Skip to main content

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities (2009) / Chapter Skim
Currently Skimming:

3 A Military Perspective on Cyberattack
Pages 161-187

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 161...
... military doctrine regarding cyberattack identifies computer network attack (an aspect of what this report calls cyberattack) as an element of computer network operations (CNO)
Read the entire page →
From page 162...
... freedom of action in cyberspace, and argued that "fundamental to this approach is the integration of cyberspace capabilities across the full range of military operations." He then observed that "to date, our time and resources have focused more on network defenses to include firewalls, antivirus protection, and vulnerability scanning.
Read the entire page →
From page 163...
... In other words, during overt or open military conflict, it is highly likely that information operations -- including cyberattacks if militarily appropriate -- will not be the only kind of military operations being executed. Examples of coordination issues are described in Box 3.1.
Read the entire page →
From page 164...
... . all military operations are subject to certain limitations mandated by the law of armed conflict regarding differentiation of targets, military necessity, limiting collateral damage, and so on.
Read the entire page →
From page 165...
... and is "responsible for deliberate planning of network warfare, which includes coordinated planning of offensive network attack." JFCC-NW was established in January 2005. Network warfare as used in the context of JFCC-NW means "the employment of Computer Network Operations (CNO) with the intent of denying adversaries the effective use of their computers, information systems, and networks, while ensuring the effective use of our own computers, information systems, and networks." These operations include computer network attack (CNA)
Read the entire page →
From page 166...
... Second, information operations, including computer network attack, may be used both in support of specific military operations and during periods of "heightened tensions," that is, early use before overt conflict occurs. 10 Clay Wilson, "Information Operations and Cyberwar," 2006.
Read the entire page →
From page 167...
... The CSS is composed of the Service Cryptologic Elements of the four uniformed services that are responsible for conducting their Title 50 SIGINT mission, and provides the military Services a unified cryptologic organization within the DOD that assures proper control of the planning, programming, budgeting, and expenditure of resources for cryptologic activities. Service cryptologic elements also perform other missions in direct support of their respective Services related to information operations (including computer network operations)
Read the entire page →
From page 168...
... and feedback on the effectiveness of the overall operational plan. In addition, a number of other capabilities support information operations in the DOD context, such as information assurance (IA)
Read the entire page →
From page 169...
... On this specific topic, Rear Admiral Betsy Hight of the Joint Task Force on Global Network Operations testified to the committee that the commander of the U.S. Strategic Command has operational authority to conduct cyber operations that are defensive in purpose against systems outside the DOD networks.
Read the entire page →
From page 170...
... According to Admiral Hight's testimony to the committee, the rules of engagement for CND response actions also specify that they are not authorized unless the hostile action has an impact on the ability of a combatant commander to carry out a mission or an ongoing military operation, and in particular that hostile actions that result only in inconvenience or that appear directed at intelligence gathering do not rise to this threshold. An example of a legitimate target for a CND response action would be a botnet controller that is directing an attack on DOD assets in cyberspace.
Read the entire page →
From page 171...
... • In February 2007, Mexico's largest cell phone company experienced a "crash" that left 40 million cell phone users without service for most of a day. • In May 1999, the United States targeted the Belgrade electric power system as part of the Kosovo conflict, using carbon fibers to short generators.
Read the entire page →
From page 172...
... Moreover, these incidents were, by themselves, of little strategic significance, though if they had been timed to coincide with some kinetic military operation, they might well have had a significant impact. At the same time, these observations do not account for possible impact on the psychological state of mind of relevant decision makers.
Read the entire page →
From page 173...
... Computer Emergency Response Team, dismissed claims that a Russian government link could be proven.12 The botnets were composed of compromised computers from the United States, Europe, Canada, Brazil, Vietnam, and other countries around the world. There was evidence of Russian nationalists promoting the attacks through blog posts with scripts and instructions for conducting DDOS attacks on Estonian websites.13 One script used in the attacks which sent ping floods to Estonian websites was shared extensively on Russian language boards.14 Some attackers in the earliest attacks were identified by their IP addresses as coming from Russia, including some from Russian state institutions.15 An Estonian news site stated that a member of Nashi, a Russian youth group tied to Russian President Putin, claimed that the group was behind the attacks, but there was no corroboration of this claim.16 Continued
Read the entire page →
From page 174...
... heise-security.co.uk/news/90461. This article quotes Jose Nazario from Arbor Networks.
Read the entire page →
From page 175...
... attacks.20 From a legal and policy standpoint, the attack raised questions about whether such an attack constituted an armed attack in the sense intended by the UN Charter and whether cyberattacks against a member nation ought to be included in the provisions of Article V of the North 20 MacAfee Corporation, "Cybercrime: The Next Wave," McAfee Virtual Criminology Report, 2007, p.
Read the entire page →
From page 176...
... For example, in 1998 the DOD publication JP3-13, Joint Doctrine for Information Operations, made reference to offensive and defensive information operations, as well as to "information warfare." The 2006 revision of JP3-13, Information Operations, discontinued the terms "offensive IO" and "defensive IO" but retained the recognition that information operations can be applied to achieve both offensive and defensive objectives, and it eliminated the term "information warfare" from joint IO doctrine. Furthermore, it defined five core capabilities for information operations (electronic warfare, computer network operations, psychological operations, operations security, and military deception)
Read the entire page →
From page 177...
... 23Air Force Doctrine Document 2-5 (issued by the Secretary of the Air Force, January 11, 2005) explicitly notes that "psychological operations can be performed using network attack [defined as employment of network-based capabilities to destroy, disrupt, corrupt, or usurp information resident in or transiting through networks]
Read the entire page →
From page 178...
... explicitly notes that "network attack may support deception operations against an adversary by deleting or distorting information stored on, processed by, or transmitted by network devices." Available at http://www.herbb.hanscom.af.mil/tbbs/R1528/AF_ Doctrine_Doc_2_5_Jan_11_2005.pdf.
Read the entire page →
From page 179...
... 26 3.5.2  Cyberattack in Support of Traditional Military Operations Cyberattacks could also be used in connection with a variety of traditional military operations. Five illustrative examples are provided below: • Disruption of adversary command, control, and communications.
Read the entire page →
From page 180...
... Illustrative cyberattacks against terrorist groups or international organized crime are described in Chapter 4, on the intelligence community; illustrative cyberattacks to support cyberexploitation on domestic criminals are described in Chapter 5, on domestic law enforcement. However, an important point to note is that irrespective of whether the intelligence community or domestic law enforcement agencies find it useful and appropriate to conduct cyberattacks against some adversary, it may well be that the U.S.
Read the entire page →
From page 181...
... It must be emphasized that the scenarios described above are not endorsed by the committee as being desirable applications -- only that 27According to press reports, a cyberattack on Georgian government websites was launched (perhaps by the Russian government, perhaps by private parties sympathetic to the Russian attack) to coincide with the August 2008 Russian attack on South Ossetia, which had the effect of limiting the Georgian government's ability to spread its message online and to connect with sympathizers around the world during the fighting with Russia.
Read the entire page →
From page 182...
... 3.6  Operational Planning Operational planning processes for cyberattack are not known publicly. But given the similarities of Air Force doctrine for air operations and the cyber missions laid out in Section 3.1, it is not unreasonable to suggest one notional planning process for cyberattack that is roughly parallel to the process for planning offensive air operations -- specifically the development of the air tasking order (ATO)
Read the entire page →
From page 183...
... Combat assessment includes battle damage assessment and recommendations for reattack, and it provides the inputs for the next iteration of the cyberattack tasking order. Another notional process for operational planning of cyberattack might be similar to that used to develop the Single Integrated Operating Plan (SIOP)
Read the entire page →
From page 184...
... To the extent that cyber targets might change their defensive postures in ways unknown to a cyberattacker, they are more analogous to targeting mobile assets in the nuclear response plan -- and targeting of mobile assets is known to be an extraordinarily challenging task. The operational implication of a cyberSIOP is that a static planning process is unlikely to be effective, and both intelligence gathering and attack planning on possible targets in the various attack options would have to be done on a frequent if not continuous basis.
Read the entire page →
From page 185...
... Today, traditional military exercises may include a cyber component, but often the cyber component is not prominent in the exercise and only a relatively small fraction of the exercise involves cyber activities. The investment in training and exercises for cyberattack and cyberconflict is far below that which is allocated to training for combat in traditional domains.
Read the entire page →
From page 186...
... , network defense (network-based capabilities to defend friendly information resident in or transiting through networks against adversary efforts to destroy, disrupt, corrupt, or usurp it) , and network warfare support (actions tasked by or under direct control of an operational commander to search for, intercept, identify, and locate or localize sources of access and vulnerability for the purpose of immediate threat recognition, targeting, planning, and conduct of future operations such as network attack)
Read the entire page →
From page 187...
... Air Force calls for proposals to develop the following technologies for network attack, network defense, and network warfare support.1 Some of the technologies sought include: • Mapping of networks (both data and voice) ; • Access to networks; • Denial of service on current and future operating systems and network devices; • Data manipulation; • Technologies/concepts for developing capabilities for IO modeling and simulation; • Situational awareness that gives the operator near real-time effectiveness feedback in a form that is readily observed by the operator; • Technologies/concepts for developing capabilities to assess and visualize non-kinetic effects; • Technologies/capabilities/concepts for generating and distributing dynam ic electronic target folders to include non-kinetic courses of action (COAs)
Read the entire page →

Key Terms

  • information operations
  • network attack
  • network operations
  • network warfare
  • military operations

  • cnd response
  • network defense
  • strategic command
  • cyber operations
  • operational planning

  • security agency
  • traditional military
  • russian government
  • response actions
  • friendly forces

  • broad agency
  • arbor networks
  • military forces
  • network exploitation
  • including computer

  • computer networks
  • attack options
  • nuclear response
  • hostile action
  • armed conflict

  • standing rules
  • agency announcement
  • tasking order
  • offensive network
  • air defense


    • This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
    More information on Chapter Skim is available.