Cyber Defense Review

Notes on Military Doctrine for Cyberspace Operations in the United States, 1992-2014

By Michael Warner | August 27, 2015

As our present theory is to destroy ‘personnel,’ so should our new theory be to destroy ‘command,’ not after the enemy’s personnel has been disorganised, but before it has been attacked, so that it may be found in a state of complete disorganisation when attacked.

-JFC Fuller, “Plan 1919” [1]

Doctrine ranks among those words that may be more used than understood.  In essence, doctrine constitutes the customary way of applying established rules in varying cases.  “Custom” might imply a certain lack of flexibility in dealing with the uncommon or the unforeseen, of course, but it also carries positive aspects.  It prepares one with a set of basic analytical tools, and leaves room for improvisation when necessary.  Improvisation is the watchword; it is what a military establishment does when confronted with a new rival or technology that disrupts not only settled doctrine but the very assumptions underlying concepts of force and power.

Military doctrine has existed at least embryonically since the time of Sun Tzu, but has only been regularized since the Enlightenment.  Sun Tzu wrote in China in the third century, and he sought to give his words perpetual weight by abstracting principles from the wars he described and urging generals and princes to study those principles.  Carl von Clausewitz sought to do likewise, at least for the operational level of conflict, two millennia later in his seminal tome On War.  His writing and mode of analysis have been part of the professional training of officers in many nations since the late 19th Century.   State militaries have particular doctrine or ways of handling issues, but collectively they also inadvertently create a sort of “meta-doctrine” with their common ways of approaching similar military problems.  For instance, the notion of a “combined arms” approach to maneuvering infantry, artillery, and cavalry (later armor) is one that every modern army would recognize, despite local differences in training and tactics.

Studied with care, military doctrine opens a window into the mind of the states that write and apply it, and to the thinking of all states that employ force with a certain level of technical skill.   Doctrine, especially involving new technologies or domains (like the air domain a century ago, or the space domain beginning in the 1960s) tends to follow practice, which follows capability.  It should ideally evolve organically as conditions change and expose shortcomings in earlier versions that are worked out in later manifestations.  In short, people learn by doing, and their successors begin writing doctrine from the lessons they imbibed in order to have something to teach to their own successors.

Military doctrine about cyberspace thus merits our attention.  The United States has written perhaps more than any nation – or at least has allowed more of its military cyber doctrine to be read by the public.  The Department of Defense (DoD) recently released to the public a version of its cyber doctrine, Joint Publication 3-12, Cyberspace Operations.[2]  JP 3-12, however, was not the Pentagon’s first such attempt.  Earlier DoD directives and doctrinal manuals had grappled with the possibilities and problems of projecting power across computer networks, using different terms to describe the issues they identified and the prescribed solutions.  Some of these, such as a formerly sensitive 1992 directive on information warfare recently posted on DoD’s Freedom of Information Act site, merit attention in their own right, and comparison with JP 3-12.  That comparison illuminates not only (literally) obsolete thinking, but also shows a path to understanding the evolution of cyber conflict as well as current military questions about the best ways of raising, organizing, training, and employing cyber forces.


What Kind of Warfare?

In the US military, inter-service doctrine is the province of the Joint Staff, reporting to Chairman of the Joint Chiefs of Staff.  The Joint Staff defines joint doctrine as “[f]undamental principles that guide the employment of United States military forces in coordinated action toward a common objective and may include terms, tactics, techniques, and procedures.”[3]  Writing joint doctrine is an involved process, taking (in some cases) years and involving multiple iterations of comments and revisions before a doctrine is declared to be complete and official.  This process can be laborious for those involved; the more one cares and invests in getting the draft right, the more one suffers.  In addition, it is continuous, as each doctrine publication is periodically reviewed and updated as needed.  The process, however, also has one great virtue:  its final product is authoritative, and can be cited in the confidence that literally every word has been scrutinized and approved.  It is not some wild guess or flash of insight—it is the considered view of the leadership and practitioners of the US Department of Defense, and as such bears a certain gravity.  It is deemed useful to know, and at the very least stands as a touchstone for further development.

Whence came the idea of using force by means of information technology, and how did doctrine for it develop?  As with many things, science fiction seemingly got there first.  William Gibson’s dystopian novel Neuromancer (1984) describes how savants hacked their rivals in the “consensual illusion” of cyberspace, and also how corporations and states fought each other in that digital realm.  The term cyberspace did not catch on immediately, however; rather, it gradually worked its way into US military doctrine, subtly influencing that doctrine as it did.

That process began in the rapid evolution and spread of information technology in the 1970s.  In the midst of the Cold War, this evolution made powerful impressions on both Soviet and American leaders, thinkers, and commanders.  Perhaps taking a page from JFC Fuller’s “Plan 1919” (cited above), the Soviets conceived of “radio-electronic warfare” as a way to interfere with an adversary’s communications channels and nodes, and ultimately his command and control on the battlefield.  DoD pondered the idea for years and adopted it in doctrine in Joint Publication 3-13, Command, Control, and Communications Countermeasures (or C3CM) in 1987.[4]  Ideas like these swiftly found application and seeming validation in the 1991 Persian Gulf War, after which the Pentagon oversaw the creation of DoD-wide policy to establish responsibilities for the new field of “information warfare.”

Deputy Secretary of Defense Donald J. Atwood signed the information warfare directive in late 1992, a few weeks before he left office at the beginning of the President Bill Clinton’s term.  It marked DoD’s first and boldest pronouncement on the topic, although its high classification limited its distribution.  DoDD TS 3600.1 defined information warfare as

[t]he competition of opposing information systems to include the exploitation, corruption, or destruction of an adversary’s information systems through such means as signals intelligence and command and control countermeasures while protecting the integrity of one’s own information systems from such attacks.  The objective of information warfare is to attain a significant enough information advantage to enable the force overall to predominate and to do so quickly.

Atwood’s directive emphasized the necessary interaction and integration of command, control, communications, intelligence, counter-measures, and security functions required to gain military dominance over enemy formations seeking to cause similar harm to US forces.  Indeed, that competition would be fierce, hence friendly forces should be trained and exercised in realistic simulations to “operate successfully in degraded information and communications environments.”   DoDD TS 3600.1 also insisted that commanders be “well-versed in the trade-offs among exploitation, corruption and destruction of adversary information systems; the varying capabilities and vulnerabilities of the various elements of US information systems; and the interaction and interrelationship of the two.”[5]

Chairman of the Joint Chiefs Colin Powell implemented DoDD TS 3600.1 mere weeks after its issuance, but he added a consequential twist in doing so.  Deputy Secretary Atwood had left office that January with the end of President George H.W. Bush’s term.  In the interim, Chairman Powell’s Joint Staff prepared “Memorandum of Policy 30” to provide joint policy and guidance for a new concept, “command and control warfare” (C2W).  Henceforth, in the Chairman’s memorandum, C2W would be “the military strategy that implements Information Warfare (DOD Directive TS-3600.1, 21 December 1992, “Information Warfare”) on the battlefield and integrates physical destruction” [p. 3].  But in implementing DODD TS-3600.1, however, Memorandum of Policy 30 did more than just create a term that had not been used in the original directive.  MOP 30 also added psychological operations and military deception to the list of “principal military actions” supporting command and control warfare [p. 1].  Both of these activities were ancient military practices, and neither had been mentioned nor implied in DoDD TS 3600.1.

The fact that MOP 30 was unclassified and publicly releasable meant that it could not mirror the sensitive DoDD TS 3600.1 (which shows redactions even now), but that does not fully explain the differences between the two documents.  Both DoDD TS 3600.1 and Memorandum of Policy 30 focused on military-to-military conflict and suggested the US military would now target the quality as well as the flow of information available to enemy commanders.[6]  Yet the two documents differed significantly not only in tone and emphasis but even in subject matter.  Deputy Secretary Atwood’s directive on information warfare was a call to arms, so to speak, warning of the “competition of opposing information systems” seeking to exploit, corrupt, and destroy one another, and ordering the US military to prepare now to fight and endure this new type of warfare.  Chairman Powell’s memorandum, by contrast, lacked the urgency but instead emphasized the opportunity and hence the need to incorporate new and old techniques in a synergistic fashion into conventional plans and operations.  These differences were significant enough to raise questions (which cannot be answered here) about the intent behind a document that could be interpreted as a subtle contravention of civilian policy guidance.

Only in 1996 was the Joint Staff ready to issue formal, joint doctrine for operations in this new field of “Information Warfare.”   This first doctrinal definition came in the form of Joint Doctrine for Command and Control Warfare (C2W) in early 1996.[7]   JP 3-13.1 opened on an equivocal note:

This publication concentrates on command and control warfare (C2W) and is not intended to present comprehensive doctrine for the broader concept of information warfare (IW). It introduces and defines IW in general terms with the objective of clarifying its overarching relationship to C2W. The scope of C2W is defined in the Chairman of the Joint Chiefs of Staff Memorandum of Policy 30, but the full dimensions of IW policy and its implementation are still emerging [p. 1].

This implied, a little disingenuously in the light of DoDD TS 3600.1, that the Pentagon had not made up its collective mind about the larger field of information warfare.[8]  IW was presented as a whole-of-government affair that could support national interests but had to work in cooperation with a broad range of stakeholders:  “IW supports the national military strategy but requires support, coordination, and participation by other United States Government (USG) departments and agencies as well as commercial industry” [p. I-4].  Command and Control Warfare, the ostensible subject of JP 3-13.1, was described as but one category of IW:

C2W is the integrated use of PSYOP, military deception, operations security (OPSEC), Electronic Warfare (EW), and physical destruction, mutually supported by intelligence, to deny information to, influence, degrade, or destroy adversary C2 capabilities while protecting friendly C2 capabilities against such actions. C2W is an application of IW in military operations and is a subset of IW. C2W applies across the range of military operations and at all levels of conflict. C2W is both offensive and defensive. [p. I-5]


Though implicitly uncertain about information warfare, JP 3.13.1 expressed the confidence of a nation with the world’s most powerful military, a booming technology-based economy, and no peer competitors in global affairs:

In the post-Cold War era, US military forces are tasked with a wide variety of missions, from disaster relief to peacekeeping to fighting a major regional conflict. Historically, the US military has relied on technology as a force multiplier to accomplish assigned missions as efficiently as possible while preserving human life and limiting the destruction of property.  The use of sophisticated information technologies as a force multiplier is the latest example of this trend.  [p. I-3]

This reliance on new, networked communications and information technologies created both advantages and problems for America’s armed forces and—adding a note of caution not present in the earlier documents discussed above—for the nation as a whole:

The growing worldwide dependence on sophisticated and interconnected information systems affords significant opportunities and vulnerabilities. Technological developments in electronics, communications, electro-optics, and computer systems, together with the synergistic application of established disciplines like psychological operations (PSYOP) and military deception, offer improved capabilities to accomplish combatant commander’s missions. Although these technologies and techniques offer a significant increase in the efficient application of military power, they also increase the risk to military forces or even entire societies if information infrastructures are not protected. [p. I-3]

Specifically, the US military now depended on civilian infrastructure, but in ordinary circumstances DoD could not act directly to protect those key resources that the joint force commander needed to perform his missions:

Although DOD information flows depend on civil information infrastructures, the protection of these infrastructures falls outside the authority and responsibility of the DOD.  A USG interagency effort is necessary to coordinate the protection of civil information infrastructures critical to DOD interests. Offensive IW actions also require interagency deconfliction and cooperation. [p. I-4]

But how would this work?  That vulnerability of DoD information and infrastructure had come about in recent years precisely because of the standardization and global spread of computer networks linked by the Internet—and the Internet’s startling deficit of security.  JP 3-13.1 recognized that “computer-based networks” had become vital to information systems and thus to modern war.  Yet computers were not listed among JP 3-13.1’s “Elements of C2W” [see p vi].  They were mentioned in several places, and the authors dwelled on the problems of computer security and computers’ vulnerability to disruption [e.g., p. I-6].  There was little in JP 3-13.1 besides this vague enthusiasm for and warning about information warfare operations that might target computers.  JP 3-13.1 reminded commanders at several points that computers could help them analyze situations and train their forces, but told a commander little about how computers can actually affect adversary computers or information systems.  Interestingly, JP 3-13.1 made virtually no mention of two terms:  “information operations,” and “computer network attack.”  Neither phrase existed yet in the joint doctrinal lexicon as of February 1996.  That would soon change.


Softening the Terms

The equivocation over information warfare and its incongruities with C2W could not continue forever.  In addition, both terms sounded bellicose.  Later in 1996 the Pentagon took a step to mitigate these concerns, re-christening both terms as fields of “Information Operations” (IO).  Deputy Secretary of Defense John P. White accomplished this in a then-classified DoD-wide directive (DoDD S-3600.1) in December 1996.  White defined Information Operations as “ctions taken to affect adversary information and information systems while defending one’s own information, and information systems.”  The new term essentially amounted to a transfer of February’s definitions of Information Warfare to December’s phrase, hence there is no other conclusion than that the move was cosmetic and perhaps even political (though not partisan) in its motives.  In other words, the replacement of Information Warfare by Information Operations seemed to reflect sensitivity to foreign and domestic concerns about potential “militarization” of the Internet and was not dictated by military necessity or advantage.  Deputy Secretary White’s directive did make one significant addition, however, by introducing the concept of “computer network attack,” which it defined as “[o]perations to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves.”[9]

DoDD S-3600.1 ordered the Chairman of the Joint Chiefs of Staff to “[e]stablish doctrine to facilitate the integration of IO concepts into joint operations.”[10]  This Chairman Henry H. Shelton (USA) did with a revision and extension of JP 3-13.1.   The resulting document, Joint Doctrine for Information Operations (Joint Publication 3-13), emerged in October 1998 to implement the new concept of Information Operations.[11]  JP 3-13 sought to avoid a simple re-labeling of terms, and thus depicted IO as a broadening of IW, which now became a wartime tool (viz. “IO conducted during time of crisis or conflict (including war) to achieve or promote specific objectives over a specific adversary or adversaries”).[12]   The major capabilities of IO in JP 3-13 remained the same as C2W in MOP 30 and IW in JP 3-13.1, and were now phrased as “OPSEC, PSYOP, military deception, EW, and physical attack/destruction.” [p. I-9]  The new document also tried to establish “where” Information Operations took place:  in the “information environment,” which JP 3-13 expansively described as “[t]he aggregate of individuals, organizations, or systems that collect, process, or disseminate information; also included is the information itself.”   [p. GL-7]

Now, however, the offensive set of Information Operations capabilities “could include” computer network attack (CNA).  JP 3-13 repeated S3600.1’s definition of CNA as  “[o]perations to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves.”[13]  CNA was not further explained in the body of JP 3-13, which reserved that task for an appendix that apparently has not been declassified.  That makes it difficult to determine what was meant and how, but some hint can be gleaned from a Pentagon-published news article publicizing JP 3-13:  “The United States military is under almost daily attack.  DoD routinely detects 80 to 100 “cyberincidents” on computer systems each day. The department is experiencing sophisticated computer challenges now.”  The article cited Air Force Brig. Gen. Bruce A. Wright, the Joint Staff’s deputy director of Information Operations, explaining that “[t]he threat of cyberwarfare is real.”  While “[w]e haven’t seen severe impacts on our military capability,” Wright noted “[w]e have seen enough intrusion via telecommunications links or computer network attack, that it certainly makes us watchful.  Computer network attack is a real threat.”[14]

            JP 3-13 featured a curious omission:  it made no mention of “cyberspace” or cyber concepts (though Brig. Gen. Wright had in his remarks).  Nor did it yet mention “computer network defense,” a term in growing circulation in DoD at the time.  Its shift from Information Warfare to Information Operations, while undertaken for political (or at least non-military) reasons, however, had important  consequences.  First, it furthered the development of doctrine by opening the door to the refinement of CNA.  It also limited that refinement to the field of information operations, a grab bag of potentially useful capabilities that the Pentagon meant for commanders to employ.  With no positive guidance how to do so, however, CNA appeared to be akin to deception and psychological warfare as a mere supplement to more directly effective “kinetic” capabilities.  Conceived of in this way, CNA promised much, but could deliver little.


War by Computers?

JP 3-13 underwent an overhaul several years later, incorporating the American military’s hard-won lessons from fighting in Afghanistan and Iraq as well as from enduring troublesome computer probes apparently sponsored by other states.  The result of these experiences was Joint Publication 3-13, Information Operations (2006).[15]  The new JP 3-13 explained at the outset that it implemented major doctrinal changes spurred by the seminal 2003 Department of Defense plan called Information Operations Roadmap.[16]  The Roadmap, with a Foreword by Secretary of Defense Donald Rumsfeld, had instructed the military to regard Information Operations as more than an “enabler of current military forces.”  IO would now be a “core capability of future military forces” and be “fully integrated into deliberate and crisis action planning and capable of executing supported and supporting operations.” [pp. 1-2]  JP 3-13 sought to promote that objective by ensuring that “all of the capabilities comprising IO are effectively coordinated and integrated into our nation’s warfighting capability against current and future threats.” [p. xvi]  In essence, Information Operations would now be not merely an instrument to be used when exerting force but a full-fledged mode of military power.  Information Operations would also take place, at least partly, in the new domain of “cyberspace” [pp. 51, 52].

The opening pages of the 2006 version JP 3-13 summarized the document’s major changes from its 1998 predecessor.  These included several of direct relevance to cyberspace operations.  In its own words, the new JP 3-13:

  • Discontinues use of the terms “offensive IO” and “defensive IO” but retains the recognition that IO is applied to achieve both offensive and defensive objectives.
  • Removes information warfare as a term from joint IO doctrine.
  • Updates the descriptions and interrelationship of the five core IO capabilities (electronic warfare, computer network operations, psychological operations, operations security, and military deception) and their associated supporting and related capabilities.
  • Establishes the core capability of computer network operations, consisting of computer network attack, computer network defense, and computer network exploitation. [p. iii]


The latter two points marked a kind of elevation for computer network attack.  Computer network operations (CNO) were now classed among the “five core IO capabilities” that worked, “in concert with specified supporting and related capabilities, to influence, disrupt, corrupt, or usurp adversarial human and automated decision making while protecting our own.”[17]  JP 3-13 explained in a later section that

CNO is one of the latest capabilities developed in support of military operations. CNO stems from the increasing use of networked computers and supporting IT infrastructure systems by military and civilian organizations. CNO, along with EW, is used to attack, deceive, degrade, disrupt, deny, exploit, and defend electronic information and infrastructure. [pp. II-4 and II-5]

The broad category of computer network operations, moreover, possessed offensive, defensive, and intelligence and enabling modes.  The new JP 3-13 added two sub-categories to the older specialty of computer network attack.  Computer network defense (CND) actions protected DoD systems from external threats and also from “exploitation from within”; they were now “a necessary function in all military operations.”  Computer network exploitation (CNE) constituted “enabling operations and intelligence collection capabilities conducted through the use of computer networks to gather data from target or adversary automated information systems or networks.” [p. II-5]

Information Operations could be and almost certainly would be utilized by any adversary, and therefore had to be recognized as a serious factor affecting the plans of battlefield commanders and the national interest of the United States:

regardless of their size, adversaries, including terrorist groups, can counter US efforts through propaganda campaigns, or develop, purchase, or download from the Internet tools and techniques enabling them to attack US information and information systems which may result in tangible impacts on US diplomatic, economic, or military efforts. [p. I-4]

As the mention of “Internet tools and techniques” hinted, the capabilities provided by cheap, ubiquitous, and global computing power had concretely added to the threats facing the United States and its forces.  Where the 1998 version of JP 3-13 had recognized the potential for computer network attacks on critical infrastructure in the United States, the new JP 3-13 hinted at the reality that adversaries were already utilizing the Internet against American forces and interests:

The increasing reliance of unsophisticated militaries and terrorist groups on computers and computer networks to pass information to [command and control their] forces reinforces the importance of CNO in IO plans and activities. As the capability of computers and the range of their employment broadens, new vulnerabilities and opportunities will continue to develop. This offers both opportunities to attack and exploit an adversary’s computer system weaknesses and a requirement to identify and protect our own from similar attack or exploitation. [II-5]


Ironically, recognizing “the importance of CNO in IO plans and activities” would soon lead to the retirement of CNO as a doctrinal category.  Clues to why this happened can be glimpsed in the 2006 JP 3-13’s heroic ambiguity over what it called “the information environment.”  The new JP 3-13 did add specificity to the description of the information environment that had been attempted in the 1998 JP 3-13 (see above).  In 2006 the information environment denoted some thing or some place “where humans and automated systems observe, orient, decide, and act upon information, and is therefore the principal environment of decision making.”  But where was that “where”?  It was everywhere and nowhere, and partly in human minds:  “Even though the information environment is considered distinct, it resides within each of the four domains [i.e., “air, land, sea, and space”]. The information environment, moreover, was “made up of three interrelated dimensions: physical, informational, and cognitive.” [p. I-1]

The information environment also included “cyberspace,” which was the “notional environment in which digitized information is communicated over computer networks.” [p. GL-6]  This quite simply contradicted the most recent National Military Strategy (dated 2004, but released in March 2005), which had recognized cyberspace as a “domain” of conflict.[18]  The National Military Strategy had noted that “dversaries threaten the United States throughout a complex battlespace, extending from critical regions overseas to the homeland and spanning the global commons of international airspace, waters, space and cyberspace.” (page 5)  The Department of Defense was therefore obligated to “secure strategic access” (p. 1) to those global commons, which in fact constituted the physical and virtual access routes to the theaters where threats against the United States manifested themselves:

The Armed Forces must have the ability to operate across the air, land, sea, space and cyberspace domains of the battlespace.  Armed Forces must employ military capabilities to ensure access to these domains to protect the Nation, forces in the field and US global interests.  (p. 18)

Although the notion of cyberspace as a “global commons” would seem to have been a misnomer (since all of the physical infrastructure of cyberspace is in fact owned by someone, and thus not a true “commons”), the concept of cyberspace as a domain of conflict would endure.  Indeed, it soon proved too complex and important to remain a component of Information Operations as IO doctrine.


Joint Publication 3-12, 2013

The actual practice of cyberspace operations in the years after 2006 forced the resolution of this mismatch between policy and doctrine.  The Joint Staff issued its next revision of JP 3-13 in November 2012, and though the details of its reformulation of Information Operations doctrine lie beyond the scope of this essay, it suffices to mention that the new version quietly abandoned the idea that computer network operations represented a core IO capability.[19]  Indeed, CNO, CNA, CND, and CNE all but vanished from the new JP 3-13; each appeared only to carry the explanation that it had been “Approved for removal from JP 1-02” (i.e., the Joint Staff’s authoritative dictionary of joint military terms). [p. GL-3]  Cyberspace operations are now counted among the “many military capabilities that contribute to IO and should be taken into consideration during the planning process.” [p. II-5]

The Joint Staff had not forgotten doctrine for cyberspace operations.  An entire publication dedicated to them appeared just four months later:  Joint Publication 3-12, Cyberspace Operations.[20]  The JP 3-12 number had long been devoted to doctrine for joint nuclear operations, but now (perhaps with a subtle implication) the Joint Staff re-purposed it for the US military’s first joint doctrine for operations in cyberspace.  This new JP 3-12 began by taking pains to explain the doctrinal evolution that had just unfolded.  Cyberspace and information operations are often complementary, but cyberspace operations (CO) employ capabilities “to create effects which support operations across the physical domains and cyberspace,” while information operations in contrast employ “information-related capabilities…to influence, disrupt, corrupt, or usurp the decision making of adversaries and potential adversaries while protecting our own.”  A doctrinal shift had occurred:

This relationship represents an evolution both in IO, transitioning from a collection of capabilities to a broader integrating function focused on the adversary, and in CO, evolving from its computer network operations roots into a way to operationally integrate CO within joint operations. In the past, CO have been considered a subset of IO and those operations incorporated in the terms of computer network operations, computer network attack, computer network defense, and CNE.  [pp. I-5 and I-6; emphasis added]

The highlighted phrases marked the end of DoD’s temporary conception of cyberspace operations as a subset of information operations.

JP 3-12 moved beyond the re-classification of computer network operations and its associated sub-categories to a new terminology that more accurately described the purposes and scope of cyberspace operations.  Such operations would now perform three kinds of missions:  offensive (“intended to project power by the application of force in and through cyberspace”); defensive (“intended to defend DOD or other friendly cyberspace”); and sustaining (of DoD systems).  Offensive missions are authorized like all “operations in the physical domains, via an execute order.”  Defensive missions can be either passive or active (and can even create effects outside DoD networks that “ rise to the level of use of force”). [pp. II 2-3]  The commander conducts these missions using four basic kinds of cyberspace actions.  Two of which—cyberspace defense and cyberspace attack—will sound familiar to readers used to the old CND and CNA of earlier joint publications.  The latter two, however, are novel, and correspond to the old CNE category.  They are as follows:

(2) Cyberspace ISR. An intelligence action conducted by the JFC authorized by an EXORD or conducted by attached SIGNT units under temporary delegated SIGINT operational tasking authority. Cyberspace ISR includes ISR activities in cyberspace conducted to gather intelligence that may be required to support future operations, including OCO or DCO. These activities synchronize and integrate the planning and operation of cyberspace systems, in direct support of current and future operations. Cyberspace ISR focuses on tactical and operational intelligence and on mapping adversary cyberspace to support military planning. Cyberspace ISR requires appropriate deconfliction, and cyberspace forces that are trained and certified to a common standard with the IC. ISR in cyberspace is conducted pursuant to military authorities and must be coordinated and deconflicted with other [US Government (USG)] departments and agencies.

(3) Cyberspace Operational Preparation of the Environment. OPE consists of the non-intelligence enabling activities conducted to plan and prepare for potential follow-on military operations. OPE requires cyberspace forces trained to a standard that prevents compromise of related IC operations. OPE in cyberspace is conducted pursuant to military authorities and must be coordinated and deconflicted with other USG departments and agencies. [pp. II-4- 5]


These new types of actions reflect a significant maturation of a cyberspace doctrine.  They are not the last word, but they advance the conversation in a more realistic manner than the over-broad category of Information Operations.



“…whatever the man called each of them would be its name.” [Genesis 2:20]

Doctrine is the application of principles, and not the principles themselves.  As we have seen, doctrine can and does shift for a range of reasons, such as technological advances, foreign developments, and even political concerns.  It does not always proceed in a neat, linear fashion.  Indeed, the story told here can be read as a twenty-year detour in the development of doctrine for cyberspace operations.  Taken together, JP 3-12 of 2013 looks like a logical outgrowth of Deputy Secretary Atwood’s 1992 directive on information warfare.  Such a depiction is only possible, however, if one overlooks a winding series of directives and joint publications on “command and control warfare” and “information operations.”  A raft of terms, concepts, and organizations that arose in response to Chairman Powell’s 1993 decision to create C2W and IO were swept away twenty years later.  The publicly available documentary record is still too thin to say exactly what happened and why, however, and so any conclusions drawn from this chain of events must be considered tentative for now.

The shift should not obscure an important consistency across the period in question.  The perception of the environment for computer operations (interlocking digital networks utilized by both friend and foe for data creation, transmission, and storage) remained consistent over two decades; there’s not much change between the depiction of it in JP 3-13.1 of 1996 and JP 3-12 in 2013.  Indeed, the real change was to declare—in doctrine—that its digital manifestation would henceforth be a domain called “cyberspace.”  Once that conceptual step was accomplished, it then made sense to treat operations in that domain as distinguishable from other operations by the distinct and unique combination of characteristics that commanders, policymakers, and private individuals encounter daily in the cyberspace domain.  It also became easier to contemplate—again, in doctrine—that information technology had created more than a wide range of new tools and opportunities for militaries to fight one another.  It had indeed given rise to an unprecedented field of conflict hinted at in 1992 and seemingly closer today:  a venue where combatants can use force and even cause destruction in order to get their way without employing kinetic weapons.



[1]      JFC Fuller, Plan 1919,; this is from the first version, dated May 24, 1918, which was apparently titled “Strategic Paralysis as the Object of the Decisive Attack,” and reprinted as Plan 1919 in JFC Fuller, Memoirs of an Unconventional Soldier, 1938; accessed 1/1/15 at  The passage here was quoted in Joint Chiefs of Staff, Joint Doctrine for Command and Control Warfare (C2W), Joint Publication 3-13.1, February 7, 1996; accessed December 31, 2014 at see page I-1.

[2]      Joint Chiefs of Staff, Joint Publication 3-12, Cyberspace Operations, February 5, 2013, [released in redacted form in late 2014]; accessed December 28, 2014 at

[3]    Joint Chiefs of Staff, Joint Publication 1-02, Department of Defense Dictionary of Military and Associated Terms, November 8, 2010 (amended December 15, 2014); accessed February 9, 2015 at

[4]     Joint Chiefs of Staff, Command, Control, and Communications Countermeasures, Joint Publication 3-13, September 10, 1987.  See also MAJ Christopher W Lowe, US Army, “From ‘Battle’ to the ‘Battle of Ideas’: The Meaning and Misunderstanding of Information Operations,” School of Advanced Military Studies, United States Army Command and General Staff College, Fort Leavenworth, Kansas, December 10, 2010, pp. 17-25; accessed February 9, 2015 at

[5]     Donald J. Atwood, Deputy Secretary of Defense, “Information Warfare,” Department of Defense Directive (DoDD) TS 3600.1), December 21, 1992; DoD’s Freedom of Information Act office posted this document with redactions on June 20, 2014 and it was accessed February 10, 2015 at

[6]     Chairman of the Joint Chiefs of Staff, “Command and Control Warfare,” Memorandum of Policy Number 30, March 1993,

[7]      Joint Chiefs of Staff, Joint Doctrine for Command and Control Warfare (C2W), Joint Publication 3-13.1, February 7, 1996; accessed December 31, 2014 at

[8]     Indeed, JP 3-13.1’s definition of information warfare did not match that of DoDD TS 3600.1 (cited above):

  1. IW is defined as actions taken to achieve information superiority by affecting adversary information, information-based processes, information systems, and computer-based networks while defending one’s own information, information-based processes, information systems, and computer-based networks. The use of the word “warfare” in the term IW should not be construed as limiting IW to a military conflict, declared or otherwise [see p. GL-8].

[9]      John P. White, Deputy Secretary of Defense, “Information Operations,” Department of Defense Directive S-3600.1, December 9, 1996; this was originally classified but later released with redactions; accessed February 9, 2015 at

[10]    Ibid., p. 7.

[11]    Joint Chiefs of Staff, Joint Doctrine for Information Operations, Joint Publication 3-13, October 9, 1998; accessed December 31, 2014 at

[12]    Ibid., p. I-1.  C2W now was the offensive toolkit of IO:  “Command and control warfare (C2W) is an application of IO in military operations that specifically attacks and defends the C2 target set. The capabilities and activities employed in C2W (psychological operations (PSYOP), military deception, operations security (OPSEC), electronic warfare (EW), and physical destruction), as well as other less traditional methods focused on information systems, can be employed to achieve broader IO objectives that are outside the C2 target set”; see p. I-4.

[13]    Reflecting the novelty of CNA, the definition added parenthetically “This term and its definition are approved for inclusion in the next edition of Joint Pub 1-02.”  JP 3-13 also defined “computer security”  as “The protection resulting from all measures to deny unauthorized access and exploitation of friendly computer systems. Also called COMPUSEC.”  See p. GL-5.

[14]    Jim Garamone, “Joint Staff Releases Information Operations Doctrine,” American Forces Press Service, March 10, 1999; accessed December 31, 2014 at news/newsarticle.aspx?id=41611

[15]   Joint Publication 3-13, Information Operations, February 13, 2006; accessed December 30, 2014 at .  Compare this with another document from later the same year, Chairman of the Joint Chiefs of Staff, National Military Strategy for Cyberspace Operations, December 2006;

[16]    Department of Defense, Information Operations Roadmap, October 30, 2003, which was originally classified but  declassified and released in 2006; accessed January 2, 2015 at

[17]    Ibid., pp. Iii, ix; CNO supplanted “physical destruction” as a core C2W/IW/IO capability, to leave five in total.

[18]    Chairman of the Joint Chiefs of Staff, The National Military Strategy of the United States of America, 2004; accessed January 3, 2015 at

[19]    Joint Chiefs of Staff, Joint Publication 3-13, Information Operations, November 27, 2012; accessed December 31, 2014 at

[20]    Joint Chiefs of Staff, Joint Publication 3-12, Cyberspace Operations, February 5, 2013; accessed January 3, 2015 at  This was originally classified but released to the public in an abridged version in late 2014.