Cybersecurity & Tech

On the Integration of Psychological Operations with Cyber Operations

Herb Lin
Thursday, January 9, 2020, 11:40 AM

When U.S. Cyber Command gets involved with psychological operations, what is the role of military psy-ops troops?

Servicemembers participating in "Cyber Flag," a weeklong cyber exercise in July 2019. (U.S. Cyber Command Public Affairs)

Published by The Lawfare Institute
in Cooperation With
Brookings

In a story released on Christmas Day, 2019, the Washington Post reported that U.S. Cyber Command is “developing information warfare tactics that could be deployed against senior Russian officials and oligarchs if Moscow tries to interfere in the 2020 U.S. elections through hacking election systems or sowing widespread discord.” According to this story, one option being explored is the targeting of “senior leadership and Russian elites (though probably not President Vladimir Putin, which would be considered too provocative)” to demonstrate that the “sensitive personal data” of these individuals could be hit if the election interference did not stop. The Post article also quotes Lawfare’s Bobby Chesney saying that such actions would send “credible signals to key decision-makers that they are vulnerable if they take certain adversarial actions.”

The Post described these activities as psychological operations, the internet-based equivalent of “dropping hundreds of thousands of leaflets in Iraq to persuade Iraqi soldiers to surrender to the U.S.-led coalition during the Gulf War.” Elsewhere in the story, the paper refers to such actions as influence operations and information warfare. However, the story is careful to note that the options being considered “do not envision any attempt to influence Russian society at large.”

A second story, reported in September 2019 by NPR, also discussed certain Cyber Command activities aimed at causing psychological effects on adversaries. In particular, Operation Glowing Symphony was intended to degrade and disrupt online Islamic State efforts for propaganda, communications, fundraising and recruitment. According to NPR, much of this effort focused on creating an endless series of technology annoyances and time-wasting interruptions that degraded and disrupted the workflow of Islamic State network operators significantly. The NPR report referred to these activities as “psychological operations with a high-tech twist” because they were intended to cause high levels of emotional frustration in Islamic State operators and presumably to degrade their operational effectiveness as a result.

Both of these stories are important. Here, I’ll remain silent on the wisdom or likely effectiveness of such tactics. Instead, I want to raise a question of comparative institutional expertise within the U.S. government. Since Cyber Command’s inception, it has specialized in the conduct of cyber operations (and thus has concentrated on acquiring the technical expertise that such operations require). I have the utmost respect for the technical talents of those at Cyber Command, but they have not recruited for expertise in psychological operations. Even today, a scan of jobs available at Cyber Command reveals many jobs requiring technical expertise or background and zero jobs requiring psychological expertise or background.

How can cyber operations be regarded as psychological operations? A plausible answer to this question is that cyber operations are important instruments through which psychological effects can be generated. The Defense Department definition of psychological operations (or military information support operations, as they are now known in the department’s lexicon) is the conveyance of “selected information and indicators to foreign audiences to influence their emotions, motives, objective reasoning, and ultimately the behavior of foreign governments, organizations, groups, and individuals in a manner favorable to the originator’s objectives.” Glowing Symphony activities conveyed selected information (information causing glitches in information technology) to foreign audiences (Islamic State network and cyber operatives) to influence their emotions (the Islamic State operators become angry and frustrated), motives, objective reasoning (when frustrated, calm and objective reasoning is difficult), and ultimately the behavior (Islamic State operatives become less efficient and effective in performing their own cyber missions) of foreign organizations (the Islamic State) in a manner favorable to the originator’s objectives (i.e., the anti-Islamic State objectives of the United States).

Nevertheless, cyber operations are intended to hack silicon-based processors and technology, while psychological operations are intended to hack carbon-based processors (that is, human brains). When an organization’s expertise is primarily with the former, how does it obtain the expertise to execute operations to optimize the outcomes of the latter? That is, when Cyber Command gets involved with psychological operations, what is the role of military specialists in psychological operations, most of whom would be found at U.S. Special Operations Command (SOCOM), whose core activities include psychological operations?

Press reports have been silent on the nature of the integration, if any, of military forces specializing in psychological operations into cyber operations, and it is possible that the Cyber Command activities in these reports do make use of such expertise. But to the best of my knowledge, there is no joint activity that brings together the cyber operations experts at Cyber Command and the psychological operations experts at SOCOM as equals. There should be.

Cyber Command is apparently carrying much of the burden of responding to Russian election interference, presumably because Russian activities have been conducted largely through cyber means. (The U.S. law enforcement community has tried to respond as well but is largely thwarted by its inability to reach across national borders.) Yet much of election interference is not a cybersecurity problem or even a cyber problem as the term is usually understood. Rather, it is a problem of malign influence operations. As far as Russia is concerned, most of the expertise of the U.S. cyber community is focused on only a portion of its malign influence campaigns.

Consider, for example, the substantial efforts underway in the United States and elsewhere on cybersecurity. These activities and the budget lines that support them are organized largely around technical topics requiring expertise in computer science, electrical engineering, mathematics and so on. But substantially less activity is devoted to understanding the science and practice of psychological operations, from either a defensive perspective or an offensive one. Where are those who know about social cognition and behavioral economics as the fundamental psychological science underlying influence campaigns? From the perspective of defense against Russian influence campaigns against the United States, where are the educators who can teach critical thinking skills needed to resist propaganda or the psychologists who study techniques for “inoculating” against misinformation? From the perspective of offense against the Islamic State, where are the psychologists who know about persuasion or the experts in advertising and marketing?

At I am writing, there is discussion within the Defense Department—specifically the U.S. Army—about the scope of U.S. Army Cyber Command responsibilities. Army Times reported in October 2019 that U.S. Army Cyber Command has proposed changing its name to Army Information Warfare Command, in recognition of its increasing responsibilities in operating below the threshold of armed conflict. Lt. Gen. Stephen Fogarty, commander of U.S. Army Cyber Command, noted that “sometimes, the best thing I can do on the cyber side is actually to deliver content, deliver a message. ... Maybe the cyberspace operation I’m going to conduct actually creates some type of [information operation] effect.”

True enough. But the expertise of U.S. Army Cyber Command, and U.S. Cyber Command as well, is on information delivery side of psychological operations. It is by virtue of long experience in executing influence operations that U.S. Special Operations Command has developed its extensive psychological and cultural expertise on the information content side of psychological operations. Bringing to bear the respective expertise of each command should thus enhance the synergies possible between cyber-enabled psychological operations and offensive cyber operations, and it would be most desirable if the two commands could partner rather than compete over the cyber-enabled psychological operations mission.

The technical dimensions of combatting adversarial influence operations are important, but the United States neglects the issue of content at its peril. The U.S. should be bringing to bear all of the relevant expertise from all parts of the Defense Department, the U.S. government, and indeed the nation to address the problem.

In the coming days or weeks, I will comment on some of the doctrinal (and conceptual) confusions within Defense Department doctrine regarding information operations, information warfare, psychological operations (also known as military information support operations) and cyber operations. I hope to provide some background on how this state of affairs came to be regarding the non-integration of cyber and psychological operations came to be—and how this forced me in writing this piece to conflate various elements (information operations, cyber operations, psychological operations, and military information support operations) in the Defense Department conceptual framework.


Dr. Herb Lin is senior research scholar for cyber policy and security at the Center for International Security and Cooperation and Hank J. Holland Fellow in Cyber Policy and Security at the Hoover Institution, both at Stanford University. His research interests relate broadly to policy-related dimensions of cybersecurity and cyberspace, and he is particularly interested in and knowledgeable about the use of offensive operations in cyberspace, especially as instruments of national policy. In addition to his positions at Stanford University, he is Chief Scientist, Emeritus for the Computer Science and Telecommunications Board, National Research Council (NRC) of the National Academies, where he served from 1990 through 2014 as study director of major projects on public policy and information technology, and Adjunct Senior Research Scholar and Senior Fellow in Cybersecurity (not in residence) at the Saltzman Institute for War and Peace Studies in the School for International and Public Affairs at Columbia University. Prior to his NRC service, he was a professional staff member and staff scientist for the House Armed Services Committee (1986-1990), where his portfolio included defense policy and arms control issues. He received his doctorate in physics from MIT.

Subscribe to Lawfare