Aligning strategy to goals in cyber warfare

First, there is no such thing as cyber warfare. There is war in the cyber domain and cyber will likely be an adjunct in the future towards other aims of war. Much like air, land and sea conflicts are adjuncts to the larger conflict we call war between nation states there is very little likelihood that cyber itself and on it’s own will be the only component of war. Consider the following diagram. It is structured to show the different levels or characteristics of “policy” and “doing” in the modern nation-state. Those who deny the existence of cyber warfare ever occurring are making a strategic or political assessment. The idea of war utilizing the domain of cyber has already happened. It is more than the mere definitions. 

This image is based on a series of definitions from differing sources. Joint forces trained individuals will recognized the strategy, operations, and tactics formulation. While those from the United States Military Academy might notice the additions of politics at the top.

It is pretty obvious that some pundits like to redefine and artificially restrict the use of words to fit their personal bias or argument. In answering the question of cyber war to occur or not we might be better examining it using conflict as our fulcrum rather than war. The more likely aspect of this is that a strategic engagement of cyber warfare will not occur, but that cyber will be used to support an entities war fighting capability or degrade the adversaries capacity to wage war. This is no more or less than the utilization of strategic (improperly named) air assets to deny, disrupt or degrade Germany’s war making capacity. In cyber that same task might have been to attack a Department of Defense contractors computer system and steal or alter the plans for a new generation of fighter aircraft. In a time of active hostilities that might be an offensive covert operations on one nation-state towards another that does not rise to the act of war.

One element that I’m seeing in current press reports is the idea of strategic cyber warfare (ill-suited for sure) and mixing up the tactical elements (weapons, tools, techniques) for the actions of actual war. If you’re talking about a specific weapons utilization as being an act of war you’ve likely missed the point. You’ve mistaken the weapon for the effect and action. Shooting an M16 is not an act of war, but killing the ambassador of another country (or an arch duke) is likely an act of war. It really depends.

What some of this is illuminating is that cold war era strategies are likely not going to be adaptable to current world problems. Regardless of the cyber annex it is becoming apparent that the analogies and metaphors of conflict used to soften the discussion of killing people and breaking things are breaking down. More importantly and as a key take away the concept of the nation-state as a political entity is evolving. The current legal principles espoused as the Laws Of Armed Conflict (LOAC) may be rendered useless. The weaponization of the infosphere is not having the expected effects, but is having new and more interesting effects. Similarly the Clausewitzian view of the nation and politics and the adjunct of conflict to politics as nation-state will may be eroding.

11 comments for “Aligning strategy to goals in cyber warfare

  1. LongTabSigO
    October 15, 2012 at 1:22 pm

    Couple of things i think bear consideration with this:

    Offense and Defense will occur simultaneously in the cyber aspect(s) of any war/conflict. That’s because where DOD defenses and where DOD can attack are different parts of the cyberspace “domain”.

    I think that cyber operations will change the nature of “shaping” (i.e. Phase Zero), in that there will be battles for access to networks, access to information and the “truthiness” of it (yes, i’m using that word seriously).

    The non-state and corporate aspects of “cybered conflict (h/t to Chris Demchak at Naval War College) must be considered as part of any serious strategy.

  2. sam
    October 15, 2012 at 1:25 pm

    I’ve written about the phases and how they implement with cyber war in the past. Check out and about 2.3rds of the way down the phases are delineated.

    I do like the truthiness aspect. When we see message shaping and awareness activities that most assuredly applies. So does the principle of integrity of message.

  3. LongTabSigO
    October 15, 2012 at 1:33 pm

    Well you can put a BIG “X” under “M” for Phase Zero. On some many different levels the DOD is shaping via cyber…

  4. sam
    October 15, 2012 at 1:43 pm

    Is the activity “military” or “diplomacy” when shaping at phase 0? Let the holy war begin. I remember so many JPME discussions over whether military was involved at phase 0 or whether that was diplomacy via state department. There is also “operational preparation of the battlefield” but no associated reflection of that information prep of the battle space. Even the instructors at JIOPC seem to disagree over military involvement at phase 0/1. Be an interesting discussion because 1) I agree military is involved; 2) I don’t think it has been really looked at; 3) I like to argue both ways just to see which heads pop.

  5. LongTabSigO
    October 15, 2012 at 1:57 pm

    well i’ll use the trite term “Military Information Support Operations” as exhibit 1 in my case.

    Also, lets face it, the work of DISA in providing GIG is clearly a shaping operation (especially now that cyberspace is defined as a “domain”.) One cannot foist a definition of a fully “man-made” domain without it existing before hostilities begin.

    Further, the bazillion “cyber attacks” that hit the network everyday shape the info environment on a daily basis well ahead of any decisions to “go to war” or having “war” made on us.

  6. sam
    October 15, 2012 at 2:06 pm

    I can see what you’re saying (I agreed remember?), but I also know that if you say you are using MISO without hostilities or the operational need of DoD being obvious you’ll get a lot of blow back. That is why you see IO being punted around like a Pinata at a seven year olds birthday. Nobody wants to admit to messaging fidelity as a mechanism of moving the center of gravity. Since phase 0 is by definition before hostilities should we be using the military against adversaries?

    The DISN (aka GIG) is more than a shaping environment. Though DISA runs it the reality is that it is a form of soft power, when you think about who gets access and for what reason. There might be something there similar to how we bring FORN officers and enlisted into our schoolhouses and that is considered soft power. I’ll have to think about that a bit.

  7. LongTabSigO
    October 15, 2012 at 5:16 pm

    It is not “DISN, aka GIG)” It’s the GIG, of which the DISN is a/the major part. GIG much larger.

    Remember also, please, that Phase Zero IS a military phase, not a diplomatic one, so there are specific military tasks associated with it. In fact, a lot of that “soft power” you describe above, if properly exercised early enough, precludes elevation of phases beyond Phase 1.

  8. sam
    October 15, 2012 at 5:54 pm

    And DISA doesn’t manage the GIG (radio is done by an entire other group), and the GIG is largely a made up construct because a bunch of space cadets couldn’t figure out how to get space assets into network centric warfare in the 1990s but who is quibbling.

    I’ve always thought of phase 0 as internally focused rather than externally focused military operations. Kind of like logistics or training. I think if you start focusing those phase 0 activities externally and toward the public you’ll see an uproar like we did in the early 2000s and early 1990s with IO in general.

  9. LongTabSigO
    October 15, 2012 at 8:03 pm

    Sam: sorry..that GIG/DISA part above is like REALLY wrong. You’re going to have to show your work to prove that assertion. As a Signal officer, i am pretty damn sure that DISA is a significant part of “the GIG”. Further i’m pretty sure DISA is a key aspect of what is termed “DOD GIG Ops” (DGO), one of the CYBERCOM lines of operation, where DISA does a significant percentage of its “Cyber” work.

    You’ll have to help me understand what “internally focused” shaping operations are.

    You may be confusing ‘troop leading procedures’ with the Joint Planning phases.

    Phase Zero is the coin of the realm for SOF (in land and to some extent air/sea domains). FID, Civil Affairs, some IO/PSYOP, and early UW efforts all contribute to setting conditions that prevent things from getting out of control or enable the US to exercise any number of options short of full hostilities.

    From a cyber perspective, there are shaping ops tasks through out all three of the “Cyber lines of operation” (i.e. OCO, DCO, DGO).

    For clarity i lifted this paragraph in total from page V-8 of JP 5-0:
    (1) Shape. Shape phase missions, task, and actions are those that are designed
    to dissuade or deter adversaries and assure friends, as well as set conditions for the
    contingency plan and are generally conducted through security cooperation activities.
    Joint and multinational operations and various interagency activities occur routinely
    during the shape phase. Shape activities are executed continuously with the intent to
    enhance international legitimacy and gain multinational cooperation by shaping
    perceptions and influencing adversaries’ and allies’ behavior; developing allied and
    friendly military capabilities for self-defense and multinational operations; improving
    information exchange and intelligence sharing; providing US forces with peacetime and
    contingency access; and mitigating conditions that could lead to a crisis.

    All of your exercises, reciprocal exchanges, security assistance, etc fall under Phase Zero. From a cyber perspective, ensuring redundant links, allied connectivity, interoperable decision networks, etc are example of Phase Zero tasks.

  10. sam
    October 15, 2012 at 9:10 pm

    Your friends over in the electronic warfare community quoting JP3-13 are going to disagree with your assertions. The GIG is much larger than the DISN as it includes all of the electromagnetic spectrum. Though you’re quibble is kind of off topic. DISA has a big part in managing the DISN. The DISN is part of the GIG. The implementing laws for DISA are very specific on what they can and can not do. Even the FCC has a hand in managing the GIG. What you appear to be doing is what many signals officers do and conflating cyber to network and ignoring the broader aspects. The GIG is much more than the network and much more than even the transmission medium. The GIG 2.0 (pending by J6) will have it even broader in scope. And, all of that may be wrapped up in the Defense Information Enterprise (or whatever they decide to call it).

    I’m not really ignoring the aspects you are saying about FID, civil affairs and such. And, yes SOF is involved in those. But, what you are describing are military operations that are identified as military operations with other nations military entities. The issue arises when you have the domestic military shaping foreign civilian populations views. Though incorrectly applied this is where Smith-Mundt enters the conversation and people are concerned when it is application to civilian populations. There is nothing against Smith-Mundt but people will attempt to apply it in error. Assertions to the contrary do not dissuade the argument. This is the criticism levied against the southern command medical missions. They erroneously get linked with the word psyop and no changing the acronym to MISO is going to erase that kind of taint. Luckily for the military most of the guys doing that kind of linkage are ignored.

    What you’re missing is two fold. What is done by the military is not necessarily right. Adherence to a flawed doctrine is still a failure. Second, restriction of the vocabulary to support a position leads to flawed results. The redefining of concepts to close the discussion doesn’t serve you well.

    Now you keep trying to position me in an argument I’m simply not willing to have. I suggest you check out the myths at the beginning of this book and then come back and talk to me. Network Centric Warfare isn’t about the network, it isn’t just for peer competitors, this network warfare stuff isn’t going to change the nature of warfare. Dang, the Admiral nailed every point I’ve been trying to make for a decade, about 15 years ago. It’s like I read the book or something. And, before you say “Yeah but that book is old and dusty and none of that applies” check put page 133. Looks like DARPA PlanX ripped that entire chapter off for their battlefield awareness section.

    If you want to see why the whole “Man made domain” construct is wrong check out this and then check out page 11. The information and cognitive domain laid out in black and white for DoD. The point of this is to show that DoD has had many of the answers for over a decade. From their own paid consultants. Current doctrine is nothing more than what seeped through. Their is a rich set of first principles out there that the land of “2 years of experience 10 times” has forgotten.

  11. LongTabSigO
    October 15, 2012 at 10:27 pm

    If you’re going to cite doctrine, cite the current stuff; that would be JP 6-0 and 6-01.

    Re-read what i typed. You’ll understand what you got wrong in rebuttal. You are confusing DISN and DISA. I am well aware of what’s what.

    And while we’re at it…my background, if you cared to look it up, if far broader than “Just” a signal officer. And since we’ve actually spoken at length, I’ve reinforced to you my far broader background. So do not condescend to me when i am answering you not only “on point” but with depth.

    I cite doctrine only as a point of departure because (as a former doctrine writer) i know the necessity of, and the inherent limitations of, the document. So if you want to throw academic studies at me in response, that’s wonderful. But seeing how the two you cited are presented, i can see why Commanders/Staffs might look at it and say, “neat, but this isn’t going to help me solve the problems I have”.

Leave a Reply