Distilling Clarity: Defining Mission Types and Core Activities in Cyberspace

Estimated reading time 8 minutes

By Christopher H. Chin                                                       

Cyberspace operations today lack a specified set of defined mission types and core activities that align its forces, capabilities, and training across a common operational framework to meet the Joint Force Commander’s desired outcomes. The definitions we depend on to articulate actions in the domain today are not common warfighting terms and are too broadly defined for those outside the community to conceptualize, much less train towards.

Within each operational domain, a defined set of mission types and associated functional activities are the cornerstone by which military forces are organized, trained, and equipped. Despite revolutions in military technology, core missions among military services within the traditional Air, Land, & Maritime domains of have been consistent over time. They form the basis of how a military unit’s designed operational capability (DOC) statement is prescribed, what missions are performed, and ultimately how missions are accomplished.  

Yet, this has not been clearly defined for the cyberspace community in the Department of Defense (DoD). This is not necessarily due to a lack of effort, communication, or engagement between leaders, policy makers, and cyberspace professionals. The fact is that while the employment of cyberspace capabilities is a topic of extensive discussion by academics, politicians, and military professionals alike… descriptions of actions in the domain has always been in abstract means. For example, the term “cyber” has been used as an adjective, noun, and even a verb in the same context in several instances.

OTH, multi-domain operations, emerging security environment

One can make a contextual argument that units are unable to effectively communicate the purpose of action on mission due to the overly homogenized and authorities focused nature of cyberspace “missions.” Using an industry analogy, the DoD has not been able to define “what we produce?” and “how we produce it?” in cyberspace. Today’s cyberspace operations doctrine falls short of defining a set of standardized mission types and core activities required to achieve cyberspace superiority in a time and place of a commander’s choosing. Despite the technology driven nature of modern warfare, the employment and integration of cyberspace capabilities is still met with uncertainty, confusion, and hesitation due to the generalized nature of how we characterize actions within the domain.

This is not simply a lexicon issue. While words do matter, what is truly lost is a common operational framework beginning with establishment of standardized mission types and core activities that govern the employment of cyberspace forces. The lack of standardized operational framework has cascading effects on the force…to include non-standard mission standards, operator qualifications, duplicative training, and misinformed equipping of forces. The perpetual use of non-doctrinal terms coupled with the generalization of actions is not only a disservice to the hard work of today’s operators but ultimately to the joint force which is dependent on cyberspace effects to win in today’s contested and degraded environments.

Using Airpower as an example, mission sets in the air domain required to achieve Air superiority are well defined and understood. Regardless of service, across the Air Force, Army, Navy, and Marines there is common understanding of mission objectives and desired operational outcomes within each mission set. Using the air domain as an example, there are clear platforms, objectives, and outcomes expected of offensive counter-air (OCA), defensive counter-air (DCA), theatre missile defense (TMD), and suppression of enemy air defenses (SEAD) required to produce air superiority. Yet, when it comes to “Cyber Power,” the missions within the domain are cumbersome, overly homogenized, duplicative in description, and segmented based on the authorities rather than mission objectives and desired outcomes.

OTH, multi-domain operations, emerging security environment

Evolving to Mission Types and Core Activities in Cyberspace
Missions in cyberspace today are defined along three primary lines of operation: offense cyberspace operations (OCO), defensive cyberspace operations (DCO), and DoDIN Operations (aka “network operations” – comprised of actions required to operate, secure, and maintaining the domain).” Furthermore, terms such as “internal defense measures” and “response actions” per JP 3-12 are delineated based on the respective authorities required for the mission rather than its actual mission objectives. What if the cyberspace community adopted an operational methodology required to achieve cyberspace superiority much like that of other domains?

OTH, multi-domain operations, emerging security environment

*Cyberspace Mission Types derived from JP 1-02 and portions of existing cyberspace operations lexicon

Adopting an operational approach with defined mission types would clearly inform (1) the desired outcome required of each mission tasking and (2) how a unit should organize, train, and equip in order to accomplish its mission. The continued use of these indiscrete terms as described in JP 3-12 complicates the integration with and contributions of cyberspace forces in modern warfare. It has prevented the community from being able to effectively articulate actions in the domain in specified terms and even communicate amongst tribes within the cyber community itself.

Furthermore, by combining mission types with core activities required to achieve cyberspace superiority, it will help define the “why, what, and how” missions in the domain will be accomplished. Using Special Operations Forces (SOF) doctrine as an example, SOF core activities include:

OTH, multi-domain operations, emerging security environment

While a SOF mission can comprise multiple core activities, no single tactical unit has the capability to execute all activities. A hostage rescue mission may entail: direct action, special reconnaissance, foreign internal defense, information operations, and military information support operations activities. This same principal can hold true within cyberspace operations perspective. Among the core activities within cyberspace may include:

  1. System Administration
  2. Infrastructure (Network) Security
  3. Endpoint Security
  4. Tactical Communications
  5. Mission Protection
  6. Incident Response
  7. Threat Emulation
  8. Software/Capability Development
  9. Access Development
  10. Data Analytics
  11. Cyberspace Attack

When core activities are paired with mission types it provides a clearly defined methodology for how cyberspace forces intend to meet a Joint Force Commander’s operational scheme of maneuver.

In 2014, the United States Air Force produced the “24th AF Defensive Cyberspace Operations (DCO) Concept of Employment” to establish an operational framework to align tactical mission types and their associated functional objectives across the DCO line of operation. By extrapolating from this work to include the broader range of cyberspace operations to include: OCO, and DoDIN Ops, one can preclude the basis of how we should think about the integration and employment of all cyberspace lines of operation towards a common objective (mission type) in a unified manner.

By no means should these be the exact mission types and core activities to be utilized, but via this chart, one can infer that if this concept if expanded across the joint community it will enable cyberspaces forces to clearly delineate the purpose and desired outcome of actions within cyberspace. Furthermore, once mission types are developed it will enable units to refine their DOC mission taskings, thereby providing the foundational basis of a unit’s organization, training, and equipping requirements.

Application of Cyberspace Mission Types and Activities in Multi-Domain Operations
As the DoD transitions towards multi-domain operations (MDO), solidifying an operational framework whereby maneuver and objectives within a domain are defined will be foundational to advancing future warfighting concepts within the cyberspace community. Because the fundamental basis of MDO centers on maneuver doctrine, no longer will it be enough to simply define actions in cyberspace in terms of lines of operations or that of authorities it requires. In this context, we define a domain as what Dr. Jeffrey Reilly, Director of Joint Warfare at the United States Air Force’s Air Command and Staff College, as a “critical macro maneuver space whose access or control is vital to the freedom of action and superiority required by the mission.”

While we can define the cyberspace domain in definitive terms, we currently are unable to describe what constitutes maneuver (mission types) and their associated core activities within the domain with clarity. By defining a standard set of cyberspace mission types and core activities, it will provide an operational framework to define how forces will be able to integrate within a Joint Force Commander’s scheme of maneuver in the context of multi-domain operations. Without defining mission types and core activities within the domain, cyberspace forces are left without an operational framework and lexicon required to integrate effectively into the DoD’s multi-domain warfare strategy.

Major Christopher H. Chin is a student in the Multi-Domain Operations Strategists concentration at Air Command and Staff College. He is a graduate of the USAF Cyber Warfare Weapons Instructor Course and has experience across offensive, defensive, and network operations mission sets at the Squadron, Major Command, Combatant Command, and Interagency levels. Email: christopher.chin.415@gmail.com 

The views expressed are those of the author and do not reflect the views or official policy of the Department of the Air Force, Department of Defense, or any organization in the United States government.

OTH, multi-domain operations, emerging security environment

Leave a Reply