The cyber domain as an operational environment is still relatively new, and the Department of Defense is still working out tactics, techniques, procedures and authorities in cyberspace for military operations.

But despite the DoD and NATO declaring cyberspace a domain of warfare, “nobody has defined what that means,” said Alex Crowther, of the National Defense University.

At the annual conference of the Association of the U.S. Army on Monday, he called for a circumscribed mission set, as forces can’t be everywhere all the time. Lagos would swallow the entire U.S. Army, he said, using the Nigerian city as a physical analogy to cyberspace, which he noted would swallow all of the DoD’s cyber capability.

“There are pressures for DoD to do more in cyberspace. But if DoD was to do that, you would be frittering away cyber capability,” Crowther asserted. “It’s like going into a city and leaving two guys at every street corner, and pretty soon you don’t have a reaction platoon. Your combat power is frittered away.”

So, what are appropriate mission sets and spheres for operation in cyberspace for the military? Crowther offered four: crime, intelligence, information and operations.

The crime space for the DoD is quite limited, he said, but the agency needs to operate in this space given actors use cyberspace to commit crimes via hacking against the DoD and the defense industrial base; a prominent example of the latter is the theft of F-35 plans from its contractor.

The Pentagon needs to operate in the crime cyberspace to fight crimes involving DoD personnel, such as the misuse of DoD assets, he added.

On the intelligence space, he said that virtually all aspects of intelligence will eventually be cyber-enabled. This means that while traditional intelligence operations such as terrorist network analysis would be done the old-fashioned way, the big-data analysis of the intelligence would be the cyber-enabled portion. Cyber intelligence itself, he added, would be the hack of the Office of Personnel Management (announced in 2015) where all of the intelligence operation is performed in cyberspace.

Like cyber intelligence, more information operations are becoming cyber-enabled, Crowther said. The 2016 hack of the Democratic National Committee would be cyber-enabled, but not entirely cyber-based, Crowther said, because while cyber was the means of extracting the data, it was disseminated through print outlets such as The New York Times.

The Islamic State group, he noted, has a different view of information operations than that of the U.S. military, and it might be worth taking a page from the group’s book. The U.S. military executes information ops in support of operations, whereas ISIS performs operations in support of information ops. In other words, the military will perform an objective and relay the results back to a central location for dissemination via a news release. Conversely, ISIS will scout an objective prior to an attack to determine the best place from which to capture footage to later post online.

He also offered a common complaint of activity in the “information” space: Actors and nations such as Russia conduct information operations below the threshold of triggering a military response. “You’ve heard of the gray zone. That’s exactly what those operations are designed to do: Create an effect without triggering a crossing-over into a military response,” Crowther said.

The last sphere of cyberspace where the military should exist is operations, according to Crowther. He split this between conventional operations and special operations, but noted he has been informed by officials there is no such thing as cyber special operations.

However, he contended, if one looks at the definition of special operations from the joint publication on special ops and compares it to certain cyber operations, “it’s very clear that things like the Stuxnet operation meet many of the criteria of being a special operation.”

Conventional cyber operations include the dropping of ”cyber bombs” on ISIS, as described by former Secretary of Defense Ash Carter. These are designed to disrupt the group’s command-and-control capability.

Cyber-enabled operations involve elements of cyber with conventional military activity, such as Russia’s invasion of Georgia, said Crowther. This saw the use of conventional ground and air operations against the Georgian military in concert with cyber operations to attack command, control and communications. Contrast that to the attack against the Estonian government, which was a distributed denial-of-service attack against its infrastructure; that would be an entirely cyber operation, Crowther said.

He also discussed cyber-enabled special ops, citing a Pakistani operation as an example. Forces performing reconnaissance in Mumbai had GoPro cameras mounted to them to survey the routes for intel on terrain. During the execution phase, which was remotely run from Pakistan, mission controllers monitored traditional and social media in India, steering the teams away from Indian security forces.

Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.

More In AUSA