The IT Law Wiki


Information operations (IO or Info-Ops) are

[a]ny action involving the acquisition, transmission, storage, or transformation of information that enhances the employment of military forces.[1]
[t]he integrated employment, during military operations, of information-related capabilities in concert with other lines of operation to influence, disrupt, corrupt, or usurp the decision-making of adversaries and potential adversaries while protecting our own.[2]
[a]ctions taken to affect an adversary's information and information systems while defending one's own information and information systems.[3]
[t]he integrated employment of the core capabilities of electronic warfare, computer network operations, psychological operations, military deception, and operations security, in concert with specified supporting and related capabilities, to influence, disrupt, corrupt, or usurp adversarial human and automated decision-making process, information, and information systems.[4]


"Information Operations are an evolving construct with roots back to antiquity, thus it is both an old and a new concept. The late 1970's saw the emergence of Information Warfare (IW) and Command and Control Warfare (C2W) as war-fighting constructs integrating several diverse capabilities. These further evolved into Information Operations, recognizing the role of information as an element of power across the spectrum of peace, conflict, and war."[5]


"The most important concept to remember about IO is that it is not a weapon per se; it is a process. IO is a way of thinking about relationships. IO is an enabler, "source multiplier," a tool that increases one's ability to shape the operational environment. It is a planning methodology, which supports the strategic, operational and tactical use of traditional military forces. It is also a strategy, a campaign, and a process that is supported by traditional military forces. IO does this by using planning tools to synchronize, synergize, and deconflict activities as well as enabling the horizontal integration of these activities across the interagency spectrum."[6]


Information operations refers to the integrated employment of the core capabilities of electronic warfare, computer network operations, psychological operations, military deception, and operations security, in concert with specified supporting and related capabilities, to influence, disrupt, corrupt or usurp adversarial human and automated decision making while protecting our own.[7]

IO comprise those actions taken to gain, exploit, defend, or attack information and information systems and include both information-in-warfare and information warfare and are conducted throughout all phases of an operation and across the range of military operations.[8] IO capitalize on the growing sophistication, connectivity, and reliance on information technology. IO target information or information systems to affect the information-based process, whether human or automated.

Capabilities supporting IO include information assurance (IA), physical security, physical attack, counterintelligence, and combat camera. These are either directly or indirectly involved in the information environment and contribute to effective IO.[9]

IO apply across all phases of an operation, the range of military operations, and at every level of war. They are a critical factor in the joint force commander’s (JFC) capability to achieve and sustain information superiority. Many different capabilities and activities must be integrated to achieve a coherent IO strategy. Intelligence and communications support are critical to conducting offensive and defensive IO. The thoughtful design and correct operation of information systems are fundamental to the overall conduct of IO. Additionally, to achieve success, IO must be integrated with other operations (air, land, sea, space, and special) and contribute to national and military objectives.


Offensive information operations[]

Offensive IO involve the integrated use of assigned and supporting capabilities and activities, mutually supported by intelligence, to affect adversary decision makers and achieve or promote specific objectives. These assigned and supporting capabilities and activities include, but are not limited to, operations security (OPSEC), military deception, psychological operations, electronic warfare (EW), physical attack/destruction, and special information operations (SIO), and may include a computer network attack.

Offensive IO may be conducted in a variety of situations and circumstances across the range of military operations and may have their greatest impact in peace and the initial stages of a crisis. Beyond the threshold of crisis, offensive IO can be a critical force enabler for the JFC. Offensive IO may be conducted at all levels of war — strategic, operational, and tactical — throughout the battlespace.

Offensive IO applies perception management actions such as PSYOP, OPSEC, and military deception, and may apply attack options such as EW and physical attack/destruction to produce a synergistic effect against the elements of an adversary’s information systems. There are many capabilities and activities that require integration both defensively and offensively to conduct successful IO. Some of these capabilities or activities appear more offensive or defensive in nature, but it is their integration and potential synergy that ensures successful offensive and defensive IO.

The employment of Offensive IO to affect an adversary’s or potential adversary’s information or information systems can yield a tremendous advantage to U.S. military forces during times of crisis and conflict. As a result, combatant commanders must carefully consider the potential of IO to deter, forestall, or resolve back crises.

Offensive IO training should include integration of all available and potentially available offensive IO capabilities, to encompass multinational and other DOD and non-DOD offensive capabilities, as well as individual and organizational training. It should also focus on offensive IO training as the main effort and as a supporting function.

Offensive IO Principles[]

Offensive IO principles include the following:

  • The human decision-making processes are the ultimate target for offensive IO. Offensive IO involve the integration and orchestration of varied capabilities and activities into a coherent, seamless plan to achieve specific objectives.
  • Offensive IO objectives must be clearly established, support overall national and military objectives, and include identifiable indicators of success. The potential spectrum of IO objectives ranges from peace to war.
  • Selection and employment of specific offensive capabilities against an adversary must be appropriate to the situation and consistent with U.S. objectives. These actions must be permissible under the law of armed conflict, consistent with applicable domestic and international law, and in accordance with applicable rules of engagement.
  • Offensive IO may be the main effort, a supporting effort, or a phase of a JFC’s campaign or operation.
  • Offensive IO in support of a JFC’s campaign or operation may include planning and execution by non-DOD forces, agencies, or organizations and must be thoroughly integrated, coordinated, and deconflicted with all other aspects and elements of the supported campaign or operation.
  • In order to efficiently attack adversary information and information systems, it is necessary to be able to do the following:
    • Understand the adversary’s or potential adversary’s perspective and how it may be influenced by IO.
    • Establish IO objectives.
    • Identify information systems value, use, flow of information, and vulnerabilities.
    • Identify targets that can help achieve IO objectives.
    • Determine the target set.
    • Determine the most effective capabilities for affecting the vulnerable portion of the targeted information or information systems.
    • Predict the consequences of employing specific capabilities with a predetermined level of confidence.
    • Obtain necessary approval to employ IO.
    • Identify intelligence and combat information feedback necessary to support assessment.
    • Integrate, coordinate, and implement IO.
    • Evaluate the outcome of specific IO to the predetermined level of confidence.


Defensive information operations[]

Defensive IO integrate and coordinate policies and procedures, operations, personnel, and technology to protect and defend information and information systems. Defensive IO are conducted through information assurance, OPSEC, physical security, counterdeception, counterpropaganda, counterintelligence, EW, and SIO. Defensive IO are supported by intelligence and tailored, multi-source I&W.

Defensive IO ensure timely, accurate, and relevant information access while denying adversaries the opportunity to exploit friendly information and information systems for their own purposes. Offensive IO also can support defensive IO.

Defensive IO ensure the necessary protection and defense of information and information systems upon which joint forces depend to conduct operations and achieve objectives.

Four interrelated processes support defensive IO: information environment protection, attack detection, capability restoration, and attack response. Because they are so interrelated, full integration of the offensive and defensive components of IO is essential. JFCs and their subordinate commanders should plan, exercise, and employ available IO capabilities and activities to support integrated defensive IO.

Defensive IO training should consist of the integration of all available defensive capabilities, to include commercial and other DOD and non-DOD defensive IO capabilities, and encompassing both individual and organizational training. Defensive IO training should build upon the routine peacetime information and information systems protection and defense procedures used throughout the Department of Defense and other U.S. Government and commercial activities.

IO examples.jpg

Legal and policy issues[]

IO may involve complex legal and policy issues requiring careful review and national-level coordination and approval.

  • IO planners must understand the different legal limitations that may be placed on IO in peacetime, crisis, and conflict (to include war). Legal analysis of intended wartime targets requires traditional Law of War analysis.
  • IO planners at all levels should consider the following broad areas: (1) domestic and international criminal and civil laws affecting national security, privacy, and information exchange. (2) international treaties and agreements and customary international law, as applied to IO. (3) structure and relationships among U.S. intelligence organizations and general interagency relationships, including nongovernmental organizations.
  • Geographic combatant commanders should ensure that IO are considered in the development of their theater strategies and campaign plans.

Additional legal considerations include:

  • The legal aspects of transitioning from defensive to concurrent offensive operations.
  • Special protection for international civil aviation, international banking, and cultural or historical property.
  • Actions that are expressly prohibited by international law or convention. Examples include, but are not limited to: (1) destruction resulting from space-based attack (International Liability for Damage Caused by Space Objects); (2) violation of a country’s neutrality by an attack launched from a neutral nation (Hague Convention V); and (3) PSYOP broadcasts from the sea, which may constitute unauthorized broadcasting (U.N. Convention on Law of the Sea).


  1. OPSEC Glossary of Terms.
  2. U.S. Department of Defense, Joint Pub. 1–02: DOD Dictionary of Military and Associated Terms (Nov. 8, 2010, as amended through May 15, 2011) (full-text).
  3. Practices for Securing Critical Information Assets, Glossary, at 54.
  4. Cyberspace Solarium Commission - Final Report, at 135.
  5. Information Operations Primer, at 1.
  6. Dan Kuehl, "Information Operations: The Hard Reality of Soft Power" 6 (May 2004) (full-text).
  7. U.S. Joint Chiefs of Staff, Joint Publication 3-13, at ix (Feb 13, 2006).[1]
  8. Information Operations, at 2.
  9. Id.

See also[]