About this report

This report has been produced by the NATO StratCom CoE with support and assistance from the NATO Cooperative Cyber Defence Centre of Excellence (NATO CCDCOE) as a point of departure for discussion on force protection in the digital domain. It builds on the challenges and issues we have observed from working closely with various armed forces and military organisations, and is intended to support commanders and decision-makers in coming to terms with these issues. Our hope is not to provide definite answers, but to stimulate debate among Allies and Partners to find a productive way forward.

We first define the problem from a force protection perspective, describing the various ways in which digital technologies might be leveraged by malign actors to affect military operations. Then we provide an overview of emerging trends and risks in the digital domain. Finally, based on the identified challenges, we suggest a framework for countering the malicious use of digital information through assessing, preventing, and defending against such threats.

Key takeaways

Countering the malicious use of digital information is not simple, nor is it straightforward. As previous chapters have highlighted, armed forces and military organisations need to adopt new mind-sets as well as implementing a variety of activities to sufficiently safeguard against threats to force protection in the digital space. From our perspective, the following four key points are critical:

  1. Removing mobile phones is not enough. Removing mobile phones and other personal digital devices is critical for OPSEC in many contexts. Removing such devices, however, is not a complete remedy for the complex threats now inherent to the digital domain. In fact, removing phones creates new vulnerabilities because it lowers the threshold for malicious actors who seek to impersonate or otherwise influence the digital identities of military personnel by reducing own capacity to see what is happening in the digital space. Establishing a system of monitoring the digital identities of military personnel who are cut off from digital platforms for a longer period of time would mitigate this threat. The nature of conflict has changed— cyberthreat is ubiquitous. To deny military personnel access to the online environment for extended periods of time is unfeasible. Furthermore, digital data—including ‘pattern-of-life’ data—is continuously being collected. By the time a conflict arises, it might be too late for removing digital devices from armed forces personnel. Digital force protection needs to be continuous in both peace and war.
  2. Conduct red-teaming. Red-teaming threats in the information environment is essential for identifying risks and vulnerabilities at all levels—tactical, operational, and strategic. Given their evolving nature, commanders need to continuously develop their understanding of how such threats relate to their command. Methods for cybersecurity penetration testing can be used as a starting point for developing red-teaming methodologies, however the antagonist dimension of threats in the digital information space underscores the need for dynamic red-teaming to accustom commanders to the dynamic and evolving nature of the threat.
  3. Train and exercise. Trainings concerning the malicious use of digital information should routinely be incorporated into military exercises, because this issue has tactical, operational, and strategic implications for any contemporary and future military operation. Neglecting to incorporate responding to digital threats and risks into military exercises is similar to training for winter warfare in the desert. 21st century conflicts are bound to be fought in, or near, digital and connected societies. Learning to effectively camouflage our troops, movements, and intents in the digital domain will be critical to mission success from here on out.
  4. Identify and counter. While camouflage in the digital domain will be critical to mission success, our ability to identify and counter ongoing digital reconnaissance and influence activities will be equally important. The ability to identify and counter hostile activities needs to be developed to support tactical and operational levels as well. A stray Instagram photo or a crowdsourcing campaign could have serious consequences in a conventional scenario. Beyond the risks associated with location, capabilities, and intent, significant risks are also associated with influence activities aimed at allied forces and neutral as well as hostile target audiences. Developing the ability to identify and counter influence activities needs to be prioritised in this field as well.

Conclusion

To ensure mission success for Allies and Partners, their adversaries’ ability to maliciously exploit digital information must be limited. Force protection in the digital domain will be a decisive aspect in any future conflict.

There is an abundance of low-hanging fruit in this regard, where a small investment can pay large dividends. This report has highlighted the problem from a force protection perspective and has suggested potential measures military organisations could adopt to address the problem. These include identifying digital threats in the force protection process, educating soldiers and their families about digital security, and introducing friction related to digital information into military exercises. These activities can easily be implemented to improve our capacity to operate successfully in the contemporary battlespace.

However, these actions will not be sufficient to mitigate all risks in the digital domain. It is valuable to consider the force protection perspective, but without answers to broader cyber challenges on a more systemic level, military organisations will continue to be vulnerable. Camouflage is useful for concealment, but it is not a replacement for armour or offensive capabilities.

Watch #StratComTalks​ on Protecting Armed Forces on Social Media (recorded on 10 February 2021)