What GAO found
Given the ubiquitous nature of the information environment, both the Department of Defense and adversaries can conduct operations and activities in the information environment from anywhere in the world. Additionally, because DOD capabilities depend on IT and the electromagnetic spectrum (EMS), the ability to conduct operations and activities in all physical domains (land, sea, air and space) relies on protecting the information environment. Based on a review of DOD strategies, questionnaires, interviews, and guides, GAO found:
Pervasive and malicious information. The merging of pervasive information and technology has given individuals, organizations, and nation-states the ability to attack individuals’ cognitive bases—beliefs, emotions, and experiences—for benign or malicious ends. The proliferation of pervasive information, misinformation, disinformation, and misinformation has prompted defense professionals to begin examining the concept of cognitive security.
Relationship between misinformation, disinformation and malinformation
DOD missions and functions. Technology, the EMS and the sharing of data are fundamental to the fulfillment of the Department of Defense’s missions in the information environment. DOD components consistently identified conducting military operations, communications, command and control decisions, and others as missions and functions affected by the information environment.
threat actors. National and DOD strategies recognize that nation-states — such as China, Russia, Iran, and North Korea — have proven they are information environment threat actors by employing malicious cyber, EMS, and influencer activities against DOD interests. In addition, non-state actors — such as insider threats, foreign terrorists, transnational criminal organizations, and others — pose a threat to DOD employees at home and abroad.
threat actions. DOD components highlighted a variety of cyberspace threats, intelligence or information gathering threats, influence threats, and EMS threats that adversely affect DOD personnel and capabilities (see figure below).
Institutional Challenges. National and DOD strategies and documents identify a number of institutional challenges that the DOD must address. Challenges include a lack of leadership, lack of resources, the impact of new technologies and outdated processes. DOD components identified human resources, funding, IT, organization and training as the key institutional challenges they face in relation to the information environment.
Emerging Technologies. DOD Components identified a variety of technologies that may pose either opportunities or threats to DOD in the information environment: artificial intelligence and machine learning, quantum computing, social media platforms, and bots. In addition, relevant reports and subject matter experts have identified extended reality, fifth-generation wireless telecommunications, and the Internet of Things as technologies that could have either positive benefits or negative implications for the Department of Defense.
Past and planned DOD actions. To gain and maintain an advantage, the Department of Defense must implement and plan actions in several areas, including teaching, organization, and training. For example, the Department of Defense has elevated the concept of “information” and revised its doctrine publications to reflect the fundamental nature of information in joint operations.
Threat actions in the information environment
Why GAO did this study
Today’s information environment presents new and complex national security challenges as the world has transitioned from an industrial age to an information age. Advances in information technology, wireless communications, and social media have increased the speed and reach of information, distributed power over information, and shifted sociocultural norms. The United States’ competitors and adversaries are using these advances and the resulting impact on the information environment to offset the advantages of US conventional warfare.
The Department of Defense (DOD) defines the information environment as the ensemble of people, organizations, and systems that collect, process, disseminate, or respond to information—consisting of physical, informational, and cognitive dimensions, as shown in the figure below.
Three dimensions of the information environment
To illustrate and better inform Congressional and DOD officials, this report describes the DOD’s use and protection of the information environment through the following six key elements – Pervasive and Malicious Information, Impact on DOD’s Mission, Threat Actors, Threat Actions, Institutional Challenges and new technologies that may enable or disrupt Department of Defense missions. This report also describes DOD actions taken and planned to leverage and protect the information environment.
In preparing this report, GAO distributed questionnaires to 25 DOD organizations involved in the information environment, among other things. GAO staff also interviewed officials and subject matter experts; reviewed 35 documents on strategy, policy, doctrine and other guidance from the Department of Defense and other federal agencies; and reviewed studies and other documents.
For more information, contact Joseph W. Kirschbaum at (202) 512-9971 or [email protected]