opinion--that Information Operations has always been around, but what has changed over the several centuries are the technologies that are available to employ IO. And of course those technologies have just exploded at the end of the 20th century.

Q: 6. Can a kinetic attack be an Information Operation?

Kuehl: Yes, because I do not only include the means used when looking at Information Operations. I also look at what is the effect that you are trying to generate as we move in this era of effect-based operations. On the first night of Desert Storm when I was a Gulf War air campaign planner, we destroyed what we called the ‘Baghdad AT&T Building’ with a two thousand pound laser guided bomb. Why did we do that? We did it to create an information effect. We did it to sever the Iraqi strategic C3 links. We got something kinetic to cause an information effect or in the future we might do something informational, i.e. a computer network attack that generates a kinetic effect.

Q: 7. What is the threshold level for using IO, especially CNO? And what is your opinion about the argument made by some military officers who say that we can use CNO many times as it really cheap? Is that a bit short-sighted?

Kuehl: It may be a bit short-sighted in some ways. It may well be that you develop a two thousand pound laser guided bomb and yes you can use that technology over and over again to destroy different things whether it is in Kosovo or in Iraq or some place else. But if you develop a piece of computer software that will get inside that particular computer system to negate it, that might have a one time use capability, because the victim says “oh well I won’t let that happen again”. And so CNO in a very large sense is reusable over and over again, but the details of any specific piece of that might be a one-time deal.

Q: 8. So you say that the threshold level to employ CNO would be quite high as you lose the element of surprise, counterintelligence and so on?

Kuehl: Yes and those pieces of CNO are also the same you would find in any military operation. That is why I offered you the observation that Intelligence is not the same as IW and IO. But it is absolutely necessary, just as it is absolutely necessary to Air Warfare, Economic Warfare, or any other kind of warfare.

Q: 9. Are contemporary notions of strategy sufficient to understand Information Operations and Information Warfare?

Kuehl: They are as valid as long as you take the new capabilities and the new battle space into account. I teach strategy at our War College in Washington and the framework we have for developing strategy and evaluating strategic questions is certainly valid. But if you do not ask the IO or information questions that now need to be included in that strategy then you have done an incomplete job of analysis and you may have developed an ineffective strategy.

Q: 10. Doctrine is always playing catch up with technology. Do you think the US DOD will have an IO doctrine that will enable it to conduct IO?

Kuehl: One question that is often raised is whether or not the constant revision of terminology, the constant flux that it is in, is a sign of IO’s immaturity. Maybe, but the example I always use is: “give me a room of air force officers from all the air forces of the world and let me ask them what strategic air power is, and now I have just started an argument because there is no agreement on that despite the fact that we have been doing it for nearly 100 years.” So the fact that the terminology of IO is in a nearly constant revision does not surprise me at all. It would surprise me and disappoint me if it were not so, because we are still learning about it. Two of the four American services have published doctrines on this, the Army and the Air Force. The Marines are in the process of developing doctrine for this. That is what you would expect. The fact that those doctrines are different, that they reflect the Air Force or Army perspective on war fighting or from the joint perspective and they have an organizational or procedural emphasis to it, I think that is what you would expect. I think the doctrinal process is coming along where it should be.

Q: 11. In comparison to air strategy are we with IO more at the time of Douhet and Trenchard than at the time of the Gulf War Air Campaign?

Kuehl: I am retired from the Air Force and used to write air power doctrine. We formed concepts and theories for the military use of air power in the twenties and thirties. We put it to the test in the nineteen forties, some parts of it were right on the money, and some parts of it needed revision. We did that. We came to the Persian Gulf War where we had air power doctrine that we used and then revised it in light of the experience. That is the nature of doctrine, that you develop theories of how you are going to conduct operations, you develop technology that you use and then you gain experience from the use of that technology and the use of those concepts and then you change them! That is a normal part of the doctrinal process. I’ve often used the analogy of the airpower theorists such as Hugh Trenchard or Billy Mitchell, who wrote about airpower in the 1920s when we were still flying fabric-covered open-cockpit biplanes. They knew that airpower would be a powerful, perhaps even decisive, force in the next war, and it was, even though not all of their theories worked as predicted. That’s where we may be with IO right now…it is already a powerful element of warfare and for national security, even though we are learning as we go along.

Q: 12. Once the doctrine is fully available do you think it will be fully understood and implemented by senior military staff

Kuehl: It depends what you mean by fully. The military is by nature a conservative entity. It tends to rely on the tried and true because that seems to have the authority of experience and of “we have done this before and it worked.” We tend to be a little standoffish when it comes to being theoretical, visionary and pushing ahead. Frankly, if you base a war plan around an untested concept or technology and it does not work you are in deep trouble. On the other hand, and this where I think we come up a bit short, is if you do not take advantage of new concepts, new technologies and new doctrines and factor them into in how you are going to operate you may find yourself at the mercy of those who have done a better job at analyzing. The classic example of that is probably mobile armour warfare, May 1940. Both sides had the same technologies, but one side had done a better job of thinking through the potentials, the capabilities, and the other side did not. And so the Germans won.

Q: 13. You mention that intelligence is very important for IO. Do you think US intelligence agencies need to change in order to support such operations?

Kuehl: On a larger scale the American intelligence network is undergoing a fairly intense self-examination and examination from outside as well in terms of how it links together and does things. We are big and we have a plethora of intelligence organisations. The key question: first of all how do you link them together? The technology to do that is easier than the human part of it. There are turf issues involved. There are legal issues involved. For example, the FBI can gather information on an American citizen as part of a criminal investigation. If the NSA does this it becomes intelligence gathering and someone will go to jail for doing it.

So we have legal impediments within our system to do some of these things. It probably hinders a lot of things. Probably IO more so than naval warfare, but that is one of the prices you pay for having the democratic system. I mean nobody said democracy was clean and efficient and neat. There is a lot of friction and grey areas, but that is the price you pay for a system that has lots of checks and balances built into it.

Q: 14. How can deterrence work in E-Space?

Kuehl: It depends first upon who you are trying to deter. Deterrence at its nature is about fear. It is about “I am fearful of doing this because if I do it bad things are going to happen back to me.” If the hacker community gets convinced that anyone that eventually breaks into a DOD system will be arrested, prosecuted and sent to jail there will be a deterrent effect there. Obviously, this does not happen, but that is an example of how it can work. So deterrence can be small ‘d’ against individuals to not commit criminal acts. Deterrence can be capital ‘D’ against nation states not to do things. The question has often been asked about infrastructure attacks, why have we not seen them happen yet? And my answer to that is that from a nation-state level, no nation state has yet seen sufficient strategic advantage to do something to a national infrastructure to outweigh the price of when they find out about it they are going to “whack me.” That is an example of big ‘D’ deterrence.

As we said in our National Security Strategy in 1999, the fact that you use an electronic means to harm an infrastructure element does not mean that we will not use a 2000 pound laser guided bomb to come back and tell you that we are upset about this. So there are cross-border means of doing things here both electronic E-Space as well kinetic.

Q: 15. In the new US Security Strategy IO is only mentioned once. What is the significance of this?

Kuehl: I have read the new US Security Strategy. It is from the information perspective very interesting. There is only one reference to Information Operations, which I think, is a step backwards from its predecessor. Only one mention in there of Infrastructure Protection, which I think is a tremendous step backwards from its predecessor, and only three references to Public Diplomacy/public information. What you are seeing there is perhaps the reaction to September 11. What’s missing, in my opinion, is a sense of the power and synergy of information as an element of national power, and I hope this omission is rectified in the next such National Security Strategy.

Q: 16. Can IO fulfil the Just War criteria and withstand any legal challenges if deployed?

Kuehl: I teach a course on the law of war and Just War. There are two important and distinct pieces of this. There is jus ad bellum which is just war the reasons for going to war. And there is jus in bello, justice in war, which focuses on the conduct of operations. You can have (and I am being critical of American history here) a war that is fought completely in accordance of the norms of practice, as in the case of the Mexican War in the 1840S. It fairly clearly was outside the bounds of just war in why we waged that war – “I want that territory,” a war for territory -- that does not measure up in the criteria of just war theory. Or you can have a conflict that is being waged completely in accordance with just war theory in terms of the causation, to overcome oppression, to free a conquered country, but is waged outside of the rules of warfare. You have to look at the ways that the conflict is waged from the standpoint of justice in war. I am not sure that anything about IO or Cyberwar would fall under the first part of this discussion in terms of the reason for causation--or maybe it would. Clearly if the other country’s army invades my country that is a just cause for going to war with them. If they conduct Computer Network Attack against my infrastructures, however, is that a just cause for going to war? The answer is that we do not know yet and we are still trying to figure that out. From the perspective from the UN charter, articles 2(4), 38, 39, armed force, armed attack, armed regression, I am not sure that any of these things about infrastructure attack measure up to that language, even though the effects may well match the effects of kinetic actions.

From the second half of the equation and the second question, “what are the means used,” we are having a difficulty right now from a legal standpoint of “can we employ a Computer Network Attack against the site X?” How can do that? And that is a legal issue we are still trying to work our way through. It would seem to me from a justice in war perspective, if I can negate the other sides military network or some other kind of network and not run the risk of “oh the two thousand pound laser guided bomb went dumb and hit the apartment complex” that would seem to me to be an improvement. That would seem to me to be a potential way maybe to lessen casualties. The short answer to the question to which I have just given a long answer to is you are going to have to go through the same kind analysis for computer operations that you have to go through for kinetic operations.

Q: 17. Is Strategic Command the right command for CNO or should the US military create a new military service for IO like the Chinese?

Kuehl: This is a question I ask my students. An answer I propose, I am not saying it is the answer, is if you look at warfare in the past one hundred years--a hundred years ago we had two main services: There was an army, “you do things on land.” There was a navy, “you do things on the water.” And then they invented the air plane and that was a big problem because now we were using a new technology to exploit a new physical environment, the air that impacted and overlapped both land and sea. The answer to that conundrum between 1920 and 1945 to 1950 was in most militaries in the world to create a separate organisational entity called the air force. So the army operates on land, navy on the sea, air force in the air. There have been several Chief of Staffs of the United States’ Air Force including a very recent one, General Mike Ryan, offered the opinion that sometime in the future it may be necessary to create a separate organisational entity for outer space. If we are willing to buy the logic I just laid out-- army - land, navy - sea, air force - air, federation - outer space!-- It might well be useful to create an organisational entity whose mission it is to operate in the fifth dimension in cyberspace, in the infosphere. My answer to that is yes, but I do not know when or if that will ever happen.

Q: 18. Imagine there would be an IO command. Would the IO command be a supported or supporting command?

Kuehl: It could be both. It could be lending assistance to some other entity or it might be the primary means itself.

Q: 19. Do you think the military is capable of understanding the full potential of IO as it requires an understanding of the complex interdependence and synergies of information systems and critical infrastructures?

Kuehl: Yes and no. The military has the same difficulties that the civil sector has in seeing how both sides work together. For example of 90% of the DOD’s communications travel over civilian owned and operated information systems. That makes us partners. But we, the military, except for small pockets do not understand that. The private sector, except for small pockets, does not understand that. Neither side, public nor private sector, fully understands that paradigm. Having said that I think the military as a whole probably better than the private sector understands the totality of the interface between the public and private in this area.

Q: 20. Do you think there can be a virtual centre of gravity?

Kuehl: There can most definitely be a virtual centre of gravity. In fact from the information standpoint going back to one of your opening questions, if the key target is a human thing then your key centre of gravity is almost certainly going to be virtual.

Q: 21. How has the fog of war changed with information technology and information operations?

Kuehl: The fog of war and friction have not gone away. They have changed. Clausewitz would not have understood the terms “data smog” or “information overload” whilst we are intimately familiar with these terms as we wage it on ourselves every single day. That is a new form of fog and friction. Now the argument that technologies from the information revolution make fog and friction go away is in my opinion ludicrous. But what may very well happen is that if we can reduce ours and increase theirs that differential will be a war winning advantage for us. That is a possibility which I believe we just saw in action in Iraq.

Q: 22. Other nations also doing research on IO. Do you think most of these nations will focus on Influence Operations as the technological part of IO is difficult to master?

Kuehl: Focus on perhaps, but not focus on to the exclusion of anything else, because when you live in a computer dependent world in which the expertise to do things is not solely held by the military the opportunity is there for someone to literally hire capability. We may see the return-- or in fact I am going to argue that we already did-- of the mercenary. I call them ‘cybermercenaries”, for example the Dutch hackers in 1991. If Saddam Hussein had accepted their offer to help him for pay that is what they would have been. We have seen several examples of peoples in the past decade doing things of that nature. You may well find a situation in the near future where a nation state or a political entity goes and hires their IO capability.

Q: 23. Do you think Joint Information Operations are difficult to achieve and coordinate?

Kuehl: It is difficult to coordinate but it is very doable. We did it in Kosovo and we are doing it in Afghanistan, and we saw it in Iraq as well. But it is not easy to coordinate, especially when you are speaking about more than just the strictly narrowly military piece of how do I coordinate PsyOps and EW into a theatre plan. When you are trying to coordinate State Department and other entities and even some coalition or allied entities…how do you bring all those together? That is not very easy to do.

Q: 24. Where do you see the future of Information Operations?

Kuehl: I see it not as a replacement for existing military operations. I see it as something which can stand along side of them in its own distinct and unique sense, and changes how all of them are conducted to exploit the relationships and synergies among them.

Q: 25. Do you think in future conflicts will we see more IO activities?

Kuehl: I have said publicly that in my opinion the next time we see a major international conflict between two somewhat technologically advanced countries, and I do not mean the coalition versus Afghanistan, but maybe countries such as India and Pakistan, in my opinion you are going to see cyberattacks and cyberactivities going along side of the physical activities.

The Interview was conducted as part of an IWS research project on IO Computer Network Attacks.

IWS welcomes suggestions regarding site content and usability. Please use our contact form to submit your comments.

Last modified: 30 December, 2007 by Wanja Eric Naef

IWS Copyright 2000 - 2008