Blogging on Issues of International and European Security

The EU’s Information Security: The Social versus the Technical Aspect

by Alexander Svitych

The following is a guest post as a third part of a new series from the author. Views expressed are solely those of the author and do not necessarily reflect the views of ISIS Europe.

“The supreme art of war is to subdue the enemy without fighting.”

Sun Tzu, The Art of War

Information society

Back in 1980 an American futurist Alan Toffler published his famous book The Third Wave, in which the author distinguished three large distinct periodsin the human history: primitive (pre-traditional), agrarian (traditional) and industrial (modern). Today we are entering a new phase of development – “the third wave”– which has its peculiar social, economic, and technological characteristics. This new era has been labeled as the Information Age by A. Toffler and others, following the Industrial Age and Agricultural Age. Other names suggested are the post-industrial society and the post-modern society.[i]

The world has indeed irrevocably changed over the past few decades, with information and knowledge becoming major resources, in contrast to land in the agrarian society and capital in the industrial one. Every resource is by definition an object of struggle and a target for ownership. In this regard, the concept of war has also evolved in the post-modern world. Namely, the information age is transforming the notion of classical wars into information wars that can be described as an extreme form of informational confrontation manifested in the attacks on a population via disinformation and propaganda in order to achieve certain political or military objectives.[ii]

Many developed nations have already redefined their concepts of national security to include informational confrontation as the main feature of the new century, with information supremacy becoming an indispensable condition in order to win over any opponent. Thus, one of the goals cited back in 1995 in the National Military Strategy of the United States was “to win the information war”.[iii] To give another very recent example, the EU has launched an ambitious Horizon 2020 Framework Program to tackle the new challenges of cyber threats.[iv]

With a growing impact of information on national security, the question remains open whether the European Union as a supranational entity and a key geopolitical actor is well-prepared to deal with threats posed by information wars. What follows next is the analysis of whether the EU’s recent initiatives, like the EU Cyber Security Strategy and the Horizon 2020 Program, can cope with such challenges.

It’s all in the definition

A famous philosopher and scientist René Descartes once noted: “Let’s agree on definitions, and we will spare the world from half of illusions.” While researchers and military experts distinguish several types of information warfare (IW)[v] and IW weapons[vi], it is essential to understand the concept of the information war in its broader meaning as defined above, which in this sense can be also referred to as a type of “soft war”. Information wars are closely linked to psychological wars which target, via various techniques, a population’s values and belief systems, as well as emotions and reasoning. With the two concepts combined, we can talk about information-psychological wars that are becoming an integral part of post-modern geopolitics, in additional to traditional warfare. For the purposes of this article a more specific term “information war” (IW) will be used.

Another approach to define the notion of information war is to distinguish its two dimensions: humanitarian (social) and technical. In its humanitarian understanding, information war is “a set of active methods of transforming the infosphere by imposing different models of the world in order to induce the required types of behavior.”[vii] An example of IW in this regard is disinformation and propaganda. As for the technical understanding, information war equals the usage of special technology that targets the destruction of computer hardware, program software, communication networks, etc. Critical data deletion is such an example of IW.

Finally, a comprehensive understanding and classification of information wars was offered by Martin Libicki.[viii] The humanitarian-technical approach presented above can be thus summarized in the following table:

Dimension Type of warfare Description
Humanitarian Command-and-Control (C2W) Attacks on ability to generate and communicate commands
Psychological Impact on perceptions, intentions, and orientations of decision makers
Economic Information blockade and information imperialism
Technical Intelligence-based (IBW) Integration of sensors, emitters, etc. into reconnaissance and surveillance
Electronic (EW) and hacker Technics to enhance, degrade, or intercept flows of information
Cyber warfare The use of information systems against virtual individuals or groups

Table 1. Understanding information wars

The EU’s information security puzzle

When applied to the recent developments in the EU’s Common Security and Defense Policy, the above chart exposes that only the technical part of the information war, and cyber warfare in particular, has been emphasized. Namely, the EU’s announced Cyber Security Strategy and Horizon 2020 Programs deal with the concepts of cyber security and cyber-crimes specifically,while little attention is being paid to the humanitarian side of the information security, for instance psychological attacks, disinformation, and propaganda.

(sofrep.com)

(sofrep.com)

It is true that value-based issues are also addressed in these two initiatives. The EU Cyber Security Strategy does cover such elements as fundamental rights, democracy and the rule of law, which was formulated in the principle that “EU’s core values apply as much in the digital as in the physical world.”[ix] Similarly, the Horizon 2020 program declared its goal as being the protection of the EU “citizens, society and economy as well as infrastructures and services, prosperity, political stability and well-being.”[x] Still, the concept of information security is eventually confined to enhanced cyber security in both documents. Thus, despite the recent political events on the international arena demonstrating the power of disinformation and propaganda (the most recent case has been made by Russia’s incursion into Ukraine), these social aspects are not substantively addressed in these European initiatives.

Before analyzing in more detail these recent EU trends, however, it is worth reviewing the premises of the EU’s information security policy.

The paradox of EU’s information security

Back in 1992 the treaty of Maastricht introduced the so-called three pillars of the European Union, one of which was the Common Foreign and Security Policy. Today, due to the informational and technological development of the Union, ensuring information security as part of the concept of security has become of paramount importance.

The EU’s stand with regard to the contents of “information security” was formulated at the 56th session of the UN General Assembly, where information and network security was defined as the protection of both personal information and the protection of information in the military field and other aspects of national security. In addition, the weak protection of the major information resources, as well as the information and telecommunications systems, were all named as potential threats to the international security.[xi]

On the one hand, such an approach to information security is a rational one, as it differentiates between the information security of a human being and society and that of the Union. On the other hand, though, in both cases, information security is understood as a form of technical security only, unlike the concepts of information security of the US and China, for instance.[xii]

The same pitfall is embedded in the EU bodies, policies and initiatives that deal with information security. It is true that cyber warfare is an important security issue for the EU, considering the high level of computerization of the European society. At the same time, paying unjustifiably less attention to the social component, i.e. the challenges of information-psychological wars, poses an equally serious threat to the information security and sovereignty of the Union.

On a policy level, the Common Security and Defense Policy (CSDP), a major part of the EU’s Common Foreign and Security Policy (CFSP), does not spell out information security at all among its tasks – neither in its original Petersberg format (humanitarian, peacekeeping and peacemaking) – nor in the expanded one under the Treaty of Lisbon.[xiii] The European Security Strategy, providing the framework for the CSDP, does not mention information warfare either among the EU’s key security challenges.[xiv]

On an organizational level, the European Defense Agency (EDA) as an institution established “to support the Member States and the Council in their effort to improve European defense capabilities in the field of crisis management and to sustain the European Security and Defense Policy as it stands now and develops in the future.”[xv] Still, this body of the EU’s Common Foreign and Security Policy does not define directly information threats within its scope of research or project activities.[xvi]

On an initiative level, the EU’s three recent initiatives all focus mainly on cyber security issues in their respective parts related to information security: The EU Digital Agenda, The EU Cyber Security Strategy, and the Horizon 2020 program. Thus, the Digital Agenda for Europe (DAE) “aims to reboot Europe’s economy and help Europe’s citizens and businesses to get the most out of digital technologies.”[xvii] The EU Cyber Security Strategy is based on the assumption that “digital technologies and the Internet are the backbone of our society and economy; they are key enablers of prosperity and freedom.”[xviii] Finally, Digital Security, one of the Horizon 2020’s twelve focus areas, “has many facets, including cybercrime, online privacy and the protection of fundamental rights.”[xix] Yet the terms “fundamental rights” and “economic and societal dimension of security”[xx] remain vague, with no reference being made once again to the humanitarian aspects of the information warfare as outlined above.

Cyber Security instead of Information Security

(vickynanjappa.com)

(vickynanjappa.com)

It is visible that the programs above focus on the technical part of information security, with no attention on the broader social interpretation of information wars (see Table 1) that pose a tremendous challenge to the EU’s status as a major geopolitical player. After all, confining research and funding to the technological aspects of cyber security and cyber warfare eliminates some of the crucial questions that need to be resolved for the survival of the Union. Some of these questions are the following. When does an information war begin and end? How to maintain critical thinking within the infosphere created by the broadcast media? How to combine defensive and offensive information warfare? How to modify responses to information attacks depending on the type of the attacker, i.e. state actors, non-state ones, and corporations? How to train specialists in humanitarian information warfare? What are the legal implications of disinformation and propaganda, and how to deal with them? How to handle information weapons from a legal perspective? The questions related to the social interpretation of information wars are numerous, yet it appears the EU, at least at a strategic level, has no clear answers.

With all the above said, how can the EU information security puzzle of focusing only on cyber security be accounted for? Several types of explanations can be given at different levels: national (member-states), supranational (the EU), non-national (corporations), and global.

From the national dimension perspective, one may argue that the EU focuses on the technical side of the information security (supranational level) – with harmonization of legislation as a pre-requisite – because the broader humanitarian aspect is supposed to be handl­ed by the member states themselves (national level). In Poland, for example, the task of exercising an information and psychological impact onto an opponent’s military and civil population is performed by the Central Group of Psychological Operations (Centralna Grupa Dzialań Psychologicznych) based in the town of Bydgoszcz.[xxi]

From the EU’s stand point, the motivation behind driving cyber security programs is “to help boost Europe’s knowledge-driven economy.”[xxii] After all, providing an additional pool of jobs for the people and orders for producers may alleviate the ongoing economic crisis in the region. In addition, the proposed programs will give the EU “the needed competitive edge to bridge its digital security “structural innovation gap” and demonstrate the market feasibility of its up-to-date security, privacy and trust solutions.”[xxiii]

Another important factor is the influence of corporate lobbying in the EU defense industry, which contributes to the vivid militarization of the EU. The trend of blending the corporate and supranational decision-making has been exposed by the Transnational Institute, for example, in their research on the drone policy development with the European defense and security corporations seeking to profit from it.[xxiv]

Last but not least, the mentioned EU’s initiatives on cyber security expose an ongoing crisis of the science superseded by technology. Today we are witnessing a situation when the development of fundamental science had virtually ceased after the last man-made flight to another planet – the “Apollo-17” flight to the moon in 1972. Although science never stops (consider the building of the Large Hadron Collider), and is an interactive process, technological advancement has, by and large ousted, fundamental research. This, in turn, is a reflection of a much deeper civilizational crisis, with consumer ideals dominating other motivations of the general public. Most dangerously, however, these ideals have captured the minds of intellectuals that have always been at the cutting edge of ideological movements.

Conclusion: “the battle off the battlefield”

Among many benefits, the onrush of technology has brought about the challenge of information wars. Information war as a phenomenon of the post-modern world is truly a battle off the battlefield, as it can be waged without a single shot. While traditional warfare aimed to physically eliminate an opponent, information warfare leads to the disruption of financial, transport and communication networks and systems, the destabilization of the economic infrastructure, changing the mindset of the population, and triggering doubt in the necessity of managing an independent and sovereign state.

Although the European Union has embarked on a revolutionary rode of transforming into an information society and has allegedly acknowledged the potential threats posed by the information age, it has taken a very narrow technological path for dealing with such threats. The recent initiatives on information security introduced by the EU are dedicated to thefurther development of digital technology and using it to counter information challenges in the cyber space. Little or no attention is paid to the humanitarian aspects of information wars, such as resisting disinformation and propaganda, for example.

Still, the recent political disruptions of the Arab Spring, the war against Libya, the civil war in Syria, and the Russian invasion of Ukraine, to name only a few, all highlight an important trend: organizing and implementing effective information and psychological operations is a key element in winning a post-modern war, and ensuring the information security of the state or any other polity. It may be therefore desirable for the European Union to shift the emphasis from the technological underpinnings of its information security concept to its strategic relevance in the post-modern society.

———-

[i] For more information, see Alvin Toffler’s books The Third Wave and Revolutionary Wealth.

[ii] For more information, see Alvin and Heidi Toffler’s War and Anti-War: Making Sense of Today’s Global Chaos describing three waves in the history of warfare.

[iii] http://www.au.af.mil/au/awc/awcgate/nms/nms_feb95.htm

[iv] https://isiseurope.wordpress.com/2014/04/08/the-eus-horizon-2020-framework-bridging-the-eus-cybersecurity-gap/

[v]See, for example, Winn Schwartau’s Information Warfare, Chaos on the Electronic Superhighway defining three classes of information warfare: personal IW, corporate IW and global IW.

[vi]Some examples of IW weapons include computer viruses, worms, electronic jamming etc. For a more extensive list, see pp. 11-13 of Information Warfare – An Introduction by Reto E. Haeni available at: http://www.trinity.edu/rjensen/infowar.pdf

[vii] Translated from Marianna Pavlyutenkova’s Information War: A Real Threat or a Modern Myth? available at: http://anomalia.kulichki.ru/text4/142.htm

[viii] For more details see Martin C. Libicki’s What is Information Warfare? available at: http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA367662

[ix] http://eeas.europa.eu/policies/eu-cyber-security/cybsec_comm_en.pdf

[x] http://ec.europa.eu/programmes/horizon2020/en/h2020-section/secure-societies-%E2%80%93-protecting-freedom-and-security-europe-and-its-citizens

[xi] http://www.un.org/ga/56/

[xii]See, for instance, Strategic Information Warfare and 2013 NIDS China Security Report available at: http://www.rand.org/content/dam/rand/pubs/monograph_reports/2005/MR661.pdf http://www.nids.go.jp/english/publication/chinareport/

[xiii]       http://eeas.europa.eu/csdp/about-csdp/petersberg/index_en.htm

[xiv] See the document ‘A Secure Europe in a Better World’ – European Security Strategy available at: http://www.consilium.europa.eu/uedocs/cmsUpload/78367.pdf

[xv] http://www.eda.europa.eu/Aboutus/Whatwedo/Missionandfunctions

[xvi] Ibid.

[xvii] http://ec.europa.eu/digital-agenda/digital-agenda-europe

[xviii] http://ec.europa.eu/digital-agenda/en/cybersecurity

[xix]        http://europa.eu/rapid/press-release_MEMO-13-1122_en.htm

[xx] Ibid.

[xxi]        http://www.cgdp.wp.mil.pl/pl/index.html

[xxii] https://isiseurope.wordpress.com/2014/04/08/the-eus-horizon-2020-framework-bridging-the-eus-cybersecurity-gap/

[xxiii]Ibid.

[xxiv] http://www.tni.org/eurodrones

One comment on “The EU’s Information Security: The Social versus the Technical Aspect

  1. Alexander Svitych
    25/04/2014

    This is a third part actually🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Twitter

Facebook

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 175 other followers

Archives

%d bloggers like this: