Research Note: Strategic, operational, and tactical cyber intelligence

Some notes on operational level of war as it can be applied to cyber intelligence processes. As a factor in the process of conflict the inteligence gathering process is harder for some to understand in the context of cyber, and then conflict. Speaking plainer, when we look at the concepts of cyber (content, context, connectivity & emotion) to centralize on the human factor the intelligence process has to be adapted slightly. What do we know about the operational level of war and conflict? The recently released INSA white paper on the operational level of cyber intelligence takes a stab at this topic.

Jablonsky, D. (1987). Strategy and the Operational Level of War: Part IParameters27, 65-76. . Army War College Carlisle Barracks Pa.

“Simply put, the commander’s basic mission at this level is to determine the sequence of actions most likely to produce the military conditions that will achieve the strategic goals..”

The focus on operational intelligence in the cyber realm should be on tying threats to vulnerabilities with a focus on informing leadership on the possibilities. To be sure it is not the intelligence operatives role to determine technique of mitigation, or determine the mission sets allowed. It is important to tie the threat and vulnerability into an understanding of strategy.

Channeling Eccles, “Strategic guidance is the link between the highest level of war and the operational commanders. This guidance should, in theory, contain a balanced blend of ends (objectives), ways (concepts), and means (resources).”

In the realm of cyber an entire terrain of features faces the operational level of intelligence. In the INSA report they discuss explicitly the fact that cyber is not merely the network and most assuredly not just the signals intelligence (SIGINT). Jablonsky discusses other aspects of linking the strategic to the operational to inform choice of tactical. What is missing from the INSA discussion on kill chain thinking for operational level of cyber intelligence is the actor/role/entity relationships. That would give a better discussion on who does what where and how they are operational as opposed to strategic or tactical.

“Complicating the harmonization of ends, ways, and means is the fact that strategic guidance is heavily influenced by international and domestic political considerations. These considerations, in turn, determine actions or methods that can constrain commanders at the operational level.”

This kind of discussion on how complicated the various aspects of operational level conflict (and intelligence is conflict) are informs the discussion. Jablonsky was discussing the concept of coalition warfare and introducing the political manipulations of choice and he would go on to discuss them in more detail.

“Operational commanders should consistently examine the effects of such constraints and restrictions on the achievement of their goals. Where these political factors seriously threaten his success, the commander should seek either relaxation of the offending restrictions or adjustment of the goals accordingly.”

External politically motivated constraints can endanger mission sets, but they must be considered. In the intelligence field today we see such external constraints effecting the furtherance of intelligence gathering missions. Domestic versus foreign intelligence gathering and secondary and tertiary uses effect the intelligence organization capability to create a cohesive picture of attributes within each target set. Determining the aspects of threat and capability to effectuate a vulnerability

“The strategic connection challenges the operational commanders to broaden their perspective, to think beyond the limits of immediate combat.”

“In one sense, then, the operational artist is an impressionist. There is movement all about him. Strategic goals and guidance shift as do the individual pieces of the tactical mosaics. All of this is distilled over time and space to form a picture, a one-time impression of military conditions at the operational level that will achieve the strategic objectives.”

The soldier is an artist and their canvass is the terrain and their paint is the blood of adversaries. I think though I’m being slightly humorous (don’t worry if you didn’t laugh most people don’t) is that the art of war is informed by the science and discipline of conflict. There are no specific rules or methods that have scientific proof and all systems have some amount of chaos. As Lutwalk would say if the concept of war was scientific all war would attritive and all outcomes known.

Jablonsky, D. (1987). Strategy and the Operational Level of War: Part II. Army War College Carlisle Barracks Pa.

“There is, however, no hard and fast rule concerning operational command echelons.”

No there is not and I’d have been even happier if he had said that my operational level might be your tactical or strategic level. The theater, battlefield concept would put a lie to that, but in the cyber realm such concepts are not necessarily as defined. In cyber the terrain changes with the perceptions of the adversaries.

“In theory, political, economic, and other factors should be reconciled at the national level before being distilled into strategic guidance’ for the CINCs and their subordinate commanders. In practice this is not always the case, and the operational commanders may find themselves with virtually useless campaign plans if they don’t help bring about such a reconciliation.”

Theory is nice and the author is explicit in saying this reconciliation thing never happens. Now if we could get the general public and the military commanders to quit whining about the political factors.  In cyber there is also another factor that is forgotten. The infrastructure is privately owned and maintained. Operating over personal property in airplane is no issue. Operating on the land and personal property is no issue. Why should cyber be any different? Because, the owner can vaporize and make your entire intelligence operation moot without even knowing you were there. Instead of being the big dog putting down trouble in front of you, the cyber intelligence enterprise is a mouse among stampeding giants. Think like a mouse and be humble.

“There is a compelling need in a combined environment to maintain political cohesion as well as military effectiveness. In this regard, the operational commander may be faced with a situation in which political necessity more than military utility will dominate.”

Rather than talk about reconciliation of outside political factors we are now talking about building them into an operational environment. This is likely a maturation process for each actor and entity. When building in the political factors it may require a balance against the “best case” of military use. This would make sense in most conflict contexts.

“The issue of Air Land Battle is just another reminder that there is rarely anything clearcut in the relationship between the strategic and operational levels of war. Nevertheless, as has been demonstrated, that relationship must exist if there is to be a continuum of war. “

Ok, I just liked the quote because it pokes at the navy.


Luttwak, E. N. (1980). The operational level of war. International Security5(3), 61-79.

“It is a peculiarity of Anglo-Saxon military terminology that it knows of tactics (unit, branch, and mixed) and of theater strategy as well as of grand strategy but includes no adequate term for the operational level of warfare precisely the level that is most salient in the modern tradition of military thought in continental Europe.”

This is a fundamental point I look for in any paper that discusses Clausewitz, SunTzu, or any other classical strategist. When you get to ways, and means this intellectual vacuum of thinking is a key leverage point.

“The advocacy of large-unit armored warfare in depth by Fuller, Liddell Hart, etc. was aimed at expanding operations to transcend the tactical battlefield and was not simply inspiredby the need to find employment for the newly invented tank.”

Now we have military pundits belittling tactics like counter-insurgency to pump up the use of armor because they don’t understand the operational context of conflict.

“The vulnerability of relational-maneuver methods to catastrophic failure reflects their dependence on the precise application of effort against correctly identified points of weakness. This in turn requires a close understanding of the inner workings of the “system” that is to be disrupted, whether the “system” is, say, a missile, in which case the knowledge needed has an exact technical character, or an entire army, where an understanding of its command ethos and operational propensities will be necessary.”

This is another key point that is important from the stand point of cyber.  You don’t hit the strong point you go after the weak point. Walk past all the cars with alarms until you find the one with the keys in the ignition, the windows down, and a pizza on the front seat. Then look at the fact the is indicative of a systemic pattern and then determine the attack strategy. Why take one pizza delivery car when you can take them all? We have a focus and attention problem with cyber. We focus often on the tactical implementations and forget the rest of the conflict paradigm.

Leave a Reply