Главная Manuals FM 3-13 Information Operations: Doctrine, Tactics, Techniques, and Procedures (NOVEMBER 2003)
|
|
|
_________________________________________ Information Operations Elements and Related Activities
2-41. The Army Computer Emergency Response Team (ACERT) deters, de-
tects, coordinates, responds, and reports Army INFOSYS security incidents.
Regional computer emergency response teams (RCERTs) deter, detect, coor-
dinate, respond, and report Army INFOSYS security incidents. Both the
ACERT and RCERTs unify CND efforts across networks. They assist G-6s in
the war against hackers, intrusions, and viruses, and provide other technical
assistance when needed. They co-locate with the United States Army Net-
work Operations and Security Center (ANOSC; see appendix F), enabling the
staffs to work closely together to protect networks and INFOSYS. Normally,
the network operations (NETOPS) centers identify a potential network at-
tack, either by direct observation or reports through the G-6 from impacted
users, and pass it to the ACERT for a response. (See appendix F for command
relationships.)
2-42. The complex nature of the Global Information Grid (GIG) requires close
coordination of all CND activities between the operations, intelligence, com-
munications, counterintelligence, law enforcement, and other government
agencies.
COMPUTER NETWORK EXPLOITATION
2-43. Computer network exploitation consists of enabling operations
and intelligence collection to gather data from target or adversary
automated information systems or networks. (This definition is consis-
tent with joint initiatives and is being staffed as a possible joint definition.)
Contribution
2-44. CNE contributes to intelligence collection at echelon above corps. (See
appendix F for command relationships.)
SUPPORTING ELEMENTS
2-45. The supporting IO elements are physical destruction, IA, physical secu-
rity, counterintelligence, counterdeception, and counterpropaganda. Physical
destruction can be employed as an additional means to influence decision-
maker or groups, or to target INFOSYS in support of information superiority.
Information assurance activities and network operations may be conducted
independently or may be initiated in response to event-driven CND opera-
tional guidance. Physical security can support IO by preventing unauthorized
physical access to personnel, equipment, installations, materiel, and docu-
ments. Counterintelligence investigations, operations, collection, analysis/
production, and dynamic functional services can be employed in support of
IO. Counterdeception contributes to situational understanding and defensive
IO by protecting friendly C2 systems and decisionmakers from adversary
deception. Counterpropaganda reduces the ability of adversary propaganda
to influence friendly forces and others in the AO. It attacks adversary
propaganda.
PHYSICAL DESTRUCTION
2-46. Physical destruction is the application of combat power to de-
stroy or degrade adversary forces, sources of information, command
2-11
FM 3-13 __________________________________________________________________________________
and control systems, and installations. It includes direct and indirect
fires from ground, sea, and air forces. Also included are direct ac-
tions by special operations forces. The G-7 synchronizes execution of IO-
related physical destruction with other IO elements and the fire support co-
ordinator. Physical destruction is tied to critical events and decision points in
the adversary decisionmaking processes or their underlying infrastructures.
Artillery is a major, but not the only, contributor to this IO element. The tar-
geting team assigns IO targets to the air and ground systems best able to at-
tack them (see appendix E).
Contributions
2-47. When used as an IO element, physical destruction is normally offensive
IO. Often destroying a target contributes to achieving both IO and conven-
tional objectives. However, commanders use physical destruction as an IO
element to disrupt, deny, degrade, or destroy the information, INFOSYS, the
decisionmaking process, or the decisionmaker.
2-48. Traditional, attrition-based capabilities for physical destruction that
can support IO include
• Field artillery.
• Close air support.
• Army aviation.
• Special operations forces.
• Air defense artillery.
• EA (electromagnetic pulse, directed energy).
• Selected joint/national resources.
• Naval or strategic air assets.
Staff Coordination
2-49. The G-7 coordinates EW, PSYOP, OPSEC, and MD with physical
destruction to achieve IO objectives (see JP 3-09; FM 6-20). The G-7 develops
IO-related targets and enters them into the command targeting process
(see appendix E).
INFORMATION ASSURANCE
2-50. Information assurance comprises information operations that protect
and defend information and information systems by ensuring their availabil-
ity, integrity, authentication, confidentiality, and nonrepudiation. This
includes providing for restoration of information systems by incorporating
protection, detection, and reaction capabilities (JP 3-13).
• Availability means timely, reliable access to data and services by
authorized users. Available INFOSYS operate when needed.
• Integrity means protection from unauthorized change, including destruc-
tion. INFOSYS with integrity operate correctly, consistently, and accu-
rately.
• Authentication means certainty of user or receiver identification and
authorization to receive specific categories of information.
• Confidentiality means protection from unauthorized disclosure.
2-12
_________________________________________ Information Operations Elements and Related Activities
• Nonrepudiation means proof of message receipt and sender identifica-
tion, so neither can deny having processed the data.
IA incorporates CND to provide a defense in depth that protects the GIG
against exploitation, degradation, and denial of service by employing
vigorous protection, detection, reaction, and restoration capabilities. This
incorporation allows for effective defensive measures and/or timely
restoration of debilitated networks and INFOSYS.
Contributions
2-51. IA attack contributes to defensive IO by protecting friendly information
and INFOSYS against friendly intrusion as well as adversary attacks. IA
uses a defense in depth that includes CND to counter adversary CNA.
2-52. IA defense in depth protects all networks, including their INFOSYS
(such as computers and radios) and infrastructure implementation (such as
gateways, routers, and switches). To contain damage and restore the networks,
it provides information protection, intrusion/attack detection, and reaction.
2-53. Information protection is accomplished with a full range of security
means. External and internal perimeter protection prevents unknown users
or data from entering a network. External means include communications se-
curity; router filtering/access control lists, and security guards. Where neces-
sary, physical isolation or barriers are placed between protected and unpro-
tected networks. Internal perimeter protection consists of firewalls and
router filters. These serve as barriers between echelons or functional
communities.
2-54. Intrusion/attack detection is accomplished by monitoring the perimeter
protection tools and devices to identify activities that violate security
policies. Selected events or occurrences (such as numerous log-on attempts
within a specific period) are monitored to detect unauthorized access and
inadvertent, malicious, or nonmalicious modification or destruction of data.
2-55. Network managers react to counter the effects of an incident on the
network. Reaction to a network or INFOSYS intrusion incorporates the capa-
bility to restore essential information services, as well as initiate attack re-
sponse processes. Disaster recovery capability requires stopping the breach
and restoring the network. A detailed continuity of operations plan facilitates
accomplishing these tasks.
2-56. The Army INFOSYS Security Program addresses security measures
that protect information and INFOSYS against all forms of threats (see
AR380-19). System development requires INFOSYS security planning during
acquisition, training, development, operations, and maintenance. When the
program is properly functioning, an in-depth system provides protection and
defense of information and INFOSYS (see Information Assurance: Legal,
Regulatory, Policy and Organizational Considerations for details).
Staff Coordination
2-57. The G-6 is responsible for IA. IA is one of the components of NETOPS
as is network management and information dissemination management. The
IA manager, IA network manager, IA security officer, systems administrator,
2-13
FM 3-13 __________________________________________________________________________________
and other G-6 staff members help the assistant chief of staff G-6 execute the
IA/NETOPS mission. The G-6 coordinates with the G-5 on the availability of
commercial INFOSYS and services for military use. The G-5 identifies and
assists the G-6 with coordination for military use of local communications
systems. The EWO coordinates with the G-6 to deconflict frequencies for EA
targets to ensure friendly IA is not affected. The G-2 provides information and
intelligence regarding threats to Army information and INFOSYS. The G-7
deconflicts IA with the other IO elements.
2-58. The G-6 disseminates the information operations condition (INFOCON)
to units and the staff. The INFOCON provides a coordinated structured ap-
proach to defense against, and reaction to, attacks on computers, networks,
and INFOSYS. The INFOCON statuses and their associated actions are—
• Normal (no significant activity).
• Alpha (increased risk of attack).
• Bravo (specific risk of attack).
• Charlie (limited attack).
• Delta (general attack).
2-59. Normal
(no significant activity). Under INFOCON Normal,
organizations take the following actions:
• Ensure all mission-critical information and INFOSYS (including appli-
cations and databases) and their operational importance are identified.
• Ensure all points of access and their operational necessity are identified.
• On a continuing basis, conduct normal security practices.
• Conduct periodic internal security reviews and external vulnerability
assessments.
2-60. Alpha
(increased risk of attack). INFOCON Alpha is imposed
when—
• Indications and warning indicate a general threat.
• Regional events are occurring which affect U.S. interests and involve
potential adversaries with suspected or known CNA capabilities.
2-61. INFOCON Alpha actions include—
• Increasing security for INFOSYS supporting planned or ongoing opera-
tions, contingencies or exercises for INFOSYS.
• Executing appropriate security practices; for example, increasing the
frequency of audit, review, and critical file back-up procedures.
• Accomplishing all actions required at INFOCON Normal.
2-62. Bravo (specific risk of attack). INFOCON Bravo is imposed when—
• Indications and warning indicate that a specific system, location, unit,
or operation is being targeted.
• A significant level of network probes, scans, or activities indicating a
pattern of concentrated reconnaissance are detected.
• Network penetrations or denial-of-service attacks are attempted but
have no impact to DOD operations.
2-63. INFOCON Bravo actions include—
• Executing appropriate defensive tactics.
2-14
_________________________________________ Information Operations Elements and Related Activities
• Executing appropriate security practices; for example, conducting
immediate internal security reviews of all critical systems.
• Accomplishing all actions required at INFOCON Alpha.
2-64. Charlie (limited attack). INFOCON Charlie is imposed when—
• Intelligence attack assessment indicates a limited attack is underway.
• An INFOSYS attack with limited impact on DOD operations is de-
tected; for example, little or no data or systems are compromised.
2-65. INFOCON Charlie actions include—
• Execute the maximum level of auditing, review, and critical file back-
up procedures.
• Consider imposing MINIMIZE on appropriate computer networks and
telecommunications systems. (MINIMIZE limits traffic to mission-es-
sential communications only.)
• Reconfigure INFOSYS to minimize access points and increase security.
• Reroute mission-critical communications through unaffected systems.
• Execute defensive tactics; for example, ensure increased reporting re-
quirements are met.
• Accomplish all actions required under INFOCON Bravo.
2-66. Delta (general attack). INFOCON Delta is imposed when—
• A successful INFOSYS attack that impacts DOD options is detected.
• Widespread incidents that undermine the ability of targeted INFOSYS
to function effectively occur.
• The effects of attacks or incidents produce a significant risk of mission
failure.
2-67. INFOCON Delta actions include—
• Execute the applicable portions of continuity of operations plans. For
example designate alternative INFOSYS and disseminate new commu-
nication internal and external procedures. Isolate compromised sys-
tems from the rest of network.
• Accomplish all actions required under INFOCON Charlie.
2-68. United States Strategic Command (STRATCOM) establishes the INFO-
CON. When the INFOCON changes, STRATCOM notifies the ACERT (see ap-
pendix F). The ACERT passes the new INFOCON to corps and division G-6s.
PHYSICAL SECURITY
2-69. Physical security is that part of security concerned with physical meas-
ures designed to safeguard personnel; to prevent unauthorized access to
equipment, installations, material, and documents; and to safeguard them
against espionage, sabotage, damage, and theft (JP 3-13). Effective physical
security ensures the availability of INFOSYS used to conduct operations. It is
based on
• Identifying mission-essential INFOSYS.
• Determining applicable risks and threat levels.
• Establishing relative security standards and using available resources
to achieve that level of physical security.
2-15
FM 3-13 __________________________________________________________________________________
• Determining applicable protection levels.
• Coordinating with higher and adjacent units and host-nation agencies.
• Developing contingency plans for natural disasters, terrorist actions, or
weapons of mass destruction attacks.
See AR 190-13 and FM 3-19.30 for physical security requirements and TTP.
Contributions
2-70. Commanders conduct physical security operations to safeguard resources,
including information and INFOSYS. Properly integrated, physical security
complements the other IO elements.
2-71. Physical security resources include the following:
• Physical security programs. Commanders establish physical security
programs appropriate to their command’s mission.
• Physical security specialists. Physical security specialists from the
provost marshal staff can identify vulnerable areas and recommend
appropriate countermeasures. Additionally, they can provide assessments
of unit physical security measures.
2-72. The G-7 synchronizes physical security measures with other IO
element operations. First-line leaders ensure soldiers know regulatory
requirements, understand how physical security measures protect
information and INFOSYS, and learn to recognize potential problem areas
in physical and information security.
Staff Coordination
2-73. The provost marshal holds staff responsibility for physical security. At
echelons where no provost marshal is authorized, the G-2 assumes this re-
sponsibility He conducts physical security operations to protect critical
assets, nodes, and sensitive materials. He coordinates with other staff offices
for physical security matters. The G-2 assesses physical security
vulnerabilities. The provost marshal informs the G-7 of suspected physical
security violations involving the elements of IO. He advises the G-6 of those
involving IM.
COUNTERINTELLIGENCE
2-74. Counterintelligence is information gathered and activities conducted to
protect against espionage, other intelligence activities, sabotage, or
assassinations conducted by or on behalf of foreign governments or elements
thereof, foreign organizations, or foreign persons, or international terrorist
activities. (JP 3-13).
Contributions
2-75. Counterintelligence (CI) operations support preserving essential secu-
rity and protect the force, directly and indirectly (see JP 2-01.2; FM 34-60).
They are tailored to the sensitivity of the unit and its vulnerability to ad-
versary intelligence surveillance and attack.
2-76. The CI mission is to detect, identify, assess, counter, neutralize, or ex-
ploit hostile intelligence collection. CI personnel are part of a vulnerability
2-16
_________________________________________ Information Operations Elements and Related Activities
assessment team (along with the provost marshal, engineers, medics, and
other personnel, as required). Normal CI activities also contribute to both of-
fensive and defensive IO. CI personnel do this through—
• Supporting information security, particularly through the enforcement
of regulation and conduct of investigations pertaining to failures in
proper handling of classified and compartment information.
• Providing input to the analysis conducted to identify adversary human
intelligence (HUMINT), signals intelligence (SIGINT), imagery intelli-
gence
(IMINT), and measurement and signature intelligence
(MASINT) collection.
• Providing to the command a picture of its susceptibility to foreign
intelligence collection.
• As appropriate, provides support to MD operations.
2-77. It is necessary to distinguish between the counterintelligence discipline,
and the counterintelligence military occupational specialty (MOS). Principles of
the counterintelligence discipline apply across the spectrum of intelligence
collection efforts, MD operations, security and other functions of both maneu-
ver and intelligence units. For example, OPSEC is designed to counter the
enemy’s ability to collect on friendly force activities; it is an application of the
principle of counterintelligence discipline. Planning, performing, and enforc-
ing OPSEC does not require an accredited CI agent. On the other hand, CI
agents who possess the MOSs 97B, 351B, or 35E are those actual agents on
the ground who conduct investigations, operations, and who participate with
other staff elements in the conduct of vulnerability assessments.
Staff Coordination
2-78. The G-2 monitors CI operations conducted within the AO. The G-2
keeps the commander and staff informed as appropriate concerning CI op-
erations and their potential effect on other friendly functions, as well as ad-
versary capabilities and intent.
COUNTERDECEPTION
2-79. Counterdeception consists of efforts to negate, neutralize, diminish the ef-
fects of, or gain the advantage from a foreign deception operation. Coun-
terdeception does not include the intelligence function of identifying foreign
deception operations (JP 3-13).
Contributions
2-80. Counterdeception contributes to situational understanding and defen-
sive IO by protecting friendly C2 systems and decisionmakers from adversary
deception. Its goal is to make friendly decisionmakers aware of adversary de-
ception activities so they can formulate informed and coordinated responses.
2-81. Counterdeception strives to identify and exploit adversary attempts to
mislead friendly forces. Activities that contribute to understanding adversary
posture and intent serve to identify adversary deception attempts.
2-82. Countering deception is difficult. Knowing deception methods an adver-
sary has used successfully is important. Properly balancing tactical and
2-17
FM 3-13 __________________________________________________________________________________
operational indicators with strategic assumptions is also important. The
chance of surprise might be reduced if estimates weigh tactical indicators
more heavily than strategic assumptions. Dismissing tactical indicators
because they conflict with preconceptions may allow a hostile deception
operation that plays on those preconceptions to succeed.
2-83. Offensive counterdeception includes actions taken to force adversaries
to reveal their actual and deception intentions and objectives. It focuses on
forcing an adversary to expend resources and continue deception operations
that have been detected by reinforcing the perception that friendly forces are
unaware of them. Counterdeception includes actions taken to thwart adver-
sary attempts to capitalize on deception tactics, thus affecting adversary
decisionmaking processes.
Staff Coordination
2-84. The G-2 and G-7 determine indicators of adversary deception activities.
The G-2 incorporates information requirements that identify these indicators
into the collection plan. The G-2 is responsible for detecting adversary deception
operations. The G-7 coordinates the counterdeception response. Coordinating
and special staff officers act within their fields of interest to negate, neutral-
ize, and diminish adversary deception activities. The G-7 synchronizes these
actions.
COUNTERPROPAGANDA
2-85. Counterpropaganda consists of programs of products and actions de-
signed to nullify propaganda or mitigate its effects
(FM 3-05.30). It is
directed toward the target of adversary propaganda. Counterpropaganda
degrades the harmful influence of adversary PSYOP on friendly forces and
other audiences (see JP 3-53; FM 3-05.30; FM 33-1-1).
2-86. The increasingly complex nature of military operations confronts Army
forces with new challenges. Nowhere is this challenge greater than in coun-
terpropaganda. Counterpropaganda includes countering adversary misinfor-
mation, disinformation, and opposing information. PSYOP forces attached to
divisions and corps are responsible for counterpropaganda. Counterpropa-
ganda applies across the range of operations and spectrum of conflict. It
counters messages, images, rumors, and other information that aim to
impede or prevent friendly mission accomplishment. Examples of adversary
propaganda include the World War II radio broadcasts of Lord Haw Haw
(William Joyce) to the British Isles during the Battle of Britain, and the radio
broadcasts by Tokyo Rose in the Pacific Theater.
2-87. Propaganda is any form of communication in support of national objec-
tives designed to influence the opinions, emotions, attitudes, or behavior of
any group in order to benefit the sponsor, either directly or indirectly
(JP 3-53). It is normally directed at the United States, multinational part-
ners, and key audiences in the AO. Propaganda campaigns are deliberately
designed to attack the will of nations to resist and soldiers to fight. Propa-
gandists seek to mix truth and lies in a way that listeners cannot detect.
2-88. Misinformation is incorrect information from any source that is
released for unknown reasons, or to solicit a response or interest
2-18
_________________________________________ Information Operations Elements and Related Activities
from a nonpolitical or nonmilitary target. The target of this information
can be anyone. Misinformation is often best countered by either ignoring it
altogether or disseminating the truth. However, even providing the facts can
consume resources and time, and may not be worth the effort. In some situa-
tions, the credibility of the military is pitted against a credible news agency,
and there may be no clear winner. Therefore, it is often best to be open and
objective when faced with possible misinformation. A cooperative
relationship between the military PA staff and the media may help counter
the effects of misinformation.
2-89. Disinformation is information disseminated primarily by
intelligence organizations or other covert agencies designed to dis-
tort information, or deceive or influence United States decisionmak-
ers, United States forces, coalition allies, key actors, or individuals
by indirect or unconventional means. It is a form of propaganda directed
toward decisionmakers to confuse them into making incorrect decisions. At
the tactical level disinformation can lead commanders to expend resources to
guard against nonexistent threats. Disinformation can cause rifts in coali-
tions by playing off historical ethnic, racial, and cultural biases of coalition
partners. Adversaries can direct disinformation indirectly, such as through
third-party communications broadcasts. They may also use unconventional
means, such as notices on common-use items like matchboxes or novelty
gifts.
2-90. Opposing information is intentional or unintentional truth-
based information from any source that represents an opposing
view. It is usually directed against the US military, allies or multinational
partners, and key audiences within the AO. However, it may be directed at
adversaries, potential adversaries, or nonaligned parties. Opposing information
requires US decisionmakers to understand the effects US forces produce in an
AO, and act to minimize negative images of US policy and operations and
amplify positive images.
2-91. Countering propaganda in a foreign AO is usually the responsibility of
PSYOP units. Other government agencies counter propaganda outside the
AO. Often, PSYOP forces depend on the information networks of allies or
multinational partners to counter propaganda within their borders. However,
PSYOP forces may provide assistance when requested.
2-92. The ideal counterpropaganda plan incorporates efforts of a loose net-
work of organizations and agencies. It often provides common themes and
objectives. All IO elements support counterpropaganda plans, but PSYOP
forces usually conduct counterpropaganda operations.
2-93. Adversaries, potential adversaries, and the other groups use propa-
ganda, misinformation, and disinformation to influence public opinion, the
international media, and friendly decisionmakers. Commanders use counter-
propaganda to provide targeted audiences with an alternative information
source. Counterpropaganda preempts, prevents, and disrupts adversary ef-
forts to disseminate propaganda, misinformation, and disinformation. At the
tactical and operational levels, the focal point for counterpropaganda may
vary, based on mission, enemy, terrain, troops and time available and civil
2-19
FM 3-13 __________________________________________________________________________________
considerations (METT-TC). However, the G-7 retains primary staff responsi-
bility and oversight.
2-94. Good policies and actions taken by a military force, the government, or
multinational partners may produce adverse effects. When American troops
deploy overseas, their presence can create problems. For example, one foreign
humanitarian assistance operation created economic hardships for the civil
population in the AO, even though the mission was to build schools and hos-
pitals. Local leaders complained that the force bought all the construction
materials in the area, which drove up prices. Local businessmen complained
that Americans were signing contracts and working with minority and small
businesses rather than with them. In situations like this, opposing attitudes
and beliefs can create an image of the force that nullifies its success, if not de-
tected and addressed quickly. Normally, PSYOP units create the image of the
force with support from the PA and CMO.
2-95. Countering information disseminated within the United States is not
the armed forces responsibility. Countering information directed towards
strategic audiences (essential leaders, officials, and agencies) remains the re-
sponsibility of the State Department and the International Broadcasting
Board. Commanders coordinate counterpropaganda activities through
PSYOP channels and the geographic combatant command IO cell. However,
strategic counterpropaganda is normally conducted by the State Department
and coordinated by the Joint Chiefs of Staff through the International Public
Information Committee.
Contributions
2-96. Counterpropaganda reduces the ability of adversary propaganda to
influence friendly forces and others in the AO. It attacks adversary propa-
ganda.
2-97. Counterpropaganda includes preventive actions, counteractions, and
rumor control. Preventive actions take the form of propaganda awareness
programs. These programs inform US and multinational forces, and friendly
populations about the nature of hostile propaganda. Counteractions are
measures that PSYOP units take to reduce or neutralize the effects of hostile
propaganda. Rumors are a means of propaganda by based on widely dissemi-
nated talk or opinion. They have no discernable source and no known
authority. Rumor control seeks to counter rumors that are unfavorable to U.S
interests.
2-98. Failure to counter adversary propaganda can produce many effects.
These range from simple confusion to disrupting ongoing operations. Com-
mon effects of hostile propaganda, misinformation, and disinformation, in-
clude—
• Prompting neutral parties to resist or not support military operations.
• Increasing adversary will to resist by fanning hatreds, biases, and
predispositions.
• Leading multinational partners to question their roles in a coalition.
• Inciting riots.
• Causing refugees to block lines of communication.
2-20
_________________________________________ Information Operations Elements and Related Activities
• Fostering distrust for US or US-led forces.
• Causing host nations or other nonbelligerent parties to not cooperate
with friendly forces.
• Causing essential communicators to resist or deny cooperation.
• Causing diversion of military assets to address problems that, while
seemingly insignificant, require significant resources.
• Leading friendly governments to questions their own policies and sup-
port for military operations.
Seizing the Initiative: Counterpropaganda in a Peace Operation
Counterpropaganda operations can involve more than leaflets and broadcasts. The On
11 November 1998, US soldiers serving with Task Force Eagle of the NATO Stabiliza-
tion Force in Bosnia (SFOR) held a meeting in the town of Dizdarusa to inform the citi-
zenry about displaced person and refugee resettlement in their area. Five Bosnian
Serbs disrupted the meeting and threatened the Bosnian Muslims in attendance. The
US soldiers immediately took photographs of three of the intruders to document their il-
legal actives, but two departed before the soldiers could photograph them. Upon deter-
mining the identities of the remaining perpetrators, a patrol from Camp McGovern went
to their homes and delivered a message through an interpreter that SFOR would not
tolerate violence. The soldiers then photographed them. The Stars and Stripes inter-
viewed the Task Force Eagle commander and published a balanced and accurate
story. When the Bosnian Serb newspaper, Gras Srpski, published an account of the
incident that the SFOR soldiers as abusing their power, Task Force Eagle held a press
conference with the Breko area media to refute the story. These aggressive actions
allowed Task Force Eagle to maintain the initiative in a situation where accomplishing
the mission required disseminating accurate information and refuting false allegations.
Staff Coordination
2-99. Though PSYOP forces take the lead in counterpropaganda operations,
PA personnel play an important role. For example, if adversary elements ac-
cuse friendly forces of committing atrocities, PSYOP forces may disseminate
products refuting the charges, while PA personnel present accurate informa-
tion directly to the media. Although PA’s primary target audience is the
American public and internal audiences, the secondary target audience is the
belligerent government and its civil population. Properly synchronized
PSYOP and PA operations complement each other.
2-100. The G-7 coordinates responses to adversary propaganda. The G-7 also
coordinates support with higher headquarters PSYOP elements. The geo-
graphic combatant commander approves counterpropaganda tasks.
RELATED ACTIVITIES
2-101. Related activities include, but are not limited to, PA and CMO. PA
and CMO can create conditions that contribute to information superiority.
2-21
FM 3-13 __________________________________________________________________________________
They contribute to support of Army operations by US and international
audiences, and maintain relations with the civilian populace in the AO.
2-102. Effective PA truthfully inform the public. They do not focus on directing
or manipulating public actions or opinion. PA help shape the information en-
vironment. It can serve to counter adversary propaganda, and
disinformation.
2-103. CMO can support IO objectives by influencing, developing, or control-
ling the indigenous infrastructure in foreign AOs. It can be an alternative
means to communicate with the host nation and foreign public.
PUBLIC AFFAIRS
2-104. Public affairs are those public information, command information, and
community relations’ activities directed toward both the external and intern-
al publics with interest in the Department of Defense (JP 3-61). (Army doc-
trine uses the term internal information in place of command information.) PA
information is credible. It makes available timely and accurate informa-
tion so that the public, Congress, and the news media may assess and under-
stand the facts about national security and defense strategy. Effective PA
enhances confidence in the force and its operations (see JP 3-61; FM 46-1; FM 3-
61.1).
Contributions
2-105. PA fulfills the Army’s obligation to keep the American people and the
Army informed. It helps establish conditions that lead to confidence in the
Army and its readiness to conduct operations during peace, crisis, and war.
PA keeps all members of the force informed, and counters the effects of
adversary propaganda and misinformation.
2-106. PA supports IO by producing accurate, timely, and balanced informa-
tion for the public, explaining—after the fact—the objectives of an operation.
Public affairs supports both offensive IO and defensive IO. PA support to
offensive IO takes the form of active measures, such as press conferences,
press releases, articles, and specific talking points. Defensive IO includes
products such as media guidance, researched answers to probable media
questions, and crisis reporting plans for high profile incidents. PA personnel
also review IO products from a media perspective to suggest improvements.
2-107. PA principles that support IO are as follows:
• Truth is paramount. Successful and effective public relations depend
on credibility. The quickest way to destroy PA credibility is to misrep-
resent the truth. Close coordination within the IO cell is required to
ensure that the media and the US and multinational publics are not
deceived or lied to, and that such a perception is not created.
• If news (information) is out, it is out. The information environment
makes information readily available and enables fast, easy dissemination.
Once information is released, it must be assumed that it is available to
all interested audiences. DOD policy prohibits withholding or
classifying information to prevent criticism or embarrassment.
2-22
_________________________________________ Information Operations Elements and Related Activities
• Deploy PA assets early. The media may be in the AO before Army
forces arrive and may be well established there. Media interest is in-
tense during initial force deployment and the onset of operations. PA
assets are needed at the earliest stages to ensure effective IO.
• Practice security at the source. Any form of field censorship is
impractical technically and unacceptable politically. All soldiers and
Army civilians are trained and provided with PA guidance for potential
interaction with civilian media. Family members are provided with
guidance in dealing with the civilian media. Even so, the standard is
not to share any information that by policy or law is deemed inap-
propriate for release.
• Speak with one voice. PA assets are integrated at all echelons. Com-
manders train soldiers to talk only about what they know within their
own responsibilities and not to speculate about other areas.
Maintaining the Initiative at Home Station
A commander’s battlespace includes the home station. Commanders act to shape the
information environment there as well as in the AO. During Operation Joint Forge, the
commanding general of the first CONUS-based division to deploy to Bosnia used
weekly video teleconferences with the rear detachment and unit family readiness group
as part of an overall internal information (formerly command information) program. The
CG used this medium to provide internal information to families, and to quell rumors,
misinformation, and potential disinformation at home station. The G-1 and PA officer
shared responsibility for managing video teleconferences. The G-6 assisted them. Dur-
ing these video teleconferences, the commanding general personally asked, “What are
the rumors back there?” He then provided answers to the assembled family readiness
group representatives, spouses, and local community representatives. Video telecon-
ferences such as these incorporate aspects of PA and counterpropaganda. They are
one means that commanders use to maintain the initiative in the information environ-
ment.
2-108. PA personnel help commanders shape the information environment by
preparing command themes and messages, and conducting media analysis.
Command themes and messages support IO by countering enemy
propaganda and disinformation, highlighting the force effectiveness, and
quickly responding to mistakes or failures. Disseminating them throughout
the force allows contacts with target audiences by any element of the force
to be an opportunities to reinforce that image. Conveying consistent
messages to local populations is especially important during peace operations
and some support operations. These messages should be updated to keep
them relevant to the situation. PA personnel create a media analysis plan for
later assessment of outputs. They do this in the context of agreed-upon
themes and command directives.
2-23
FM 3-13 __________________________________________________________________________________
2-109. PA personnel create a media analysis plan and conduct media
analysis to assess the success, strengths, and weaknesses of their PA actions
and the impact on the IO concept of support. This information provides a
sense of the issues the local population’s attention is focused on. PA
personnel analyze information and determine releasable material of items
that have potential media interest while working closely with intelligence
personnel.
Staff Coordination
2-110. PA, PSYOP, and CMO communicate information to influence audience
understanding and perceptions of operations. They are coordinated to
eliminate unnecessary duplication of effort, ensure unity of purpose, and
ensure credibility is not undermined.
CIVIL MILITARY OPERATIONS
2-111. Civil military operations are activities of a commander that establish,
maintain, influence, or exploit relations between military forces, governmen-
tal and nongovernmental civilian organizations and authorities, and the ci-
vilian populace in a friendly, neutral, or hostile operational area in order to
facilitate military operations, to consolidate and achieve operational United
States objectives. Civil-military operations may include performance by mili-
tary forces of activities and functions normally the responsibility of the local,
regional, or national government. These activities may occur prior to, during,
or subsequent to other military actions. They may also occur, if directed, in
the absence of other military operations. Civil-military operations may be
performed by designated civil affairs, by other military forces, or by a combina-
tion of civil affairs and other forces (JP 3-57).
2-112. CMO encompass all aspects of the civil dimension that commanders
must address to accomplish their mission. These aspects include, but are not
limited to, the local civilian populace and government, nongovernmental
organizations, and international organizations that may affect or influence
military operations. CMO supports restoration of the indigenous communica-
tions infrastructure and engages the cultural, social, political, and economic
sectors in the AO (see JP 3-57; FM 41-10).
Contributions
2-113. CMO have two forms: support to military operations and support to
civil authorities.
2-114. Support to Military Operations. Support to military operations
seeks to minimize civilian interference with military operations, maximize
support for operations, and meet the commander’s legal responsibilities and
moral obligations to civilian populations within the AO. Operationally, CMO
supports national policy and implements US national objectives by coordi-
nating with, influencing, developing, or accessing indigenous infrastructures
in the AO. Tactically, CMO secure local acceptance of and support for US
forces. It is important to IO because CMO involve interfacing with essential
organizations and individuals in the AO and with nongovernmental
organizations, such as the International Committee of the Red Cross.
2-24
_________________________________________ Information Operations Elements and Related Activities
2-115. Support to Civil Authorities. Support to civil authorities includes
assistance with relief, dislocated civilian support
(dislocated persons,
evacuees, expellees, or refugees), and security or technical assistance. These
activities may include such actions as—
• Coordinating the removal of civilians from the combat zone.
• Interfacing between US/multinational forces and host nation and other
governmental/nongovernmental organizations.
• Exercising military control over an area, hostile government, or
population.
2-116. Limitations on Using Civil Affairs Forces. Civil affairs forces are
designated active and reserve component forces and units organized, trained,
and equipped specifically to conduct civil affairs activities and to support
civil-military operations (JP 3-57). The need of CA forces to maintain credi-
bility with the civil populace limits the extent to which they can support IO.
The daily encounters between CA soldiers and the people and institutions of
the AO are prime sources of information. CA soldiers collect this information
and conduct assessments in order to target their relief efforts or stabilize the
civil environment. CMO support IO and facilitates mission accomplishment
by enhancing the relationship between the overall force and the civilian
populace. However, CA units avoid any perception that their activities are
related to IO.
Civil Military Operations is a Peacekeeping Environment
CMO during peace operations include civil-military information programs that inform the
local populace about ongoing military operations and secure their acquiescence and
noninterference. An example of such an operation was the mine-awareness puppet
show presented to Bosnian children in Multinational Division-North AO. Task Force Ea-
gle CA soldiers produced a puppet show that was shown to children throughout AO.
The Coalition Press Information Center provided publicity. The CA unit supporting Task
Force Eagle used volunteer soldiers to present the puppet show with the assistance in-
terpreters. The puppet shows were given to local school children in groups as large as
100. The puppets represented people of different colors and ethnic backgrounds.
Themes focused on diverse people living together in peace and harmony. The puppet
show was very popular with the children, who seemed to understand and accept the
moral lessons it presented. Additionally, the puppet show provided opportunities for civil
affairs personnel to meet and talk to mayors and other local leaders, who otherwise
would have been inaccessible.
Staff Coordination
2-117. Public affairs, PSYOP, and CMO are coordinated to eliminate
unnecessary duplication of effort, ensure unity of purpose, and ensure credi-
bility is not undermined.
2-25
FM 3-13 __________________________________________________________________________________
• The G-7 coordinates activities supporting IO objectives and CMO tasks
with the G-5.
• The G-5—
Provides recommended CMO-related information requirements
and EEFI to the G-7.
Coordinates with the G-2 on aspects of the enemy situation that
may affect CMO.
Coordinates for tactical forces to perform CMO tasks with the G-3.
Identifies and assists the G-6 with coordination for military use of
local communications systems.
Coordinates with the G-7 on trends in public opinion.
Coordinates with the G-7 and PAO to ensure disseminated
information is truthful and supports IO objectives.
Coordinates with the PAO on supervising public information me-
dia.
2-26
_________________________________________ Information Operations Elements and Related Activities
Military
Physical
Physical
OPSEC
PSYOP
EW
Deception
Destruction
Security
• Concealing
• Concealing
• Concealing
• Concealing
• Concealing
competing
contradicting
friendly
EW units and
EEFI
observables
indicators while
delivery
systems to
• Reducing
• Degrading
conveying
systems from
deny
the activities
general
selected
enemy
information on
requiring
situation
information and
offensive IO
extent of
physical
information to
indicators
until it is too
EA/ES
security
enhance
late for the
capabilities
• Hiding tools
effect of
adversary to
of physical
observables
react
security thus
• Limiting
• Denying
preventing
information
information to
adversary
and indicators
enemy on the
from gaining
that could
success of
access
compromise
enemy
MD operations
offensive IO
• Influencing
• Providing
• Influencing
• Influencing
• Masking
adversary not
information
adversary to
adversary to
troop activities
to collect
compatible with
underestimate
underestimate
requiring
against
PSYOP theme
friendly
friendly EA/ES
safeguards
protected
physical
capabilities
units/activities
destruction
• Cause
capabilities
adversary to
• Influencing
underestimate
adversary to
friendly
defend C2 el-
OPSEC
ements/sys-
capabilities
tems that
friendly forces
do not plan to
destroy
• Dissemin-
• Creating
• Causing
• Broadcasting
• Targeting
ating ROE
perceptions
populace to
PSYOP
adversary
• Countering
and attitudes
leave targeted
products on
audiences to
propaganda
that MD can
areas to
adversary
reduce the
and misin-
exploit
reduce
frequencies
need for
formation
• Integrating
collateral
• Developing
physical
• Minimizing
PSYOP
damage
messages for
security
resistance and
actions with
broadcast on
interference by
MD
other service
local
• Reinforcing
EW assets
population
the deception
story with
information
from other
sources
• Preventing
• Conducting
• Degrading
• Destroying
• Reducing
or degrading
physical
adversary
adversary C2
physical
adversary
attacks as
ability to see,
targets
security needs
reconnais-
deception
report, and
• Destroying
by attacking
sance and
events
process
electronic
adversary
surveillance
• Degrading
information
systems
systems able
adversary
• Degrading
adversary use
to penetrate
capabilities to
adversary
INFOSYS
see, report,
ability to jam
and process
PSYOP
observables
broadcasts
Figure 2-1. Mutual Support within IO Elements
2-27
FM 3-13 __________________________________________________________________________________
Military
Physical
Physical
OPSEC
PSYOP
EW
Deception
Destruction
Security
• Degrading
• Using EA/ES
• Degrading
• Providing target
• Using EP to
adversary
as deception
adversary’s
acquisition
safeguard
electromag-
measures
ability to see,
through ES
communica-
netic ISR
• Degrading
report, and
• Destroying or
tions used in
operations
adversary cap-
process infor-
upsetting
protecting
against pro-
abilities to see,
mation
susceptible assets
facilities
tected units
report, and pro-
• Isolating
with EA
and activities
cess competing
target aud-
• Creating
observable.
ience from
barrier of
• Causing enemy
information
white noise
to misinterpret
to mask unit
information
maneuvers
received by his
electronic means
• Ensuring
• Providing
• Ensuring
• Ensuring
• Ensuring
• Providing
INFOSYS
INFOSYS assets
availability of
INFOSYS are
EW assets
for INFOSYS
confidential-
for conducting MD
INFOSYS for
available for
are available
authentication
ity
operations
PSYOP
physical
destruction tasks
• Attacking
• Providing the
• Another
• Nonlethal
• Used with
• Conducting
enemy
deception story
means of
attack of selected
EA
risk assess-
computers
through
providing the
targets, which
ment to de-
before they
computers
PSYOP theme
allows lethal
termine con-
can detect
attacks on other
sequence of
our EEFI
targets
2d and 3d
order CNA
effects
• Detecting
• Protecting the
• Preventing
• Protecting fire
• Used in
• Erect
enemy
MD plan resident
the compro-
support C2
conjunction
firewalls to
attempts to
inside computers
mise of PSY-
systems
with EP
prevent
acquire
OP message
intrusion into
information
before release
networks
Protecting
• Restricting
• Ensuring
• Safeguarding
• Safeguard-
OPLANs/
access by level of
products do
availability of
ing equip-
OPORDs
security and
not contain
INFOSYS to use
ment used in
number of
classified
in physical
EW
personnel
information
destruction
• Providing
• Enhancing
• Neutralizing
• Identifying
• Identifying
• Determine
a cover story
friendly MD
or diminishing
adversary decep-
adversary
enemy decep-
for unit
operations by
foreign
tion targets so
deception
tion before
operations
deceiving the
deception
physical destruc-
targets so
physical
enemy on the
operations
tion can be used
EW can be
security is
impact of his
against them
used against
compromised
deception
them
• Emphasiz-
• Providing
• Providing
• Providing
• Providing
• Reduce the
ing need for
deception targets
PSYOP
physical
EA targets
number of
OPSEC
targets
destruction
and empha-
facilities to be
targets
sizing EP
secured by
exposing
enemy lies
• Counter-
• Countering
• Conducting
• None
• Providing
• Countering
ing foreign
foreign HUMINT
Countersignal
electronic
foreign
HUMINT
operations
operations to
countermea-
HUMINT
operations
• Identifying
allow broad-
sures
operations
threat ISR
cast of PSY-
capabilities
OP messages
Figure 2-1. Mutual Support within IO Elements (continued)
2-28
_________________________________________ Information Operations Elements and Related Activities
Counter-
Counter-
IA
CI
CNA
CND
Deception
Propaganda
• Concealing
• Concealing
• Decreasing
• Ensuring
• Concealing
• Denying
physical and
the true
number of
EEFI are con-
CNA capa-
enemy
electronic
commander’s
activities subject
cealed from
bilities
knowledge
INFOSYS
intent
to enemy
enemy col-
about CND
locations
propaganda
lection assets
capabilities
• Overloading
• Causing ad-
• Inducing the
• Giving the
• Providing
• Causing
adversary
versary to em-
adversary to use
adversary a
MD targets
enemy to be-
intelligence and
ploy forces in
inappropriate
cover story so
and deception
lieve our CND
analysis
ways that rein-
propaganda,
his intelli-
stories to
is greater than
capabilities
force counter-
thus exposing
gence system
enhance CNA
it acutally is
• Protecting/de-
deception
him to
collects
• Cause
fending friendly
activities
counterpropa-
irrelevant
enemy to
INFOSYS
• Deceiving
ganda
information
believe all CND
adversary on
tools are in
results of his
place
deception
• Enhancing the
• Assessing
• Countering
• Providing
• Convincing
• Providing
ability of IA in the
psychological
hostile propa-
messages in
enemy not to
information
minds of the
impact of
ganda
enemy deci-
do something
about non-
enemy
counterdecep-
sionmaker’s
by describing
military threat
tion activities
mind that can
effects of a
to computers in
on adversary
be revealed
CNA if they
the AO
• Detecting
by CI to deter-
take undesir-
adversary
mine enemy
able actions
deceptions
true intentions
• Attacking ad-
• Negating or
• Destroying
• Destroying
• Supple-
• Destroying or
versary systems
neutralizing
communication
appropriately
menting CNA
degading en-
capable of influ-
adversary
facilities capable
nominated
by destroying
emy CNA facil-
encing friendly
deception
of transmitting
adversary
or degradeing
ities before they
INFOSYS availa-
capabilities
propaganda
collection
hard targets
attack friendly
bility and
assets
computers
integrity
• Using EP to
• Conducting
• Conducting
• None
• Supplement
• Using EP to
protect equip-
EA against
EA to reduce
ing CNA with
protect person-
ment
adversary
adversary
EA
nel, facilites
deception
electromagnetic
and equipment
capabilities
spectrum use
• Providing
• Providing for
• Ensuring
• Ensuring
• Taking ac-
INFOSYS in-
nonrepudiation of
INFOSYS are
links with
tions to ensure
tegrity
information
available to
higher HQ to
availabilitiy, in-
ensuring
conduct CI
pass CNA
tegrity, authen-
INFOSYS are
requests
tication, confi-
not deceived
dentiality, and
nonrepudiation
of computers
• Attacking en-
• Exploit
• Attacking
• Exploiting
• Attacking
emy computers
enemy at-
enemy
enemy
enemy ability to
before enemy
tempts to mis-
propaganda
intelligence
attack friendly
attacks friendly
lead friendly
disseminators
collection
computers
computers
forces
• Supporting IA
• Filtering
• Ensuring
• Detecting,
• Protecting
of information
enemy decep-
truthful friendly
identifying,
CNA weapons
passed via com-
tion data prior
computer
and assessing
from enemy
puter networks
to being given
information thus
enemy collec-
detection
to decision-
negating enemy
tion efforts
makers
PSYOP
against com-
puters
Figure 2-1. Mutual Support within IO Elements (continued)
2-29
FM 3-13 __________________________________________________________________________________
Counter-
Counter-
IA
CI
CNA
CND
deception
propaganda
• Safeguarding
• Safeguard-
• Safeguarding
• Safeguarding
• Safeguard-
• Determin-
INFOSYS by
ing installa-
personnel from
personnel, and
ing INFO-
ing applica-
implementing
tions and
espionage
preventing
SYS from
ble risk and
security
materiel from
unauthorized
sabotage,
threat levels
procedures
enemy
access to
espionage,
deception
equipment,
damage, or
installations,
theft
materiel, and
documents
• Preventing
• Confirming
• Confirming
• Negating,
• Negating,
enemy from
truthful
enemy intentions
neutralizing
neutralizing
interfering with
information from
from two means
or diminish-
or diminish-
authentication
two means
ing an en-
ing an en-
and confiden-
emy decep-
emy decep-
tiality of
tion opera-
tion opera-
information
tion against
tion against
CNA
CND
• Providing truth
• Countering
• Educating
• Counter-
• Countering
on enemy
rumors
populace about
ing disin-
enemy
intentions to
rumors
formation
propaganda
systems
about enemy
administrators
CND
responsible for
IA
• At certain
• Identifying
• Identifying
• Confirming
• Detecting,
echelons,
and
sources of
results of
identifying,
helping ensure
neutralizing
deception
CNA
assessing,
information
adversary
activities
countering,
integrity
HUMINT
neutralizing
collection
enemy
capability
intelligence
collection
Figure 2-1. Mutual Support within IO Elements (continued)
2-30
_________________________________________ Information Operations Elements and Related Activities
Military
Physical
Physical
OPSEC
PSYOP
EW
Deception
Destruction
Security
• Limiting
• Limiting
• Limiting
• EP and
• Should be
information that
information
information that
OPSEC
no conflict
can be
that can be
can be revealed
may have
revealed to
revealed to
to enemy to
different
enhance de-
develop
develop targets
goals
ception story
PSYOP
credibility
themes
• Reveal-
• Limiting
• Limiting
• Limiting
• Negating
ing informa-
PSYOP
targeting to allow
EA target-
the decep-
tion OPSEC
theme
survival and
ing of ad-
tion story by
normally
selection
conduct of critical
versary
physical
seeks to
• Limiting
adversary C2
INFOSYS
security
conceal
information
functions
to allow
preventing
that can be
survival and
our trans-
revealed to
conduct of
mitting a
develop
critical ad-
realistic de-
PSYOP
versary C2
ception story
themes
functions
• Reveal-
• Limiting
• Limiting
• Limiting
• Should be
ing informa-
deception story
targeting of
EA against
no conflict
tion OPSEC
selection
adversary C2
adversary
normally
• If deception
infrastructure to
communi-
seeks to
story contains
allow conveying
cations fre-
conceal
untruths
PSYOP themes
quencies to
allow PSY-
OP themes
to be
conveyed
• Causing
• Limiting
• Limiting
• Limiting
• If need-to-
firing
selection of
means
opportuni-
know
systems to
deception
available to
ties for
considera-
reveal their
means by
convey
communi-
tions limit
locations
denying or
PSYOP
cations
access to
degrading
themes by
intrusion by
targeting
elements of
denying or
denying or
data
adversary C2
degrading
degrading
infrastructure
adversary
elements of
necessary to
C2 systems
adversary
process
INFOSYS
deception story
• Reveal-
• Limiting
• Reducing
• Limiting
• Revealing
ing EW
selection of
frequencies
targeting of
what physi-
assets
deception
available to
adversary C2
cal security
prematurely
measures by
convey
systems
is trying to
denying or
PSYOP
protect (EA)
degrading use
themes
• EP should
of adversary C2
not conflict
systems
• Should
• Limiting
• Should
• Should be no
• EP and
• Should be
be no
means of
be no
conflict
IA must be
no conflict
conflict
transmitting the
conflict
deconflicted
deception story
• Should
• Reinforcing
• Should
• Should be no
• Should
• Should be
be no
the deception
be no
conflict
be no
no conflict
conflict
story
conflict
conflict
Figure 2-2. Potential Conflicts within the Elements of IO
2-31
FM 3-13 __________________________________________________________________________________
Military
Physical
Physical
OPSEC
PSYOP
EW
Deception
Destruction
Security
• Attack se-
• May result
• Prevent-
• Attack same
• Need to
• Reveiling
lected on en-
in attacking
ing the
target with non-
deconflict
CNA source
emy targets
wrong target if
enemy from
lethal and lethal
which
that should
may provide
coordination
receiving
weapons wastes
systems
be
information on
not made with
the PSYOP
both time and
attack which
protected
friendly activ-
MD
message
ammo
targets
ities
• Should be
• Not
• May
• Inadvertently
• Attacking
• Should
no conflict
providing to
cause
hitting civilians
wrong tar-
be no
deception
wrong
with friendly fire
get if coord-
conflict
planners the
message
can cause
ination not
correct enemy
being used
strategic
made with
deception
repercussions
EW
• Revealing
• If the
• Taking
• Friendly
• Targeting
• Should
information to
deception
away
fratricide can be
sources
be no
counter
story does not
assets
used as
needed to
conflict
adversary
agree with
normally
propaganda by
receive
PSYOP
counter-
devoted to
enemy
counter-
propaganda
projecting
propaganda
information
PSYOP
themes
• Should be
• Should be
• Should
• Killing sources
• ES may
• Should
no conflict
no conflict
be no
be needed
be no
conflict
for other
conflict
activities
Figure 2-2. Potential Conflicts within the Elements of IO (continued)
Counter-
Counter-
IA
CI
CNA
CND
deception
propaganda
• By allowing
• If information
• CI assets are
• Should
• Should
enemy misin-
needed to influ-
not used in
be no
be no
formation to
ence the de-
counterdeception
conflict
conflict
cause repu-
ception target is
actions
diation of
inconsistent
friendly
with information
information
needed to influ-
ence populace
• Should be
• If counterde-
• CI and coun-
• Attack
• Should
no conflict
ception attempts
terpropaganda
of wrong
be no
to exploit the en-
may be directed
target
conflict
emy’s deception
toward one
with CNA
are not synchon-
target but with
can be
ized with coun-
opposite effects.
used as
terpropaganda
CI tries to get to
enemy
attempts to
the intelligence
propa-
counter the
source; CP tries
ganda
enemy’s
to counter
message
distorted mes-
sages from the
source
• Ineffective
• Ineffective CI
• Ineffective CI
• Should
• CI rev-
CI can negate
prevents negat-
does not nullify
be no
ealing how
information
ing counter-
enemy
conflict
networks
integrity
deception
propaganda
are
protected
Figure 2-2. Potential Conflicts within the Elements of IO (continued)
2-32
_________________________________________ Information Operations Elements and Related Activities
IO
CMO
PA
• Influencing/informing
• Conducting
populace of CMO activities and
counterpropaganda and
support
protection from
• Neutralizing misinformation
misinformation/rumor
and hostile propaganda
• Developing EEFI to
directed against civil
preclude inadvertent public
authorities
disclosure
• Controlling electromagnetic
• Synchronizing PSYOP and
spectrum for legitimate
OPSEC with PA strategy
purposes
• Providing information to
• Providing information on
support friendly knowledge of
CMOC activities to support
information environment
PA strategy
• Synchronizing
• Synchronizing information
communications media and
communications media and
message with PSYOP
message
• Coordinating C2 target sets
• Identifying, coordinating,
with targeting cell
and integrating media, public
• Establishing and maintaining
information, and host-nation
liaison or dialogue with
support
indigenous personnel and
NGOs
• Supporting PSYOP with feed
back on PSYOP themes
• Providing news and
information to the local people
• Developing information
• Producing accurate, timely,
products to protect soldiers
and balanced information for
against the effects of
the public
misinformation or disinformation
• Coordinating with CA
• Coordinating with PSYOP and
specialists to verify facts and
counterpropaganda planners to
validity of information
ensure a consistent message
and maintain OPSEC
• Support counterpropaganda
by countering misinformation
• Providing assessment of
effects of media coverage to
OPSEC planners
• Providing assessment of
essential nonmedia coverage of
deception story
Figure 2-3. Support Roles of IO, Civil Military Operations, and Public Affairs
2-33
Chapter 3
Operations Security
Operations security (OPSEC) is the process commanders and staffs follow
to identify and protect essential elements of friendly information. Units
and soldiers implement OPSEC measures as part of force protection.
OPSEC is not a collection of specific measures to apply to every operation. It is
a methodology that applies to any operation or activity at all levels of com-
mand. This chapter establishes Army OPSEC doctrine and TTP. First, it
explains the OPSEC process established in JP 3-54. Then it describes how
commanders and staffs apply it to the military decisionmaking process and
other operations process activities.
OPERATIONS SECURITY AND INFORMATION OPERATIONS
3-1. Operations security is a process of identifying essential elements
of friendly information and subsequently analyzing friendly actions
attendant to military operations and other activities to: a. identify
those actions that can be observed by adversary intelligence sys-
tems; b. determine indicators hostile intelligence systems might ob-
tain that could be interpreted or pieced together to derive essential
elements of friendly information in time to be useful to adversaries;
and c. select and execute measures that eliminate or reduce to an ac-
ceptable level the vulnerabilities of friendly actions to adversary ex-
ploitation. Operations security (OPSEC) applies across the range of Army
operations and spectrum of conflict. All units—combat, combat support, and
combat service support—conduct (plan, prepare, execute and assess) OPSEC
operations to preserve essential secrecy. OPSEC has a reputation of being little
more than performing trivial tasks; however, it is vital to success in all types
of operations. Often what information friendly forces take for granted is what
adversaries need to defeat them. Execution of effective OPSEC measures (see
definition paragraph 3-15), however routine, denies adversaries this informa-
tion and increases the effectiveness of friendly forces.
CONTENTS
Operations Security and Information
OPSEC Action 4 - Assessment of
Operations
3-1
Risk
3-5
The Operations Security Process
3-2
OPSEC Action 5 - Application of
OPSEC Action 1 - Identification of
Appropriate OPSEC Measures
3-6
EEFI
3-2
Conducting OPSEC Operations
3-6
OPSEC Action 2 - Analysis of
Planning
3-7
Adversaries
3-3
Preparation and Execution
3-13
OPSEC Action 3 - Analysis of
Assessment
3-13
Vulnerabilities
3-4
3-1
FM 3-13 __________________________________________________________________________________
3-2. All soldiers execute OPSEC measures. These cover a range of activities,
from maintaining silence among peers and family to camouflaging equip-
ment. Effective OPSEC requires disseminating OPSEC guidance to every sol-
dier. Good OPSEC involves telling soldiers why OPSEC measures are impor-
tant and what they are supposed to accomplish. All must understand the cost
of failing to maintain effective OPSEC. Understanding why they are doing
something and what their actions are supposed to accomplish, allows soldiers
to execute tasks more effectively. Active and deliberate actions by individual
soldiers are critical to successful OPSEC.
THE OPERATIONS SECURITY PROCESS
3-3. Army forces follow the
OPSEC Process Actions
OPSEC process prescribed in JP 3-
54. As with other processes, such as
• Identification of EEFI
targeting and intelligence prepara-
• Analysis of adversaries
tion of the battlefield
(IPB), com-
• Analysis of vulnerabilities
manders synchronize OPSEC plan-
• Assessment of risk
ning during the military decision-
• Application of appropriate OPSEC
making process
(MDMP). The
measures
OPSEC process includes five ac-
tions that apply to any operation. They provide a framework to systemati-
cally identify, analyze, and protect essential elements of friendly information
(EEFI). The OPSEC process is continuous. G-7s use it to assess the changing
nature of adversary operations and friendly vulnerabilities throughout an op-
eration. The OPSEC process is conducted by the OPSEC officer. Actions that
compose the OPSEC process follow a sequence. However, as with the MDMP,
staffs avoid following the sequence lockstep. Information affecting an OPSEC
action can arrive at any time. Effective staffs process the information, enter
the OPSEC process at the appropriate point, and execute the actions necessary
to act on the information. The following paragraphs discuss the OPSEC actions
in the order they logically occur.
OPSEC ACTION 1 - IDENTIFICATION OF ESSENTIAL ELEMENTS OF FRIENDLY
INFORMATION
3-4. The product of this OPSEC action is EEFI, a list of information that
needs protection. The Army defines essential elements of friendly information
as the critical aspects of a friendly operation that, if known by the enemy,
would subsequently compromise, lead to failure, or limit success of the opera-
tion, and therefore must be protected from detection (FM 3-0). Army doc-
trine defines EEFI differently from joint doctrine. The joint definition of
EEFI focuses on information adversaries want to collect. The Army definition
focuses on information friendly commanders want to protect. The joint defini-
tion of EEFI includes friendly information that may not compromise friendly op-
erations. However, collecting it consumes resources that adversaries could
use to collect EEFI. Army OPSEC doctrine addresses protecting information
that is relevant from the adversary’s perspective. It does not address what joint
doctrine considers EEFI.
3-5. The OPSEC process begins with the commander’s initial guidance dur-
ing receipt of mission. The G-7 recommends initial EEFI if the commander
3-2
________________________________________________________________________Operations Security
does not name any in the initial guidance. Several sources help G-7s deter-
mine information to recommend as EEFI:
• The commander’s guidance.
• The IO estimate.
• The OPSEC estimate (provided by the OPSEC officer and coordinated
with the G-7).
• The intelligence estimate (information about the adversary and adver-
sary intelligence requirements).
• The multidiscipline counterintelligence estimate (normally an appen-
dix to annex B to the operation order (OPORD) or operation plan
(OPLAN), or a tab to the intelligence estimate).
• The higher headquarters security classification guide for the operation.
The security classification guide identifies classified information and
EEFI related to the operation. It is itself sensitive information since it
names, by classification level, the operation’s most sensitive areas.
• Laws and executive orders that require protection of unclassified con-
trolled information.
• The multidiscipline counterintelligence section of the G-2 analysis and
control element (ACE).
3-6. Commanders determine EEFI. Staffs determine OPSEC measures to
shield EEFI from adversary collection systems. EEFI are not part of the
commander’s critical information requirements (CCIR); however, they be-
come priorities when commanders establish them.
3-7. The staff identifies possible EEFI and recommends them to the com-
mander throughout the MDMP. Facts, assumptions, and essential tasks may
reveal EEFI that apply to the operation. In addition, each course of action
(COA) may have EEFI that apply only to it. As the staff war-games a COA,
the G-2 identifies friendly information that, if known to adversaries, would
allow them to counter the COA. The G-7 adds these elements of information
to the EEFI for that COA, recording them in the IO estimate (see appendix
C). Upon COA approval, the EEFI for the approved COA becomes the EEFI
for the operation.
3-8. When identifying EEFI, the G-7 determines the period during which
each EEFI element needs protection. Not all EEFI need protection throughout
an operation. Some elements need to be protected only during specific events;
others may not need protection until a branch or sequel is executed.
OPSEC ACTION 2 - ANALYSIS OF ADVERSARIES
3-9. The purpose of this OPSEC task is to identify the adversary’s most
dangerous and most probable use of collection assets. This analysis focuses
on the EEFI. The most dangerous situation is one in which an adversary has
the intelligence, surveillance, and reconnaissance (ISR) assets needed to col-
lect data from friendly OPSEC indicators and determine the EEFI. The most
likely situation is based on how the adversary has used his assets during
past operations. The G-2, G-3, G-7, and OPSEC officer perform this action as
part of IPB. Adversary intentions and collection capabilities are identified
with the help of these questions:
3-3
FM 3-13 __________________________________________________________________________________
• Who are the adversaries?
• Who has the intent and capabilities to act against the planned opera-
tion?
• What are probable adversary objectives?
• What are likely adversary actions against friendly operations?
• What information do adversaries already know?
• What collection capabilities do adversaries possess or have access to by
financial arrangement or shared ideologies, or coordinated coalitions/
alliances?
• Which OPSEC indicators can be faked to deceive adversaries?
OPSEC ACTION 3 - ANALYSIS OF VULNERABILITIES
3-10. This OPSEC action determines OPSEC vulnerabilities of an operation
or activity. It has two steps:
• Identify OPSEC indicators.
• Identify OPSEC vulnerabilities.
3-11. Operations security indicators are friendly detectable actions and open-
source information that can be interpreted or pieced together by an adver-
sary to derive essential elements of friendly information. (The joint and Army
definitions are similar. The Army definition substitutes EEFI for critical in-
formation.) The G-2, G-3, G-7, and OPSEC officer examine all aspects and
phases of the operation to find OPSEC indicators. They then compare them
with the adversary targeting cycle and collection capabilities, considering
these questions:
• What OPSEC indicators will friendly forces create during the opera-
tion?
• What OPSEC indicators can the adversary actually collect?
• What OPSEC indicators will the adversary be able to use to the
disadvantage of friendly forces?
The answer to the last question is OPSEC vulnerabilities.
3-12. An operations security vulnerability is a condition in which friendly ac-
tions provide OPSEC indicators that may be obtained and accurately evalu-
ated by an adversary in time to provide a basis for effective adversary
decisionmaking (JP 1-02). An OPSEC vulnerability exists when an adver-
sary can collect information from an OPSEC indicator, correctly analyze the
information, make a decision, and take timely action to degrade friendly
operations or place itself in an advantage over friendly forces.
3-13. Analysis of OPSEC vulnerabilities begins during mission analysis and
continues through COA development. COA analysis, and assessments during
preparation and execution may also identify OPSEC vulnerabilities. Field
support teams from the
1st Information Operations Command
(Land)
(1st IOC [L]), formerly known as the Land Information Warfare Activity
(LIWA), can assist in this effort (see appendix F). The G-7 and OPSEC officer
record OPSEC vulnerabilities and analyzes them further during the next
OPSEC action, assessment of risk.
3-4
________________________________________________________________________Operations Security
OPSEC ACTION 4 - ASSESSMENT OF RISK
3-14. The staff assesses risks associated with the overall operation during
mission analysis and COA development (see chapter 5 and appendix B). The
G-7 and OPSEC officer assess the risks posed by OPSEC vulnerabilities con-
currently. The purpose of this OPSEC assessment of risk is to select OPSEC
measures that shield OPSEC vulnerabilities and require the fewest re-
sources. This OPSEC action has four steps:
• Conduct a risk assessment for each OPSEC vulnerability.
• Select one or more OPSEC measures for each OPSEC vulnerability.
• Determine residual risk for each OPSEC vulnerability.
• Decide which OPSEC measures to implement.
3-15. Operations security measures are methods and means to gain
and maintain essential secrecy about essential elements of friendly
information. (The joint and Army definitions of OPSEC measures are simi-
lar. The Army definition substitutes EEFI for critical information. The joint
definition also includes the OPSEC measure categories.) The following cate-
gories apply:
• Action control. The objective of action control is to eliminate indica-
tors or the vulnerability of actions to exploitation by adversary intelli-
gence systems. Select what actions to undertake; decide whether to
execute actions; and determine the “who,” “when,” “where,” and “how”
for actions necessary to accomplish tasks.
• Countermeasures. The objective of countermeasures is to disrupt
effective adversary information gathering or prevent their recognition
of indicators when collected materials are processed. Use diversions,
camouflage, concealment, jamming, threats, police powers, and force
against adversary information gathering and processing capabilities.
• Counteranalysis. The objective of counteranalysis is to prevent accu-
rate interpretations of indicators during adversary analysis of collected
materials. Confusing the adversary analyst through deception tech-
niques such as cover does this.
The most desirable OPSEC measures provide the needed protection at least
cost to operational effectiveness.
3-16. The OPSEC officer begins assessment of risk by analyzing the OPSEC
vulnerabilities identified in the previous OPSEC actions and identifying pos-
sible OPSEC measures for each one. Some OPSEC measures may protect
more than one OPSEC vulnerability. As part of this step, the OPSEC officer
evaluates the sufficiency of standard security measures. This evaluation covers
such areas as personnel, physical, cryptographic, document, special access, and
automated information systems (INFOSYS) security. It may include an OPSEC
review. Continuing OPSEC measures in these areas may provide the necessary
protection for some OPSEC vulnerabilities.
3-17. The OPSEC officer then determines the residual risk for each OPSEC
vulnerability after the appropriate OPSEC measures are applied to it. The
OPSEC officer uses the procedure described in paragraphs B-14-B-17 (see
FM 100-14 for a full explanation.) Residual risk is the level of risk remaining
after controls have been identified and selected for hazards that may result
3-5
FM 3-13 __________________________________________________________________________________
in loss of combat power (FM 100-14). In this context, OPSEC measures are
controls.
3-18. Finally, the OPSEC officer selects OPSEC measures to recommend
based on this assessment of risk. The G-7 compares the residual risk with the
risk posed by the OPSEC vulnerability if the OPSEC measure is not executed.
The difference allows the G-7 to estimate the benefit gained from the OPSEC
measure. In deciding which OPSEC measures to recommend, the OPSEC officer
considers the following questions:
• What is the cost in terms of combat power if an OPSEC measure is em-
ployed? Does the cost jeopardize mission success? The OPSEC officer
may recommend a no-measures alternative if cost outweighs the risk.
• What is the risk to mission success if an OPSEC measure is not exe-
cuted?
• What is the risk to mission success if an OPSEC measure fails?
3-19. The OPSEC officer coordinates proposed OPSEC measures across the
staff to minimize redundancy and ensure they do not create new OPSEC indi-
cators. The OPSEC double-checks these factors during COA analysis.
OPSEC ACTION 5 - APPLICATION OF APPROPRIATE OPSEC MEASURES
3-20. The G-7 recommends OPSEC measures to the G-3. These may include
OPSEC measures that entail significant expenditures of time, resources, or
personnel. Commanders normally approve OPSEC measures during COA
approval. Approved OPSEC measures become OPSEC tasks. The G-7 deter-
mines criteria of success for them, ensures the OPLAN/OPORD includes
them, and makes the arrangements necessary to assess them throughout
preparation and execution (see chapter 5). The G-3 directs execution of OP-
SEC measures in warning orders (WARNOs) or fragmentary orders (FRAGOs).
3-21. Once the commander approves OPSEC measures, the OPSEC officer
monitors their implementation and evaluates them in terms of their criteria
of success. The OPSEC officer adjusts measures, if necessary, based on this
assessment. The OPSEC officer coordinates monitoring of OPSEC measures
with the G-2 and counterintelligence staffs to ensure it receives the appropri-
ate priority. Monitoring may generate IO information requests (IRs). The
OPSEC officer passes these to the G-2 for inclusion in the collection plan. Some
of these IO IRs may become priority information requirements (PIRs).
3-22. Maintaining OPSEC is a continuous requirement. Assessing OPSEC
measures includes collecting lessons learned. Most lessons arise while moni-
toring execution of OPSEC measures (OPSEC assessments). Others arise
from an evaluation of a completed operation or program (OPSEC checks).
CONDUCTING OPSEC OPERATIONS
3-23. The G-7, assisted by the OPSEC officer, helps the G-3 integrate OPSEC
into the operations process by combining the OPSEC process with risk manage-
ment (see FM 100-14). Risk management is a process of identifying, assessing,
and controlling, risks arising from operational factors and making decisions
that balance risk cost with mission benefits, (JP 1-02). Commanders use it to
conserve combat power and resources by identifying and controlling hazards.
3-6
________________________________________________________________________Operations Security
(A hazard is a condition with the potential to cause injury, illness, or death of
personnel; damage to, or loss of, equipment or property; or mission degradation
[FM 100-14].) Risk management is an integral part of the MDMP.
3-24. An OPSEC vulnerability is a type of hazard related to EEFI. Unpro-
tected OPSEC vulnerabilities entail tactical risk. (Tactical risk is risk associ-
ated with hazards that exist due to the presence of adversaries. Accident risk
includes all operational risk considerations other than tactical risk [FM 100-
14]. The OPSEC process addresses only tactical risk.) Because it is used to
assess all types of risk, risk management allows the OPSEC officer to inte-
grate assessments of risks from OPSEC vulnerabilities with assessments of
other-IO related risks. Figure 3-1 shows the relationship of the steps of the risk
management process, the actions of the OPSEC process, and the activities of
the operations process.
Operations
OPSEC Action
Risk Management Step
Process Activity
• Identify EEFI
• Analysis of
adversaries
• Identify hazards
• Analysis of
PLANNING
vulnerabilities
• Assess hazards
• Assessment
• Develop controls and
of risk
make risk decisions
• Application of
PREPARATION
appropriate
• Implement controls
OPSEC
EXECUTION
measures
• Supervise and evaluate
ASSESSMENT
Figure 3-1. Integration of the Operations, Risk Management, and OPSEC
Processes
3-25. Commanders conduct OPSEC operations to protect EEFI, a defensive
IO objective. The product of OPSEC planning is a set of coordinated OPSEC
measures that soldiers and units execute to protect the force. Throughout the
MDMP, the G-7 treats OPSEC measures as IO tasks. During orders produc-
tion, the G-7 incorporates OPSEC measures throughout the OPLAN/OPORD
as IO tasks and tasks to subordinate units.
PLANNING
3-26. The OPSEC officer performs OPSEC actions throughout the MDMP.
• During receipt of mission, mission analysis, and COA development, the
OPSEC officer identifies OPSEC vulnerabilities (OPSEC-related haz-
ards) and assesses the risks they pose.
• During COA analysis, the OPSEC officer tests the OPSEC measures
(controls) associated with each COA by analyzing OPSEC measures
from the adversary perspective.
• During COA comparison, the OPSEC officer determines which OPSEC
measures to recommend for each COA and which COA is most sup-
portable from an OPSEC perspective.
3-7
FM 3-13 __________________________________________________________________________________
• During COA approval, the OPSEC officer recommends OPSEC meas-
ures to counter the risks posed by OPSEC vulnerabilities. The com-
mander decides which OPSEC measures to implement.
• During orders production, the OPSEC officer follows up on coordina-
tion done during the MDMP and ensures the OPLAN/OPORD contains
instructions necessary to prepare, execute, and assess the approved
OPSEC measures.
3-27. The IO estimate is the OPSEC officer’s primary source of OPSEC-re-
lated information (see appendix C). The G-7 updates it continuously through-
out the operation based on input from IO cell representatives. In a time-con-
strained environment, a current IO estimate may be the only readily avail-
able source of OPSEC-related information. The IO estimate contains the fol-
lowing:
• The probable adversary picture of friendly forces (paragraph 2a[4], IO
estimate).
• Adversary collection capabilities (paragraph 2b[3], IO estimate).
• The current EEFI (paragraph 2d[1], IO estimate).
• OPSEC indicators (paragraph 2d[2], IO estimate).
• OPSEC measures in effect (paragraph 2d[3], IO estimate).
• OPSEC measures contemplated (paragraph 2d[4], IO estimate).
Receipt of Mission
3-28. During receipt of mission, the OPSEC officer starts the following
OPSEC actions:
• Identify EEFI.
• Analyze adversaries.
The OPSEC products for receipt of mission are a list of initial EEFI, and a
list of OPSEC-related input to the initial ISR tasking.
3-29. Identify Essential Elements of Friendly Information. The com-
mander’s initial assessment and commander’s initial guidance may result in
initial EEFI or guidance on developing them. If the commander does not es-
tablish initial EEFI, the G-7 recommends initial EEFI based on the IO esti-
mate and initial IO assessment. The G-3 disseminates the initial EEFI in the
initial warning order if they are different from the EEFI for the current opera-
tion. Paragraph 2d of the IO estimate lists approved EEFI.
3-30. Analyze Adversaries. The G-7 provides the initial EEFI to the G-2
for consideration in the initial IPB. IO IRs concerning adversary capability to
collect EEFI are submitted to the G-2 for inclusion in the initial ISR tasking.
Mission Analysis
3-31. The G-7s related product of mission analysis is the OPSEC planning
guidance. It is normally part of the commander’s guidance and included in
the WARNO that disseminates it.
3-32. Operations security planning guidance serves as the blueprint
for operations security planning. It defines the essential elements of
friendly information, taking into account friendly and adversary
3-8
________________________________________________________________________Operations Security
goals, probable adversary knowledge, friendly deception objectives,
and adversary collection capabilities. It also should outline provi-
sional operations security measures. (The joint and Army definitions for
OPSEC security planning guidance are different. The Army definition substi-
tutes EEFI for critical information, a joint term that the Army does not use.
It does not refer to estimated key adversary questions because these cannot
be determined with any certainty. It deletes desirable adversary apprecia-
tions and harmful adversary appreciations because these are no longer defined
joint terms; it replaces them with deception objectives to link OPSEC and decep-
tion planning. It replaces pertinent intelligence system threats with adversary
collection capabilities for clarity.)
3-33. The G-7 develops the OPSEC planning guidance by—
• Continuing to identify EEFI.
• Continuing the analysis of adversaries.
• Beginning the analysis of vulnerabilities
• Beginning the assessment of risk.
3-34. Identify Essential Elements of Friendly Information. The G-7
identifies additional EEFI and reviews and refines existing EEFI throughout
mission analysis, based on input from IO cell representatives. MDMP tasks
that may yield additional EEFI are—
• Conduct IPB.
• Determine specified, implied, and essential tasks.
3-35. IO cell members consider friendly and adversary goals, probable adver-
sary knowledge, friendly deception objectives, and adversary collection capa-
bilities when developing additional EEFI.
3-36. Analyze Adversaries. The OPSEC officer participates in IPB
throughout the operation to determine the adversary’s most dangerous and
most likely use of collection assets.
3-37. Analysis of Vulnerabilities and Assessment of Risk. OPSEC
indicators are possible OPSEC-related hazards. During the MDMP task con-
duct risk assessment, OPSEC indicators are identified at the same time as
hazards associated with IO tasks. The 1st IOC (L) field support teams can
support this effort. They provide support to land component and Army com-
mands to facilitate the conduct of IO. Additionally, they enhance worldwide
force protection by carrying out a proactive defense of Army information and
INFOSYS. The OPSEC officer then assesses the risks associated with those
hazards before controls
(including OPSEC measures) are applied to
mitigate the risk. This assessment allows the OPSEC officer to determine
whether any identified OPSEC indicators result in OPSEC vulnerabilities.
Sources of information that contribute to this determination are—
• The ongoing IPB.
• Critical facts and assumptions, particularly assumptions made to re-
place missing or unknown OPSEC-related facts.
• Constraints that affect possible OPSEC measures.
The OPSEC officer establishes provisional OPSEC measures to shield any OP-
SEC vulnerabilities and determines residual risk (see figure B-10, page B-14).
3-9
FM 3-13 __________________________________________________________________________________
These provisional OPSEC measures and any changes to the initial EEFI
constitute the OPSEC planning guidance, which is disseminated in a
WARNO after command approval. The residual risk figures give commanders
a tool to help decide how to allocate resources associated with OPSEC meas-
ures and where to accept risk, if necessary.
Course of Action Development
3-38. During COA development, the G-7 —
• Continues to identify EEFI.
• Continues analysis of adversaries.
• Continues analysis of vulnerabilities.
• Continues assessment of risk.
The OPSEC products for COA development are, for each COA, additional EEFI,
OPSEC vulnerabilities, OPSEC measures, and the residual risk associated with
each OPSEC vulnerability.
3-39. Identify Essential Elements of Friendly Information. During mis-
sion analysis, the G-7 identified EEFI associated with the overall operation.
During COA development, the G-7 identifies additional EEFI associated
with each COA and with the critical asset list (see paragraph 5-46). These
EEFI are not disseminated unless the G-7 determines that they affect the
success of the operation regardless of which COA the commander approves.
3-40. Analysis of Adversaries. The OPSEC officer continues to participate
in IPB. The OPSEC officer contributes information IO cell developed by the
and obtains the most current information on adversary capabilities and inten-
tions.
3-41. Analysis of Vulnerabilities and Assessment of Risk. As each COA
is developed, the OPSEC officer identifies OPSEC indicators and assesses
them to determine whether any constitute OPSEC vulnerabilities (hazards).
1st IOC (L) field support teams can assist in this effort. The OPSEC officer
develops OPSEC measures (controls) for all OPSEC vulnerabilities and de-
termines the residual risk associated with each OPSEC vulnerability. This
information is recorded on the G-7 risk management worksheet (see figure B-
10, page B-14). The OPSEC officer considers measures to counter OPSEC
vulnerabilities in the following areas:
• Operational.
• Logistic.
• Technical.
• Administrative.
• Military deception.
• Physical destruction.
• Electronic warfare.
• Public Affairs (PA).
• Civil Military Operations.
3-42. The OPSEC officer coordinates OPSEC measures as they are devel-
oped. Coordination may include developing rules of engagement for some
OPSEC measures. Coordination requirements may include—
3-10
________________________________________________________________________Operations Security
• Determining the effects of some OPSEC measures on PA operations.
• Obtaining guidance on terminating OPSEC measures.
• Obtaining guidance on declassification and public release of OPSEC-
related activities.
• Obtaining administrative and logistic support for OPSEC tasks.
• Establishing OPSEC coordination measures and command and control
measures.
• Establishing assessment (monitoring and evaluation) mechanisms.
• Submitting IO IRs and requests for information to support assessment
of IO tasks.
• Conducting OPSEC checks.
• Arranging input for after-action reports.
• Arranging support of OPSEC-related communications requirements.
Course of Action Analysis (War-gaming)
3-43. COA analysis allows the OPSEC officer to test OPSEC measures
associated with each COA. During the war game, the commander may modify
the COA based on how events develop. The OPSEC officer determines
whether modifications result in additional EEFI or OPSEC vulnerabilities. If
so, the OPSEC officer recommends OPSEC measures to shield them. In addi-
tion, the G-7—
• Continues to identify EEFI.
• Continues analysis of adversaries.
• Continues analysis of vulnerabilities.
• Continues assessment of risk.
3-44. The OPSEC products for COA analysis are, for each COA, an evalua-
tion in terms of criteria established before the war game and refined lists of
EEFI, OPSEC vulnerabilities, and OPSEC measures. The OPSEC officer also
determines—
• Decision points for executing OPSEC measures.
• Operational support needed for OPSEC measures.
• OPSEC measures needed to support possible OPSEC branches and se-
quels.
• Whether any OPSEC measures require addition coordination.
3-45. Identify Essential Elements of Friendly Information. The G-7 re-
cords any additional EEFI revealed during the war game, particularly those
that result from modifying a COA. The OPSEC officer determines whether
they produce OPSEC indicators.
3-46. Analysis of Adversaries and Analysis of Vulnerabilities. The
OPSEC officer notes additional adversary capabilities; additional OPSEC in-
dicators, including OPSEC indicators produced by newly identified EEFI;
and any gaps in the IPB revealed during the war game. The OPSEC officer
determines whether adversary capabilities and OPSEC indicators revealed
during the war game result in OPSEC vulnerabilities. If so, the OPSEC offi-
cer develops OPSEC measures to shield them. The OPSEC officer works with
the G-2 to obtain information to fill IPB gaps.
3-11
FM 3-13 __________________________________________________________________________________
3-47. Assessment of Risk. The OPSEC officer determines criteria for compar-
ing COAs from an OPSEC perspective before beginning the war game. During
the war game, the OPSEC officer evaluates the effectiveness of each OPSEC
measure. The OPSEC officer also assesses the residual risk associated with
any IO vulnerabilities identified during the war game, determines appropri-
ate IO measures, and tests them.
3-48. Evaluation of Courses of Action. After war-gaming each COA, the
OPSEC officer evaluates it based on criteria established before beginning the
war game. The OPSEC officer also identifies each COA’s strengths, weak-
nesses, advantages, and disadvantages. Criteria include costs associate with
OPSEC measures and the risk involved with implementing or not imple-
menting them.
Course of Action Comparison
3-49. During COA comparison, the staff compares feasible COAs to identify
the one with the highest probability of success against the most likely adver-
sary COA and the most dangerous adversary COA. The G-7 product of COA
comparison is a determination of which COA is most supportable in terms of
IO. That determination is included in the staff recommendation to the com-
mander during COA approval. The G-7 considers all IO elements when
comparing COAs, not just OPSEC. The G-7 makes this determination based
on the comparison criteria established before the war game.
3-50. During COA comparison, the OPSEC officer completes OPSEC action
4, assessment of risk, by determining which IO measures (controls) to recom-
mend for each COA (recommending a risk decision). The G-7 considers the
costs associated with these measures when recommending a COA for com-
mand approval.
Course of Action Approval
3-51. During COA approval, the staff recommends a COA to the commander
for execution. The recommended COA includes OPSEC measures identified
and tested during the preceding MDMP tasks. The OPSEC officer identifies
OPSEC measures that entail significant resource expenditure or risk and
requests decisions concerning them. Otherwise, when the commander ap-
proves a COA, he approves the OPSEC measures associated with it.
Orders Production
3-52. During orders production, the OPSEC officer follows up on coordination
done during the MDMP. The OPSEC officer—
• Ensures the OPLAN/OPORD contains the instructions necessary to
prepare, execute, and assess approved OPSEC measures.
• Prepares the OPSEC paragraph of the IO annex and the OPSEC
appendix to the IO annex.
• Ensures all concerned know which OPSEC measures are approved.
3-53. During orders production, G-7—
• Follows up on coordination done during COA development.
• Ensures EEFI are listed in the OPLAN/OPORD coordinating instruc-
tions.
3-12
________________________________________________________________________Operations Security
• Ensures OPSEC measures (IO tasks) are included in the tasks as-
signed to subordinate units.
PREPARATION AND EXECUTION
3-54. During preparation and execution, the G-7 monitors and evaluates
preparation and execution of all IO tasks. These actions include overseeing
application of OPSEC measures for the approved COA (supervising the im-
plementation of controls). The OPSEC officer—
• Assesses (monitors and evaluates) execution of OPSEC measures.
• Recommends/directs OPSEC measure changes based on assessments.
These changes are normally directed by the FRAGO.
ASSESSMENT
3-55. Monitoring and evaluating OPSEC measures are continuous throughout
the OPSEC process. IO cell members are alert for any OPSEC indicators in
their functional areas that may result in OPSEC vulnerabilities. The preceding
paragraphs have noted how continuous assessment contributes to refining
OPSEC products. They also identified places where 1st IOC (L), field support
teams can assist in this effort.
3-56. Commanders use the following tools to assess OPSEC:
• OPSEC review.
• OPSEC assessment.
• OPSEC check.
OPSEC reviews are addressed in most units standing operating procedures.
An OPSEC review is an example of an OPSEC measure that is routine, but
important. OPSEC assessments and OPSEC checks are more elaborate and
resource intensive. Commanders use them based on the situation, primarily the
time and resources available. Figure 3-2 contains examples of questions OPSEC
officers can ask to determine the status of OPSEC in the command.
•
Time interval since subordinate
• Number of friendly operational move-
commanders have changed their daily
ments conducted outside adversary over-
movement plans.
head surveillance.
•
Frequency of friendly attack patterns re-
• Frequency of coordination between
peated consecutively.
OPSEC and deception planners.
•
Number of elements of EEFI covered by
• Number of OPSEC measures selected
two or more OPSEC measures.
based on the vulnerability analysis.
•
Number of collection efforts against EEFI.
• Number of times OPSEC planners have
•
Vulnerability of the friendly plan, deter-
had access to compartmented planning
mined from self-monitoring of EEFI.
efforts.
•
Number of friendly OPSEC vulnerabilities
• Number of times OPSEC guidance has
exploited by adversary action.
been received from higher headquarters.
•
Number of friendly operations disrupted
• Percent of routine actions with timing or
by adversary detection and response.
location changed at least weekly.
•
Number of support facilities protected
• Number of units equipped with antisurveil-
from adversary observation.
lance sensor and sensor jamming de-
vices.
Figure 3-2. OPSEC Status Indicators
3-13
FM 3-13 __________________________________________________________________________________
OPSEC Review
3-57. All staff sections review staff documents and INFOSYS logs to ensure
protection of sensitive information. Standing operating procedures should
state which documents (for example, news releases) automatically go to the
OPSEC officer for review. They should also provide standards for protecting,
storing, and handling sensitive information and INFOSYS. When corrective
action is necessary, such as an OPSEC assessment or review, the OPSEC of-
ficer provides recommendations to the appropriate staff officer.
OPSEC Assessment
3-58. OPSEC assessments monitor an operation to determine the unit’s over-
all OPSEC posture and evaluate compliance of subordinate organizations
with the OPSEC appendix to the IO annex. OPSEC officers conduct OPSEC
assessments. They submit results and recommendations to the commander.
OPSEC Check
3-59. The OPSEC officer conducts, with appropriate assistance, OPSEC
checks. An OPSEC check determines if the command is adequately protect-
ing EEFI. It analyzes the conduct of the operation to identify sources of OPSEC
indicators, what they disclose, and what can be learned from them. The objec-
tive is to identify unprotected OPSEC vulnerabilities. OPSEC checks help
commanders assess OPSEC measures and adjust them if necessary. Effective
OPSEC checks require careful planning, thorough data collection, and
thoughtful analysis. They are resource intensive, so the OPSEC officer usu-
ally executes an informal assessment first to determine if there is a need for
a complete OPSEC check.
3-60. An OPSEC check attempts to reproduce the intelligence image that a
specific operation projects. From that image, the OPSEC officer identifies
OPSEC vulnerabilities. OPSEC checks differ from adversary collection ef-
forts in that they occur within a limited period and normally do not use cov-
ert means. They verify the existence of OPSEC indicators by examining all of
an organization’s functions at all points of the operations process. An OPSEC
check traces the flow of information from start to finish for each function.
3-61. OPSEC checks vary based on the nature of the information being pro-
tected, the adversary collection capability, and the environment. In combat,
they identify actual OPSEC vulnerabilities. In peacetime, they identify
potential OPSEC vulnerabilities.
3-62. OPSEC checks should not be conducted as inspections. There is no
grade and there is no report to the checked unit’s higher headquarters. An
OPSEC check should not focus on the effectiveness of security programs or
adherence to security directives. Such compliance-based evaluations should
be conducted as inspections.
3-14
Chapter 4
Military Deception
This chapter establishes Army doctrine and tactics, techniques, and pro-
cedures for military deception. Section I discusses the forms and princi-
ples of military deception. It also states how military deception supports
each type of military operation. Section II describes how to conduct (plan,
prepare, execute, and assess) military deception operations in terms of the
operations process and military decisionmaking process.
SECTION I - MILITARY DECEPTION DOCTRINE
4-1. Military deception comprises those actions executed to deliberately mis-
lead adversary military decisionmakers as to friendly military capabilities,
intentions, and operations, thereby causing the adversary to take specific ac-
tions (or inactions) that will contribute to the accomplishment of the friendly
mission (JP 3-58; the complete joint definition includes the five categories of
military deception [MD] operations listed in figure 4-1, page 4-3). It is often
the key to achieving surprise and can enable a force to achieve its objectives
while minimizing losses and maximizing tempo. Skillfully applied, MD can
significantly enhance the likelihood of success, contribute to economy of force,
and reduce friendly casualties.
4-2. Adversary decisionmakers are the overall target of MD; however not all
adversaries are military, and commanders may also want to deceive others
who are not adversary host-nation civilians. Such actions are taken to protect
the force.
CONTENTS
Section I - Military Deception Doctrine
4-1
Planning
4-18
Categories of Military Deception
4-3
Receipt of Mission
4-18
Principles of Military Deception
4-3
Mission Analysis
4-19
Military Deception in the Conduct of
COA Development
4-20
Operations
4-12
COA Analysis, Comparison, and
Army Support to Joint Deception
Approval
4-25
Operations
4-12
Orders Production
4-26
Military Deception in the Defense
4-13
Preparation
4-26
Military Deception in the Offense
4-14
Execution
4-28
Military Deception in Stability
Controlling Deception Operations
4-29
Operations
4-16
Terminating Deception Operations ..4-29
Deception Working Group
4-17
Assessment
4-29
Section II - Conducting Military Deception
Operations
4-17
4-1
FM 3-13 __________________________________________________________________________________
4-3. Opportunities to use MD occur in most military operations. Command-
ers may use MD to establish conditions favorable to success while preparing
to deploy. Once deployed, commanders can tailor deception objectives to sup-
port each phase of an operation. The probability of success increases when
commanders consider it early in the military decisionmaking process (MDMP).
4-4. A part of both offensive and defensive information operations (IO), MD
is a fundamental instrument of military art. Its ultimate goal is to deceive
adversaries and others about friendly force dispositions, capabilities, vulner-
abilities, and intentions. MD supports achieving the commander’s intent by
• Disrupting the adversary’s ability to synchronize operations.
• Causing adversaries to hesitate in making decisions.
• Seizing, retaining, and exploiting the initiative.
• Reducing the conflict’s intensity.
• Damaging the adversary’s will to fight.
• Directing adversary intelligence, surveillance, and reconnaissance
(ISR) operations away from friendly operations.
• Increasing the adversary’s uncertainty (fog of war).
4-5. MD also helps protect the force from adversary offensive IO. MD efforts
mislead adversaries about friendly command and control (C2) capabilities
and vulnerabilities and delay decisions due to confusion from the fog of war.
Successful MD may cause adversaries to misallocate resources.
4-6. While the general concepts and basic principles of MD are ageless, new
technologies allow targeting of adversary decisionmakers throughout the
area of operations (AO). The combined effects of the following post-Cold-War
trends are creating new opportunities and challenges for conducting MD op-
erations:
• Integration of IO into all operations.
• Expanding range of missions.
• Joint and multinational nature of missions.
• Accelerating tempo.
• Relatively short mission duration.
• Growing sophistication, connectivity, and reliance on information
technology, digitized technologies, and automated C2 systems.
4-7. FM 6-0 lists the responsibilities of coordinating and special staff officers.
The MD responsibilities of commanders and staffs parallel those in other
types of military operations. Commanders provide direction throughout MD
operations. They ensure that MD plans and execution conform to statutory
requirements, international agreements, and any instructions from higher
headquarters.
4-8. Intelligence activities support MD. Intelligence support provides in-
sights into the deception target’s vulnerabilities, beliefs, and access. It also
provides details from the adversary’s perspective to make the deception be-
lievable to the deception target. Intelligence support monitors a variety of in-
dicators—collected against priority intelligence requirements (PIRs)— to de-
termine how the adversary is responding to the deception.
4-2
_________________________________________________________________________ Military Deception
CATEGORIES OF MILITARY DECEPTION
4-9. Joint doctrine establishes the five categories of MD shown in figure 4-1
(see JP 3-58). The Army doctrinal hierarchy categorizes IO as a type of ena-
bling operation. MD is an element of IO.
Category
Objective
Characteristics
•
Results in adversary military
policies and actions that sup-
Strategic Military
•
Conducted by and in support of senior
port the originator’s strategic
military commanders
Deception
military objectives, policies and
operations
•
Designed to protect and en-
•
Conducted by the Services that pertains
hance the combat capabilities
to service support to joint operations
of Service forces and systems
•
Imitates, in any sense, a person, object,
Service Military
•
Protects friendly force person-
or phenomenon to deceive adversary
nel, materiel, equipment, and
surveillance devices or mislead adver-
Deception
INFOSYS nodes from observa-
sary evaluation
tion and surveillance using
•
Targets sensors and weapon systems
natural or artificial material
•
Employed against systems
•
Results in adversary actions
favorable to the originator’s
Operational
•
Conducted in a theater of war to support
objectives and operations
campaigns and major operations
Military Deception
•
For Army forces, a subcategory
of Service military deception
•
Targets adversary decisionmakers at
•
Influence an adversary com-
any level of command
mander to act in a manner that
Tactical Military
•
Supports battles and engagements
serves US tactical objectives
•
Integral to the concept of operations
Deception
•
For Army forces, a subcategory
•
Requires feedback planning
of Service military deception
•
Centrally monitored and controlled
•
Targets adversary intelligence functions
•
Employed against all forms of ISR
Military Deception
•
Degrades adversary capability
operations
to discern OPSEC vulnerabili-
•
Supports force protection
in Support of
ties
•
Derived from the concept of operations
OPSEC
•
Feedback not always required
•
Decentralized control and execution
Figure 4-1. Categories of Military Deception Operations
4-10. Army doctrine considers operational and tactical MD to be part of Ser-
vice MD. From the perspective of a joint force headquarters, Army forces con-
duct Service MD operations. From the Army force perspective, the echelon
planning an MD operation determines its type: Corps and echelons above
corps conduct operational MD operations; division and lower headquarters
conduct tactical MD operations. Army forces do not plan strategic MD opera-
tions. However, Army forces may participate in executing them.
PRINCIPLES OF MILITARY DECEPTION
4-11. Following the principles of MD contributes to successful MD operations.
Applying them consistently and creatively enhances any deception’s credibil-
ity and increases its chances for success. However, they are not a checklist
that guarantees success. Commanders and staffs use judgment to apply them.
4-3
|
|