Chapter 5: Evaluate the Threat PDF

Chapter 5 Step 3—Evaluate the Threat WHAT IS IT? 5-1. Step 3 of the IPOE process determines threat force capabilities and the doctrinal principles and TTP threat forces prefer to employ. This may include threats that create multiple dilemmas for U.S. maneuver forces by simultaneously employing regular, irregular, and terrorist forces and criminal elements, using a variety of traditional and nontraditional tactics. Example While planning a contingency show-of-force operation, a G-2 requests the joint intelligence center study the recent decisions of the targeted country’s dictator. Because of this research, the joint intelligence center produces a model of how the dictator makes decisions, emphasizing the dictator’s tendencies during political crises. Meanwhile, the S-2 for the brigade conducting the operation evaluates the threat. +Using the S-2’s contingency area threat characteristics files, the S-2 determines that the two threat brigades within the target area are equipped, organized, and trained well enough for offensive and defensive operations against the friendly brigade. +The S-2 prepares threat models depicting normal offensive and defensive operations in built-up areas, which lead to a show-of-force operation. 5-2. Over the past three decades, threats have studied the manner in which U.S. forces have deployed and conducted operations. Several have adapted, modernized, and developed capabilities to counter U.S. advantages in the air, land, maritime, space, and cyberspace domains. Military advances by Russia, China, North Korea, and Iran most clearly portray this changing threat. Therefore, understanding threat capabilities is critical to developing COAs. 5-3. Threats, large and small, increasingly operate in an indeterminate zone between peace and war. They seek to avoid U.S. strengths and, instead, take advantage of U.S. laws and policies regarding the use of information and cyberspace capabilities. Coupled with the Nation’s initial reluctance to engage in major combat operations, threats achieve incremental gains that advance their agenda and narrative. They use a range of techniques, including nonattribution, innuendo, propaganda, disinformation, and misinformation, to sway global opinion favorable to their aims. 5-4. For the Army, threats are a fundamental part of an overall OE for any operation, but they are discussed separately here simply for emphasis. A threat is any combination of actors, entities, or forces that have the capability and intent to harm United States forces, United States national interests, or the homeland (ADP 3-0). Threats may include paramilitary or military forces, nation-states, national alliances, individuals, groups of individuals (organized or not organized), or conditions that can damage or destroy life, vital resources, or institutions. (See ADP 3-0.) 5-5. While the Army must be manned, equipped, and trained to operate across the range of military operations, large-scale ground combat against a peer threat represents the most significant readiness requirement. +FM 3-0 focuses on peer threats in large-scale ground combat operations. It describes peer threats as adversaries or enemies with capabilities and capacity to oppose U.S. forces across multiple domains worldwide or in a specific region where they enjoy a position of relative advantage. Peer threats possess roughly equal combat power in geographical proximity to a conflict area with U.S. forces. They may also have a cultural affinity to specific regions, providing them relative advantages in terms of time, space, and sanctuary. Peer threats generate tactical, operational, and strategic challenges of an order of magnitude more challenging militarily than those the Army has faced since the end of the Cold War. 23 January 2024 ATP 2-01.3, C2 5-1 Chapter 5 5-6. Peer threats— ⚫ Employ strategies that capitalize on their capabilities to achieve their objectives. ⚫ Prefer to achieve their goals without directly engaging U.S. forces in combat. ⚫ Often employ information warfare in combination with conventional and irregular military capabilities to achieve their goals. ⚫ Will try to weaken the resolve of the United States and its partners to sustain conflict. ⚫ Will exploit friendly sensitivity to world opinion and attempt to exploit American domestic opinion and sensitivity to friendly casualties. ⚫ Believe they have a comparative advantage because of their willingness to endure greater hardship, casualties, and negative public opinion. 5-7. Peer threats employ their resources across multiple domains to attack U.S. vulnerabilities. They use their capabilities to create lethal and nonlethal effects throughout an OE. Peer threats will use various methods to employ their national elements of power to render U.S. power irrelevant. Five broad peer threat methods, often used in combination, include information warfare, preclusion, isolation, sanctuary, and systems warfare. During combat operations, threats seek to inflict significant damage across multiple domains in a short time. They seek to delay friendly forces long enough to achieve their goals and end hostilities before friendly forces reach culmination. (See FM 3-0.) 5-8. For this publication, the Army divides these threats into the following categories: ⚫ Regular threats. ⚫ Irregular threats. ⚫ Hybrid threats. REGULAR THREAT 5-9. Regular threats from peer competitors with significant ability to act in all domains are considered multi-domain threats. These peer threats are only peer in the military or economic elements of power. In the diplomacy and informational elements of power, multi-domain threats use their lack of democratic institutional constraints, realpolitik (practical politics) approaches, and cyberspace capabilities to overmatch U.S. forces. When analyzing the peer threat, it is important to understand the complexity of the OE, since all types of force structures, capabilities, and domains are available to use against U.S. forces to accomplish threat goals and objectives. 5-10. Peer threats seek to reduce the ability of the United States to achieve dominance in the air, land, maritime, space, and cyberspace domains. By using state and nonstate actors, peer threats attempt to apply technology across the domains to disrupt U.S. advantages in communications, long-range precision-guided munitions, movement and maneuver, and surveillance. Peer threats also seek to reduce the United States’ ability to achieve dominance in those domains; therefore, Army forces cannot always depend on an advantage in technology, communications, and information collection. 5-11. To capitalize on the perceived vulnerabilities of the United States and its allies, peer threats may use nation-states to establish proxy forces. These forces may act on behalf of peer threats to achieve a desired end state in territories where peer threats do not want to disclose their involvement. Proxy force capabilities range from using insurgent tactics to technologically advanced capabilities. Historic conflicts that relied on proxy force capabilities include but are not limited to the Ukraine crisis (2014), the Syrian Civil War (2011), the Korean War (1950 to 1953), and the Nicaraguan Civil War (1979 to 1990). IRREGULAR THREAT 5-12. Irregular threats are opponents employing unconventional, asymmetric methods and means to counter U.S. advantages, such as overwhelming firepower and technological overmatch. A weaker threat often uses unconventional methods to exhaust the U.S. collective will through protracted conflict. Unconventional methods include terrorism, insurgency, and guerrilla warfare. Economic, political, informational, and cultural initiatives usually accompany and may even be the chief means of irregular attacks on the U.S. influence. The Hamas and al-Qaida are examples of irregular threats. 5-2 ATP 2-01.3 1 March 2019 Step 3—Evaluate the Threat 5-13. Irregular threats have diverse capabilities that may change rapidly, outpacing what military personnel are accustomed to with the military acquisitions process. Analysis of threat capabilities must be continuous to keep abreast of changes in both equipment and techniques employed. This is particularly true with nonlethal capabilities. 5-14. Irregular threats can take advantage of commercially available technology and exploit cyberspace. For example, irregular threats can use cyberspace to influence global audiences, communicate with specific audiences, and impact U.S. capabilities using direct and indirect means. 5-15. Drug cartels; nationalist, antireligion, and political organizations; foreign terrorist organizations, transnational criminal organizations, and insurgencies; and militant activists may be classified as irregular threats. These groups may have vastly different capabilities and objectives. Some objectives may be rooted in financial gain, while others may be rooted in power, political change, or in governmental policy changes that exceed politics. HYBRID THREAT 5-16. +A hybrid threat is the diverse and dynamic combination of regular forces, irregular forces, terrorist forces, or criminal elements unified to achieve mutually benefitting effects (ADP 3-0). A hybrid threat also seeks to achieve shared or separate purposes, shared or separate objectives, or any combination of effects, purposes, or objectives. Hybrid Threat Example Country A may use Country B’s military force to achieve a political objective and maintain deniability of its involvement. Country A supports Country B’s military by using a smuggling network to transport weapons, supplies, and cash across international borders. Country A compensates Country B for its actions by lowering tariffs on imports. Despite their different objectives, these parties have a mutually beneficial relationship. Country A achieves a political objective without degrading its international image. Country B gains an economic boost and strengthens an international relationship. The professional smugglers have no interest in politics or national objectives; their only concern is financial. 5-17. From an IPOE perspective, the term hybrid threat serves to capture the complexity of OEs, including the variety of actors involved and the blurring of traditional elements of conflict. It also adds another layer of complexity to the evaluation of irregular threats. For example, the involvement of the regular threat (nation-state) may not be overt; its entire purpose for using the irregular threat may be to achieve anonymity or to stay within those confines that will keep the competition below the state of armed conflict. Determining the motivation for the irregular threat’s actions will assist analysts in identifying the potential logic of other actor’s involvement even if that involvement is limited to influence. SO WHAT? 5-18. The “so what” of step 3 is to enhance commanders’ understanding of the regular, irregular, and hybrid threats within their AOI: ⚫ Outcome of success: Threat COAs developed in the next step of IPOE reflect what the threat is capable of and trained to do in similar situations. ⚫ Consequences of failure: ◼ The staff may lack the intelligence needed for planning. ◼ The threat may surprise the friendly force with capabilities not accounted for by the G-2/S-2. ◼ The staff may waste time and effort planning against nonexistent threat capabilities. ◼ The friendly force’s ability to exploit threat windows of vulnerability may be degraded. 23 January 2024 ATP 2-01.3, C2 5-3 Chapter 5 HOW TO DO IT: THE PROCESS 5-19. Step 3 of the IPOE process consists of the substeps and outputs shown in figure 5-1. Figure 5-1. Substeps and outputs of step 3 of the IPOE process 5-20. Evaluating the threat should begin with identifying all threats based on their characteristics and ultimately creating the threat model (regular, irregular, or hybrid structure). At the tactical level, threat characteristics are often referred to as order of battle. The tactical-level evaluation of a military threat should concentrate on standard threat characteristics/order of battle factors, such as the composition, disposition, strength, TTP, and training status of specific tactical units or factional groups that could interfere with mission accomplishment. Order of battle is the identification, strength, command structure, and disposition of the personnel, units, and equipment of any military force (JP 2-0). Note. When operating against a new or emerging threat not identified and described in the unit’s threat data files, the intelligence staff must develop new data files for each of these threats. Other units’ and organizations’ data files may also assist in developing threat products. 5-21. A commander’s understanding of the threat is based in part on the intelligence staff’s research and analysis of the threat characteristics, as part of generating intelligence knowledge. The intelligence staff considers broad characteristics when analyzing the threat, such as composition, disposition, strength, combat effectiveness, doctrine and tactics, support and relationships, electronic technical data, capabilities and limitations, current operations, historical data, and miscellaneous data. To ensure this understanding is as complete as possible, the intelligence staff considers the following when assessing these characteristics: ⚫ Threat characteristics form a framework for the consistent evaluation of any force. ⚫ The threat characteristics evaluation framework should be adapted to the threat mission and the unit’s needs. ⚫ Properly maintained files at multiple echelons and organizations are sources of information on threat operations, capabilities, and vulnerabilities. ⚫ Threat characteristics are analyzed as a whole. 5-4 ATP 2-01.3, C2 23 January 2024 Step 3—Evaluate the Threat 5-22. Although threat forces may conform to some of the fundamental principles of warfare that guide Army operations, these forces have obvious and subtle differences in how they approach situations and problem solving. Understanding these differences is essential to understanding how a threat force reacts in a given situation. IDENTIFY THREAT CHARACTERISTICS 5-23. During steps 1 and 2 of the IPOE process, the intelligence staff identifies and defines each individual threat within the commander’s AOI. During step 3, the intelligence staff analyzes the characteristics associated with each of these threats as well as develops threat models for each of these threats. (See appendix C for threat characteristics associated with regular, irregular, and hybrid threats.) COMPOSITION 5-24. Composition is the identification and organization of a threat. It describes how an entity is organized and equipped—essentially the number and types of personnel, weapons, and equipment available for a given operation. Composition applies to specific units or commands as opposed to types of units. Understanding a threat’s composition— ⚫ Is essential in determining the threat’s capabilities and limitations. ⚫ To help construct threat models that assist in developing valid threat COAs and friendly counteractions. ⚫ Assists in determining a threat’s combat effectiveness and conducting combat assessment. 5-25. Regular threats are normally self-identified and organized similarly to friendly forces. Irregular threats may follow similar rules but are mostly organized mostly based on a cellular structure. The staff uses line and block chart products to depict the threat’s composition. (See figure 5-2 and figure 5-3 on page 5-6.) Figure 5-2. Regular threat organizational chart example 23 January 2024 ATP 2-01.3, C2 5-5 Chapter 5 Figure 5-3. Irregular threat organizational chart example Note. There is no standard organizational structure for hybrid threats. 5-26. Composition also refers to how an entity is commanded and controlled. Military forces have distinct and well-defined organizational structures generally built around a linear chain of command. They include air and ground forces that, regardless of national origin, generally follow a modern or contemporary military organizational model. Irregular forces also have distinct and well-defined organizational structures, generally cellular in nature and directed through a decentralized chain of command usually unique to the area or conflict. Regardless of the threat type, knowing its structure assists in understanding its capabilities and limitations. DISPOSITION 5-27. Disposition refers to how threat forces are arrayed on the battlefield. It includes the recent, current, and projected movements or locations of tactical forces. Regular threats generally conduct some form of offensive or defensive maneuver. Irregular threats are generally in part of the plan, prepare, execute, and assess activities of an operation, such as a raid or ambush. In a hybrid threat scenario, irregular threats may have the capability to mass and be the main effort or fixing force on the battlefield. Understanding how the threat doctrinally arrays on the battlefield is essential in developing threat models in step 3 of IPOE and threat situation templates in step 4 of IPOE. The intelligence staff becomes familiar with graphic training aids to illustrate range fans with weapon fire limits and direct and indirect weapon capabilities. This provides a better understanding of threat weapon systems. STRENGTH 5-28. Strength describes a unit in terms of personnel, weapons, and equipment. Information concerning strength provides commanders with an indication of threat capabilities and assists in determining the probable COAs or options open to threat commanders. A lack of strength or a preponderance of strength has the effect lowering or raising the estimate of the threat’s capabilities. Likewise, a marked concentration or build-up of units in an area gives commanders certain indications of threat objectives and probable COAs. During peacetime, changes in the strength of potential threats are important factors as they may indicate changes in the threat’s intention. Strength is determined by comparing how a threat organization is doctrinally staffed and equipped with what the organization has on hand. 5-6 ATP 2-01.3, C2 23 January 2024 Step 3—Evaluate the Threat COMBAT EFFECTIVENESS 5-29. Combat effectiveness, the readiness of a military unit to engage in combat based on behavioral, operational, and leadership considerations. Combat effectiveness measures the ability of a military force to accomplish its objective—it describes a unit’s abilities and fighting quality. Numerous tangible and intangible factors affect combat effectiveness, including but not limited to the number of personnel or equipment losses and replacements, reinforcements (tangibles), and operational experience and morale (intangibles). The simple fact that a military has large numbers does not ensure a unit is combat effective. In large-scale ground combat, it is important to determine the threat’s response to personnel and equipment losses, if and how equipment is replaced, and how units are reinforced. DOCTRINE AND TACTICS 5-30. Doctrine and tactics include tactical doctrine as well as tactics employed by specific units. While tactical doctrine refers to the threat’s accepted organization and employment principles, tactics refer to the threat force’s conduct of operations. Based on knowledge of a threat’s tactical doctrine, the intelligence staff can determine how the threat may employ its forces in the offense and defense under various conditions. Analysts integrate tactics in threat templates and other intelligence products. SUPPORT AND RELATIONSHIPS 5-31. The threat’s adoption of a COA should depend on its support system’s ability to support that action. However, depending on the threat’s objectives, possible time constraints, and/or willingness to assume risk— especially as dictated by political leaders or dynamics of political-military circumstances—this could substantially alter adoption of a COA. With knowledge of these factors, analysts can better evaluate the threat’s combat effectiveness, strength, and capabilities. ELECTRONIC TECHNICAL DATA 5-32. Electronic technical data is required to conduct EW. For the Army, this data is also derived from cyberspace electromagnetic activities, signals intelligence (SIGINT), and measurement and signature intelligence. This data includes communications and noncommunications equipment parameters, such as emitter type and nomenclature, modulation, multiplex capability, pulse duration, pulse repetition frequency, bandwidth, associated weapon systems, and other technical characteristics of electronic emissions. This information can be developed into an overlay. To produce the overlay, SIGINT personnel require the targeting and EW staffs’ assistance and input. CAPABILITIES AND LIMITATIONS 5-33. Capabilities are the broad COAs and supporting operations that the threat can take to achieve its goals and objectives. The following tactical COAs are generally open to military forces in conventional operations: attack, defend, reinforce, and retrograde. Each of these broad COAs can be divided into specific COAs. For example, an attack may be envelopment, penetration, or other variations of an attack. A retrograde movement may be a delaying action, a withdrawal, or a retirement. Other threat capabilities include support to broad COAs or specific types of operations, such as— ⚫ Information warfare—cyberwarfare, cyberspace operations, perception management, influence activities, information activities, deception, EW, and operations security. ⚫ Intelligence operations. ⚫ CBRN employment. ⚫ Espionage, sabotage, and subversion. CURRENT OPERATIONS 5-34. Current operations are those operations in which an enemy force is currently engaged. This includes operations against U.S. military forces or interests or against the military forces or interests of other nation- states. Analyzing current operations provides up-to-date information on other threat characteristics. 1 March 2019 ATP 2-01.3 5-7 Chapter 5 HISTORICAL DATA 5-35. Compiling the history of any threat organization involves conducting the research necessary to gather all relevant information regarding the threat and producing the materials needed to communicate that information to the commander and staff. Information briefings and papers are the two most common methods used for this purpose. These methods support intelligence training, officer professional development, and noncommissioned officer professional development. The history component of the threat data file includes the original sources of information used to compile information briefings and papers. These sources form part of the professional readings required by the unit’s intelligence personnel. MISCELLANEOUS DATA 5-36. Intelligence staffs use supporting information to develop threat force characteristics and to construct comprehensive intelligence estimates. This information includes but is not limited to biographic and personality data, culture (see paragraphs 4-91 through 4-93), biometric and forensic data, as well as other information important to mission accomplishment. Biographic and Personality Data 5-37. Biographic data contains information on characteristics and attributes of a threat force’s members. Personality data is personality profiles; strategic personality assessments of leaders are valuable because the tactics and combat efficiency of particular units are directly related to the commander’s character, schooling, and personality traits. 5-38. Personality is critical especially when combating irregular threats. Analysts focus on leaders and other important individuals. Personality files assist analysts in conducting this analysis. Personality files include but are not limited to— ⚫ Leaders (political, ideological, religious, military, other). ⚫ Staff members. ⚫ Spokespeople. ⚫ Family members (immediate and extended). ⚫ Previous experience and skill training in professional disciplines, trades, and specialties. ⚫ Media manipulation personnel. ⚫ Trainers. ⚫ Code names and nicknames. 5-39. Analysts use these personality files to conduct link analysis and build organizational diagrams to determine relationships between critical personalities and their associations to various groups or activities. When combating irregular threats, this analysis is often known as network analysis. This thorough analysis is critical in determining the roles and relationships of many different people and organizations and assessing their loyalties, political significance, and interests. (See ATP 2-33.4 and ATP 5-0.6 for more information on link and network analysis.) Note. Any relationship or organization can span across illegal, terrorist, and other threat activities, as well as legitimate people, money, and activities. Biometric and Forensic Data 5-40. +Friendly forces have used biometric and forensic collection extensively during recent operations, specifically to support stability operations by establishing the identity, affiliations, and authorizations of an individual; denying anonymity to a threat; and protecting friendly forces, facilities, and forces. 5-41. Valuable intelligence can and has been analyzed from identity activities—a collection of functions and actions that appropriately recognize and differentiate one person from another to support decision making. Identity activities include the production of identity intelligence. Identity intelligence is the intelligence resulting from the processing of identity attributes concerning individuals, groups, networks, or populations of interest (JP 2-0). Identity attributes and associated modalities are collected, analyzed, protected, exploited, 5-8 ATP 2-01.3, C1 06 January 2021 Step 3—Evaluate the Threat and managed to locate, track, and maintain continuity on identities across multiple or disparate instances and/or incidents, or across space and time. Future conflicts will likely involve an adversary that seeks to blend into a civilian populace. Internal Organizational Processes 5-42. An organization’s flexibility or rigidity is a key determinant as to its strengths and vulnerabilities. This flexibility or rigidity can be accurately estimated by answering several questions: ⚫ Are members viewed as potential competitors, or as important organizational contributors? Is the attitude consistent throughout the organization? ⚫ How do organizations replace leader and cadre casualties? What are the primary factors that determine how these replacements are selected? ⚫ What are the rewards and punishments? Are they consistently applied? ⚫ Are internal rivalries complex, or does organizational discipline have primacy? ⚫ How are policies adjusted and adjudicated, through violence or dialogue? ⚫ What are potential divisions and policy fractures? ⚫ Which leaders support specific positions, and why? ⚫ Are leader motivations organizational, family, or personal? CREATE OR REFINE THREAT MODELS 5-43. Threat models accurately portray how threat forces normally execute operations and how they have reacted to similar situations in the past. This also includes knowledge of threat capabilities based on the current situation. Threat models are initially created by analyzing information in various databases concerning threat organizations, equipment, doctrine, and TTP. Higher agencies and organizations create some threat models; but in immature OEs or when a new threat emerges, analysts develop threat models. 5-44. Analysts must use all available sources to update and refine threat models. The most useful sources are threat characteristic files with information that assists analysts in making conclusions about threat operations, capabilities, and vulnerabilities. Staff integration during threat model development is essential in achieving the most accurate depiction of how the threat conducts operations in ideal situations with no terrain constraints. 5-45. A threat model is an analytical tool that assists analysts in developing situation templates during step 4 of the IPOE process. Threat models consist of three activities (see figure 5-4 on page 5-10): ⚫ Convert threat doctrine or patterns of operations to graphics (threat template). ⚫ Describe the threat’s preferred tactics, options, and peculiarities. ⚫ Identify HVTs. 23 January 2024 ATP 2-01.3, C2 5-9 Chapter 5 Figure 5-4. +Threat model example CONVERT THREAT DOCTRINE OR PATTERNS OF OPERATIONS TO GRAPHICS 5-46. Threat templates graphically portray how the threat might use its capabilities to perform the functions required to accomplish its objectives when not constrained by the effects of the OE. Threat templates are scaled to depict the threat’s disposition and actions for a type of operation (for example, offense, defense, ambush, personnel movement, clandestine sustainment operations or kidnapping). When possible, templates should be depicted graphically as an overlay, on a supporting system, or through some other means. 5-47. Threat templates are tailored to the needs of the unit or staff creating them. For example, a G-2 section’s threat template differs in scope from a brigade S-2 section’s template. Some threat templates consider threat forces, while others focus on a single warfighting function, such as intelligence or fire support. Other products depict pattern analysis, time event charts, and association matrices. Threat templates may depict, but are not limited to, unit frontages, unit depths, boundaries, engagement areas, and obstacles. (See ATP 2-33.4 for more on pattern analysis and association matrices.) 5-10 ATP 2-01.3, C1 06 January 2021 Step 3—Evaluate the Threat 5-48. When constructing threat templates, analysts— ⚫ Access and analyze information about the threat from intelligence databases. ⚫ Evaluate the threat’s past operations. ⚫ Determine how the threat normally organizes for combat and how it deploys and employs its forces and assets. ⚫ Look for patterns on how the threat organizes its forces, timing, distances, relative locations, groupings, or use of terrain and weather. 5-49. Templating requires continuous refinement to accurately portray threat patterns and practices. For example, while there may be no threat template for emplacement of kidnapping cells or money-laundering activities, evaluating the database can indicate specific patterns of kidnapping and money laundering. Because the implementation time is a consistent planning factor, an analyst can use the evaluation of the implementation time to determine the likelihood of locations or participants. Note. G-2/S-2s should allow the mission and threat types of to help drive their required templates. DESCRIBE THE THREAT’S TACTICS, OPTIONS, AND PECULIARITIES 5-50. When creating the threat model, analysts describe the threat’s tactics, options, and peculiarities. Tactics 5-51. The threat model includes a description of the threat’s preferred tactics (including but not limited to attack, defend, reinforce, and retrograde). A description is still required even if the preferred tactics are depicted in graphic form. This allows the template to become more than a “snapshot in time” of the operation being depicted. It assists in mentally war gaming the operation over its duration during the development of threat COAs and situation templates. Options 5-52. Options are described by listing items such as identified threat capabilities and branches and sequels. Branches and sequels are used primarily for changing deployments or direction of movement and for accepting or declining combat. In accordance with joint doctrine, branches provide a range of alternatives often built into the basic plan. Sequels anticipate and plan for subsequent operations based on the possible outcomes of the current operation—victory, defeat, or stalemate. Analysts list branches and sequels available to the threat should the operation succeed or fail. For example, the threat might prefer to follow successful attacks with pursuit. Should an attack begin to fail, the preferred branches might include committing reserves or reinforcements or shifting the main effort. Should the attack fail, the preferred sequel might be a hasty defense. 5-53. Analysts also describe supporting warfighting-function relevant actions to identify and develop HVTs. They examine timelines and phases of operations because target values may change from phase to phase. Additionally, analysts describe and determine goals the threat is trying to achieve. Threat objectives are often what the unit’s mission tries to prevent, and those actions the threat takes to prevent accomplishment of the unit’s mission. Threat objectives are specific to the threat type, the AO, the unit’s composition and mission, and other factors, such as when and where a unit transitions from one form of maneuver to the next. Analysts also describe threat objectives in terms of purpose and end state. Several different functions must be executed each time a threat force attempts to achieve a goal. Peculiarities 5-54. Analysts research and annotate any threat peculiarities about the operation. Peculiarities can provide insights into threat strengths and vulnerabilities, as well as assist friendly forces in addressing them. For example, based on research, analysts noted that threat forces lack sufficient armor-piercing 120-millimeter tank rounds. This assists the friendly commander in formulating when and where to use armored assets. Other peculiarities include but are not limited to the following: 1 March 2019 ATP 2-01.3 5-11 Chapter 5 ⚫ Threat fuel shortages. ⚫ Threat armored battalions have recently completed defensive training exercises. ⚫ The threat has insufficient obstacles to protect defensive sites. ⚫ The threat relies heavily on information warfare to control the local populace. ⚫ The threat lacks information collection assets to collect on certain AAs. ⚫ Threat special purpose forces are well-trained in conducting hasty ambushes to impede movements along AAs. ⚫ The threat lacks the leadership and training to conduct simultaneous counterattacks in multiple locations. IDENTIFY HIGH-VALUE TARGETS 5-55. Identifying HVTs assists the staff in creating HPTs during the COA development step of the MDMP. The following techniques may be useful in identifying and evaluating HVTs: ⚫ Identify HVTs from existing intelligence studies; the evaluation of the databases; size, activity, location, unit, time, and equipment (also called SALUTE) reports; patrol debriefs; the threat template and its associated threat capability statement; and the use of tactical judgment. ⚫ Review threat TTP and previous threat operations as well as understand the threat’s task, purpose, method, and end state. ⚫ +Consider that HVTs usually fall within nonmaneuver elements (C2, intelligence, fires, sustainment, and protection). ⚫ Identify assets that are key to executing the primary operation or sequels. ⚫ Determine how the threat might react to losing each identified HVT. Consider the threat’s ability to substitute other assets as well as adopt branches or sequels. ⚫ Conduct mental war gaming and think through the operation under consideration and how the threat will use assets from each of the elements (such as fire support, engineers). 5-56. As analysts identify key assets (see table 5-1), they group them into categories to assist in identifying threat objectives. Categories include but are not limited to C2, movement and maneuver, intelligence, fires, sustainment, protection, cyberspace. Table 5-1. High-value targets by threat element and cyberspace Systems Threat element Capability Strength Weakness Reaction to loss (assets) What makes it What makes it Range vulnerable to hardened against Only means of Digital interception or Radios interception or communications to Encryption jamming? jamming? leadership Frequency hop Does it have a Strong range weak range? What types of Only means of camouflage do they Is this the only communications with Runners Are they present? use? communications that priority messages (if loss Do they wear they possess? of radio communications) Command and civilian attire? control Fire control networks Command and control networks (Blue Force What makes it more Only means of Computer What makes it weaker Tracker) efficient than U.S. communications to networks than U.S. systems? Range systems? leadership Satellite uplink Network-based Civilian infrastructure 5-12 ATP 2-01.3, C1 06 January 2021 Step 3—Evaluate the Threat Table 5-1. High-value targets by threat element and cyberspace (continued) Systems Threat element Capability Strength Weakness Reaction to loss (assets) Range of main gun Types of ammunition (range can differ) Rate of fire Target acquisition (laser-range finder, Strongest armored wire-guided, basic platform on the optical magnification, What makes it more battlefield Tanks/APCs/ What makes it weaker fire on the move efficient than U.S. Only armored IFVs than U.S. systems? capability) systems? personnel carrier Armor Primary mounted Range of system fighting platform (How far system can travel before refuel?) Can the commander fire the main gun? Troop capacity, is it Movement and amphibious? maneuver Unit basic load Dig rate Mobility and Mine emplacement What makes it more What makes it weaker Only means of obstacle countermobility rate/size of minefield efficient than U.S. than U.S. systems? emplacement systems if scatterable mine systems? layer Bridge lay rate Range of weapons Types of ammunition (range can differ) Rate of fire What makes it more What makes it weaker Primary support by fire Crew served Target acquisition efficient than U.S. than U.S. crew-served platform, largest casualty weapons (laser-range finders, crew-served weapons weapons producing weapons basic optical magnification, fire on the move capability) Portability (crew size) What types of chemicals can the Unable to protect mask or system What makes it What MOPP level Chemical against WMD withstand? effective against U.S. effectively withstands protection Unable to implement What type of gas masks? the chemical? Protection WMD chemicals does the enemy employ? Personnel battle armor, What makes it more What makes it Incapable of protecting Survivability what is the rating for efficient against U.S. ineffective against U.S. against 5.56/7.62-caliber (weapon size)? weapon systems? weapon systems? round Type of ammunition What makes it more What makes it weak Unable to implement Range of ammunition efficient than U.S. Artillery against U.S. counter artillery indirect fire or Rate of fire artillery/counter artillery? severely degraded Fire control system artillery? Surface to air missile (range of missile Fires Altitude Portability What makes it What are its Acquisition system Unable to deny U.S. air Air defense effective against U.S. inferiorities against (passive IR, laser) superiority airframes? U.S. airframes? Air defense guns (range, altitude, portability, acquisition system) 1 March 2019 ATP 2-01.3 5-13 Chapter 5 Table 5-1. High-value targets by threat element and cyberspace (continued) Systems Threat element Capability Strength Weakness Reaction to loss (assets) Type of sensors System is System is detectable Unable to implement UASs carried (EO, IR) undetectable against against ADA radar aerial reconnaissance Range and loiter time ADA radar and dismounts Range of detection Capable of detecting Ground Incapable of detecting for vehicles both mounted and Unable to detect ground surveillance mounted or Range of detection dismounted with forces radars dismounted for dismounts range What makes it Not capable of Unable to intercept and Signals Frequency range effective against U.S. intercepting encrypted detect U.S. intelligence Range of system communications messages communications systems? Range of vehicles Unable to effectively RECON Sensors outrange Weaker range than Sensors carried RECON U.S. forces from Intelligence vehicles U.S. RECON vehicles U.S. RECON vehicles (EO, IR, optics) a mounted position Native to the area Human What makes it weaker Unable to infiltrate the How many teams? Same cultural intelligence than U.S. systems? populace heritage Is it jammable? Range of mortars Does the U.S. Is the range of Unable to detect U.S. Counterbattery Range for rockets artillery out-range detection further than indirect fire point of radars and howitzers the range of U.S. artillery range? origins Range of detection detection? Reaction time is slow What makes it What makes it Unable to detect U.S. ADA radars Range effective against U.S. ineffective against aerial assets airframes? U.S. airframes? Carrying capacity Unable to conduct Range of vehicle What makes it more Sustainment What makes it weaker ambulatory evacuations Sustainment Level of medical efficient than U.S. vehicle types than U.S. systems? or to effectively resupply care systems? forward elements Amphibious Interconnectivity in the Unable to connect to Able to connect to Unable to connect to Physical network (able to reach government networks to government networks government networks local network or global) infiltrate Skills available to Able to infiltrate Unable to infiltrate Loss of capability to Logical infiltrate a network government networks government networks infiltrate networks Cyberspace Media access scrambler No use of persona Internet protocol Availability of persona Persona obfuscation Identity will be known obfuscation obfuscation Identity known Use of anonymous networks ADA air defense artillery MOPP mission-oriented protective posture APC armored personnel carrier RECON reconnaissance EO electro-optical UAS unmanned aircraft system FMV full motion video U.S. United States IR infrared WMD weapons of mass destruction Time Event Chart 5-57. After identifying HVTs, analysts place them in order of their relative value (see table 5-2 on page 5-16) to the threat’s operation and record them as part of the threat model. The value of the HVTs varies over the course of an operation. Analysts can use a time event chart (see figure 5-5) to assist in identifying HVTs over the course of an operation. A time event chart provides a method for visualizing individual or group actions chronologically. The chart can assist analysts in identifying which assets threat forces will need to conduct certain operations. Staffs should identify and annotate changes in the value of HVTs by each phase of an operation. (See ATP 2-33.4 for information on time event charts.) 5-14 ATP 2-01.3 1 March 2019 Step 3—Evaluate the Threat Figure 5-5. Time event chart example Target Value Analysis 5-58. HVTs should be prioritized by their relative value to the threat’s operation. Target value analysis assists in prioritizing HVTs. Target value analysis is a process led by the fires cell as part of targeting that quantifies the relative value of HVTs with each other in relation to a threat operation. This analysis is based in part on the conclusions reached by the intelligence staff upon evaluating threat characteristics. The IPOE products required to support target value analysis are the threat template, the HVT list, and the threat capability statement. These products assist the fires cell and the rest of the staff in— ⚫ Providing a focus for the commander’s target acquisition effort. ⚫ Identifying priorities for the engagement of enemy targets to facilitate the mission’s success. ⚫ Identifying effects criteria. Note. While target value analysis is conducted initially during IPOE, it is a separate process that is repeated throughout the operations process as part of targeting. To be effective, this analysis depends on the most current intelligence related to the threat. Initially, based on the threat template developed during step 3 of IPOE, target value analysis should be refined based on the threat COAs developed during step 4 of IPOE, and refined continually based on changes to the threat overlay during operations. Whenever conducted, the intelligence staff supports target value analysis with the most up-to-date threat-related intelligence. (See FM 3-60 and JP 3-60 for more information on target value analysis.) 23 January 2024 ATP 2-01.3, C2 5-15 Chapter 5 5-59. The CARVER matrix is a target value analysis tool used to identify and prioritize specific targets, so attack resources can be used efficiently. (See table 5-2.) CARVER stands for criticality, accessibility, recuperability, vulnerability, effect, and recognizability. Table 5-2. CARVER matrix tool Value Criticality Accessibility Recuperability Vulnerability Effect Recognizability Easily Have the Loss would Extremely difficult Favorable Easily recognized accessible; not means and 5 end the to replace, long impact on by information in the vicinity of expertise to mission replacement time civilians collection assets security attack Favorable Probably have Loss would Difficult to replace impact, no Easily recognized Easily the means and 4 reduce mission with long down adverse by information accessible expertise to performance time (

Chapter 5: Evaluate the Threat PDF

Document Details

Tags

Related

Summary

Full Transcript