Information Operations (IO) in Defense Support of Civil Authorities (DSCA): Ignore at Your Own Peril

By Brad E. Rhodes, Colonel, US Army Reserve (Cyber, Information Operations, and Space Operations)

December 1, 2022

“We don’t conduct influence operations in the United States, but what we do has influence.”

-COL Brad Rhodes, Senior FA30, 76th Operational Response Command at Vibrant Response ‘22

Part I: Setting the Stage

After years of work, threat actors from outside of the United States execute a catastrophic cyber-attack on a nuclear power plant just outside of a major metropolitan area. The explosion causes a near meltdown and the radiation cloud released rivals that of the 1986 Chernobyl in disaster. It is America’s worst day. The Federal Government springs into action to support immediately overwhelmed State and Local entities. Part of that response is Chemical Biological Radiological Nuclear (CBRN) Response Element (CRE)-A which is Task Force (TF) 76 which falls under the 76th Operational Response Command, US Army Reserve stationed at Fort Douglas, Utah. Unfortunately, due to the severity of the disaster and the millions of residents effected, no response appears fast enough. By the time TF76 arrives on scene to help the general confidence of the American public is trending down significantly as evidenced by various hashtags on social media.

Amid CRE-A gaining an understanding of the disaster area and the needs of the Federal Emergency Management Agency (FEMA) (the Lead Federal Agency (LFA)), several TF76 Soldiers have taken to social media. Unfortunately, these Soldiers speak negatively about the mission and response, even complaining that they are being exposed to radiation without proper medical precautions. These Soldiers, who had just a couple of hundred followers on social media platforms prior to the attack, now have several hundred thousand*. Their newfound fame includes fringe actors inside the United States and foreign intelligence trolls from the usual Nation-state actors.

Unfortunately for the Soldiers and TF76 these actors begin to use the information posted by US Soldiers to sew mistrust of between CRE-A and the public. This mistrust foments into protests and riots in and around the disaster zone. Can you really blame the average US citizen for being both frustrated and manipulated at the same time?

Next, Soldiers are simply photographed in their trucks on their smartphones waiting to rollout for another mission in the disaster area. While nothing specifically prohibits Soldiers from being on their phones, the optics are incredibly bad. These images are posted to social media with messaging that Soldiers are lazy and they do not care about their fellow citizens in need. Hashtags such as #USArmySucks, #TF76GoHome, and many more begin to trend online.

Eventually, the frustration of the public boils over, fueled by social media prodded mistrust and the bleakness of the situation. TF76 Soldiers are on a mission for FEMA delivering water to a shelter when a crowd of angry civilians approaches, and a shoving match ensues between the Soldiers and them. Tired of the verbal and physical abuse, a young Army Specialist (E-4) strikes a civilian knocking them to ground. There is additional pushing and shoving, but the Soldier’s platoon leadership defuses the situation, and the crowd finally moves off.

Several minutes after the crowd disperses, cell phone video showing the Soldier hitting the civilian is posted to social media with the hashtags #USArmyAbuse, #ArmyAttacksCivilians, and others. The first views are hundreds, then thousands, and finally millions. Even the President of the United States sees the video when it is picked up by major news outlets. Knowing he will be asked about the incident at his next press conference, the President immediately convenes a call with the Chairman of the Joint Chiefs of Staff (CJCS), the Secretary of Defense, and other senior leaders. After this meeting, the CJCS calls the Commander of US Northern Command and the CRE-A Commanding General directing an immediate investigation of the matter and to discipline the Soldiers involved. The Commanding General also receives direction from his higher headquarters to retrain all personnel assigned to CRE-A on the Rules of Engagement (ROE) and consequences for violating them.

Things are not great for our newly minted Solider-influencers. One of the Soldier’s social media profiles is public and contains too much personal information. It does not take long for the hacker group Anonymous to determine the Soldier’s home address and dox (“dropping docs”) them. The very next day, a crowd of protesters descends on the Soldier’s home which is two states and a thousand miles away from the disaster zone. Sadly, the Soldier’s wife and their young children are trapped at home by the crowd. They are terrified.

Does this scenario sound too farfetched? It really is not. As the ongoing conflict between Ukraine and Russia demonstrates anything is fair game for disinformation. From stating the Ukrainians have conducted genocide against Russian speakers, to using deep fakes of the Ukrainian President declaring surrender, to even twisting history to insinuate that Ukraine has always been part of Russia, the intentional disinformation has been wide-ranging [i]. Since Russia’s linkage to the disinformation campaign’s in the 2016 US Presidential Elections (and long before that during the Soviet Union), it is not a stretch to assume that foreign actors would use a significant disaster to drive wedges between the American public and the government [ii]. The other challenge for planners at all levels is the fact that disinformation and misinformation can also come from sources inside the United States today driven by social media.

Part II: The “New” Information Environment (IE)

In 1994, the Netscape web-browser introduced a graphical user interface (GUI) for the internet and the world changed. The internet was no longer the domain of academia, government, nerds, and a few lucky technologists – it was now for everyone. E-commerce soon followed, giving birth to the Amazons, eBays, and (unfortunately) the Silk Roads of the world. Social media was next moving from Myspace to Facebook soon followed by Twitter, Instagram, and TikTok. The rapid growth of the internet spurred incredible leaps in technology; practically everyone has a smartphone in their pocket which has more than enough power to fly an Apollo mission to the moon [iii]. More importantly, smartphones and other similar devices are always connected to the internet with their users only one click away from content they may or may not want or need. Social media apps are linked to their host device cameras and microphones for instant livestreaming and content sharing. Who doesn’t want to know what you ate for breakfast this morning?

It is critical to understand the capabilities these devices provide (both good and bad) and how the narrow viewpoints that can be driven via social media are potentially detrimental to society. Just as these mobile devices can and do shed light on injustices, the content captured and shared can and will also be used by malign actors to drive wedges in public opinion at a time and place of their choosing. In the United States where free speech is a cherished right, there is very little - control over what people record and post online beyond what is illegal. By extension, users of social media have zero control over what malign actors decide to use against us when it comes to online content. What we can do is accept and understand that there is both innocent and malicious use of online content happening whether we like it or not.

Part III: The Problem -Misinformation Disinformation Malinformation in the IE

Before describing how to leverage the IE, it is important to understand MDM (Misinformation Disinformation Malinformation). MDM represents the negative side of the IE and is summarized in the following graphic:

Figure 1 - MDM [iv]

MDM should be viewed from the lens of how the information is used by a threat actor which is intent. Information by itself is neither good nor evil. In 2018, the Cybersecurity and Infrastructure Security Agency’s (CISA) predecessor agency formed the Countering Foreign Influence Task Force (CFITF) to address foreign threat actor activities that occurred during the 2016 Presidential Elections [v]. After numerous investigations, multiple US Federal Government entities ascertained that Russia’s Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU) conduct numerous activities against the elections. Using old tactics, but enabled by modern social media platforms GRU was able to spread disinformation far and wide [vi]. In 2021, the CFITF became the CISA MDM Team working with the Federal Bureau of Investigation, the Department of State, Department of Defense (DoD) and other agencies to address this growing challenge [vii]. Within the DoD, United States Cyber Command (USCYBERCOM) leads the missions to protect US elections which includes addressing the MDM threat.

In 2020, the COVID-19 pandemic became the best example of MDM to date. From issues spanning public restrictions, school closings, mask requirements, and vaccines the pandemic supplied an environment rife for MDM. Multiple threat actors inside and outside of the United States took advantage of the situation to create public doubts in previously trusted information sources. COVID-19 MDM was not limited to the United States. Dubbed the “disinfodemic” by the United Nations Educational, Scientific, and Cultural Organization (UNESCO), the analysis presented spanned four formats (figure 2) and nine thematic areas [viii].

Figure 2 - Disinfodemic Formats [ix]

Throughout the pandemic, it was not uncommon for threat actors to make extensive use of phishing to redirect unsuspecting victims to malicious websites with the promise of false cures. Other websites would purport to be “official” government organizations but would deliver messages opposite to legitimate information. One of the unique global thematic areas identified by UNESCO was “Celebrity-focused” disinformation from false stories of illnesses to celebrities themselves sharing suspect information. When considering the reach of celebrities in the era of social media their positive or negative statements about any topic have significant influence.

The unfortunate result of the MDM observed during the COVID-19 pandemic has provided the playbook for both internal and external threat actors to take advantage of a crisis. Considering the scenario presented, it is not unthinkable that numerous threat actors would look to leverage the situation for their own nefarious purposes. Leveraging MDM though the IE, threat actors could easily make life difficult for TF76 Soldiers.

Part IV: Leveraging the IE in DSCA and Homeland Defense (HLD)

As the wars in Iraq and Afghanistan have wound down, the Army has taken stock of the next fight refocusing on near-peer threats (Russia and China). Incorporating the advance of technologies across the Warfighting Domains (Air, Land, Sea, Space and Cyberspace), the doctrine construct of Multi-Domain Operations (MDO) was created to frame the importance of the information linkages to successfully conducting missions assigned to the Army and Joint Force. In MDO, there are now three pieces to the continuum of operations: Competition (training and demonstrating capabilities), Crisis (maintain contact in all domains), and Conflict (sustaining the fight and conducting operations in all domains) [x]. Additionally, within MDO, Strategic Support Areas including the US Homeland are considered part of the broader area of operations across Competition, Crisis, and Conflict [xi]. The term “contested homeland” [xii] is used to describe this new concept where operations (cyber, electronic warfare, and information) in the information environment will likely impact the lives of everyday Americans in time of war. In contrast, during World War II it was unlikely the Axis Powers would strike the Continental US. In the Competition, Crisis, and Conflict model of the 21st Century, the perceived safety of being surrounded by two oceans is no longer valid considering the reach of the Cyberspace Domain.

The shift in focus to MDO and a contested homeland has many implications for the Army in DSCA and HLD. When the American people see someone in a military uniform, they have expectations: politeness, a “Yes Sir/Ma’am” or “No Sir/Ma’am” response, and even a humble response when a “thank you for your service” is offered. Let’s get back to the story we started with, a cyber-attack and subsequent explosion at nuclear plant. Millions of American citizens are suffering and they’re angry, frustrated, and scared. The response to the attack by all organization, including the Task Force 76 seems terribly slow. Thousands are dead and injured. On social media outlets, voices seem to confirm the slow response. The military public press releases on the disaster are 100% truthful and transparent: “We’re doing all we can to help FEMA and other lead Federal agencies!” This is what the Army does in DSCA: support the lead agency. Unfortunately, in large crisis situations the chorus of negativity on social media drowns out any positive messages about or posted by responding organizations from any level, even those from the military.

In DSCA and HLD, the IE is vitally important to any Commander. From the perspective of Army Warfighting Functions, information effects are part of the Commander’s “Fires” but they are the primary option in the homeland [xiii]. With this in mind the primary delivery of Fires in DSCA and HLD is the Public Affairs Team who delivers the Commander’s themes and messages synchronized with the FEMA Joint Information Center (JIC) [xiv]. But how does the Commander know if the messaging is reach those who need to hear it? This is where the IO professional comes into play in DSCA and HLD operations. The IO professional constructs a Combined Information Overlay (CIO) [xv] to present the IE to the Commander and their staff. In DSCA and HLD, a CIO for a given operating area contains the locations/status of television and radio stations, civilian communication systems status, news reporting, social media posts, tactical spot reports, and much more. The CIO helps the Commander visualize the “why” of activities in the IE and physical world. For example, why are affected civilians protesting and stopping convoys in a certain area? Looking at the CIO, the IO professional may see social media posts that a group of civilians feel ignored when it comes to distribution of relief supplies. The Staff can then bring this to our FEMA partners to collaborate on the solution.

In another example, in analyzing social media posts and trends, the IO professional identifies Soldiers potentially acting unprofessionally creating a negative perception of the military and its ability to carry out the mission. While the US Army does not conduct influence operations in the United States and territories, what we do HAS influence. Drawn from the IO concept of presence, posture, profile it is the simple lesson that what you do in public – good or bad – will now be preserved on the internet forever. Additionally, what “you” do (and it may not even be your own personnel) can be misinterpreted and leveraged for or against the best intent of any organization with or without context. For example, Army National Guard Military Policeman carrying their service weapons in and around Army Reserve and Active Duty personnel responding to an incident will fast become the hashtag #martiallaw. In the context of a response to a DSCA or HLD crisis, even misinterpretations will be picked up by both domestic and foreign threat actors to drive wedges and create mistrust in spite of the military’s best effort to save the lives of their fellow Americans.

The IE is a very real player in DSCA and HLD missions and it must be planned for and addressed at all levels of command. From an authorities perspective, Joint Publication 3-28 notes that the Chairman, Joint Chiefs of Staff Instruction 3110.05 (Military Information Support Operations Supplement to the Joint Strategic Capabilities Plan) specifically authorizes the use of both Military Information Support Operations (MISO) and Civil Affairs Information Support “in response to natural disasters or security crises within the US and its territories” [xvi].

Part V: Doctrinal Recognition

The time to reset doctrinal thinking for Information Operations in DSCA and HLD is NOW, and the Army doctrine writers agree! In May 2022, the updated Field Manual (FM) 5-0: Planning and Orders was published, and it included a major addition to a well-known mnemonic: METT-TC has become METT-TC(I) (Mission, Enemy, Terrain and Weather, Troops and Support Available, Time Available, Civil Considerations, and INFORMATION). Per FM 5-0, “Informational considerations is expressed as a parenthetical variable in that it is not an independent variable, but an important component of each variable of METT-TC that leaders pay particular attention to when developing understanding of a situation” [xvii].

Similarly, in October 2022, the refreshed FM 3-0 Operations delivered the Army’s view of multidomain operations (MDO) (Land, Maritime, Air, Space, and Cyberspace), integrated three dimensions of the operational environment (Human, Information, and Physical) as shown in figure 3 [xviii]:

Figure 3 - MDO Domains and Dimensions [xix]

The three MDO dimensions closely align with those defined in the FM 3-13 Information Operations for the IE – Physical, Informational, and Cognitive [xx]. The specific inclusion of these concepts in FM 3-0 is a recognition the Army that the IE can no longer be an afterthought regardless of the type of operations. In the context of the scenario leveraged throughout this article, DSCA and HLD are rightfully considered “contested” operations in the eyes of doctrine writers. As such, the information dimension and its effects must be accounted for in training and exercises long before real world operations in the United States and its territories or risk a variety of threat actors leveraging it against the Army and Joint Force partners.

When Army Functional Areas (FA) were created, FA30 Information Operations was one of the first added and in many respects ahead of its time. As recently as 2021, it has been argued that Army IO practitioners faced an “identify crisis” with Commander’s not understanding how to leverage the power of IE effects broadly [xxi]. The new FM 3-0 and FM 5-0 have squarely defined the need for IO personnel in with the IE spanning the MDO. While Army IO personnel are typically found in Brigades and above, the training pipeline has and continues to produce operators from those with related Additional Skill Identifiers to fully qualified FA30s. It is likely that there are IO-ready personnel in Battalion formations and lower. Commanders at all levels should seek out these personnel and integrate them into the Military Decision-Making Process (MDMP) to leverage IE in all contingencies. Specific to DSCA and HLD, implementing an Information Operations Working Group for all these operations is the first starting point with information effects representing the Fires Warfighting Function. Unified Action in DSCA and HLD will not be successful without deliberate integration of these effects.

Part VI Conclusion

Near the end of 2020, the Sergeant Major of the Army (SMA) joined Instagram to meet Soldiers where they get their information: on social media. Since that time, the SMA has addressed a variety of issues directly with the force, including mental health, Soldier suicides, and NCO leader empowerment and more [xxii]. This is Army’s most Senior NCO leveraging the power of information and the tools of the IE to improve the lives of Soldiers! However, what may be lost here is the influence the SMA’s posts have both in the United States and overseas. Without a geographic audience assessment, it is almost impossible to determine the reach of the SMA’s influence. It is reasonable to ask whether the SMA’s posts have been used for propaganda in near-peer competitor countries as fodder to undermine the US Army globally. There are even more recent examples of senior personnel using social media to deliver the Army message, while others share their personal opinions (which may be a violation of the UCMJ [xxiii]). In every case the messages or opinions created influence and opportunities for threat actors to introduce their own spin.

Let’s return to where it all started: TF76’s DSCA operations in response to the cyber-attack and near nuclear meltdown. The scenario presented is not that far from the realities faced by Commanders at home and abroad. By understanding the potential impact of the IE in MDO and incorporating the facets of the information dimension into MDMP, Commanders can seize the initiative through IO regardless of the environment.

References

i. Disinformation About Russia’s invasion of Ukraine - Debunking Seven Myths spread by Russia | EEAS Website. (2022, March 18). Www.eeas.europa.eu. https://www.eeas.europa.eu/delegations/china/disinformation-about-russias-invasion-ukraine-debunking-seven-myths-spread-russia_en?s=166

ii. Rid, T. (2020). Active Measures: The Secret History of Disinformation and Political Warfare. Farrar, Straus & Giroux.

iii. Tibi Puiu. (2015, October 13). Your smartphone is millions of times more powerful than the Apollo 11 guidance computers. ZME Science; ZME Science. https://www.zmescience.com/science/news-science/smartphone-power-compared-to-apollo-432/

iv. Demboski, I. T. R., and I. T., with lead analysis by Morgan. (2022, February 15). Deception and Intent: Understanding Cyber Disinformation Campaigns. Security Boulevard. https://securityboulevard.com/2022/02/deception-and-intent-understanding-cyber-disinformation-campaigns/

v. DHS Needs a Unified Strategy to Counter Disinformation Campaigns. (2022). https://www.oig.dhs.gov/sites/default/files/assets/2022-09/OIG-22-58-Aug22.pdf

vi. Mueller, R. (2019, March). Report On the Investigation into Russian Interference in the 2016 Presidential Election, Volume I of II. https://www.justice.gov/archives/sco/file/1373816/download

vii. MDM | CISA. (n.d.). Www.cisa.gov. https://www.cisa.gov/mdm

viii. Posetti, J., & Bontcheva, K. (2022). Disinfodemic: deciphering COVID-19 disinformation. Unesco.org. https://unesdoc.unesco.org/ark:/48223/pf0000374416

ix. Posetti, J., & Bontcheva, K. (2022). Disinfodemic: deciphering COVID-19 disinformation. Unesco.org. https://unesdoc.unesco.org/ark:/48223/pf0000374416

x. Army Multi-Domain Transformation Ready to Win in Competition and Conflict Chief of Staff Paper #1. (2021). https://api.army.mil/e2/c/downloads/2021/03/23/eeac3d01/20210319-csa-paper-1-signed-print-version.pdf

xi. The US Army in Multi-Domain Operations 2028. (2021). https://api.army.mil/e2/c/downloads/2021/02/26/b45372c1/20181206-tp525-3-1-the-us-army-in-mdo-2028-final.pdf

xii. Tussing, B., Powell, J., & Leitzel, B. (2022, April 7). Contested Deployment. https://press.armywarcollege.edu/cgi/viewcontent.cgi?article=1944&context=monographs

xiii. TC 6-0 Training the Command and Control Warfighting Function Headquarters, Department of the Army. (2021). https://armypubs.army.mil/epubs/DR_pubs/DR_a/ARN31776-TC_6-0-000-WEB-1.pdf

xiv. National Incident Management System Basic Guidance for Public Information Officers. (2020). https://www.fema.gov/sites/default/files/documents/fema_nims-basic-guidance-public-information-officers_12-2020.pdf

xv. FM 3-13 Information Operations. (2016). https://armypubs.army.mil/epubs/DR_pubs/DR_a/pdf/web/FM%203-13%20FINAL%20WEB.pdf

xvi. Defense Support of Civil Authorities. (2018). https://www.jcs.mil/Portals/36/Documents/Doctrine/pubs/jp3_28.pdf

xvii. FM 5-0 Planning and Orders Production. (2022). https://armypubs.army.mil/epubs/DR_pubs/DR_a/ARN35403-FM_5-0-000-WEB-1.pdf

xviii. FM 3-0 Operations. (2022). https://armypubs.army.mil/epubs/DR_pubs/DR_a/ARN36290-FM_3-0-000-WEB-2.pdf

xix. FM 3-0 Operations. (2022). https://armypubs.army.mil/epubs/DR_pubs/DR_a/ARN36290-FM_3-0-000-WEB-2.pdf

xx. FM 3-13 Information Operations. (2016). https://armypubs.army.mil/epubs/DR_pubs/DR_a/pdf/web/FM%203-13%20FINAL%20WEB.pdf

xxi. Young, B., & Wood, J. (2021, March 2). The Army’s Information Operations Profession Has an Identity Crisis. U.S. Naval Institute. https://www.usni.org/magazines/proceedings/2021/march/armys-information-operations-profession-has-identity-crisis

xxii. Rocke, E. (2021, January 10). Sergeant Major of the Army Turns to Instagram to Improve Command Climate, Meme Pages Respond. Coffee or Die. https://www.coffeeordie.com/sergeant-major-army-instagram

xxiii. Roedwig, C. (2012, February 12). Social media misuse punishable under UCMJ. www.army.mil. https://www.army.mil/article/73367/social_media_misuse_punishable_under_ucmj

About the Author

Colonel Brad Rhodes is the G6/Chief Information Officer for the 76th Operational Response Command (US Army Reserve) delivering communications for the Nation’s CBRN response mission. In his day-to-day, Brad is a Senior Manager at Accenture Federal Services in Denver, CO. He holds numerous professional certifications with 25+ years of experience in the military, government, and private sectors. Brad's major research includes utilizing Open-Source capabilities to help organizations close security gaps, characterize their cyber operating environments, and gain visibility to stacks of data. He's been known to drown Lego people illustrating the reality of cyber effects.