Evolution of intelligence collection and influence operations

This post part of a series:


Since ancient times nation-states have used espionage to collect intelligence or to conduct influence operations to achieve strategic or decision advantage over adversaries in foreign relations and warfare.

The First Gulf War is commonly referred to as the “first information war.” It was also “followed by a plethora of publications on the strategic use of information and information technology,” writes Myriam Cavelty.

State and non-state actors may rely on secret intelligence collection and covert influence operations when net-assessments between theirs and an adversary’s military forces are unbalanced. Take for example, al-Qaeda and affiliates’ secret intelligence collection and covert actions against the U.S.

State and non-state actors may also use secret intelligence collection and covert influence operations when hostilities risk existential annihilation. Take as an example, the Cold War nuclear competition between the former U.S.S.R. and the U.S.

Espionage in the information era, like journalism, has evolved.

The current era has seen the rise of operations and breaches from industrial, economic, and political espionage, by both state and non-state actors, at a scale proportional to the volume of data in the information age.

 

 

Information and Cyber Warfare and Operations

Since ancient times, warfare has also involved propaganda, misinformation, and deception.

Information warfare is a form of political warfare that exists “below the level of armed conflict,” and is a “means through which nations [as well as state-sponsored and non-state actors] achieve strategic objectives and advance foreign policy goals,” writes legislative analyst, Catherine Theohary.

At the advent of the Cold War, former U.S. diplomat, George Kennan, defined political warfare as:

“the employment of all the means at a nation’s command, short of war, to achieve its national objectives, to further its influence and authority and to weaken those of its adversaries. Such operations are both overt and covert. They range from such overt actions as political alliances, economic measures (as ERP), and ‘white’ propaganda to such covert operations as clandestine support of ‘friendly’ foreign elements, ‘black’ psychological warfare and even encouragement of underground resistance in hostile states.”

Defensively, information warfare includes information assurance, or what ordinary people call, security. Offensively it may be called “active measures, hybrid warfare, and gray zone warfare,” writes Theohary.

The targets of information warfare “include a nation state’s government, military, private sector, and general population.”

Information warfare operations may be a “prelude to armed conflict,” “a means to influence conditions for the success of armed conflict;” or it may actually be an “end in itself.” Information warfare can also be a “process through which nations gain competitive advantages over one another without the use of force.”

In order to execute information warfare, cyber capabilities and tactics may be employed.

Cyber warfare or operations “attack and attempt to damage another nation’s computers or information networks through, for example, computer viruses or denial-of-service attacks,” notes analysts at RAND; whereas, information warfare or operations, “includes the collection of tactical information about an adversary as well as the dissemination of propaganda in pursuit of a competitive advantage over an opponent.”

Cyber warfare or operations attack the systems; while information warfare or operations use information itself as the weapon, as Rex Mbuthia cogently puts it.

Microchips and global telecommunications precipitated modern cyber and information warfare and operations; just as radio and mass communications did with regard to electronic warfare and operations.[1]

A host of actors, from state, state-sponsored, to non-state, use cyber capabilities to further objectives in both armed conflict and peacetime.

For example, nation-states use the encrypted world-wide web that has not been indexed by traditional search engines to conduct “intelligence collection and source development,” “government and corporate espionage,” “exploit development and testing,” “disinformation operations for geopolitical influence,” “infrastructure disruption,” and for illicit financial gain, notes DarkOwl analysts.

Definitions and legal frameworks for cyberwarfare, its operations, and related activities are still developing both internationally and domestically.

Experts in international law governing cyber warfare and peacetime legal regimes define the term cyber-attack as a “cyber operation whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects.”

Cyber operations may also constitute an act of war if they result in “death, injury, or significant destruction,” according to former U.S. Department of State legal advisor, Harold Koh.
However, “many cyber-attacks fall into a gray area below the threshold of total war,” notes RAND senior engineer, Isaac Porche.

The dependence of government, civil society, and the private sector on information systems, alongside the fragmentation of media has arguably made each more susceptible to cyber and information warfare aimed at attacking the psychology and will of opponent population.

In the oft-cited, recent example, President of the Russian Federation, Vladimir Putin, “ordered an influence campaign in 2016 aimed at the U.S. presidential election,” according to a 2017 assessment by the US. Intelligence Community. the I.C.

Russian military intelligence services relied on both cyber espionage and social media to conduct information warfare, notes intelligence historian, Mark Stout. After stealing communication intelligence (COMINT) from the information systems of a major U.S. political party, Russia reportedly leaked the stolen material via the mass media and websites, such as WikiLeaks.org and DCLeaks.com, as well as via a social media ‘sock-puppet’ it had created, called Guccifer 2.0.

The Russian operation also reportedly used “algorithms, automation, and human duration to purposefully distribute misleading information over social media networks” to incite political factionalism and divide the U.S. politically, notes two experts in computational propaganda , Internet, and international relations.

Russia had also reportedly conducted cyber-attacks on the electoral systems of 21 U.S. states.

The challenge of cyber and information warfare and operations, defensively speaking, is countermeasures require buy in and coordination by multiple policymakers and other stakeholders, including in the private sector.

In the run up to the 2016 U.S. presidential election, for example, the U.S. administration of former president Barack Obama reportedly approached senior Congressional leaders of both U.S. political parties to gain consent to inform the public regarding Russian intent to influence U.S. politics. Republican leaders did not consent to a bipartisan statement by officials. However, the Obama administration had also reportedly been reluctant to order a strong cyber-response against Russia to deter their further interference.

 

 

Attribution and Motivation

During the Cold War, the U.S. and the U.S.S.R. “refrained from physical attacks on each other’s intelligence officers or their families,” writes journalist, Edward Lucas.

Such norms have not yet been established in cyber-space. For example, the “most recent version of NATO’s terminology manual gives no definition of ‘cyber operations,'” notes scholar of diplomacy, warfare, and language, Michael Kelly.

The lack of predictability with cyber-espionage increases the risks for “misunderstandings that could lead to conflict,” notes security studies scholars, Scott Jasper and James Wirtz. Cyber-espionage may risk hot wars, because attribution and motives are harder to ascertain, and attribution is a component of ascertaining motivation.

In the past, an “intelligence officer’s job was…[usually] to find things out, not to make things happen,” notes Lucas. Today an “intrusion into another country’s sensitive computers and networks for the so-called innocent purpose of reconnaissance can easily be mistaken as an act of sabotage [and an act of war] or at least preparation for it,” which may increase the risk of “misunderstandings” in “unfamiliar political and legal territory,” Lucas adds.

Determining intention becomes even more complex as cyber defense and offense become the task of artificial intelligence.

 

 

Low-cost, Accessible, and Flatter Espionage

The risk calculus has become more complicated as cyber weapons and tools are available to a greater number of actors with far reaching and unintended impacts.

While conventional weapons “tend to produce their greatest strategic benefit either in coercive diplomacy or when used in war, cyber weapons often benefit their owners most when they are used below the threshold of kinetic war to take goods from opponents without diplomatic warning or demands,” notes security studies scholar, John Andreas Olsen.

The accessibility and cost-effectiveness of some cyber-espionage capabilities has also enabled “poorer and weaker states” to off-set traditional net balance of forces with more powerful adversaries, writes scholar of international relations Norrin Ripsman.

While the U.S., Russia, and China “still clearly lead in cyber-focused financial resources and manpower, there has been a significant rise of less well known nation-states due to the release of advanced exploits leaked [by The Shadow Brokers and Wikileaks] in recent years and available reverse engineering,” according to a recent empirical analysis by Dark Owl.

The leaks of NSA and CIA cyber-tools specifically “offered formerly less-powerful nations the ability to reframe themselves as power players and gain influence that was previously unattainable to them,” DarkOwl concludes.

Cyber and information warfare and operations are battlefields where one need not be sovereign to fight.

Today, “closed societies now have the edge over open ones. It has become harder for Western countries to spy on places such as China, Iran, and Russia and easier for those countries’ intelligence services to spy on the rest of the world,” writes Lucas, adding that a “gulf is growing between the cryptographic superpowers the United States, United Kingdom, France, Israel, China, and Russia and everyone else.”

 

 

Open Source Intelligence and Threats to Secrecy

From facial recognition software, mobile phone tracking, location-based intelligence platforms, and aggregated digital exhaust, creating and maintaining secrecy and cover for intelligence officers has also reportedly become more challenging.

The Chicago Tribune reported a decade ago that it had collected “more than 2,600 CIA employees, 50 internal agency telephone numbers and the locations of some two dozen secret CIA facilities around the United States” using open-source information, including public records.

Intelligence agencies exert enormous effort to build a bank of digital legends for current and future intelligence officers, notes Lucas. Another method employed is called “‘cleanskins’ freshly recruited intelligence officers whose history reveals only their previous civilian lives,” Lucas adds.

Finally, open-source information has made what was once cost-prohibitive, more affordable to a host of actors and adversaries.

The “[f]ollow-on effects have led to other incidents and the exposure of tradecraft procedures. Not only have [intelligence officers’] covers been blown, but the digital artifacts commonly created to support the credibility of [their] identities have also been exposed,” writes James Lord in the International Journal of Intelligence and Counterintelligence.

Open-source information and big data collection by commercial service providers not only threatens the privacy and anonymity of ordinary civilians and citizens; it’s also threatens the cover of intelligence officers and law enforcement.


[1] Electronic warfare consists of “military action involving the use of electromagnetic and directed energy to control the electromagnetic spectrum or to attack the enemy” writes Theohary. EW includes the jamming, monitoring, deceiving, or defense of “command and control systems, satellites used for global positioning systems, and radio communications” during armed conflict.


This post part of a series: