The requirement for military forces to introduce a robust Cyber Operations capability is reinforced by the nature of the current cyber threat landscape. Recent high profile cyber-related events has demonstrated the capabilities of a wide range of cyber threat actors. Furthermore, a significant number of countries have been directly and indirectly targeted by malign states intent on either conducting espionage activity or targeting critical national infrastructure. For several years, Intel-Lytix has provided close support advisory and technical expertise for governments and inter-governmental institutions to help design and oversee the management and implementation of resilient cyber defence architectural frameworks and militarily effective offensive cyber capabilities. We consistently work alongside governments and military forces by helping them create cyber capabilities that address current and emerging threats.
Cyber attacks were once relatively uncommon; more associated with cyber crime, where underground hackers try to steal information or cause chaos. There is a clear difference between cyber attacks of a criminal nature and cyber warfare. Cyber criminal attacks can range from criminal gangs looking to steal identities, to foreign intelligence services trying to steal sensitive or classified information.
As nations rely more and more on cyberspace as an effective means of storing information, conducting business and military operations, the more these operations are likely to become susceptible to aggressive outside attacks. In addition, the threat of real military operations in the cyberspace domain is no longer the realm of fiction. In cases falling outside warfare, older pre-existing legislation may even protect those guilty of cyber crime, particularly if they appear to be politically motivated, or connected with the right (in some countries) to protest, the United States for example.
Conventional notions of warfare rely on tanks, troops, aircraft and a variety of different weapons systems to defend a country’s lands or its interests. Cyber Warfare on the other hand, requires nothing more advanced than a computer terminal and an internet connection. Rather than risking troops and equipment, an act of Cyber Warfare can have equally devastating effects on computer systems and networks, as the conventional weapons mentioned above can have on cities, infrastructure and people.
As with traditional warfare, countries both wish to defend against cyber attack, but to also have the ability to retaliate or even to launch an offensive or anticipatory strike against any significant imminent cyber threat. While most efforts appear to be directed toward defensive measures, there are strong indications that many nation states have now developed their offensive cyber capabilities, including personnel organised and trained to launch offensive cyber attacks.
Cyber Operations are defined as the employment of cyberspace capabilities where the primary purpose is to achieve objectives in or through cyberspace. They are divided into three main categories:
Architectures can be represented by models to illustrate operational processes by providing an explicit representation of the operational domain that can be used for a variety of purposes. Such purposes include the analysis and articulation of issues and requirements, support to planning, and as a means of solution design and validation. Architectures can be developed for the smallest subsystem up to and culminating with an architecture that addresses an entire enterprise. The role of an enterprise architecture is to provide decision support – in the context of the enterprise strategy, for the use of resources (including processes and procedures). In other words, the architecture is responsible for defining how resources will be used to support enterprise strategy and benefit the goals and objectives.
Architectures are normally used as an analysis tool to develop new capabilities, structure organisations and to optimise processes and spending. From a military perspective, there is an increased requirement for international coalition operations and a growing need to deliver end-to-end capability whilst ensuring interoperability.
Most architectural frameworks currently in use are deemed to be interoperable, such as the US Department of Defense Architecture Framework (DoDAF), the UK Ministry of Defence Architecture Framework (MODAF) and the NATO Architecture Framework (NAF).
One of the critical aspects when establishing an Cyber Operations capability is the definition of its governance across multiple levels. Governance in general, is the set of responsibilities and practices exercised with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise’s resources are used responsibly.
Within a military context, Cyber Operations and the scope of activities should be managed within the political level in accordance with national priorities and objectives. Additionally, governance should also be exercised within military and strategic institutions responsible for Cyber Operations. Typically, the scope of governance – including the roles and responsibilities – are defined through the following levels:
The effective management of Cyber Operations depends on cooperation between different actors that exist at the strategic, operational and tactical levels to achieve the objectives that ultimately fall in-line with national priorities.
For any military institution, careful consideration is required when seeking to establish an effective – yet resilient – cyber capability that supports traditional military operations. The crucial task of achieving this is best obtained analysing the current cyber threat landscape and developing a list of capabilities that can be used both within an offensive and defensive context.
Taking the NATO Guidelines for Future Operations into consideration, future reference frameworks include the development of capabilities, with an increased emphasis on cyberspace. These capabilities fall in the main ability areas of:
The single-most crucial element for any military Cyber Operations capability is to ensure that people are provided with the required skills and expertise to conduct activities in accordance with military and strategic objectives. When articulating the required roles and responsibilities for those placed within a Cyber Operations environment, the typical structure includes:
Cyber Operations is undoubtedly an intelligence-led capability, both within the corporate and defence sectors. To achieve an effective and resilient cyber capability, military institutions and coalitions must be aware of the nature of the threat, and they must be able to effectively coordinate, collect and analyse information from sources. Intelligence concerning their adversary enables military institutions to plan and coordinate an effective response that is both offensive and defensive in nature. Additionally, this provides them with an effective early warnings systems concerning potential threats.
To achieve this capability, governments and military institutions are encouraged to seek external help with regards to the development and implementation of an architecture framework that addresses the threats they face, and the development and implementation of a strategy based on the nature of such threats. Most importantly, it is recommended that government and military institutions explore the option of creating a ‘cyber intelligence and operation capacity building programme’ that can effectively be integrated into military training syllabuses and doctrine. With an emphasis on technical-level instruction, such a programme can enable governments and military institutions to obtain expert-level training that is both effective and interoperable.
Additionally, architecture frameworks have yet to address the requirement for military institutions to integrate Cyber Intelligence into the existing Intelligence Cycle and current military doctrine. Creating a unified approach to Cyber Operations and its integration into current military tactics will enable an all-encompassed military capability that is both offensive and defensive in nature.