The following post is in response to the Wired news story that members of the Army are specifically banned from posting on Blogs. This is of specific interest as Blogs have served as a “lessons learned” and educational tools form military members. Websites like the Small Wars Council/Journal allow military members, civilian contractors, academics, and members of government to interact and share information. Unfortunately there are issues with sharing information and the following is a response found in a thread about that information leakage.
Information operations whether the task be military or civilian hinges on the willingness of the participants and the acquisition of intelligence. In the process of recruiting willing participants an adversary in years gone by would actively seek the physical resting spot of soldiers and marines to listen to table talk. Finding family members suddenly on a picnic or tearfully saying good bye on the ship wharf was a sure sign of imminent deployment. In the past a spy could watch deployment patterns and discern the likelihood of a ship or MEU showing up onsite within a few days. This type of spying for first world countries became less important as satellites became more easily available, but the pattern of world conflict switched from first and second world countries to third world countries and regional based conflicts. Enter the necessity of the spy and information gathering arm for countries without sophisticated satellites and the blind eyes of information containment teams to that threat.
There is a direct and substantial relationship between cyber-warfare and information operations. In a world of instantaneous digital transmission the information operations arm moves from classifying data and providing analysis to acquisition and recruitment of human operational resources. The information operations arm of the military becomes metaphorically the long range reconnaissance and patrol arm of cyber-conflict and integral to the entirety of security. This role is not completely understood as the on the one hand those involved in information operations are busy in an acquisition mode they are also charged with guarding the garrison. This is a conflict in roles and strategy. The tools of the patrol do not meet the needed tools of the garrison.
Conflict is sure to erupt as those using normal tools of the technology culture in accomplish enculturated communication expectations are stopped. One the one hand you have a culture who is technologically sophisticated and has used technology as a primary weapon of restricted warfare. On the other hand you have a highly adaptable adversary who is willing to use the infrastructure of their enemy against them and loath to build that infrastructure. A sincere and well-trained guerilla force with information operations skill and technical sophistication in non-state warfare has no need of building a vast array of technical tools they will literally use their enemy’s resources. Into this battle space the technology society wades with email, blogs, web-pages, satellite phones, digital cable channels, and iPods.
The fact a society knows how to use technology does not mean they are sophisticated in the building blocks of that technology. Few people could create a watch based simply on their use of that technology. Similarly in information operations few if any people will truly understand the capacity and realistic risks of information operations based on their use of email and the Internet. Principles such as meta-data are lost on the normal user of technology. For example something as simple as a picture carries with it a substantial amount of meta data besides the content of the picture. Embedded within the picture can be the camera make, model, type, software revision of the operating system, the user name, the type of computer used to connect to the camera, the date of the picture, the date of any manipulations of the picture, and even in some geographic coordinates. From one simple picture a lot of deeper information elements can be found.
In the past the commander within a battle space could count on soldiers letters home providing time displacement from when operation would occur. Should a censor not find a risky piece of information the commander could count on mail embargos to keep possible data out of unfriendly hands for some period of time. Within the cyber-society that time displacement can and likely does vanish. How many soldiers sitting in computer tents (imagine that concept during world war 2!) have cut a conversation short because they had to go to briefing or out on patrol? What phrases did the participants use to end the conversation? Into this tiny void of feeling of loss and home front a wedge of information leakage erupts. While nobody is the wiser and none are of evil intent the simple acts can create issues. More on this in a moment.
A commander in the field could also count on geographic displacement as a method of insuring that his soldiers could not leak information willingly or even without malice. A hundred miles of desolate lifeless land is a good deterrent to soldiers carousing with locals. The technology society community no longer reflects borders or geographic displacement. A simple post to a blog or webpage stating a simple item is in fact information leakage by the soldier. Simplistic adjustments in tone, opinion, word choice, and time of posting are in fact information leakage. The search function allows for statistical analysis of the habits and opinions of a battle field asset. An active blogger intending to abide by stringent controls on content will leak through their posting habits their current state of mind, feelings about home (and associate operational tempo), opinions on operations, success and failure, and morale. To a world wide audience.
Human capital in this case is simply a matter of understanding the medium and analyzing the resultant information flows.
Operational security and planning jeopardizes the freedom of soldiers and the associated family relations. Soldiers have abided by email embargo and telephone embargo in the past as an understood response to operational security. In an environment where the tempo of conflict increases and wanes in a cycle counted over years and resolution is not likely possible in any near time the soldier will endeavor to maintain those associated ties to family and home with the tools they understand. The boon to enemy operational and information strategists is the rapid availability of information on operational strategy posted not by the soldiers but by the loved ones of those soldiers.
As I’ve been alluding to and as promised lets talk about information leakage. The principles of information leakage are not fully understood outside of a very small circle of information operations specialists. The principles of analysis and k-anonymity are fairly straightforward. With k-anonymity we can look at data that has been scrubbed to protect individuals rights to privacy and then use secondary and tertiary sources of data that have also been scrubbed of identifying information to build the identity of an individual. This same analysis technique can be used within information operations to build dossier data on military members and their familial relationships. Since there is also leakage of data on marriages, children, previous employers, and more a fundamental picture of each military member can be built. Specific unit members can be targeted based on their location and simple analysis used to find more information. In many cases members have posted full résumé’s when looking for jobs that are easily found using free or inexpensive account data. They do this because they are looking for jobs when they return of were looking for jobs when they were activated from the reserves. Normal behavior causes substantial leakage of personal information. In the commercial world we have seen similar disclosures like the Choice Point exposure done for criminal purposes using fully legal means.
An active blogger or poster may not realize just how much information they leak simply by visiting a website. The location of the connection, the operating system of the machine, the browser, the IP, the visited pages history, and so much more is available. Back track attacks are when the URL is stored in the history and poorly designed websites cache the authentication mechanism in the URL address. A dedicated adversary can look for that and use it as a method to access associated pages a user has been visiting or even the account of the user on other web pages.
The furor of military bloggers has me of two minds. I like to know what I can do to help the current members of the military and ease the hardships of service. At the same time I understand the risks and attempt to balance the fear, uncertainty and doubt with a skepticism. The mental gymnastics of ethnocentrism required to pander mental pudding portraying adversaries as cognitive midgets with luddite tendencies is a common failing. The adversaries are well trained likely in United States universities and higher-level technology curriculum’s with all of the associated understanding of the technology and the politics. To ignore the aspects of guerrilla warfare where the enemy uses your own technology and resources against you in a war where information is the only force multiplier is to fail.