Clouds or Clocks The Limitations of Intelligence Preparation of the Battlefield in a Complex World

By: Maj. Donald P. Carter, U.S. Army

Link: https://www.armyupress.army.mil/Portals/7/military-review/Archives/English/MilitaryReview_20160430_art009.pdf

Summary:

This article touches on the struggle of using intelligence preparation of the battlefield (IPB) in today’s complex society. The new U.S. Army Operating Concept: Win in a Complex World 2020-2040 (AOC) is focused on complexity. The AOC defines a complex environment as one “that is not only unknown, but unknowable and constantly changing.”  The author of this article talks about a few main points on how IPB may not be as affective in today’s complex society.  The combination of globalization and advances in technology has changed the nature and character of warfare. The U.S. Army defines IPB as, “the systematic process of analyzing the mission variables of enemy, terrain, weather, and civil considerations in an area of interest to determine their effect on operations.” Currently the default analytical model is intelligence preparation of the battlefield to generating understanding and supporting the military decision making process. The author argues that the era of clearly defined battle lines is over making IPB less effective. IPB is used on well-structured problems to support commanders against a relatively well-known enemy in a conventional combined arms maneuver fight. The author argues that systemic operational design or similar systems theory approaches are more effective because they focus on environmental systems.

 English philosopher Karl Popper has an analogy on the differences between “clouds” and “clocks” that illustrates the author’s point. Popper describes clocks as well defined and systematic, which are easily disassembled and reduced to parts. There are defined solutions to fix clocks. Clouds are amorphous, messy, and ill defined, just like a lot of our new problems. Clouds are highly unpredictable. IPB narrowly frames critical thinking. In complex environments, IPB, may constrain thought and critical thinking about the environment and underlying problems. Unknown environments with no templates will produce IPB products that are random with no contextualized information and data points. However, the author argues we will never fully understand the full complexity of the “cloud”. We are able to understand the “clock,” and develop a strategy on how to fix it.  To solve the new world problems there needs to be a balance of IPB and systems theory approaches complement each other. 

Critique:

The author does an excellent job on describing why IPB has been effective in the past. It is structured and is able to be fixed to generate an actual plan. The author talked a lot about how the new problems are highly unpredictable, cloud like. Which I’m sure has validity to it, however he never really addresses how to overcome the cloud like problems. In the end he is pretty much claiming their needs to be a mixture between IPB and systems theory approaches. He spent a lot of time putting down the future effectiveness of IPB, instead he should have elaborating on this balance.

Modified IPB: Reducing Vulnerability To Terrorist Attacks By Identifying Information Needs

Paul, C. and Landree, E. (2008) Defining Terrorists’ Information Requirements: The Modified Intelligence Preparation of the Battlefield (ModIPB) Framework. Journal of Homeland Security and Emergency Management, 5(1) .

Summary: 

The authors of this article developed the modified Intelligence Preparation of the Battlefield (ModIPB) to resolve an issue with vulnerability assessments for terrorist attacks: What information do terrorists need to plan attacks and how accessible are those data? In order to provide substance for their discussion, the authors focused on vulnerability assessments for transportation infrastructure, a historically common target for terrorist attacks. The purpose of developing the ModIPB is to provide a tool that turns an inherent weakness of playing defense into a strength. If we as defenders are unaware that terrorists have identified a vulnerability, we cannot protect it. On the contrary, if we know what terrorists know or what they can learn, we can better identify our own vulnerabilities and adjust our defenses appropriately.

Drawing from US Army IPB doctrine and supported by RAND research on adapting IPB for urban operations and a confiscated “al Qaeda manual”, the ModIPB framework identifies 4 categories of information needs relevant to attacking transportation infrastructure.

Category (1) includes information on avenues of approach and ease of access such as location of the target, surrounding terrain or buildings, and available paths to the target.

Category (2) consists of target features such as possible locations from which to launch the attack, possible times or windows of time to launch the attack, mobility or variability of the target, and relevant features and structures of the target.

Category (3) on security covers information regarding security forces and security measures in place as well as other population groups present at the target.

Category (4) on the analysis of threats to the terrorist operation incorporates information such as the threat posed by security forces and security measures, the threat posed by employees of the target, citizens (e.g. concentrations of or heightened vigilance of), and weather (as it affects effectiveness of the operation).

Applying this framework to identify terrorist information needs is concurrently a vulnerability assessment of both the potential target and the information regarding the target. The ModIPB reveals 3 bounded sets of information on the target with varying degrees of difficulty to defend. The most difficult type of information to defend is what terrorists can learn from off-site reconnaissance, or open source information. The type of information that is more readily defendable is what terrorists can learn through on-site information-gathering activities. Finally, the type of information that is easiest to defend is information available to those who are employees of or closely affiliated with the infrastructure itself. Understanding the relative ease of defending certain types of information will allow policymakers and infrastructure managers to prioritize protection efforts on information that can be protected and thus make it that much harder for terrorists to gather the information they need to execute an attack.  

The authors cite two limitations to applying the ModIPB: the framework does not prioritize the intelligence needs of the terrorists for level of importance, and the framework is not sensitive to the stages of the planning process. For example, the stages of the planning process can proceed in two ways: with the preferred mode of attack determining target selection or the preferred target determining the mode of attack. Despite these limitations, the authors recommend that the ModIPB framework be included in every vulnerability assessment of infrastructure targets so that they can prioritize defense efforts on the right information to reduce vulnerability to terrorist attacks. 

Critique:

The ModIPB framework is a unique and interesting counter-measure to reducing vulnerability of targets. The information protection measures that emerge from such analysis suggests surprisingly manageable defense efforts that can significantly reduce vulnerabilities. By limiting access to readily defendable information, it will be inherently harder for terrorists to execute a successful attack.

An interesting dynamic to the development of the ModIPB model is its’ multi-disciplinary nature, as it draws from both IPB methodology and the “red-teaming” method of applying an offensive approach to defense. The purpose of ModIPB is to reveal defense measures that, if in place, will make it harder for the offense to execute an attack. Despite the limitations identified by the authors, I find the utility of the ModIPB to speak volumes to the value this methodological tool adds to vulnerability assessments. To name just a few, I can see the ModIPB framework as readily applicable to various fields of information security such as counter-intelligence, corporate espionage, cybersecurity, national security, military combat, etc. Applying the ModIPB framework to these other disciplines would be an interesting next step for future applications on this methodology.

It's in There: Rethinking (?) Intelligence Preparation of the Battlefield in Megacities/Dense Urban Areas

March 2, 2016

Authors: Richard Wolfel, Amy Krakowka Richmond, Mark Read, Colin Tansey

https://community.apan.org/wg/tradoc-g2/mad-scientist/m/mdua/156499

Summary:

Military operations are challenging in densely populated urban areas or larger cities. The authors explain there are three fundamental concepts for this complexity in modern cities. First, the cities are multidimensional. Second, cities are interconnected through globalization, with social media and other methods of communication or information sharing. Third, cities are uncontrollable due to increased connectivity, an increase in the black market or an informal economy, an ineffective government mismanaging run-down but significant areas that are vulnerable. The constant change in highly populated areas, influences the interaction between the area of interest (AI) and the operator. This process is referred to as Duality of Structure, by Anthony Giddens.

To execute an operation in the heavily populated areas, it is crucial a leader knows the environment and the uncontrollable elements they are operating in. Intelligence Preparation of the Battlefield (IPB) are used as a visual representation of the operating environment. IPB is a traditional intelligence method which helps improve situational awareness. Unfortunately, traditional methods do fall short and leave gaps that new science and technology developments can fill. A development includes, the ability to track individuals or groups in 3-D space. To avoid detection, individuals will move to maintain security and to gain tactical advantage.

The military intelligence (MI) doctrine provides a base to explore the complexity in the densely populated urban areas or cities, to increase situational awareness. Often, mission variables are recognized and are perceived as unchanging when planning a mission. These are variables are to be considered changing variables. When the mission is to apprehend a terrorist group, the movement of the group from one area to another will likely effect societal characteristics in the AI. In 2008, the attacks on Mumbai, the terrorist interplay between the terrain and vulnerability in civil society, this allowed the terrorist group to go undetected and strike. The relationship between the terrain and vulnerable society, increased situational awareness of the field of operation.

The question is asked, “Should intelligence analyses be conducted as the Area of Influence or Area of Interest level? How do we define these spheres? How do we isolate regions that cannot be isolated from outside influences?”

A challenge paramount of importance, is the connectivity and complexity of contemporary globalization when establishing a discrete Area of Operation (AO). Urban Triad is a term Wielhower uses to explain this complexity; natural terrain is altered by manmade infrastructure and large populations. Cities are also globally connected through culture, social media, economics, etc. IPB serves as cross border threats. Social media has changed the nature of warfare by uploading videos, interaction, and other factors difficult to control. Social media analysis is a way of determining how different movements or ideas influence people.

Lastly, the authors address ways to exercise overlapping threats. Using IPB and modeling scenarios to prepare for insurgencies, is a realistic way of informing and training the operations forces, especially in highly dense areas. It creates an understanding of the situation, develops strategies, and prepares for anticipatory changes in the event or possible outcomes.

Critique:

The authors of this article brought to my attention the difficulties in operating in large cities or dense urban areas. It was insightful learning the obstacles faced when planning an operation. Considering the constant change in the different types of manmade or natural influences on an environment makes the job more complex.

The fundamental concepts are key to promoting greater situational awareness. Connections between the three fundamental concepts for each AI must be analyzed before conducting the task. Revision of the plan before employing it is crucial due to the perpetual changes in cities.

Obviously, IPB’s have impacted outcomes when exercising insurgencies. Although highly populated areas of interest are more difficult to facilitate around, scenario planning seems to provide a deeper understanding to create successful solutions for operations forces in such dense urban environments. Other analytic tools are useful when planning operations that involve human lives at stake, but in particular, the IPB approach creates a visual that provides information and a unique outlook, essential for intelligence operators to successfully execute the task.

Cyber IPB: Use Offense to Inform Defense. Find Flaws Before the Bad Guys Do.

December 2001

Author: Steven P. Winterfeld, SANS 

https://cyber-defense.sans.org/resources/papers/gsec/cyber-ipb-103147

Summary: 

“The United State is in the best possible position to win on the digital battlefield, but the revers is also true; the US is the most vulnerable country in the world to cyber attack.”

In this article, Steven Winterfeld of SANS addresses the need for the US military to apply Intelligence Preparation of the Battlefield to the cyber space.  The four main segments of the IPB process that Winterfeld defines as important include: defining the battlefield environment, defining the battlefield effects, evaluating the threat of the enemy, and determining threat courses of action.  In cyberspace, threats come from a range of sources with different boundaries, protocols, and liberties than that of traditional military operations.   Winterfeld explains the different types of threats brought on by the emergence of cyber warfare.  These threats include asymmetrical threats and asynchronous threats.  Asymmetrical threats include those that use dissimilar weapons to offset a superior military.  We’ve recently seen asymmetrical threats from countries such as Iran.  Asynchronous threats are that’s that don’t require orchestration or timing but rely more on circumstance and personality.  We’ve recently fallen victim to asynchronous attacks by the influence of Russian hackers on our 2016 Presidential Elections.  

To help mitigate these threats, Winterfeld suggests adapting the traditional military IPB to suit cyberspace environment.  He explains that the processes are the same in conventional war as they are in cyber war.  The difference lies in understanding the nuances of the battlefield.  In cyberspace, defining the battlefield environment process includes: identifying the classification of the network, understanding the baseline activity of the network, exploring the architecture of the database, operating systems and services, and identifying intelligence gaps.  In cyber space, defining the battlefield effects process includes: analyzing the confidentiality, integrity, and availability of information in services and networks as well as identifying current security, auditing procedures and backup systems.  In cyber space, evaluating the threat process includes: locating all assets, identifying the most likely COAs and most dangerous COAs by establishing threat capabilities.  Evaluating and prioritizing each threat COA is important in creating policy and doctrines involving rules of engagement for information assurance, computer network defense, and computer network attack.

Critique: 

Although this recommendation by SANS is a bit dated (2002), the idea has never been more relevant than today, where asynchronous warfare, specifically in cyber space, is the de facto method of aggression.  What makes this issue even more urgent is that although this recommendation came out in 2002, there is no literature in either the 2018 U.S. Department of Homeland Security Cybersecurity Strategy or the 2018 ODNI’s Worldwide Threat Assessment that indicates the use of IPB in cyber space.  SANS and George Washington and a slew of other famous people have said “the best defense is a good offense.” I would agree that adapting the IPB process to suit cyberspace will only help increase the robustness of our nation’s cyber defense strategy by “finding the flaws before the bad guys do.”  

Aside from these four main segments being important in uncovering potential chinks in our defense’s armor, the findings produced by the IPB could have the potential to influence policy: identifying the possible threats will allow policymakers for form a conversation around retaliatory actions in cyberspace as well as what kinds of actions in cyber space constitute punishment and to what degree. IPB It’s also important to note that the process of formulating an IPB or IPOE in any asynchronous game, although unconventional, will only increase understanding of the environment in which one is performing in by, at the very least, becoming acclimated to the surroundings and at best to form almost a tree of possible actions and subsequent outcomes of the actions.  Winterfeld writes that the bottom line is “IPB must be timely, accurate, usable, complete, and relevant to be useful.” There is not a more relevant time than now to create a usable IPB for cyberspace.