INFORMATION OPERATIONS AND INTELLIGENCE COMMUNITY RELATED ACTIVITIES

DIRECTOR O CENTRAL INTELLIGENCE DIRApprOVed for Release: 2020/08/03 C00574967 ' TOP SECRET!, WOFORNI/X1 (b)(3) L.DO� (b)(3) (b)(3) DIRECTOR OF CENTRAL INTELLIGENCE DI CTIVE 7/3 INFORMATION OPERATIONS AND INTELLIGENCE C MUNITY RELATED ACTIVITIES (U) (Effective 01 July 1999) 1. REFERENCES. a) (U) DCID 5/1, "Espionage and Counterintelligence ivities Abroad," 19 Dec 1984 b) (U) NSCID 5, "U.S. Espionage and Counterintell ence Activities Abroad," 19 Dec 1984 c) (U) NSCID 6, "Signals Intelligence," 17 Feb e72 d) (U) NSD 42, "National Policy for the Sec rity of National Security Telecommunications and Information Systems," 05 Jul 1990 e) (U) Presidential Decision Directive/SC-63 (PDD-63), "Critical Infrastructure Protection," 22 May 1998 f) (U) Memorandum of Agreeme ion Oversight Board for Private Sector Relationships, 05 Jun 1998 g) (U) Charter of the Nation Special Communications Working Group (NSCWG), 07 Jan 1997 h) (U) Memorandum of/Agreement concerning Deconfliction of Computer Network Operations (CNO), Olhul 1999 i) (U) Charter of th Bilateral Information Operations Steering Group (BIOSG), 14 Apr 1998 j) (U) DCID 5/ "Intelligence Disclosure Policy," 30 Jun 1998 k) (U) Natio 1 Security Act (NSA) of 1947, as amended 1) (U) Titl 10, U.S. Code (Armed Forces) m) (U) OA Between DoD and the IC Regarding the Information Operations Technology Center (IOTC), 04 Mar 1997 n) (U) Concept of Operations (CONOP) for the Information Operations Technology Center (IOTC), 04 Mar 1997 1 of 9 12/6/00 3:53 PM Approved for Release: 2020/08/03 C00574967 DIRECTOR OF CENTRAL INTELLIGENCE DmApproved for Release: 2020/08/03 C00574967 (b)(3) o) (U) Title 50, U.S. Code 2. PURPOSE. (U) This directive sets forth the responsibilities of Intelligence Community (IC) components in t conduct and coordination of: � (U) Information Operations (JO), � (U) Intelligence and related support to JO, and � (U//52e15) Deconfliction of specific computer network operations (CNO) co ucted by National Foreign Intelligence Program (NFIP) agencies. 3. AUTHORITIES. (SIAN?) This DCID does not affect the authorities, responsibilities, and r trictions relating to components of the IC and the Department of Defense (DoD) that are set out in exis)fig statutes, executive orders, and policy directives such as Presidential Decision Directives (PDDs), Itional Security Council Intelligence Directives (NSCIDs), and other DCIDs, in particular the requirem ts under reference (a) for coordination of espionage and counterintelligence activities abroad. This DC clarifies the DCI authorities under which IC elements may carry out computer network attack (CNA) a computer network exploitation (CNE) using NFIP funds. 4. DEFINITIONS. A. (U/T.,0140) The definition of information operati, ns (I0) is: "Actions taken to affect adversary information and information systems while defen tng one's own information and information systems." B. (UHEOWIT Information Operations is an integrating strategy. Although still evolving, the fundamental concept of JO is to integrate different activipes to affect decision making processes, information systems, and supporting information infrastructures4 achieve specific objectives, as well as to protect and defend friendly information and information inyastructures. IC JO-related activities include CNE and other supporting intelligence activities. 5. DISCUSSION. A. (UHF.C*115). The concept of)nformation Operations (JO) emerged against the backdrop of the explosive growth of information technojggy. JO has made use of electronic warfare (EW), psychological operations (PSYOP), military deceptiol, operational security (OPSEC), and physical destruction. The rapid spread of computers and computer *works has led to their inclusion as instruments for attacking and influencing information infrastructu B. (U//F-015.0) Comp 1 ter network operations (CNO) comprises computer network exploitation (CNE) -- denoting a broad r. ge of intelligence collection activity; computer network attack (CNA) -- denoting attacks on compu r systems and networks; and computer network defense (CND) -- denoting actions taken to protect U.S. c:mputer systems and networks and possibly those of allies and coalition partners. CNE is an intelligenc ollection activity and, while not viewed as an integral pillar of DoD JO doctrine, it is recognized as an 10-related activity that requires deconfliction with JO. There are interdependencies and relationships among CNE, CNA, CND, and other IC activities in support of JO which may require mechanisms to ensure proper deconfliction or coordination among those NFIP funded IC elements that engage in these activities. 2 of 9 12/6/00 3:53 PM Approved for Release: 2020/08/03 C00574967 DIRECTOR 01E CENTRAL INTELLIGENCE DIRApprOved for Release: 2020/08/03 C00574967 (b)(3) C. (15//F.Gt70) IC JO activities include conducting, with proper authorization, covert action, including CNA. IC elements authorized to conduct CNA under DCI authorities in peacetime will be specified b a Presidential Finding. D. (W/E01165.IC JO-related activities include: � (U) Collecting, processing, analyzing, and disseminating foreign intelligence and c nterintelligence on JO. � OConducting CNE, in accordance with the authorities described in referenc (b) and (c). � (U) Supporting other U.S. government organizations in the conduct of their missions. � (U) Ensuring effective warning and defense against JO. � (U) Performing computer network defense (CND) activities commensur e with established legal statutes or the technical direction provided by NSA/CSS, as specified reference (d), or the National Infrastructure Protection Center (NIPC), as set forth in refe ence (e). 6. DECONFLICTION. A. (U) While this DCID does not address every contingency, JO an JO-related activities specified in paragraphs 6.0 and 6.D shall be deconflicted and mutually supp ing. Deconfliction mechanisms shall be established to guarantee compatibility within areas of commo oncern. B. (U) To support the establishment of deconfliction proceises, it is important to initially identify the applicable authority for an action so that activities can be conducted within an appropriate legal context and oversight requirements can be satisfied. The nature/and the context of an activity will determine the applicable legal authority for the activity (i.e., the au14rity under which an activity is conducted). The following guidelines shall apply: 1) (U) The criterion for identifying the a licable authority for a proposed activity shall be the "primary purpose" of the activity. For e ample, if the "primary purpose" of an activity is foreign intelligence (H) collection, Fyollection authorities shall prevail, notwithstanding the fact that the activity may have other urposes. 2) (U) The nature and context of/ he activity, and not the U.S. Government entity that conducts it, shall determine the applicabAauthority. C. (YS DIP) The Oversight Bogrd for Private Sector Relationships (reference f) and the National (b)(3) Special Communications Worki /g Group (NSCWG) (reference g) exist to deconflict JO-related industrial relations and special communi ations, respectively. They shall be expanded to include new membership as appropriate. D. �,S4414*-3 CNA/E Deconjliction process. CIA and NSA will jointly manage, as an IC service of common concern, an Interagency Target Register (ITR) to deconflict IC CNA and CNE operations. IC elements conducting CNA or C operations under DCI authorities shall deconflict their operations within the ITR structure according t TR procedures and appropriate access negotiated with the principal signatories to the MOA cited in rs erence (h). The IC recognizes a need to establish procedures for deconflicting CNE activities with ot r appropriate U.S. agencies. (b)(1) (b)(3) 3 of 9 12/6/00 3:53 PM Approved for Release: 2020/08/03 C00574967 DIRECTOR 01E CENTRAL INTELLIGENCE DIRApproved for Release: 2020/108/03 C00574967 (b)(3) (b)(1) (b)(3) 7. IMPLEMENTATION. SjSaitir Except where covered by existing policies, IC JO-related responsibilities are lis d below. A. (U) The Deputy Director of Central Intelligence for Community Manage nt (DDCl/CM) shall: 1) (U) Serve as the IC focal point for JO strategic planning and p icy coordination within the IC and with the Bilateral Information .erations Steering Group (BIOSG) (per reference i). 2) (U) Represent IC organizations that are not already re r. esented on the BIOSG. 3) (U) Provide administrative and staff support to the ecretariat of the BIOSG (per reference i). 4) (U) Oversee implementation of this DCID. B (U) The Assistant Secretary of State for Intellig nce and Research (I&R) shall: 1) (U) Support the Chiefs of Mission in t en- review of the implications of contemplated JO for foreign affairs and iplomatic relations pursuant to reference (a). 2) (U) Pursuant to reference (j), rev ew the implications of contemplated sharing of intelligence on foreign JO pro ams with allies or other foreign entities. C. (U) The National Intelligence Off / ers (NI0s) for Warning and for Science & Technology shall jointly provide the DCI and otj1�IC elements with appropriate strategic warning against JO. D. (U) Consistent with the Nati nal Security Act of 1947 (reference k), the DCI has assigned the following tasks, which, pu,suant to 10 USC 113 (reference 1), the Secretary of Defense has directed the DoD componen listed below to execute. 1) (U) The Directo , National Security Agency/Chief Central Security Service (DIRNSA/CCSS i. Integrate CNA, CNE, and CND tools, techniques, and techno ogy into the SIGINT and INFOSEC communities. ) Train, equip, and organize the U.S. Cryptologic System to su eport the CNE, CNA, and CND requirements needs of its customers. iii.(U) Provide JO-related military targeting support. 4 of 9 12/6/00 3:53 PM Approved for Release: 2020/08/03 C00574967 DIRECTOR OF CENTRAL INTELLIGENCE DIRApproved for Release: 2020/08/03 C00574967 w (b)(3) iv. (81 Provide intelligence gain/loss assessments in response to CINC JO targeting. v. (81 Develop and support analytic modeling and simulation techniques to support CNA/CNE efforts. 2) The Director, Defense Intelligence Agency (D/DIA) shall: i. (U) Ensure that DIA is postured to support the full ra e of JO activities, both offensive and defensive, including psy ological operations, military deception, electronic warfare, c puter network operations, operations security, and physical dest hon. (U) Train and equip the Defense HUMINT &vice (DHS) to support the JO requirements of its customers. iii.(U) Provide 10-related military targetii support. iv. (U) Perform all-source analysis, pr uction, dissemination, and provision of military and military-rel ted intelligence on foreign information infrastructures and for gn information threats for the Secretary of Defense, Joint Chief of Staff, other defense components, and, as appropriate/non-defense agencies. v. reshitcr3 Pursuant to existin ,DoD directives, instructions and other guidance, conduct Human F ctors intelligence support for the full range of JO. vi. (U) Pursuant to DoD1fequirements, provide strategic indications and warning for 10. vii.(U) Provide polit cal-military assessments in response to CINC 10 targeting. 3) (U) The Director, N ional Imagery and Mapping Agency (D/NIMA) shall: i. (U) Conduct imagery and geospatial analysis to identify critical foreign info ation infrastructures and assess their interdepend cies. (U) In artnership with other IC elements, provide targeting support o 10. This includes identifying physical targets, developing targeti packages and preparing combat assessments. iii.(U With approved tasking, help identify vulnerabilities to key U.S nfrastructures (CONUS and OCONUS) in order to contribute to effective defensive JO practices. iv. (U) Provide other imagery and geospatial information support to IC and DoD JO efforts in a timely and effective manner. 5 of 9 12/6/00 3:53 PM pproved for Release: 2020/08/03 C00574967 DIRECTOR OF CENTRAL INTELLIGENCE DIRA pproved for Release: 2020/08/03 C00574967 � (b)(3) 4) v. (U) Ensure JO requirements are included in any delineation and assessment of future requirements. 5) (U) The Director of the Information 0 erations Technology Center (D/IOTC) shall execute responsibilities in accord ce with references (m) and (n). E. (U) The Director, Federal Bureau of In estigation (D/1-13I) shall: 1) (U) Provide available, releasa e information and operational support that may assist in the planning or execu on of an JO activity by IC and DoD. 2) (U) Assist other agencies14l assessing the risks of planned JO activities to the U.S. information infrastru ure. 3) (U) Keep the U.S. p ate sector and Government at all levels informed of threats to the U.S. inf ation infrastructure that may arise from JO activities without divulging U . plans or intentions. 4) (U) Develop a cf deploy tools to reduce the risk of penetration, corruption, and disruption of c ical U.S. information systems and networks. 5) (U) Invest ate JO intrusions and attacks against information networks and systems in t e United States. F. (U) All IC E ment Heads shall: 1) (U) rovide the DDCl/CM with the information required to assist the DCI in impl enting this directive. 2)8 Cooperate closely with the IOTC to ensure consistency between the CNA and dual purpose (CNE) techniques contained in the Toolbox and any other (b)(1) (b)(3) 6 of 9 12/6/00 3:53 PM Approved for Release: 2020/08/03 C00574967 + DIRECTOR OE CENTRAL INTELLIGENCE DIR ApprOVed for Release: 2020/08/03 C00574967 � 4 (b)(3) developing or employed capabilities. 3) (U) Take reasonable steps to protect their own systems from hostile CNA and CNE. 8. REVIEW. (U) The DDCl/CM shall coordinate the IC's annual review of this DCID for currency completeness. 3ot XBITELLIGENCE TE APPEND! A 1 Definitions of Terms se / d in this Directive Computer Network Attack (CNA): (U) Operatio s to manipulate, disrupt, deny, degrade, or destroy information resident in computers and computer iletworks, or the computers and networks themselves. Computer Network Defense (CND): (U) Eff&rts to defend against the CNO of others, especially that directed against U.S. and allied computers a d networks. Computer Network Exploitation (CNE. : (U) Intelligence collection and enabling operations to gather data from target or adversary automate/Information systems (AIS) or networks. (b)(1) (b)(3) Computer Network 0 Crations (CNO): (U) CNE, CNA, and CND collectively. Covert Action: (U) efer to Section 503 of the National Security Act of 1947, Title V (50 U.S.C. 413-413b) (referen s k and o) and related legislation. [Related legislation includes the 1991 Intelligence Authorization Ac nd 102d Congress Report SENATE First Session 102-85 and House Conference Report 102-166.] Secti 503 refers to covert action as, ". . . an activity or activities of the United States Government t nfluence political, economic, or military conditions abroad, where it is intended that the role of the United States Government will not be apparent or acknowledged publicly, but does not include-- 7f 9 12/6/00 3:53 PM Approved for Release: 2020/08/03 C00574967 4 DIRECTOR OF CENTRAL INTELLIGENCE DIRApproved for Release: 2020/08/03 C00574967 (b)(3) (U) . . . activities the primary purpose of which is to acquire intelligence, traditional counterintelligence activities, traditional activities to improve or maintain the security of United States Government programs, or administrative activities; . . . traditional diplomatic or military activities or routine support to such activities; . . . traditional law enforcement activities conducted by United St es Government law enforcement agencies or routine support to such activiti ; or. . activities to provide routine support to the overt activities . . . of other nited States Government agencies abroad." (Special Activities is a euphe t, sm for covert action; as such it is redundant to include it here.) Deception: (U) Those measures designed to mislead an adversary by ma Dulation, distortion, or falsification of evidence to induce him to react in a manner prejudicial t ,his interests. (b)(1) (b)(3) Electronic Warfare: (U) The use of electromagnetic and,�rected energy to control the electromagnetic spectrum or to attack an adversary. Human Factors: (U) The psychological, cultural, beriavioral, and other human attributes that influence decision making, the flow of information, and the terpretation of information by individuals or groups at any level in a state or organization. Information Operations (I0): (U) Actions en to affect adversary information and information systems while defending one's own information and nformation systems. Information System: (U) The organizatIOns, personnel, and components that collect, process, store, transmit, display, disseminate and act linformation. Operations Security (OPSEC): ( "A process of identifying critical information and subsequently analyzing friendly actions attend t to military operations and other activities to: a. Identify those actions that can be observed by advers /intelligence systems; b. Determine indicators hostile intelligence systems might obtain that could be inte reted or pieced together to derive critical information in time to be useful to adversaries; c. Select and ecute measures that eliminate or reduce to an acceptable level the vulnerabilities of friendly tions to adversary exploitation. Physical Destruction: ) Referred to in Joint military doctrine as one of the core disciplines of JO. Note: Not all physical destruction is 10 nor related to it. Physical destruction can be used to further tactical, operational, and/or s ategic JO objectives. Examples include destroying command and control facilities, communications li /s, and components supplying energy to power communications. Psychological perations: (U) Planned operations to convey selected information and indicators to foreign audie es to influence their emotions, motives, objective reasoning, and ultimately the behavior of foreign gov ments, organizations, groups, and individuals. The purpose of psychological operations or PSY0Ps is to induce or reinforce foreign attitudes and behavior favorable to the originator's objectives. Special Communications: (U//e11) The relay of U.S. government or allied signals from or into areas 8 of 9 12/6/00 3:53 PM Approved for Release: 2020/08/03 C00574967 � DIRECTOR OF CENTRAL INTELLIGENCE DIRApproved for Release: 2020/08/03 C00574967 (b)(3) typically characterized by an intense counterintelligence or operational security environmentTnsuallrin support of covert or clandestine intelligence or military operations, orsengifive overseas law enforcement activities. ToP OFORNiau 9 of 9 12/6/00 3:53 PM Approved for Release: 2020/08/03 C00574967