Cyberspace operations (also referred to as cyber operations, CyberOps or CO) are
|“||the employment of cyber capabilities where the primary purpose is to achieve objectives in or through cyberspace. Such operations include computer network operations and activities to operate and defend the Global Information Grid.||”|
|“||[c]yber collection, DCEO (including NDCM), and OCEO collectively.||”|
Cyberspace is a domain. Cyberspace operations are not synonymous with information operations (IO). IO is a set of operations that can be performed in cyberspace and other domains. Operations in cyberspace can directly support IO and non-cyber based IO can affect cyberspace operations.
Cyberspace is a man-made domain, and is therefore unlike the natural domains of air, land, maritime, and space. It requires continued attention from humans to persist and encompass the features of specificity, global scope, and emphasis on the electromagnetic spectrum. Cyberspace nodes physically reside in all domains. Activities in cyberspace can enable freedom of action for activities in the other domains, and activities in the other domains can create effects in and through cyberspace.
Below is a matrix portraying how the principles of joint operations can be expressed and demonstrated through cyberspace operations.
Threats to cyberspace operations
There are a variety of threats to cyberspace operations, including:
- Nation State Threat. This threat is potentially the most dangerous because of access to resources, personnel, and time that may not be available to other actors. Other nations may employ cyberspace to attack and conduct espionage against the U.S. Nation state threats involve traditional adversaries and sometimes, in the case of espionage, even traditional allies. Nation states may conduct operations directly or may outsource third parties to achieve their goals.
- Transnational Actor Threat. Transnational actors are formal and informal organizations that are not bound by national borders. These actors use cyberspace to raise funds, communicate with target audiences and each other, recruit, plan operations, destabilize confidence in governments, and conduct direct terrorist action.
- Criminal Organization Threat. Criminal organizations may be national or transnational in nature depending on how they are organized. Criminal organizations steal information for their own use or, in turn, sell it to raise capital.
- Individual or Small Group Threat. Individuals or small groups of people can illegally disrupt or gain access to a network or computer system — these people are better known as "hackers." The intentions of hackers vary. Some are peaceful and hack into systems to discover vulnerabilities, sometimes sharing the information with the owners and some have malicious intent. Other hackers have political motivations and use cyberspace to spread their message to target audiences. Another type of hacker desires fame or status, and obtains it by breaking into secure systems or creating malware that creates havoc on commercial or government systems. Hackers can also be exploited by the other cyberspace threats, such as criminal organizations, in order to execute concealed operations against specific targets while preserving their anonymity or create plausible deniability.
- Traditional Threat. Traditional threats typically arise from states employing recognized military capabilities and forces in well-understood forms of military conflict. Within cyberspace, these threats may be less understood due to the continuing evolution of technologies and methods. Traditional threats are generally focused against the cyberspace capabilities that enable our air, land, maritime, special operations, and space forces and are focused to deny the U.S. military freedom of action and use of cyberspace.
- Irregular Threat. Irregular threats can use cyberspace as an unconventional asymmetric means to counter traditional advantages. These threats could also manifest through an adversary's selective targeting of U.S. cyberspace capabilities and infrastructure. For example, terrorists could use cyberspace to conduct operations against our financial and industrial sectors while simultaneously launching other physical attacks. Terrorists also use cyberspace to communicate anonymously, asynchronously, and without being tied to set physical locations. They attempt to shield themselves from U.S. law enforcement, intelligence, and military operations through use of commercial security products and services readily available in cyberspace. Irregular threats from criminal elements and advocates of radical political agendas seek to use cyberspace for their own ends to challenge government, corporate, or societal interests.
- Catastrophic Threat. Catastrophic threats involve the acquisition, possession, and use of weapons of mass destruction (WMD) or methods producing WMD-like effects. While WMD attacks are physical (kinetic) events, they may have profound effects within the cyber domain by degrading or destroying key cyber-based systems vital to infrastructure like SCADA systems. Well-planned attacks on key nodes of the cyberspace infrastructure have the potential to produce network collapse and cascading effects that can severely affect critical infrastructures locally, nationally, or possibly even globally. For example, an electromagnetic pulse could cause widespread damage to segments of the cyberspace domain in which operations must occur.
- Disruptive Threat. Disruptive threats are breakthrough technologies that may negate or reduce current U.S. advantages in warfighting domains. Global research, investment, development, and industrial processes provide an environment conducive to the creation of technological advances. The DOD should be prepared for the increased possibility of adversary breakthroughs due to continuing diffusion of cyberspace technologies.
- Natural Threat. Natural threats that can damage and disrupt cyberspace include events such as floods, hurricanes, solar flares, lightning, and tornados. These types of events often produce highly destructive effects requiring the DOD to maintain or restore key cyberspace systems. These events also provide adversaries the opportunity to capitalize on infrastructure degradation and diversion of attention and resources.
- Accidental Threat. Accidental threats are unpredictable and can take many forms. From a backhoe cutting a fiber optic cable of a key cyberspace node, to inadvertent introduction of viruses, accidental threats unintentionally disrupt the operation of cyberspace. Although post-accident investigations show that the large majority of accidents can be prevented and measures put in place to reduce accidents, accidents should be anticipated.
- Insider Threat. The "insider" is an individual currently or at one time authorized to access an organization's information system, data, or network. Such authorization implies a degree of trust in the individual. The insider threat refers to harmful acts that trusted insiders might carry out; for example, something that causes harm to the organization, or an unauthorized act that benefits the individual.
- "Overview" section: Cyberspace Operations: Air Force Doctrine Document 3-12, at 2.
- "Threats to cyberspace operations" section: Id. at 11-14.