It was announced this week that the Department of Defense has released an unclassified version of its joint military doctrine for cyberspace operations. The document was originally released internally by the joint chiefs of staff in February 2013.
The recently released document builds upon a publication originally sent out in 2006 known as the national military strategy for cyberspace operations. According to Federal News Radio contributor Jared Serbu, the cyber doctrine, which until recently was scattered across more than a dozen different joint publications and service-specific documents, is clearly an attempt by the DoD to consolidate its intelligence on the issue into one cohesive and concise document.
The doctrine argues that offensive cyber operations need to be carefully controlled in response to the international community’s growing reliance on the Internet. It also provides a straightforward definition of offensive cyber operations as actions “intended to project power by the application of force in and through cyberspace.” The definition offers an opportunity to codify an offensive cyber operation, which builds into the chain of command for military operations such as those the U.S. is currently engaged in with the Islamic State.
The federal government’s position that grants the department of Homeland Security with lead authority for defending civilian agencies and private sector networks is reaffirmed through the doctrine, although a stipulation is included that allows other entities to take precedence if specified by a presidential directive or an order from unnamed “standing authorities.”
New era of cyber warfare
While the military’s day-to-day defensive cyber mission is usually described by the Pentagon as being mostly comprised of passive counter-measures used to defend the country’s networks from malicious actors, the doctrine clarifies that there are certain rules of engagement that enable the DoD to attack back as part of those defensive actions that “may rise to the level of use of force,” Serbu reported. The doctrine also specifies that while operations are being conducted in cyberspace, the Law of War should not be ignored. Cyberattacks launched by the U.S. can only be conducted against military targets.
“Access to the Internet provides adversaries the capability to compromise the integrity of U.S. critical infrastructures in direct and indirect ways,” the document stated. “These characteristics and conditions present a paradox within cyberspace: the prosperity and security of our nation have been significantly enhanced by our use of cyberspace, yet these same developments have led to increased vulnerabilities and a critical dependence on cyberspace, for the U.S. in general and the joint force in particular.”
As FCW contributor Sean Lyngaas noted, there is no single document that serves as the authority on the military’s cyber operations, but the cyber doctrine is one of multiple publications that form a body of work that informs the creation of U.S. policy.