The digital realm is an increasingly important dimension of contemporary battle-space. We have focused our attention on cyber-threats, limited attention paid to challenges arising from the malicious use of openly available digital information regarding military organisations. The adversary does not need significant resources or advanced cyber capabilities to pose a threat, when social media and connected technologies are easily accessible, providing information and infrastructure that can be exploited by anyone with access to an internet-enabled computer.
Social Media is a fair mix of human psychology/social behaviour with the internet of things. It is correct except that the human angle, in my opinion, is 70 per cent and the network the balance 30 per cent. The personal internet was available even in the early 90s it was the synthesis of the human urge to communicate with a person (a face) vis an IP address that brought the explosive growth of social media platforms. Then came the smartphone, the handheld connected-computer that brought the world into our palms. The benefits of this convergence are undeniable, but from phones to watches, everything is becoming a computer. It is an achievement to rejoice, but if everything is becoming a computer, then everything is also becoming a potential surveillance device.
The survivability of any military force is a principal consideration in strategic planning and decision-making, with implications that extend well beyond military operations and into issues such as public support and political cohesion. It is evident every day how the nation’s military protects its members. Recently media highlighted the steps taken by the Army for safeguarding soldiers against the coronavirus, over and above the measures constituted by the government and we have always seen how the security of various bases and ports administered to guard these vital assets. Similar to physical security, digital security is also an aspect that keeps military planners on their toes.
We have heard of measures like app ban, smartphone ban, wearable devices ban highlighted in various reports coming out from the military. There is no denying that they are effective but there is no silver bullet solution here. Being such pervasive technology apps like Facebook and devices like smartphones and smartwatches are virtually adsorbed onto our daily lives. Their functionality is today a necessity with e-banking, e-commerce and even crucial contact tracing platforms being inescapable requirements. Thus, such a non-implementable total digital isolation, as a protective measure, is of limited value, to say the least.
Removing mobile phones from defence personnel in official areas or during exercises and operations may be critical for operational security in many contexts, but it does not remedy the complex threats in the digital domain. An individual’s digital footprint is not made in a day. The data-points get collected over years of internet activity, processed through machine learning and artificial intelligence-based computational processes, creating an online profile. Leaving the smartphone outside a particular office, five days a week is a simple indicator that you work inside that office.
Subroutines transmitting such location data from your device are even embedded in basic map applications and one does not need covert surveillance infrastructure to extract the same. Similar results can be concluded from analyzing any other interfaced app. Flightradar24 gives info on even air force C-17 flights, geo-tagged selfies have been known to reveal even isolated border locations and it does not matter if the photo is shared on Facebook or WhatsApp or even just emailed, the location metadata is embedded in the pic and has nothing to do with the app.
The military may isolate the individual, but crowd-sourced open information is an even simpler way of getting critical inputs. Recently, a twitter handle posted an old photograph having officers of an elite unit. While many of those must-have retired, the comments to the tweet by people having the urge to participate in a discussion, showcase their awareness and naturally seek acknowledgement, gave away the identities of many in the photograph.
Cases of people identifying areas and commenting on the military significance of the same are routine and unfortunately can’t be wished away. Information about military capabilities, such as personnel and equipment numbers, can even be obtained from civilian and commercial sensors, such as footage from publicly available or misconfigured traffic and CCTV cameras. It is not that one event is detrimental to the security, but it is the long-term information matrix that can be webbed from such data points that creates the concern.
The defeat of an adversary, by whatever mechanism, is a cognitive outcome. It is the accumulated stresses of combat and perceptions of a situation that leads to fear, flight, or surrender. The military can be made to perceive the enemy’s relative advantages as a battle unfolds and conclude (through cognition) that the cost of continuing will exceed the possible benefits. Trained for kinetic warfare, military leaders struggle to engage with the complete spectrum of the cyber domain, especially the open domain espionage. The adversary is so distributed that conventional thought of carpet-bombing or armoured punch-through can’t be employed and force-wide digital isolation is not a realistic long-term possibility.
It is where active, adaptive digital camouflage can appear as an option. Camouflage, as a concept, is many times confused with concealment. To camouflage is to merge with the surroundings to make you indiscernible to the observer whereas to conceal is to protect from view. Digital camouflage works on enmeshing military digital information with other ‘noise data’ thereby denying the enemy the ability to zero in on the information and process it into intelligence. But this has to be pre-emptive and adaptive.
Pre-emptive measures that create systemic resilience against the malicious use of digital information are critical. Raising awareness about adversarial risks related to the social media information environment is a critical first step but this general awareness needs augmentation with specific education activities, internal communication measures, evolving regulations etc. This countermeasure is likely to be preferred by militaries as it is based on fundamental deception operations. The measures should protect critical information in one or more of the following ways: minimizing predictable patterns of online behaviour and camouflaging indicators when they can’t be avoided by pairing them with meaningless changes giving out an alternative interpretation for the indicators. Once military commanders adapt these aspects in their mission plan, technical specialists can be tasked for implementation.
Extracting of information from the open internet, especially with an overdose of social media posts, is an abundance of low-hanging fruit, where a small investment can pay large dividends. One can counter the adversary only by proactively keeping him occupied in the OODA loop. A distributed denial of opportunities, planned into the operational philosophy is the future on our doorstep. Camouflage is useful for concealment, but it is not a replacement for offensive capabilities. Force preservation in the digital domain needs to be integral in our strategic communication plan.