MJ
Uploaded byMikko Jakonen
1,992 views

The Elements of Offensive Cyber Warfare Operations

This document outlines a concept of operations for offensive cyber warfare, focusing on navigation within allocated information spaces through a framework that encompasses target recognition, payload delivery, and execution. It emphasizes the need for tactical interoperability across varied domains, contrasting the non-linear, asymmetric nature of cyber maneuvering with kinetic warfare principles. The operational theory and various elements, including command & control, intelligence, and deployment, are essential for effective offensive cyber operations targeting adversaries' information systems.

Embed presentation

Downloaded 98 times
PUBLIC The Elements of Offensive Cyber Warfare Operations An excerpt Mikko Jakonen 19th of September 2013
Abstract This document defines a concept of operations for cyber warfare in targeting, accessing and running operations within allocated information space. Maneuvering offensive operations in suchan information space requires a framework to handle operational tasks such as target recognition, payload delivery and execution. The joint requirements such as planning and tasking with other inter-operable dimensions make things very difficult without such a framework approach. In the worst case each of the elements is being handled in un-coordinated manner, rendering effects of potential capabilities low and simultaneously possessing a threat for manipulating organizations. Based on the understanding shown, offensive cyber warfare operates quite differently compared to its kinetic counterparts. It creates its own operational theory and models not directly aligned with others. However, the need for tactical interoperability is obvious but quite controversial. Offensive capabilities in the larger context up to a specific mission area for other domains and disciplines. This breaks the uniform model. Please note that this is excerpt from larger study related to maneuvering and tactics in cyber warfare. It focuses only on elements that can be found in offensive capabilities. Keywords Cyber warfare, tactics, maneuvering, intel, deployment, framework, @mikk0j
PUBLIC Table of Contents Table of Contents .............................................................................................................................................. 4 Operational theory ......................................................................................................................................... 5 Information space .......................................................................................................................................... 6 Tactical space ................................................................................................................................................ 7 Maneuvering within tactical space ............................................................................................................ 8 Time as a constraint in tactical space ........................................................................................................ 8 Tactical and technical interoperability .......................................................................................................... 8 Maneuvering in tactical space ....................................................................................................................... 9 Elements of Cyber Warfare Operations....................................................................................................... 10 Target....................................................................................................................................................... 11 Command & Control ............................................................................................................................... 11 Playbook and scenarios ........................................................................................................................... 11 Tasking and Planning .............................................................................................................................. 12 Intel .......................................................................................................................................................... 12 Deployment ............................................................................................................................................. 13 Information flows .................................................................................................................................... 13 Capability areas ....................................................................................................................................... 13 Enabling and supporting elements ........................................................................................................... 14 4
PUBLIC Operational theory Operational theory of offensive cyber warfare constructs its brain, heart and its self-regulating functions constructing the aim. The aim is the predetermined definition in which the effect is reflected by its entire accomplishment before its taking a place. That being said, aim constitutes both critical path and the success vector for operations happening inside information space. Compared to kinetic warfare, the system does not create controlled disequilibrium between general aim and specific missions, as there are only specific or ancillary “tied” missions. Volumetric mechanisms cannot be counted as attaching force. War is an undertaking which must be coordinated from the highest levels of policymaking to the basic levels of execution1. Therefore all the layers of operational art that inherit the policy must translate to broad divisions of activities in preparation and conducting war. Offensive cyber warfare conducts various types of maneuvers simultaneously or successively according to concept or plan aimed to accomplish goals in theatre; the targeted information space in a strategic or operational direction in predetermined period of time. Tactical interoperability with offensive capabilities is a specific mission area for other domains and disciplines, not to be utilized in generalized terms. This underpins the nature of offensive cyber maneuvering very close to strategic objectives. Figure 1 Aligning operational theory with offensive maneuvering To verify the operational theory of the offensive part of cyber warfare is solid we must look into characteristics of the framework in display:     1 Offensive cyber warfare reflects cognitive tension and transpires from general orientation ALWAYS towards the strategic aim, releasing from single mission. Computerized offensive capability is product of “production line”, thus industrialized and possess dynamic interaction with information space and strategic aim. Computer programs used to interact with information space are synergetic by nature. Offensive operations are conducted towards adversary. Shimon Naveh, In Pursuit of Military Excellence (pg.1964) 5
PUBLIC     Information space is chaotic by its definition. All operations conducted by and with cyber warfare capabilities are non-linear, asymmetric, hierarchically structured and expressing depth by maneuvering nature. Offensive maneuvers can cause unexpected interactions between maneuvering and attrition expressing its unique nature compared to kinetic world. Every system embraces erosion thus making every interaction important and highly effect driven. Operational plan of offensive cyber capability is never completely independent entity as it relies heavily on deployment and intel. However, including these elements with operational plan, the outcome can and should be used as autonomous entity within adversary controlled information space. In addition, planning relies heavily on strategic definition of aims, restrictions and allocation of resources. Offensive cyber warfare may suffer from operational shock quite easily rendering it unable to accomplish its aims. Rendering such threat minimum, stretching operational loops over adversaries is loops key success factors on utilizing such capability. Information space Information space comprises of the full spectrum of connected or separate information capabilities and domains, which are under administration of different parties. Full spectrum information space does not limit information being structured, unstructured or being on-wire or over-the-air transferrable, or not even handled by different chunks of electromagnetic communications. It is equally available in depth, height and in width. Information space width is determined by ability to utilize and consume information resources in own and other parties’ information space. Depth is determined by the dominance within targeted information space. As information space allows height value as attribute for information, it can be defined as viability of information or level of access towards the information space. Figure 2 Full Spectrum Information Space 6
PUBLIC Own information space is seen as controlled information space as long as actor has dominance over it. Actors may create joint information space(s), which are accessible and consumable by other defined operators. The adversary controlled information space is surrounded with control capabilities and may exposure a surface being used to access targeted, allocated information space required by the operation and task. This surface exposure is 2-ways; it resides on the outer perimeter of the adversary information space and it can be found in operationally targeted information space. Tactical space A Cyber domain is information space which extends to other warfare domains in kinetic space, air, ground and sea. Cyber domain declares possibilities for maneuvering, information usage and usable options for operations. On cyber domain, each target has its own tactical depth, width and height of information space where maneuvering is possible. They own different view to its capabilities, exposure and vulnerabilities. Among own space, there is JOINT TACTICAL space which comprises over coupled companion spaces AND kinetic world space. Depending interoperability, the coupling may be strong or loose and have different kind of options – such as limited maneuverability. The spaces adjoined together complete larger tactical space where cyber warfare maneuvering may conclude. Figure 3 Tactical width, height and depth Traditional XYZ-dimensioning can be used to define the space. Joint tactical space may grant resilience, adaptability and yield for operations. On the other hand, same space may defect for the same basic reasons: resilience is only as strong as the weakest link, adaptability is created by dynamic and capable resourcing options and yield of information space is defined by the controllable space – which can vary quite substantially. 7
PUBLIC Maneuvering within tactical space Figure 4 Example of making insertion on tactical space Moving in information space allows step-by-step insertion to gain the objectives within adversary space. It should be noted that offensive cyber maneuvering may utilize kinetic world capabilities, such as progression in designated tasks to create forward looking network visibility. The ability to move in all directions makes it possible to create clear model for achieving the desired objective in timely fashionable manner IF all the precursors are positive and designated time-slot can be managed. Hardly ever attack surface allows such exposure that objective can be reached with single insertion. While maneuverability allows great possibilities it simultaneously demands strict discipline in elements, such as planning, tasking, intel and in deployment. Time as a constraint in tactical space Time can be seen as a constraint and attribute for operations. If affects in all operational angles and in parallel delimits and allows the ingenious models and capabilities may be produced on-the-fly to gain the objectives. it is not matter of slow or fast, purely matter of speed. More precisely, matter of controlling the time allows mastering the rhythm of battlespace. Time can be used to influence adversary to cause confusion and disorientation. Due the critical role of time, timing and controlling the rhythm of battlespace based on time, the maneuvering simultaneous operations in different domains emphasizes focus greatly on cyber environment. Tactical and technical interoperability Offensive cyber-capability requires a continuous process of collecting vulnerabilities, creating exploits, platforms and payloads (detonable or intel) and building a network of deniable hosts on available information space. As these are low cost operations when compared to kinetic military capabilities, it can be argued that these preparations should be made even if the current doctrine does not include use of offensive cyber-capabilities. 2 The need for interoperability is obvious but making, quite controversially, offensive capabilities in large context a specific mission area for other domains and disciplines. This breaks the uniform model. 2 Kiravuo, Särelä (pg. 10) 8
PUBLIC Maneuvering in tactical space Maneuvering has been central concept in warfare for thousands of years.3 Alike in kinetic counterparts, in cyber domain most important activities are to operate inside adversary’s a) observationorientation-decision-action (OODA) loops, b) get inside mind-timepenetrate preset or alternative objectives on information-moral-mental-physical space in order to isolate adversary from its dominance over its controlled information space. Cyber maneuver allows utilization of force to capture, disrupt, deny, consume, degrade, destroy or manipulate information and its confidentiality, availability, integrity and /or origins to gain advantage over adversaries’ control of allocated information space. Cyber maneuver does not necessary lead to manipulation of kinetic/physical assets, but it may allow such complete. As cyber capabilities are mainly used as specialized or strategic asset, they should be undertaken to give actor a competitive advantage over another. Speed Stealth Limited attribution Operational reach Rapid concentration (volumetricity) Distributed Access & Control Non-serial Concentrated Dynamic Component based Platformized Exploitive Positional Influencing Figure 5 Characteristics and features of cyber weapon used with maneuvers Cyber warfare allows great deal stratagems (or ruses) due the nature of its domain. Most of the kinetic world stratagems support directly maneuvering in cyber space, some of them require support from kinetic world and some of them allow influencing towards kinetic world. Example below: Making sudden movement in new direction, to and from irregular and unpredictable pattern to confuse adversary. Figure 6 Example 1step maneuver to misdirect adversary 3 Applegate et al, CyCon presentation ”The principle of Maneuver in Cyber Operations” 9
PUBLIC Elements of Cyber Warfare Operations Cyber weapons and their architecture is one part of the cyber warfare operations. Referencing to kinetic world, they form the ammunition and the platform. Running the cyber platform however differs greatly from utilizing cannon with kinetic ammunition. The platform is inseparable from command structure, and while not requiring constant communications – it is part of the munitions side of the equation. Cyber weapons shelf time is very low. All operations should be run on the assumption that any deployed weapon will be found, analyzed and reverse-engineered. Modules deployed in weapons should be grouped in such a way, that when a weapon connected to its creators, it does not reveal all deployed weapons. This creates operational problem for running such offensive cyber space operation efficiently and consistently. 4 Ability to maneuver in information space utilizing cyber warfare aim requires a framework eventually executing the strategic campaign set for the dimension. In its paramount requirement, the elements making the offensive cyber warfare engine running must be constructed so that maneuvering in dynamic, adversary controlled information and tactical depth is possible. The operational theory states the operational guidelines for the system. However, many of the constraints inherits from the technological abilities and capabilities held by the actor. Figure 7 Elements of Offensive Cyber Warfare Operations 4 Kiravuo, Särelä (pg. 10) 10
PUBLIC Target Objectives for offensive cyber operation – being it purely based on intel information gathering or influencing on target system, has been set prior its engagement on operational level. Typical objective to use cyber capabilities is some profound strategic reason, which a) needs to be done in some exact time period b) allows enough time for the operational preparedness and c) carries high value – high risk potential and most likely d) is located out of the physical reach of manpower. There must be some sort of access towards the exposure for the engagement in question prior any active operation starts. Preparing cyber influence needs time thus making it suitable for precision effect driven functions. By following relaxed decision making model based on OODA, the operational loop extends around target information space, making adversary loop part of the cycle.5 Figure 8 Target element Target has two operational inlets; one for intel and one for deployment. Intel means variety of things on different phases of operation. First, it can be purely target recognition and network information exploitation. Second, it can be adversary movement tracking and information gathering. This allows intel to be highly maneuverable tool within target information space. Simultaneously, intel is something to take the ultimate care away from adversary’s reach. Second inlet, the deployment, allows interaction of variety operational capabilities and influences within target information space. This element deploys all platforms, payloads and handles delivery options – such as electromagnetic spectrum, e.g. via network comms, wireless etc. AND kinetic, being it courier, airdrop, UAV and so on. Platforms may vary based on use-case requirements, however, each of the platforms carry at least some of the similar characteristics on maneuverability, comms. with command & control (C&C) structures and handling of payloads. Command & Control Every system needs ability to make decisions. The operational aspects of CC may vary per ongoing mission and may have sub-units to handle specific or long lasting operations. CC assumes the decision making point supported by ACTIVE intel and deployment activities and PARALLEL tasking and planning activities. Playbook and scenarios Playbook and scenario guide among with tasking manual is used to preplan certain maneuvers possible with enabling scenario and raise questions of potential unwilling action paths. Playbook contents are derived from strategic campaign. Being it how comprehensive, however, no playbook or static pre-described manual of 5 http://www.goalsys.com/books/documents/DESTRUCTION_AND_CREATION.pdf 11 Figure 9 Command & Control stack
PUBLIC operations should be taken into fully account as expanding information space allows n*n times maneuvering which potentially renders predefined, even localized scripts useless. Tasking and Planning Fast paced maneuvering and operational tempo demands able tasking model. Tasking element handles task specific resourcing and operator assignment, technical resources allocation in parallel with weapon targeting and scheduling of activities. Main function is the weapon, effect targeting based on the campaign demands and operational information retrieved through intel and current deployment activities. Tasking is highly scalable function. Figure 10 Tasking & Planning stack Planning creates “burn” and consumables for the resources, deployment platforms, payloads and delivery options. Those are to be utilized based on the current mission tasking portfolio. Planning (office) obtains capabilities required by the mission statement and offers immediate capabilities for current task running. Threat analysis has been integrated with capability acquisition function as they support naturally each other. Threat analysis creates requirements for capabilities to fulfill based on the assessment and external/internal immediate information feed, information exploitation and target recognition. Intel Intel is basically responsible on only 2 tasks: target recognition and data acquisition on foreign information space. Intelligence on adversary data, formation and activities is everything as gathered and then disseminated information forms the backbone of operations carried out by other elements. The ability being able to deliver effect or influence on adversary controlled domain is directly coordinated by the effectiveness of intel information, thus demanding it to be as precise as possible. Kinetic world may allow even large mishaps with disseminated information, but customized piece of software running through maneuvering cycle does most likely not. To make comparison with kinetic world: precise adversary troop location, current capabilities and support. Intel has another role as well. It is constantly in-contact and in-the-loop element with outside information space. It feeds information to command and control structures, mission planning- and tasking. It is the early watchdog of observation and orientation within the loop. Payloads maintained by platforms may contain elements of intel capabilities as effect. 12
PUBLIC Figure 11 Intel 6 Deployment elements Deployment Platforms, payloads and delivery of them are on deployment element responsibilities. Deployment oversees and controls campaign related insertion or evasion of offensive effects through defined attack surface. After target is being acquired, deployment prepares designated platform to produce task and defines steps to be taken to enable required weapon through exposured vulnerability. Making cyber warfare scalable, deployment may compile 6the needed payload from other components. Some of the deliverables may contain vulnerability search modules, or other specialized “warheads.” 7 Delivery of weapon (delivery method + platform + payload, delivery method + payload, or pure payload) may require kinetic counterpart (example: Stuxnet technology demonstration) to achieve its mission in areas whereas required electromagnetic insertion is impossible. Information flows Both TASKING and PLANNING elements inherit intelligence and deployment information feed. This is paramount. In parallel, both elements respectfully administer intel and deployment elements on interfacing target. Command & Control (CC) structure receive only initial status and changes in adversary information space. This cuts down towards the necessities. Capability areas Offensive cyber warfare assumes full blown information space maneuverability. Therefore functions such as information control, network exploitation and access methods are vital. Without ability to control campaign related misinformation, propaganda and/or collaboration part of the maneuvering abilities seize to exist. Network exploitation and access methods are equally important for recognizing, penetrating and controlling access on adversary information space and beyond it while maneuvering in tactical space. Capabilities and vulnerabilities – production line that must exceed artisan in scalability, integration and assembly of payloads where needed. Making offensive cyber warfare scalable, many of the capability areas must be able to automate its functions. All capability areas represent repositories of such discipline area, being active part of the development cycle together with planning and tasking elements. 6 7 Roelke, DARPA cyber colloquim on ”Scalable cyberwarfare, 2009” Kiravuo et al, 2012 13
PUBLIC Potentially the best example of such capabilities is the deployment composition. The ‘warhead’ may contain vulnerability or capability to seek certain information and deliver it to the management engine for further processing allowing creation of new, purpose build payload. Another great example of capability is ‘volumetric’ data, which can be used to consume or disable adversary applications with a large amount of data being pushed towards targeted structure thus maneuvering for example Denial of Service or utilization of advanced evasion capabilities. Such capability can and most often is being used in conjunction (stratagems) with others, more pinpoint accuracy weapons to create cover flux data while actually deploying in stealth. Enabling and supporting elements The example showing some of the necessary and auxiliary support services needed to run focused campaign. Studies and experiences have shown that even a simple thing like shared clipbook can make a difference in timely fashionable operations. 14

More Related Content

PDF
Cyber Operation Planning and Operational Design_Yayımlandı
byGovernment
 
PDF
Army plan for Cyber Offensive Operations -- ESF 18
byDavid Sweigert
 
PDF
US military report on cyber guard use of National Guard
byDavid Sweigert
 
PPTX
Accelerator Innovation Network Event: Session 2
byHeather-Fiona Egan
 
PDF
IntegratedAirMissileDefense18[593665]
byArt Loureiro (open to tier-1 roles)
 
PDF
Ballistic Missile Defense Review February 2010
byDepartment of Defense
 
PPT
Eidws 109 communications
byIT2Alcorn
 
PPTX
Seftas.george
byNASAPMC
 
Cyber Operation Planning and Operational Design_Yayımlandı
byGovernment
 
Army plan for Cyber Offensive Operations -- ESF 18
byDavid Sweigert
 
US military report on cyber guard use of National Guard
byDavid Sweigert
 
Accelerator Innovation Network Event: Session 2
byHeather-Fiona Egan
 
IntegratedAirMissileDefense18[593665]
byArt Loureiro (open to tier-1 roles)
 
Ballistic Missile Defense Review February 2010
byDepartment of Defense
 
Eidws 109 communications
byIT2Alcorn
 
Seftas.george
byNASAPMC
 

What's hot

PDF
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
byDroneSec
 
PDF
Agile and the DoD
byJohn Goodpasture
 
PDF
DRONES THE NEW WEAPON OF CHOICE - ALSO FOR HACKERS
byReputelligence
 
PPTX
Seacurity Hacking for Defense 2017
byStanford University
 
PDF
BMNT's Hacking for Defense - Mission Results 2016
byBMNT Partners
 
PPT
Tgs capabilities brief
byRobert Wolfe-Ralph
 
PDF
Network Centric Warfare - An Introduction
byD.A. Mohan
 
PPTX
Protocol One H4D 2020 Lessons Learned
byStanford University
 
PPTX
Broadcom - Hacking for Defense - Stanford 2017
byStanford University
 
PPTX
Innovation fund themed competition webinar - session 2
byHeather-Fiona Egan
 
PDF
Weekly UAV Threat Intelligence - DroneSec Notify #42
byDroneSec
 
PPTX
Time Flies H4D 2020 Lessons Learned
byStanford University
 
PDF
Team SPAWAR Strategic Plan 2010 2015
bySPAWAR Systems Center Pacific
 
PPTX
Accelerator First Innovation Fund network event Session 1
byDefence and Security Accelerator
 
PDF
25 Feb 2014 CDE enduring challenge competition briefings
byDefence and Security Accelerator
 
PPTX
Network rail counter metal theft aerial platform 20111111
byCOHORTSLLP
 
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
byDroneSec
 
Agile and the DoD
byJohn Goodpasture
 
DRONES THE NEW WEAPON OF CHOICE - ALSO FOR HACKERS
byReputelligence
 
Seacurity Hacking for Defense 2017
byStanford University
 
BMNT's Hacking for Defense - Mission Results 2016
byBMNT Partners
 
Tgs capabilities brief
byRobert Wolfe-Ralph
 
Network Centric Warfare - An Introduction
byD.A. Mohan
 
Protocol One H4D 2020 Lessons Learned
byStanford University
 
Broadcom - Hacking for Defense - Stanford 2017
byStanford University
 
Innovation fund themed competition webinar - session 2
byHeather-Fiona Egan
 
Weekly UAV Threat Intelligence - DroneSec Notify #42
byDroneSec
 
Time Flies H4D 2020 Lessons Learned
byStanford University
 
Team SPAWAR Strategic Plan 2010 2015
bySPAWAR Systems Center Pacific
 
Accelerator First Innovation Fund network event Session 1
byDefence and Security Accelerator
 
25 Feb 2014 CDE enduring challenge competition briefings
byDefence and Security Accelerator
 
Network rail counter metal theft aerial platform 20111111
byCOHORTSLLP
 

Viewers also liked

PDF
Paul Mullins Resume
byPaul Mullins
 
PPTX
Cyber Conflicts - Time for Reality Check
byJarno Limnéll
 
PDF
Ew asia cw and ew joint space for comments (14 sep2016)
byTBSS Group
 
PPTX
The Importance of Educating the Force on Cyberspace Operations: TechNet Augus...
byAFCEA International
 
PPTX
Office Chief of Cyber Personnel Presentation: TechNet Augusta 2015
byAFCEA International
 
PPTX
Cyber Commandant Presentation: TechNet Augusta 2015
byAFCEA International
 
PDF
ISIS and Cyber Terrorism
byLondon School of Cyber Security
 
PPT
Tracking and implications of stuxnet v21
byJorge Sebastiao
 
PPTX
Cyber Situational Awareness: TechNet Augusta 2015
byAFCEA International
 
PPT
Computer Attack Stratagems
byKarl Wolfgang
 
PDF
Cyberwarfare and Aggressiveness in Cyberspace
byJarno Limnéll
 
PPTX
Cyber Ethics: TechNet Augusta 2015
byAFCEA International
 
PDF
IdM, salaus ja cyberspace - Läpinäkyvä käyttäjähallinta ja salaus kyberulottu...
byMikko Jakonen
 
PDF
Tiedonhallinnan haasteista tietovuotojen estämiseen - Information Assurance -...
byMikko Jakonen
 
PPTX
Rebranding IO (Information Operations) June 2013
byUlrich Janßen
 
PPTX
Infowarcon 2014 ME Cyber wars v13
byJorge Sebastiao
 
PPSX
How does it work
bycarlosrodriguezfernandez
 
PPTX
HA10 – Task 1
byDeightonater
 
PDF
No Cyber for you CONOPLAN 3502
byBill Hagestad II
 
PPSX
The russian military and ukraine (v.m.)
byValeriu Margescu
 
Paul Mullins Resume
byPaul Mullins
 
Cyber Conflicts - Time for Reality Check
byJarno Limnéll
 
Ew asia cw and ew joint space for comments (14 sep2016)
byTBSS Group
 
The Importance of Educating the Force on Cyberspace Operations: TechNet Augus...
byAFCEA International
 
Office Chief of Cyber Personnel Presentation: TechNet Augusta 2015
byAFCEA International
 
Cyber Commandant Presentation: TechNet Augusta 2015
byAFCEA International
 
ISIS and Cyber Terrorism
byLondon School of Cyber Security
 
Tracking and implications of stuxnet v21
byJorge Sebastiao
 
Cyber Situational Awareness: TechNet Augusta 2015
byAFCEA International
 
Computer Attack Stratagems
byKarl Wolfgang
 
Cyberwarfare and Aggressiveness in Cyberspace
byJarno Limnéll
 
Cyber Ethics: TechNet Augusta 2015
byAFCEA International
 
IdM, salaus ja cyberspace - Läpinäkyvä käyttäjähallinta ja salaus kyberulottu...
byMikko Jakonen
 
Tiedonhallinnan haasteista tietovuotojen estämiseen - Information Assurance -...
byMikko Jakonen
 
Rebranding IO (Information Operations) June 2013
byUlrich Janßen
 
Infowarcon 2014 ME Cyber wars v13
byJorge Sebastiao
 
How does it work
bycarlosrodriguezfernandez
 
HA10 – Task 1
byDeightonater
 
No Cyber for you CONOPLAN 3502
byBill Hagestad II
 
The russian military and ukraine (v.m.)
byValeriu Margescu
 

Similar to The Elements of Offensive Cyber Warfare Operations

PDF
Cyber weapons 1632578286
byUdaysharma3
 
PPTX
Cyber Space Operation- Offensive Cyber Space Operation
byRubal Sagwal
 
PDF
Case studies in cybersecurity strategies
byEyesOpen Association
 
PPT
Network Centric Warfare
byVeerPratapSingh73
 
PDF
Computers as weapons of war
byMark Johnson
 
PDF
USSTRATCOM Cyber & Space 2011 Herbert Lin
byAFCEA International
 
PDF
Information warfare and information operations
byClifford Stone
 
PDF
In cyber, the generals should lead from behind - College of Air Warfare - Puk...
byPukhraj Singh
 
PPTX
Information Warfare in e-government .pptx
byzaidameen5
 
PDF
The Basics of Cyber Warfare_ Understanding the Fundamentals of Cyber Warfare ...
bySayeeKumarMadhesh
 
PDF
Understanding the 'physics' of cyber-operations - Pukhraj Singh
byPukhraj Singh
 
PDF
Pa862
byFrancesco Pompili
 
PDF
Cyberoperations202310221.pdf
bymolej86513
 
PDF
Changing Domains - Cyber and Information Domains 2024 lecture.pdf
byBenjamin Ang
 
PDF
" Operacje militarne w cyberprzestrzeni, czyli jak wojsko realizuje zadania w...
byPROIDEA
 
PPTX
The Information Warfare: how it can affect us
byLuis Borges Gouveia
 
DOCX
Cyber War
byPapadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
DOCX
Cyberspace_New Operational Domain
byPapadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
PPTX
Cyber Challenges in a Hierarchical Culture
byJoshua L. Davis
 
PDF
La issa-2015-cyberwar-ranum
byISSA LA
 
Cyber weapons 1632578286
byUdaysharma3
 
Cyber Space Operation- Offensive Cyber Space Operation
byRubal Sagwal
 
Case studies in cybersecurity strategies
byEyesOpen Association
 
Network Centric Warfare
byVeerPratapSingh73
 
Computers as weapons of war
byMark Johnson
 
USSTRATCOM Cyber & Space 2011 Herbert Lin
byAFCEA International
 
Information warfare and information operations
byClifford Stone
 
In cyber, the generals should lead from behind - College of Air Warfare - Puk...
byPukhraj Singh
 
Information Warfare in e-government .pptx
byzaidameen5
 
The Basics of Cyber Warfare_ Understanding the Fundamentals of Cyber Warfare ...
bySayeeKumarMadhesh
 
Understanding the 'physics' of cyber-operations - Pukhraj Singh
byPukhraj Singh
 
Pa862
byFrancesco Pompili
 
Cyberoperations202310221.pdf
bymolej86513
 
Changing Domains - Cyber and Information Domains 2024 lecture.pdf
byBenjamin Ang
 
" Operacje militarne w cyberprzestrzeni, czyli jak wojsko realizuje zadania w...
byPROIDEA
 
The Information Warfare: how it can affect us
byLuis Borges Gouveia
 
Cyber War
byPapadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
Cyberspace_New Operational Domain
byPapadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
Cyber Challenges in a Hierarchical Culture
byJoshua L. Davis
 
La issa-2015-cyberwar-ranum
byISSA LA
 

Recently uploaded

PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PPTX
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
PPTX
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
PDF
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PPTX
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
cybercrime in Information security .pptx
byismaeelsahib032
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
The year in review - MarvelClient in 2025
bypanagenda
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 

The Elements of Offensive Cyber Warfare Operations

  • 1.
    PUBLIC The Elements ofOffensive Cyber Warfare Operations An excerpt Mikko Jakonen 19th of September 2013
  • 2.
    Abstract This document definesa concept of operations for cyber warfare in targeting, accessing and running operations within allocated information space. Maneuvering offensive operations in suchan information space requires a framework to handle operational tasks such as target recognition, payload delivery and execution. The joint requirements such as planning and tasking with other inter-operable dimensions make things very difficult without such a framework approach. In the worst case each of the elements is being handled in un-coordinated manner, rendering effects of potential capabilities low and simultaneously possessing a threat for manipulating organizations. Based on the understanding shown, offensive cyber warfare operates quite differently compared to its kinetic counterparts. It creates its own operational theory and models not directly aligned with others. However, the need for tactical interoperability is obvious but quite controversial. Offensive capabilities in the larger context up to a specific mission area for other domains and disciplines. This breaks the uniform model. Please note that this is excerpt from larger study related to maneuvering and tactics in cyber warfare. It focuses only on elements that can be found in offensive capabilities. Keywords Cyber warfare, tactics, maneuvering, intel, deployment, framework, @mikk0j
  • 4.
    PUBLIC Table of Contents Tableof Contents .............................................................................................................................................. 4 Operational theory ......................................................................................................................................... 5 Information space .......................................................................................................................................... 6 Tactical space ................................................................................................................................................ 7 Maneuvering within tactical space ............................................................................................................ 8 Time as a constraint in tactical space ........................................................................................................ 8 Tactical and technical interoperability .......................................................................................................... 8 Maneuvering in tactical space ....................................................................................................................... 9 Elements of Cyber Warfare Operations....................................................................................................... 10 Target....................................................................................................................................................... 11 Command & Control ............................................................................................................................... 11 Playbook and scenarios ........................................................................................................................... 11 Tasking and Planning .............................................................................................................................. 12 Intel .......................................................................................................................................................... 12 Deployment ............................................................................................................................................. 13 Information flows .................................................................................................................................... 13 Capability areas ....................................................................................................................................... 13 Enabling and supporting elements ........................................................................................................... 14 4
  • 5.
    PUBLIC Operational theory Operational theoryof offensive cyber warfare constructs its brain, heart and its self-regulating functions constructing the aim. The aim is the predetermined definition in which the effect is reflected by its entire accomplishment before its taking a place. That being said, aim constitutes both critical path and the success vector for operations happening inside information space. Compared to kinetic warfare, the system does not create controlled disequilibrium between general aim and specific missions, as there are only specific or ancillary “tied” missions. Volumetric mechanisms cannot be counted as attaching force. War is an undertaking which must be coordinated from the highest levels of policymaking to the basic levels of execution1. Therefore all the layers of operational art that inherit the policy must translate to broad divisions of activities in preparation and conducting war. Offensive cyber warfare conducts various types of maneuvers simultaneously or successively according to concept or plan aimed to accomplish goals in theatre; the targeted information space in a strategic or operational direction in predetermined period of time. Tactical interoperability with offensive capabilities is a specific mission area for other domains and disciplines, not to be utilized in generalized terms. This underpins the nature of offensive cyber maneuvering very close to strategic objectives. Figure 1 Aligning operational theory with offensive maneuvering To verify the operational theory of the offensive part of cyber warfare is solid we must look into characteristics of the framework in display:     1 Offensive cyber warfare reflects cognitive tension and transpires from general orientation ALWAYS towards the strategic aim, releasing from single mission. Computerized offensive capability is product of “production line”, thus industrialized and possess dynamic interaction with information space and strategic aim. Computer programs used to interact with information space are synergetic by nature. Offensive operations are conducted towards adversary. Shimon Naveh, In Pursuit of Military Excellence (pg.1964) 5
  • 6.
    PUBLIC     Information space ischaotic by its definition. All operations conducted by and with cyber warfare capabilities are non-linear, asymmetric, hierarchically structured and expressing depth by maneuvering nature. Offensive maneuvers can cause unexpected interactions between maneuvering and attrition expressing its unique nature compared to kinetic world. Every system embraces erosion thus making every interaction important and highly effect driven. Operational plan of offensive cyber capability is never completely independent entity as it relies heavily on deployment and intel. However, including these elements with operational plan, the outcome can and should be used as autonomous entity within adversary controlled information space. In addition, planning relies heavily on strategic definition of aims, restrictions and allocation of resources. Offensive cyber warfare may suffer from operational shock quite easily rendering it unable to accomplish its aims. Rendering such threat minimum, stretching operational loops over adversaries is loops key success factors on utilizing such capability. Information space Information space comprises of the full spectrum of connected or separate information capabilities and domains, which are under administration of different parties. Full spectrum information space does not limit information being structured, unstructured or being on-wire or over-the-air transferrable, or not even handled by different chunks of electromagnetic communications. It is equally available in depth, height and in width. Information space width is determined by ability to utilize and consume information resources in own and other parties’ information space. Depth is determined by the dominance within targeted information space. As information space allows height value as attribute for information, it can be defined as viability of information or level of access towards the information space. Figure 2 Full Spectrum Information Space 6
  • 7.
    PUBLIC Own information spaceis seen as controlled information space as long as actor has dominance over it. Actors may create joint information space(s), which are accessible and consumable by other defined operators. The adversary controlled information space is surrounded with control capabilities and may exposure a surface being used to access targeted, allocated information space required by the operation and task. This surface exposure is 2-ways; it resides on the outer perimeter of the adversary information space and it can be found in operationally targeted information space. Tactical space A Cyber domain is information space which extends to other warfare domains in kinetic space, air, ground and sea. Cyber domain declares possibilities for maneuvering, information usage and usable options for operations. On cyber domain, each target has its own tactical depth, width and height of information space where maneuvering is possible. They own different view to its capabilities, exposure and vulnerabilities. Among own space, there is JOINT TACTICAL space which comprises over coupled companion spaces AND kinetic world space. Depending interoperability, the coupling may be strong or loose and have different kind of options – such as limited maneuverability. The spaces adjoined together complete larger tactical space where cyber warfare maneuvering may conclude. Figure 3 Tactical width, height and depth Traditional XYZ-dimensioning can be used to define the space. Joint tactical space may grant resilience, adaptability and yield for operations. On the other hand, same space may defect for the same basic reasons: resilience is only as strong as the weakest link, adaptability is created by dynamic and capable resourcing options and yield of information space is defined by the controllable space – which can vary quite substantially. 7
  • 8.
    PUBLIC Maneuvering within tacticalspace Figure 4 Example of making insertion on tactical space Moving in information space allows step-by-step insertion to gain the objectives within adversary space. It should be noted that offensive cyber maneuvering may utilize kinetic world capabilities, such as progression in designated tasks to create forward looking network visibility. The ability to move in all directions makes it possible to create clear model for achieving the desired objective in timely fashionable manner IF all the precursors are positive and designated time-slot can be managed. Hardly ever attack surface allows such exposure that objective can be reached with single insertion. While maneuverability allows great possibilities it simultaneously demands strict discipline in elements, such as planning, tasking, intel and in deployment. Time as a constraint in tactical space Time can be seen as a constraint and attribute for operations. If affects in all operational angles and in parallel delimits and allows the ingenious models and capabilities may be produced on-the-fly to gain the objectives. it is not matter of slow or fast, purely matter of speed. More precisely, matter of controlling the time allows mastering the rhythm of battlespace. Time can be used to influence adversary to cause confusion and disorientation. Due the critical role of time, timing and controlling the rhythm of battlespace based on time, the maneuvering simultaneous operations in different domains emphasizes focus greatly on cyber environment. Tactical and technical interoperability Offensive cyber-capability requires a continuous process of collecting vulnerabilities, creating exploits, platforms and payloads (detonable or intel) and building a network of deniable hosts on available information space. As these are low cost operations when compared to kinetic military capabilities, it can be argued that these preparations should be made even if the current doctrine does not include use of offensive cyber-capabilities. 2 The need for interoperability is obvious but making, quite controversially, offensive capabilities in large context a specific mission area for other domains and disciplines. This breaks the uniform model. 2 Kiravuo, Särelä (pg. 10) 8
  • 9.
    PUBLIC Maneuvering in tacticalspace Maneuvering has been central concept in warfare for thousands of years.3 Alike in kinetic counterparts, in cyber domain most important activities are to operate inside adversary’s a) observationorientation-decision-action (OODA) loops, b) get inside mind-timepenetrate preset or alternative objectives on information-moral-mental-physical space in order to isolate adversary from its dominance over its controlled information space. Cyber maneuver allows utilization of force to capture, disrupt, deny, consume, degrade, destroy or manipulate information and its confidentiality, availability, integrity and /or origins to gain advantage over adversaries’ control of allocated information space. Cyber maneuver does not necessary lead to manipulation of kinetic/physical assets, but it may allow such complete. As cyber capabilities are mainly used as specialized or strategic asset, they should be undertaken to give actor a competitive advantage over another. Speed Stealth Limited attribution Operational reach Rapid concentration (volumetricity) Distributed Access & Control Non-serial Concentrated Dynamic Component based Platformized Exploitive Positional Influencing Figure 5 Characteristics and features of cyber weapon used with maneuvers Cyber warfare allows great deal stratagems (or ruses) due the nature of its domain. Most of the kinetic world stratagems support directly maneuvering in cyber space, some of them require support from kinetic world and some of them allow influencing towards kinetic world. Example below: Making sudden movement in new direction, to and from irregular and unpredictable pattern to confuse adversary. Figure 6 Example 1step maneuver to misdirect adversary 3 Applegate et al, CyCon presentation ”The principle of Maneuver in Cyber Operations” 9
  • 10.
    PUBLIC Elements of CyberWarfare Operations Cyber weapons and their architecture is one part of the cyber warfare operations. Referencing to kinetic world, they form the ammunition and the platform. Running the cyber platform however differs greatly from utilizing cannon with kinetic ammunition. The platform is inseparable from command structure, and while not requiring constant communications – it is part of the munitions side of the equation. Cyber weapons shelf time is very low. All operations should be run on the assumption that any deployed weapon will be found, analyzed and reverse-engineered. Modules deployed in weapons should be grouped in such a way, that when a weapon connected to its creators, it does not reveal all deployed weapons. This creates operational problem for running such offensive cyber space operation efficiently and consistently. 4 Ability to maneuver in information space utilizing cyber warfare aim requires a framework eventually executing the strategic campaign set for the dimension. In its paramount requirement, the elements making the offensive cyber warfare engine running must be constructed so that maneuvering in dynamic, adversary controlled information and tactical depth is possible. The operational theory states the operational guidelines for the system. However, many of the constraints inherits from the technological abilities and capabilities held by the actor. Figure 7 Elements of Offensive Cyber Warfare Operations 4 Kiravuo, Särelä (pg. 10) 10
  • 11.
    PUBLIC Target Objectives for offensivecyber operation – being it purely based on intel information gathering or influencing on target system, has been set prior its engagement on operational level. Typical objective to use cyber capabilities is some profound strategic reason, which a) needs to be done in some exact time period b) allows enough time for the operational preparedness and c) carries high value – high risk potential and most likely d) is located out of the physical reach of manpower. There must be some sort of access towards the exposure for the engagement in question prior any active operation starts. Preparing cyber influence needs time thus making it suitable for precision effect driven functions. By following relaxed decision making model based on OODA, the operational loop extends around target information space, making adversary loop part of the cycle.5 Figure 8 Target element Target has two operational inlets; one for intel and one for deployment. Intel means variety of things on different phases of operation. First, it can be purely target recognition and network information exploitation. Second, it can be adversary movement tracking and information gathering. This allows intel to be highly maneuverable tool within target information space. Simultaneously, intel is something to take the ultimate care away from adversary’s reach. Second inlet, the deployment, allows interaction of variety operational capabilities and influences within target information space. This element deploys all platforms, payloads and handles delivery options – such as electromagnetic spectrum, e.g. via network comms, wireless etc. AND kinetic, being it courier, airdrop, UAV and so on. Platforms may vary based on use-case requirements, however, each of the platforms carry at least some of the similar characteristics on maneuverability, comms. with command & control (C&C) structures and handling of payloads. Command & Control Every system needs ability to make decisions. The operational aspects of CC may vary per ongoing mission and may have sub-units to handle specific or long lasting operations. CC assumes the decision making point supported by ACTIVE intel and deployment activities and PARALLEL tasking and planning activities. Playbook and scenarios Playbook and scenario guide among with tasking manual is used to preplan certain maneuvers possible with enabling scenario and raise questions of potential unwilling action paths. Playbook contents are derived from strategic campaign. Being it how comprehensive, however, no playbook or static pre-described manual of 5 http://www.goalsys.com/books/documents/DESTRUCTION_AND_CREATION.pdf 11 Figure 9 Command & Control stack
  • 12.
    PUBLIC operations should betaken into fully account as expanding information space allows n*n times maneuvering which potentially renders predefined, even localized scripts useless. Tasking and Planning Fast paced maneuvering and operational tempo demands able tasking model. Tasking element handles task specific resourcing and operator assignment, technical resources allocation in parallel with weapon targeting and scheduling of activities. Main function is the weapon, effect targeting based on the campaign demands and operational information retrieved through intel and current deployment activities. Tasking is highly scalable function. Figure 10 Tasking & Planning stack Planning creates “burn” and consumables for the resources, deployment platforms, payloads and delivery options. Those are to be utilized based on the current mission tasking portfolio. Planning (office) obtains capabilities required by the mission statement and offers immediate capabilities for current task running. Threat analysis has been integrated with capability acquisition function as they support naturally each other. Threat analysis creates requirements for capabilities to fulfill based on the assessment and external/internal immediate information feed, information exploitation and target recognition. Intel Intel is basically responsible on only 2 tasks: target recognition and data acquisition on foreign information space. Intelligence on adversary data, formation and activities is everything as gathered and then disseminated information forms the backbone of operations carried out by other elements. The ability being able to deliver effect or influence on adversary controlled domain is directly coordinated by the effectiveness of intel information, thus demanding it to be as precise as possible. Kinetic world may allow even large mishaps with disseminated information, but customized piece of software running through maneuvering cycle does most likely not. To make comparison with kinetic world: precise adversary troop location, current capabilities and support. Intel has another role as well. It is constantly in-contact and in-the-loop element with outside information space. It feeds information to command and control structures, mission planning- and tasking. It is the early watchdog of observation and orientation within the loop. Payloads maintained by platforms may contain elements of intel capabilities as effect. 12
  • 13.
    PUBLIC Figure 11 Intel6 Deployment elements Deployment Platforms, payloads and delivery of them are on deployment element responsibilities. Deployment oversees and controls campaign related insertion or evasion of offensive effects through defined attack surface. After target is being acquired, deployment prepares designated platform to produce task and defines steps to be taken to enable required weapon through exposured vulnerability. Making cyber warfare scalable, deployment may compile 6the needed payload from other components. Some of the deliverables may contain vulnerability search modules, or other specialized “warheads.” 7 Delivery of weapon (delivery method + platform + payload, delivery method + payload, or pure payload) may require kinetic counterpart (example: Stuxnet technology demonstration) to achieve its mission in areas whereas required electromagnetic insertion is impossible. Information flows Both TASKING and PLANNING elements inherit intelligence and deployment information feed. This is paramount. In parallel, both elements respectfully administer intel and deployment elements on interfacing target. Command & Control (CC) structure receive only initial status and changes in adversary information space. This cuts down towards the necessities. Capability areas Offensive cyber warfare assumes full blown information space maneuverability. Therefore functions such as information control, network exploitation and access methods are vital. Without ability to control campaign related misinformation, propaganda and/or collaboration part of the maneuvering abilities seize to exist. Network exploitation and access methods are equally important for recognizing, penetrating and controlling access on adversary information space and beyond it while maneuvering in tactical space. Capabilities and vulnerabilities – production line that must exceed artisan in scalability, integration and assembly of payloads where needed. Making offensive cyber warfare scalable, many of the capability areas must be able to automate its functions. All capability areas represent repositories of such discipline area, being active part of the development cycle together with planning and tasking elements. 6 7 Roelke, DARPA cyber colloquim on ”Scalable cyberwarfare, 2009” Kiravuo et al, 2012 13
  • 14.
    PUBLIC Potentially the bestexample of such capabilities is the deployment composition. The ‘warhead’ may contain vulnerability or capability to seek certain information and deliver it to the management engine for further processing allowing creation of new, purpose build payload. Another great example of capability is ‘volumetric’ data, which can be used to consume or disable adversary applications with a large amount of data being pushed towards targeted structure thus maneuvering for example Denial of Service or utilization of advanced evasion capabilities. Such capability can and most often is being used in conjunction (stratagems) with others, more pinpoint accuracy weapons to create cover flux data while actually deploying in stealth. Enabling and supporting elements The example showing some of the necessary and auxiliary support services needed to run focused campaign. Studies and experiences have shown that even a simple thing like shared clipbook can make a difference in timely fashionable operations. 14