Cyberspace and Electronic Warfare Operations Fundamentals
Cyberspace and Electronic Warfare Operations Fundamentals
Cyberspace and Electronic Warfare Operations Fundamentals
1-8. Protecting the DODIN and friendly EMS includes controlling communication signatures in the EMS. There is a correlation to
activities in cyberspace and those in the EMS. Current communications systems transfer data in the EMS as one of the transport
methods, leaving signatures of activities. Identifying, attributing, and affecting the activity (in or through cyberspace or the EMS)
can have detrimental effects on the operations of the entity attempting to communicate. Commanders stand to gain an advantage
over an enemy or adversary by maintaining superiority in cyberspace and the EMS, whereas the reverse can threaten friendly
systems if the proper security, defense, and protection measures are not in place.
Figure 1-1. Visualization of cyberspace and the electromagnetic spectrum in an operational environment
1-11. Cyberspace and the EMS are essential for Army operations and are inherently joint, inter- organizational, multinational, and
commercial. All Army operations, missions, activities, and functions use cyberspace. Cyberspace superiority is the degree of
dominance in cyberspace by one force that permits the secure, reliable conduct of operations by that force, and its related land,
air, maritime, and space forces at a given time and place without prohibitive interference by an enemy or adversary (JP 3-12[R]).
Cyberspace superiority enables, supports, provides, and facilitates warfighting capabilities that affect, support, and enable every
warfighting function and daily activity.
Note. For clarity, the Army reserves the use of the term ‘cyber’ for the naming convention of commands and organizations.
For the Army, the full term ‘cyberspace’ is correct to explain the domain, activities, effects, actions and when referring to
capabilities in the cyberspace domain. The Army uses Department of Defense (DOD) established terms that may not
follow this principle.
1-12. Although cyberspace coexists with the other domains, it is a separate domain. Cyberspace pervades the land, air, maritime,
and space domains through the EMS and wired networks. Cyberspace enables integration across physical domains by moving
data along transmission paths through links and nodes in cyberspace and the EMS. The man-made aspects of cyberspace,
coupled with continual advances in technologies, contribute to a continuous obligation to manage risk and protect portions of
cyberspace. (For more information on the EMS and its management, see section two.)
1-13. Cyberspace enables and enhances the ability of commanders to perform mission command. The DODIN is the DOD’s
portion of cyberspace and is distinct in that it provides the medium for communication among the forces within other operational
domains. The Department of Defense information network is the set of information capabilities, and associated processes to
collect, process, store, disseminate, and manage information on demand to warfighters, policy makers, and support personnel,
whether interconnected or stand-alone, including owned and leased communications and computing systems and services,
software (including applications), data, security services, other associated services, and national security systems (JP 6-0). The
DODIN includes all DOD information technologies broadly grouped as DOD information systems, platform information technology,
information technology services, and information technology products.
1-14. The Army uses the cyberspace domain every day to communicate, store data, plan missions, and perform tasks. In today’s
dynamic operational environment, the exercise of mission command depends on freedom of maneuver within the cyberspace
domain.
1-23. Use of the DODIN relies upon DODIN operations, DCO, and at times on OCO for freedom of maneuver to employ a network
capability. Cyberspace security and DCO protect and defend Army networks, thereby maintaining communications and mission
command. Current intrusion information may lead to future defensive cyberspace operations response action (DCO-RA) or OCO
missions. DCO and OCO depends on the DODIN for planning, synchronization, and integration of missions. EW may also support
and enable cyberspace operations through electronic attack (EA), electronic protection (EP), and electronic warfare support (ES).
1-31. DCO may be a response to attacks, exploitations, intrusions, or effects of malware on the DODIN or other assets that the
DOD is directed to defend. Most DCO occur within the defended network. DOD DCO missions are accomplished using a layered,
adaptive, defense-in-depth approach, with mutually supporting elements of digital and physical protection. A key characteristic of
DOD DCO activities is active cyberspace defense.
1-32. DCO activity may lead to follow on activities such as additional cybersecurity measures, information collection, or
development of OCO targets. Reporting unauthorized network activity and anomalies increases the data available to identify
trends and to take appropriate defensive measures. The personnel confirming the unauthorized activity report the details for
intelligence and forensic purposes.
Note. Countermeasures require deconfliction with other departments and agencies to the maximum extent practicable
according to the Trilateral Memorandum of Agreement among the DOD, the Department of Justice, and the Intelligence
Community Regarding Computer Network Attack and Computer Network Exploitation Activities, 9 May 2007.
CYBERSPACE ACTIONS
1-39. The cyberspace missions require the employment of various actions to create specific effects in cyberspace. (See figure 1-
4.) The cyberspace actions are cyberspace defense, cyberspace ISR, cyberspace OPE, cyberspace attack, and cyberspace
security. To plan for, authorize, and assess these actions, it is important to understand the differences between the actions and
their specific purposes. (For more information on the cyberspace actions see JP 3-12[R].)
Figure 1-4. Cyberspace actions
Cyberspace Defense
1-40. Cyberspace defense are actions normally taken within the DOD cyberspace for securing, operating, and defending the
DODIN against specific threats. The purpose of cyberspace defense includes actions to protect, detect, characterize, counter, and
mitigate threats. Such defensive actions are usually created by the JFC or Service that owns or operates the network, except in
cases where these defensive actions would affect the operations of networks outside the responsibility of the respective JFC or
Service.
Cyberspace Security
1-44. Cyberspace security actions are those taken within a protected network to prevent unauthorized access to, an exploitation of,
or damage to computers, electronic communications systems, and other information technology, including platform information
technology, as well as the information contained therein, to ensure its availability, integrity, authentication, confidentiality, and
nonrepudiation. Cyberspace security is not specific to an enemy or adversary. Cyberspace security actions protect the networks
and systems through all phases of network planning and implementation. Cyberspace security activities include vulnerability
assessment and analysis, vulnerability management, incident handling, continuous monitoring, and detection and restoration
capabilities to shield and preserve information and information systems.
● Destroy. To permanently, completely, and irreparably deny (time and amount are both maximized) access to, or operation
of, a target.
● Manipulate. To control or change the enemy or adversary’s information, information systems, and/or networks in a manner
that supports the commander's objectives.
1-48. Army commanders request effects using the terms deny, degrade, disrupt, destroy, and manipulate. The Army considers
these as separate effects rather than a subset of deny. These terms are common for targeting guidance or to describe effects for
information operations (IO). These are desired effects that support operations and are achievable using cyberspace capabilities.
Army planners will utilize these terms to describe and plan for cyberspace and electronic warfare effects. The most common
effects associated with cyberspace operations are deny, degrade, disrupt, destroy, and manipulate. (For more effects or
information on effects see ATP 3-60.)
● Denial operations are actions to hinder or deny the enemy the use of space, personnel, supplies, or facilities (FM 3-90-1).
An example of deny is to use EW capabilities to jam specific frequencies using an EW capability for a predetermined amount
of time, or to block a router communication port using cyberspace capability for some predetermined amount of time;
however, the duration of denial will depend on the enemy's ability to reconstitute.
● Degrade is to use nonlethal or temporary means to reduce the effectiveness or efficiency of adversary command and control
systems and information collections efforts or means. An example of degrade is slowing the cyberspace connection speed
affecting the ability to effectively communicate or pass data in a timely manner.
● Disrupt is a tactical mission task in which a commander integrates direct and indirect fires, terrain, and obstacles to upset an
enemy's formation or tempo, interrupt the enemy's timetable, or cause enemy forces to commit prematurely or attack in a
piecemeal fashion. An obstacle effect that focuses fires planning and obstacle efforts to cause the enemy force to break up its
formation and tempo, interrupt its timetable, commit breaching assets prematurely, and attack in a piecemeal effort (FM 3-90-
1). An example of disrupt is interrupting the connection to cyberspace, either wired or wireless, affecting the ability to
communicate or pass data.
● Destroy is tactical mission task that physically renders an enemy force combat-ineffective until it is reconstituted.
Alternatively, to destroy a combat system is to damage it so badly that it cannot perform any function or be restored to a
usable condition without being entirely rebuilt (FM 3-90- 1). Destroy is applying lethal combat power on an enemy capability
so that it can no longer perform any function. The enemy cannot restore it to a usable condition without being completely
rebuilt. An example of destroy using cyberspace capabilities is causing a system to lose all of its operating information or
causing it to overheat to a point it is no longer usable. (See ADRP 3-0 for more information on destroy.)
● Manipulate is to control or change the adversary's information, information systems, and/or networks in a manner that
supports the commander's objectives. The Army uses the same description as the joint cyberspace action for this effect.
● Deceive is when military leaders attempt to mislead threat decision makers by manipulating their understanding of reality.
An example of deceive is modifying a message causing the enemy or adversary to assemble in a location not originally
designated by their own chain of command. More information on deceive is found in FM 3-90-1 and ATP 3-60.
1-49. Effects in and through cyberspace may have the same consequences as other types of traditional effects. Effects during
operations include lethal and non-lethal actions and may be direct or indirect. Direct effects are first order consequences and
indirect effects are second, third, or higher order consequences. Similar characteristics of direct and indirect effects in cyberspace
can be cumulative or cascading if desired. These effects are planned and controlled in order to meet the commander’s objectives.
Cumulative refers to compounding effects and cascading refers to influencing other systems with a rippling effect. The desired
effects in cyberspace can support operations as another means to shape the operational environment to provide an advantage.
(For more information on cascading and cumulative effects see JP 3-60.)
PHYSICAL DIMENSION
1-54. The physical dimension consists of the physical portions of the environment. The tangible elements of cyberspace and
access to the EMS are part of the physical dimension of the information environment. The tangible network elements include
communications networks, information systems, and network infrastructures. This dimension is where network platforms reside
along with the infrastructures that enable them. EW platforms also reside in this dimension.
INFORMATIONAL DIMENSION
1-55. The informational dimension consists of the information itself. Cyberspace and EW operations support collecting, processing,
storing, disseminating, and displaying text, images, or data in this dimension. The informational dimension enables the linkage
between the physical and cognitive dimensions. This dimension links to cyberspace and the EMS due to the volume of information
resident on and traversing information technology infrastructures. The physical dimension of cyberspace and EW operations
allows access to and control of the information and data to those in the cognitive dimension. This dimension includes data at rest
or in transit.
COGNITIVE DIMENSION
1-56. The cognitive dimension encompasses the minds of those who transmit, receive, and respond to or act on information (JP 3-
13). The cognitive dimension in cyberspace represents individuals, groups, or organizations. Cyberspace links the data and ideas
of those who transmit, receive, respond or act on, or add new information. This dimension represents the individuals that utilize
cyberspace.
CYBERSPACE LAYERS
1-57. Cyberspace can be described in terms of three layers: physical network, logical network, and cyber- persona (JP 3-12[R]).
Commanders and staffs leverage the layers of cyberspace to build, gain, and maintain situational understanding and create
operational opportunities.
CYBER-PERSONA LAYER
1-60. The cyber-persona layer is a digital representation of an individual or entity identity in cyberspace. This layer consists of the
people who actually use the network and therefore have one or more identities that can be identified, attributed, and acted upon.
These identities may include e-mail addresses, social networking identities, other web forum identities, computer internet protocol
addresses, and mobile device numbers. One individual may have multiple cyber-personas through internet services at work and
personal e-mail addresses, web forum, chat room, and social networking site identities; which may vary in the degree to which
they are factually accurate. The authenticity of a cyber-persona is a concern especially with the ability of a threat force to hide their
identity.
1-61. Conversely, a single cyber-persona can have multiple users — for example, a username and password for an administrative
account multiple people access. As a result cyber-personas can be complex, with elements in many virtual locations, but normally
not linked to a single physical location or form. Consequently, attributing responsibility and targeting in cyberspace requires
significant intelligence and technical knowledge. Understanding the complexity of the cyber-persona allows leaders and
commanders to make more informed decisions. Figure 1-6 shows an individual person with multiple cyber-personas and the
relationship with the other layers.
Figure 1-6. Cyber-persona relationship to the physical and logical layers
NETWORKED
1-63. Cyberspace is an extensive and complex global network of wired and wireless links connecting nodes that permeate every
domain. The core of these networks are technological infrastructures consisting of several distinct enclaves connected into a single
logical network that enables data transport. Identifying these infrastructures and their operations is accomplished by analyzing the
layers of cyberspace, the dimensions of the information environment, the variables of the operational environment, and the other
technical aspects of wired and wireless networks. The networks can cross geographic and political boundaries connecting
individuals, organizations, and systems around the world.
SOCIALLY ENABLING
1-64. Cyberspace allows interactivity among individuals, groups, organizations, and nation-states. Computer systems and
technical networks make it possible to create, store, process, manipulate, and quickly transport data and information for a select or
very broad audience. Users can apply data and information to exert influence, accomplish tasks, and make decisions. Text
messaging, e-mail, e-commerce, social media, and other forms of interpersonal communication are possible because of
cyberspace.
TECHNICAL
1-65. Advancements in technology increase the complexity of hardware and software system components and devices.
Cyberspace consists of numerous elements requiring personnel with specific technical skills. For example, the development of
encryption and encoding require personnel trained to perform specialized functions that comply with protocols and other industry
standards. The technical network infrastructure and logical layer is complex, but accessing and utilizing cyberspace is relatively
simple. The advanced use of the EMS is a fundamental part of cyberspace.
VULNERABLE
1-67. Cyberspace is vulnerable for several reasons including ease of access, network and software complexity, lack of security
consideration in network design and software development, and inappropriate user activity. Access to cyberspace by an individual
or group with a networked device is easy, and an individual with a single device may be able to disable an entire network.
Vulnerabilities in the systems that operate in cyberspace contribute to a continuous obligation to manage risk and protect portions
of cyberspace. Understanding the vulnerabilities of DODIN may lead to changes of the operational design. Vulnerabilities found on
enemy or adversary systems may cause changes to those portions of cyberspace as well. Effects generated in cyberspace can
have global impact across the physical domains.
● Direct coordination with host nations to develop and monitor the status of critical infrastructure and key resources.
1-73. It is important to ensure commanders and staff understand how cyberspace enables their operations. Cyberspace includes
physical and logical networks and cyber-personas. The networks include nodes linked together by transmission paths. A link is the
connection between nodes. A node is broadly defined as an element of a system that represents a person, place, or physical thing
(see JP 3-0). A technical definition describes a node as a physical location that provides terminating, switching, or gateway access
services to support information exchange (see JP 6-0). Nodes, along with the transmission paths that link them together, contain
in-transit and resident data available for access and use by individuals, groups, and organizations. Combining a network diagram
with other situational information enhances the understanding of the operational environment because of the inclusion of
cyberspace specific information.
1-74. Some nodes in cyberspace, especially commercial systems, are used by various entities, including friendly, neutral, and
enemy or adversary. Figure 1-7 displays friendly, threat, and neutral (or non-attributed) networks in an operational area. Network
nodes, links, and communications link types provide additional information to form a better picture of the operational environment.
Included is the threat network overlay depicting network nodes used by enemies and adversaries. The graphic includes nodes
located at known unit, adversary and host nation locations as elements of physical infrastructure, and transmission paths as wired
or wireless links (through the EMS). Friendly units aid in situational understanding by identifying their location relative to the
enemy, adversary, and host nation nodes. Combining the operational view with the network diagram aids in identifying key terrain
in cyberspace.
Figure 1-7. Operational area with network topology information
1-75. In the context of traditional land operations, key terrain is any locality, or area, the seizure or retention of which affords a
marked advantage to either combatant (JP 2-01.3). However, cyberspace operations uses the concept of key terrain as a model to
identify key aspects of the cyberspace domain. Identified key terrain in cyberspace is subject to actions the controlling combatant
(whether friendly, enemy, or adversary) deems advantageous such as defending, exploiting, and attacking. References to key
terrain correspond to nodes, links, processes, or assets in cyberspace, whether part of the physical, logical, or cyber-persona
layer. The marked advantage of key terrain in cyberspace may be for intelligence, to support network connectivity, a priority for
defense, or to enable a key function or capability.
● Troops and support available. What resources are available (internal and external) to integrate, synchronize, and execute
cyberspace operations? What is the process to request, receive, and integrate these resources?
● Time available. How can we synchronize OCO and related desired effects with the scheme of maneuver within the time
available for planning and execution?
● Civil considerations. How can we employ cyberspace operations without negative impacts on noncombatants?
RISK IN CYBERSPACE
1-78. Risk is inherent in all military operations. When commanders accept risk they create opportunities to seize, retain, and exploit
the initiative and achieve decisive results. The willingness to incur risk is often the key to exposing enemy and adversary
weaknesses considered beyond friendly reach (ADRP 3-0). Commanders assess and mitigate risk continuously throughout the
operations process. Many of the risks to the DODIN and the Army’s contribution to cyberspace come from enemies, adversaries,
and insiders. Some threats are well equipped and well trained while some are novices using readily available and relatively
inexpensive equipment and software. Army users of the DODIN are trained on cybersecurity, focusing on safe use of information
technology and to recognize how threats operate to help mitigate risks.
1-79. Risk management is the Army’s primary decision-making process for identifying hazards and controlling risks. Using this
process, operational effectiveness and the probability of mission accomplishment increases. This provides a way of identifying
hazards, assessing them, and managing the associated risk. The process applies to all types of operations, tasks, and activities
including cyberspace operations. The factors of mission, enemy, terrain and weather, troops and support available, time available,
and civil considerations provide a standardized methodology for addressing both threat and hazard based risk. Risks associated
with cyberspace operations fall into four major categories—
● Operational risks.
● Technical risks.
● Policy risks.
● Operations security risks.
OPERATIONAL RISKS
1-80. Operational risks pertain to consequences that cyberspace threats pose to mission effectiveness. Operational consequences
are the measure of cyberspace attack effectiveness. Cyberspace intrusions or attacks can compromise technical networks,
systems, and data; which can result in operational consequences such as injury or death of personnel, damage to or loss of
equipment or property, degradation of capabilities, mission degradation, or even mission failure. Exfiltration of data from Army
networks by the enemy can undermine the element of surprise and result in an ambush. Enemy or adversary forces may conduct
cyberspace and EMS attacks to exposed friendly networks and capabilities, compromising future cyberspace attacks and
cyberspace exploitation missions.
TECHNICAL RISKS
1-81. Technical risks are exploitable weaknesses in Army networks and systems. Nearly every technical system within the Army is
networked, creating shared vulnerabilities. These potentially vulnerable networked systems and components directly impact the
Army's ability to project military power and support the mission. DCO and cybersecurity measures mitigate risks and defend
against the threats from taking advantage of the technical vulnerabilities. Robust systems engineering, supply chain risk
management, security, counterintelligence, intelligence, hardware and software assurance, and information systems security
engineering disciplines enable the Army to manage technical risk to system integrity and trust. Friendly forces examine the
technical risks when conducting cyberspace attacks to avoid making friendly networks vulnerable to enemy cyberspace
counterattacks. The Army uses a defense-in-depth approach, utilizing software; such as anti-virus and anti-malware programs,
monitoring hardware and software, network sensors, intrusion prevention, and physical security to mitigate technical risks. These
are effective when all elements are implemented and updated regularly.
POLICY RISKS
1-82. Policy risk pertains to authorities, legal guidance, and international law. Policies address cyberspace boundaries, authorities,
and responsibilities. Commanders and decision makers must perform risk assessments and consider known probable cascading
and collateral effects due to overlapping interests between military, civil, government, private, and corporate activities on shared
networks in cyberspace. Policies, the United States Code (USC), Uniform Code of Military Justice, regulations, publications,
operation orders, and standard operating procedures all constitute a body of governance for making decisions about activities in
cyberspace.
1-83. Risk occurs where policy fails to address operational necessity. For example, due to policy concerns, an execution order or
applicable rules of engagement may limit cyberspace operations to only those operations that result in no or low levels of collateral
effects. A collateral effects analysis to meet policy limits is distinct from the proportionality and necessity analysis required by the
law of war. Even if a proposed cyberspace operation is permissible after a collateral effects analysis, the proposed cyberspace
operation must determine a legitimate military objective also be permissible under the law of war.
1-84. Policy risk applies to risk management under civil or legal considerations. An OCO mission requested by an Army unit may
pose risk to host nation civilians and noncombatants in an operational environment where a standing objective is to minimize
collateral damage. During the course of a mission, it may be in the Army's best interest for host nation populations to be able to
perform day-to-day activities. Interruptions of civil networks may present hazards to Army networks and pose dangers to Army
forces because of social impacts that lead to riots, criminal activity, and the emergence of insurgent opportunists seeking to exploit
civil unrest.
operations security.) Note. See AR 530-1 for information about operations security.
THREATS IN CYBERSPACE
1-86. The Army faces multiple, simultaneous, and continuous threats in cyberspace. A threat is any combination of actors, entities,
or forces that have the capability and intent to harm the United States forces, United States national interests, or the homeland
(ADRP 3-0). Threats include state and non-state actors, criminals, insider threats, and the unwitting individuals who intend no
malice. These diverse threats have disparate agendas, alliances, and range of capabilities. Enemies and adversaries employ
regular and irregular forces and use an ever-changing variety of conventional and unconventional tactics. Risks from insiders may
be malicious or cause damage unintentionally. Insider risks include non-compliance of policies and regulations, causing
vulnerabilities on the network. Table 1-1 on page 1-21 lists sample threat capabilities with examples of methods, indicators, and
first order effects.
1-87. The United States Constitution establishes the authority of the President as Commander in Chief of
the Armed Forces and gives authority for Congress to fund and regulate the Armed Forces. The President,
as Commander in Chief commands the missions of the Armed Forces and, according to the laws passed by
Congress, administers the Armed Forces.
1-88. Army Commanders conduct cyberspace operations and EW when directed by the orders of the
President of the United States, the Secretary of Defense, and Combatant Commanders designated to
conduct operations on behalf of the President. These orders are issued under the President’s authority from
Article II, United States Constitution, in consideration of the Bill of Rights, other executive orders,
presidential policy, DOD and DA regulations, U.S. Treaty obligations, and other laws (including funding
appropriations) passed by Congress.
1-89. Within this legal framework, Army forces conduct cyberspace and EW operations as authorized
through Execute Orders (EXORDs); Operations Orders; Rules of Engagement; and the policies directed by
the Secretary of Defense and the Combatant Commanders.
1-90. Army forces conduct cyberspace operations and EW as part of the joint force. Army forces may
conduct OCO, DCO, and EW with Army force organic or joint requested effects to support the joint
commander’s intent. (See JP 3-12(R), Cyberspace Operations and JP 3-13.1, Electronic Warfare for more
information.) United States Strategic Command has overall responsibility for directing DODIN operations
and defense, which has been delegated to the Commander, U.S. Cyber Command for execution. U.S. Army
Cyber Command (ARCYBER) and Second Army conduct DODIN operations and DCO within Army
networks, and when directed, within other DOD and non-DOD networks.
1-91. Army forces conduct operations directed by the President while adhering to appropriations,
authorizations, and statutes of the USC by Congress. These statutes cover wide areas of law including
domestic security, the regulation of the Armed Forces, Federal crimes, the National Guard, information
technology acquisition and service, electromagnetic spectrum management, and intelligence.
1-92. Domestic Security, USC Title 6. Establishes responsibilities for information analysis and infrastructure
protection, chief information officers, and cybersecurity oversight. USC Title 6 responsibilities include
comprehensive assessments of key resources, critical infrastructure vulnerabilities, and identifying priorities
for protective and supportive measures regarding threats. (For more information, see U.S. Code Title 6.)
1-93. The Armed Forces, USC Title 10, Enables the Army to organize, train, equip, and provide land,
cyberspace operations, and EW units and headquarters. USC Title 10 authorities and restrictions provide
context and foundation for how the Secretary of Defense directs military cyberspace operations, EW, and
military intelligence operations.
1-94. Crimes and Criminal Procedure, USC Title 18. Army forces conduct cyberspace operations and EW in
compliance with Federal law and takes measures to ensure operations respect the rights of persons against
unlawful searches and seizures pursuant to the 4th Amendment. Coordination with the Army Criminal
Investigation Division ensures appropriate investigation of criminal activity on the DODIN under Title 18
authorities. USC Title 18 includes those crimes conducted in cyberspace.
1-95. The National Guard, USC Title 32. National Guard units are state military units which are equipped
and trained pursuant to Federal statutory authorization. The National Guard, may conduct missions for their
state, but paid for by the Federal government under USC Title 32, if the Secretary of Defense determines
the mission is in the interests of the DOD.
1-96. Information Technology Acquisition, USC Title 40, Ch. 113, is applicable to the Army and all Federal
agencies. USC Title 40 establishes the responsibilities of the agency heads and agency chief information
officers and guidance for acquisition of information technology.
1-97. USC Title 44, Public Printing and Documents, establishes responsibilities of agency heads for
statutory requirements and authority for ensuring information security and information resource
management. This includes information security in cyberspace.
1-98. Telecommunications, USC Title 47, prescribes the statutory requirements and authority for access to,
and use of, the EMS within the United States and Possessions to Federal agencies. The chief information
officer/assistant chief of staff, signal (G-6), as outlined in AR 5-12, implements national, international, DOD,
joint, host nation, and Headquarters, Department of the Army spectrum management policies and guidance
throughout the Army. In this capacity, the chief information officer/G-6 ensures compliance with 47 USC as
well as other applicable Federal, DOD, and military department EMS governance and policy to minimize
radio frequency interference at DOD and Service test ranges and installations for activities such as GPS
testing and EA clearances for training, testing, and evaluating.
1-99. War and National Defense, USC Title 50, provides authorities concerning the conduct of both military
and intelligence activities of the U.S. Government. Intelligence activities conducted by the U.S. Government
must be properly authorized, conform to the U.S. Constitution, and be conducted under presidential
authority. Executive Order 12333, establishes the framework and organization of the intelligence community
as directed by the President of the United States. For example, the order directs the NSA as the lead for
signals intelligence. DOD policy documents, including DoD Manual 5240.01, “DoD Intelligence Activities,”
establish DOD policy for the conduct of intelligence operations.
1-100. The Army strictly limits and controls collection of information on U.S. persons and collection in the
United States. AR 381-10 identifies the types, means, and limitations concerning collection retention and
dissemination of information in the United States and on U.S. persons. This regulation applies to cyberspace
within the boundaries of the United States and U.S. persons abroad. Table 1-2 on page 1-24 provides more
information on authorities in cyberspace.
11 April 2017 FM 3-12 1-23
Chapter 1
Table 1-2. United States Code-based authorities
United States Code (USC)
1-24 FM 3-12 11 April 2017
Title Key Focus Principal
Organization
Role in Cyberspace
Title 6
Domestic Security
Homeland Security Department of
Homeland Security
Security of U.S. government portion of cyberspace
Title 10
Armed Forces
National Defense Department of
Defense
Man, train, and equip, U.S. forces to conduct military operations in cyberspace
Title 18
Crimes and Criminal Procedures
Federal Offenses Department of Justice Crime prevention,
apprehension, and prosecution of criminals operating in cyberspace Title 32 National
Guard
National defense and DSCA training and operations in the U.S.
Army National Guard, Air National Guard
Domestic consequence management when in a Title 32 status Title 40 Public
Buildings, Property, and Works
Chief Information Officer roles and responsibilities
All federal departments and agencies
Establish and enforce standards for acquisition and security of information technologies Title 44 Public
Printing and Documents
All federal agencies All federal
departments and agencies
Information security and information resource management Title 47 Telecom-
munications
All federal agencies All federal
departments and agencies
Use of the electromagnetic spectrum
Title 50 War and National Defense
A broad spectrum of military, foreign intelligence, and counterintelligence activities
Commands, Services, and agencies under the Department of Defense and intelligence community agencies
aligned under the Office of the Director of National Intelligence
Secure U.S. interests by conducting military and foreign intelligence operations in cyberspace
Cyberspace and Electronic Warfare Operations Fundamentals
SECTION III – ELECTRONIC WARFARE OPERATIONS
1-101. This section includes fundamental information about EW including EA, EP, ES, and considerations
for employment.
ELECTRONIC WARFARE
1-103. Electronic warfare refers to military action involving the use of electromagnetic and directed energy to
control the electromagnetic spectrum or to attack the enemy (JP 3-13.1). EW capabilities enable Army
forces to create conditions and effects in the EMS to support the commander’s intent and concept of
operations. EW includes EA, EP, and ES and includes activities such as electromagnetic jamming,
electromagnetic hardening, and signal detection, respectively. EW affects, supports, enables, protects, and
collects on capabilities operating within the EMS, including cyberspace capabilities. (See figure 1-9 on page
1-26.) With proper integration and deconfliction, EW can create reinforcing and complementary effects by
affecting devices that operate in and through wired and wireless networks. Throughout this document, the
term EW operations refers to planning, preparing, execution, and continuous assessment of the electronic
warfare activities of an operation. The term EMSO indicates the addition of those operationally related
spectrum management operations activities.
Figure 1-9. Electronic warfare missions
ELECTRONIC ATTACK
1-104. EA involves the use of electromagnetic energy, directed energy, or anti-radiation weapons to attack
personnel, facilities, or equipment with the intent of degrading, neutralizing, or destroying enemy combat
capability and is considered a form of fires. EA includes—
● Actions taken to prevent or reduce an enemy's effective use of the EMS.
● Employment of weapons that use either electromagnetic or directed energy as their primary
destructive mechanism.
● Offensive and defensive activities, including countermeasures.
1-105. EA includes using weapons that primarily use electromagnetic or directed energy for destruction.
These can include lasers, radio frequency weapons, and particle beams. Directed energy is an umbrella
term covering technologies that relate to the production of a beam of concentrated electromagnetic energy
or atomic or subatomic particles (JP 3-13.1). In EW, most directed-energy applications fit into the category of
EA. A directed-energy weapon uses electromagnetic energy to damage or destroy an enemy's equipment,
facilities, and/or personnel. In addition to destructive effects, directed-energy weapon systems support area
denial and crowd control.
1-106. Army operations use offensive and defensive tasks for EA. Examples of offensive EA include—
● Jamming electronic command and control or enemy radar systems.
● Using anti-radiation missiles to suppress enemy air defenses (anti-radiation weapons use radiated
energy emitted from a target as the mechanism for guidance onto the target).
● Using electronic deception to provide false information to enemy ISR systems.
● Using directed-energy weapons to deny, disrupt, or destroy equipment or capabilities.
1-107. Defensive EA uses the EMS to protect personnel, facilities, capabilities, and equipment. Examples
include self-protection and other protection measures such as the use of expendables (flares and active
decoys), jammers, towed decoys, directed-energy infrared countermeasures, and counter radio-controlled
improvised explosive device systems.
Countermeasures
1-109. Countermeasures are that form of military science that, by the employment of devices and/or
techniques, has as its objective the impairment of the operational effectiveness of enemy activity (JP 3-
13.1). They can be deployed preemptively or reactively. Devices and techniques used for EW
countermeasures include electro-optical-infrared countermeasures and radio frequency countermeasures.
1-110. Electro-optical-infrared countermeasures consist of a device or technique employing electro- optical-
infrared materials or technology that is intended to impair the effectiveness of enemy activity, particularly
with respect to precision guided weapons and sensor systems (JP 3-13.1). Electro-optical-infrared
countermeasures may use laser jammers, obscurants, aerosols, signature suppressants, decoys,
pyrotechnics, pyrophorics, high-energy lasers, or directed infrared energy countermeasures.
1-111. Radio frequency countermeasures are any device or technique employing radio frequency materials
or technology that is intended to impair the effectiveness of enemy activity, particularly with respect to
precision-guided weapons and sensor systems (JP 3-13.1). Radio frequency countermeasures can be
active or passive. Expendable jammers used by aircraft to defend against precision guided surface-to-air
missile systems are an example of radio frequency countermeasures.
Electromagnetic Deception
1-112. Electromagnetic deception is the deliberate radiation, re-radiation, alteration, suppression,
absorption, denial, enhancement, or reflection of electromagnetic energy in a manner intended to convey
misleading information to an enemy or to enemy electromagnetic-dependent weapons, thereby degrading or
neutralizing the enemy’s combat capability. Types of electromagnetic deception include manipulative,
simulative, and imitative. Manipulative involves actions to eliminate revealing, or convey misleading,
electromagnetic telltale indicators that may be used by hostile forces. Simulative involves actions to simulate
friendly, notional, or actual capabilities to mislead hostile forces. Imitative introduces electromagnetic energy
into enemy systems that imitates enemy emissions.
Electromagnetic Intrusion
1-113. Electromagnetic intrusion is the intentional insertion of electromagnetic energy into transmission
paths in any manner, with the objective of deceiving operators or of causing confusion (JP 3-13.1).
Electromagnetic intrusion is often conducted by inserting false information. This information may consist of
voice instructions, false targets, coordinates for fire missions, or rebroadcasting prerecorded data
transmissions.
Electromagnetic Jamming
1-114. Electromagnetic jamming is the deliberate radiation, reradiation, or reflection of electromagnetic
energy for the purpose of preventing or reducing an enemy’s effective use of the electromagnetic spectrum,
and with the intent of degrading or neutralizing the enemy’s combat capability (JP 3-13.1). Examples of
targets subject to jamming include radios, radars, navigational aids, satellites, and electro-optics.
Electronic Probing
1-115. Electronic probing is intentional radiation designed to be introduced into the devices or systems of
potential enemies for the purpose of learning the functions and operational capabilities of the devices or
systems (JP 3-13.1). This activity is coordinated through joint or interagency channels and supported by
Army forces.
Electromagnetic Pulse
1-116. Electromagnetic pulse is the electromagnetic radiation from a strong electronic pulse, most
commonly caused by a nuclear explosion that may couple with electrical or electronic systems to produce
damaging current and voltage surges (JP 3-13.1). An electromagnetic pulse induces high currents and
voltages in the target system, damaging electrical equipment or disrupting its function. An indirect effect of
an electromagnetic pulse can be electrical fires caused by the heating of electrical components.
ELECTRONIC PROTECTION
1-117. EP involves actions taken to protect personnel, facilities, and equipment from any effects of friendly
or enemy use of the EMS that degrade, neutralize, or destroy friendly combat capability. For example, EP
includes actions taken to ensure friendly use of the EMS, such as frequency agility in a radio or variable
pulse repetition frequency in radar. Commanders should avoid confusing EP with self-protection. Both
defensive EA and EP protect personnel, facilities, capabilities, and equipment. However, EP protects from
the effects of EA (friendly and enemy) and electromagnetic interference, while defensive EA primarily
protects against lethal attacks by denying enemy use of the EMS to guide or trigger weapons.
1-118. During operations, EP includes, but is not limited to, the application of training and procedures for
countering enemy EA. Army commanders and forces understand the threat and vulnerability of friendly
electronic equipment to enemy EA and take appropriate actions to safeguard friendly combat capability from
an exploitation and attack. EP measures minimize the enemy's ability to conduct ES and EA operations
successfully against friendly forces. To protect friendly combat capabilities, units—
● Regularly brief friendly force personnel on the EW threat.
● Safeguard electronic system capabilities during exercises and pre-deployment training.
● Coordinate and deconflict EMS usage.
● Limit the EMS signatures to reduce adversary ability to locate nodes.
● Provide training during routine home station planning and training activities on appropriate EP active
and passive measures under normal conditions, conditions of threat EA, or otherwise degraded
networks and systems.
● Take appropriate actions to minimize the vulnerability of friendly receivers to enemy jamming (such as
reduced power, brevity of transmissions, and directional antennas).
● Ensure redundancy in systems is maintained and personnel are well-versed in switching between
systems.
1-119. EP also includes spectrum management. A spectrum manager works for the assistant chief of staff,
signal G-6 (S-6) and for the cyberspace planner in the CEMA Section. The spectrum manager is key in the
coordination and deconfliction of spectrum resources allocated to the force. Spectrum managers or their
direct representatives participate in the planning for EW operations.
1-120. The development and acquisition of communications and EMS dependent systems includes EP
requirements to clarify performance parameters. Army forces design their equipment to limit inherent
vulnerabilities. If EA vulnerabilities are detected, then units must review these programs. (See DODI
4650.01 for information on the certification of spectrum support and electromagnetic compatibility.)
Electromagnetic Compatibility
1-122. Electromagnetic compatibility is the ability of systems, equipment, and devices that use the
electromagnetic spectrum to operate in their intended environments without causing or suffering
unacceptable or unintentional degradation because of electromagnetic radiation or response (JP 3-13.1). It
involves the application of sound EMS management; system, equipment, and device design configuration
that ensures interference-free operation. It also involves clear concepts and doctrines that maximize
operational effectiveness.
Electromagnetic Hardening
1-123. Electromagnetic hardening consists of action taken to protect personnel, facilities, and/or equipment
by blanking, filtering, attenuating, grounding, bonding, and/or shielding against undesirable effects of
electromagnetic energy (JP 3-13.1). Electromagnetic hardening is accomplished by using a comprehensive
shielding of sensitive components and by using non-electrical channels for the transfer of data and power.
Emission Control
1-126. Emission control is the selective and controlled use of electromagnetic, acoustic, or other emitters to
optimize command and control capabilities while minimizing, for operations security: a. detection by enemy
sensors; b. mutual interference among friendly systems; and/or c. enemy interference with the ability
identifying, and locating friendly forces. It is also used to minimize electromagnetic interference among
friendly systems.
1-130. ES and SIGINT missions may use the same or similar resources. The two differ in the intent, the
purpose for the task, the detected information’s intended use, the degree of analytical effort expended, the
detail of information provided, and the timelines required. ES missions respond to the immediate
requirements of a tactical commander or to develop information to support future cyberspace or EW
operations. (See ADRP 2-0 and FM 2-0 for more information on SIGINT.)
Electronic Intelligence
1-132. Electronic intelligence is technical and geolocation intelligence derived from foreign
noncommunications electromagnetic radiations emanating from other than nuclear detonations or
radioactive sources (JP 3-13.1). Electronic intelligence is a subcomponent of SIGINT. Examples of
noncommunications electromagnetic radiations include radars, surface-to-air missile systems, and aircraft.
Electronic Reconnaissance
1-133. Electronic reconnaissance is the detection, location, identification, and evaluation of foreign
electromagnetic radiations (JP 3-13.1). Electronic reconnaissance is used to update and maintain the threat
characteristics information. The threat electronic characteristics information is used in the planning and
integrating processes.
Electronics Security
1-134. Electronics security is the protection resulting from all measures designed to deny unauthorized
persons information of value that might be derived from their interception and study of noncommunications
electromagnetic radiations, e.g., radar (JP 3-13.1). Examples of electronics security are EMS mitigation and
network protection.
Note. See JP 3-13.1 and ATP 3-36 for additional information on EW capabilities, tasks, and
techniques.
ELECTROMAGNETIC INTERFERENCE
1-135. Electromagnetic interference is any electromagnetic disturbance, induced intentionally or
unintentionally, that interrupts, obstructs, or otherwise degrades or limits the effective performance of
electronics and electrical equipment (JP 3-13.1). It can be induced intentionally, as in some forms of EW, or
unintentionally, because of spurious emissions and responses, intermodulation products, and other similar
products.
EMPLOYMENT CONSIDERATIONS
1-137. EW has specific ground-based, airborne, and functional (EA, EP, or ES) employment considerations.
The electronic warfare officer (EWO) ensures EW-related employment considerations are properly
articulated early in the operations process. Each capability employed has certain advantages and
disadvantages which are considered during the course of action development in the MDMP before selecting
the best course of action. The staff plans for these before executing EW operations.
1-140. Ground-based EW capabilities have certain limitations. They are vulnerable to enemy attack and can
be masked by terrain. They are vulnerable to enemy geolocation, electromagnetic deceptive measures, and
EP actions. In addition, they have distance or propagation limitations against enemy electronic systems.
1-143. Airborne EW capabilities have certain advantages. They can provide direct support to other tactical
aviation missions such as suppression of enemy air defenses, destruction of enemy air defenses, and
employment of high-speed anti-radiation missiles. They can provide extended range over ground-based
assets. Airborne EW capabilities can provide greater mobility and flexibility than ground-based assets. In
addition, they can support ground-based units in beyond line-of-sight operations.
1-144. The various airborne EW assets have different capabilities. The limitations associated with airborne
EW capabilities are—
● Time-on-station.
● Vulnerability to enemy EP actions.
● Electromagnetic deception techniques.
● Geolocation by enemy and adversary forces.
● Limited assets (support from nonorganic EW platforms need to be requested).
1-146. The EWO; the assistant chief of staff, intelligence (G-2/S-2); the assistant chief of staff, operations G-
3 (S-3); G-6 (S-6); the spectrum manager; and the IO officer coordinate closely to avoid friendly
communications interference that can occur when using EW systems on the battlefield. Coordination
ensures that EA systems frequencies are properly deconflicted with friendly communications and
intelligence collection systems or that ground maneuver and friendly information tasks are modified
accordingly.
1-147. The number of information systems, EW systems, and sensors operating simultaneously on the
battlefield makes deconfliction with communications systems a challenge. The EWO, the G-2 (S-2), the G- 6
(S-6), and the spectrum manager plan and rehearse deconfliction procedures to quickly adjust their use of
EW or communications systems.
1-148. EA operations depend on EW support and intelligence, especially SIGINT to provide targeting
information and battle damage assessment. However, not all intelligence collection is focused on supporting
EW. If not properly coordinated with the G-2 (S-2) staff, EA operations may impact intelligence collection
significantly deterring the ability to answer information requirements. In situations where a known conflict
between the intelligence collection effort and the use of EA exists, the EW working group brings the problem
to the G-3 (S-3) for resolution.
1-149. EA supports unified land operations. Integrating EA with the scheme of maneuver is critical to ensure
units fully exploit the effects delivered against enemy or adversary forces. The limited duration of these
effects require close coordination and synchronization between EW assets and forces and the supported
maneuver forces.
1-150. Other operations rely on the EMS. For example, a given set of frequencies may be used for IO to
broadcast messages or cyberspace operations for wireless communications. In both examples, the use of
EA could unintentionally interfere with such operations if not properly coordinated. To ensure EA does not
negatively impact planned operations, the EWO coordinates between fires, DODIN operations, and other
functional or integrating sections, as required.
1-151. EA can adversely affect local media, communications systems, and infrastructure. Planners should
consider unintended consequences of EW operations and deconflict these operations with the various
functional or integrating cells. For example, friendly jamming could potentially deny the functioning of
essential services such as ambulance or fire fighters to a local population. EWOs routinely synchronize EA
with the other functional or integrating cells responsible for the information tasks. In this way, they ensure
that EA efforts do not cause fratricide or unacceptable collateral damage to their intended effects.
1-152. The potential for hostile intelligence collection also affects EA. An enemy or adversary can detect
friendly EW capabilities and thus gain intelligence on friendly force intentions. For example, the frequencies
Army forces jam could indicate where they believe the enemy’s capabilities lie. The EWO and the G-2 (S- 2)
develop an understanding of the enemy’s collection capability. Along with the red team (if available), they
determine what the enemy might gain from friendly force use of EA. A red team is an organizational element
comprised of trained and educated members that provide an independent capability to fully explore
alternatives in plans and operations in the context of the operational environment and from the perspective
of enemies, adversaries, and others (JP 2-0).
1-153. The primary effects of jamming only persist when the jammer is within range of the target and
emitting. Secondary and tertiary effects of jamming are evident in the actions of the enemy or adversary
following the EA mission.
SPECTRUM MANAGEMENT
1-159. Spectrum management is the operational, engineering, and administrative procedures to plan,
coordinate, and manage use of the electromagnetic spectrum and enables cyberspace, signal and EW
operations. Spectrum management includes frequency management, host nation coordination, and joint
spectrum interference resolution. Spectrum management enables spectrum-dependent capabilities and
systems to function as designed without causing or suffering unacceptable electromagnetic interference.
Spectrum management provides the framework to utilize the electromagnetic spectrum in the most effective
and efficient manner through policy and procedure.