TRADOC Pam 525-X-X TRADOC Pamphlet 525-7-8 ar The United States Army’s This page intentionally left blank Cyberspace Operations Concept Capability Plan 2016-2028 22 February 2010 TRADOC PAM 525-7-8 Foreword From the Director U S Army Capabilities Integration Center The U S Army Training and Doctrine Command’s assessment of the future operational environment highlights the importance of all aspects of information on the future battlefield Army forces operate in and among human populations facing hybrid threats that are innovative networked and technologically-savvy These threats capitalize on emerging technologies to establish and maintain a cultural and social advantage leveraging these new capabilities for command and control recruiting coordinating logistics raising funds and propagandizing their message To operate effectively in this emerging environment the Army must realign its information Aim Point Army leaders and Soldiers must possess an in-depth understanding of how to leverage information-based capabilities to gain and maintain situational awareness Understanding how to fight for and leverage the power of information while denying the adversary’s ability to do the same will be increasingly critical to success on the future battlefield The assessment indicates that the Army’s current vocabulary including terms such as computer network operations CNO electronic warfare EW and information operations IO will become increasingly inadequate To address these challenges there are three interrelated dimensions of full spectrum operations FSO each with its own set of causal logic and requiring focused development of solutions • • • The first dimension is the psychological contest of wills against implacable foes warring factions criminal groups and potential adversaries The second dimension is strategic engagement which involves keeping friends at home gaining allies abroad and generating support or empathy for the mission The third dimension is the cyber-electromagnetic contest which involves gaining maintaining and exploiting a technological advantage The first and second dimensions focus on how commanders and staffs orchestrate and leverage information power to achieve their missions The third dimension focuses on gaining and maintaining an advantage in the converging mediums of cyberspace and the electromagnetic spectrum EMS The Army’s construct of gaining advantage protecting that advantage and placing adversaries at a disadvantage is well nested within these dimensions and contributes to the outcomes that must be achieved by unified action at the tactical operational and strategic levels Current operations reinforce our conviction that concepts and capabilities are needed for each of these dimensions IO encompasses all three of these dimensions but is increasingly an overburdened term which refers to any use of information CNO and EW by themselves are insufficient to describe the full scope of the cyber-electromagnetic contest To this end we are undertaking a comprehensive campaign to describe fully each dimension The first two dimensions the contest of wills and strategic engagement will be addressed in a forthcoming separate concept capability plan and followed by a capability based assessment i TRADOC Pam 525-7-8 This pamphlet relates EW CNO and cyber in this third dimension–the cyberelectromagnetic contest TRADOC Pam 525-7-8 is the first step in developing a common understanding of how technological advancements transform the operational environment how leaders must think about cyberspace operations how they should integrate their overall operations and which capabilities are needed It provides the means to identify outcomes-based integration-focused and resource-informed solutions which enable the U S Army to prevail in the cyber-electromagnetic contest ii TRADOC PAM 525-7-8 Executive Summary Framing the problem The operational environment OE has changed dramatically The technologic convergence of computer and telecommunication networks astonishing rates of technologic advancements global proliferation of information and communications technology ICT and its consequent effect in social networks and in society impact the OE The diverse and wide arrays of agents who use or exploit this technological revolution pose a grave threat to U S critical infrastructure and operational missions These agents range from traditional nation-states to noncombatants transnational corporations criminal organizations terrorists hacker unions mischievous hackers and the unwitting individual who intends no malice Collectively they combine to create a condition of perpetual turbulence without traditional end states or resolution Unless otherwise noted in this document the terms adversary and adversaries are used in this broad context Framing the solution Training and Doctrine Command TRADOC Pamphlet Pam 525-7-8 The U S Army Concept Capability Plan for Cyberspace Operation CyberOps 2016-2028 takes a comprehensive look at how the Army’s future force in 2016-2028 will leverage cyberspace and CyberOps This pamphlet includes a conceptual framework for integrating CyberOps into FSO thereby providing the basis for follow-on doctrine development efforts This conceptual framework outlines how commanders integrate CyberOps to gain advantage protect that advantage and place adversaries at a disadvantage This pamphlet also establishes a common lexicon for Army CyberOps and describes the relationship between cyberspace the other four domains air land maritime and space and the EMS Lastly it explains how converging technologies will increasingly affect FSO and influence capability development thereby enabling the Army to influence the design development acquisition and employment of fully integrated cyber capabilities Solution context the three dimensions of FSO a The Commanding General CG U S Army TRADOC directed the Combined Arms Center CAC to lead a working group to establish the conceptual framework for the organization for the cyberspace cyber EW and IO mission areas and TRADOC’s associated force modernization proponency structure On 16 October 2009 the CG TRADOC provided recommendations to the Army Vice Chief of Staff Included among his recommendations were the following 1 The CAC determined that current vocabulary cyber-EW-IO is adequate today but will become increasingly inadequate to describe the challenges the Army faces in the operational environment 2 The CAC concluded that there are three dimensions to be addressed that these dimensions exist across the FSO and that these dimensions each require force design and doctrinal solutions iii TRADOC Pam 525-7-8 3 Therefore although the Army currently describes the functions related to network and spectrum operations as cyber-EW-IO the CAC believe that the Army should adapt and describe them in the future as follows • • • First dimension - The first dimension is the psychological contest of wills against implacable foes warring factions criminal groups and potential adversaries Second dimension - The second dimension is strategic engagement and involves keeping friends at home gaining allies abroad and generating support or empathy for the mission in the area of operations Third dimension - The third dimension is the cyber-electromagnetic contest 1 Trends in wired wireless and optical technologies are setting conditions for the convergence of computer and telecommunication networks b TRADOC Pam 525-7-8 is fundamentally about prevailing in this third dimension the cyber-electromagnetic contest and provides recognition that CyberOps enables the first two dimensions Central idea a Prevailing in the cyber-electromagnetic contest means making progress at the same time along three lines of effort gaining advantage protecting that advantage and placing adversaries at a disadvantage b Commanders seek to retain freedom of action in cyberspace and in the EMS while denying the same to adversaries at the time and place of their choosing thereby enabling operational activities in and through cyberspace and consequently the other four domains CyberOps encompass those actions to gain the advantage protect that advantage and place adversaries at a disadvantage in the cyber-electromagnetic contest CyberOps are not an end to themselves but rather an integral part of FSO and include activities prevalent in peacetime military engagement which focus on winning the cyber-electromagnetic contest CyberOps are continuous engagements occur daily most often without the commitment of additional forces Solution framework Current doctrinal terms do not adequately address the broad range of tasks associated within Department of Defense DOD definitions of cyberspace and CyberOps Consequently the framework developed for TRADOC Pam 525-7-8 establishes four components for CyberOps cyber warfare CyberWar cyber network operations CyNetOps cyber support CyberSpt and cyber situational awareness CyberSA 1 The use of the term cyber-electromagnetic is not meant to equate the terms cyberspace and electromagnetic spectrum but rather to highlight there is significant overlap between the two and future technological development is likely to increase this convergence iv Department of the Army Headquarters United States Army Training and Doctrine Command Fort Monroe Virginia 23651-1047 TRADOC Pamphlet 525-7-8 22 February 2010 Military Operations CYBERSPACE OPERATIONS CONCEPT CAPABILITY PLAN 2016-2028 FOR THE COMMANDER OFFICIAL DAVID P VALCOURT Lieutenant General U S Army Deputy Commanding General Chief of Staff History This publication is a new U S Army Training and Doctrine Command TRADOC concept capability plan developed as part of the Army Concept Framework for the future force and as part of the capabilities-based assessment CBA process Summary TRADOC Pam 525-7-8 takes a comprehensive look at how the Army’s future force in 2016-2028 will leverage cyberspace and CyberOps This pamphlet includes a conceptual framework for integrating CyberOps into full spectrum operations FSO thereby providing the basis for follow-on doctrine development efforts This conceptual framework outlines how commanders integrate CyberOps to gain advantage protect that advantage and place adversaries at a disadvantage This pamphlet establishes a common lexicon for Army CyberOps and describes the relationship between cyberspace the other four domains air land maritime and space and the electromagnetic spectrum EMS TRADOC Pam 525-7-8 explains how converging technologies will increasingly affect FSO and influence capability development thereby enabling the Army to influence the design development acquisition and employment of fully integrated cyber capabilities Applicability TRADOC Pam 525-7-8 is the foundation for future force development and the base for subsequent developments of supporting concepts concept capability plans and the Joint Capabilities Integration and Development System JCIDS process It supports experimentation described in the Army Capabilities Integration Center ARCIC Campaign Plan and functions as the basis for developing solutions related to the future force within the doctrine organizations TRADOC Pam 525-7-8 training materiel leadership and education personnel and facilities DOTMLPF domains This pamphlet applies to all TRADOC Department of Army DA and Army Reserve component activities that develop DOTMLPF requirements Proponent and supplementation authority The proponent of this pamphlet is the TRADOC Headquarters Director ARCIC The proponent has the authority to approve exceptions or waivers to this pamphlet that are consistent with controlling law and regulations Do not supplement this pamphlet without prior approval from Director TRADOC ARCIC ATFC-ED 33 Ingalls Road Fort Monroe VA 23651-1061 Suggested Improvements Users are invited to submit comments and suggested improvements via The Army Suggestion Program online at https armysuggestions army mil Army Knowledge Online account required or via DA Form 2028 to Director TRADOC ARCIC ATFC-ED 33 Ingalls Road Fort Monroe VA 23651-1061 Suggested improvements may also be submitted using DA Form 1045 Availability This regulation is available http www tradoc army mil tpubs regndx htm on the TRADOC homepage at ______________________________________________________________________________ 2 TRADOC Pam 525-7-8 Contents Page Foreword i Executive Summary iii 1-1 Relevance 5 1-2 Purpose 5 1-3 Scope 5 1-4 Method 6 1-5 Key definitions 6 1-6 Relation to joint and Army concepts 6 1-7 References 8 1-8 Explanation of abbreviations and terms 8 Chapter 2 Framing the Environment 8 2-1 Cyberspace the domain 8 2-2 Cyberspace and the OE 9 2-3 The cyber threat 13 2-4 Summary 13 Chapter 3 Framing the Problem 14 3-1 What has changed in the operational environment as pertains to cyberspace 14 3-2 What has changed in operational requirements as pertains to cyberspace 14 3-3 What is working what is not working 14 3-4 The problem 15 Chapter 4 Framing the Solution 15 4-1 The context The three dimensions of FSO 15 4-2 Central idea 16 4-3 The framework 17 4-4 Risks 25 4-5 Summary 26 Appendix A References 27 Appendix B Interdependent Nature of CyberOps 30 B-1 Introduction 30 B-2 Operational overview 1 OV-1 30 Appendix C Operational Vignettes 34 C-1 Vignette context 34 C-2 Prephase 0 operations 34 C-3 Vignette 1 phase 0 through phase 1 shape and deter 35 C-4 Vignette 2 Phases 1 and 2 force deployment 39 C-5 Vignette 3 Phases 2-4 major combat operations MCO 43 C-6 Summary 46 Appendix D Required Capabilities 46 D-1 Introduction 46 D-2 DOTMLPF required capabilities 47 Appendix E Required Capabilities Supplemental Classified 57 Appendix F DOTMLPF Integrated Question List 57 F-1 Introduction 57 F-2 Implications 58 3 TRADOC Pam 525-7-8 F-3 F-4 F-5 F-6 F-7 F-8 F-9 Doctrine 59 Organization 60 Training 60 Materiel 61 Leadership and education 62 Personnel 62 Facilities 63 Table List Table D-1 Required CyNetOps capabilities 47 Table D-2 Required CyNetOps capabilities by echelon 51 Table D-3 Required CyberWar capabilities 52 Table D-4 Required CyberWar capabilities by echelon 53 Table D-5 Required CyberSpt capabilities 54 Table D-6 Required CyberSpt capabilities by echelon 55 Table D-7 Required CyberSA capabilities 55 Table D-8 Required CyberSA capabilities by echelon 57 Figure List Figure 2-1 The three layers of cyberspace 8 Figure 2-2 Cyberspace connectivity 11 Figure 2-3 Infrastructure relationships in cyberspace 12 Figure 4-1 The four components of CyberOps 18 Figure 4-2 CyNetOps 19 Figure 4-3 CyNetOps 20 Figure 4-4 CyberWar 21 Figure 4-5 Cyber support 22 Figure 4-6 Enabling CyberOps capabilities and enabling ways 24 Figure B-1 Operational overview 1 31 Figure C-1 The joint operations six phase model 34 Figure C-2 Vignette 1 phases 0 1 – shape and deter 35 Figure C-4 Vignette 3 phases 2 3 and 4 – seize initiative dominate and stabilize 43 4 TRADOC Pam 525-7-8 Chapter 1 Introduction 1-1 Relevance a The operational environment OE has changed dramatically Unprecedented levels of adverse activity in and through cyberspace threaten the integrity of United States U S critical infrastructure financial systems and elements of national power These threats range from unwitting hackers to nation-states each at various levels of competence Collectively the threats create a condition of perpetual turbulence without traditional end states or resolution Unless otherwise noted in this document the terms adversary and adversaries are used in this broad context b The ever-increasing rate of technologic advances and its wide proliferation make it increasingly difficult to achieve success across the military FSO The convergence of wired wireless and optical technologies has led to the merging of computer and telecommunication networks handheld computing devices continue to grow in number and capability Next generation systems are beginning to emerge forming a global hybrid and adaptive network that combines wired wireless optical satellite communications supervisory control and data acquisition SCADA and other systems Soon networks will provide ubiquitous access to users and enable them to collaborate when needed in near real time c The Nation’s adversaries’ ability to stay apace with the accelerating rate of technologic change complicates the OE A significant advantage will go to the side that gains protects and exploits advantage in the contested and congested cyberspace and EMS Conversely the side that fails in this contest or that cannot operate effectively when their systems are degraded or disrupted cedes a significant advantage to the adversary d Gaining protecting and exploiting the advantage will not be easy U S adversaries use the commercial marketplace as their combat developer which makes them much more nimble and adaptive than the Army’s lengthy research development test evaluation and acquisition processes Adversaries increasingly capitalize on cyberspace and electromagnetic capabilities and activities while to date those capabilities and activities too often have been peripheral to our Army’s normal operations To seize and maintain the operational and tactical advantage against such adaptive adversaries Army forces must make cyberspace and the EMS central and routine components of its operations and commanders will need among other things the associated capabilities and the corresponding subject matter expertise to apply them 1-2 Purpose The purpose of TRADOC Pam 525-7-8 is to examine how the Army’s future force in 2016-2028 will integrate cyberspace capabilities and CyberOps as part of FSO 1-3 Scope TRADOC Pam 525-7-8 provides an initial examination of how CyberOps are integrated with the commander's other capabilities to gain advantage to protect that advantage and to place adversaries at a disadvantage in FSO The examination will be refined through the CBA and 5 TRADOC Pam 525-7-8 doctrine development process This pamphlet describes how commanders seek to retain freedom of action in cyberspace and in the EMS while denying the same to their adversaries at the time and place of the Army’s choosing thereby enabling other operational activities in and through cyberspace as well as in the other four domains This pamphlet establishes a common lexicon and framework for CyberOps and describes the relationship between cyberspace the air land maritime and space domains and the EMS It also explains how converging technologies will increasingly affect FSO and influence capability development identifies CyberOps and enabling capabilities needed to support future force modernization initiatives and presents cyberspace and EMS study issues suitable for experimentation 1-4 Method This pamphlet leverages the TRADOC-approved design process Chapter 2 describes the existing and desired conditions of the operational environment as they pertain to cyberspace Chapter 3 compares the existing conditions in the operational environment to the desired end state thereby establishing the hypothesis for framing the solution Chapter 4 establishes the framework central and supporting ideas and lexicon Appendix A contains the required and related references Appendix B introduces the evolving cyber operational structure Appendix C describes how CyberOps are integrated as part of the overall operation to achieve the commander's intent and objectives and not an end to themselves Appendices D unclassified and E classified discuss required capabilities Appendix F provides the operative questions across DOTMLPF to help with the initial steps of the ensuing CBA 1-5 Key definitions a Cyberspace is defined as A global domain within the information environment consisting of the interdependent network of information technology infrastructures including the Internet telecommunications networks computer systems and embedded processors and controllers 2 b CyberOps are The employment of cyber capabilities where the primary purpose is to achieve objectives in or through cyberspace Such operations include computer network operations and activities to operate and defend the global information grid GIG 3 c EMS is the range of frequencies of electromagnetic radiation from zero to infinity It is divided into 26 alphabetically designated bands 1-6 Relation to joint and Army concepts a TRADOC Pam 525-7-8 is compatible with joint and Army concepts including the Capstone Concept for Joint Operations and the Army capstone concept The capabilities described in this pamphlet are nested with the joint capability areas JCA and warfighting 2 Deputy Secretary of Defense Memorandum dated 12 May 2008 defined cyberspace This pamphlet is anchored in the approved DOD definition of cyberspace but there are still multiple perspectives as to the characterization of cyberspace as a domain 3 Deputy Secretary of Defense Memorandum dated 15 October 2008 defined CyberOps The memo also states that operations which may cause effects in cyberspace such as EW psychological operations but do not employ cyber capabilities should not be considered CyberOps and it recommends the common usage of the modifier cyber to mean cyberspace such as cyber attack cyber defense and CyberOps A Chief Joint Chief of Staff memo dated 18 August 2009 updated the DOD definition for cyberspace operations 6 TRADOC Pam 525-7-8 functions The DOD uses JCAs to describe how capabilities support the joint functions JCAs form the basis of the DOD’s capabilities based processes and CyberOps capabilities are nested under the Tier 1 JCAs of force application protection battlespace awareness and net-centric operations In the same way CyberOps capabilities enable and are an integral part of the Army's warfighting functions and elements of combat power b TRADOC Pam 525-3-0 TRADOC Pam 525-3-0 recognizes that war is a contest of wills and in order to prevail the Army must exert a psychological and technical influence as one of the concept's six supporting ideas The capstone concept states that Army forces are increasingly dependent on electromagnetic computer network and space-based capabilities that are converging therefore exerting technical influence will require forces that are prepared to fight and win on an emerging cyber-electromagnetic battleground Because technology that effects how information moves changes so rapidly the Army must evaluate continuously what competencies and capabilities are required to gain protect and exploit advantages in highly contested cyberspace and EMS This pamphlet supports the capstone concept by identifying required capabilities necessary for successful FSO c TRADOC Pam 525-3-1 and TRADOC Pam 525-3-2 These pamphlets support the Army’s operating concepts by identifying the required capabilities for battle command intelligence fires and protection required to execute effective operational and tactical maneuver in the future operational environment Cyber capabilities and leveraging cyberspace are critical for the Army’s future force to be able to command and control on the move while reducing operational risk TRADOC Pam 525-7-8 reinforces the Army functional concepts that support operational and tactical maneuver d TRADOC Pam 525-7-6 With the convergence of wired wireless and optical technologies the future force commander will use EW and CyberOps capabilities in combination The increased usage of wired and optical technologies will require that these forces have unimpeded access to the EMS and at the same time be able to deny the adversary use of the same TRADOC Pam 525-7-6 explores current and required future EW capabilities necessary to maintain the requisite access to the EMS e TRADOC Pam 525-7-16 EMSO capabilities policies and coordination are critical for CyberOps activities because of the increased use of wireless technologies EMSO aims to ensure that electronic systems relying on wireless connectivity are able to perform their functions when and where necessary without causing or suffering interference f TRADOC Pam 525-7-4 Space capabilities enable and may be enabled by the conduct of CyberOps Space capabilities are employed in the extension of and as another transport mode for the Army's portion of the GIG LandWarNet particularly in support of deployed forces TRADOC Pamphlet 525-7-4 describes the relationship between the space and cyberspace domains g TRADOC Pamphlet 525-5-600 This pamphlet builds on the LandWarNet Concept of Operations’ CONOPS’ description of how the Army interfaces with the joint force GIG and 7 TRADOC Pam 525-7-8 conducts network operations NetOps fundamental element of CyberOps This CONOPS details how cyber NetOps is a 1-7 References Required and related publications are listed in appendix A 1-8 Explanation of abbreviations and terms Abbreviations and special terms used in this pamphlet are explained in the glossary Chapter 2 Framing the Environment 2-1 Cyberspace the domain a This chapter describes the existing and desired cyberspace conditions of the operational environment in order to enable the framing of the problem in the subsequent chapter Two authoritative sources serve as the base documents for this chapter The Joint Forces Command Joint Operating Environment 2008 Challenges and Implications for the Future Joint Force and the U S Army TRADOC Operational Environment 2009-2025 b Cyberspace is one of five domains the others are air land maritime and space These five domains are interdependent Cyberspace nodes physically reside in all domains Activities in cyberspace can enable freedom of action for activities in the other domains and activities in the other domains can also create effects in and through cyberspace c Cyberspace can be viewed as three layers physical logical and social made up of five components geographic physical network logical network cyber persona and persona see figure 2-1 Physical Layer Geographic Components Logical Layer Logical Network Components Physical Network Components Social Layer Persona Components Cyber Persona Components Figure 2-1 The three layers of cyberspace 8 TRADOC Pam 525-7-8 1 The physical layer includes the geographic component and the physical network component The geographic component is the physical location of elements of the network While geopolitical boundaries can easily be crossed in cyberspace at a rate approaching the speed of light there is still a physical aspect tied to the other domains The physical network component includes all the hardware and infrastructure wired wireless and optical that supports the network and the physical connectors wires cables radio frequency routers servers and computers 2 The logical layer contains the logical network component which is technical in nature and consists of the logical connections that exist between network nodes Nodes are any devices connected to a computer network Nodes can be computers personal digital assistants cell phones or various other network appliances On an Internet protocol IP network a node is any device with an IP address 3 The social layer comprises the human and cognitive aspects and includes the cyber persona component and the persona component The cyber persona component includes a person’s identification or persona on the network e-mail address computer IP address cell phone number and others The persona component consists of the people actually on the network An individual can have multiple cyber personas for example different e-mail accounts on different computers and a single cyber persona can have multiple users for example multiple users accessing a single eBay® account This holds important implications for Army forces in terms of attributing responsibility and targeting the source of cyber action It also means Army forces will require significant situational awareness SA forensic and intelligence capabilities to counter the complex cyber threat d Cyberspace consists of many different nodes and networks Though not all nodes and networks are globally connected or accessible cyberspace continues to become increasingly interconnected It is easy to traverse geographic boundaries using the Internet when compared to other transmission or travel mediums Networks however can be isolated using protocols firewalls encryption and physical separation from other networks and are typically grouped into domains such as mil gov com and org These domains are specific to an organization or mission and organized by physical proximity or function While some access is achieved globally or remotely access to closed and specialized networks may require physical proximity e Advancements in wireless and optical technologies have led to the convergence of computer and telecommunications networks that are increasingly reliant upon portions of the EMS As technology advances competition over this portion of the EMS will increase EW and CyberOps will both require increasing access to the EMS for effective operations 2-2 Cyberspace and the OE a As stated in FM 3-0 the OE includes physical areas the information that shapes it and enemy adversary friendly and neutral systems relevant to a particular operation This core Army doctrine emphasizes the use of eight interrelated operational variables political military economic social information infrastructure the physical environment and time to understand 9 TRADOC Pam 525-7-8 and analyze the unique environment in which the Army is conducting operations Cyberspace and CyberOps are inexorably linked to each of these operational variables b The OE contains unprecedented amounts of information transmitted over commercial networks As a society citizens rely on this information and on cyberspace for financial business communications social and other aspects for daily living In fact the 2003 National Strategy to Secure Cyberspace asserts cyberspace is our nervous system – our country’s control system According to the 2008 Joint Operating Environment the global commons have expanded to include the cyberspace domain 4 This capability is increasingly penetrating less developed areas enabling more and more populations to gain greater access to these networks c Technology is evolving at astonishing rates and the proliferation of information and communications technology ICT 5 has changed the context in which governments and militaries operate From the 24-hour news cycle to flash mobs blogs social networking and text messaging the rapid flow of information has changed the social fabric around the globe The expanding popularity of social networking sites 6 dating sites 7 virtual online gaming 8 and popular gaming consoles 9 enable unprecedented social interaction across the globe As Iran discovered in its 2009 post-presidential elections social networking mediums can be used to incite the population and make it difficult for governments to control their use or attribute culpability Such mediums have vastly different technologic underpinnings which makes them difficult to mitigate d Science technology and engineering help shape the OE and the evolution of ICT will continue to accelerate in the future Scientific advances are poised to redefine many dimensions of society ICT electronics biocomputing and nanotechnology may profoundly affect military operations in the coming years Developments in quantum computing and nanotechnology may lead to a fighting force enhanced by robotics and remotely guided autonomous and miniaturized weapons systems Communications systems may be self-organizing and distributed Directed energy weapons will likely be employed against high-tech U S systems This means the Army must be prepared to use cyber-enabling capabilities such as spectrum management and electronic protection EP to guard cyber assets e Operations in cyberspace can occur nearly instantaneously Army forces can attack or be attacked with a speed not achievable in the other domains Depending on the degree of interconnectivity this can happen over global distances at near the speed of light The speed in which these activities can take place poses a requirement for speed of decisionmaking heretofore never known f Cyberspace has a wide range of actors with different levels of education training skills motivation and capacity Nation-states state-sponsored operators nonstate actors legitimate businesses criminal organizations and individuals are among these actors The TRADOC 4 Global commons is that which no one person or state owns or controls and which is central to life ICT is the commercial equivalent of information technology used extensively in the TRADOC G-2 Operational Environment 2009-2025 MySpace and Facebook for example 7 Match com and YahooPersonals for example 8 Massive multiplayer online role playing games for example 9 Xbox Playstation and Wii for example 5 6 10 TRADOC Pam 525-7-8 Operational Environment 2009–2025 makes it clear that operating within and in defense of this global commons will become a part of every military operation This significant change in the OE challenges traditional understandings of military action g A wide range of actors use ICT and advanced technologies as a relatively inexpensive way to gain parity with the U S as compared to buying tanks and aircraft or training thousands of soldiers Therefore ICT is a very attractive alternative for adversaries because the return on investment to create a capability is significant Since many adversaries do not have the capability or desire to develop support structures for these capabilities their timeline from acquisition to fielding can be significantly shorter than the U S acquisition systems For cost and survival issues the return on investment for ICT and advanced technologies makes this the only real avenue many adversaries have to maintain parity or get ahead of the U S hence the adversaries’ commitment to exploit this avenue h Private industry research and development in large part will be the catalyst for changes in CyberOps Since cyberspace is created owned maintained and operated by public private and government stakeholders across the globe figure 2-2 effective public-private partnerships will be increasingly critical to the future force A substantial portion of what is often referred to as the Army network or Army cyberspace is actually owned and operated by commercial entities and shared by the general public For example mobile devices such as cell phones and wireless personal digital assistant are components of both the military and commercial wireless provider's networks Leased long haul connectivity between Army installations including fiber optic cabling routing and switching through the physical infrastructure is shared between military and civilian networks There are leased and managed services in which military information resides on commercial devices A detailed public-private partnership that includes roles responsibilities and authorities needs to be developed because these commercial segments are a critical part of the Army's network This creates several significant challenges for the Army - both operationally and in the development of DOTMLPF solutions Figure 2-2 Cyberspace connectivity 11 TRADOC Pam 525-7-8 i The Army depends upon the Nation’s critical infrastructure and key resources for many of its activities including force deployment training transportation and normal operations Physical protection of these is no longer sufficient as most critical infrastructure is controlled by networked and interdependent SCADA or distributed control systems DCS The Department of Homeland Security DHS chart at figure 2-3 highlights the various infrastructures that must be protected Figure 2-3 Infrastructure relationships in cyberspace 10 j Since private industry is the primary catalyst for technologic advancements the military may become increasingly reliant on commercial off-the-shelf COTS technology This reliance may present three primary vulnerabilities 1 Foreign ownership control and influence of vendors Many of the COTS technologies hardware and software the Army purchases are developed manufactured or have components manufactured by foreign countries These manufacturers vendors service providers and developers can be influenced by adversaries to provide altered products that have built in vulnerabilities such as modified chips 2 Supply chain The global supply chain has vulnerabilities that can potentially lead to the interception and alteration of products These vulnerabilities are present throughout the product life cycle from the inception of the design concept to product delivery and to product updates and support 3 COTS and government off-the-shelf GOTS balance The vast majority of the Army’s CyberOps components and capabilities are from COTS and to a much smaller degree GOTS technologies 10 Source DHS Securing the Nation’s Critical Cyber Infrastructure 12 TRADOC Pam 525-7-8 2-3 The cyber threat a The Army is facing multiple simultaneous continuous hybrid threats that employ regular and irregular forces and use an ever-changing variety of conventional and unconventional tactics to achieve their aims This diverse and wide variety of threats has disparate agenda alliances and range of capabilities These actors include traditional nation-states noncombatants transnational corporations criminal organizations terrorists hacker unions mischievous hackers and the unwitting individual who intends no malice The Army must be able to deal with this wide array of threats b The cyber threat can be characterized in many ways by sponsorship training education skills motivation or tools Two examples include advanced cyber threats and hackers Advanced cyber threats are generally supported by nation-states and have advanced education training skills and tools that allow the threat to remain undetected for extended periods of time on improperly defended networks Hackers have a broad range of skills motives and capabilities and must be assessed independently The level of the cyber threat is the combination of the actor’s ability skills and resources opportunity access to target intent attack surveillance exploit and motive national policy war profit fame personal reasons and others c With access to the vastly available commercial tools and distribution methods adversaries have proven adept at rapidly adjusting to evolving commercial technology they have cleverly adopted new methods to reach their intended actors and publics With modest resources they can purchase dual use civil technologies making the marketplace their combat developer When compared to current DOD requirements and acquisition processes which take multiple years to adopt new technologies across the force adversaries are able to leap ahead and achieve a significant advantage d Cyberspace provides adversaries an effective and inexpensive means for recruitment propaganda training and command and control Increasingly nations and nonstate actors will use cyberspace effectively often in combination with lethal attacks and an information campaign to advance their aims In Iraq ICT became an essential ideological and operational tool for the insurgency Many groups carried out sophisticated information strategies with video cameras laptops cell phones and other wireless technologies This trend is likely to evolve with future threats operating in and through cyberspace to delay or disrupt U S access to the theater or area of operations by striking key infrastructures such as aerial and sea ports of debarkation and embarkation lines of communication staging bases domestic and SCADA systems and sea and air transports 2-4 Summary a Operations conducted in and through cyberspace will have significant impact on Army missions worldwide Small nimble adversaries have proven committed to adapting cyberelectromagnetic technologies very quickly due to the huge return on their investment and their ability to gain operational parity or advantage even if fleeting U S telecommunication and computer networks are targeted engaged and or attacked and defended continuously each day 13 TRADOC Pam 525-7-8 These activities will increase in the future due to the accelerating rate of technologic advances the low entry cost for commercial technology its resulting proliferation and the ability adversaries even unsophisticated to stay apace of the increasing rate of technologic change 11 b Notions of dominating cyberspace are simplistic and unrealistic A realistic and meaningful goal is to achieve and maintain freedom of action in and through cyberspace while being able to affect that of the adversaries Subsequent chapters will begin to determine the cyber capabilities and capacity required to prevail in the cyber-electromagnetic contest with current and future adversaries Chapter 3 Framing the Problem 3-1 What has changed in the operational environment as pertains to cyberspace As detailed in chapter 2 the future operational environment continues to change in accelerated fashion due to ICT advancements and the application of these technologies Global proliferation of these technologies has significantly changed social networks and the social dynamic Adaptive and flexible adversaries have proven adept at leveraging these technologies and adapting them to this environment Cyberspace has emerged as a realm of continuous engagements and conflict where there is no peacetime and no clear cut winners or end states 3-2 What has changed in operational requirements as pertains to cyberspace The Army has placed significant emphasis and reliance on network-enabled systems and services to provide a communications infrastructure that connects Soldiers and platforms to global information sources which are increasingly susceptible to attack degradation and or destruction CyberOps are conducted continuously to combat the array of adversaries attacking friendly systems and to ensure the access to and operation of Army and other specified cyberspace networks Current requirements do not meet and or address the increased speed massive proliferation of information and access to relevant information in cyberspace Joint and Army cyberspace requirements have increased due to the expanding mission area diverse threats and with the establishment of the U S Cyber Command USCYBERCOM and U S Army Forces Cyber Command ARFORCYBER 3-3 What is working what is not working a What is working The Army has several organizations that are at the forefront in training Army Soldiers and civilians to provide commanders with personnel who possess the right knowledge skills and abilities to perform cyber activities CNO and NetOps in particular b What is not working The Army currently does not have a holistic vision concept or doctrine to guide its capability development efforts in response to the changes in the OE and operational requirements for CyberOps There has been no comprehensive analysis to determine CyberOps requirements and to guide its development and management of CyberOps capabilities 11 Cyberpower and National Security Chapter 1 written by Franklin D Kramer National Defense University 14 TRADOC Pam 525-7-8 across DOTMLPF The Army has insufficient research development test and evaluation RDT E funding to responsively support current and future CyberOps 3-4 The problem The Army cannot adequately identify attack exploit and defeat the expanding cyberelectromagnetic threats or mitigate the increasing vulnerability of its own networks The Army is not poised to prevail in the cyber-electromagnetic contest Chapter 4 Framing the Solution 4-1 The context The three dimensions of FSO a The Army has considered the role of information cyberspace and the electromagnetic spectrum since the publication of FM 3-0 The staffing for both the draft FM 3-13 and the U S Army Cyber-Electronics Concept of Operations revealed significant and different opinions about how the Army should be organized for cyberspace EW and IO Consequently the CG TRADOC directed the CAC to lead a working group to recommend the conceptual framework for these mission areas and the needed force modernization proponency structure The CAC-led working group conducted two Councils of Colonels and a General Officer Review Board to accomplish these two tasks b The group leveraged the design process to develop an environmental frame a problem frame and a solution frame The frames derived three dimensions of FSO and the General Office Review Board validated them as logical and good enough to move forward while the group continued to learn and reframe the problem On 16 October 2009 CG TRADOC provided his recommendations to the Army Vice Chief of Staff in a memorandum titled Posturing the Army for Cyber EW and IO as Dimensions of Full Spectrum Operations CG recommendations included the following 1 We determined that our current ‘vocabulary’ Cyber-EW-IO is adequate today but will become increasingly inadequate to describe the challenges we face in the operational environment We concluded that there are three dimensions to be addressed that these dimensions exist across the FSO and that these dimensions each require force design and doctrinal solutions Therefore although we currently describe the functions related to network and spectrum operations as Cyber-EW-IO we believe that we should adapt and describe them in the future as follows a First dimension The first dimension is the psychological contest of wills against implacable foes warring factions criminal groups and potential adversaries This dimension involves influencing desperate and creative people to do what they really don't want to do and requires an acute understanding of human behavior b Second dimension The second dimension is strategic engagement and involves keeping friends at home gaining allies abroad and generating support or empathy for the 15 TRADOC Pam 525-7-8 mission in the area of operations This dimension includes the general public key actors and third party validators who are the ultimate arbiters of success or failure of military operations in the current operational environment Gaining and maintaining their support or empathy for the mission is an imperative of 21st century operations c Third dimension The third dimension is the cyber-electromagnetic 12 contest Trends in wired wireless and optical technologies are setting conditions for the convergence of computer and telecommunication networks A significant advantage will go to the side that is able to gain protect and exploit advantages in the highly contested cyberspace and electromagnetic spectrums 2 The future force must meet the demands of these three interconnected dimensions of FSO in an operational environment characterized by complexity rapid change and hybrid threats this pamphlet is about prevailing in the third dimension c Winning the cyber-electromagnetic contest often determines to a large degree the capability of military forces to perform missions This is not some metaphorical cyberspace This is a dimension shaped and bounded by modern computer-mediated communications networks of all types transmission of data within networks by electromagnetic waves fiber optic cables and copper wire digital information storage and processing computerized automation a large variety of sophisticated electronic sensors space-based communications broadcast mapping and global positioning services various electronically activated remote control systems and other rapidly evolving network services and applications d Rapidly evolving information technologies are increasing the speed capacity agility efficiency and usefulness of modern networks The proliferation of this technology is changing the way humans interact with each other and their environment to include military operations The U S Army is heavily reliant on information technology and information systems to communicate control forces coordinate fires gather and distribute intelligence and conduct surveillance reconnaissance and other military activities U S adversaries warring factions and criminal cartels have access to and use many of the same technologies in innovative ways that are unique to every case e How these cyber-electromagnetic technologies are integrated and employed in specific circumstances will greatly affect modern military operations While it is important to be at the leading edge in these technologies it is just as important to take a comprehensive approach to all aspects of this dimension of operations and to be the cleverest to adapt and combine them to unique operating conditions 4-2 Central idea a Prevailing in the cyber-electromagnetic contest means making progress at the same time along three lines of effort gaining advantage protecting that advantage and placing adversaries at a disadvantage 12 The use of the term cyber-electromagnetic is not meant to equate the terms cyberspace and electromagnetic spectrum but rather to highlight there is significant overlap between the two and future technological development is likely to increase this convergence 16 TRADOC Pam 525-7-8 b While there is great advantage in harnessing cutting edge ICT ahead of adversaries implementation must consider and mitigate emerging systemic vulnerabilities and dependencies Perhaps even more critical is the ability to disarm disrupt and defeat the same capabilities in the hands of adversaries This requires Army forces to integrate these lines of effort from the start making them elements of the same dimension of modern operations Integration leads to synergy rapid progress and high relative levels of performance Failing to integrate leads at best to uneven progress and disjointed applications or at worst catastrophic operational failures c The art of winning in the cyber-electromagnetic dimension requires very specific expertise in information theory computer science and related sciences electro-physics radio-electronic wave propagation theory cyber-electronics complex cyber network behaviors and others and of how this theoretical knowledge relates to military tactics operations and strategy 13 Creating this marriage of abstract science and modern military practice is fundamental to creating CyberOps SA and thus contributing to the commander's end state Another is to transform the fragmented approach to this dimension into one that is systemically holistic Gaining advantage and denying advantage through modern high technology automation-enhanced networks depend on the same scientific knowledge base and are symmetrically related aspects of the same contest d While it is possible military outcomes can be determined by cyber operations alone CyberOps are not generally an end to themselves but rather an integral part of FSO It is focused on winning the cyber-electromagnetic contest through three concurrent lines of effort gaining advantage protecting that advantage and placing adversaries at a disadvantage Commanders conduct CyberOps to retain freedom of action in cyberspace and in the EMS while at a time and place of their choosing denying freedom of action to adversaries thereby enabling other operational activities These lines of effort to prevail in the cyber-electromagnetic contest nest with and contribute to the joint force's construct of cyberspace superiority CyberOps leverages cyberspace and the EMS throughout all the domains 4-3 The framework a Current doctrinal terms do not adequately address the broad range of tasks associated with the DOD definitions of cyberspace and CyberOps For example cyberspace includes computer and telecommunication networks as well as embedded processors and controllers in equipment systems and infrastructure and CyberOps encompasses more than just CNO and NetOps Consequently the framework developed for this pamphlet establishes four components for CyberOps CyberSA CyNetOps CyberWar and CyberSpt with CyberWar and CyNetOps being the primary operational components This framework is illustrated in figure 4-1 and further elaborated upon in this chapter 13 Just as it is necessary to understand human psychology and human social behavior to succeed in the art of unifying physical and psychological impact and that or keeping friends and winning allies knowledge in these fields is crucial to this art The first term electrophysics is the root science that defines this field Cyber-electronics is a term I prefer over Cyberspace to cover the science that bounds and defines modern communications including the Internet Moreover the character of modern operations is so shaped by these sciences and the enabling capabilities that stem from them that to not consider these a dimension would be limiting Introduction to Winning in the Cyber Electromagnetic Dimension of Full Spectrum Operations Brigadier General Huba Wass de Czege U S Army Retired 17 TRADOC Pam 525-7-8 CyberOps CyberSpt CyberSA Figure 4-1 The four components of CyberOps b CyberSA is the immediate knowledge of friendly adversary and other relevant information regarding activities in and through cyberspace and the EMS It is gained from a combination of intelligence and operational activity in cyberspace the EMS and in the other domains both unilaterally and through collaboration with unified action and public-private partners Discrimination between natural and manmade threats is a critical piece of this analysis CyberSA enables informed decisionmaking at all levels via flexibly tailored products and processes that can range from broadly disseminated awareness bulletins targeted to general users to the other extreme of specific and narrowly focused issues distributed as extremely sensitive and classified in nature CyberSA enables informed decisionmaking at all levels It is relevant at the strategic operational and tactical echelons for overall SA and it is useful to Soldiers who interact most with the populace which uses and increasingly relies on cyberspace As depicted in figures 4-1 and 4-2 CyberSA enables and derives from CyNetOps CyberWar and CyberSpt CyberSA includes the following 1 An understanding of friendly adversary and other relevant activity in and through cyberspace 2 Assessment of friendly cyber capabilities 3 Assessment of adversary cyber capabilities and intentions 4 Assessment of both friendly and adversary cyber vulnerabilities 5 An understanding of information flowing over networks to include its purpose and criticality 6 An understanding of the effects and mission impact resulting from friendly and adversary cyberspace degradations 18 TRADOC Pam 525-7-8 7 Availability of cyber capabilities necessary for the effective planning and execution of CyberOps Figure 4-2 CyNetOps c CyNetOps is the component of CyberOps that establishes operates manages protects defends and commands and controls the LandWarNet 14 critical infrastructure and key resources CIKR and other specified cyberspace CyNetOps consists of three core elements Cyber enterprise management CyEM cyber content management CyCM and cyber defense CyD including information assurance computer network defense to include response actions and critical infrastructure protection CyNetOps uses CyEM CyCM and CyD in a mutually supporting and supported relationship with CyberWar and CyberSpt see figure 4-3 14 LandWarNet is the Army’s contribution to the GIG that consists of all globally interconnected end-to-end set of U S Army information capabilities associated processes and personnel for collecting processing storing disseminating and managing information on demand supporting warfighters policy makers and support personnel It includes all U S Army owned and leased and leveraged DOD and joint communications and computing systems and services software including applications data security services and other associated services LandWarNet exists to enable the war fight through battle command TRADOC Pam 525-5-600 19 TRADOC Pam 525-7-8 Figure 4-3 CyNetOps 1 CyEM is the technology processes and policy necessary to operate effectively computers and networks 2 CyCM is the technology processes and policy necessary to provide awareness of relevant accurate information automated access to newly discovered or recurring information and timely efficient and assured delivery of information in a usable format 3 CyD actions combine information assurance computer network defense to include response actions and critical infrastructure protection with enabling capabilities such as EP critical infrastructure support and others to prevent detect and ultimately respond to an adversaries ability to deny or manipulate information and or infrastructure CyD is integrated with the dynamic defensive aspects of CyberWar to provide defense in depth 4 The rapidly changing nature of cyberspace mandates that operational and tactical units possess organic or have access to the capabilities and expertise to protect these vital networks enable real time attack prevention and detection make possible attack response through event identification and actions such as deception blocking and or denying and allow the coordination of appropriate counterattacks 5 The availability of information and intelligence via the LandWarNet and other aspects of cyberspace are critical to all operations and overall mission success The defenses and network redundancies must be sufficiently robust to provide security and continued availability in spite of the adversary's attempts to exploit or attack critical systems and networks Potential adversaries possess significant CyberOps capabilities and Army forces will likely have to fight through a threat event while operating in a degraded environment especially at the operational 20 TRADOC Pam 525-7-8 and tactical levels In response to this threat the Army must train to operate with degraded systems d CyberWar is the component of CyberOps that extends cyber power beyond the defensive boundaries of the GIG to detect deter deny and defeat adversaries CyberWar capabilities target computer and telecommunication networks and embedded processors and controllers in equipment systems and infrastructure CyberWar uses cyber exploitation CyE cyber attack CyA and dynamic cyber defense DCyD in a mutually supporting and supported relationship with CyNetOps and CyberSpt see figure 4-4 Figure 4-4 CyberWar 1 CyA actions combine computer network attack CNA with other enabling capabilities such as electronic attack EA physical attack and others to deny or manipulate information and or infrastructure 2 CyE actions combine computer network exploitation CNE with enabling capabilities such as electronic warfare support ES signal intelligence SIGINT and others for intelligence collection and other efforts 3 DCyD actions combine policy intelligence sensors and highly automated processes to identify and analyze malicious activity simultaneously tip and cue and execute preapproved response actions to defeat attacks before they can do harm DCyD uses the Army defensive principles of security defense in depth and maximum use of offensive action to engage cyber threats These actions include surveillance and reconnaissance to provide early warnings of pending enemy actions DCyD is integrated with the defensive aspects of CyNetOps to provide defense in depth 21 TRADOC Pam 525-7-8 e CyberSpt is a diverse collection of supporting activities which are generated and employed to specifically enable both CyNetOps and CyberWar see figure 4-5 These activities are called-out in this unifying category due to their unique and expensive nature as high-skilled low-density time-sensitive intensive activities requiring specialized training processes and policy Additionally several of these activities also require specialized coordination synchronization and integration to address legal and operational considerations It is because of these considerations and their overall importance that these activities are addressed as a CyberOps core component Figure 4-5 Cyber support 1 CyberSpt is different from CyberWar and CyNetOps as these activities are carried out by multiple stakeholders and do not require a separate CyberSpt proponent or lead At quick glance ownership may seem clouded as intelligence organizations law enforcement CyberWar and CyNetOps perform many of these activities CyberSpt entails varying intents conditions authorities and levels of effort and are not deemed redundant 2 Examples of CyberSpt activities include vulnerability assessment threat-based security assessment and remediation reverse engineering malware cyber aspects of site exploitation separate counterintelligence and law enforcement-based cyber forensics cyber RDT E combat development and acquisition These are low density high demand capabilities that must be expanded to support emerging requirements 3 Particularly noteworthy is a responsive RDT E and science and technology strategy carried out by organizations that reside in the Army and integrated with other services DOD and other governmental agencies in industry and academia The goal is to identify and evaluate promising technologies before they emerge in the marketplace The Army must invest in and 22 TRADOC Pam 525-7-8 leverage these organizations to stay apace of commercial technologic advancements and to prevent the introduction of game-changing technologies by adversaries Due to the cost of cyber developments it is likely much of this development will be coordinated and funded through the USCYBERCOM It will be increasingly important the Army assures the development strategy meets its specific requirements f Enabling CyberOps capabilities 1 Army operations rely on systems that use the EMS to conduct FSO The convergence of computer and telecommunications networks and the proliferation of advanced technologies make it imperative that CyberOps and EW are deconflicted fully coordinated and synchronized with all other aspects of the operation to achieve the commander’s intent and objectives Enablers enhance the effectiveness and integration of military capabilities and their subsequent effects 2 Due to the competitive and congested environment access to cyberspace and the EMS cannot be assumed Host nations are unlikely to have the sophistication or capacity for radio frequency RF spectrum management required for coalition operations Army forces should be prepared to supplement host nation capabilities EMSO provide these spectrum management frequency assignment host nation coordination and policy implementation capabilities that are essential to gain the required access to enable CyberOps Figure 4-6 shows that EMSO is an enabling CyberOps capability along with electronic warfare operations in other domains and intelligence 3 The reliance of CyberOps on RF and optical portions of the EMS make EW another enabler EW activities represent a distinct enduring capability to provide Army commanders an advantage within the EMS These commanders must have a similar CyberOps capability to attack protect and exploit advanced technologies The combination of CyberOps and EW provides the commander with alternative authorities and multiple techniques to achieve desired effects under varying conditions A CyA for example could provide additional opportunity to disrupt adversary's communications beyond those offered by EA but using the same RF spectrum CyD may provide additional protection to data transmission devices beyond the shielding provided by EP capabilities And CyE can enhance target development and intelligence information beyond what is currently offered by ES capability A properly designed platform may be able to deliver both capabilities in one system 23 TRADOC Pam 525-7-8 Figure 4-6 Enabling CyberOps capabilities and enabling ways 4 Capabilities normally employed in the air land maritime and space domains can also enable CyberOps and vice versa Space capabilities are employed to extend the Army's LandWarNet and to deliver attack and exploitation payloads to adversary’ systems and networks Aerial and high altitude platforms provide additional means to accomplish many of the same tasks performed by space capabilities in areas where more responsive and persistent coverage is needed Similarly physical attack and other capabilities in the land domain can enable CyberOps 5 Intelligence SIGINT and other intelligence activities enable and are enabled by all aspects of CyberOps in both support and operational contexts Increasingly technologically advanced adversaries require that U S intelligence and cyber personnel work closely together using an all source approach to support the commander’s mission and to build CyberSA g Enabling ways Enabling ways enhance the effectiveness and integration of CyberOps capabilities Partnering in unified action and CIKR include continuous actions taken to shape the operational environment and set the conditions for successful operations Law and policy authorize or place limitations on what can be done operationally and feed the development of rules of engagement ROE Each is described below 1 Partnering CyberOps require interdependent capabilities and unified action and there are multiple partnering arrangements that must be made to ensure effective operations Public-private partnerships are essential because the vast majority of cyberspace is owned and controlled by public and private stakeholders The Army must have established enduring partnerships with Federally-funded research and development centers industry other services 24 TRADOC Pam 525-7-8 academia commercial infrastructure providers defense contractors and other global and regional allies and partners who share similar dependence on cyberspace Partnering with interagency organizations is an important aspect of unified action in this mission area In addition partnering with Federal state and local law enforcement counterintelligence and criminal investigative organizations will facilitate the rapid coordination needed for effective CyberOps including the pursuit investigation and prosecution of criminals 2 CIKR The Army depends upon the Nation’s CIKR for its day-to-day operations transportation power and information and communications technology infrastructures CIKR is also important for the deployment and training of Army forces Physical protection of CIKR is no longer sufficient as most critical infrastructure is controlled by networked interdependent SCADA or DCS The Army depends upon established partnerships and must be prepared to conduct both cyber and physical CIKR protection as part of FSO 3 Law and policy CyberOps and enabling capabilities are governed through a complex set of classified and unclassified legislation policy and procedures and ROE resulting in overlapping authorities among DOD the Federal Bureau of Investigation DHS Department of State Department of the Treasury and other government agencies Law policy and ROE are distinct entities that authorize actions and also place restrictions and limitations on what can be done operationally These are critical for effective operations and for the proper oversight of these operations Presidential National Security Presidential Directives Homeland Security Presidential Directives and the 2008 Unified Command Plan provide policy guidance on CyberOps at the National level Relevant cyber U S Code includes Title 6 for Domestic Security Title 10 for the Armed Forces Title 18 for Crimes and Criminal Procedure Title 32 for the National Guard Title 40 for Public Buildings Property and Works and Title 50 for War and National Defense Additionally there are numerous DOD Joint Staff and service policies on CyberOps and the authority to conduct CyberOps against an adversary not located within the U S may be impacted by the United Nations and North Atlantic Treaty Organization charters and other treaties Laws policies and authorities for CyberOps must be understood clearly and relationships established accordingly to facilitate rapid execution of operations 4-4 Risks a As the vignettes in appendix B show the U S Army may be required to augment host nation and civil support agencies with CyberOps expertise and capabilities The vignettes posit the joint force will provide this augmentation to Army forces since it will exceed the Army’s capacity However at present such is far from being a reality Failure to build this capacity in the joint force will place both mission and lives at risk b The second category of risk is technologic in nature The assumption for successful integration of CyberOps into FSO is that the DOD and Army will pursue in earnest a competitive advantage in CyberOps capabilities Failure to adapt research development testing and acquisition processes to stay apace with technologic advancements will make it difficult if not impossible to gain advantage protect that advantage and place adversaries at a disadvantage 25 TRADOC Pam 525-7-8 4-5 Summary a Trends in wired wireless and optical technologies are setting conditions for the convergence of computer and telecommunication networks Winning the cyber-electromagnetic spectrum dimension of FSO determines to a large degree the capability of military forces to perform missions of all kinds A significant advantage will go to the side that is able to gain protect and exploit advantages in the highly contested cyberspace and EMS Prevailing in the cyber-electromagnetic contest means making progress at the same time along three lines of effort gaining advantage protecting that advantage and placing adversaries at a disadvantage from peacetime engagements to global war b CyberOps encompass those actions aimed at gaining advantage protecting that advantage and placing adversaries at a disadvantage in cyberspace and in the EMS just as commanders do in and across the air land maritime and space domains Commanders seek to retain freedom of action in the cyberspace and EMS while denying the same to their adversaries thereby enabling other operational activities in and through cyberspace as well as in the other four domains CyberOps are not an end to themselves but rather an integral part of FSO that focus on winning the cyber-electromagnetic contest by gaining advantage protecting that advantage and placing adversaries at a disadvantage CyberOps use cyberspace and the EMS and take place in the air land maritime and space domains as well as in and through cyberspace c CyberOps uses four components along with enabling capabilities and special considerations to achieve the commander's intent The four components of CyberOps CyberSA CyNetOps CyberWar and CyberSpt are interdependent and must be integrated into the commander's overall operation d The Army’s ability to leverage cyberspace and CyberOps capabilities will be increasingly critical to its operational success CyberOps capabilities must be fully integrated in right combination with all other capabilities at the commander’s disposal to gain advantage protect that advantage and place adversaries at a disadvantage To do this the Army must possess the required cyber capabilities across DOTMLPF domains and provide them to USCYBERCOM combatant commanders and Army operating and generating forces This pamphlet's appendices build on the framework in the base document to broaden the operational understanding of the framework and to provide a start point for the CBA This pamphlet provides a vision for the Army's way forward in the development of CyberOps capabilities to prevail in the cyberelectromagnetic contest with current and future adversaries 26 TRADOC Pam 525-7-8 Appendix A References Section I Required References ARs DA Pamphlets field manuals FM and DA forms are available at Army Publishing Directorate Home Page http www usapa army mil TRADOC publications and forms are available at TRADOC Publications at http www tradoc army mil No Entry Section II Related References Army Posture Statement Army Strategic Planning Guidance FY2006-2023 Army Transformation Roadmap Capstone Concept for Joint Operations CJCSM 3500 04D Universal Joint Task List Command and Control Joint Integrating Concept Department of Defense Information Enterprise Architecture Department of the Army Training Manual 5-601 Supervisory Control and Data Acquisition Systems for Command Control Communications Computer Intelligence Surveillance and Reconnaissance Facilities Field Manual 3-0 Operations Field Manual 3-13 Information Operations Field Manual 3-36 Electronic Warfare Operations Field Manual 6-02 70 Electromagnetic Spectrum Operations 27 TRADOC Pam 525-7-8 Field Manual 6-02 71 Network Operations FM 7-0 Training for Full Spectrum Operations FM 7-15 The Army Universal Task List Homeland Defense and Civil Support Joint Operating Concept Joint Concept of Operations for Global Information Grid NetOps Joint Operating Environment 2008 Joint Publication 3-0 Joint Operations Joint Publication 3-13 Information Operations Major Combat Operations Joint Operating Concept Military Support to Stabilization Security Transition and Reconstruction Joint Operating Concept National Defense Strategy of the United States National Strategy to Secure Cyberspace National Counterintelligence Strategy of the United States National Intelligence Estimate The Global Cyber Threat to the U S Information Infrastructure U The Army in Joint Operations The Army’s Future Force Capstone Concept 2016-2028 TRADOC G-2 Operational Environment 2009-2025 TRADOC Memorandum Posturing the Army for Cyber EW and IO as Dimensions of Full Spectrum Operations TRADOC Pamphlet 525-3-0 The Army Capstone Concept Operational Adaptability—Operating Under Conditions of Uncertainty and Complexity in an Era of Persistent Conflict 28 TRADOC Pam 525-7-8 TRADOC Pamphlet 525-5-600 The United States Army’s Concept of Operations LandWarNet 2015 TRADOC Pamphlet 525-7-6 United States Army Concept Capability Plan for Army Electronic Warfare Operations for the Future Modular Force 2015-2024 TRADOC Pamphlet 525-7-16 United States Army Concept Capability Plan for Army Electronic Electromagnetic Spectrum Operations for the Future Modular Force 2015-2024 TRADOC Pamphlet 525-7-17 The U S Army Concept Capability Plan for Network Transport and Services for the Future Modular Force 2015-2024 Section III Prescribed Forms No entry Section IV Referenced Forms DA Form 1045 Army Ideas for Excellence Program Proposal DA Form 2028 Recommended Changes to Publications and Blank Forms 29 TRADOC Pam 525-7-8 Appendix B Interdependent Nature of CyberOps B-1 Introduction The purpose of this section is to introduce enough of the evolving cyber operational structure to set the stage for appendix C and describe what capabilities are needed by Army echelons to conduct CyberOps Since this operational structure is evolving insomuch as possible current organizational names will not be used This section provides an overview and the context for the vignettes in appendix C It is not intended to be a comprehensive analysis or list of organizational requirements The Cyberspace CBA will conduct additional analysis and refine organizational requirements B-2 Operational overview 1 OV-1 a Figure B-1 depicts the CyberOps operational overview OV-1 a broad concept of how the future force will conduct CyberOps as part of FSO Implicit in the illustration are the following conditions 1 These operations are conducted in friendly adversarial and other specified cyberspace with unified action partners 2 Public-private partnerships are paramount to the success of CyberOps operations 3 There are no rear areas and CyberOps apply equally to the generating force 4 While some aspects of CyberOps require physical proximity they can be conducted globally from nearly any location 5 CyberOps require a capability mix of organic unit capabilities and reach back to joint Army and interagency support organizations 6 The nature of the OE makes cyberspace EMS and the other four domains land air maritime and space inexorably interdependent 30 TRADOC Pam 525-7-8 CyNetOps is the component of CyberOps that provides SA of the Global Network Enterprise and those activities that establishes operates manages protects defends and command and controls the LandWarNet CIKR and other specified cyberspace CyberSA is the immediate knowledge of friendly adversary and other specified cyberspace and the status and availability of CyberOps capabilities necessary for the effective planning conduct and command and control of CyberOps and overall operations CyberSA is gained from a mix of intelligence and operational activities in cyberspace the EMS and in the other domains CyberSpt are those supporting activities that are generated and employed to specifically enable essential CyNetOps and CyberWar functions and tasks CyberWar is the component of CyberOps that extends cyber power beyond the defensive boundaries of the GIG to detect deter deny and defeat adversaries CyberWar capabilities target computer and telecommunication networks and embedded processors and controllers in equipment systems and infrastructure abridged definition Figure B-1 Operational overview 1 b For DOD USCYBERCOM plans coordinates deconflicts and conducts CyberOps USCYBERCOM runs the Joint Interagency Coordination Group that executes interagency and key nation coordination and SA and information sharing Operations are run out of its Joint Operations Center and Joint Intelligence Operations Center both of which are tied to the Integrated Cyber Center which coordinates U S government CyberOps c CyberOps are conducted at the national joint and Army levels by both generating and operating forces The Army provides trained manned and equipped Soldiers to USCYBERCOM U S Northern Command USNORCOM U S Pacific Command USPACOM and to all combatant commanders and joint forces through the request for forces process These forces are capable of conducting offensive and defensive CyberOps for joint operations and can support tactical operations through global reachback or support teams d U S Northern Command USNORTHCOM and U S Pacific Command USPACOM are responsible for defense support to civil authorities DSCA for domestic emergencies designated law enforcement and other activities DSCA tasks include vulnerability assessment incident impact analysis malware analysis mitigation techniques characterization and digital 31 TRADOC Pam 525-7-8 media analysis capabilities DSCA tasks do not include CNA and CNE day-to-day law enforcement and intelligence support and operation and defense of the GIG however these may be executed in defense of the homeland e CYE capabilities are provided to expeditionary forces through USCYBERCOM global reachback support and through support teams in support of combatant commanders Cyber attacks conducted against computer and telecommunication networks computer systems and embedded processors and controllers are executed under appropriate authorities through global reachback support support teams or organic capabilities f The Army will continue to develop a global network enterprise GNE that will centralize control of the LandWarNet and other specified cyberspace under a single command This GNE will provide LandWarNet unity of command by migrating loosely affiliated independent networks into a true global capability that is designed deployed and managed as a single integrated enterprise The GNE cornerstones are the Army network service centers consisting of network operations and security centers NOSC and associated computer emergency response teams area processing centers and regional hub nodes NSCs align with the theater signal commands to provide warfighters with a global plug and play ability to connect to joint Army and commercial networks through all phases of joint operations This ability to connect to the network enables greater freedom of action for Army forces throughout the Army force generation process and strengthens network defense through improved prevention monitoring detection analysis and response capabilities The GNE enables joint and coalition interoperability to support increased operational effectiveness g The Theater Signal Command is the senior Army communications headquarters in the theater This mission includes telecommunications engineering installation operations and maintenance responsibility for all deployed strategic signal forces in theater h The Theater Network Operations and Security Center TNOSC supports the theater Army service component command ASCC by conducting 24 7 CyNetOps and security management on the theater information grid The TNOSC plans directs and monitors CyNetOps and network defense provides SA and reporting of theater information grid systems and networks executes technical control and enforces compliance and monitors and enables content management i The regional computer emergency response team RCERT plans synchronizes and conducts CNO provides technical and threat analysis and directly supports the ground component commander ASCC and Theater Signal Command The RCERT monitors the theater sensor grid provides SA of threats and predictive threat analysis conducts cyber incident response handling and provides computer network defense CND and threat education for the units in theater j The corps has a NOSC providing organic CyNetOps services The NOSC synchronizes network management systems including information assurance and CND event correlation systems and network monitoring systems Currently a corps does not have an assigned capability to plan and integrate all aspects of CyberOps 32 TRADOC Pam 525-7-8 k The division has a NOSC providing organic CyNetOps services These services include the coordination of all engineering installation operation maintenance management and defense of the division information network The NOSC is responsible for providing CyNetOps capabilities for distributed operations battle command on the move and in response to the commander's tactical requirements However the division must operate and defend its own network without augmentation from higher headquarters Additionally divisions do not have an assigned capability to plan and integrate all aspects of CyberOps l Brigade and brigade combat teams BCT perform CyNetOps functions with its organic capabilities Similar to the division the brigade and BCT are required to operate and defend their own networks without augmentation from higher headquarters This includes providing effective network management and network defense across all organic networks In addition the BCT provides the organic common services of messaging collaboration storage and security to its subordinate elements Currently brigades and BCTs do not have an assigned capability to plan and integrate all aspects of CyberOps m Battalions rely on their brigade or BCT for core services network accessibility and network defense The battalion S-6 performs all the planning and operations associated with the main and tactical command posts including establishing connectivity with adjacent subordinate and higher elements Currently battalions do not have an assigned capability to plan and integrate all aspects of CyberOps n Companies rely on their battalion for core services network accessibility and network defense The company performs all the planning and operations associated with the command post including establishing connectivity with adjacent subordinate and higher elements o The total force The Army National Guard ARNG and the Army Reserve USAR benefit from their associated civilian academic industry and interagency communities to obtain Soldiers with specialized CyberOps skills capabilities and experience The active component readily leverages the capabilities of the reserve component because they provide expanded capacity in areas that are often too expensive and too time consuming to handle alone An example of this is malware reengineering Reserve component forces also support Army organizations at the National Security Agency sites in Maryland Georgia Hawaii Texas and Colorado Both the active and reserve components benefit when respective units share a habitual relationship in developing specific capabilities for teams organizations or force structure 1 The ARNG A key component of the Army’s total force CyberOps capability the ARNG maintains CyberOps capabilities in the 54 joint force headquarters–state supporting both the Army and the states under their Title 10 and Title 32 authorities respectively Their priority is to establish and maintain a secure cyber environment for their state through CyNetOps by protecting critical cyberspace nodes developing CyberSA and providing support to civil authorities for incident response and protection of critical infrastructure The ARNG is the Army's expert for protecting CIKR It supports the Army and USCYBERCOM with CyNetOps CyberSpt and limited CyberWar capabilities 33 TRADOC Pam 525-7-8 2 The USAR The USAR provides trained and ready personnel to perform CyberOps in support of joint Army and combatant commander mission requirements These personnel bring a maturity and depth of experience providing ready operational support to current operations Uniquely the USAR will have a direct link to U S Strategic Command contingency plans allowing them to mobilize personnel to support ARFORCYBER plans and operations that support USCYBERCOM CyberOps The USAR is expeditionary in nature and supports Army ARFORCYBER and USCYBERCOM with CyNetOps CyberSpt and limited CyberWar capabilities Appendix C Operational Vignettes C-1 Vignette context This chapter uses a series of vignettes to illustrate the Army’s operational framework introduced in chapter 4 for conducting CyberOps as part of FSO from peacetime engagements to global war The vignettes are consistent with the general framework of the multi-level security-1 scenario Each vignette will be associated generally with one or more of the phases of the Joint Phasing Model from Joint Publication 3-0 figure C-1 to get at specific actions and required capabilities from the strategic down to the tactical level These implications and required capabilities are described in greater detail in appendices D and E and a consequent integrated list of preliminary DOTMLPF questions in appendix F Figure C-1 The joint operations six phase model C-2 Prephase 0 operations a This vignette focuses on normal day-to-day operations and a typical Army support mission for a stability and support operation as part of a combatant command's theater security cooperation plans TSCP In the course of enduring peacetime operations the theater combatant command in forward bases and with supporting elements in the continental U S CONUS and outside the CONUS must operate and defend the network its associated systems and the data resident on or in transit across the network This includes establishing the publicprivate partnerships required to secure the commercial segments that are inside the Army's or other specified cyberspace These operations occur while undergoing nearly continuous attacks 34 TRADOC Pam 525-7-8 and penetration attempts from a variety of threats ranging from non-state to state actors at all levels of sophistication as well as insider threats and nonmalicious actors The combatant command may also deploy forces for a variety of operational activities from nation building and counternarcotics activities to foreign internal defense and non-combatant evacuation operations b Each of these activities requires a level of cyberspace operations support to gather intelligence on potential threats in the area of operations extend operate and defend networks and services to provide necessary command and control support Combatant commands and subordinate echelons conduct intelligence assessments to identify commander's cyber intelligence requirements Joint and Army elements conduct cyber exploitation to answer and update these assessments and requirements C-3 Vignette 1 phase 0 through phase 1 shape and deter a The vignette continues through the initial onset of a crisis and the actions taken to shape the operational environment and deter the adversary figure C-2 This vignette will describe the Army CyberOps operations and capabilities required to effectively support the combatant commander’s mission Figure C-2 Vignette 1 phases 0 1 – shape and deter b Situation 1 Friendly forces are conducting normal peacetime training operations including leader development education and training RDT E and other activities to shape the OE There is no traditional phase 0 or peacetime in cyberspace as adversaries continuously seek to conduct cyberspace operations particularly exploitation against the U S and its allies in order to pursue 35 TRADOC Pam 525-7-8 their strategic objectives Nation-states and other adversaries attempt to penetrate friendly networks to gain an information advantage and focus their cyberspace capabilities on collecting information about friendly interests plans technical data and intentions 2 In this vignette a large technologic peer-competitor and other adversaries also seek to undermine U S and coalition efforts to support a host nation that has requested assistance in providing stability and support during actions by a hostile neighboring country These initial threat activities include attempted physical and cyber penetration and attempted disruption of host nation water and electrical services As a crisis emerges and an additional threat is added within the combatant commander’s area of responsibility the resources used to conduct day-today enduring operations are still required Additional resources are likely to be required to provide support for each crisis as it emerges surging forces and resources based on the commander’s requirements priorities and intent c Mission The theater combatant command will continue to conduct normal peacetime operations The commander’s intent is to execute the TSCP to defeat dissuade and deter threats against the host nation and U S interests The ASCC has been directed to conduct stability and support operations in order to restore essential host nation services and support civil security to provide a secure environment This includes meeting the critical needs of the populace gaining support for the host nation government and shaping the environment for unified action coalition and host nation success d Threat actions 1 A state peer competitor nation outside the theater combatant command area of operation will not directly challenge U S or coalition forces but will rather tacitly support the hostile neighboring country and insurgent activities to undermine U S and coalition efforts This state will likely escalate attempted penetration of U S networks to support the threat nation with intelligence The hostile neighboring country will conduct overt efforts to undermine the host nation but avoid raising these operations to a level where U S and coalition forces will intervene 2 Cyber efforts by all adversaries will include attempts to penetrate U S coalition and host nation networks in order to collect data on forces and systems with a special emphasis placed on military networks and SCADA systems Their efforts will be directed against any deployed U S or coalition forces as well as potentially against U S based rapid deployment forces their installations and supporting CIKR This exploitation forms a baseline for future determination of U S host nation and coalition capabilities and intentions e CyberOps support for the mission Through the combatant command ASCC and ARFORCYBER joint and Army CyberOps capabilities will continuously support the operating and generating forces as well as the deployed forces conducting the combatant command’s TSCP and stability and support missions in theater This section will describe how the ASCC ARFORCYBER and subordinate and supporting forces as well as other National and joint organizations and forces will employ specific CyberOps capabilities to support achieving the combatant commander’s mission and intent This will be done within the framework of 36 TRADOC Pam 525-7-8 CyNetOps CyberWar CyberSpt and CyberSA to demonstrate how these efforts enable commanders to effectively conduct FSO The following actions occur at each echelon 1 Combatant command At this level cyber ROE are established in conjunction with the President the Office of the Secretary of Defense SECDEF the Joint Staff and partners within the U S intelligence community Strategic plans are reviewed adjusted as needed and campaign design activities occur to include the development of engagement strategies in which cyberspace operations may play a key role in content delivery to selected audiences 2 USCYBERCOM Resource allocation is closely examined to ensure adequate support for the combatant command and the emerging threat in theater as well as taking steps to surge enough resources to mitigate the increasing threat to both deployed forces and the CONUS base Partnerships and command relationships across the Army as well as with Federal state and local law enforcement and the Department of Homeland Security begin to focus on mitigation of this new threat while remaining vigilant to the day-to-day threat 3 Theater ASCC Conducts detailed mission analysis to identify Army cyber force and resource requirements needed to support the theater combatant commander’s mission 4 ARFORCYBER Army cyber forces and resources are given orders to prepare for surging to support the theater combatant command and theater ASCC 5 The joint task force JTF may be designated to begin detailed crisis planning and prepare to receive forces and resources and may prepare to conduct reception staging onward movement and integration activities if directed Affected echelons prepare to receive cyber planners and integrators f CyNetOps 1 The Army operating and generating forces continuously conduct CyNetOps to operate and defend LandWarNet and support unit command and control activities CyNetOps are conducted at the joint level through the brigade and BCT to the battalion and potentially company levels reference appendix B to ensure network services and the confidentiality integrity and availability of information on these systems Deploying units will connect to the network service center for global network connectivity enterprise services and network management to support all aspects of FSO Assigned and attached cyber planners at echelons from BCT or lower if required through combatant commands plan prepare execute and assess the effectiveness of CyberOps as part of unified action This ensures access to LandWarNet required battle command and control systems the EMS supporting critical infrastructure and other key capabilities This necessitates complete integration involvement and effective partnerships with Army active and reserve components the generating and operating forces and public-private partnerships 2 All echelons of the command continuously conduct defensive actions to protect themselves and the critical infrastructure on which they depend from cyber electronic and directed energy attacks They are also prepared to mitigate the impact of and fight through an 37 TRADOC Pam 525-7-8 attack and operate effectively under degraded conditions This includes defensive aspects in CONUS in theater and globally Effective public-private and law enforcement and counter intelligence partnerships and activities take proactive actions share information actively analyze and help mitigate the threat on a daily basis As part of the combatant command’s mission this includes the necessary CyberOps support to the host nation g CyberWar 1 Army and joint forces at the USCYBERCOM ARFORCYBER JTF and potentially BCT echelons conduct CyberWar activities in phases 0 and 1 CyA and CyE are used to destroy deny degrade disrupt and deceive adversary data computers systems embedded processors and controllers and thereby reducing the effectiveness of adversary decisionmakers Unit cyber planners in partnership with the national intelligence and law enforcement community coordinate and synchronize the conduct of operations to access and exploit adversary systems and networks to build friendly CyberSA and support the commanders’ efforts to understand threat capabilities vulnerabilities plans and intentions This is a small but vital part of the commander’s overall SA CyberWar efforts are also used to gain access to the requisite portions of cyberspace used to support information activities psychological operations product dissemination or in direct support of isolating or disrupting adversary command and control just prior to and during tactical direct action operations 2 Following friendly tactical operations exploitation may be employed to gather adversary target or battlefield damage assessment information To effectively accomplish this the combatant command develops recurring physical and remote access to adversaries’ hardware and software as well as friendly knowledge management systems that enable the ability to aggregate manage decrypt linguistically translate analyze and report on all data collected to the supported unit commanders at all echelons and when appropriate to the host nation h CyberSpt 1 CyberSpt activities are conducted in support of normal peacetime operations and the combatant command’s mission Deployed elements conducting stability and support operations in and around the host nation conduct site exploitation activities to include cyber aspects of the exploitation This exploitation may result in detailed forensic exploitation reverse engineering and analysis of threat data systems and tactics techniques and procedures TTP to continue to gain and protect the advantage Media pulled from the field is physically and or virtually sent to higher echelons in theater or CONUS as needed for more detailed analysis When adversaries or other actors in cyberspace attempt to attack or exploit friendly or supported host nation data systems or networks units use organic capabilities to perform incident response handling activities associated with a suspected incident to learn and evolve from that incident Lessons learned are then incorporated into an ongoing program of RDT E vulnerability assessment and mitigation penetration testing and leader and Soldier training programs to continue to maintain a relative information advantage over the adversary while supporting the host nation and the commander’s intent in the theater 38 TRADOC Pam 525-7-8 2 Policy and legal advice on cyber issues is provided to commanders at every echelon in the command to support awareness understanding and implementation through all phases of conflict in the CONUS base and deployed This is translated into appropriate ROE that address appropriate use of friendly adversary and other specified cyberspace i CyberSA CyberSA is derived from a detailed understanding of friendly adversary and other specified cyberspace CyberSA is a component of overall SA and is only presented separately here to support greater understanding and awareness of this new element to that SA Key warfighting functions at combatant command through battalion level including intelligence command and control and movement and maneuver play important roles in contributing to CyberSA each updating their portion of the commander’s common operating picture COP CyNetOps personnel enabled by sensors and other capabilities that detect aggregate and report on the operation and health of systems networks and the associated content Intelligence representatives focus their attention on the adversary and relevant cyberspace in order to effectively support lethal and nonlethal operations and intelligence activities The staff cyber planner and integrator empowered by effective data visualization capabilities supports the fusion of all CyberSA into a single coherent picture to ultimately support the commander’s decisionmaking process C-4 Vignette 2 Phases 1 and 2 force deployment a This vignette focuses on the strategic and operational CyberOps capabilities required for force deployment initial introduction of forces into theater and simultaneous civil support operations figure C-3 • Hostile nation -state using insurgents and other surrogate actors • Conducts cyber attacks on U S critical infrastructure and military civilian networks to delay and disrupt force deployment • Recruits and hires hackers and syndicate members to support their attacks • Target coalition networks to degrade initial combat capability • Sympathetic hackers worldwide support their cause and advance their information campaign • Insurgent activities along the border continue but at lower intensity Conduct show of force operations to • Shape the OE • Set the conditions for follow on operations • Focus on assuring freedom of action • Secure access to theater infrastructure to allow flowof forces • Continue defending key population centers • Continue protection of CIKR Phases 1 2 – Deter Seize Initiative Figure C-3 Vignette 2 Phases 1 and 2 – Deter and Seize Initiative b Situation A friendly host nation has requested U S and United Nations assistance to deter and defend them from a neighboring hostile nation-state This nation-state is using insurgents and the actions of other surrogate actions for the advancement of their own personal and criminal objectives The U S has limited forces initially in theater to conducting liaison and training with host nation forces and government agencies Additional forces are being 39 TRADOC Pam 525-7-8 introduced to theater to deter and enable seizing the initiative from hostile actors Adversary forces conduct cyber attacks on U S critical infrastructure and military and civilian networks to delay and disrupt force deployment The SECDEF has tasked the DOD to conduct civil support operations to protect both physical and cyber critical infrastructure c Mission U S and coalition forces deploy into theater to support the requesting friendly nation Friendly forces will conduct show of force and distributed operations to secure the aerial and sea ports of debarkation and key terrain and to deter further aggression of the neighboring hostile nation-state Joint forces will also conduct civil support operations in CONUS to protect both physical and cyber critical infrastructure CyberOps activities conducted in phase 0 continue The primary focus of CyberOps during phases 1 and 2 is on assuring freedom of action and access to theater infrastructure so follow-on forces can seamlessly flow into the area of operations Coalition forces engage in simultaneous offensive defensive and stability operations to shape the OE and set the conditions for decisive operations These include defending key populations and CIKR and continuing civil support operations d Threat actions 1 The neighboring hostile nation-state will conduct cyber attacks on U S civilian and military targets to delay and disrupt force deployments and require U S and coalition nations to divert CyberOps and other resources for civil support operations The adversaries will recruit and hire hackers and syndicate members to attack U S and coalition nation targets and inspires independent hackers to do the same These cyber attacks target U S CIKR A-Land CIKR and U S and coalition interests worldwide Adversaries will also leverage cyberspace to further its information strategy to influence world opinion against U S intervention engender support of the populations in the region inspire and motivate their own populace and foster anti-U S sentiment The adversaries and their proxies continue to conduct CyberOps against targets worldwide supported by sympathetic hackers inspired by the adversary information campaign 2 With hostilities appearing imminent adversary CyberOps and EW attacks will target coalition networks computer applications and vehicles ships and aircraft to degrade initial combat capability This will include attacks in the global commons to include cyberspace The hostile nation-state will increase the number and frequency of cyber attacks and direct actions in support of their antiaccess campaign These actions are directed at the friendly host nation’s key government functions and services the CIKR around the U S forces identified for deployment and aerial and sea ports of debarkation e CyberOps support for the mission Normal enduring CONUS and forward base cyber activities continue CyberOps planners now must surge and deploy from their assigned units through ARFORCYBER and the theater ASCC to their supported units at echelons from the theater combatant commands to forces possibly as low as the BCT based on JTF task organization and priorities These planners will augment and support all aspects of the commander's deployment planning and execution cycle CyberOps will provide CyberSA and overall SA for the commander CyNetOps capabilities will be critical for seamless force deployment and immediate employment upon arrival in theater CyberWar capabilities will enable an operational advantage CyberSpt capabilities will be tailored to the commander's 40 TRADOC Pam 525-7-8 mission to provide responsive support to both CyNetOps and CyberWar activities following actions occur at each echelon The 1 Combatant command At this level cyber ROE are modified and the echelons at which decisions about actions in cyberspace including the redissemination of approved engagement products may be pushed down to the JTF commander The combatant command coordinates with USCYBERCOM and the national intelligence community to conduct cyber exploitation of specific threat targets links and nodes in support of strategic and operational targeting increasingly focused CyberSA and to support the execution of the campaign 2 USCYBERCOM surges to support precombat deployment activities and entry operations Additional forces are requested from ARFORCYBER to further augment planners network operators and defenders as well as additional resources to support CyA and CyE activities in support of the theater combatant command 3 Theater ASCC Identifies additional resource requirements needed to support the theater combatant command mission and passes requirements to the theater combatant command for forwarding as part of the request for forces process 4 ARFORCYBER Army cyber forces and resources are given orders to prepare for surging to support the theater combatant command theater ASCC The Network Enterprise Technology Command continues to operate and defend the network critical infrastructure and key resources 5 JTF through BCT may be designated to begin detailed crisis planning and prepare to receive forces and resources and may prepare to conduct reception staging onward movement and integration activities if directed f CyNetOps 1 While CyNetOps continues to gain advantage CyNetOps in these phases protect the advantage that the global network already provides The GNE provides for global connectivity which includes a collaborative and en route planning capability This includes a seamless connection to the global network upon arrival in theater and for initial distributed and economy of force efforts Division brigade and BCT elements deploy into theater with self-contained networking capabilities that plug into the network service center for global connectivity Division brigade and BCT elements perform CyNetOps functions with their organic capabilities and are required to operate and defend their own networks without augmentation from higher headquarters This includes providing effective network management and network defense across all organic networks 2 In addition the BCT provides the organic common services of messaging collaboration storage and security to its subordinate elements Currently brigades and BCTs do not have a designated capability to plan and integrate all aspects of CyberOps CyNetOps employs protective measures that ensure the availability of critical battle command and control systems that provide the commanders a means for making more informed decisions to achieve 41 TRADOC Pam 525-7-8 objectives on the ground CyNetOps when directed also provides CyNetOps support to host nation and coalition forces and with joint force headquarters support augments these organizations with expertise and capabilities 3 CyberSA becomes more dynamic and complex due to the nature of operations during phase 2 and leading into phase 3 CyNetOps capabilities must defend against both cyber and EAs to include directed energy attacks Understanding the congested and contested EMS is critical for the commander's CyberSA to identify areas where there is the potential for the degradation of key capabilities Civilian and military applications in the RF spectrum may lead to degraded CyberOps capabilities in certain portions of the OE 4 Army active and reserve component CyberOps personnel will support civil support operations This will be done under specific authorities and normally would include CyNetOps and CyberWar personnel conducting incident impact analysis mitigation techniques threat characterization vulnerability assessment malware analysis and digital media analysis If the civil support operations turn into a homeland defense mission then all four components of CyberOps could be used to support the mission g CyberWar 1 CyberWar capabilities will initially focus on developing CyberSA and conducting CyE and DCyD These activities would progress to CyA activities to deny the adversary's ability to disrupt the commander's plans and in support of direct operations to kill or capture identified targets CyberWar capabilities will be a combination of organic and support element joint and Army capabilities While many global capabilities will be available the Army will provide the commander with close access capabilities where physical proximity is required Organic Army staff cyber planners and integrators will provide the commander the expertise to integrate CyberWar capabilities into FSO 2 Joint and Army support elements are provided to augment organic division brigade and BCT CyberOps integration and planning capabilities to ensure available CyberOps resources are integrated within the overall operational plan and to monitor their execution to ensure they achieve the commander's intended mission effects CyberWar planning activities may include preplanned on call priority missions as part of the overall concept of operations Battalion and company staffs have trained personnel for CyberOps planning and integration DCyD will integrate with CyNetOps for the commander's defense in depth A range of CyberWar capabilities will enable cyber threat tipping and cueing counter reconnaissance and counterintelligence efforts h CyberSpt Robust RDT E and timely responsive acquisition processes allow the Army to stay apace with technologic advancements and adversary adaptations of existing technologies Partnering with internal Federal state and local law enforcement agencies help to support the pursuit and investigation of criminal organizations and independent hackers working against friendly forces Penetration testing and red blue green teams are used for vulnerability and security testing CyberSpt activities focus on the cyber aspects of site exploitation forensics mitigation and remediation are used to gain and protect advantage Prompt site exploitation 42 TRADOC Pam 525-7-8 protects advantage by identifying threat TTP so countermeasures can be developed during expeditionary operations The unit legal officer provides the commander an assessment of all CyberWar targets and actions within the confines of the ROE and all relevant U S host nation and international laws i CyberSA As described in Vignette 1 CyberSA is derived from a detailed understanding of friendly adversarial and other specified cyberspace The challenge to CyberSA in phases 1 and 2 is CyNetOps is very dynamic during force deployment and CyberWar capabilities take time to fully develop an understanding of adversarial and other specified cyberspace Close coordination and partnership between the operating and generating forces public-private stakeholders and Army and unified action and multinational partners will be critical to rapidly develop and maintain CyberSA The staff cyber planner and integrator will be responsible for the fusion of friendly adversarial and other specified cyberspace SA into a single coherent picture to ultimately support the commander’s decisionmaking process C-5 Vignette 3 Phases 2-4 major combat operations MCO a The focus of this vignette is on the operational and tactical CyberOps capabilities required to support MCO with simultaneous stability operations figure C-4 • Hostile nation conducts delaying action against friendly forces in an attempt to reach a political settlement • CyberOps against U S coalition and host nation targets continue worldwide • Threat focus shifts to igniting insurgency within the host nation using cyber attacks to disrupt the government • Criminal elements seek to exploit the chaotic situation • Insurgent activities along the border decrease move to host nation U S Army conducts FSO to defeat adversary forces and restore borders of host nation Simultaneously forces maintain critical infrastructure and conduct SSO • Focus on maintaining freedom of action • Continue defending key population centers • Continue protection of CIKR Phases 2 3 4 – Seize Initiative Dominate Stabilize Figure C-4 Vignette 3 phases 2 3 and 4 – seize initiative dominate and stabilize b Situation The hostile neighboring nation-state remains undeterred and has taken actions resulting in the joint force conducting offensive operations The noncontiguous battlefield also results in simultaneous stability operations in certain portions of the host nation Civil support operations have been successful in the U S and the sole focus for the U S is on MCO and stability operations c Mission The Army in concert with its unified action and coalition partners will conduct FSO to defeat the military and other adversary forces of the neighboring hostile nation-state that are occupying portions of the host nation 43 TRADOC Pam 525-7-8 d Threat actions 1 The neighboring nation-state military and other adversary forces will conduct a delaying action against U S coalition and host nation forces in an attempt to reach a political settlement in line with its objectives Adversaries will conduct CyberOps against targets worldwide supported by sympathetic hackers inspired by the hostile force's information campaign With hostilities appearing imminent adversary CyberOps and EW attacks will target coalition networks computer applications and vehicles ships and aircraft to degrade initial combat capability Cyber attacks from the neighboring hostile nation-state forces may decrease but attacks from criminal and outside elements hacker unions and others rallying to the adversary cause will likely increase 2 Once hostilities begin the threat focus shifts to igniting an insurgency against the host nation’s government using cyber attacks to disrupt the government This includes using CyberOps capabilities for command and control fundraising recruiting and otherwise fostering an insurgent environment supporting and recruiting criminal activity in cyberspace against banking and commercial sites as criminal elements seek to exploit the current chaotic situation in the host nation and continuing the use of CyberOps capabilities to support their overall information strategy e CyberOps support for the mission Joint and Army CyberOps capabilities will support all aspects of the commander's plan for FSO CyberOps will provide CyberSA and overall SA for the commander in a dynamic and distributed battlefield CyNetOps capabilities will be dynamic due to distributed simultaneous operations that accompany battle command on the move in addition to the requirements for simultaneous stability operations Organic and support element CyberWar capabilities will be used to gain and protect advantage and place adversaries at a disadvantage Responsive CyberSpt capabilities will be required to adapt to a thinking enemy that tailors advanced technologies to its objectives The following actions occur at each echelon 1 Combatant command Cyber ROE may once again be updated to provide as much flexibility to the lowest level of command possible while remaining cognizant of the potential strategic implications of cyber operations and associated intelligence gain-loss issues Strategic cyber resources are employed to support air campaign activities disruption of threat early warning air and missile defense systems and networks as well as adversary information systems platforms in close coordination with early entry special operations and ground force operations 2 USCYBERCOM The main effort may shift from exploitation to attack of adversary systems links nodes and data 3 Theater ASCC Continues to support combatant command requirements as they are identified 4 ARFORCYBER provides priority of support to the theater ASCC as new requirements emerge The Network Enterprise Technology Command continues to operate and defend CONUS systems and networks while providing priority of support to the theater combatant commander 44 TRADOC Pam 525-7-8 5 JTF through BCT continue to leverage cyber planners and integrators as key members of their battle staffs working with intelligence fires and information engagement cells to plan coordinate and synchronize cyber capabilities in support of FSO and ensuring cyber SA is an accurate relevant component of the commander’s COP f CyNetOps 1 CyNetOps during major combat operations and stability operations will need to be flexible and agile CyNetOps capabilities will be provided from the joint to the battalion and possibly lower echelons see appendix D and E Protecting the CyNetOps advantage is critical in phases 2 3 and 4 because of the critical battle command and other capabilities that rely on CyNetOps capabilities U S and coalition forces use CyNetOps capabilities to enable battle command on the move distributed operations and stability operations while preparing to operate in a degraded CyberOps condition Assigned and attached cyber planners and integrators at echelons from battalion through the joint force will plan prepare execute and assess the effectiveness of CyberOps in support of MCO and stability operations 2 During phase 4 CyNetOps enhancements will result in a more robust infrastructure for example commercialization freeing up forces for other tasks and preparing for the transition to phase 5 CyberSA becomes more dynamic and complex due to the nature of operations during phases 2 3 and 4 g CyberWar 1 CyberWar and enabling capabilities will exploit and attack computer and telecommunication networks and embedded processors and controllers in equipment systems and infrastructure in accordance with appropriate authorities in support of the commander's objectives This is the first time that CyberWar attacks on tactical target embedded processors and controllers in equipment systems and infrastructure are conducted to disadvantage the adversary During maneuvering a different blend of CyberWar and enabling capabilities will be employed due the responsiveness and authorities under which each is conducted 2 Unit cyber planners and integrators in partnership with the national intelligence and law enforcement community coordinate and synchronize the conduct of operations to access and exploit adversary systems and networks Following friendly tactical operations exploitation may be employed to gather adversary target or battlefield damage assessment information To effectively accomplish this recurring physical and remote access to adversaries’ hardware and software is required DCyD will be emphasized in phases 2 3 and 4 due to the fluid nature of the operations and due to the dynamic nature of CyNetOps defense in depth will be absolutely critical h CyberSpt Cyber aspects of site exploitation forensics mitigation and remediation and responsive RDT E capabilities are the initial CyberSpt capabilities that support MCO and stability operations As stability operations become more prevalent vulnerability and security assessments will increase in importance 45 TRADOC Pam 525-7-8 i CyberSA CyberSA will be a challenge to establish and maintain during the dynamic operations of phases 2 3 and 4 but they are absolutely critical so the commander can make informed decisions The simultaneous execution of phases 2 3 and 4 also dictates that adequate analysis and understanding is developed as the majority of the force transitions to phase 4 and prepares for phase 5 C-6 Summary This appendix used a series of vignettes to describe how CyberOps can be integrated to support FSO Appendix D and E capture the required capabilities that were described in these vignettes These required capabilities will serve as the starting point for the CyberOps CBA ___________________________________________________________________________ Appendix D Required Capabilities D-1 Introduction a This Appendix lists the capability statements that have emerged from the integrated concept development team’s ICDT’s development of this pamphlet The capability statements within this appendix represent the initial identification of capabilities needed for CyberOps based on the analysis performed to date by the ICDT This body of work represents a point for departure for follow-on analysis b Specifically this appendix provides the Army's future force with broad operational CyberOps capability requirements with which to use as a starting point for the CyberOps CBA It is the culmination of experiments symposiums conferences working groups literature reviews of joint and Army concepts and doctrine joint and higher direction and policy guidance and subject matter expert SME input and insights that have led to the central idea framework and vignettes in this pamphlet The ICDT derived these required capabilities from joint and Army concepts JCAs the results of Unified Quest UQ 2009 UQ 09 Omni Fusion OF 2009 OF 09 the 2009 Space and Cyberspace Seminar Wargame UQ 09 SWG quadrennial roles and missions report QRM battle command essential capability BCEC documents 15 and other venues and documents Operational SMEs from within the information and cyberspace ICDT and those leveraged by the ICDT during this pamphlet development contributed to the required capabilities in this appendix These required capabilities are broken down into specific tasks conditions and standards during the follow on CyberOps CBA Required enabling capabilities including EW and EMSO will be analyzed during the CBA by leveraging the specific Army concept framework CBA and JCIDS documents c Required capabilities have four basic elements organization who main idea what environment parameters and conditions where and when and reason why The future force is the organization for these required capabilities Tables D-2 D-4 D-6 and D-8 in the next section further define the who by identifying the echelon at which the capability is required If 15 BCEC are the essential set of capabilities required by commanders to perform battle command during FSO These TRADOC-approved BCEC are the foundational set of capabilities required by commanders and leaders at brigade battalion and company and below but are also fully applicable to the division corps and theater Army levels 46 TRADOC Pam 525-7-8 there was not a consensus for the echelon where a capability should reside the ICDT used the lower echelon to ensure the proper analysis will be done in the CBA As described in chapter 2 and appendix C CyberOps are continuous so these capabilities are required across the breadth of the future OE and in all mission areas of FSO The CBA will define specific tasks conditions and standards that support each capability D-2 DOTMLPF required capabilities a The applicable DOTMLPF domains are identified by their first letter in the third column of tables D-1 D-3 D-5 and D-7 for each capability requirement In addition the source of the requirement is noted in the last column Note Appendix F contains an integrated DOTMLPF question list that will be used in future capability development efforts b CyNetOps To conduct CyNetOps effectively the future force requires the capabilities listed in table D-1 below These are only the higher level required capabilities as the CBA will reference the LandWarNet CONOPS and network transport required capabilities chapters for additional detailed requirements CyNetOps supports the warfighting function and battle command critical systems and processes so accurate conditions and standards for the CBA tasks will be essential Table D-1 Required CyNetOps capabilities # 1 2 Required CyNetOps Capability DOTMLPF Source References global network enterprise construct GNEC TRADOC Pam 525-7-8 SMEs BCEC Operate an enterprise network capability for computer and O T M P F telecommunication networks at multiple levels of classification from Unclassified through Top Secret for brigade and above and Secret for below brigade Including coalition and alliance classifications that includes the Army active and reserve components as well as the generating and operating force networks in order to provide end-to-end assured CyNetOps support to critical battle command and other capabilities Note This capability encompasses and supports the BCEC capability of A robust network capability the force must possess a commander centric secure integrated and adaptable communications network consisting of line-ofsight and beyond-line-of-sight means Provide global connectivity to an enterprise O T M P F GIG 2 0 initial communications network infrastructure in order to provide capabilities end-to-end assured CyNetOps support to critical battle document ICD command and other capabilities and ensure freedom of BCEC action Note This capability encompasses and supports the BCEC capability of A robust network capability the force must possess a commander centric secure integrated and adaptable communications network consisting of line47 TRADOC Pam 525-7-8 # 3 4 5 6 7 Required CyNetOps Capability of-sight and beyond-line-of-sight means Provide enterprise communications networks which are interoperable with joint Army interagency and multinational organizations to include nongovernmental organizations in order to provide end-to-end assured CyNetOps support to critical battle command and other capabilities and ensure freedom of action Note This capability encompasses and supports the BCEC capability of Joint interagency intergovernmental multinational JIIM interoperability The Army’s battle command system must be able to exchange relevant operational information with JIIM partners nongovernmental organizations and contractors Integrate coalition partner and other specified networks during garrison and deployed operations including the capability to integrate into the networks of coalition partners with different intelligence sharing relationships in order to enable effective joint and or multinational operations and ensure freedom of action Note This capability encompasses and supports the BCEC capability of JIIM Interoperability The Army’s battle command system must be able to exchange relevant operational information with JIIM partners nongovernmental organizations and contractors Define the public-private partner roles responsibilities and authorities necessary in order to secure the commercial segments that are used by the Army or other specified cyberspace and ensure freedom of action Provide a command and control system capability to obtain process and disseminate CyberOps information in order to facilitate the commander's decisionmaking and enable effective operations Note This capability encompasses and supports the BCEC capability of Execute a Running Estimate The Army’s battle command system must be able to continuously gather and track information to support tactical decisionmaking by providing a continuous assessment of current and future operations Provide globally authenticated users access to CyberOps capabilities in order to support distributed remote and battle command on-the-move operations and ensure freedom of action Note This capability encompasses and supports the BCEC capabilities of Execute tactical network 48 DOTMLPF Source References O T M P F GIG 2 0 ICD BCEC D O T M L P F UQ 09 GIG 2 0 BCEC D O T M L TRADOC Pam P F 525-7-8 D O T M L P F ARCIC BCEC D O T M L TRADOC Pam P F 525-7-8 GIG 2 0 ICD BCEC TRADOC Pam 525-7-8 # Required CyNetOps Capability DOTMLPF Source References operations commanders need the ability to conduct tactical network operations network management and allocate network resources to maximize performance through all phases of an operation and battle command on-the-move The commander must have the ability to maintain situational awareness make timely and informed decisions and position himself at the decisive point during the battle 8 Aggregate all data regarding information systems O T M L P F GNEC resources connected to the network in order to provide end-to-end assured CyNetOps support to critical battle command and other capabilities and contribute to CyberSA 9 Monitor network and information system status and health D O T M L TRADOC Pam conduct system maintenance and collect system demand P F 525-7-8UQ 09 history and usage rates in an entirely automated and realSWG time manner in order to provide end-to-end assured GNEC CyNetOps support to critical battle command and other capabilities and contribute to CyberSA 10 Operate under a degraded cyber operations condition in D O T M L TRADOC Pam order to conduct effective battle command and operations P 525-7-8 QRM and to ensure freedom of action UQ 09 UQ 09 SWG OF 09 11 Provide defense-in-depth for LandWarNet and other D O T M L TRADOC Pam specified cyberspace in order to provide end-to-end P F 525-7-8 assured CyNetOps support to critical battle command and QRM other capabilities 12 Protect against cyber and EA to include directed energy D O T M L UQ 09 attacks in order to provide end-to-end assured CyNetOps P UQ 09 SWG support to critical battle command and other capabilities and ensure freedom of action 13 Monitor for and report cyber threat events in real time in D O T M L TRADOC Pam order to contribute to defense-in-depth and CyberSA P F 525-7-8 QRM OF 09 UQ 09 SWG GIG 2 0 ICD 14 Detect and monitor network intrusions and unauthorized D O T M L TRADOC Pam activity in real time in order to contribute to defense-inP F 525-7-8 GNEC depth provide end-to-end assured CyNetOps support to GIG 2 0 ICD critical battle command and other capabilities ensure freedom of action and contribute to CyberSA 15 Analyze and understand in real time the nature of D O T M L TRADOC Pam 49 TRADOC Pam 525-7-8 # Required CyNetOps Capability DOTMLPF Source References 525-7-8 GNEC GIG 2 0 ICD malicious and unauthorized activity occurring within the P F network in order to contribute to defense-in-depth provide end-to-end assured CyNetOps support to critical battle command and other capabilities ensure freedom of action and contribute to CyberSA 16 Attribute actions on friendly specified and adversary D O T M L QRM networks in order to support CyNetOps and CyberWar P actions 17 Defend against and fight through a cyber threat event in D O T M L TRADOC Pam order to conduct effective battle command and operations P 525-7-8 QRM and ensure freedom of action UQ 09 UQ 09 SWG OF 09 18 Provide physical and CyberOps protection against both D O T M L UQ 09 SWG lethal and nonlethal attacks on critical infrastructure and P F key resources during all phases of FSO in order to contribute to defense-in-depth provide end-to-end assured CyNetOps support to critical battle command and other capabilities and ensure freedom of action 19 Gain awareness of access to and delivery of information D O T M L TRADOC Pam information services and applications in order to provide P F 525-7-8 end-to-end assured CyNetOps support to critical battle GIG 2 0 ICD command and other capabilities 20 Support enable or provide CyberOps capabilities to host- D O T M L UQ 09 nation or other actors in order to contribute to defense-inP F TRADOC Pam depth provide end-to-end assured CyNetOps support to 525-7-8 critical battle command and other capabilities and enable effective joint and or multinational operations 21 Share information and collaborate with public and private D O T M L UQ 09 SWG partners in all aspects of network operations and CIKR P GIG 2 0 ICD protection in order to contribute to defense-in-depth and BCEC provide end-to-end assured CyNetOps support to critical battle command and other capabilities Note This capability encompasses and supports the BCEC capability of Enable Collaboration Commander’s and leaders need a common suite of collaborative tools to allow establishment of a collaborative environment to achieve shared understanding and ensure unity of effort 22 Ensure the availability confidentiality and integrity of D O T M L QRM essential CyberOps capabilities in order to provide end-toP F UQ 09 end assured CyNetOps support to critical battle command and other capabilities 23 Develop a standard and sharable geospatial foundation in D O T M L BCEC order to enable all battle command essential information P F 50 TRADOC Pam 525-7-8 # Required CyNetOps Capability DOTMLPF Source References requirements create a common map foundation and display and share this information on an interoperable COP 24 Create change and distribute mission orders both voice D O T M L and written to include attached graphics in order to enable P F effective battle command communication between command posts platforms and leaders 25 Provide rehearsal and training support in order to prepare D O T M L for operations using embedded rehearsal and training tools P F that accurately represent the spectrum of missions and environments BCEC BCEC c Table D-2 below lists the echelon at which each capability is required Table D-2 Required CyNetOps capabilities by echelon Echelon Capability 01 02 03 04 # X X X X Joint combatant command X X X X ARFORCYBER X X X X ASCC theater X X X X Corps X X X X Division X X X X Brigade BCT X X X Battalion X X X Company Echelon Capability 11 12 13 14 # X X X X Joint combatant command X X X X ARFORCYBER X X X X ASCC theater X X X X Corps X X X X Division X X X X Brigade BCT X X X Battalion X X X Company Echelon Capability 21 22 23 24 # X X X X Joint combatant command X X X X ARFORCYBER 51 05 06 07 08 09 10 X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X 15 16 17 18 19 20 X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X 25 X X TRADOC Pam 525-7-8 Echelon Capability # ASCC theater Corps Division Brigade BCT Battalion Company 01 02 X X X X 03 04 05 X X X X X X X X X X X X X X X X X X 06 07 08 09 10 d CyberWar To conduct CyberWar effectively the future force requires the capabilities as listed in table D-3 below Access is the first and most critical requirement for CyberWar capabilities and is therefore a major point of emphasis in the required capabilities below More detailed CyberWar capabilities are included in the classified appendix E Table D-3 Required CyberWar capabilities # 1 2 3 4 5 6 7 8 Required CyberWar Capability Access targeted networks systems or nodes by both remote and direct means in order to ensure required access to enable CyberWar actions on fleeting targets Enable recurring access to targeted networks systems or nodes by both remote and direct means in order to ensure required access to enable CyberWar actions Access adversary hardware and software by both remote and direct means in order to ensure required access to enable CyberWar and CyberSpt actions Access collect and exploit adversary cyber targeted information by both remote and direct means in order to detect deter deny and defeat adversary actions and freedom of action Enable the ability to aggregate manage decrypt linguistically translate analyze and report on all data collected in knowledge management systems in order to support CyberOps actions and critical battle command and other capabilities Provide remote and expeditionary CyberWar capabilities in order to detect deter deny and defeat adversary actions and freedom of action Provide automated sensor-enabled network attack and intrusion detection capability in order to detect deter deny and defeat adversary actions integrate defense-in-depth with CyNetOps ensure friendly freedom of action and deny adversary freedom of action at the time and place of our choosing Attack deny degrade disrupt deceive destroy adversary 52 D O T L M P F Source References TRADOC Pam 525-7-8 D O T L M P F TRADOC Pam 525-7-8 D O T L M P F TRADOC Pam 525-7-8 T M P TRADOC Pam 525-7-8 D T M P F TRADOC Pam 525-7-8 T O M P F TRADOC Pam 525-7-8 T M P TRADOC Pam 525-7-8 UQ 09 SWG D O T M L P TRADOC DOTMLPF TRADOC Pam 525-7-8 # 9 10 11 12 13 14 15 16 17 Required CyberWar Capability DOTMLPF networks and critical infrastructure in order to detect deter deny and defeat adversary actions and freedom of action Provide sensory enabled network attack and intrusion response capability in order to detect deter deny and defeat adversary actions integrate defense-in-depth with CyNetOps ensure friendly freedom of action and deny adversary freedom of action at the time and place of our choosing Attack adversary networks in order to detect deter deny and defeat adversary actions and freedom of action Attack deny degrade disrupt deceive destroy cyber embedded processors and controllers of adversary equipment and systems in order to detect deter deny and defeat adversary actions integrate defense-in-depth with CyNetOps ensure friendly freedom of action and deny adversary freedom of action at the time and place of the Army’s choosing Provide situational awareness of adversary and other specified networks in order to increase the commander's overall SA and enable CyberOps and the commander's overall integrated actions Map and understand adversary and other specified network structures in order to enable all aspects of CyberOps Track locate and predict adversary activities in cyberspace in order to enable CyberSA CyberWar and CyNetOps Attack adversary information in order to dissuade undermine and deceive adversaries and support the commander's overall mission objectives Mitigate or bypass adversary cyber defensive measures in order to execute CyberWar capabilities Impact adversary cyber infrastructure in order to support effective CyberOps actions and the commander's overall mission objectives Source References Pam 525-7-8 T M L P UQ 09 UQ 09 SWG TRADOC Pam 525-7-8 T M P QRM T M L P QRM O M P F QRM D T L P QRM D O T L M P F D T L P QRM O T L M P D O T L M P F QRM TRADOC Pam 525-7-8 QRM JCA e Table D-4 below lists the echelon at which each capability is required Table D-4 Required CyberWar capabilities by echelon 1 Echelon Capability Number X Joint combatant command X ARFORCYBER X ASCC X Corps 2 X X X X 53 3 X X X 4 X X X X 5 X X X X 6 X X X X 7 X X X X 8 X X X X 9 10 X X X X X X X TRADOC Pam 525-7-8 Echelon Capability Number Division Brigade BCT Battalion Company Echelon Capability Number Joint combatant command ARFORCYBER ASCC Corps Division Brigade BCT Battalion Company 1 X X 2 X X 3 4 X X X 5 X X X 6 X X 7 X X 11 X X X X X X X 12 X X X X X X 13 X X X X X X 14 X X X X X X 15 X X X X X X X 16 X X X X X X 17 X X X X X X 8 9 10 X X X X X X X X f CyberSpt To conduct enhance and enable effective CyNetOps and CyberWar activities the future force requires the capabilities as listed in table D-5 below Table D-5 Required CyberSpt capabilities # Required CyberSpt Capability 1 Perform the cyber aspects of site exploitation in order to support all aspects of CyberOps and the commander's overall intelligence and mission objectives Perform exploit reverse engineering and analysis in order to support and enable effective CyNetOps and CyberWar actions Conduct legal and policy analysis of targeting in order to support CyberWar actions and the commander's decisionmaking processes Conduct penetration testing in order to support of vulnerability and threat-based security assessments Conduct threat-based security and vulnerability assessments in order to develop CyberSA and support effective CyNetOps and DCyD Conduct robust RDT E of cyber capabilities in order to develop and adapt emerging technologies and solutions to adversary technologies and TTPs for effective CyNetOps and CyberWar Project future adversary cyber capabilities in order to develop and adapt emerging technologies and solutions to 2 3 4 5 6 7 54 DOTMLPF D T M L P Source References UQ 09 SWG D T M P TRADOC Pam 525-7-8 D T M L P TRADOC Pam 525-7-8 D O T M L P F D O T M L P F TRADOC Pam 525-7-8 TRADOC Pam 525-7-8 D O T M L P F TRADOC Pam 525-7-8 D O T M L P TRADOC Pam 525-7-8 TRADOC Pam 525-7-8 adversary technologies and TTPs for effective CyNetOps and CyberWar 8 Identify opportunities to exploit adversary operations in cyberspace in order to support all aspects of CyberOps and the commander's overall intelligence and mission objectives 9 Conduct cyber forensics in order to support all aspects of CyberOps and develop and adapt emerging technologies and solutions to adversary technologies and TTPs for effective CyNetOps and CyberWar 10 Conduct mitigation and remediation for cyber intrusions or attacks in order to develop solutions to adversary technologies and TTPs for effective CyNetOps and CyberWar D O T M L P TRADOC Pam 525-7-8 D O T M L P TRADOC Pam 525-7-8 D O T M L P TRADOC Pam 525-7-8 g Table D-6 below lists the echelon at which each capability is required Table D-6 Required CyberSpt capabilities by echelon Echelon Capability Number 1 2 3 X X X Joint combatant command X X X ARFORCYBER X X X ASCC X X X Corps X X X Division X X Brigade BCT X Battalion X Company 4 X X X X X 5 X X X X X 6 X X X X 7 X X X X 8 X X X X X X X 9 X X X X X X X X 10 X X X X X X h CyberSA CyberSA processes capabilities and procedures need to be developed in order to properly contribute to the commander's overall SA missions and objectives To develop CyberSA and to support CyNetOps and CyberWar the future force requires the capabilities as listed in table D-7 below Table D-7 Required CyberSA capabilities # 1 Required CyberSA Capability Provide continuously updated operationally relevant CyberOps information of friendly adversary and other specified cyberspace into the COP in order to more fully develop the commander's overall SA and support decisionmaking processes Note This capability encompasses and supports the BCEC capability of Display Share Relevant Information The Army’s battle command system must enable the 55 DOTMLFP T M P F Source References OF 09 TRADOC Pam 525-7-8 BCEC TRADOC Pam 525-7-8 # Required CyberSA Capability visualization and dissemination of essential information for display on the COP This includes symbols graphic control measures friendly and enemy information civil considerations and the operational environment 2 Provide the commander with real time visibility of units’ networks and impact to mission objectives in order to develop more fully the commander's overall SA and support battle command and other key capabilities 3 Provide the commander with real time visibility of adversary actions on his units’ networks and impact to mission objectives in order to more fully develop the commander's overall SA and support battle command and other key capabilities 4 Provide commanders the understanding of the operational significance of decisions made in reference to actions on the network in order to support the commander's decisionmaking processes 5 Provide the commander with sufficiently detailed information including intelligence gain and loss considerations in order to support the commander's decisionmaking processes regarding cyberspace and CyberOps 6 Coordinate collection and sharing efforts with sister services industry corporate contractors government and other partners in order to more fully develop CyberSA the commander's overall SA and properly coordinate synchronize and integrate overall operations 7 Understand and integrate into the social and cultural aspects of social networking sites and activities in order to more fully develop CyberSA the commander's overall SA and the integration of CyberOps into the commander's objectives and missions 8 Identify potential cyber threats including potential adversaries in order to develop the commander's SA and support operational and intelligence objectives 9 Develop awareness of the attack and defense postures of potential adversaries in order to provide enable effective CyberOps planning intelligence and operations 10 Assess the motives goals and calculations employed by potential adversaries in their decision to conduct a cyber attack against U S or friendly assets in order to enable effective CyberOps planning intelligence and operations DOTMLFP O T M P UQ 09 SWG O T M P UQ 09 SWG T L P UQ 09 SWG D T M L P UQ 09 SWG D T M L P TRADOC Pam 525-7-8 UQ 09 SWG D T M P TRADOC Pam 525-7-8 D T M L P TRADOC Pam 525-7-8 D T M P TRADOC Pam 525-7-8 D T M L P TRADOC Pam 525-7-8 i Table D-8 below lists the echelon at which each capability is required 56 Source References TRADOC Pam 525-7-8 Table D-8 Required CyberSA capabilities by echelon Echelon Capability Number Joint combatant command ARFORCYBER ASCC Corps Division Brigade BCT Battalion Company 1 X X X X X X X 2 X X X X X X X X 3 X X X X X X X 4 X X X X X X X X 5 X X X X X X X X 6 X X X X X 7 X X X X X X X X 8 X X X X X X 9 X X X X X X 10 X X X X X X Appendix E Required Capabilities Supplemental Classified Classified - Published Separately Appendix F DOTMLPF Integrated Question List F-1 Introduction a There are important implications for the services as the Army develops CyberOps capabilities The integration and synchronization of CyberOps capabilities across the DOTMLPF domains is required in the context of joint interdependence This integration and synchronization must take advantage of and be informed by previous and on-going efforts to include but not limited to the joint and Army EW CBAs the Army Space CBA the Army EMSO CBA the Army Network Transport CBA the Strategic Command Quick-Look Cyber CBA the Office of Secretary of Defense - Intelligence Computer Network Attack CBA and the Homeland Defense CBA These efforts demonstrate significant joint CyberOps interdependence While some study issues may go beyond the Army's direct role or responsibility the ability to influence the design and development of the range of DOTMLPF solutions for the joint force as they apply to required capabilities for land operations is an Army responsibility Specific CyberOps capabilities such as requirements for Army expeditionary operations should be examined and detailed for an integrated effort by the joint and Army communities b The Army's family of concepts was used in the development of this pamphlet and each concept includes a discussion of the associated DOTMLPF implications Several of the concepts identify implications that directly relate to CyberOps and are explicit enough to generate action 57 TRADOC Pam 525-7-8 for change within the DOTMLPF domains Responsible proponencies and agencies have identified battle command EW or other capabilities as many of these implications These DOTMLPF implications must be identified to avoid unnecessary overlaps and redundancies to support their integration and synchronization to ensure there are no capability gaps and leveraged to create asymmetric operational advantages by adapting technologies and capabilities across functional lines The following concepts should be of particular note TRADOC Pam 525-5-600 TRADOC Pam 525-7-6 and TRADOC Pam 525-7-16 F-2 Implications a The primary DOTMLPF implications arising from this pamphlet vice an exhaustive list are described below The items cited will require additional analysis before comprehensive actionable recommendations emerge This is intended to be used as one of the starting points for the Army CyberOps CBA b How will the Army concurrently develop CyberOps doctrine with the evolution the cyberspace domain and USCYBERCOM unfolding joint CyberOps and Army concepts and doctrine and emerging joint and Army CyberOps requirements c What are the most effective organizational designs for implementation of the Army CyberOps that support USCYBERCOM and all combatant commanders and support Army expeditionary operations and an Army enterprise construct that includes the operating and generating forces active and reserve components and other specified cyberspace d What is the appropriate balance between joint and Army training for CyberOps personnel e How should the Army work with the joint force in developing robust and responsive CyberOps RDT E and acquisition processes f How will the Army keep pace with the rate of technologic advancement and adapt these advancements to operational advantage g How does the Army develop leaders that understand cyberspace and CyberOps understand how to integrate and employ CyberOps as part of FSO and understand how to recognize and adapt advance technologies into operational advantage h How does the Army best organize to develop the requisite CyberOps personnel skills and capacity i What test and training facilities are required to support CyberOps and the integration of CyberOps into FSO j What are the public-private partnerships required to secure commercial segments inside the Army or other specified cyberspace 58 TRADOC Pam 525-7-8 F-3 Doctrine a Emerging joint and Army doctrine must fully capture the description and implications of cyberspace It must also expand upon the ideas presented in this pamphlet to guide further combat development The nature of CyberOps will likely require a multilevel security-tiered doctrinal approach What will make the initial CyberOps doctrine development unique is that joint and Army concepts are still evolving and that joint and Army doctrine will be developed concurrently and likely collaboratively b Doctrine questions include but are not limited to the following 1 How will the Army concurrently develop CyberOps doctrine with the evolution the cyberspace domain and USCYBERCOM unfolding joint and Army CyberOps concepts and doctrine and emerging joint and Army CyberOps requirements 2 Does current Army doctrine adequately address Army CyberOps capabilities and integration with the other Army operations and functions and with joint operations throughout a joint campaign 3 How does emerging joint CyberOps doctrine influence the conduct of Army operations 4 Does joint and Army doctrine adequately address the joint interdependence in the area of cyberspace and CyberOps 5 What are the impacts of national and international law on joint and Army CyberOps doctrine 6 Are cyberspace and CyberOps adequately addressed in Army doctrine for the theater corps and division and below doctrinal publications 7 Are current TTPs adequate to execute required Army CyberOps operations 8 Do proponent doctrinal publications integrate requisite Army CyberOps 9 What emerging CyberOps technologies processes and capabilities need to be codified in Army doctrine 10 What types of joint command and control and battle command operations may be impacted by Army CyberOps doctrine 11 Does the CyberOps doctrine help the commander on the ground 12 Does the CyberOps doctrine provide the commander with an ability to effect operations 59 TRADOC Pam 525-7-8 F-4 Organization a Army organizations must support USCYBERCOM and other combatant commander requirements as well as the Army’s generating and operating forces’ needs to include requirements for expeditionary operations active and reserve components and other relevant cyberspace b Organizational questions include but are not limited to the following 1 What are the appropriate organizational structures to enable effective Army CyberOps 2 Are current Army organizations adequate to meet the CyberOps requirements of the future force 3 Can current organizational structures be augmented to satisfy the capability requirements of Army CyberOps 4 Is a new organizational structure required to achieve the required CyberOps capabilities 5 What Army CyberOps capabilities should reside at each echelon in Army tactical and operational forces as well as generating forces F-5 Training a Army CyberOps personnel must be trained to joint and Army standards There are current CNO and NetOps training venues and programs already established that can be leveraged and modified to meet initial cyber requirements Training requirements will likely be driven by USCYBERCOM requirements and Army specific requirements necessary to support generating and operating force requirements b Training questions include but are not limited to the following 1 How is the integration and application of cyberspace and CyberOps capabilities included in current training and leader development 2 How can the Army adapt its training to better integrate Army CyberOps 3 How much training and what training standards are going to be directed from USCYBERCOM 4 How will evolving technologies and ongoing or planned changes in organization affect the ways in which Army units and leaders operate and what are the training implications of these changes to support Army CyberOps 60 TRADOC Pam 525-7-8 5 How will evolving CyberOps doctrine impact units and leaders 6 What training designs will develop units and leaders able to capitalize on the full range of CyberOps capabilities 7 What are the CyberOps training requirements for enlisted personnel noncommissioned officers officers DA civilians and contractors 8 What training and education is required for a CyberOps planner and integrator on a USCYBERCOM and combatant command staff on generating force staffs and on operational staffs from ASCCs down to company level 9 What type scope and frequency of Army CyberOps training must the future force conduct to enable effective operations 10 What CyberOps test and training ranges are necessary 11 What modeling and simulations are required to support Army CyberOps operations at the tactical operational and strategic levels 12 What joint CyberOps training is necessary and for whom 13 What national and commercial agency CyberOps training is necessary and for whom 14 What are the impacts of training requirements on the schools that is growth resources and others 15 How can CyberOps training be conducted at the individual and collective levels 16 How will CyberOps be trained and evaluated in units prior to deployment F-6 Materiel a CyberOps are technical in nature and materiel solutions will need to be rapidly developed tested evaluated and acquired The utility of materiel solutions will likely be temporal in value due to the rapid technologic advancements and proliferation Adversary counters to cyber tools also result in combat development being a continuous fast paced process Materiel solutions are also expensive and will likely be developed using joint interagency and public-private partnerships to take advantage of existing best practices and maximize resource utilization b Some significant materiel questions include but are not limited to the following 1 How will compatibility and interoperability as well as operational effectiveness be achieved for CyberOps systems 61 TRADOC Pam 525-7-8 2 What technologies are critical to consider and invest in for the development of effective and capable CyberOps materiel solutions 3 Given the crowded nature of the EMS how can the Army effectively operate in cyberspace and the EMS 4 Given the technical nature of CyberOps systems how will the Army develop personnel and organizations capable of effectively executing CyberOps planning command and control operations and maintenance 5 How will the Army effectively integrate CyberOps capabilities given the highly interdependent and interrelated nature of CyberSA CyNetOps CyberWar CyberSpt EA EP and ES systems 6 Since CyberOps capabilities often have a short shelf life what is the most effective and efficient way to use RDT E and acquisition processes to gain and maintain advantage 7 Will TRADOC Pam 525-7-8 unite commanders and technology in such a way as to enable both to successfully meet future non-linear challenges F-7 Leadership and education a Commanders staffs and Soldiers must be educated to understand cyberspace and CyberOps Doctrine will provide the intellectual foundation to prepare leaders for how to think CyberOps in the context of the future OE Leader development and education will provide leaders with the understanding of how to integrate CyberOps into FSO b Leader development questions include but are not limited to the following 1 How does the Army develop adaptive leaders that understand cyberspace and CyberOps know how to integrate and employ CyberOps as part of FSO and are able to recognize and adapt advance technologies into operational advantage 2 How do we provide collaborative distributed training aids that support commanders as well as staffs during planning preparation rehearsal and execution of cyberspace exercises and integration 3 How can CyberOps be incorporated into training exercises and leader development to develop CyberOps planning and operations 4 How does the Army best educate leaders and Soldiers to understand the complex and ever-changing future OE F-8 Personnel 62 TRADOC Pam 525-7-8 a The Army must have sufficient trained CyberOps personnel with the requisite knowledge skills and attributes Emerging joint and Army requirements warrant a complete analysis of personnel requirements and the most effective way to develop and manage them b Personnel questions relating to CyberOps include but are not limited to the following 1 How do we recruit and retain the personnel necessary to perform Army CyberOps functions 2 What skill sets are required in Army civilian and contractor support personnel 3 What is the best means of selecting Army CyberOps officers 4 Should the Army precommissioning programs include a CyberOps component 5 What is the right mix of personnel between CyberOps professionals and other personnel selected to serve in CyberOps related positions 6 What will be the CyberOps personnel impacts as they relate to other proponents 7 What will be the personnel end strength impacts as related to required CyberOps capabilities F-9 Facilities a This pamphlet anticipates significant investment in the facilities and infrastructure necessary to support CyberOps The ability to effectively and efficiently conduct test training and operations using CyberOps systems will require a robust infrastructure Such facilities and infrastructure must allow networked and distributed operations as well as multilayered security constructs The planning and resourcing for facility and infrastructure must be initiated with sufficient lead time to reach maturity synchronous with the future force and anticipated technology developments associated with cyberspace and CyberOps b Facilities questions include but are not limited to the following 1 Are there adequate facilities available to effectively develop test and train CyberOps capabilities so that personnel understand and have confidence in the system 2 What infrastructure is required at Army and DOD installations to adequately support Army CyberOps programs consistent with joint Army and multinational concepts and as specified joint national training center attributes 3 What infrastructure is required in theater to support CyberOps missions 63 TRADOC Pam 525-7-8 Glossary Section I Abbreviations ARCIC ARFORCYBER ARNG ASCC BCEC BCT CBA CAC CG CIKR CNA CND CNE CNO CONOPS CONUS COP COTS CyA CyberOps CyberSA CyberSpt CyberWar CyCM CyD CyE CyEM CyNetOps DHS DA DOD DOTMLPF DSCA DCS DCyD EA EMS EMSO EP ES EW Army Capabilities Integration Center Army Forces United States Cyber Command Army National Guard Army Service Component Command battle command essential capabilities brigade combat team capabilities based assessment Combined Arms Center commanding general critical infrastructure key resources computer network attack computer network defense computer network exploitation computer network operations concept of operations continental United States common operational picture commercial off the shelf cyber attack cyberspace operations cyber situational awareness cyber support cyber warfare cyber content management cyber defense cyber exploitation cyber enterprise management cyber network operations Department of Homeland Security Department of the Army Department of Defense doctrine organization training materiel leadership and education personnel and facilities defense support to civil authorities distributed control system dynamic cyber defense electronic attack electromagnetic spectrum electromagnetic spectrum operations electronic protection electronic warfare support electronic warfare 64 TRADOC Pam 525-7-8 FM FSO GIG GNE GNEC GOTS ICD ICDT ICT IO IP JCA JCIDS JIIM JP JTF MCO NetOps NOSC OE OF OV Pam QRM RCERT RDT E RF ROE SA SBCT SCADA SECDEF SIGINT SME SWG TNOSC TRADOC TSCP TTP UQ U S USAR USCYBERCOM USNORTHCOM USPACOM field manual full spectrum operations global information grid global network enterprise global network enterprise construct government off the shelf initial capabilities document integrated concept development team information and communications technology information operations Internet protocol joint capability area Joint Capabilities Integration and Development System joint interagency intergovernmental and multinational joint publication joint task force major combat operations network operations network operations and security center operational environment Omni Fusion operational view pamphlet quadrennial roles and missions report regional computer emergency response team research development test and evaluation radio frequency rules of engagement situational awareness Stryker brigade combat team supervisory control and data acquisition Secretary of Defense signals intelligence subject matter expert seminar wargame Theater Network Operations and Security Center Training and Doctrine Command Theater Security Cooperation Plan tactics techniques and procedures Unified Quest United States United States Army Reserve United States Cyber Command United States Northern Command United States Pacific Command 65 TRADOC Pam 525-7-8 Section II Terms References for the terms are listed behind the definition Publication JP 1-02 is the source of the definition If no reference is listed Joint battle command The art and science of understanding visualizing describing directing leading and assessing forces to impose the commander's will on a hostile thinking and adaptive enemy Battle command applies leadership to translate decisions into actions—by synchronizing forces and warfighting functions in time space and purpose—to accomplish missions FM 3-0 combined arm Combined arms is the synchronized and simultaneous application of the elements of combat power to achieve an effect greater than if each element of combat power was used separately or sequentially FM 3-0 computer network attack Actions taken through the use of computer networks to disrupt deny degrade or destroy information resident in computers and computer networks or the computers and networks themselves JP 1-02 computer network defense Actions taken to protect monitor analyze detect and respond to unauthorized activity within the DOD information systems and computer networks JP 1-02 computer network defense response actions Deliberative authorized defensive measures or activities that protect and defend DOD computer systems and networks under attack or targeted for attack by adversary computer systems and networks Response actions extend DOD's layered defense-in-depth capabilities and increase DOD's ability to withstand adversary attacks Assistant SECDEF Memorandum Guidance for Computer Network Response Actions computer network exploitation Enabling operations and intelligence collection capabilities conducted through the use of computer networks to gather data from target or adversary automated information systems or networks JP 1-02 computer network operations Comprised of CNA CND and related CNE enabling operations JP 1-02 counterintelligence Information gathered and activities conducted to protect against espionage other intelligence activities sabotage or assassinations conducted by or on behalf of foreign governments or elements thereof foreign organizations or foreign persons or international terrorist activities JP 2-0 66 TRADOC Pam 525-7-8 critical infrastructure protection Actions taken to prevent remediate or mitigate the risks resulting from vulnerabilities of critical infrastructure assets Depending on the risk these actions could include changes in tactics techniques or procedures adding redundancy selection of another asset isolation or hardening guarding and others JP 3-28 cyber attack CyA actions combine CNA with other enabling capabilities such as EA physical attack and others to deny or manipulate information and or infrastructure TRADOC Pam 525-7-8 cyber content management CyCM is the technology processes and policy necessary to provide awareness of relevant accurate information automated access to newly discovered or recurring information and timely efficient and assured delivery of information in a usable format TRADOC Pam 525-78 cyber counterintelligence Measures to identify penetrate or neutralize foreign operations that use cyber means as the primary tradecraft methodology as well as foreign intelligence service collection efforts that use traditional methods to gauge cyber capabilities and intentions JP 2-01 2 cyber defense CyD is actions that combine information assurance computer network defense to include response actions and critical infrastructure protection with enabling capabilities such as EP critical infrastructure support and others to prevent detect and ultimately respond to an adversaries ability to deny or manipulate information and or infrastructure CyD is integrated with the dynamic defensive aspects of CyberWar to provide defense in depth TRADOC Pam 525-7-8 cyber enterprise management CyME is the technology processes and policy necessary to effectively operate computers and networks TRADOC Pam 525-7-8 cyber exploitation CyE is actions combining CNE with enabling capabilities such as ES SIGINT and others for intelligence collection and other efforts TRADOC Pam 525-7-8 cyber network operations The component of CyberOps that establishes operates manages protects defends and provides command and control of the LandWarNet CIKR and other specified cyberspace TRADOC Pam 525-7-8 cyber situational awareness The immediate knowledge of friendly adversary and other relevant information regarding activities in and through cyberspace and the EMS It is gained from a combination of 67 TRADOC Pam 525-7-8 intelligence and operational activity in cyberspace the EMS and in the other domains both unilaterally and through collaboration with our unified action and public-private partners TRADOC Pam 525-7-8 cyber support Those supporting activities which are generated and employed to specifically enable CyNetOps and CyberWar They include vulnerability assessment and operational force-based security assessment and remediation reverse engineering malware cyber aspects of site exploitation counter intelligence and law enforcement forensics RDT E combat development and acquisition TRADOC Pam 525-7-8 cyberspace A global domain within the information environment consisting of the interdependent network of information technology infrastructures including the Internet telecommunications networks computer systems and embedded processors and controllers JP 1-02 cyberspace operations The employment of cyber capabilities where the primary purpose is to achieve objectives in and through cyberspace Such operations include computer network operations and activities to operate and defend the GIG JP 1-02 cyberspace warfare The component of CyberOps that extends cyber power beyond the defensive boundaries of the GIG to detect deter deny and defeat adversaries CyberWar capabilities target computer and telecommunication networks and embedded processors and controllers in equipment systems and infrastructure CyberWar uses CyE CyA and DCyD in a mutually supporting and supported relationship with CyNetOps and CyberSpt TRADOC Pam 525-7-8 dynamic cyber defense DCyD actions combine policy intelligence sensors and highly automated processes to identify and analyze malicious activity simultaneously tip and cue and execute preapproved response actions to defeat attacks before they can do harm DCyD uses the Army defensive principles of security defense in depth and maximum use of offensive action to engage cyber threats Actions include surveillance and reconnaissance to provide early warnings of pending enemy actions DCyD is integrated with the defensive aspects of CyNetOps to provide defense in depth TRADOC Pam 525-7-8 electromagnetic spectrum The range of frequencies of electromagnetic radiation from zero to infinity It is divided into 26 alphabetically designated bands JP 1-02 electronic attack Division of electronic warfare involving the use of electromagnetic energy directed energy or antiradiation weapons to attack personnel facilities or equipment with the intent of degrading neutralizing or destroying enemy combat capability and is considered a form of fires JP 313 1 68 TRADOC Pam 525-7-8 electronic protection Division of electronic warfare involving actions taken to protect personnel facilities and equipment from any effects of friendly or enemy use of the electromagnetic spectrum that degrade neutralize or destroy friendly combat capability JP 3-13 1 electronic warfare Military action involving the use of electromagnetic and directed energy to control the electromagnetic spectrum or to attack the enemy EW consists of three divisions EA EP and ES JP 3-13 1 electronic warfare support Division of EW involving actions tasked by or under direct control of an operational commander to search for intercept identify and locate or localize sources of intentional and unintentional radiated electromagnetic energy for the purpose of immediate threat recognition targeting planning and conduct of future operations JP 3-13 1 frequency deconfliction A systematic management procedure to coordinate the use of the EMS for operations communications and intelligence functions Frequency deconfliction is one element of electromagnetic spectrum management JP 3-13 1 frequency management The requesting recording deconfliction of and issuance of authorization to use frequencies operate electromagnetic spectrum dependent systems coupled with monitoring and interference resolution processes JP 6-0 full spectrum operations Army forces combine offensive defensive and stability or civil support operations simultaneously as part of an interdependent joint force to seize retain and exploit the initiative accepting prudent risk to create opportunities to achieve decisive results They employ synchronized action—lethal and nonlethal—proportional to the mission and informed by a thorough understanding of all variables of the operational environment Mission command that conveys intent and an appreciation of all aspects of the situation guides the adaptive use of Army forces FM 3-0 global information grid The globally interconnected end-to-end set of information capabilities associated processes and personnel for collecting processing storing disseminating and managing information on demand to warfighters policy makers and support personnel The GIG includes owned and leased communications and computing systems and services software including applications data security services other associated services and National Security Systems JP 6-0 information Facts data or instructions in any medium or form The meaning that a human assigns to data by means of the known conventions used in their representation 69 TRADOC Pam 525-7-8 information assurance Measures that protect and defend information and information systems by ensuring their availability integrity authentication confidentiality and nonrepudiation This includes providing for restoration of information systems by incorporating protection detection and reaction capabilities JP 3-13 information engagement The integrated employment of public affairs to inform U S and friendly audiences psychological operations combat camera U S government strategic communication and defense support to public diplomacy and other means necessary to influence foreign audiences and leader and Soldier engagements to support both efforts FM 3-0 information environment The aggregate of individuals organizations and systems information operations The integrated employment of the core capabilities of EW computer network operations psychological operations military deception and operations security in concert with specified supporting and related capabilities to influence disrupt corrupt or usurp adversarial human and automated decisionmaking while protecting the same intelligence The product resulting from the collection processing integration evaluation analysis and interpretation of available information concerning foreign nations hostile or potentially hostile forces or elements or areas of actual or potential operations The term is also applied to the activity which results in the product and to the organizations engaged in such activity JP 1-02 intelligence preparation of the battlespace An analytical methodology employed to reduce uncertainties concerning the enemy environment and terrain for all types of operations Intelligence preparation of the battlespace builds an extensive database for each potential area in which a unit may be required to operate The database is then analyzed in detail to determine the impact of the enemy environment and terrain on operations and presents it in graphic form Intelligence preparation of the battlespace is a continuing process intelligence surveillance and reconnaissance Activities that synchronize and integrate the planning and operation of sensors assets and processing exploitation and dissemination systems in direct support of current and future operations JP 2-01 Internet An electronic communications network that connects computer networks and organizational computer facilities around the world Merriam Webster 70 TRADOC Pam 525-7-8 LandWarNet The Army's contribution to the GIG that consists of all globally interconnected end-to-end set of U S Army information capabilities associated processes and personnel for collecting processing storing disseminating and managing information on demand supporting warfighters policy makers and support personnel It includes all U S Army owned and leased and leveraged DOD and joint communications and computing systems and services software including applications data security services and other associated services LandWarNet exists to enable the war fight through battle command TRADOC Pamphlet 525-5-600 network enterprise center Provide local post camp base tenant units with access to the network network services communications and information enterprise services network operations Activities conducted to operate and defend the GIG JP 6-0 network service center A global network operations and service desk functions information services and network connectivity through distributed TNOSCs area processing centers and regional hub nodes operational environment A composite of the conditions circumstances and influences that affect the employment of capabilities and bear on the decisions of the commander JP 3-0 signal As applied to electronics any transmitted electrical impulse Operationally a type of message the text of which consists of one or more letters words characters signal flags visual displays or special sounds with prearranged meaning and which is conveyed or transmitted by visual acoustical or electrical means signals intelligence A category of intelligence comprising either individually or in combination all communications intelligence electronic intelligence and foreign instrumentation signals intelligence however transmitted Intelligence derived from communications electronic and foreign instrumentation signals supervisory control and data acquisition An electronic system that provides for monitoring and controlling systems or processes remotely Training Manual 5-601 telecommunications Any transmission emission or reception of signs signals writings images sounds or information of any nature by wire radio visual or other electromagnetic systems 1-02 Title 10 U S Code This title addresses securing U S interests by conducting military operations in cyberspace 71 TRADOC Pam 525-7-8 Title 18 U S Code The focus is on law enforcement and the principle agency is the Department of Justice This title addresses crime prevention apprehension and prosecution of cyberspace criminals Title 32 U S Code The focus is on the first line of defense of the U S The principle agencies are the Army and Air Force National Guards This title addresses the support to the defense of U S interests in cyberspace through critical infrastructure protection domestic consequence management and other homeland defense-related activities Title 40 U S Code The focus is on CIO roles and responsibilities All Federal department and agencies are responsible This title establishes and enforces standards for acquisition and security of information technologies Title 50 U S Code The focus is on foreign intelligence and counterintelligence activities The principle agencies are the intelligence agencies aligned under the Office of the Director of National Intelligence This title addresses intelligence gathering through cyberspace on foreign intentions operations and capabilities Title 60 U S Code The focus is on homeland security and the principle agency is the DHS This title addresses the security of U S cyberspace warfighting function A group of tasks and systems people organizations information and processes united by a common purpose that commanders use to accomplish missions and training objectives warfighting functions 72
OCR of the Document
View the Document >>