TERMS OF REFERENCE

(Draft Last Updated 22 October 2001)

MORS Workshop

 

OPERATIONS RESEARCH METHODS FOR INFORMATION OPERATIONS:

A BATTLESPACE OF THE 21st CENTURY

9-11 April 2002, Booz Allen and Hamilton, McLean Virginia

 

 

1.  Background

 

In today’s world of multiple agents, national and transnational players operating in an environment that lacks a single superpower threat, the United States must develop and maintain the ability to conduct operations in the information realm while defending against a myriad of threats to our own critical information infrastructures. Information is a strategic resource that is vital to national security and well being. Joint Doctrine 3-13 defines Information Operations (IO) as actions taken to affect an adversary’s information and information systems while defending one’s own information and information systems. This definition covers not only crisis or conflict driven information warfare, but also a wider set of objectives and goals that occur on a continual basis, whether in peacetime or crisis. These goals include offensive, defensive, and assurance considerations for information, information systems, and information processes. Information Operations covers the spectrum from hardware, software, and “wetware” (human) issues of offense, defense, assurance and response. The recent Presidential Commission on Critical Infrastructure Protection highlights how these issues affect not only the military, but also industry, government, and citizens in general.

 

2.  Issues

 

2.1 What is IO?

 

Fundamental to being able to execute our information operations missions is to have a deep and thorough understanding of what the term entails. While joint doctrine provides a definition of information operations, its precise meaning to different individuals depends on the respective background, experience, and frame of the particular listener. If one asks what the population of a “large” city would be, the figure that comes to mind to a resident of Ten Sleep, Wyoming or Three Forks, Montana will be different than the value that comes to a resident of New York City, Los Angeles, or Bombay. In the same way, the conceptualization of the meaning of information operations will be different to an NCO or clerk responsible for the assurance of three office PCs that perform unclassified processing than it will be to a DOD secure network manager or a web site provider responsible for e-commerce.

 

If the OR analyst is to successfully model the information battlespace, a prerequisite is that an exact meaning of terms be agreed upon.  While it may seem that doctrine has provided these meanings, that may or may not be the case. Would an IO attack by the US, triggered by a perceived threat, be considered an offensive or defensive measure? Would it matter to any modeling and analysis? Are Information Operations fundamentally different from other military operations, or do they just happen at a faster rate with more potential points of access? Are information technology and operations a radical change in the way we do “business” or is an Immelmann still an Immelmann whether it starts at 90 MPH in a Spad or at Mach 1.0+ in an F-16?  Information and its use in operations (whether in a “hot” or “cold” war) have always been a key consideration. The information age is changing what information is available, how it is transmitted and stored, how it is used, and our dependence upon it. A key to the modeling and analysis of IO is the determination of what is fundamentally different and what may be considered a parameter change or an assumption change in existing models.

 

2.2 How to Measure IO

 

Coupled with the problem of a precise meaning of information operations is the question of measures and metrics to evaluate them. Kaplan and Norton [Kaplan and Norton, 92], in an article in Harvard Business Review, state that “we manage what we measure.” This is a fundamental truth in all organizations. To assure that we are managing information operations properly, it is critical that we develop accurate, precise, and properly constructed measures for information operations that are tied to what is important about IO to the organization.

 

2.3 Operations Research (OR) Applied to IO

 

Good IO OR efforts do exist. Unfortunately, many of these efforts, due to real security needs, have been adopted in “stovepipe” fashion. This need for security, coupled with the evolving areas of responsibilities for IO and the occasional all too human tendency towards a “not invented here” mindset, has limited some of the general discussion of the application of OR to IO. MORS is in the forefront of addressing the issue of communicating IO OR information. This is apparent through the creation of Working Group 8 Information Operations/Information Warfare and the sponsorship of a special issue of Military Operations Research. Even with these efforts, however, an OR focused forum for more communication and interchange of ideas is required.

 

2.4 Rising Threat

 

The threat of cyber attacks is rising. In addition, technology has allowed recent adversaries to wage increasingly complex information campaigns against our leadership, our forces, and our people. The necessary involvement and cooperation required among domestic law enforcement agencies (at the federal, state, and local levels) with military and intelligence agencies in tracking and capturing hostile operatives within the US and its territories create specific operational constraints and requirements. Table 1 suggests the magnitude and nature of the underlying problem. Although thousands of “hacks” occurred in 1999, only three FBI legal actions were issued.

 

Figure 1, taken from the Computer Emergency Response Team's web site, shows an exponential growth in the number of cyber incidents. The service CERTs have experienced the same type of growth in incidences. 

 

 

Figure 1
[http://www.cert.org/stats/cert_stats.html]

 

 

 

3.  Goals and Approach

 

This workshop will seek to address the issues summarized above with a three-phase approach.

 

3.1 IO Overview

 

The goal of the first phase of the meeting, the Plenary Session, will be to establish a common baseline.  We will review what IO is (and is not). Presentation and discussion will center on how IO is fundamentally different from past military operations and how it is the same.  A review of doctrine and concepts will be presented. Domain experts will be drawn from the IO community to provide a current, accurate, and creditable review and background of IO concepts.

 

3.2 State of the Art in Analyzing IO

 

The goal of the second phase of the meeting is to draw on the key analysis centers dealing in IO/OR analysis. These centers of excellence will be called upon to present (subject to appropriate security requirements) the current “state of the art” in IO/OR in their respective organizations. An overview of what is being done in each center of excellence will be provided in a common session. There will then be Working Group sessions; each with a specific focus of presenting what is currently “hot” across the spectrum of IO with these experts and their organizations.  Working Group session topics will include: 1) MOEs/BDA for IO; 2) Intel/Decision Support Tools; 3) Defending Information; 4) Human Elements in IO; 5) Critical Infrastructures (both offensive and defensive). The working groups will focus in on identifying and clarifying the IO OR needs and requirements in each of their respective areas and in overlapping areas.

 

3.3 Top 10 IO/OR Challenges

 

The third phase of the meeting will be directed again at drawing on the collective expertise of the presenters and attendees to develop a set of IO/OR “challenges” for the future. These will be the areas that the collective group believes will be the highest potential areas for the military analyst to attack in the future. The group will rank the top 10 challenges, outlining the needs and requirements for each. Workshop participants will be encouraged to bring their key challenges to the workshop.

 

4.  Products

 

4.1 IO/OR Primer

 

It is our intention to organize the presentations and discussions from the first two phases outlined above into an “IO/OR Primer.” This will give the analyst new to the IO field

1)     an overview of the key IO and OR issues developed in the first phase, and

2)     a state of the art snapshot of the analytical models and approaches in use in the defense establishment at the time of the meeting.

While we recognize the information in the “Primer” is available from a variety of sources, it is our intention to coalesce this information into an OR focused overview, to supplement these other sources, not supplant them. It will be important to compare and contrast areas were the services are similar and where they have fundamental differences in their concepts, practices and processes for IO. An appropriate reference list will be provided with the “Primer." It is assumed that this “Primer” will ultimately be made available through MORS to a wider audience than just the meeting participants. (This assumes proper classification level or levels. In keeping with MORS practice, every attempt will be made to keep the workshop report unclassified.)

 

4.2 Executive Summary

 

An Executive Summary will be developed for the MORS office and the Sponsors. 

 

4.3 PHALANX Article

 

The output of the third phase of the meeting, the Top 10 IO/OR Challenges of the Future, will be developed into an article for PHALANX. The challenges will be presented to the military OR community as key areas for future efforts. It is hoped that the challenges will stimulate innovative, insightful approaches, and applications of operations research to the challenge areas. (This also assumes proper classification level or levels.)  The Top 10, along with the Executive Summary, will be incorporated into a PHALANX article.