Military Review English Edition May-June 2014 | Page 13
OFFENSIVE CYBERSPACE OPERATIONS
planning. However, successful integration of OCO
can enable a JTF to expand its reach beyond what
traditional fires assets would allow, and to husband
those assets for more suitable targets.
Consolidated legal review. The legal challenges
facing a JTCB seem daunting, but the board can
address them in a way that satisfies the combatant
commander’s requirements. While the details of
rules of engagement and target legitimacy reside
in the realm of law, it is, especially with new technologies, a subjective field. The use of two distinct
legal processes—in the target development and
prioritization process described in Joint Publication 3-60 and the acquisitions process described in
DODD 5000.01—to approve the development and
employment of a cyber weapon is redundant and
overuses scarce legal resources.
Instead, USCYBERCOM should conduct
both legal reviews. The legal review during
target development and prioritization should be
skipped for cyberspace targets. USCYBERCOM
should conduct an initial and final LOAC review
while coordinating with the JTCB during the
cyber weapon development. Moreover, since
cyber weapons are custom crafted to engage a
specific target, the legal team can conduct the
legal reviews mandated by DODD 5000.01 as
well as target validation. USCYBERCOM, in
coordination with the cyberspace representative,
should have the technical expertise to review
and assist in the weapon development. This will
enhance the effectiveness of OCO development
and employment. Furthermore, since the legal
review team is not part of the combatant command, there is less opportunity for “group think”
or command influence to warp the process.
Conclusion
OCO offer potent tools for a combatant command or JTF commander. However, our own internal friction—manifested as misunderstanding,
inaccessibility, and slowly evolving processes—
has not allowed us to take full advantage of these
capabilities. None of the solutions described above
are particularly costly, nor do they involve purchasing equipment or adding to the force structure.
Rather, they focus on developing our people and
processes so they are more prepared to engage
an adversary in all domains. While implementing these solutions would be a long-term effort,
delaying implementation only would enable the
problem to fester, effectively denying use of OCO
to joint force commanders. MR
NOTES
1. Saul David, The Illustrated Encyclopedia of Warfare: From Ancient Egypt to
Iraq (London: DK Publishing, 2012), 95.
2. Sascha-Dominik Bachmann, “Hybrid Threats, Cyber Warfare and NATO’s
Comprehensive Approach for Countering 21st Century Threats—Mapping the New
Frontier of Global Risk and Security Management,” Amicus Curiae 88 (January 2012).
3. Mark Landler and John Markoff, “After Computer Siege in Estonia, War Fears
Turn to Cyberspace,” New York Times (29 May 2007).
4. Ibid.
5. Joshua Davis, “Hackers Take Down the Most Wired Country in Europe,” Wired.
com (21 August 2007), .
6. James P. Farwell and Rafal Rohozinski, “Stuxnet and the Future of Cyber War,”
Survival: Global Politics and Strategy 53 , no. 1 (January 2011): 23-40.
7. Stephen W. Korns and Joshua E. Kastenburg, “Georgia’s Cyber Left Hook,”
Parameters 38, no. 4 (Winter 2008-2009).
8. Eli Jellenc, quoted in Iain Thomson, “Georgia Gets Allies in Russian Cyberwar,”
Vnunet.com (12 August 2008), ; see also John Markoff, “Before the Gunfire, Cyberattacks,” New York Times (12 August 2008), .
9. Mark Clayton, “How Stuxnet Cyber Weapon Targeted Iran Nuclear Plant,” The
Christian Science Monitor (16 November 2010): 4.
10. Farwell and Rohozinski, 23-40.
11. Ralph Langner, as reported in Clayton, 4.
12. Stephenie Gosnell Handler, “The New Cyber Face of Battle: Developing a
Legal Approach to Accommodate Emerging Trends in Warfare,” Stanford Journal
of International Law 48, no. 1 (Winter 2012): 209.
13. Anoop Singal and Ximming Ou, Security Risk Analysis of Enterprise Net-
MILITARY REVIEW
May-June 2014
works Using Probabilistic Attack Graphs (Gaithersburg, MD: NIST Interagency
Report 7788, National Institute for Standards and Technology, U.S. Department of
Commerce, August 2011).
14. Joint Publication 3-60, Joint Targeting (Washington, DC: U.S. Government
Printing Office [GPO], 31 January 2013), Figure II-2.
15. Eric Schmitt and Thom Shanker, “U.S. Debated Cyberwarfare in Attack Plan
on Libya,” New York Times (17 October 2011). .
16. Nicolas Falliere, Liam Murchu, and Eric Chien, W32.Stuxnet Dossier
(Cupertino: Symantec Corporation, 2011), .
17. Ibid.
18. Rene G. Rendon and Keith F. Snider, Management of Defense Acquisition
Projects (Reston, VA: American Institute of Aeronautics and Astronautics, 2008), 66.
19. Falliere, Murchu, and Chien, 3.
20. Stewart A. Baker and Charles Dunlap Jr., “What Is the Role of Lawyers in
Cyberwarfare?” ABA Journal (1 May 2012). .
21. Ibid.
22. Department of Defense Directive 5000.01, The Defense Acquisition System
(Washington, DC: GPO, 12 May 2003), 7.
23. U.S. Air Force, Air Force Instruction 51-402: Legal Reviews of Weapons and
Cyber Capabilities (Washington, DC: GPO, 27 July 2011), 2.
24. Baker and Dunlap Jr.
25. Debra Van Opstal, “‛Aha’ Findings from the Workshop on Securing the Smart
Grid: Best Practices in Supply Chain Security, Integrity, and Resilience,” Center for
Critical Infrastructure Protection and Homeland Security 11, no. 2 (August 2012).
26. Ibid.
11