National Security: The DoD’s Approach to the Information Environment

In 2023, the threat landscape in the information environment changed significantly. Data breaches increased by 72% compared to 2021, which previously had the highest number of breaches.

The financial impact was also substantial, with the average cost of a data breach in 2024 reaching $4.88 million. These highlight the growing need for strong cybersecurity measures to protect against rising threats.

The Department of Defense plays a key role in protecting the information environment, which has become a crucial part of national security.

As adversaries use digital platforms, misinformation, and cyber attacks to threaten U.S. interests, the DoD’s responsibilities go beyond traditional military operations. It must also protect the integrity of information systems and secure communication networks.

The Information Environment and Its Importance

The Department of Defense (DOD) describes the information environment as a combination of individuals, organizations, and systems that gather, process, share, or use information. The information environment encompasses three dimensions: cognitive, physical, and informational.

First, the cognitive dimension is human-centric, involving beliefs, norms, vulnerabilities, motivations, emotions, experiences, morals, education, mental health, identities, and ideologies.

Second, the physical dimension includes tangible, real-world elements such as human beings, command and control facilities, newspapers, books, communication towers, computer servers, laptops, smartphones, and tablets.

Lastly, the informational dimension is data-centric, focusing on the collection, processing, storage, dissemination, and protection of information, as well as the locations and methods for command and control and the conveyance of the commander’s intent.

This environment is important because it shapes how we see the world and make choices. However, just like the physical world, the information environment can get polluted with false information and lies.

In 2022, 62.5% of the world’s population used the internet, and 58.4% used social media. Media outlets use paywalls, artificial intelligence, and advertising to attract audiences, while many people use apps to share news. 

Understanding the information environment is paramount, especially in democratic societies where making decisions for the public good is important.

The COVID-19 pandemic showed how quickly false information can spread, making it harder to manage public health crises. This raises concerns about how we will handle even more complex problems in the future.

Right now, democratic societies often deal with the information environment in a scattered way, focusing on the newest technologies or specific events like elections and wars. This piecemeal approach can cause them to miss the bigger picture, as misinformation and disinformation are ongoing problems that can come back in different forms.

Efforts to combat these issues, such as content moderation, can sometimes have unintended consequences, potentially harming the democratic process itself.

Securing the Digital Domain: The DoD’s Mission in the Information Environment

The information environment has a profound impact on the Department of Defense’s missions and overall national security. Effective military operations depend on secure and reliable information systems, which are essential for the coordination and execution of missions.

Accurate and timely information is crucial for decision-making, as commanders rely on real-time data to make informed decisions that can affect the outcome of operations. Without reliable information, the DoD’s ability to respond to threats and execute its missions effectively would be severely compromised.

Technology, the electromagnetic spectrum (EMS), and the sharing of data are integral to accomplishing the DoD’s missions in the information environment. DoD components consistently identify the conduct of military operations, communications, command and control decision-making, and other functions as being affected by the information environment.

On a broader scale, the information environment is a primary target for cyberattacks by adversaries, which can disrupt critical infrastructure, steal sensitive information, and undermine public trust.

Protecting the information environment from such threats is essential for maintaining national security. Adversaries also exploit the EMS to interfere with communications and sensor systems, making effective management and protection of the EMS crucial for ensuring the DoD’s operational capabilities.

Additionally, influence operations by adversaries aim to spread misinformation and disinformation, manipulating public perception and decision-making. These operations can destabilize societies, erode trust in institutions, and create divisions within allied nations.

The DoD’s ability to counter these influence operations is vital for protecting national security and maintaining the integrity of democratic processes.

The DoD is working to maintain U.S. dominance in warfare by improving how it uses the EMS and integrating cutting-edge technologies.

This new approach aligns closely with the priorities outlined in the 2022 National Defense Strategy, particularly in the areas of integrated deterrence, campaigning, and building enduring advantage.

The strategy places a renewed focus on innovation, particularly in how the DoD acquires and deploys cutting-edge capabilities to stay ahead of emerging threats in the information environment.

As Secretary of Defense Lloyd Austin emphasized in a letter accompanying the strategy, the DoD is committed to a “renewed commitment to innovation”, which includes the rapid acquisition and deployment of new technologies to defend against adversaries’ use of information as a weapon.

Top Threats in Today’s Information Environment

According to GAO, the information environment is a critical battleground targeted by a variety of threat actors, including both nation-states and non-state entities.

Recognizing Major Threat Actors

The term threat actor is broad and relatively all-encompassing, extending to any person or group that poses a threat to cybersecurity. Threat actors are often categorized into different types based on their motivation and, to a lesser degree, their level of sophistication.

Some types of threat actors include cybercriminals, who commit cybercrimes primarily for financial gain; nation-state actors, who are funded by governments to steal sensitive data and disrupt critical infrastructure.

Hacktivists, who use hacking techniques to promote political or social agendas; thrill seekers, who attack systems for fun or personal satisfaction; insider threats, which involve individuals within organizations who may unintentionally or maliciously harm their companies.

And cyberterrorists, who conduct politically or ideologically motivated cyberattacks that threaten or result in violence.

Cyberterrorists conduct politically or ideologically motivated cyberattacks that threaten or result in violence, with some being nation-state actors and others acting independently or on behalf of non-government groups.

Threat actors often target large organizations because they have more money and sensitive data, offering the largest potential payoff.

However, in recent years, small and medium-sized businesses (SMBs) have also become frequent targets due to their relatively weaker security systems.

The FBI recently expressed concern over the rising rates of cybercrimes against small businesses, noting that in 2021 alone, small businesses lost USD 6.9 billion to cyberattacks, a 64 percent increase from the previous year.

Similarly, threat actors increasingly target individuals and households for smaller sums. They might break into home networks and computer systems to steal personal identity information, passwords, and other valuable and sensitive data.

Current estimates suggest that one in three American households with computers are infected with malware. Threat actors are not discriminating; while they tend to go for the most rewarding or meaningful targets, they will also exploit any cybersecurity weakness, no matter where they find it, making the threat landscape increasingly costly and complex.

According to GAO, nation-state actors are among the biggest threats in the information environment. These actors, representing countries with advanced cyber capabilities, engage in a range of malicious activities to further their strategic objectives. Key nation-state actors include China, Russia, Iran, and North Korea.

The DOD reports that Chinese leaders consider achieving “information dominance” and denying adversaries access to the EMS as crucial for gaining and maintaining strategic advantage in conflicts.

Plus, according to the ATA, “Russia presents one of the most serious foreign influence threats to the United States, because it uses its intelligence services, proxies, and wide-ranging influence tools to try to divide Western alliances and increase its sway around the world, while attempting to undermine U.S. global standing, sow discord inside the United States, and influence U.S. voters and decision-making,”

In addition to nation-state actors, non-state actors such as terrorist organizations, transnational criminal groups, and insider threats also pose significant risks by exploiting the information environment to conduct cyberattacks, spread misinformation, and disrupt operations.

How Threat Actors Exploit the Information Environment

Threat actors engage in various activities within the information environment that negatively impact DOD personnel and capabilities.

These actions include cyberattacks that alter, delete, or steal data; using the electromagnetic spectrum (EMS) to disrupt or manipulate DOD information systems and operations; gathering intelligence on the DOD; conducting EMS attacks on DOD personnel; physically attacking systems; and running influence campaigns to sway the decisions of commanders and leaders.

Cyberattacks are a primary method, involving APTs that allow adversaries to infiltrate networks, plant malware, and steal sensitive information.

The Marine Corps has reported that threat actors frequently use malicious code to test and attack the perimeters of its information systems.

These probes allow threat actors to map out Marine Corps networks, potentially steal data, and seek a competitive edge. Cyber operations by these actors aim to manipulate information flows within the Marine Corps and degrade, disrupt, or destroy network information resources.

For example, Russia used APTs in the 2017 NotPetya attack, causing widespread disruption by encrypting data and demanding ransom payments.

Misinformation and disinformation campaigns are used to influence public opinion and undermine trust in institutions, such as Russia’s disinformation efforts during the 2016 U.S. presidential election.

Electromagnetic spectrum threats involve jamming communications, intercepting signals, and disrupting radar systems, with North Korea engaging in electronic warfare activities to disrupt South Korean military communications.

The Air Force has reported that Russia has invested in satellite jamming platforms aimed at low-earth-orbiting and geosynchronous systems. Furthermore, the extended use of commercial and military-grade GPS jammers could jeopardize the redundancy and availability of dedicated Air Force satellite communication channels on both military and civilian carriers.

Phishing and social engineering tactics deceive individuals into revealing personal information or downloading malicious software, as seen in Iran’s phishing campaigns targeting U.S. government officials.

Iran and North Korea employ tactics aimed at creating regional instability and threatening the interests of the United States, its allies, and partners. Both countries have enhanced their informational capabilities, operations, and activities, with a strong focus on the cyber domain, deception, and malign influence.

They utilize civilian, military, and third-party resources to manipulate the information environment and often coordinate these efforts with their diplomatic and strategic actions.

Attackers also exploit software vulnerabilities, including zero-day exploits, to gain unauthorized access to systems, exemplified by the SolarWinds hack attributed to Russian actors.

Insider threats, where individuals within organizations leak classified information, sabotage systems, or facilitate unauthorized access, pose significant risks, such as China coercing insiders to leak sensitive data.

According to the ATA, “The exploitation of U.S. citizens’ sensitive data and illegitimate use of technology, including commercial spyware and surveillance technology, probably will continue to threaten U.S. interests.”

DoD’s Strategy for Operations in the Information Environment

The Department of Defense (DoD) has developed a strategy for operating in the information environment to strengthen national security and maintain a strategic advantage. This is outlined in the 2023 Department of Defense Strategy for Operations in the Information Environment (SOIE).

DoD’s Policies on Handling Classified and Sensitive Information

The Department of Defense has established rigorous policies and procedures for handling classified and sensitive information to ensure national security and operational integrity.

These policies are designed to protect information from unauthorized access, disclosure, and potential threats, while also facilitating necessary information sharing within the DoD and with other authorized entities.

The DoD Information Security Program provides comprehensive guidance on the classification and declassification of information. Information is classified at one of three levels – Top Secret, Secret, or Confidential – based on the potential damage to national security if disclosed without authorization.

The manual specifies criteria for classifying information, including the identification of original and derivative classification authorities who are responsible for determining the appropriate classification level.

Declassification procedures are also detailed in the manual, ensuring that information is reviewed and downgraded or declassified when it no longer meets the criteria for classification.

This process includes systematic declassification reviews, mandatory declassification reviews upon request, and automatic declassification of information that has reached a specified age.

The DoD has stringent measures in place to safeguard classified information. These measures include clearly marking all classified documents with the appropriate classification level and handling instructions to ensure proper protection.

Classified information must be stored in approved security containers, vaults, or secure rooms that meet specific physical security standards. Secure methods must be used for transmitting classified information, including encrypted communications systems, secure telephones, and classified mail services.

Access to classified information is restricted to individuals with the appropriate security clearance and a need-to-know basis. Personnel must undergo background checks and security training to obtain and maintain their clearances.

In addition to classified information, the DoD also manages Controlled Unclassified Information (CUI), which requires protection but does not meet the criteria for classification. The DoD CUI Program establishes policies for identifying, marking, safeguarding, disseminating, and decontrolling CUI.

Sensitive Compartmented Information (SCI) and Special Access Programs (SAPs) require additional protective measures due to their highly sensitive nature. SCI is a subset of classified information concerning intelligence sources and methods, and it is managed within special security compartments.

SAPs involve highly sensitive operations and technologies that require enhanced security protocols. Both SCI and SAPs have specific handling, storage, and access requirements to prevent unauthorized disclosure.

The Role of Emerging Technologies in Shaping the DoD’s Future

The DoD has identified emerging technologies that present many opportunities within the information environment. These technologies have the potential to impact DoD operations, enhancing capabilities while also introducing new risks.

First, artificial intelligence (AI) and machine learning (ML) are at the forefront of technological advancements. These technologies can enhance data analysis, automate decision-making processes, and improve operational efficiency.

AI and ML can be used for predictive maintenance, threat detection, and autonomous systems, providing a strategic advantage. However, they also pose risks, such as the potential for adversaries to use AI for cyberattacks, misinformation campaigns, and autonomous weapon systems.

“We are seeing emerging technology, including artificial intelligence-enabled tools, already reshaping the world in any number of ways, seemingly moreso each day,” said Mara E. Karlin, performing the duties of deputy undersecretary of defense for policy.

Also, quantum computing promises to revolutionize data processing and encryption. It offers the potential for breakthroughs in solving complex problems and enhancing cryptographic security.

For the DoD, quantum computing could improve secure communications and data analysis capabilities. Conversely, it also poses a threat, as adversaries could use quantum computing to break current encryption methods, compromising sensitive information.

Social media platforms are powerful tools for communication and sharing information. They enhance public relations, help gather intelligence, and support influence operations. However, they also pose risks. Adversaries can exploit social media to spread misinformation, conduct psychological operations, and manipulate public opinion.

Bots, automated programs that mimic human behavior, can amplify these efforts, making it challenging to distinguish between genuine and manipulated content.

Extended reality (XR), which includes virtual reality (VR) and augmented reality (AR), offers immersive training and simulation opportunities for the DoD, enhancing training programs, mission planning, and operational rehearsals.

However, XR introduces security concerns, such as the potential for adversaries to hack into XR systems and manipulate training environments or gather sensitive information.

Fifth-generation wireless telecommunications (5G) promise faster and more reliable wireless communication, enhancing battlefield communications, data transfer, and real-time decision-making.

The DoD can use 5G to improve connectivity and make operations more efficient. However, the widespread use of 5G also brings security challenges. These include weaknesses in the supply chain, the risk of spying, and the potential for cyberattacks on important infrastructure.

Mara E. Karlin, acting as the deputy undersecretary of defense for policy, emphasized that the DoD’s ability to quickly innovate and adopt key technologies is crucial for maintaining the United States’ military advantage.

She highlighted that the proposed budget for fiscal year 2024, which includes $145 billion for research and development and $170 billion for procurement, clearly shows the department’s commitment to staying at the forefront of technology.

“That’s a huge percentage of a budget that would be $842 billion, and I would note the largest commitment ever in these areas,” Karlin said.

To stay at the forefront of emerging technologies, the Department of Defense is implementing institutional reforms to remove barriers and quickly deploy new capabilities.

Deputy Secretary of Defense Kathleen Hicks recently announced that the DoD would field thousands of autonomous systems across multiple domains within the next 18 to 24 months under the replicator initiative.

“Now is the time to take all-domain, attritable autonomy to the next level: to produce and deliver capabilities to warfighters at the volume and velocity required to deter aggression, or win if we’re forced to fight,” Hicks said.

Developing a Resilient and Skilled Information Force

The 2023 Strategy for Operations in the Information Environment (SOIE) highlights the importance of the Department of Defense using the full range of its forces to tackle new challenges in the information space.

The DoD’s Joint Force includes specialized information forces operating across air, land, sea, space, and cyberspace domains, providing critical expertise to support military operations. To maintain a resilient and skilled workforce, the DoD must prioritize recruitment, talent management, and retention, focusing on developing a diverse and inclusive workforce.

This includes ensuring that all personnel, from the Services to joint organizations, are trained to resist foreign malign influence and understand the informational aspects of military activities.

The DoD’s force development initiatives aim to equip its members with the knowledge and resources to effectively integrate information operations into their work, ensuring that they understand both the opportunities and risks information presents in modern warfare.

Additionally, the DoD needs to be able to rapidly deploy teams of information forces, including reserves, to respond swiftly to evolving threats in the information environment. A critical component of this effort is developing a strong information workforce composed of both uniformed and civilian personnel.

This involves managing the entire talent lifecycle, from recruitment and training to career development and retention, ensuring personnel have equitable opportunities for leadership roles and command positions.