AN EXCERPT FROM THE...

2018
INDEX OF
U.S. MILITARY
STRENGTH
DAVIS INSTITUTE FOR NATIONAL SECURITY AND FOREIGN POLICY

Edited by
Dakota L. Wood

COMING OCTOBER 2017: HERITAGE.ORG/MILITARY

2018 by The Heritage Foundation

214 Massachusetts Ave., NE
Washington, DC 20002
(202) 546-4400 | heritage.org
National Defense and the Cyber Domain
G. Alexander Crowther, PhD

W hat is cyberspace, and how does it re-

late to military affairs? Cyberspace is
a term that is constantly used but seldom well
use of people and equipment. In short, cy-
berspace provides a virtually unconstrained
sphere through which nearly anyone can act
defined. Its characteristics are poorly under- against almost any target without concern for
stood in the larger public discussion, especially the physical impediments and resources that
with regard to national security and military accompany physical actions.
matters. This is unfortunate because cyber A wide variety of actors operate in cyber-
has become profoundly central to nearly ev- space. The government of the United States
erything the military does in defense of U.S. has a variety of responsibilities to the Ameri-
national security interests. can public, but precisely where the responsi-
As a domain through which actions can be bility lies and the extent of that responsibility
taken instantaneously, globally, and even anony- are currently subjects of debate. Although 90
mously, cyberspace provides opportunities and percent of the Internet traffic in the U.S. is in
challenges to countries, groups, and individuals the private sector,1 cyberspace is one place for
unlike those presented by any other domain or which the U.S. government has acknowledged
capability. Cyberspace provides someone with responsibility. Working mainly through the

the ability to attack anywhere, at any time, with Department of Defense (DOD), Department
a keystroke. There is no need to deploy a physi- of Homeland Security (DHS), and Department
cal force, gain physical access to a region (other- of Justice (DOJ):
wise done by ship, plane, or overland movement),
or be encumbered by mounds of equipment and The United States will work to promote an
supplies. An attacker acts in absolute silence, open, interoperable, secure, and reliable
perhaps visible only to the most skilled cyber information and communications infrastruc-
ture that supports international trade and
defender. There is no need to limit ones force commerce, strengthens international security,
to specific ages, physical conditions, or body and fosters free expression and innovation.
size, nor is there a need for sprawling bases, ex- To achieve that goal, [the U.S.] will build and
pensive facilities (like ports or airfields), square sustain an environment in which norms of
miles of training areas, extensive stockpiles of responsible behavior guide states actions,
sustain partnerships, and support the rule of
munitions, or assured access to fuel.
law in cyberspace.2
Cyber is generally not affected by environ-
mental concerns or weather conditions. To
the extent that cyber operations can be fully Cyberspace
automated, they can be undertaken relent- Cyberspace has three layers: the physi-
lessly, without regard for time, periods of rest, cal network, the logical network, and the cy-
or any other constraint related to the normal ber persona.

The Heritage Foundation | heritage.org 77

 The physical network consists of the digitizing old information, making it available
hardware, such as cables and your com- to everyone.
puter, and exists all around the world. Militarily, cyberspace allows for global com-
Because it exists inside states, states have mand and control of forces and operations and
sovereignty over its components, and they the functioning of a globally distributed logis-
must obey the laws of the states in which tics system without which modern military
they reside. operations would be impossible. Intelligence
communities, commanders, and warfighters
The logical network is the software that alike benefit from the uninterrupted flow of in-
operates the network as well as its mani- formation. Economically, cyberspace has led
festations, such as a web page. These elec- to a global boom, from the technology giants
trons that make up the logical network Google and Amazon to the individual fisher-
bounce around the globe, following the man in India who can now determine where
quickest route from one place to another, to obtain the best price for his catch.
and route through hardware that is physi- In short, with its low barrier to entry, cy-
cally located in states. Some states, such as berspace has provided advantages across the
China and Russia, believe that they have globe and across the elements of national
sovereignty over this aspect of the cyber power. And these advantages grow as access
domain as well. to cyberspace spreads.
At the same time, cyberspace creates chal-

The cyber persona is made up of the lenges. Wikileaks has revealed to the world
people who are operating in cyberspace. stolen U.S. diplomatic communications, em-
Like the physical network, they are pres- barrassing the United States, irritating friends,
ent within states and subject to their laws and empowering enemies. Information is
and policies. harder and harder to secure and easier and eas-
ier to steal. Economically, cyberspace has en-
Colloquially, these three components are abled criminals: Cyber crime cost the U.S. $100
known as hardware, software, and wetware.3 billion and the global economy $400 billion in
The cyber domain has effectively pene- 2015, and the total is projected to reach $2 tril-
trated the worlds advanced economies and is lion by 2019.5 For the U.S. military, compromise
making headway in the rest of the world. Many of the U.S. global command and control capa-
places in Africa, for instance, have skipped bility can be turned against the Department
over the land line and gone straight to smart of Defense, frustrating or even preventing the
phones; currently, approximately 3.74 billion execution of military operations.
people are connected to the Internet.4
This connectivity provides a number of Vulnerabilities and Actors
opportunities and challenges. It enables The U.S. has begun to confront challenges
both states and individuals across all of the to its major interests in cyberspace: protec-
elements of national power: diplomacy, in- tion and enhancement of the economy, secure
formation, the military, and the economy. It command and control of national defense as-
makes diplomatic activity more effective, for sets, reliable collection of cyber intelligence,
example, linking embassies and capitals with and protection of cyber intelligence and
almost instant communications and allowing information.6
for better research. In addition, the opportuni- Three major groups threaten U.S. national
ties that cyberspace provides for information security: people, states, and non-state actors.
are almost unlimited. Humankind creates People include the general population, lead-
huge amounts of information annually, and ers, workers in nearly all business sectors, and
individuals and organizations are constantly insider threats. States primarily include Russia,

78 2018 Index of U.S. Military Strength

 China, Iran, and North Korea. Non-state actors 2007, the OPM Director did not make cyber-
include proxies, hacktivists, and criminals who security a priority. By the time the hacks were
sometimes work for themselves but also may identified in 2015, nearly a quarter of OPMs
work in support of others. information technology (IT) systems, includ-
The Human Dimension. Humans are ing several of their most critical and sensitive
the weakest link in the cybersecurity system.7 applications, were operating without a valid
Unlike the physical world, in which potential cyber-certificate authorization.9 If the Direc-
human activity is limited by geographic and tor had understood the implications of basic
space limitationsIsrael, for example, uses security shortfalls, perhaps the theft of sensi-
a barrier to keep out potential terrorists, and tive personal information on over 22 million
people do not own nuclear weapons or air- Americans could have been prevented.10
craft carriersbarriers to entry for cyber are Senior officials are often the targets of cy-
so low that they have democratized cyber ac- ber-attacks because they have access to more
tivity. Everyone who has a desktop, laptop, or information, IT bends the rules for them, and
smart phone is an actor and a potential prob- the damage and financial payoff for the at-
lem. Because the only thing that organizations tacker can be much bigger.11 Hence, senior
do well is what their leaders demand of them, leaders need more training and education to
leaders can be a key vulnerability, and thus a understand how to operate their systems, how
threat to their organizations, by not empha- to lead and manage cyber systems and workers,
sizing cybersecurity. Workers using poor cyber and how to decrease their own vulnerability.
hygiene are a threat. Gullible people or people Senior leaders also need to integrate informa-
with preconceived but flawed notions of safe tion activities into their day-to-day operations,
cyber practices will fall prey to cyber crime or whether it is in a business, government, or the
propaganda. Insiders who do not support their military. Only when senior leaders understand
organizations are another threat. the implications of cyberspace will they be able
The Population. People are the most vulner- to address vulnerabilities and achieve syner-
able to cyber operations. Because many people gies that cyberspace provides.
engage in commercial transactions online and Workers. In a phishing quiz, 80 percent of
use social media daily, they are the most ex- participants misidentified at least one phish-

posed to these varied threats. In general, peo- ing e-mail.12 Workers are a favorite target be-
ple usually have not received training or educa- cause the chance of success goes up when more
tion that would enable them to deal with varied people are targeted. Roughly 20 percent of
cyber threats. Additionally, most people do not trained workers will click on a phishing link13
see their information as having value. even if they have been trained not to do so.
Leaders. Research supporting the 2014 Insider Threats. These involve a variety of
Chairman of the Joint Chiefs of Staff war game motivations and are very difficult to identify
Iron Crucible identified understanding as the ahead of time. Edward Snowden and Bradley
major challenge in the 21st century.8 Because Manning are well-known cases in the U.S. The
most senior leaders typically are not involved Computer Emergency Response Team (CERT)
in the information business, there is a wide Insider Threat Center at Carnegie Mellon
variation in their knowledge of or insistence University maintains a database of more than
on best practices in the cyber domain. 1,000 insider threat cases and provides analysis
The U.S. Office of Personnel Management and support to organizations working to pre-
(OPM) hacks of 2015 are a telling example of vent insider threats.14 Another type of insider
poor leadership in this area. Although OPMs threat is the Lone Wolf or Wolf Pack. These
Assistant Inspector General for Audits indi- are individuals or groups that have been radi-
cated that security shortfalls were well known, calized, typically through cognition-shaping
having been publicly acknowledged since cyber operations.

The Heritage Foundation | heritage.org 79

 State Threats. Included in this category you while patriots attack people you dont like.
are threats posed by Russia, China, Iran, and Ironically, some groups like Anonymous will
North Korea. States can leverage enormous attack anyone with whom they disagree, re-
funding, the ability to organize, and the abil- gardless of the targets politics.
ity to coordinate actions (multi-domain and Criminals operate across the world. As
multi-tool) at levels far above that of an indi- noted, it is estimated that cyber crime cost the
vidual or small group. These state actors chal- U.S. $100 billion and the global economy $400
lenge the U.S. economy with brazen cyber es- billion in 2015 and that the total will rise to $2
pionage into critical U.S. companies. trillion by 2019.23
In 2014, for example, a grand jury in the All of these actors are aided by the fact that
Western District of Pennsylvania indicted it is very difficult to attribute cyber operations
five officers from the Chinese Peoples Libera- to a specific actor. Cyber actors take very spe-
tion Army for cyber espionage in support of cific steps to prevent attribution, typically by
state-owned enterprises (SOEs).15 An array manipulating data to pretend to be someone
of cyber actors also has challenged the ability else. This is one of the largest barriers to cyber-
of the U.S. to secure its command and control security as it is difficult to deter an actor whose
of national security networks reliably and to identity you cant prove.
secure its sensitive and personal informa-
tion data. In 2015, Russians hacked the Joint Nature of Competition in Cyberspace
Staff,16 and the OPM discovered a Chinese hack Competition in cyberspace is fierce and

of tens of millions of files containing sensitive ongoing. States seek to undermine the global
personal data.17 Additionally, the Russians order to their own advantage. Individual ac-
have returned to their Cold War practices of tors and organizations seek to advance their
aggressive information operations seeking to own political agendas. Criminals seek to make
undermine developed countries18 as well as in- illegal financial gains from cyberspace.
ternational organizations.19 All of these can be inimical to the goals of
Iran and North Korea are second-tier the United States and its allies and partners.
threats for the United States, and both coun- Russia seeks to use cyber-enabled informa-
tries are continuously performing cyber op- tion operations to sow discord inside and
erations against economic and government among the states that are trying to keep Rus-
targets in the U.S. In 2016, the DOJ indicted sia at bay in Europe; China uses cyberspace
seven Iranian hackers for operating against a to steal secrets that it can use for economic
dam and banks in the U.S.,20 and North Korean gain or to avoid the research and develop-
hackers have been involved in stealing both ment costs (in time and money) for impor-
money and military designs.21 tant military systems; Iran seeks to weaken
Non-State Actors. This category includes its opponents around the world; and North
threats from proxies, hacktivists, and criminals. Korea maneuvers in cyberspace to avoid in-
Proxies work on behalf of a government that ternational sanctions.
seeks cyber effects without paying a political Because of the low barrier to entry into cy-
price, hoping to achieve plausible deniability berspace and the potential gains to be made,
by outsourcing such work to individuals. The the scale of the challenge is large and growing.
Russians often use criminals as proxies,22 and The U.S. and its allies and partners need to safe-
the Chinese use other groups that may or may guard their own government spaces, their eco-
not be affiliated with each other or other simi- nomic activities, and their citizens. Although
lar criminal entities. the U.S. has strengths including a wide variety
Hacktivists will perform a wide range of op- of resources and a large, educated workforce,
erations. Much like the difference between ter- these bad actors use cyberspace to challenge
rorists and freedom fighters, hacktivists attack the U.S. at every turn. The U.S. is having a hard

80 2018 Index of U.S. Military Strength

time using traditional strengths (such as mili- Deterrence. Ongoing cyber operations
tary power) against cyber actors. against the United States demonstrate that
the country has extremely limited capability
The U.S. Government in Cyber to deter cyber operations, that the U.S. cyber
Because the U.S. government has a wide va- deterrence threat is not credible, and that U. S.
riety of resources and the obligation to safe- cyber deterrence is failing.25
guard the American population, the executive Deterrence is designed to convince others
branch performs many cyber activities to miti- not to perform certain tasks. In this case, it
gate the foregoing threats. The three main U.S. ideally should prevent other actors from per-
government actors in cyberspace, as noted, are forming all four types of cyber operations. One
the Departments of Defense, Homeland Secu- thing that can make cyber deterrence less ef-
rity, and Justice. fective, as noted, is the difficulty involved in at-
tributing an operation to a specific actor. Addi-
The DHS coordinates the national protec- tionally, second-order and third-order analysis
tion against, prevention and mitigation to predict what ancillary actions would follow
of, and recovery from cyber incidents; certain types of cyber-attacks is very diffi-
disseminates domestic cyber threat and cult to perform in the cyber realm. Incorrect
vulnerability analysis; protects critical analysis could cause a deterrence operation
infrastructure; secures federal civilian to trigger a completely opposite reaction and
systems (the .gov domain); and investi- accidentally escalate rather than deter, which
gates cyber crimes under its jurisdiction. causes second thoughts on allowing offensive
cyber operations.26
The DOJ investigates, attributes, dis- The use of cyber capabilities to deter faces
rupts, and prosecutes cyber crimes; is two major barriers: For deterrence to work, op-
the lead agency for domestic national ponents must believe that they will pay a price
security operations; conducts domestic for an action, and the target audience needs
collection, analysis, and dissemination to understand who is deterring them. This in
of cyber threat intelligence; supports turn requires a credible threat. Opponents do
the national protection against, preven- not currently believe that they will face retali-

tion and mitigation of, and recovery from ation in response to their attacks on U.S. as-
cyber incidents; and coordinates cyber sets. Effective cyber retaliation requires that
threat investigations. operators perform an attack and leave behind
digital fingerprints identifying the origina-
The DOD is charged with securing the tor or an explicit message naming the origin
nations freedom of action in cyberspace of the attack.
and helping to mitigate risks to national But this presents two further problems: Cy-
security resulting from Americas grow- ber operators do not want to compromise their
ing dependence on cyberspace. Specific capabilities by performing an operation that
mission sets include directing, securing, can be traced to them, and it has been difficult
and defending DOD Information Network to receive clearance to perform offensive cyber
(DODIN) operations (including the .mil operations (OCOs). Any OCO that has major
domain); maintaining freedom of maneu- effects can alert an opponent to the presence
ver in cyberspace; executing full-spectrum of intruders, which allows opponents to defend
military cyberspace operations; providing against the intrusion. It can also reveal cyber
shared situational awareness of cyber- capabilities, which is anathema to the com-
space operations, including indications munity that prizes its ability to work in secret.
and warning; and providing support to civ- Moreover, it sometimes takes months to pen-
il authorities and international partners.24 etrate opposition cyber systems. Executing an

The Heritage Foundation | heritage.org 81

attack will announce the operators presence cyber operations would consist of information
and waste the time required to penetrate and and communications technology, network, and
repenetrate target servers. defensive cyber operations.
Conventional criminal operations would
The Military Cyber Domain be old-school crime, such as entering a bank
The DOD does not define domain, but it with a pistol and a bag. Cyber-enabled criminal
does define cyberspace as [a] global domain operations would fuse technology and crime,
within the information environment consist- such as ATM-skimming, where criminals use
ing of the interdependent network of informa- hidden electronics to steal the personal in-
tion technology infrastructures and resident formation stored on bank ATM cards and re-
data, including the Internet, telecommunica- cord PIN numbers in order to access victims
tions networks, computer systems, and embed- accounts.31 Cyber crime would be a criminal
ded processors and controllers.27 The words operation that occurs wholly in cyberspace,
infrastructures and resident data cover the such as the use of the SWIFT system to steal
physical and logical aspects of cyberspace but $81 million from the Bank of Bangladesh.32
not the persona aspect. The use of domain is Conventional information operations
meant to indicate that cyberspace is now co- would be old-fashioned propaganda or even
equal with the other conventional domains: advertising via printed text, radio waves, or
sea, air, land, and space.28 This is intended to television. The 2016 hack of the Democratic
communicate to leaders within the DOD that National Committee would be an example of

they need to pay as much attention to cyber a cyber-enabled information operation.33 The
issues as they would pay to air, sea, land, and information was obtained through cyber oper-
space issues. ations but released through Wikileaks.34 Cyber
There are four sets of cyberspace activities information operations would include Daesh
that pertain to the military: intelligence, infor- recruiting videos, an information operation
mation, crime, and military operations.29 Al- that takes place entirely in cyberspace.
though the military has equities in all of these Military operations can also be cyber-en-
areas, it predominates only in the military op- abled or executed purely in cyberspace. A nor-
erations portion. However, there are aspects of mal military operation would be the invasion
intelligence, information, and criminal activi- of Iraq. A normal special operation would be
ties in cyberspace that do involve the military. the raid to kill Osama bin Laden. An example
In any of these fields, there is a spectrum of a cyber-enabled conventional military op-
of activity that ranges from conventional to eration would be Russian operations in Geor-
cyber-enabled to cyber-centric to pure cy- gia in 2008 when Russia conducted cyber op-
ber operations. erations against Georgian targets to degrade
Normal intelligence operations like steal- Georgian command and control in support of
ing secrets and developing sources would Russian conventional military operations on
have been the traditional approach before the ground and in the air.35 An example of a
the advent of cyberspace. Cyber-enabled in- cyber-enabled special operation would be the
telligence operations would use cyber capa- Mumbai attack of 2008. Planners used a Go-
bilities in support of these operations, such as Pro camera while walking the route to be used
analysis of a terrorist network using data that in the attack so everyone could see videos of
had been gathered by traditional intelligence their routes before the operation. They also
means. Cyber intelligence operations would be used Google Earth during their planning pro-
operations that occur entirely in cyberspace, cess. The command element monitored Indian
such as the 2012 operation by Chinese hackers social media and traditional media (such as
that penetrated Indian Navy computers and radio and television) to track the response by
compromised sensitive information.30 Purely Indian security forces and steered the ground

82 2018 Index of U.S. Military Strength

force away from reacting Indian forces, en- most cyber crime). This, then, is the circum-
abling the operation to continue much longer scribed area that can be called the military
than it would have normally.36 cyber domain. These distinct categories are
Cyber military operations include conven- changing and becoming more integrated with
tional and special operations. A conventional cyber activities. As cyber capabilities expand,
cyber operation would be like dropping cyber more military operations will be enabled by
bombs on Daesh. Secretary of Defense Ashton them; eventually all military operations will
Carter explained at an event at NORTHCOM be enabled by cyber capabilities.
that [w]ere using these tools to deny the
ability of ISIL leadership to command and Military Cyber Operations
finance their forces and control their popula- There are four main types of cyber opera-
tions; to identify and locate ISIL cyber actors; tions: shaping cognition; cyber surveillance
and to undermine the ability of ISIL recruit- and reconnaissance (CSR); operational prepa-
ers to inspire or direct Homegrown Violent ration of the environment (OPE); and cyber-
Extremists.37 This is a conventional opera- space attacks. They can be either defensive or
tion in that it does not require special tech- offensive in nature. Defensive cyber opera-
niques or unique modes of employment in a tions (DCOs) comprise the vast majority of
covert nature. U.S. government (and military) activities. Of-
A cyber special operation would be the Stux- fensive cyber operations (OCOs) are rarer for
net attacks on Iran. This operation meets many the United States. None of these activities is
of the criteria for a special operation as defined unique to cyberspace. All military operations
in the DODs Joint Publication 3-05, Special require reconnaissance and preparation, and
Operations.38 It required unique modes of shaping cognition through information (for
employment, tactics, techniques, procedures, example, through advertising) is ubiquitous
and equipment. It was conducted in a hostile, in modern society.
denied, or politically and/or diplomatically Opponents perform shaping-cognition in-
sensitive environment and was characterized telligence operations against the United States
by a clandestine or covert nature (no one has on a minute-by-minute basis and perform OPE
yet proved who conducted the operation) and regularly. Large-scale, destructive cyberspace

low visibility. attacks are rare but have the potential to be
Criminal operations do not usually pertain catastrophic in their effects.
to militaries in the conventional sense. In cy- Shaping cognition is using information to
berspace, however, there are crimes that in- cause people to think in a certain way. This can
volve members of the DOD, as well as crimes be benign like Facebook or malign like cyber
that involve the Defense Industrial Base. Ad- crime. It is perhaps the most significant op-
ditionally, members of the DOD participate portunity and challenge for cyber today. Due
in several types of activities that pertain to to the pervasive nature of information in the
cyber crime and cyber-enabled crime, includ- 21st century, everyone who connects to the
ing cyber security and critical infrastructure Internet can shape the thoughts of others.
protection, law enforcement and counterintel- Radicalization by state and non-state actors
ligence, document and media exploitation, and is a significant challenge, especially lone-wolf
counterterrorism.39 or wolf-pack radicalization. The Islamic State
Each of these provides examples of how the has successful influence operations running
military would be involved in four areas: crime, globally 24 hours a day. The fact that volun-
intelligence, information operations, and mili- teers have been to ISIS territory from around
tary operations. Although military forces are the world indicates how successful these op-
involved in these areas, they are not involved in erations are. Other actors target populations
all operations in these areas (the DOJ handles of other countries (to radicalize); government

The Heritage Foundation | heritage.org 83

 employees (to create an insider threat); and information, information systems, and/or
businesses (to coerce or blackmail them into networks in a manner that supports the com-
behavior that the initiator desires). Govern- manders objectives. Denial attempts to de-
ments consequently struggle to cope with grade, disrupt, or destroy. Degrading limits the
widespread cognition shaping. capacity of a target, and disruption completely
CSR is data gathering. Google gathers data but temporarily prevents access to a target.42
every time one accesses the Internet. States Destruction eliminates the target altogether.
gather data on people in other countries or Cyber operations are changing the charac-
on their own citizens. States such as China teristics of warfare. Although the nature of war
gather economic data and pass it on to their is constant, the characteristics of warfare can
state-owned enterprises who use it to ob- change whenever a new weapon or tactical ap-
tain a competitive advantage in the market- proach is introduced. Operations in cyberspace
place. Criminals gather data to better execute now allow for more information to be acquired
their criminal activities. Today, everyone is a and shared and better command and control
data-gatherer. to be exercised on the battlefield, theoretically
OPE is specific preparation of the environ- decreasing the fog of war by adding fidelity
ment for follow-on operations by installing to the commanders understanding of the bat-
back doors in targeted computer systems so tlespace. It allows for more accurate and effec-
that they can return at a later time to execute tive use of the people and logistics capabilities
an attack or devising specially designed soft- involved, putting the right person or widget at

ware that will allow them to achieve an effect, the right place at the right time. It also allows
such as opening the gates on a dam. Among re- for a significant improvement in the ability to
cent examples, as noted, are the seven Iranians shape cognition.
who were indicted for hacking into banks and While it allows all of these to assist friendly
a dam in New York.40 forces, however, it also allows our opponents
OCOs are a means by which to achieve an to do the same. They will have a better un-
end, another tool that provides additional ca- derstanding ofand consequently an oppor-
pabilities to the President and battlefield com- tunity to copy or defeatour technologies
manders and relevant forces. and capabilities. They will be able to access
Cyber operations are limited only by the our command and control and logistics net-
imagination and capability of the attackers, yet works, potentially modifying orders so that
there are only two types of cyber-attacks: syn- forces or spare parts end up in the wrong
tactic and semantic.41 Syntactic operations in- place. They also will be able to use patterns
volve the actual coding used in a piece of cyber in the movement of information to improve
programming (the syntax of the coding), and their own intelligence, identifying our units
semantic operations seek to shape thoughts and their capabilities.
using language or semantics. As an example, These capabilities require the U.S. govern-
a phishing operation begins as a semantic op- ment generally, as well as the U.S. military
eration, asking the target to click on this link, specifically, to modify its practices. Leaders
and then, once the link is activated, changes to and organizations need to do a better job of
a syntactic attack by which the malicious code selecting and utilizing new technology. Laws
enters the targets system and changes the syn- and policies need to be updated to leverage
tax of the code in the targeted platform. Shap- the new technology. Older leaders need to un-
ing the thoughts of others may be the more derstand how younger followers perceive and
important of these two types of attack. use technology.
A cyberspace attack produces two forms of Implications for Operations. Cyber-
effect: manipulation and denial. Manipulation space permeates all aspects of our daily lives
means controlling or changing the adversarys and therefore all operations whether military,

84 2018 Index of U.S. Military Strength

governmental, or commercial. Cyber opera- OCO capabilities as their use becomes
tions, including information operations, will more widespread.
require attention from leaders from the tacti-
cal level to the strategic level. Because cyber operations happen at
At the tactical or local level, cyber opera- nearly instantaneous speed and in a
tions will provide information to the warfight- wide variety of locations simultaneously,
er that previously did not exist or was available modify their doctrine to allow for greater
only to national-level leaders. Soldiers will car- authority to execute cyber operations
ry smart phones, which will require command at much lower and more local levels in
attention and supervision to prevent the un- order for units to continue to function
intentional compromise of militarily relevant when command and control are degraded
information. Units will have access to huge and operate effectively at the speed
amounts of information, including the posi- of information.
tion of every friendly vehicle, soldier, airframe,
and ship as well as any enemy forces that have Purchase more modern information
been identified. This information will make technology equipment and software,
our forces much more effective and efficient if which are inherently more secure.
properly utilized.
At the same time, our opponents will use Provide universal, entertaining, iterative
their similar capabilities as effectively as they cyber hygiene training to the entire force.
can to accomplish their own objectives in keep- Properly equipped and trained units will
ing with their own integrated information be able to be much more effective and
warfare doctrine. It will be difficult for U.S., efficient in information-age combat. Ac-
allied, and partner units to control their own cording to the Australian Signals Direc-
information while exploiting their opponents torate, 85 percent of cyber problems can
information. Units will have to perform DCOs be mitigated with proper cyber hygiene.43
at all levels. Failing to do so will likely result This will be expensive in the short term,
in operational paralysis when their command but once it is fully integrated into the
and control assets are degraded or destroyed. force, it will act as a force multiplier.

They also will have access to limited OCOs if
their particular mission warrants access to U.S. Military Cyber
that level of support. The Office of the Secretary of Defense artic-
Automation and information flows will ulates three primary cyber missions: defend
make day-to-day operations easier. However, DoD networks, systems, and information;
while attention to sound DCOs and skillful ex- defend the nation against cyberattacks of
ecution of OCOs will lead to military success, significant consequence; and support mili-
failure in each case will present exploitable tary operational and contingency plans.44
opportunities to an enemy. Because the DOD is a very large, bureau-
Implications for the Services. As oc- cratic organization that operates around the
curred when airplanes, tanks, and automatic world, it is proving difficult for it to fully em-
weapons were introduced to war, forces will brace cyberspace operations. First, there are
need to reorganize to integrate robust cyber DOD legacy structures. Services such as the
and particularly information capabilities. Spe- Army provide trained and equipped forces,
cifically, the services will have to: while Combatant Commands (CCMDs) like
U.S. European Command (EUCOM) and
Modify training and equipping to en- U.S. Pacific Command (PACOM) use those
sure that units practice DCO at all times forces for missions. This means that the DOD,
and will have to stand up additional the largest organization in the world, must

The Heritage Foundation | heritage.org 85

simultaneously defend every military system the Defense Department. An example would be
that is linked in any way to or affected by cy- an individual using PayPal to make a purchase
ber used by DOD, the Joint Staff, the three from the web-retailer Amazon.
military departments, and four services that Operations in cyberspace as a military
collectively employ almost 3 million people, domain must therefore be a circumscribed
more than 450,000 of whom work overseas, mission set. Nevertheless, militarily relevant
both afloat and ashore. information, intelligence, criminal, and mili-
The departments responsibilities also in- tary-specific activities occur all over the Inter-
clude several hundred thousand individual net, so the military must be able to maneuver
buildings and structures located at more than throughout all of cyberspace.
5,000 different locations or sites worldwide.45 The Services and Cyber. The service
Each person in the DOD needs to commu- chiefs provide cyber operations capabili-
nicate and pass information on a daily basis. ties for deployment/support to Combatant
Many have multiple computers and devices Commands as directed by the Secretary of
that they operate on different networks. All of Defense.47 In addition to joint strategy and
this must be secure and reliable, from the Nu- doctrine, each service has its own doctrine
clear Command and Control System down to to deal with cyber issues. This is not just be-
tactical radios that connect soldiers in the field. cause each service has its own history and
Adding further complication, each service culture. Cyber defense of ground forces is
is responsible for its own procurement of different from protecting platform-centric

computers, devices, and components and has operations like those conducted by the Navy
its own procedures for doing so.46 Each service and Air Force. The Army must protect ground
defends itself, at least in part, and the DOD units, the Navy must protect groups of ships
maintains separate organizations to defend operating at sea across the globe, and the Air
the larger organization and defense agencies Force must protect individual flying platforms.
apart from the individual services and opera- At the same time, each service must protect its
tional commands, all of which makes training own infrastructure.
and equipping for operations in cyberspace Therefore, under their Title 10 role as
very bureaucratic and cumbersome. This is force providers to the combatant command-
exacerbated by the overall defensive tone of ers, the services recruit, train, educate, and
the three mission sets: The DOD mainly de- retain their own military cyber forces. There
fends their networks and provides defensive are four service component commands un-
assistance to other agencies as required, a set der U.S. Cyber Command (USCYBERCOM):
of tasks that must be attended to every second U.S. Army Cyber Command, U.S. Fleet Cyber
of the day. Command/U.S. 10th Fleet, 24th Air Force, and
The DOD also performs offensive missions U.S. Marine Corps Forces Cyber Command.48
when directed to do so by the President. This These service-specific units have several func-
is a very circumscribed set of missions, for sev- tions: They operate and defend their portion
eral reasons. First, much as the entire U.S. Ma- of the DODIN; perform full-spectrum cyber
rine Corps would be swallowed by a megacity operations, meaning offensive and defensive;
like Lagos, Nigeria, DOD offensive cyber assets provide for cyber training and education; and
would be overwhelmed by being everywhere undertake cyber research and capabilities de-
and helping everyone. Additionally, many as- velopment for their respective services.
pects of ongoing cyberspace activity do not Combatant Commands are responsible
pertain to the DOD at all. Just as most avia- for geographic areas (such as European Com-
tion activity does not concern the Air Force mand) or functional areas (such as Special
and most maritime activity does not involve Operations Command or U.S. Transporta-
the Navy, most cyber activity does not concern tion Command) and provide operations

86 2018 Index of U.S. Military Strength

instructions and command and control func- generating integrated cyberspace effects in
tions to the armed forces. They have a signifi- support of operational plans and contingen-
cant impact on how the service component cy operations; and 25 Cyber Support Teams
cyber commands are organized, trained, and (CSTs), which provide analytic and planning
resourcedareas over which Congress has support to the National Mission and Combat
constitutional authority.49 CCMDs share cyber Mission teams.54
information largely through USCYBERCOM Put another way, National Mission Teams
and their own joint cyber centers, but various perform strategic operations, and CMTs
personnel also meet periodically to share in- conduct cyberspace operations in support of
formation in collaboration sessions.50 CCMDs. CPTs protect the DODIN, the ser-
USCYBERCOM was formed in 2010. It is vices, and the CCMDs. CSTs support NMTs
a subunified command under U.S. Strategic and CMTs.
Command (STRATCOM). Congress and the This number of teams and their organiza-
Obama and Trump Administrations have ex- tional distribution together ensure that the U.S.
amined the propriety of dividing the two and military meets the need to conduct offensive
promoting CYBERCOM to a full Combatant and defensive cyber operations around the
Command. This would allow CYBERCOM clock in multiple commands and in multiple
to work directly with other commands with- areas around the world, something quite un-
out having to work through an extra layer of like conventional military forces outside of
command at STRATCOM. CYBERCOM plans, active combat engagements. Once the Cyber
coordinates, integrates, synchronizes, and Mission Force is fully established in 2018,
conducts activities to direct the operations the DOD no doubt will reassess its require-
and defense of specified units and the DODIN. ments and modify the force as needed based
When so directed, it also prepares to conduct on experience.
full-spectrum military cyberspace operations
to enable actions in all domains, ensure U.S. Conclusion
and allied freedom of action in cyberspace The United States is challenged by a wide
and deny the same to adversaries,51 and coun- variety of state and non-state actors in cyber-
ter efforts by opponents to interfere with space, which is already huge and constantly

CCMD operations. growing. Additionally, the U.S. has certain so-
USCYBERCOMs main instrument of pow- cietal vulnerabilities at home that make facing
er is the Cyber National Mission Force, which these challenges more difficult. The Depart-
conducts cyberspace operations to disrupt and ment of Defense, Department of Homeland
deny adversary attacks against national critical Security, and Department of Justice have to
infrastructure. It is the U.S. militarys first joint operate in this environment as the U.S. gov-
tactical command with a dedicated mission fo- ernments three principal actors, which also
cused on cyberspace operations. It planned to seek partnerships with the private sector that
create 133 cyber mission teams by the end of operates almost all of the Internet.
fiscal year 2016;52 the current plan is for all the The U.S. government seeks to protect the
teams to be fully functional by 2018.53 The force United States through protection and deter-
eventually will consist of 13 National Mission rence. Because of the size and complexity of
Teams (NMTs), which are designed to defend cyberspace as well as domestic legal and cul-
the United States and its interests against cy- tural constructs in the United States, the DOD
berattacks of significant consequence; 68 Cy- must circumscribe the scope of its operations
ber Protection Teams (CPTs), which defend in cyberspace, operating in the military cyber
priority DOD networks and systems against domain as required in the criminal, informa-
priority threats; 27 Combat Mission Teams tional, intelligence, and operational fields. The
(CMTs), which aid Combatant Commands by DOD must defend itself, assist the President in

The Heritage Foundation | heritage.org 87

other areas when directed to do so, and conduct Although military leaders understand the
defensive and offensive cyber operations as an importance of cyber and information, not all
integrated part of normal military operations. understand the scope of the opportunities and
In order to conduct these operations, the challenges that cyber provides. The military
department has organized cyber forces in each services will have to expend more resources on
of the services under the command of the Com- training and equipping not only cyber forces,
mander, United States Cyber Command, who but all forces that will be serving in an environ-
has the task of training, educating, and building ment where they are under continuous cyber-
a world-class cyber force while simultaneously attack. Defensive cyber operations will protect
conducting cyber operations 24 hours a day forces from cyber-attacks while offensive cy-
around the globe. Conceptually, the DOD has ber operations enable other conventional and
recognized cyber as a domain, making it equal special operations as an integrated whole. The
to sea, air, land, and space. Cyber promises to U.S. is ahead of almost all other states in cyber
provide significant gains in the efficiency and capability, but it must continue to invest time
effectiveness of U.S. military units through the and effort in order to maintain that lead.
full integration of conventional operations, cy-
ber capabilities, and operations in the informa-
tion environment.

88 2018 Index of U.S. Military Strength

Endnotes
1. Authors interview with Brigadier General Greg Touhill, U.S. Air Force (Ret.), March 27, 2015.
2. See International Strategy for Cyberspace: Prosperity, Security, and Openness in a Networked World, The White House, May
2011, p. 8, https://obamawhitehouse.archives.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf
(accessed July 5, 2017). Emphasis in original. Until the Trump Administration develops strategies, we must rely on Obama-era
documentation.
3. The Merriam-Webster Dictionary defines wetware as the human brain or a human being considered especially with respect
to human logical and computational capabilities. See Wetware, Merriam-Webster.com, https://www.merriam-webster.com/
dictionary/wetware (accessed August 14, 2017).
4. Internet World Stats. Usage and Population Statistics: World Internet Users and 2017 Population Stats, March 31, 2017Update,
http://www.internetworldstats.com/stats.htm (accessed August 14, 2017).
5. Steve Morgan, Cyber Crime Costs Projected to Reach $2 Trillion by 2019, Forbes, January 17, 2016, https://www.forbes.com/sites/
stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/#3f772b113a91 (accessed June 26, 2017).
6. Among the most recent laws is the Cybersecurity Information Sharing Act of 2015, incorporated into the Consolidated
Appropriations Act of 2016, Public Law 114-113, 114th Cong., which was signed into law by President Barack Obama on December
18, 2015. See Brad S. Karp, Federal Guidance on the Cybersecurity Information Sharing Act of 2015, Harvard Law School
Forum on Corporate Governance and Financial Regulation, March 3, 2016, https://corpgov.law.harvard.edu/2016/03/03/federal-
guidance-on-the-cybersecurity-information-sharing-act-of-2015/ (accessed July 5, 2017). Policies include a variety of executive
orders, and important strategies include the May 2011 White House International Strategy for Cyberspace (see note 2, supra) and
U.S. Department of Defense, The DoD Cyber Strategy, April 2015, https://www.defense.gov/Portals/1/features/2015/0415_cyber-
strategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdf (accessed July 5, 2017).
7. Joanna Belbey, The Weakest Link in Cybersecurity, Forbes, February 27, 2015, http://www.forbes.com/sites/
joannabelbey/2015/02/27/the-weakest-link-in-cybersecurity/#38c0d3377410 (accessed June 26, 2017).
8. Brigadier General Jon T. Thomas, Deputy Director, Future Joint Force Development, Joint Staff, J7, Joint Force Development:
Moving from Concept to Reality, 2013, p. 10, http://www.dtic.mil/ndia/2013/expwar/WThomas.pdf (accessed July 11, 2017);
Q&A with Rear Adm. Kevin Scott, CHIPS Magazine, OctoberDecember 2015, http://www.doncio.navy.mil/chips/ArticleDetails.
aspx?ID=6918 (accessed July 11, 2017); and U.S. Department of Defense, Department of Defense Fiscal Year (FY) 2017 Presidents
Budget Submission, The Joint Staff, Defense-Wide Justification Book Volume 5 of 5, Research, Development, Test & Evaluation,
Defense-Wide, February 2016, pp. 7577, http://comptroller.defense.gov/Portals/45/Documents/defbudget/FY2017/budget_
justification/pdfs/03_RDT_and_E/RDTE_MasterJustificationBook_Joint_Staff_PB_2017.pdf (accessed July 1, 2017).
9. Eleven out of 47 systems were operating without a valid cyber-certificate authorization. See Evan Perez and Tom LoBianco, OPM

Inspector General Questioned Over Hacking Report, CNN, updated June 17, 2015, http://www.cnn.com/2015/06/16/politics/opm-
hack-ig-testimony/index.html (accessed June 26, 2017).
10. Ellen Nakashima, Hacks of OPM Databases Compromised 22.1 Million People, Federal Authorities Say, The Washington Post,
July 9, 2015, https://www.washingtonpost.com/news/federal-eye/wp/2015/07/09/hack-of-security-clearance-system-affected-
21-5-million-people-federal-authorities-say (accessed June 26, 2017).
11. Kaspersky Lab, Top 10 Tips for Educating Employees About Cybersecurity, 2015, http://go.kaspersky.com/rs/kaspersky1/images/
Top_10_Tips_For_Educating_Employees_About_Cybersecurity_eBook.pdf?mkt_tok=3RkMMJWWfF9wsRonuKXNcO%2FhmjTE
U5z16OglWa%2BzlMI%2F0ER3fOvrPUfGjI4ITMZjI%2BSLDwEYGJlv6SgFQrDHMalq1LgPXxE%3D (accessed July 5, 2017).
12. News release, McAfee Labs Report Highlights Success of Phishing Attacks with 80 Percent of Business Users Unable to Detect
Scams, McAfee, September 4, 2014, http://www.mcafee.com/us/about/news/2014/q3/20140904-01.aspx (accessed June 26,
2017).
13. Susan Richardson, Leaky End Users Star in DBIR 2016, Data on the Edge, May 23, 2016, http://blog.code42.com/leaky-end-
users-star-in-dbir-2016/ (accessed June 26, 2017).
14. Computer Emergency Response Team, CERT Insider Threat Center, Carnegie Mellon University, Software Engineering Institute,
2017, http://www.cert.org/insider-threat/cert-insider-threat-center.cfm (accessed June 26, 2017).
15. News release, U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor
Organization for Commercial Advantage, U.S. Department of Justice, May 19, 2014, https://www.justice.gov/opa/pr/us-charges-
five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor (accessed July 5, 2017).
16. Kevin McCaney, Report: US Suspects Russia in Most Sophisticated Joint Staff Hack, Defense Systems, August 6, 2015, https://
defensesystems.com/articles/2015/08/06/joint-staff-email-hack-most-sophisticated.aspx (accessed June 26, 2017).

The Heritage Foundation | heritage.org 89

17. Dominic Rushe, OPM Hack: China Blamed for Massive Breach of US Government Data, The Guardian, June 5, 2015, https://
www.theguardian.com/technology/2015/jun/04/us-government-massive-data-breach-employee-records-security-clearances
(accessed June 26, 2017).
18. News release, Joint Statement from the Department of Homeland Security and the Office of the Director of National Intelligence
on Election Security, U.S. Department of Homeland Security, October 7, 2016, https://www.dhs.gov/news/2016/10/07/joint-
statement-department-homeland-security-and-office-director-national (accessed June 26, 2017).
19. Anthony Cuthbertson, Russian Cyber Attacks Aim to Destabilize the West and NATO, Newsweek, February 3, 2017, http://www.
newsweek.com/russian-cyber-attacks-hacking-nato-fallon-putin-destabilize-west-552050 (accessed June 26, 2017).
20. Ellen Nakashima and Matt Zapotosky, U.S. Charges Iran-Linked Hackers with Targeting Banks, N.Y. Dam, The Washington
Post. March 24 2016, https://www.washingtonpost.com/world/national-security/justice-department-to-unseal-indictment-
against-hackers-linked-to-iranian-goverment/2016/03/24/9b3797d2-f17b-11e5-a61f-e9c95c06edca_story.html?utm_term=.
b0f47016466d (accessed June 26, 2017).
21. Reuters, North Korean Hackers Were Behind a Recent Major Cyber Attack, Fortune, March 15, 2017, http://fortune.
com/2017/03/15/north-korea-hackers-cyber-attack/ (accessed June 26, 2017), and Sean Lyngaas, North Korean Hackers
StealF-15Design, FCW: The Business of Federal Technology, June 13, 2016, https://fcw.com/articles/2016/06/13/north-korea-f15-
lyngaas.aspx (accessed June 26, 2017).
22. Timothy Maurer, Cyber Proxies and the Crisis in Ukraine, Chapter 9 in Cyber War in Perspective: Russian Aggression Against
Ukraine, ed. Kenneth Geers (Talinn, Estonia: NATO CCD COE Publications, 2015), pp. 7986, https://ccdcoe.org/sites/default/files/
multimedia/pdf/CyberWarinPerspective_Maurer_09.pdf (accessed June 26, 2017).
23. Morgan, Cyber Crime Costs Projected to Reach $2 Trillion by 2019.
24. G. Alexander Crowther and Shaheen Ghori, Detangling the Web: A Screenshot of U.S. Government Cyber Activity, Joint Force

Quarterly, Issue 78 (3rd Quarter 2015), pp. 7583, http://ndupress.ndu.edu/Portals/68/Documents/jfq/jfq-78/jfq-78.pdf (accessed

June 26, 2017).
25. Clorinda Trujillo, The Limits of Cyberspace Deterrence, Joint Force Quarterly, Issue 75 (4th Quarter 2014), pp. 4352, http://
ndupress.ndu.edu/Media/News/News-Article-View/Article/577560/jfq-75-the-limits-of-cyberspace-deterrence/ (accessed June
26, 2017); Gerry Smith, Stuxnet: U.S. Can Launch Cyberattacks But Not Defend Against Them, Experts Say, Huffington Post,
June 1, 2012, http://www.huffingtonpost.com/2012/06/01/stuxnet-us-cyberattack_n_1562983.html (accessed June 26, 2017); and
Jared Serbu, Foreign Cyber Weapons Far Exceed US Ability to Defend Critical Infrastructure, Defense Panel Says, Federal News
Radio, March 7, 2017, https://federalnewsradio.com/dod-reporters-notebook-jared-serbu/2017/03/foreign-cyber-weapons-far-
exceed-u-s-ability-defend-critical-infrastructure-defense-panel-says/ (accessed July 6, 2017).
26. This is not unique to cyber operations; it pertains to all such actions in all domains. An air strike intended to do one thing may
generate a response that no one anticipated.
27. Cyberspace, in U.S. Department of Defense, DOD Dictionary of Military and Associated Terms, June 2017, p. 60, http://www.dtic.
mil/doctrine/new_pubs/dictionary.pdf (accessed July 6, 2017).
28. David Aucsmith, Cyberspace Is a Domain ofWar, War in Cyberspace, May 26, 2012, https://cyberbelli.com/2012/05/26/
cyberspace-is-a-domain-of-war/ (accessed July 6, 2017). For another point of view, see Martin C. Libicki, Cyberspace Is Not
a Warfighting Domain, I/S: A Journal of Law and Policy for the Information Society, Vol. 8, Issue 2 (2012), pp. 321336, http://
moritzlaw.osu.edu/students/groups/is/files/2012/02/4.Libicki.pdf (accessed June 26, 2017).
29. Military operations as used here include military or paramilitary operations that other security forces (such as the Italian
Carabinieri) or intelligence forces (such as the CIA) could perform but are mainly military in nature.
30. Manoj Kumar, Indian Navy Raises Army for Cyber Front: Recruiting Cadets Against Chinese Hackers, International Business
Times, July 13, 2012, http://www.ibtimes.co.in/indian-navy-raises-army-for-cyber-front-recruiting-cadets-against-chinese-
hackers-362686 (accessed June 26, 2017).
31. Wesley Fenlon, How Does ATM Skimming Work? HowStuffWorks, November 8, 2010, http://money.howstuffworks.com/atm-
skimming.htm (accessed July 6, 2017).
32. Kim Zetter, That Insane, $81M Bangladesh Bank Heist? Heres What We Know, Wired, May 17, 2016, https://www.wired.
com/2016/05/insane-81m-bangladesh-bank-heist-heres-know/ (accessed June 26, 2017).
33. Spencer Ackerman and Sam Thielman, US Officially Accuses Russia of Hacking DNC and Interfering with Election, The Guardian,
October 8, 2016, https://www.theguardian.com/technology/2016/oct/07/us-russia-dnc-hack-interfering-presidential-election
(accessed June 26, 2017).

90 2018 Index of U.S. Military Strength

34. Tom Hamburger and Karen Tumulty, WikiLeaks Releases Thousands of Documents About Clinton and Internal Deliberations,
The Washington Post, July 22, 2016, https://www.washingtonpost.com/news/post-politics/wp/2016/07/22/on-eve-of-democratic-
convention-wikileaks-releases-thousands-of-documents-about-clinton-the-campaign-and-internal-deliberations/?utm_term=.
c84944ed0527 (accessed June 26, 2017).
35. Andreas Hagen, The RussoGeorgian War 2008: The Role of the Cyber Attacks in the Conflict, AFCEA Cyber Conflict Case
Studies Essay Contest, Second Place Entry, May 24, 2012, http://www.afcea.org/committees/cyber/documents/TheRusso-
GeorgianWar2008.pdf (accessed June 26, 2017).
36. Angel Rabasa, Robert D. Blackwill, Peter Chalk, Kim Cragin, C. Christine Fair, Brian A. Jackson, Brian Michael Jenkins, Seth G.
Jones, Nathaniel Shestak, and Ashley J. Tellis, The Lessons of Mumbai, RAND Corporation, 2009, http://www.rand.org/pubs/
occasional_papers/OP249.html (accessed July 6, 2017).
37. Colin Clark, Carter Details Cyber, Intel Strikes Against Daesh at NORTHCOM Ceremony, Breaking Defense, May 13, 2016, http://
breakingdefense.com/2016/05/carter-details-cyber-intel-strikes-against-daesh-at-northcom-ceremony/ (accessed June 26,
2017).
38. U.S. Department of Defense, Joint Chiefs of Staff, Special Operations, Joint Publication 3-05, July 16, 2014, p. I-1, http://www.dtic.
mil/doctrine/new_pubs/jp3_05.pdf (accessed June 26, 2017).
39. U.S. Department of Defense, Fact Sheet: DoD Cyber Crime Center (DC3), http://www.dc3.mil/ (accessed July 6, 2017).
40. Nakashima and Zapotosky, U.S. Charges Iran-Linked Hackers with Targeting Banks, N.Y. Dam.
41. Paul Thompson, Semantic Hacking and Intelligence and Security Informatics, Conference Paper, International Conference on
Intelligence and Security Informatics, Institute for Security Technology Studies, Dartmouth College, May 27, 2003, https://link.
springer.com/chapter/10.1007/3-540-44853-5_40 (accessed June 26, 2017).
42. U.S. Department of Defense, Joint Chiefs of Staff, Cyberspace Operations, Joint Publication 3-12 (R), February 5, 2013, p. II-5,
http://www.dtic.mil/doctrine/new_pubs/jp3_12R.pdf (accessed June 26, 2017).
43. Australian Government, Department of Defence, Australian Signals Directorate, Strategies to Mitigate Cyber Security Incidents,
February 2017, https://www.asd.gov.au/infosec/mitigationstrategies.htm (accessed July 5, 2017).
44. U.S. Department of Defense, The DoD Cyber Strategy, p. 3. Emphasis in original.
45. U.S. Department of Defense, DOD 101: Overview of the Department of Defense, https://www.defense.gov/About/DoD-101/
(accessed June 26, 2017).
46. The Defense Department procurement process can be confusing and complicated. There are a variety of contract types
each with its own pluses and minuses. The regulations can be daunting since they seem to be the size of the tax code. The
competition for contracts can be fierce. There is a lot of paperwork. Michael Bame, Overview of the DoD Procurement Process,
ThoughtCo., updated August 10, 2016, https://www.thoughtco.com/overview-dod-procurement-process-1052245 (accessed June

26, 2017).
47. U.S. Department of Defense, Joint Chiefs of Staff, Cyberspace Operations, p. ix.
48. U.S. Department of Defense, Department of Defense Strategy for Operating in Cyberspace, July 2011, http://csrc.nist.gov/groups/
SMA/ispab/documents/DOD-Strategy-for-Operating-in-Cyberspace.pdf (accessed July 5, 2017).
49. Andrew Feickert, The Unified Command Plan and Combatant Commanders: Background and Issues for Congress, Congressional
Research Service Report for Congress, January 3, 2013, http://fas.org/sgp/crs/natsec/R42077.pdf (accessed July 5, 2017).
50. Rita Boland, Commands Cybersecurity Crosses Domains, Directorates, Signal, June 1, 2013, www.acyberstrategufcea.org/
content/?q=command%E2%80%99s-cybersecurity%E2%80%A8-crosses-domains-directorates (accessed June 26, 2017).
51. U.S. Strategic Command, U.S. Cyber Command (USCYBERCOM), September 30, 2016, http://www.stratcom.mil/Media/
Factsheets/Factsheet-View/Article/960492/us-cyber-command-uscybercom/ (accessed June 26, 2017).
52. Crowther and Ghori, Detangling the Web.
53. U.S. Department of Defense, The DoD Cyber Strategy.
54. Ibid.

The Heritage Foundation | heritage.org 91