DEFENSIVE INFORMATION OPERATIONS (DIO) - A J6 Perspective
Defensive Information Strategy at United States Central Command
During February 1998, United States Central Command (USCENTCOM)
responded once again to a crisis in the Middle East. As forces
mobilized, planes flew and ships sailed to the Persian Gulf in
preparation for Operation DESERT THUNDER - one element within
USCENTCOM was already at war conducting DIO against asymmetrical
computer network attacks from global foes with worldwide access
to the Internet.
The USCENTCOM Command and Control, Communications and Computer
(C4) Systems Directorate (CCJ6), with support from components
and national agencies, operated a complex intrusion detection
system that identified and blocked numerous attempts to penetrate
or disrupt the USCENTCOM Command and Control (C2) structure. These
attempted intrusions threatened a significant USCENTCOM advantage:
the network-centric computing and communications infrastructure
that processes, transports, stores and protects the information
that our warriors need to maintain the speed of command.
In real time, sensors identify and rapidly report enemy activity
to command centers, via our communications architecture, for fusion
and plan development. The speed of this process leads to timely
decisions that enable dominant maneuver, precision engagement
and focused logistics that overwhelm our adversaries. In order
to act decisively, we rely on the speed of communications as an
information transfer system. Thus, any corruption of our C4 architecture
can seriously degrade our ability to achieve information superiority
and full spectrum dominance.
USCENTCOM operates within the Defense Information Infrastructure
(DII) that is inextricably interlaced with the National Information
Infrastructure (NII) and Global Information Infrastructure (GII).
Information technology and supporting communications infrastructures
have become prime components of our competitiveness as a nation
and a center of gravity for our National power. In addition, DoD
has become increasingly dependent on networked information and
communication systems to conduct global military operations.
As such, Information Operations (IO) are playing a rapidly emerging,
evolving and vital role in planning and executing the full range
of national security flexible deterrent options. The desired end
state of IO, regardless of the range of military operations, is
"information superiority," defined as "the capability
to collect, process and disseminate an uninterrupted flow of information
while exploiting or denying an adversary's ability to do the same."
(Joint Staff, Joint Staff Publication (JP) 3-13, Joint Doctrine
for Information Operations, Second Draft, 2 July 1997.)
Unfortunately, our ability to network and communicate has far
outpaced our ability to protect networks and communication infrastructures.
The increased efficiency of our C4 systems and data transfer has
come at the price of increased vulnerability to attack. As stated
in Joint Vision 2010, "There should be no misunderstanding
that our effort to achieve and maintain information superiority
will also invite resourceful enemy attacks on our information
systems." Consequently, minimizing risk to communication
and information systems is critical to USCENTCOM's ability to
conduct military operations unimpeded by an adversary's efforts
to exploit friendly communication and information systems for
their own purposes.
During future conflicts, the U.S. will be faced with potential
threats requiring development of new weapons, tactics and planning
methodologies. The future operational environment will likely
include both nation-states and international/multinational groups
with limited but strategically lethal weapons of mass destruction,
access to air and missile defense systems, low-observable aircraft,
cruise missiles, directed-energy weapons and IO capabilities.
Additionally, potential adversaries will have access to extensive
commercial capabilities with application to military operations
(e.g., global positioning, communications, imagery and information
networks). Because of U.S. military dominance, adversaries will
also likely seek to avoid U.S. strengths and exploit vulnerabilities
and centers of gravity through affordable and commercially available
technologies to counter our advanced technologies.
Future strategic force application systems must be supported
by a command, control, communications, computers, intelligence,
surveillance and reconnaissance (C4ISR) architecture. It should
rapidly manage information, provide simultaneous versus sequential
processing and ultimately achieve boundary-free warfare by fully
integrating C4ISR systems with space operations. As a result,
target reconnaissance and weapons delivery timelines will overlap
and approach near-real-time. Human decision making will become
the primary delay point between processes. As a consequence, communications,
data transfer and information systems will become the most critical
operational node allowing tremendous improvements in the speed
of decision making and command. Critical future USCENTCOM wartime
operational, intelligence, communications and data transfer architectures
must become survivable and enduring through all phases of conflict.
The impact of the speed and persuasiveness of information has
revolutionized modern military operations. At the same time, the
U.S. and other nations' national security postures are becoming
more dependent on their NII and the larger GII. These infrastructures,
while sophisticated, also possess their own unique vulnerabilities.
Not surprisingly, potential U.S. adversaries and allies are also
looking at these and other information infrastructures and technologies
as critical targets. We must deduce, with the proliferation of
advanced information technologies, that any adversary could attain
some level of information parity with the U.S. and its military
forces. The use of, and struggle over, information management,
superiority, and systems as a primary military objective will
increasingly characterize advanced conflict. Rogue nations of
the information age could encounter information embargoes and
the possibility of losing contact with the world community in
the areas of commerce, travel, power, telecommunications, Internet
access, news, weather, airspace control, shipping and navigational
Since information management is critical to our success, a mind-set
change must take place. Infantrymen, tankers and front-end loader
operators have to qualify with or obtain a license for their weapon
systems prior to use. Additionally, these systems require mandatory
re-qualification for continued use. However, computer system administrators
and operators do not qualify on their systems. System administrators
are appointed and computer users are issued a computer without
having to qualify in the proper use of a computer weapon system.
Misuse or abuse of these systems could seriously degrade or disrupt
national assets yet access to these systems is granted to individuals
who have not met any published DoD- or service- wide standards
Classifying computers and networks as weapon systems emphasizes
their importance to successful operations. Computers store volumes
of critical information, and networks transfer that information
to decision makers as required. System administrators control
networks, and computer users develop, store and access information.
Therefore, a logical next step is to require user qualification
prior to network access. Individual qualifications, combined with
ongoing education and appropriate intrusion detection equipment,
is the critical first step in establishing an information network
At USCENTCOM, DIO is a CCJ6 responsibility that integrates and
coordinates all elements in providing Information Assurance (IA).
It encompasses operations security, counter psychological operations,
physical security and information protection of our C2 architecture
and C4 systems. Since professional communicators within the CCJ6
and component communications units design, install, operate and
maintain the C2 architecture, they are best able to develop the
tactics, techniques and procedures and mechanisms necessary to
Today, USCENTCOM is faced with a rapidly evolving information
technology based on open systems and robust connectivity. With
this capability comes the risk of intrusion, disruption and compromise.
Protecting USCENTCOM's networks revolves around continuously predicting,
detecting and deterring information attacks prior to their occurrence
and then isolating and recovering from any successful penetrations.
As a member of USCENTCOM's Joint Targeting Coordination Board,
the CCJ6 is the advocate for DIO. In this capacity, he advises
the commander in chief, component commanders and senior staff
on the impact of information attacks.
Cyber attackers have the same intent as any other foe: disruption
or destruction of our operational abilities. In response to these
threats, the CCJ6 may employ firewalls, encryption, alternate
C2 paths, intrusion detection systems and recommended and approved
offensive deterrence methods. In some instances, employing a kinetic
weapon or conducting an electronic attack against a specific successful
cyber attacker may be appropriate.
Recent operations within USCENTCOM show that IA and C2 protection
provide definite advantages and have far reaching consequences.
In preparation for USCENTCOM's major Command Post Exercise, INTERNAL
LOOK (IL) 98, CCJ6 established DIO as a major focus area. We wanted
to test our C4 systems and develop proper procedures as major
exercise objectives. When DESERT THUNDER began, CCJ6 established
our IL 98 DIO plan for immediate real-world use throughout USCENTCOM.
Establishing the DIO architecture allowed USCENTCOM to quickly
achieve information superiority but also identified a potential
weakness in our DIO organizational structure.
Currently, information protection within USCENTCOM is conducted
by specialized organizations in much the same manner as chemical
and biological response teams provide support in response to a
unique occurrence. Threats to and attacks on information systems
and C2 architectures occurred without regard for day or time during
DESERT THUNDER and impacted all levels of command. Every unit
participating in DESERT THUNDER had to react to these threats,
but only the 609th Information Warfare Squadron (IWS) had the
resources to provide an active network security capability. The
609th IWS is a prototype unit built to provide the Air Force with
an information warfare capability. The 609th effectively identified
and blocked numerous attempts to penetrate or disrupt information
systems. This service was transparently provided across the entire
The threat posed by today's cyber intruders, however, is too
serious to wait for organizations with a specific mission of protecting
networks to activate. As units deploy, C2 protection and IA must
already be an essential and integrated part of the communications
element included in the force package. Just as perimeter security
is an essential mission of all units, IA should be an organizational
responsibility. Standard DIO procedures, systems and tools are
required to ensure that internal organizational network security
measures are seamlessly integrated into the overarching network
security posture. In today's reduced manpower environment, we
cannot afford numerous specialized defensive information units.
Since a network attack anywhere can potentially impact the entire
Defense Information Systems Network, an effective network security
program requires the concentrated effort of the entire DoD community.
To ensure a uniform plan for IA and C2 protection, and standardized
terminology to facilitate a coordinated response, IO requires
Information Condition (INFOCON) levels similar to the threat condition
system established by the Joint Chiefs of Staff. Given the relative
ease of carrying out malicious attacks on critical information
targets and the number of potential threats that could generate
numerous incidents, it is crucial to establish methods of reducing
the overall number of incidents and discriminate serious directed
attacks from low- level pranks. Established INFOCONs would provide
the structure to filter serious from non-serious incidents and
standardize specific network protection measures throughout DoD.
As in all operations, warnings are crucial to DIO. Standardized
reports describing network attacks should be forwarded to the
appropriate service Computer Emergency Response Team (CERT), DISA's
Global Operations and Security Support Center (GOSC), and unified
commands. After national-level analysis, the GOSC or other DoD-level
activity should generate Network Security Alerts to all DoD activities
specifying the impact and prescribing the response. In this manner,
successful network penetrations would be more effectively isolated
and prevented across the entire DoD.
Train as you fight is a common rule-of-thumb within USCENTCOM.
As our reliance on C2 and information systems increase so must
our ability to protect those systems. Exercises that incorporate
network attacks provide opportunities to take a command-wide view
of our defensive information posture. Numerous organizations within
DoD have the ability to act as exercise aggressors and attempt
to penetrate our networks. In response, USCENTCOM will marshal
the combined resources of Defense Information Systems Agency,
Joint Command and Control Warfare Center and component CERTs.
Our aim is to develop the best mix of defensive information capabilities
to provide optimum network protection.
USCENTCOM emphasizes the use of our secure networks. The Defense
Red Switch Network, secure telephone unit-IIIs, and the secure
Internet protocol router network are proven methods of providing
reliable and secure communications. DoD has invested heavily in
these systems yet they continue to be under utilized. During DESERT
THUNDER, only seven percent of the telephone calls originating
in our area of responsibility were secure. A crucial portion of
our DIO strategy is user awareness and education. Without the
cooperation and vigilance of all network users, the secure systems
that we have put in place will not be as effective as they could
CONCLUSION: For the ongoing improvement of its DII posture, USCENTCOM
continues to assess its structure and plan its approach using
available doctrine and systems provided by the Joint Staff and
Services to decisively defeat all attempts to penetrate or disrupt
our C2 networks and systems. Professional communicators within
the CCJ6 are responsible for developing the plans and strategies
required to accomplish this mission. Our plans integrate resources
from outside the command into an information defense in depth
structure. As we look to the future, DIO at USCENTCOM will continue
driving to achieve the Joint Vision 2010 goal of information superiority.
About the Authors:
LT General Harry D. Raduege, Jr., USAF
About the Author: Director, Defense Information
Systems Agency and Manager, National Communications System. He led
the USCENTCOM communications system relocations during Operation
DESERT FOCUS. He has also served in operations, maintenance, engineering,
plans, budgeting and readiness positions at all organizational levels
throughout his career. He holds two master's degrees, one in telecommunications
from the University of Southern Mississippi and one in business
management from Troy State University, Alabama. His bachelor's degree
is in education (mathematics) from Capital University, Ohio.
MAJ Michael C. Gasapo, USMC
About the Author: MAJ Gasapo was the Deputy DIO
Branch Chief and a Command, Control, Communications and Computer
Systems Plans Officer, Communications Plans and Operations Division,
USCENTCOM from 14 July 1994 to 1 July 1998. He planned and coordinated
the strategic and tactical communications relocation activities
during Operation DESERT FOCUS. He holds a master's degree from the
University of Southern California in systems management and a bachelor's
degree from the U.S. Naval Academy.
LTC Peter Barnes, USA
About the Author: LTC Barnes is DIO Branch Chief,
Communications Plans and Operations Division, USCENTCOM.