Threat Model: Cyber – Electronic Warfare in support of INFOWAR Tactics and Techniques of Threats and Hybrid Threat in Complex Operational Environments Introduction. A leader Threat Model: Cyber – Electronic Warfare in support of INFOWAR APPROVED HYBRID THREAT CTID MODEL TRADOC G2 Intelligence Support Activity

Definitions and Considerations Information Warfare is specifically planned and integrated actions taken to achieve an information advantage at critical points and times (TC 7-100.2, p. 7-1) elements of INFOWAR do not exist in isolation nor are mutually exclusive – effective execution does not require all elements concurrently Electronic Warfare (EW) Information Attack (IA) Computer Warfare Look for the key words in the definition— An assault is an attack that destroys an enemy force through firepower and the physical occupation of and/or destruction of his position. (TC 7-100.2, p. 3-20) Kill zone = the focal point of an ambush-- is a designated area on the battlefield where the OPFOR plans to destroy a key enemy target. (TC 7-100.2) An assault is the basic form of OPFOR tactical action. Decisive assaults are characterized by: Isolation of the objective. Effective tactical security. Effective suppression of the enemy force. Violent fire and maneuver against the enemy. TRADOC G2 Intelligence Support Activity

Definitions and Considerations Electronic Warfare - targeting C2 and RSTA assets and networks, the objective is to exploit, disrupt, deny and degrade the enemy’s use of the electromagnetic spectrum while ensuring its use by the OPFOR (TC 7-100.2, p. 7-4) Includes both nonlethal and lethal means Information Attack - targets decision makers and others users of information, as well as systems reliant on accurate information, by altering or denying key information (TC 7-100.2, p. 7-4) IAs target information itself Computer Warfare – targets C2 and RSTA assets and networks by disrupting, denying or degrading the enemy’s computer networks and information flow (TC 7-100.2, p. 7-4) Focus specifically on computer systems, networks and nodes Look for the key words in the definition— An assault is an attack that destroys an enemy force through firepower and the physical occupation of and/or destruction of his position. (TC 7-100.2, p. 3-20) Kill zone = the focal point of an ambush-- is a designated area on the battlefield where the OPFOR plans to destroy a key enemy target. (TC 7-100.2) An assault is the basic form of OPFOR tactical action. Decisive assaults are characterized by: Isolation of the objective. Effective tactical security. Effective suppression of the enemy force. Violent fire and maneuver against the enemy. TRADOC G2 Intelligence Support Activity

INFOWAR Objectives: Focused and Deliberate The purpose of EW, IA and computer warfare actions are to achieve very specific effects supporting decision maker’s or commander’s objectives Targets and effects may be located within the enemy’s homeland, throughout a region or within the OPFOR’s territory Maximum effect achieved through phasing of actions IA/computer warfare actions may achieve local or strategic effects Critical infrastructure such as power and water Communication, social media and messaging Sustainment, logistics tracking Transportation Banking/finance EW actions Signals reconnaissance Electronic attack Look for the key words in the definition— An assault is an attack that destroys an enemy force through firepower and the physical occupation of and/or destruction of his position. (TC 7-100.2, p. 3-20) Kill zone = the focal point of an ambush-- is a designated area on the battlefield where the OPFOR plans to destroy a key enemy target. (TC 7-100.2) An assault is the basic form of OPFOR tactical action. Decisive assaults are characterized by: Isolation of the objective. Effective tactical security. Effective suppression of the enemy force. Violent fire and maneuver against the enemy. Provide examples ranging from strategic to very local look at 7-100.2 chapter 7 for examples Time phased force and deployment list power SCADA Force deployment/TPFDL jamming (tactical, obstacle….) include GPS, satellite, tactical SIGINT early, preparing for future exploitation/attacks TRADOC G2 Intelligence Support Activity

Functional Organization: INFOWAR Support Typical organization providing EW, IA and computer warfare support: Electronic Warfare. The OPFOR utilizes a set of ground-based and airborne electronic support and electronic attack systems providing intercept/DF and jamming of BLUFOR communications, to include satellite links and PNT (position, navigation and tracking). IA/Computer Warfare. The OPFOR utilizes a threat computer network operations (TCNO) cell to gain access to and exploit tactical information, providing actionable intelligence and supporting OPFOR attacks and defenses against the BLUFOR TUD. In addition to the threat unmanned device’s ES package, the platform also provides imagery and full-motion video (FMV) capabilities which enhance maneuver, indirect fire and EW operations. Leverage DOT&E memo for verbiage TRADOC G2 Intelligence Support Activity

Representative Threat INFOWAR Attack Matrix NOTE: the following are representative threat INFOWAR tasks; additional EW and TCNO actions may be employed to address specific commander’s objectives. Method Target Task Purpose Effect EW - ES BLUFOR 2/1 AD and 9/52 ID VHF/UHF collection on forces deployed vic. El Paso Map BLUFOR network, ID capabilities and intent; fires and support requirements Enhance offense & defense; focus EA; support IA/computer warfare EW – ES BLUFOR 2/1 AD VHF/UHF collection on forces vic. TAA Salerno ID location and intent of BLUFOR conducting WAS, combat ops Support ALA conducting insurgent ops, rogue ANA movement into northern Attica BLUFOR/Attican security ops VHF/UHF collection on BLUFOR and Attican government security forces ID loc. and capabilities of c-insurgent forces threatening ALA, rogue ANA and Ellisian SF Support OPFOR objective of destabilizing Attican government control/influence in northern Attica BLUFOR air ops VHF/UHF collection on air assets ISO BLUFOR vic El Paso Identify current & deploying ISR & OCA capabilities/intent; I&W Enhance survivability, reduce BLUFOR ISR contributions, prep for EA vs. ISR & combat a/c. BLUFOR L, C- and Ku-band satellite links Map platform usage and availability ID links supporting primary users e.g. UAS control & FMV, bulk comms Assess BLUFOR capabilities/intent; prepare tgt ID for EA TRADOC G2 Intelligence Support Activity

Representative Threat INFOWAR Attack Matrix Method Target Task Purpose Effect EW – EA BLUFOR PNT Infiltrate man-portable GPS jammers into northern Attica Reduce/negate accuracy of BLUFOR security force reporting, disrupt supporting enablers (fires) Degrade BLUFOR TACSIT SA; enhance OPFOR SF/insurgent survivability Deploy GPS jammers ISO OPFOR maneuver forces Reduce/negate accuracy of BLUFOR precision fires and ISR, disrupt maneuver Degrade BLUFOR TACSIT SA; enhance OPFOR survivability BLUFOR satellite links Jam L, C- and Ku-band satellite links Disrupt BLUFOR control of UAS platforms and FMV download; disrupt critical intel reach back, TACSAT comms Reduce SA of OPFOR unit dispositions and movement, disrupt MC; improve OPFOR survivability and lethality BLUFOR 2/1 AD Deploy and conduct VHF/UHF/L-band jamming Disrupt BLUFOR WAS operations Increase OPFOR survivability; enhance insurgent and SF ops BLUFOR 9/52 ID Disrupt BLUFOR defensive operations, especially UAS/recce, fires Increase survivability, enhance OPFOR movement south (esp. 4th MID/2AD) TRADOC G2 Intelligence Support Activity

Representative Threat INFOWAR Attack Matrix Method Target Task Purpose Effect IA/computer warfare BLUFOR tactical networks Exploit network vulnerabilities to gain privileged user access Utilize data manipulation to alter network functions such as BFT, AFATDS and network clocks Alter BLUFOR SA; degrade fires lethality; disrupt comms network synch and prevent a coherent scheme of maneuver BLUFOR sustainment databases Data manipulation to alter logistics delivery/requests Disrupt BLUFOR ability to assure delivery of critical Class III, V and IX supplies BLUFOR aviation Exploit network vulnerabilities to insert Trojan viruses Disrupt or prevent reliable use of ground control stations, navigation systems, PNT etc. Ground BLUFOR manned and unmanned platforms at time of OPFOR’s choosing Las Cruces & Anthony civil infrastructure DDoS, disruption attacks on power, water, sewage and communications Increase civil unrest in these and other locations controlled by BLUFOR Turn populations against Attican government, increase international support sympathetic with OPFOR goals Tansportation facilities DDoS, disruption attacks on power, comms, supporting networks Prevent use of airfields, railheads etc. supporting BLUFOR (2/1 AD and 9/52 ID esp.) in country Reduce sustainment for deployed BLUFOR, reduce OPTEMPO, delay/prevent additional force entry Civilian population DDoS attacks on select social networks and media Deny access to pro-Attican and BLUFOR info sources Increase civil unrest in BLUFOR-controlled areas, maintain compliant/supportive population in OPFOR areas. TRADOC G2 Intelligence Support Activity