2 July 2018

Focus on Offensive Cyberspace Operations


The Department of Defense (DOD) has failed to embrace the cyberspace domain fully. Ground force commanders use cyberspace as a supporting establishment —a supplemental signals intelligence (SigInt) platform—rather than a domain of warfare that requires support. The use of combat mission teams (CMTs) in this manner has limited development of cyberspace doctrine, cyberspace tactics, and offensive cyberspace exploitation.

U.S. Cyber Command should restrict the employment of CMTs to offensive cyberspace operations (OCOs) in support of operations within a commander’s battlespace. Requiring combatant commanders to employ them in this way will foster the development of cyberspace operations doctrine, offensive cyberspace tactics, the integration of cyberspace operations, and the development of a technically and tactically efficient offensive cyberspace force. It also will increase the demand for a robust cyberspace capabilities registry. 

Current cyberspace operations doctrine—found in Joint Publication (JP) 1-02 and JP 3-12 (R), Cyberspace Operations —does not guide commanders with principles to employ cyberspace forces or capabilities, nor does it provide a way to integrate cyberspace operations into land, maritime, air, and space operations. The development of doctrine requires experience, lessons learned, and continual updating based on emerging concepts. The present misemployment of CMTs as SigInt teams has hindered these crucial steps. Implementing the joint operational planning process for OCO will help the development of nuances of cyberspace operations and their integration into the other domains of warfare.

Create a Knowledgeable Support Force

Conducting OCOs in support of geographical combatant command (CoCom) objectives will increase the integration of cyberspace forces across all warfare domains. To integrate offensive capabilities fully, a joint forces cyberspace component commander (JFCCC) position should be created under each CoCom. The JFCCC would be equivalent to other component commanders and would provide subject matter expertise to the combatant commander or joint force commander (JFC) regarding the employment of cyberspace operations .

The combination of a JFCCC and a focus on offensive operations will foster a robust skill set by cyberspace operators at the tactical level. During OCOs, decisions often must be made by tactical-level officers based on the cyberspace operator’s knowledge and skill set. This rapid decision-making demands cyberspace warfare officers capable of carrying out the commander’s intent. The cyber domain will require officers who have developed these skills throughout their careers and who might one day lead commands as well as function as staff planners. 

Develop Robust Offensive Capabilities

If commanders neither prepare for nor conduct OCOs, the inventory of capabilities will never develop. Cyberspace capabilities include collection, access development, and payload delivery. [1] (Collection is done through intelligence gathering and is not exclusively cyberspace specific.) Access development is a long process that requires capabilities that are able to exploit old technology, current technology, and emerging technologies, while payload construction is simpler, tailored to a specific system or device to affect its integrity. [2]

Capability development takes time—upwards of 18 months in some cases to find the correct vulnerabilityand the correct payload. This requires commanders to plan ahead and demands development of general capabilities against current and prospective adversaries. As Washington-based cybersecurity researcher Christopher Soghoian has noted, “If the president asks the U.S. military to launch a cyber operation in Iran tomorrow, [that’s] not the time to start looking for exploits.” [3]

Signals Intelligence and Authority

Cyber combat teams are built to conduct SigInt; however, their capacity is limited to support of their own targeting. They lack the capability of organizations such as the National Security Agency (NSA), which conducts its activities in support of the National Intelligence Priority Framework (NIPF). Using secondary assets such as CMTs is redundant at best. Commanders and staff need to be educated about the organic capabilities of CMTs compared to national SigInt assets. 

It has been argued that commanders find it easier to authorize kinetic actions than OCO . Historically, this has been true. Poor understanding of CMT capabilities puts a decision maker in a difficult position; he or she cannot understand second- and third-order effects of cyberspace operations if he or she barely understands first-order ones. As leaders’ knowledge of and experience with offensive operations grows, the authority to authorize them must become more widely available at lower echelons. 

Some commanders are unwilling to authorize cyber operations because many capabilities are extremely sensitive, and those commanders do not want to expose a capability for a target they do not consider important enough. This can be solved by requiring a cyberspace target-validation process similar to the one required for kinetic strikes. An important military target should be destroyed with the most appropriate tool. 

The Enemy Is Already Doing It

Present and future commanders must be instilled with the confidence and equipped with the knowledge to employ all domains of warfare. The continued use of CMTs as secondary SigInt units reinforces the notion that cyberspace operations are simply an enabler of war rather than a domain of warfare itself. If this continues, the United States will be outpaced rapidly by adversaries who are building their forces, capabilities, and understanding in the domain. U.S. Cyber Command must ensure that CMTs and OCOs are employed as tactical-, operational-, and strategic-effects options for commanders across the Defense Department.

[1] Herbert S. Lin, “Offensive Cyber Operations and the Use of Force,” Journal of National Security Law & Policy, 4, 63, 2010, 63–86.

[2] Ibid.

[3] Tom Gjelten, “First Strike: U.S. Cyber Warriors Seize the Offensive,” World Affairs , January/February 2013, 33–43.

Captain Thompson is a graduate of Mount Saint Clare College, Iowa. He has served with Marine Corps Forces Cyberspace Command as a fires planner and targeteer and is currently assigned to 2nd Battalion, 10th Marines, as member of the Fire Support Coordination Center.

For more great Proceedings content, click here .

No comments: