DoD Updates Doctrine on “Detainee Operations”

When it comes to Department of Defense doctrine on military treatment of detained persons, “unlawful enemy combatants” are a thing of the past. That term has been retired and replaced by “unprivileged enemy belligerents” in a new revision of Joint Publication 3-13 on Detainee Operations, dated November 13, 2014.

Among other changes, the revised Publication adopts Article 75 of the First Additional Protocol to the Geneva Conventions which provide minimum standards for humane treatment of detained persons. It also presents expanded discussion of biometric capabilities that are applicable to detainees.

The previous edition of Joint Publication 3-13, published in 2008, is available here for comparison.

Joint Doctrine: Counterterrorism, and Countering WMD

New military doctrine from the Joint Chiefs of Staff “narrows the definition of counterterrorism” to focus on activities designed to neutralize terrorist networks. It excludes actions to “counter root causes” of terrorism, which have now been removed from the definition.

The new publication also “describes the activities of the global special operations network as it relates to CT [counterterrorism],” though without providing much detail. See Joint Publication 3-26, Counterterrorism, 24 October 2014.

Another Joint Chiefs publication introduces a revised framework for “Countering Weapons of Mass Destruction,” replacing the former “combating weapons of mass destruction”. See Joint Publication 3-40, 31 October 2014.

Defense Intelligence Mission Expands

On October 24, the Pentagon issued an updated version of DoD Directive 5143.01 defining the role of the Under Secretary of Defense (Intelligence), the Department’s principal intelligence advisor and manager of military intelligence programs.

The new directive is about 30% longer than the 2005 version that it replaces.

The differences between the two directives reflect changes in the global environment as well as in the intelligence mission, and in the role of the USD(I) in particular.

Cybersecurity. Insider threats. Unauthorized disclosures of classified information. Biometrics. None of these terms and none of these issues were even mentioned in the 2005 edition of the DoD intelligence directive.

But all of them and more are now part of the expanded portfolio of authorities and responsibilities of the Under Secretary of Defense for Intelligence, who also serves as Director of Defense Intelligence and principal advisor to the DNI on defense intelligence matters.

Meanwhile, intelligence spending has been on a downward slope for the past few years, and the FY2015 request for the Military Intelligence Program was about $1.3 billion below the request for the previous year, which was $18.6 billion. (The FY2014 intelligence appropriations for national and military intelligence programs are due to be disclosed this week.)

“Intelligence is a major source of U.S. advantage. It informs wise policy and enables precision operations. It is our front line of defense. The challenges we face, however, are increasing and becoming more complex, and our resources are declining,” said Michael G. Vickers, the current USD(I), at an April 4 hearing of the House Armed Services Committee.

“We have five defense intelligence operational priorities: countering terrorism, particularly countering the threat posed by al-Qaida; countering the proliferation of weapons of mass destruction and associated delivery systems; countering the actions of repressive governments against their people, such as in Syria; countering state-on-state aggression; and countering cyberthreats,” he said then.

“To address the intelligence gaps that exist within these operational priority areas, we are focused on enhancing defense intelligence capabilities in five areas: enhancing global coverage; improving our ability to operate in anti-access/area denial, or A2AD, environments; sustaining counterterrorism and counterproliferation capabilities; continuing to develop our cyberoperations capabilities; and strengthening our counterintelligence capabilities and reforming our security clearance processes to minimize insider threats,” Mr. Vickers testified.

The position of Under Secretary of Defense (Intelligence) was established by the defense authorization act for FY 2003 to improve management and coordination of defense intelligence programs. The office has previously been occupied by Stephen Cambone and James R. Clapper, Jr., the current DNI.

The new DoD directive authorizes the Under Secretary to “communicate with… members of the public… and non-governmental organizations.” However, “communications with representatives of the news media” are to be conducted through the Office of Public Affairs, the directive said.

Offensive Cyber Operations in US Military Doctrine

A newly disclosed Department of Defense doctrinal publication acknowledges the reality of offensive cyberspace operations, and provides a military perspective on their utility and their hazards.

Attacks in cyberspace can be used “to degrade, disrupt, or destroy access to, operation of, or availability of a target by a specified level for a specified time.” Or they can be used “to control or change the adversary’s information, information systems, and/or networks in a manner that supports the commander’s objectives.”

However, any offensive cyber operations (OCO) must be predicated on “careful consideration of projected effects” and “appropriate consideration of nonmilitary factors such as foreign policy implications.”

“The growing reliance on cyberspace around the globe requires carefully controlling OCO, requiring national level approval,” according to the newly disclosed Cyberspace Operations, Joint Publication 3-12(R).

That publication was first issued by the Joint Chiefs of Staff as a SECRET document in February 2013 (as JP 3-12, without the R). But this week it was reissued as a public document. It is unclear whether the public document has been redacted or modified for release.

The discussion of “offensive cyberspace operations” in the original, classified version of JP 3-12 led to adoption of that term in the official DoD lexicon for the first time in March 2013, where it has remained through the latest edition.

Offensive cyberspace operations (OCO) are “intended to project power by the application of force in and through cyberspace. OCO will be authorized like offensive operations in the physical domains, via an execute order (EXORD).”

The DoD document is fairly candid about the challenges and limitations of cyberspace operations.

“Activities in cyberspace by a sophisticated adversary may be difficult to detect” and to attribute to their source. Yet such detection and attribution capabilities are “critical” for enabling offensive and defensive cyberspace operations.

By the same token, “first-order effects of [US cyberspace operations] are often subtle, and assessment of second- and third-order effects can be difficult,” requiring “significant intelligence capabilities and collection efforts” to evaluate.

Not only that, but US cyberspace operations “could potentially compromise intelligence collection activities. An IGL [Intelligence Gain/Loss] assessment is required prior to executing a CO to the maximum extent practicable.”

In any event, offensive cyber operations are to be used discriminatingly. “Military attacks will be directed only at military targets. Only a military target is a lawful object of direct attack.” But military targets are defined broadly as “those objects whose total or partial destruction, capture, or neutralization offers a direct and concrete military advantage.”

Meanwhile, there are persistent vulnerabilities inherent in DoD information systems, DoD said. “Many critical [US] legacy systems are not built to be easily modified or patched. As a result, many of the risks incurred across DOD are introduced via unpatched (and effectively unpatchable) systems on the DODIN [DoD Information Network].”

The risks are increased because “DOD classified and unclassified networks are targeted by myriad actions, from foreign nations to malicious insiders.”

“Insider threats are one of the most significant threats to the joint force,” the DoD document said.  “Whether malicious insiders are committing espionage, making a political statement, or expressing personal disgruntlement, the consequences for DOD, and national security, can be devastating.”

Overall, “Developments in cyberspace provide the means for the US military, its allies, and partner nations to gain and maintain a strategic, continuing advantage,” the Cyberspace Operations publication said.

But “access to the Internet provides adversaries the capability to compromise the integrity of US critical infrastructures in direct and indirect ways.”

These features represent “a paradox within cyberspace: the prosperity and security of our nation have been significantly enhanced by our use of cyberspace, yet these same developments have led to increased vulnerabilities….”

Insider Threat Program Advances, Slowly

Nearly two years after President Obama issued a National Insider Threat Policy “to strengthen the protection and safeguarding of classified information” against espionage or unauthorized disclosure, the effort is still at an early stage of development.

Only last week, the U.S. Air Force finally issued a directive to implement the 2012 Obama policy. (AF Instruction 16-1402, Insider Threat Program Management). And even now it speaks prospectively of what the program “will” do rather than what it has done or is doing.

The new Air Force Instruction follows similar guidance issued last year by the Army and the Navy.

The Air Force Insider Threat Program includes several intended focus areas, including continuous evaluation of personnel, auditing of government computer networks, and procedures for reporting anomalous behavior.

“Procedures must be in place that support continuous evaluation of personnel to assess their reliability and trustworthiness,” the AF Instruction says.

Such continuous evaluation procedures may eventually sweep broadly over many domains of public and private information, but they are not yet in place.

“There are a number of ongoing pilot studies to assess the feasibility of select automated records checks and the utility of publicly available electronic information, to include social media sites, in the personnel security process,” said Brian Prioletti of the Office of the Director of National Intelligence in testimony before the House Homeland Security Committee last November.

The Air Force directive also encourages reporting of unusual behavior by potential insider threats.

“Insider threat actors typically exhibit concerning behavior,” the directive says. But this is not self-evidently true in all cases, and the directive does not provide examples of “concerning behavior.”

A Department of Defense training module recently identified expressions of “unhappiness with U.S. foreign policy” as a potential threat indicator, the Huffington Post reported last week. (“Pentagon Training Still Says Dissent Is A Threat ‘Indicator'” by Matt Sledge, August 4.) If so, that criterion would not narrow the field very much.

The “CORRECT Act” (HR5240) that was introduced last month by Rep. Bennie Thompson and Sen. Ron Wyden would require any insider threat program to meet certain standards of fairness and employee protection, and “to preserve the rights and confidentiality of whistleblowers.”

That message may have been partially internalized already. The terms “civil liberties” and “whistleblowers” are each mentioned four times in the eight-page Air Force Instruction.

Identity Intelligence and Special Operations

“Identity intelligence” is a relatively new intelligence construct that refers to the analysis and use of personal information, including biometric and forensic data among others, to identify intelligence targets of interest and to deny them anonymity.

The term began to appear a few years ago and was included, for example, in a 2012 Defense Intelligence Agency briefing package. Since then it has quickly propagated throughout U.S. military and intelligence operations.

Identity intelligence (or I2) was included for the first time in published U.S. military doctrine in the October 2013 edition of Joint Publication (JP) 2-0 on Joint Intelligence, which elaborated on the concept. Identity intelligence is used, JP 2-0 said, “to discover the existence of unknown potential threat actors by connecting individuals to other persons, places, events, or materials, analyzing patterns of life, and characterizing their level of potential threats to US interests.”

(“Identity intelligence” also appeared in an undated Top Secret document that was disclosed by Edward Snowden and published in excerpted form by the New York Times on May 31, 2014.)

Most recently, an updated U.S. Department of Defense publication on special operations noted this month that “Identity intelligence products enable real-time decisions in special operations worldwide.”

The new DoD doctrine on Special Operations — Joint Publication 3-05, dated 16 July 2014 — includes further discussion of identity intelligence (I2) in the special operations context:

“I2 is the collection, analysis, exploitation, and management of identity attributes and associated technologies and processes. The identification process utilizes biometrics-enabled intelligence (BEI), forensics-enabled intelligence (FEI), information obtained through document and media exploitation (DOMEX), and combat information and intelligence to identify a person or members of a group.”

“I2 fuses identity attributes (biological, biographical, behavioral, and reputational information related to individuals) and other information and intelligence associated with those attributes collected across all intelligence disciplines….”

“USSOCOM [US Special Operations Command] exploits biometric, forensic, document and media data collections and integrates the data with all-source intelligence to locate and track unattributed identities across multiple or disparate instances. Intelligence collections are processed through the appropriate DOD and interagency databases, exploited to produce intelligence, and then disseminated to deployed SOF and throughout the interagency. I2 products enable real-time decisions in special operations worldwide.”

*    *    *

Identity intelligence aside, the new Joint Publication 3-05 provides an informative account of the role of special operations, along with some notable changes from previous special operations doctrine.

“Special operations require unique modes of employment, tactics, techniques, procedures, and equipment. They are often conducted in hostile, denied, or politically and/or diplomatically sensitive environments, and are characterized by one or more of the following: time-sensitivity, clandestine or covert nature, low visibility, work with or through indigenous forces, greater requirements for regional orientation and cultural expertise, and a higher degree of risk,” JP 3-05 says.

The previous edition of this publication (dated 2011) had identified 11 core activities for special operations: direct action, special reconnaissance, counterproliferation of weapons of mass destruction, counterterrorism, unconventional warfare, foreign internal defense, security force assistance, counterinsurgency, information operations (IO), military information support operations (MISO), and civil affairs operations.

The new edition adds a 12th mission that up to now had not been considered a core activity: hostage rescue and recovery.

“Hostage rescue and recovery operations are sensitive crisis response missions in response to terrorist threats and incidents. Offensive operations in support of hostage rescue and recovery can include the recapture of US facilities, installations, and sensitive material overseas,” the new JP 3-05 states.

Army Doctrine on Geospatial Engineering

Those who are involved (or merely interested) in the field of geospatial intelligence will want to know about a new Army doctrinal publication on the subject.

“Geospatial intelligence is the exploitation and analysis of imagery and geospatial information to describe, assess, and visually depict physical features and geographically referenced activities on the earth. Geospatial intelligence consists of imagery, imagery intelligence, and geospatial information.”

The new publication provides a comprehensive introduction to the theory and practice of the field. See Geospatial Engineering, ATP 3-34.80, June 2014 (very large pdf).

Army Directive Prohibits Retaliation for Reporting a Crime

The Secretary of the Army last week issued a directive specifying that retaliating against someone for reporting a crime is itself a crime.

“No Soldier may retaliate against a victim, an alleged victim or another member of the Armed Forces based on that individual’s report of a criminal offense,” the new Directive states. See Prohibition of Retaliation Against Soldiers for Reporting a Criminal Offense, Army Directive 2014-20, June 19, 2014.

Prohibited forms of retaliation include adverse personnel actions and ostracism, as well as “acts of cruelty, oppression or maltreatment.”

The directive implements a requirement that was enacted by Congress in the 2014 defense authorization act (section 1709) as part of a legislative response to instances of sexual assault in the military.

US Army Reflections on the Value of Military History

Far from being a subject of merely antiquarian interest, military history is an essential tool for training of soldiers and for institutional accountability, according to newly updated Army doctrine.

But only if it is done right.

In Military History Operations (ATP 1-20, June 2014), the Army discusses what military history is for, its development over time, and the proper way to produce it. Some excerpts:

“The history of Army operations and activities is not documented or written for public affairs purposes. It is not shaped to reflect particular viewpoints, programmatic goals, or institutional agendas. In the past, military organizations and commands exaggerated achievements of individuals, units, or systems while downplaying setbacks. Army field historians guard against these instances and ensure that historical documents, reports, and official histories reflect a full accounting of operations or institutional developments as they occur. Anything less is a disservice to the Soldiers and Army civilians whose actions are documented, those who must learn from them, and to the integrity of the Army as a whole.”

“History cannot be fabricated. Any fabrication corrupts tradition, professional education, and tradition. The integrity and standing of Army history, gained over nearly a century of recognized excellence, can be permanently damaged. The Army is best served by the careful and unbiased recording and analysis of the past. To prevent any potential damages from occurring, the collection, research, and writing of Army history is based on impartiality, objectivity, and accuracy.”

“Historical writing is clear, concise, organized, and to the point. Some historians fail to communicate well. They confuse rather than clarify, are wordy rather than concise, and hide main ideas rather than getting to the point. Good writers communicate in plain English and choose words with care to convey meaning. They avoid trite or vague phrases; stale figures of speech; jargon; acronyms; and pompous, high-sounding, and self-conscious literary language. Historical narratives are in active voice, use strong nouns and verbs, and include short vignettes to illustrate points or enliven the narrative. However, they should not embellish or glorify events or offer judgments of individuals or actions. The narrative recounts events as each one occurred.”

The new doctrine instructs Army historians to maintain awareness of captured enemy documents, and encourages them to seek out non-traditional and unofficial historical resources (like the private video and photographic images that were recently the subject of a classification complaint):

“Both official and unofficial photographs and video imagery enhances historical document collections and [are] included in historical document collections. Combat camera teams and public affairs photographers take official photographs and video imagery and provide copies to command and unit historians or military history detachments (MHD). Additionally, many Soldiers carry digital cameras, video recorders, or mobile phones with cameras and video capabilities. The field historian searches for unofficial photographs and videos of potential historical value. This search includes accessing social media sites, personal blogs, and photo-sharing sites.”

“Military history does not produce solutions for problems and does not guarantee success on the battlefield. An approach with these goals leads to frustration and biased or inaccurate history. Rather, military history affords an understanding of the dynamics to shape the present and [provides] soldiers the perspective of viewing current and future problems with ideas of how similar challenges were confronted in the past.”

“If history rarely provides concrete answers, it offers insight and understanding. It promotes how to think and not what to think,” the Army publication said.

DoD Ops in a C4ISR-Denied Environment, and More

The Department of Defense prepares and trains for military operations in environments in which communications and surveillance are denied or obstructed, a new report to Congress says.

Combatant commanders “spend many man-hours… developing frameworks and procedures for using alternative methods, diversifying communications paths and media, and pursuing the ability to use distributed operations in a denied environment.”

The issue was summarily addressed in a mandatory report to Congress on “Joint Strategy for Readiness and Training in a Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR) Denied Environment.” The brief, unclassified report was transmitted to Congress in February 2014 and released under the Freedom of Information Act this week.

Somewhat relatedly, a declassified 1971 memorandum from the National Reconnaissance Office addressed the subject of “avoidance of coorbital intercept,” or anti-anti-satellite operations.

The subject was highly sensitive at the time. “Any action on our part which demonstrates the possibility that we possess the ability to evade a coorbital intercept… is potentially compromising of the great efficacy of U.S. satellite collection capability in this area.”

Unrelatedly, but notably, the Federal Judicial Center has published a compilation of “protective orders” that were issued by courts in national security criminal cases, including espionage trials and leak cases, over the past 15 years.  See National Security Prosecutions: Protective Orders, April 2014.