NatSpecs

Scaling Cyber & Information Operations By, With, and Through

By Doowan LeeAlexa WehsenerJoe Lucas on January 12, 2021

Cyber and information operations are one of the gravest threats in current great power competition. The United States has explicitly prioritized cyber partnerships through high-level strategies, but China, Russia,Iran, and even non-state actors continue to expand operations in cyberspace to strengthen their positions outside their physical borders. In the same way that powerful nations exploit the low cost freedom of cyberspace to advance their agendas, so do every other type of small state, political and insurgent groups, and activists. With a reduced barrier to entry, limited chance of attribution and repercussion, and outsized impact, the threat landscape is large, complex, and growing. In the current threat environment, SOF (Special Operations Forces) play a critical role to develop, nurture, and train capable host nation forces: SOF can impose additional costs on strategic competitors by, through, and with host nation forces. As the threats of terrorism and irregular warfare increasingly intersect, the need for partnered operations is heightened by the continued proliferation of low-intensity conflicts and inter-state competition. In fact, the frequency and scale of crises that the US military is asked to address is resource-depleting — it is not a coincidence that US military leadership has underscored the increasing need for partnerships to manage global security. 

SOF have encountered a similar threat environment in the recent past. When ISIS advanced quickly into major population centers in Iraq, the U.S. was forced to learn quickly how to coordinate and collaborate with her host nation forces in order to rebuff ISIS digital and physical operations. In the same environment, the U.S. rapidly experimented and implemented a partnered operations concept called Remote Advise and Assist. RAA was in essence a C4ISR platform that enabled US SOF to share common intelligence pictures (CIP) and common operational pictures (COP) with partnered units to expedite both planning and execution. US special operations forces were able to leverage RAA to train, plan, and execute operations against ISIS with Iraqi counter-terrorism forces to great effect. 

Today, the United States faces threats across the cyber and information domains not only in our homeland but also in those of our allies and partnered nations. Revisionist states are harnessing several benefits from attacking us and our allies in the information environment. Cyber operations significantly lower the cost to international actors to project power and support strategic initiatives abroad. Furthermore, cyberspace offers an anonymity that was formerly rarely possible. This anonymity and the slow development of international norms enable nations to act in cyberspace with limited fear of significant retribution. In today’s increasingly interconnected and interdependent world, the scope of US and allied security interests abroad continue to rapidly expand. 

Global competitors often exert regional influence through cyber and information operations against American allies. Infamously, Russia used cyber attacks during the 2007 Bronze Night Incident as part of disruption operations, fused with active propaganda efforts across the information environment in Estonia. We saw the same pattern of concerted disinformation campaigns during the 2014 Maidan movement in Ukraine. Since at least 2004, Russian Fancy Bear (APT28) has been extensively involved in information and cyber operations in Europe, including direct attacks against the German parliament in 2018. Fancy Bear operations are often in direct retaliation to perceived insults, as seen in the 2019 breach of the International Olympic Committee. Similarly, Chinese-linked APT10 is active in places like the Philippines, targeting and stealing data from US organizations. In 2012, the PRC and the Philippines were involved in a back-and-forth conflict defacing each other’s websites, posting stolen credentials, and executing DDOS attacks. By directly advising and assisting our allies, we can increase the cost to adversaries conducting cyber and information operations around the world.

In 2010, US Cyber Command was established to act as the military arm of our cyber forces. In the ten years since Cyber Command’s inception, it has prioritized its limited resources against the most severe threats to national security. In doing so, lower-level competitions in lower priority regions and networks were forfeited. However, assisting with cyber and information warfare capabilities through existing military engagements with a broader array of allies and partners could provide additive, scalable benefits to the US federal cyber enterprise and our national security writ large. US assistance and leadership in deterring and countering malign activity is essential to protecting and developing trust with foreign partners. 

Despite the need, it’s become increasingly challenging to enable and empower partnered operations in the cyber and information domains. More specifically, while already integral to many aspects of modern warfare, cyber tools and information operations tactics have yet to be broadly integrated into SOF missions such as counterinsurgency, foreign internal defense, security force assistance, and unconventional warfare alongside indigenous formations in permissive, uncertain, or hostile environments. Cyber assistance should be similar to monetary or developmental assistance provided around the world by the Department of State and other federal agencies — much like the military train and assist mission we already conduct in traditional military domains. Leveraging the strength of our international relationships to scale through existing military engagements is paramount to enable the distribution of pressure against US adversaries. Advise and assist missions can generate forward resistance to cyber and information campaigns stemming from malicious state and non-state actors through training of partner forces. Once interoperable, coordinated defense in the cyber and information domain can greatly enhance US competition against revisionist states. By expanding the scope of partnered training and execution, cyber-enabled advise and assist missions would greatly augment the breadth of strategic partnership.

How should we drive this partnered collaboration? SOF routinely engages in partnerships with international allies and local institutions on the ground, including through its civil affairs capability. Through these relationships, they are aware of the multitude of steady-state and surge adversary operations against allied interests. SOF can and should leverage their existing placements and relationships to enable and empower host nation forces to build formidable firewalls against cyber and information operations before they reach US and allied digital shores. Much like how Remote Advise and Assist has enhanced the speed, interoperability, and reach of special operations missions against ISIS, US SOF can achieve the same effects by training and enabling host nation forces on cyber and information operations. In fact, doing so is likely the most critical frontline of great power competition today.


Doowan Lee is a strategic advisor to IST and adjunct professor of politics at the Univ. of San Francisco. He was the principal investigator for the Remote Advise and Assist program sponsored by DARPA and CTTSO when he was a faculty member at the Naval Postgraduate School.

Joe Lucas is a Future Digital Security Leader Fellow at IST

Alexa Wehsener is the Research and Operations Manager at IST