Can the Warfare Concept Of Manoeuver Be Usefully Applied In Cyber Operations?

Although the cyber domain has several unique characteristics, the timeless principles of manoeuver warfare can still be readily applied as in the conventional domains of land, maritime, air, and space. Maneuver in cyberspace also leverages many of the same techniques, tactics and procedures (TTPs) as the conventional domains, but with some notable difference, herein explored. For the purpose of this article, the intent of maneuver warfare is to ensure the tactical mobility of capable friendly forces and deny it to the adversary in order to place him at a tactical disadvantage.

I also stipulate that movement to and within a theater is a given, thereby focusing our analytical effort on cyber maneuver at the tactical within a theater of operations, though crossing domains. Because cyberspace is a man-made domain that is both virtual and physical, the specific TTPs are distinct, yet they can largely exist within established conceptions of maneuver warfare. As cyberspace is physical, logical, and human in nature, it is possible to maneuver to exploit vulnerabilities at each of these levels.

A first principle must be that maneuver across the conventional domains should incorporate cyber operations as interchangeably as any cross-domain coordinated action. Further, consistent with existing Army doctrine, the principles of coordinated and joint maneuver are facilitated by cyber operations, to include across domains. Finally, cyber operations represent an integration element as well as a force-multiplier in joint and combined operations, provided they are properly considered in the initial planning phases, such as the Joint Operational Planning Process (JOPP). If only considered as an afterthought, however, cyber operations will likely be substantially less fruitful yield diminished effects.  Subsequent to the planning process, cyber maneuver is an iterative effort and must be continually synchronized with the joint force and other related elements both during the planning process and execution phase.

There are many more similarities than differences and the majority of maneuver principles in the physical realm have surprisingly close virtual analogs. The concept of key terrain is a crucial one for any study of maneuver principles. In land warfare, identifying, seizing and holding key terrain is of critical importance. This remains true in the cyber realm, but with some notable caveats. First, cyber operations can help commanders actually change some of the virtual key terrain itself. Secondarily, unlike land warfare, cyber operations can be present on key terrain (and perhaps hold it) without the enemy identifying this presence, or understanding its hold over the key terrain. In this sense, the maneuver principle of observation can be both closer and concealed in the virtual realm. Further, maneuver is often considered as the opposite side of the warfare spectrum from attrition.

In the Cyber domain, attrition might be considered as persistent DDoS attacks or similar “mass-centric” approaches.  For instance, saturating a particular target with field artillery or requests for data or service (DDoS) yields a similar result when the target becomes ineffective at performing its key function (mission incapable). While brute-force attrition has a record of success in the cyber domain, arguably maneuver is a more sophisticated and efficient use of use of resources.

Executing cyber maneuver involves positioning (likely re-positioning) forces or assets to exploit the enemy’s weakness or vulnerability. This requires several steps:

First, understanding how and where enemy is vulnerable. This can be accomplished through previous intelligence collection, or by going through a testing process  (probing networks and connections) and evaluating responses. This step might be called Intelligence Preparation in the Cyber Domain (IPCD). Notably, ISR as a pre-requisite for tactical maneuver is also distinctive in cyber operations because the coordination process and domain are shared with other intelligence agencies.

Second, initiation of maneuver requires the strength and capacity to execute so that vulnerability may be exploited with follow on operations. This requires the speed and agility to position and reposition forces within the limited time the identified vulnerability is exploitable. If too much time elapses, the advantage is lost. The physical analog may be the maneuver principle in which exploitation of gains is possible after penetration of enemy defenses. Notably, in the cyber realm capital assets can often be replicated and repaired faster than capital assets in traditional warfare, as well as dispersed for force protection considerations.

Third, in order to be able to move faster than the enemy, command and control (C2) must be properly functioning and, of course, redundant. Fourth, there is a counter-intelligence function: keeping friendly vulnerabilities and limitations hidden from the enemy. Finally, cyber deception (as distinct from security as well as intelligence collection) has a role to play in masking movement that is either “on network” or physical.

Maneuver principles also assume a larger strategy at work, with a pre-identified end state. Cyber maneuver also requires identification of its role in the desired outcome. For instance, in traditional conflict, success might be defined as killing or capturing an enemy and/or impeding its will or ability to fight. However, in cyber operations it may be best to consider a spectrum of degradation instead of kill / capture / hold terrain. A cyber maneuver may involve degrading enemy network operations, plans, C2, (lines of communication, or similar) which would retard the enemy’s operational tempo, which, in turn, retards initiative.

Once the opponent loses the initiative, other forms of warfare can exploit the reversal of fortune. In this way cyber operations can be understood as more than its own form of maneuver, but as an integrated piece of the combined effort. Thus, maneuver in cyberspace, while possible in a vacuum, should principally be understood as both a force multiplier for joint warfare, as well as an integration element in as much as the virtual and physical domains consistently intersect with each other.

Although this article seeks to emphasize that cyber maneuver has similar characteristics to land maneuver, it is useful to highlight the following important distinctions: expect that land warfare maneuver, with certain emergency contingencies, will not take place on sovereign US territory. In contrast, cyber maneuver is likely to be initiated in the United States if led by a national level organization. However, it will more than likely take place on commercial assets that will not be wholly owned or controlled by the US government or US-based corporations. Additionally, because the US military controls the overwhelming majority of kinetic functions, coordination and synchronization on the battlefield can be accomplished only partially by the JOPP process.

Thus, when a land warfare commander seeks to maneuver land-based forces, it is understood he controls all military elements in the operational area. However, in the case of cyber operations, deconfliction must also include consideration of other federal agencies and departments. This is a unique characteristic of maneuver in cyber operations and thus, the JOPP process, while necessary, is insufficient for cyber maneuver coordination. Finally, the diffused nature of the Internet and DoD networks means that it is highly likely that cyber maneuver will span multiple geographic combatant commanders Areas of Responsibility (AORs). This is simply due to the physicality of networked cables and lines, most cyberspace operations are trans-regional, even if their intended effects are localized. As with UAVs, although the operators may be geographically removed, they must be as closely looped into the planning process as if they were physically proximate.

Cyber operations can have outsized effects on the battlespace when employed effectively with other DoD assets. For instance, cyber operations can pre-empt an enemy’s command and control nodes, can supplement intelligence collection, and can disrupt an opponent’s strategy by wreaking havoc in an enemy’s decision-making centers. In isolation, there are acceptable outcomes depending on the desired end state, but in coordination with land maneuver, cyber operations yield synergistic results.

As with any type of warfare, considerations of the capabilities that cyber operations offer as well as an appreciation of its distinctions and limitations is key for maximizing maneuver in the cyber domain. The more cyber operations are seen by commanders as artificially distinct from the other conventional domains, the more likely this is to be the case, and with a corresponding degradation in synergistic real-world effects. Consideration of the basic principles of maneuver warfare should be part of every movement and strategy at every level of level of warfare. The challenge — like operating in other domains — is integration, cooperation (including OPCON, TACON, identifying supported and supporting commanders) and unity of effort. Application to the cyber domain requires each supporting and supported commander to consider their cyber limitations as well as how their opponent may present exploitable cyber vulnerabilities. Thus, military commanders should consider maneuver in cyberspace as an element of combat power to seize and exploit the initiative.

With the creation of US Cyber Command and the various service cyber commands, cyber operations are on the precipice of changing our understanding of cross-domain warfare. Although increasingly recognized as an essential tool in the commander’s arsenal, deliberate consideration of cyber maneuver in the initial planning process remains a core task. Without a solid grasp of what cyber maneuver can (and can’t) do for the battlespace commander, cyber operations will be limited not by resources or technical limitations, but by the imagination of those who wield it.

Cyber Defense Review: http://bit.ly/1OrDSaG

Author - Dr. David Gioe is Assistant Professor of History at the United States Military Academy at West Point.

 

« ISIS Has a New Secure Messaging App
Mandatory Requirement on Business To Disclose Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Security Stronghold

Security Stronghold

Security Stronghold is focused on protecting computers from malicious programs like viruses, Trojans, spyware, adware, trackware, keyloggers and other kinds of online threats.

Research Institute in Trustworthy Industrial Control Systems (RITICS)

Research Institute in Trustworthy Industrial Control Systems (RITICS)

RITICS is one of three Research Institutes formed as part of the UK National Cyber Security Strategy.

Infrascale

Infrascale

Infrascale specialise in providing cloud backup and disaster recovery services.

Second Nature Security (2NS)

Second Nature Security (2NS)

2NS provide vulnerability assessment, penetration testing, security audit, application and network security and secure software development processes.

BitRaser

BitRaser

BitRaser serves your needs for a managed & certified data erasure solution that can support internal & external corporate audit requirements with traceable reporting.

Information & eGovernment Authority (iGA) - Bahrain

Information & eGovernment Authority (iGA) - Bahrain

The Information & eGovernment Authority facilitates many services catering to different parts of the community within the IT sector in Bahrain including information security.

Dathena

Dathena

Dathena is a company developing data governance software based on machine learning algorithms.

Apozy

Apozy

Apozy replaces a secure web gateway to nullify phishing, malware and impersonation attacks.

DeepView

DeepView

DeepView delivers a unified platform for managing risk on digital platforms. One interactive secure portal allowing employees to engage their networks securely and compliantly.

VectorUSA

VectorUSA

VectorUSA is a premier technology solution provider. We design, build and maintain cybersecurity, data center, wireless and managed solutions – transforming business needs into technology solutions.

UnderDefense

UnderDefense

UnderDefense provides cyber resiliency consulting and technology-enabled services to anticipate, manage and defend against cyber threats.

SIA Group

SIA Group

SIA Group, an Indra company, combines Consulting, Systems Integration and Managed Services in four specialized business areas: Information Security, Storage, IT Management and IT Mobility.

SecureLayer7

SecureLayer7

SecureLayer7 is an international provider of integrated business information security solutions with an innovative approach to IT security.

DC Two

DC Two

DC Two are a locally operated and supported Australian data centre, offering a suite of vertically integrated services covering every part of the data centre and cloud technology stack.

Zally

Zally

Using advanced behavioural biometrics and AI, Zally is the world's answer to next-generation security.

TisOva

TisOva

TisOva is an innovative cybersecurity startup dedicated to addressing the growing issue of online scams targeting students.