Adapting C 2 to the 21 st Century Applying a Generic Security Risk Model to the Information Operations Planning Process

This paper describes work done in response to a commission from the Ministry of Defence DEC ISTAR office, on behalf of the MoD Directorate of Targeting and Information Operations. The overall requirement was to provide guidance to Information Operations staff both in the UK and in theatre. The objectives of the particular work package discussed in this paper were: to assess the suitability of a generic security risk assessment model for reengineering into an information operations planning tool; if found suitable, to express that re-engineered model as help-file texts for use in theatre by Information Operations staff. This paper describes the results of that work package. A causal risk chain of the form threat→vulnerability→impact was re-engineered into a set of operational planning procedures, expressed in terms of effects-based operations. These procedures were expressed as help-file texts in a prototype tool which MoD is now evaluating for use by Information Operations planners. The paper explains the reasoning behind this re-engineering, and the paper’s appendix consists of relevant extracts from the tool’s help-file texts.