Cyber is a domain of conflict, not a style of operation. IO is one style, but it’s not like the threat of a Stuxnet or a NotPetya event just ceases to exist.
While the Americans are throwing a fit about Russian IO over social media and the press, there was a serious attack against ICS systems in Saudi that almost caused an explosion.
Operations in an information environment can be: active, passive, physical, cognitive, and probably more too…
Stuxnet had an IO component that ppl forget about, it presented false information to admins saying the system was fine.
- The Americans saw Stuxnet as proof that they could hit any system.
- The Russians saw Stuxnet as proof that people will believe computers over their lying eyes.
And they’re both correct.
But the Russian view allows for creative operations. The American view allows for resting on your laurels. They thought that because they destroyed something with cyber they were the pinnacle of cyber warriors. That they knew the domain best.
But that’s false, they got their asses kicked in 2016 because they didn’t consider posting lies on Facebook as a cyber threat vector.