- The requirement for military forces to introduce a robust Cyber Operations capability is reinforced by the nature of the current cyber threat landscape.
- Recent high profile cyber-related events has demonstrated the capabilities of a wide range of cyber threat actors. Furthermore, a significant number of countries have been directly and indirectly targeted by malign states intent on either conducting espionage activity or targeting critical national infrastructure.
- For several years, Strategy Nord has provided close support advisory and technical expertise for governments and inter-governmental institutions to help design and oversee the management and implementation of resilient cyber defence architectural frameworks and militarily effective offensive cyber capabilities.
- We consistently work alongside governments and military forces by helping them create cyber capabilities that address current and emerging threats.
Cyber attacks were once relatively uncommon; more associated with cyber crime, where underground hackers try to steal information or cause chaos. There is a clear difference between cyber attacks of a criminal nature and cyber warfare. Cyber criminal attacks can range from criminal gangs looking to steal identities, to foreign intelligence services trying to steal sensitive or classified information.
As nations rely more and more on cyberspace as an effective means of storing information, conducting business and military operations, the more these operations are likely to become susceptible to aggressive outside attacks. In addition, the threat of real military operations in the cyberspace domain is no longer the realm of fiction. In cases falling outside warfare, older pre-existing legislation may even protect those guilty of cyber crime, particularly if they appear to be politically motivated, or connected with the right (in some countries) to protest, the United States for example.
Conventional notions of warfare rely on tanks, troops, aircraft and a variety of different weapons systems to defend a country’s lands or its interests. Cyber Warfare on the other hand, requires nothing more advanced than a computer terminal and an internet connection. Rather than risking troops and equipment, an act of Cyber Warfare can have equally devastating effects on computer systems and networks, as the conventional weapons mentioned above can have on cities, infrastructure and people.
As with traditional warfare, countries both wish to defend against cyber attack, but to also have the ability to retaliate or even to launch an offensive or anticipatory strike against any significant imminent cyber threat. While most efforts appear to be directed toward defensive measures, there are strong indications that many nation states have now developed their offensive cyber capabilities, including personnel organised and trained to launch offensive cyber attacks.
Cyber Operations as a concept
Cyber Operations are defined as the employment of cyberspace capabilities where the primary purpose is to achieve objectives in or through cyberspace. They are divided into three main categories:
- Defensive cyber operations (DCO). They are passive and active cyberspace defence activities that allow to outmanoeuvre an adversary. DCOs are threat specific and mission focused. DCO is divided into two subcategories:
- Internal defensive measures: IDM are those actions we take internally to friendly cyberspace,
- Response action: RA is taken outside the Enterprise information environment to stop or block the attack
- Intelligence, Surveillance and Reconnaissance (ISR): these are all operations performed within the cyberspace to ensure the safety of the cyberspace itself against potential threats. They are network focused and threat agnostic in that their security measures are not focused on a specific threat. They include designing, building, configuring, securing, operating, maintaining, and sustaining the information environment that we rely on for operations
- Offensive cyber operations (OCO): Cyberspace operations intended to project power by the application of force in or through cyberspace. They are threat specific and mission-focused and performed outside of the Enterprise’s friendly cyberspace
Architectures can be represented by models to illustrate operational processes by providing an explicit representation of the operational domain that can be used for a variety of purposes. Such purposes include the analysis and articulation of issues and requirements, support to planning, and as a means of solution design and validation. Architectures can be developed for the smallest subsystem up to and culminating with an architecture that addresses an entire enterprise. The role of an enterprise architecture is to provide decision support – in the context of the enterprise strategy, for the use of resources (including processes and procedures). In other words, the architecture is responsible for defining how resources will be used to support enterprise strategy and benefit the goals and objectives.
Architectures are normally used as an analysis tool to develop new capabilities, structure organisations and to optimise processes and spending. From a military perspective, there is an increased requirement for international coalition operations and a growing need to deliver end-to-end capability whilst ensuring interoperability.
Most architectural frameworks currently in use are deemed to be interoperable, such as the US Department of Defense Architecture Framework (DoDAF), the UK Ministry of Defence Architecture Framework (MODAF) and the NATO Architecture Framework (NAF).
One of the critical aspects when establishing an Cyber Operations capability is the definition of its governance across multiple levels. Governance in general, is the set of responsibilities and practices exercised with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise’s resources are used responsibly.
Within a military context, Cyber Operations and the scope of activities should be managed within the political level in accordance with national priorities and objectives. Additionally, governance should also be exercised within military and strategic institutions responsible for Cyber Operations. Typically, the scope of governance – including the roles and responsibilities – are defined through the following levels:
- Strategic: Managing the strategic and political aspects of Cyber Operations both during crisis or not and in accordance with national and coalition objectives.
- Operational: Defining the functional processes, tasks and activities and information exchanges required to accomplish strategic goals.
- Tactical: Specifying the precise actions required to be conducted in accordance with operational priorities.
The effective management of Cyber Operations depends on cooperation between different actors that exist at the strategic, operational and tactical levels to achieve the objectives that ultimately fall in-line with national priorities.
Establishing a military Cyber Operations capability
For any military institution, careful consideration is required when seeking to establish an effective – yet resilient – cyber capability that supports traditional military operations. The crucial task of achieving this is best obtained analysing the current cyber threat landscape and developing a list of capabilities that can be used both within an offensive and defensive context.
Taking the NATO Guidelines for Future Operations into consideration, future reference frameworks include the development of capabilities, with an increased emphasis on cyberspace. These capabilities fall in the main ability areas of:
- Prepare: The ability to establish and sustain a sufficient and effective presence at the right time, keeping sufficient flexibility to adapt to possible changes in the security environment.
- Project: To conduct strategic (re)deployment and Reception, Staging, Onward movement and Integration (RSOI) in support of Alliance operations and missions.
- Engage: The ability to perform the tasks that contribute directly to the achievement of mission goals, including all abilities required to defeat adversaries.
- Sustain: A comprehensive provision of personnel, logistics, material, medical, and general military engineering support required to maintain combat power throughout all phases of the operation.
- Protect: The ability to minimise the vulnerability of personnel, materiel, infrastructure and facilities, information and cyberspace, lines of communication and lines of supply, and activities to any threat and in all situations.
- Consult, Command, and Control: The ability to allow commanders to exercise authority over and direct assigned and attached units in the accomplishment of the mission.
- Inform: Establishing and maintaining the situational awareness and level of knowledge required to allow commanders at all levels to make timely, informed, and responsive decisions.
People and training
The single-most crucial element for any military Cyber Operations capability is to ensure that people are provided with the required skills and expertise to conduct activities in accordance with military and strategic objectives. When articulating the required roles and responsibilities for those placed within a Cyber Operations environment, the typical structure includes:
- Senior-decision makers: Typically commanders that have some degree of knowledge of Cyber Operations but with a proven capability to lead and manage activity in accordance with military objectives.
- C4 (Command, Control, Communications and Computers) Practitioners: Individuals assigned to supporting roles that typically include computer network administrators, Cyber Electro-Magentic Activity (CEMA) technicians and interpreters.
- Cyber Operations Specialists: Personnel with expert skills and training in the fields of Offensive and Defensive Cyber Operations, and Intelligence Surveillance and Reconnaissance.
Achieving an effective Cyber Operations capability
Cyber Operations is undoubtedly an intelligence-led capability, both within the corporate and defence sectors. To achieve an effective and resilient cyber capability, military institutions and coalitions must be aware of the nature of the threat, and they must be able to effectively coordinate, collect and analyse information from sources. Intelligence concerning their adversary enables military institutions to plan and coordinate an effective response that is both offensive and defensive in nature. Additionally, this provides them with an effective early warnings systems concerning potential threats.
To achieve this capability, governments and military institutions are encouraged to seek external help with regards to the development and implementation of an architecture framework that addresses the threats they face, and the development and implementation of a strategy based on the nature of such threats. Most importantly, it is recommended that government and military institutions explore the option of creating a ‘cyber intelligence and operation capacity building programme’ that can effectively be integrated into military training syllabuses and doctrine. With an emphasis on technical-level instruction, such a programme can enable governments and military institutions to obtain expert-level training that is both effective and interoperable.
Additionally, architecture frameworks have yet to address the requirement for military institutions to integrate Cyber Intelligence into the existing Intelligence Cycle and current military doctrine. Creating a unified approach to Cyber Operations and its integration into current military tactics will enable an all-encompassed military capability that is both offensive and defensive in nature.