Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Cyberspace and Electronic Warfare Operations Fundamentals

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 63

Chapter 1

Cyberspace and Electronic Warfare Operations Fundamentals


This chapter introduces cyberspace and electronic warfare operations. Section one is an
overview of cyberspace and the electromagnetic spectrum. Section two delivers a
foundation for understanding cyberspace and environments. Section three describes
electronic warfare operations.
1-1. Superiority in cyberspace and the electromagnetic spectrum (EMS) provides a decisive advantage to commanders at all levels
in modern combat. The Army’s ability to exploit cyberspace and EW capabilities will prove critical to the success of unified land
operations. As cyberspace and EW operations develop similar and complementary capabilities, the Army must plan, integrate, and
synchronize these operations with unified land operations.
1-2. Employing cyberspace and EW capabilities under a single planning, integration, and synchronization methodology increases
the operational commander’s ability to understand the environment, project power, and synchronize multiple operations using the
same domain and environment. Synchronizing offensive and defensive activities allows a faster response to enemy and adversary
actions. The EMS is the common denominator for both cyberspace and EW operations, and also impacts every operation in the
Army.
1-3. The distinctions between cyberspace and EW capabilities allow for each to operate separately and support operations
distinctly. However, this also necessitates synchronizing efforts to avoid unintended interference. Any operational requirement
specific to electronic transfer of information through the wired portion of cyberspace must use a cyberspace capability for affect. If
the portion of cyberspace uses only the EMS as a transport method, then it is an EW capability that can affect it. Any operational
requirement to affect an EMS capability not connected to cyberspace must use an EW capability.
1-4. The Department of Defense information network-Army (DODIN-A) is the Army's critical warfighting platform, which enables
mission command, precision fires, intelligence, logistics, and tele-medicine, and supports all operations. (See paragraph 1-25 for
additional information on DODIN-A.) Access to the DODIN- A allows commanders to project combat power, conduct support
operations, and achieve joint and Army force commander objectives. Securing and operating this expansive network is one of the
most complex and important operations the Army currently undertakes. A single vulnerability within this network can place units
and operations at risk, potentially resulting in mission failure. Understanding how to operationalize cyberspace and the EMS is a
fundamental staff proficiency and commander's priority.
1-5. Superiority in cyberspace and the EMS to support Army operations results from effectively synchronizing Department of
Defense information network (DODIN) operations, offensive cyberspace operations (OCO), defensive cyberspace operations
(DCO), electronic attack, electronic protection, electronic warfare support, and spectrum management operations (SMO).
Cyberspace electromagnetic activities is the process of planning, integrating, and synchronizing cyberspace and electronic warfare
operations in support of unified land operations (ADRP 3-0). Through CEMA, the Army plans, integrates, and synchronizes these
missions, supports and enables the mission command system, and provides an interrelated capability for information and
intelligence operations.
1-6. Cyberspace and the EMS will likely grow increasingly congested, contested, and critical to successful unified land operations.
Success will be measured by the ability to execute operations freely in cyberspace and the EMS, while controlling the ability of
others to operate in the domain.
1-7. Rapid developments in cyberspace and the EMS will challenge any assumptions of the Army’s advantage in this domain.
While it cannot defend against every kind of intrusion, the Army must take steps to identify, prioritize, and defend its most
important networks and data. Commanders and cyberspace operations experts must also adapt quickly and effectively to enemy
and adversary presence inside cyberspace systems.

1-8. Protecting the DODIN and friendly EMS includes controlling communication signatures in the EMS. There is a correlation to
activities in cyberspace and those in the EMS. Current communications systems transfer data in the EMS as one of the transport
methods, leaving signatures of activities. Identifying, attributing, and affecting the activity (in or through cyberspace or the EMS)
can have detrimental effects on the operations of the entity attempting to communicate. Commanders stand to gain an advantage
over an enemy or adversary by maintaining superiority in cyberspace and the EMS, whereas the reverse can threaten friendly
systems if the proper security, defense, and protection measures are not in place.

SECTION I – OVERVIEW OF CYBERSPACE AND THE ELECTROMAGNETIC


SPECTRUM
1-9. Section 1 is an overview of cyberspace including the cyberspace domain, operations, missions, and actions, covering effects
in cyberspace and the difference between joint and Army effects terminology. This section includes information about the EMS and
SMO.

THE CYBERSPACE DOMAIN


1-10. Cyberspace is a global domain within the information environment consisting of the interdependent networks of information
technology infrastructures and resident data, including the Internet, telecommunications networks, computer systems, and
embedded processors and controllers (JP 3-12[R]). The Army performs cyberspace operations and supporting activities within this
domain as part of joint and Army operations. Friendly, enemy, adversary, and host nation networks, communications systems,
computers, cellular phone systems, social media Web sites, and technical infrastructures are all part of cyberspace. Cyberspace
operations are the employment of cyberspace capabilities where the primary purpose is to achieve objectives in or through
cyberspace (JP 3-0). The interrelated cyberspace missions are DODIN operations, DCO, and OCO. A cyberspace capability is a
device, computer program, or technique, including any combination of software, firmware, or hardware, designed to create an
effect in or through cyberspace. (See JP 3-12[R] for more information.) Figure 1-1 on page 1-3 is a visual representation of
cyberspace and use of the EMS in an operational environment.

Figure 1-1. Visualization of cyberspace and the electromagnetic spectrum in an operational environment

1-11. Cyberspace and the EMS are essential for Army operations and are inherently joint, inter- organizational, multinational, and
commercial. All Army operations, missions, activities, and functions use cyberspace. Cyberspace superiority is the degree of
dominance in cyberspace by one force that permits the secure, reliable conduct of operations by that force, and its related land,
air, maritime, and space forces at a given time and place without prohibitive interference by an enemy or adversary (JP 3-12[R]).
Cyberspace superiority enables, supports, provides, and facilitates warfighting capabilities that affect, support, and enable every
warfighting function and daily activity.

Note. For clarity, the Army reserves the use of the term ‘cyber’ for the naming convention of commands and organizations.
For the Army, the full term ‘cyberspace’ is correct to explain the domain, activities, effects, actions and when referring to
capabilities in the cyberspace domain. The Army uses Department of Defense (DOD) established terms that may not
follow this principle.

1-12. Although cyberspace coexists with the other domains, it is a separate domain. Cyberspace pervades the land, air, maritime,
and space domains through the EMS and wired networks. Cyberspace enables integration across physical domains by moving
data along transmission paths through links and nodes in cyberspace and the EMS. The man-made aspects of cyberspace,
coupled with continual advances in technologies, contribute to a continuous obligation to manage risk and protect portions of
cyberspace. (For more information on the EMS and its management, see section two.)
1-13. Cyberspace enables and enhances the ability of commanders to perform mission command. The DODIN is the DOD’s
portion of cyberspace and is distinct in that it provides the medium for communication among the forces within other operational
domains. The Department of Defense information network is the set of information capabilities, and associated processes to
collect, process, store, disseminate, and manage information on demand to warfighters, policy makers, and support personnel,
whether interconnected or stand-alone, including owned and leased communications and computing systems and services,
software (including applications), data, security services, other associated services, and national security systems (JP 6-0). The
DODIN includes all DOD information technologies broadly grouped as DOD information systems, platform information technology,
information technology services, and information technology products.
1-14. The Army uses the cyberspace domain every day to communicate, store data, plan missions, and perform tasks. In today’s
dynamic operational environment, the exercise of mission command depends on freedom of maneuver within the cyberspace
domain.

OPERATIONS AND THE CYBERSPACE DOMAIN


1-15. Army operations depend on cyberspace for synchronizing, storing, coordinating, and protecting information. Commanders
rely on cyberspace to exercise mission command. In the 2014 Army's Strategic Planning guidance, the Secretary of the Army and
Army Chief of Staff jointly stated:
“Similar to other domains, Army leaders and organizations must be capable of employing capabilities in cyberspace,
but not to the point of dependency should those capabilities be negated. This convergence between land and
cyberspace has created dependencies and vulnerabilities for the Army's ability to exercise mission command through
the Army network. The Army will prioritize the defense of its network and key systems against increasingly
sophisticated and evolving threats in order to retain freedom of maneuver and exploit its advantages. As the Army
addresses these challenges, it will build cyberspace capabilities that are integrated within a [j]oint construct, but also
include integration with Army units down to the tactical edge. Finally, when authorized, the Army must be prepared to
plan and conduct cyberspace operations in support of national, joint, and Service requirements.”
1-16. Freedom of maneuver in cyberspace enables mission command and freedom of maneuver in the other domains. By
enabling mission command and the freedom of maneuver, Army operations support the joint force commander (JFC) objectives.
(See figure 1-2 on page 1-5.)

Figure 1-2. Freedom of maneuver to support joint force commander objectives

JOINT OPERATIONS AND THE CYBERSPACE DOMAIN


1-17. The DODIN supports the end-to-end communications systems for joint command and control of military operations and the
joint communications use of the cyberspace domain. The DODIN represents the DOD portion of cyberspace and includes joint and
Service data communications as well as interfaces to non- DOD and multinational users.
1-18. Joint cyberspace operations support and enable operations for joint and Service specific organizations. Joint commanders
and staffs conduct operations in and through cyberspace to assure U.S. and allied forces freedom of maneuver in all domains to
include cyberspace while denying enemies and adversaries the same. Joint commanders use existing theater communications
systems that provide theater-wide voice, data, and message connectivity between all components and elements to coordinate
activities. Combatant commands establish and manage the theater systems and receive additional capabilities based on
operational need.

ARMY OPERATIONS AND THE CYBERSPACE DOMAIN


1-19. Army cyberspace operations range from defensive to offensive. These operations establish and maintain secure
communications, detect and deter threats in cyberspace to the DODIN, analyze incidents when they occur, react to incidents, and
then recover and adapt while supporting Army and joint forces from strategic to tactical levels while simultaneously denying
adversaries effective use of cyberspace and the EMS. The Army contribution to the DODIN is the technical network that
encompasses the Army information management systems and information systems that collect, process, store, display,
disseminate, and protect information worldwide. Army cyberspace operations provide support to, and receive support from, joint
cyberspace operations. The close coordination and mutual support with joint cyberspace operations provides Army commanders
and staffs enhanced capabilities for operations.
1-20. The Army plans, integrates, and synchronizes cyberspace operations through CEMA as a continual and unified effort. The
continuous planning, integration, and synchronization of cyberspace and EW operations, enabled by SMO, can produce singular,
reinforcing, and complementary effects. Though the employment of cyberspace operations and EW differ because cyberspace
operates on wired networks, both operate using the EMS.

CYBERSPACE MISSIONS AND ACTIONS


1-21. Cyberspace missions and actions are interrelated; synchronizing and supporting efforts among the cyberspace missions is
imperative to maintaining freedom of maneuver in cyberspace. Supporting the cyberspace missions are the cyberspace actions:
cyberspace defense; cyberspace intelligence, surveillance, and reconnaissance (ISR); cyberspace OPE; cyberspace attack; and
cyberspace security. Cyberspace actions support DODIN operations, DCO, OCO, or any combination thereof. Executing
cyberspace actions at any echelon is dependent on authority, capability, and coordination. The actions are interrelated and a
cyberspace mission may require more than one action to achieve mission success.
1-22. Army forces can execute cyberspace missions and actions under the proper authority. Since DODIN operations and some
DCO tasks may overlap, Army forces may conduct multiple cyberspace missions or actions as part of their daily duties and
responsibilities. Situational requirements may dictate the transition from cyberspace security to DCO internal defensive measures
(DCO-IDM). Figure 1-3 shows the relationship of the cyberspace missions and cyberspace actions both external and internal to the
DODIN and the owned, leased, shared partner portions of cyberspace. EW can affect the cyberspace capabilities that use the
EMS.
Figure 1-3. Cyberspace and electronic warfare operations - missions and actions

1-23. Use of the DODIN relies upon DODIN operations, DCO, and at times on OCO for freedom of maneuver to employ a network
capability. Cyberspace security and DCO protect and defend Army networks, thereby maintaining communications and mission
command. Current intrusion information may lead to future defensive cyberspace operations response action (DCO-RA) or OCO
missions. DCO and OCO depends on the DODIN for planning, synchronization, and integration of missions. EW may also support
and enable cyberspace operations through electronic attack (EA), electronic protection (EP), and electronic warfare support (ES).

DEPARTMENT OF DEFENSE INFORMATION NETWORK OPERATIONS


1-24. The DODIN includes DOD information technology which cyberspace operations forces must secure and protect to ensure
mission assurance for DOD components. The DODIN supports the synchronization and integration of all warfighting functions.
Army forces use the DODIN to collaborate internally and externally, move and manage information, transmit and receive orders,
and maintain situational awareness.
1-25. The DODIN-A is an Army operated enclave of the DODIN which encompasses all Army information capabilities that collect,
process, store, display, disseminate, and protect information worldwide. The DODIN-A enables mission command and facilitates
all warfighting and business functions. The DODIN-A seamlessly supports deployed forces and operations at bases, posts, camps,
stations, and other locations worldwide including at the strategic, operational, and tactical levels.
1-26. The DODIN-A enables access to the right information at the right place and time for commanders, staffs, Soldiers, civilians,
and joint, inter-organizational, and multinational elements. The DODIN-A allows access while at home station or a temporary duty
location; through post, camp, or station networks; and through deployed tactical networks. These segments allow operating and
generating forces to access centralized resources from any location during all operational phases. Network support is available at
the home post, camp, or station, throughout deployment and on redeployment to home station. The network support may be
organic depending on the organization and forces aligned to that organization.
1-27. Department of Defense information network operations are operations to design, build, configure, secure, operate, maintain,
and sustain Department of Defense networks to create and preserve information assurance on the Department of Defense
information network (JP 3-12[R]). DODIN operations are threat agnostic and network specific to provide users and systems at all
levels with end-to-end network and information system availability, information protection, and prompt information delivery. DODIN
operations allow commanders to effectively communicate, collaborate, share, manage, and disseminate information using
automated information systems. The Army conducts distributed DODIN operations within the DODIN- A, from the global level to
the tactical edge. DODIN operations personnel design, build, configure, secure, operate, maintain, and sustain global, theater, and
tactical portions of the DODIN-A. DODIN operations provide assured and timely network-enabled services to support DOD
warfighting, intelligence, and business missions across strategic, operational, and tactical boundaries. DODIN operations provide
system and network availability, information protection through defensive tools and procedures, and information delivery. (See FM
6-02 for additional information on DODIN operations.)

DEFENSIVE CYBERSPACE OPERATIONS


1-28. Defensive cyberspace operations are passive and active cyberspace operations intended to preserve the ability to utilize
friendly cyberspace capabilities and protect data, networks, net-centric capabilities, and other designated systems (JP 3-12[R]).
DCO are threat-specific and mission prioritized to retain the ability to use the DODIN. The Army uses a defense-in-depth concept,
incorporating a layered approach to defend the network.
1-29. The two types of DCO are DCO-RA and DCO-IDM. Both are threat-specific and defend the DODIN, but the similarity ends
with that purpose. DCO-RA is more aligned with OCO in execution, authorities, and techniques supporting the mission. DCO-IDM
include mission assurance actions.
1-30. DCO respond to unauthorized activity, alerts, and threat information against the DODIN, and leverages intelligence,
counterintelligence, law enforcement, and other military capabilities as required. DCO include outmaneuvering adversaries taking
or about to take offensive actions against defended networks, or responding to internal and external cyberspace threats. DCO also
include actively hunting for advanced internal threats that evade routine security measures. DCO consist of those actions designed
to protect friendly cyberspace from enemy and adversary actions.

1-31. DCO may be a response to attacks, exploitations, intrusions, or effects of malware on the DODIN or other assets that the
DOD is directed to defend. Most DCO occur within the defended network. DOD DCO missions are accomplished using a layered,
adaptive, defense-in-depth approach, with mutually supporting elements of digital and physical protection. A key characteristic of
DOD DCO activities is active cyberspace defense.
1-32. DCO activity may lead to follow on activities such as additional cybersecurity measures, information collection, or
development of OCO targets. Reporting unauthorized network activity and anomalies increases the data available to identify
trends and to take appropriate defensive measures. The personnel confirming the unauthorized activity report the details for
intelligence and forensic purposes.

Defensive Cyberspace Operations Internal Defensive Measures


1-33. DCO-IDM occur within the DODIN. DCO-IDM may involve reconnaissance measures within the DODIN to locate internal
threats and may respond to unauthorized activity, alerts, and threat information. Internal threat cueing may come from
cybersecurity tools employed on the network. DCO-IDM focus to dynamically reestablish, re-secure, reroute, reconstitute, or
isolate degraded or compromised local networks to ensure sufficient cyberspace access for JFC forces.
1-34. Army forces employ various DCO-IDM to protect and defend the DODIN. Army units plan, integrate, and synchronize DCO-
IDM to create and achieve actions by friendly forces against the enemy to support the commander's objectives as part of the
operations process.

Defensive Cyberspace Operations Response Action


1-35. Defensive cyberspace operations response action is defined as deliberate, authorized defensive measures or activities taken
outside of the defended network to protect and defend DOD cyberspace capabilities or other designated systems (JP 3-12[R]).
Provocation that leads to employing DCO-RA includes indicators from the various sensors and capabilities that detect and identify
indications of an imminent or ongoing cyberspace attacks. If approved, specially trained cyber mission forces employ actions to
protect and defend friendly force cyberspace. Some adversary actions can trigger DCO-RA necessary to defend networks by
creating effects outside of the DODIN, when authorized. Some of the specially trained personnel are Army forces operating as part
of a joint force.
1-36. DCO-RA requires the same type of information collection support as OCO for threat information. DCO-RA may involve using
nondestructive countermeasures that identify the source of the threat to the DODIN-A, and then use nonintrusive techniques to
stop or mitigate that threat. Joint forces may provide DCO-RA support to Army commanders at corps and below.

Note. Countermeasures require deconfliction with other departments and agencies to the maximum extent practicable
according to the Trilateral Memorandum of Agreement among the DOD, the Department of Justice, and the Intelligence
Community Regarding Computer Network Attack and Computer Network Exploitation Activities, 9 May 2007.

OFFENSIVE CYBERSPACE OPERATIONS


1-37. Offensive cyberspace operations are cyberspace operations intended to project power by the application of force in or
through cyberspace (JP 3-12[R]). The Army provides forces trained to perform OCO across the range of military operations in and
through cyberspace providing effects outside of the DODIN. Army forces conducting OCO do so under the authority of CCMDs
and United States Cyber Command (USCYBERCOM).
1-38. Forces conducting OCO missions deconflict, coordinate, and synchronize OCO with other cyberspace operations,
cyberspace activities, and other operations. Joint forces may provide OCO support to corps and below Army commanders in
response to requests using the CERF. OCO focus on targeting objectives in or through cyberspace and related portions of the
EMS. Army units plan, integrate, and synchronize OCO to create and achieve effects to support the commander’s objectives as
part of the operations process. OCO targets may require extended planning time, extended approval time, synchronization and
deconfliction. The CERF provides detailed information on requested effects. (For more information on CERF procedures, see
Appendix C.)

CYBERSPACE ACTIONS
1-39. The cyberspace missions require the employment of various actions to create specific effects in cyberspace. (See figure 1-
4.) The cyberspace actions are cyberspace defense, cyberspace ISR, cyberspace OPE, cyberspace attack, and cyberspace
security. To plan for, authorize, and assess these actions, it is important to understand the differences between the actions and
their specific purposes. (For more information on the cyberspace actions see JP 3-12[R].)
Figure 1-4. Cyberspace actions

Cyberspace Defense
1-40. Cyberspace defense are actions normally taken within the DOD cyberspace for securing, operating, and defending the
DODIN against specific threats. The purpose of cyberspace defense includes actions to protect, detect, characterize, counter, and
mitigate threats. Such defensive actions are usually created by the JFC or Service that owns or operates the network, except in
cases where these defensive actions would affect the operations of networks outside the responsibility of the respective JFC or
Service.

Cyberspace Intelligence, Surveillance & Reconnaissance


1-41. Cyberspace ISR is an intelligence action conducted by the JFC authorized by an execute order or conducted by attached
signals intelligence (SIGINT) units under temporary delegated SIGINT operational tasking authority. Cyberspace ISR includes
activities in cyberspace conducted to gather intelligence required to support future OCO or DCO. These activities support planning
and execution of current and future cyberspace operations. Cyberspace ISR focuses on tactical and operational intelligence and
on mapping enemy and adversary cyberspace to support military planning. Cyberspace ISR requires appropriate deconfliction and
authorization. Cyberspace forces are trained and certified to a common standard with the intelligence community. Cyberspace ISR
is conducted pursuant to military authorities and must be coordinated and deconflicted with other United States Government
departments and agencies. Army units conducting cyberspace ISR operate as part of a joint force or specially trained service
retained forces supporting specific cyberspace operations missions.

Cyberspace Operational Preparation of the Environment


1-42. Cyberspace OPE consists of the non-intelligence enabling activities for the purpose of planning and preparing for ensuing
military operations. Cyberspace OPE requires forces trained to a standard that prevents compromise of related intelligence
collection operations. OPE in cyberspace is conducted pursuant to military authorities and must be coordinated and deconflicted
with other United States Government departments and agencies.
Cyberspace Attack
1-43. Cyberspace attack is a cyberspace action that creates various direct denial effects in cyberspace (for example, degradation,
disruption, or destruction) and manipulation that leads to denial, that is hidden or that manifests in the physical domains (JP 3-
12[R]). The purpose of cyberspace attack is the projection of power to provide an advantage in cyberspace or the physical
domains for friendly forces. For example, a cyberspace attack may target information residing on, or in transit between, computers
or mobile devices to deny enemy or hostile actors the ability to use resources. Cyberspace attack may be for offense or defense
operations in cyberspace.

Cyberspace Security
1-44. Cyberspace security actions are those taken within a protected network to prevent unauthorized access to, an exploitation of,
or damage to computers, electronic communications systems, and other information technology, including platform information
technology, as well as the information contained therein, to ensure its availability, integrity, authentication, confidentiality, and
nonrepudiation. Cyberspace security is not specific to an enemy or adversary. Cyberspace security actions protect the networks
and systems through all phases of network planning and implementation. Cyberspace security activities include vulnerability
assessment and analysis, vulnerability management, incident handling, continuous monitoring, and detection and restoration
capabilities to shield and preserve information and information systems.

EFFECTS OUTSIDE OF THE DEPARTMENT OF DEFENSE INFORMATION NETWORK AND CYBERSPACE


1-45. Effects delivered in and through cyberspace manifest in cyberspace or in one or more of the other domains. The Army
requests effects in cyberspace after planning and targeting activities. The effects may be delivered by or through an OCO or DCO-
RA mission. The effects support Army operations and JFC objectives. Cyber mission forces conducting cyberspace actions deliver
effects in and through cyberspace. EW capabilities can be a conduit to deliver effects in and through cyberspace. Joint
organizations express the effects in cyberspace in different terms than expressed in the traditional Army targeting methodology.
Army targeting efforts result in requirements using Army terms similar in meaning to joint cyberspace terms. However, the
difference in terms requires that any requests from echelons corps and below to joint organizations use the joint terms for effects in
cyberspace.
1-46. Joint cyberspace operations doctrine describes cyberspace actions. Cyberspace actions at the joint level require creating
various direct denial effects in cyberspace (degradation, disruption, or destruction). Joint cyberspace operations doctrine also
explains that manipulation leads to denial (hidden or manifesting) in any domain.
1-47. These specific actions are—
● Deny. To degrade, disrupt, or destroy access to, operation of, or availability of a target by a specified level for a specified
time. Denial prevents enemy or adversary use of resources.
● Degrade. To deny access (a function of amount) to, or operation of, a target to a level represented as a percentage of
capacity. Level of degradation must be specified. If a specific time is required, it can be specified.
● Disrupt. To completely but temporarily deny (a function of time) access to, or operation of, a target for a period of time. A
desired start and stop time are normally specified. Disruption can be considered a special case of degradation where the
degradation level selected is 100 percent.

● Destroy. To permanently, completely, and irreparably deny (time and amount are both maximized) access to, or operation
of, a target.
● Manipulate. To control or change the enemy or adversary’s information, information systems, and/or networks in a manner
that supports the commander's objectives.
1-48. Army commanders request effects using the terms deny, degrade, disrupt, destroy, and manipulate. The Army considers
these as separate effects rather than a subset of deny. These terms are common for targeting guidance or to describe effects for
information operations (IO). These are desired effects that support operations and are achievable using cyberspace capabilities.
Army planners will utilize these terms to describe and plan for cyberspace and electronic warfare effects. The most common
effects associated with cyberspace operations are deny, degrade, disrupt, destroy, and manipulate. (For more effects or
information on effects see ATP 3-60.)
● Denial operations are actions to hinder or deny the enemy the use of space, personnel, supplies, or facilities (FM 3-90-1).
An example of deny is to use EW capabilities to jam specific frequencies using an EW capability for a predetermined amount
of time, or to block a router communication port using cyberspace capability for some predetermined amount of time;
however, the duration of denial will depend on the enemy's ability to reconstitute.
● Degrade is to use nonlethal or temporary means to reduce the effectiveness or efficiency of adversary command and control
systems and information collections efforts or means. An example of degrade is slowing the cyberspace connection speed
affecting the ability to effectively communicate or pass data in a timely manner.
● Disrupt is a tactical mission task in which a commander integrates direct and indirect fires, terrain, and obstacles to upset an
enemy's formation or tempo, interrupt the enemy's timetable, or cause enemy forces to commit prematurely or attack in a
piecemeal fashion. An obstacle effect that focuses fires planning and obstacle efforts to cause the enemy force to break up its
formation and tempo, interrupt its timetable, commit breaching assets prematurely, and attack in a piecemeal effort (FM 3-90-
1). An example of disrupt is interrupting the connection to cyberspace, either wired or wireless, affecting the ability to
communicate or pass data.
● Destroy is tactical mission task that physically renders an enemy force combat-ineffective until it is reconstituted.
Alternatively, to destroy a combat system is to damage it so badly that it cannot perform any function or be restored to a
usable condition without being entirely rebuilt (FM 3-90- 1). Destroy is applying lethal combat power on an enemy capability
so that it can no longer perform any function. The enemy cannot restore it to a usable condition without being completely
rebuilt. An example of destroy using cyberspace capabilities is causing a system to lose all of its operating information or
causing it to overheat to a point it is no longer usable. (See ADRP 3-0 for more information on destroy.)
● Manipulate is to control or change the adversary's information, information systems, and/or networks in a manner that
supports the commander's objectives. The Army uses the same description as the joint cyberspace action for this effect.
● Deceive is when military leaders attempt to mislead threat decision makers by manipulating their understanding of reality.
An example of deceive is modifying a message causing the enemy or adversary to assemble in a location not originally
designated by their own chain of command. More information on deceive is found in FM 3-90-1 and ATP 3-60.
1-49. Effects in and through cyberspace may have the same consequences as other types of traditional effects. Effects during
operations include lethal and non-lethal actions and may be direct or indirect. Direct effects are first order consequences and
indirect effects are second, third, or higher order consequences. Similar characteristics of direct and indirect effects in cyberspace
can be cumulative or cascading if desired. These effects are planned and controlled in order to meet the commander’s objectives.
Cumulative refers to compounding effects and cascading refers to influencing other systems with a rippling effect. The desired
effects in cyberspace can support operations as another means to shape the operational environment to provide an advantage.
(For more information on cascading and cumulative effects see JP 3-60.)

SECTION II – UNDERSTANDING CYBERSPACE AND ENVIRONMENTS


1-50. Understanding the cyberspace domain begins with understanding the EMS, the information environment, the layers of
cyberspace, and the characteristics of cyberspace. Understanding the integration of cyberspace operations begins with
comprehending cyberspace as a part of the operational environment and the impact on operational and mission variables: threats,
risks, and authorities.

CYBERSPACE AND THE ELECTROMAGNETIC SPECTRUM


1-51. Cyberspace wireless capabilities use the EMS for a transport medium to form links in the DODIN. The electromagnetic
spectrum is the range of frequencies of electromagnetic radiation from zero to infinity. It is divided into 26 alphabetically designated
bands (JP 3-13.1). The Army manages its use of the EMS through SMO. Spectrum management operations are the interrelated
functions of spectrum management, frequency assignment, host nation coordination, and policy that together enable the planning,
management, and execution of operations within the electromagnetic operational environment during all phases of military
operations (FM 6-02). Electromagnetic spectrum operations (EMSO) include SMO and EW (see section three for information on
EW). SMO are the management functions of EMSO managing the man-made access to the EMS.
1-52. Conducting SMO supports and enables the execution of cyberspace and EW operations. The objective is to ensure access
to the EMS to support Army operations. Synchronizing efforts between cyberspace and EW operations, and other users of the
spectrum, allow unifying and complementary efforts and minimizes conflicting effects within the spectrum. (See figure 1-5.) (For
more information on SMO see FM 6-02 and ATP 6-02.70.)
Figure 1-5. The electromagnetic spectrum

CYBERSPACE AND THE INFORMATION ENVIRONMENT


1-53. The Army conducts cyberspace and EW operations in the information environment. The information environment is the
aggregate of individuals, organizations, and systems that collect, process, disseminate, or act on information (JP 3-13). The ease
of access to technical networks facilitates information sharing and enhances the social aspect of the information environment. The
dimensions of the information environment are physical, informational, and cognitive. IO, whether inside or outside of cyberspace,
can affect friendly, neutral, and threat operations within cyberspace. (For more information on the information environment see JP
3-13.)

PHYSICAL DIMENSION
1-54. The physical dimension consists of the physical portions of the environment. The tangible elements of cyberspace and
access to the EMS are part of the physical dimension of the information environment. The tangible network elements include
communications networks, information systems, and network infrastructures. This dimension is where network platforms reside
along with the infrastructures that enable them. EW platforms also reside in this dimension.

INFORMATIONAL DIMENSION
1-55. The informational dimension consists of the information itself. Cyberspace and EW operations support collecting, processing,
storing, disseminating, and displaying text, images, or data in this dimension. The informational dimension enables the linkage
between the physical and cognitive dimensions. This dimension links to cyberspace and the EMS due to the volume of information
resident on and traversing information technology infrastructures. The physical dimension of cyberspace and EW operations
allows access to and control of the information and data to those in the cognitive dimension. This dimension includes data at rest
or in transit.

COGNITIVE DIMENSION
1-56. The cognitive dimension encompasses the minds of those who transmit, receive, and respond to or act on information (JP 3-
13). The cognitive dimension in cyberspace represents individuals, groups, or organizations. Cyberspace links the data and ideas
of those who transmit, receive, respond or act on, or add new information. This dimension represents the individuals that utilize
cyberspace.

CYBERSPACE LAYERS
1-57. Cyberspace can be described in terms of three layers: physical network, logical network, and cyber- persona (JP 3-12[R]).
Commanders and staffs leverage the layers of cyberspace to build, gain, and maintain situational understanding and create
operational opportunities.

PHYSICAL NETWORK LAYER


1-58. The physical network layer of cyberspace is comprised of the geographic component and is part of the physical dimension.
The geographic component is the location in land, air, maritime, or space where elements of the network reside. The physical
network layer is comprised of the hardware, system software, and infrastructure (wired, wireless, cable links, EMS links, satellite,
and optical) that supports the network and the physical connectors (wires, cables, radio frequency, routers, switches, servers, and
computers). The physical network layer uses logical constructs as the primary method of security and integrity.

LOGICAL NETWORK LAYER


1-59. The logical network layer consists of the components of the network related to one another in a way abstracted from the
physical network. For instance, nodes in the physical layer may logically relate to one another to form entities in cyberspace not
tied to a specific node, path, or individual. Web sites hosted on servers in multiple physical locations where content can be
accessed through a single uniform resource locator or web address provide an example. This may also include the logical
programming to look for the best communications route, which is not the shortest physical route, to provide the information
requested.

CYBER-PERSONA LAYER
1-60. The cyber-persona layer is a digital representation of an individual or entity identity in cyberspace. This layer consists of the
people who actually use the network and therefore have one or more identities that can be identified, attributed, and acted upon.
These identities may include e-mail addresses, social networking identities, other web forum identities, computer internet protocol
addresses, and mobile device numbers. One individual may have multiple cyber-personas through internet services at work and
personal e-mail addresses, web forum, chat room, and social networking site identities; which may vary in the degree to which
they are factually accurate. The authenticity of a cyber-persona is a concern especially with the ability of a threat force to hide their
identity.
1-61. Conversely, a single cyber-persona can have multiple users — for example, a username and password for an administrative
account multiple people access. As a result cyber-personas can be complex, with elements in many virtual locations, but normally
not linked to a single physical location or form. Consequently, attributing responsibility and targeting in cyberspace requires
significant intelligence and technical knowledge. Understanding the complexity of the cyber-persona allows leaders and
commanders to make more informed decisions. Figure 1-6 shows an individual person with multiple cyber-personas and the
relationship with the other layers.
Figure 1-6. Cyber-persona relationship to the physical and logical layers

THE CHARACTERISTICS OF CYBERSPACE


1-62. To better understand cyberspace, examine the physical information technology networks. For instance, cyberspace is
interconnected computer communications networks (logical layer) that make information globally available through wired and
wireless connections at high rates of speed using the physical layer, which is then accessed by individuals using the cyber-
persona layer. The internet pervades societies and enables global communication and information flow. Cyberspace
characteristics include—
● Networked.
● Socially enabling.
● Technical.
● Interdependent and interrelated.
● Vulnerable.

NETWORKED
1-63. Cyberspace is an extensive and complex global network of wired and wireless links connecting nodes that permeate every
domain. The core of these networks are technological infrastructures consisting of several distinct enclaves connected into a single
logical network that enables data transport. Identifying these infrastructures and their operations is accomplished by analyzing the
layers of cyberspace, the dimensions of the information environment, the variables of the operational environment, and the other
technical aspects of wired and wireless networks. The networks can cross geographic and political boundaries connecting
individuals, organizations, and systems around the world.

SOCIALLY ENABLING
1-64. Cyberspace allows interactivity among individuals, groups, organizations, and nation-states. Computer systems and
technical networks make it possible to create, store, process, manipulate, and quickly transport data and information for a select or
very broad audience. Users can apply data and information to exert influence, accomplish tasks, and make decisions. Text
messaging, e-mail, e-commerce, social media, and other forms of interpersonal communication are possible because of
cyberspace.

TECHNICAL
1-65. Advancements in technology increase the complexity of hardware and software system components and devices.
Cyberspace consists of numerous elements requiring personnel with specific technical skills. For example, the development of
encryption and encoding require personnel trained to perform specialized functions that comply with protocols and other industry
standards. The technical network infrastructure and logical layer is complex, but accessing and utilizing cyberspace is relatively
simple. The advanced use of the EMS is a fundamental part of cyberspace.

INTERDEPENDENT AND INTERRELATED


1-66. Operations within the other four domains are dependent on cyberspace. Commanders achieve situational understanding of
the operational environment and the interdependent and interrelated nature of the cyberspace domain through intelligence
preparation of the battlefield (IPB) and information requirements. The dependence of information and data distribution, timeliness,
and quantity directly relate to the network infrastructure capabilities and limitations. IPB can help identify capabilities and
vulnerabilities of the enemy’s and adversary’s cyberspace infrastructure, including electronic links to automated weapons systems,
communications systems, and other critical nodes supporting the threat network. Unique to the cyberspace domain is the ability of
combatants and non-combatants to move information across the domain quickly.

VULNERABLE
1-67. Cyberspace is vulnerable for several reasons including ease of access, network and software complexity, lack of security
consideration in network design and software development, and inappropriate user activity. Access to cyberspace by an individual
or group with a networked device is easy, and an individual with a single device may be able to disable an entire network.
Vulnerabilities in the systems that operate in cyberspace contribute to a continuous obligation to manage risk and protect portions
of cyberspace. Understanding the vulnerabilities of DODIN may lead to changes of the operational design. Vulnerabilities found on
enemy or adversary systems may cause changes to those portions of cyberspace as well. Effects generated in cyberspace can
have global impact across the physical domains.

CYBERSPACE AS A COMPONENT OF THE OPERATIONAL ENVIRONMENT


1-68. An operational environment is a composite of the conditions, circumstances, and influences that affect the employment of
capabilities and bear on the decisions of the commander (JP 3-0). Cyberspace, operational variables, mission variables, and the
dimensions of the information environment share a complex relationship within an operational environment. Staffs perform tasks
and missions in and through cyberspace to support the warfighting functions. Cyberspace supports, enables, and integrates
operations for warfighting functions in the operational environment within all the domains.
1-69. While cyberspace enables communications capabilities, it also creates critical vulnerabilities for adversaries and enemies to
attack or exploit. The complexity, low entry cost, widely available resources, minimally required technological investment, and ease
of anonymity in cyberspace enables enemies and adversaries to inflict serious harm. The expanded availability of commercial off-
the-shelf technology provides adversaries with increasingly flexible and affordable technology to adapt to military purposes. Low
barriers to use cyberspace significantly decrease the traditional capability gap between the United States and adversaries,
allowing them to field sophisticated cyberspace capabilities.
1-70. DODIN operations enables Army operations. DODIN operations, DCO, EW, and intelligence facilitate freedom of maneuver
in cyberspace. Freedom of maneuver allows the integration of the warfighting functions across all domains. Army operations,
enabled and supported by the DODIN, support the JFC’s objectives.

SITUATIONAL UNDERSTANDING AND AWARENESS OF CYBERSPACE


1-71. Situational understanding is the product of applying analysis and judgment to relevant information to determine the
relationships among the operational and mission variables to facilitate decision making (ADP 5-0). Operational variables enable a
comprehensive understanding of a given operational environment, while mission variables enable a more focused understanding
of a given area of operations. The continuous application of these analytical frameworks enables the commander and staff to
analyze cyberspace from various perspectives throughout the operations process. (See FM 6-0 for additional information on
operational and mission variables.)
1-72. Situational understanding of cyberspace is gained and maintained by identifying, characterizing, and monitoring certain types
of enemy, adversary, and friendly activity in designated cyberspace and the EMS. Situational understanding of cyberspace
involves—
● Developing, disseminating, and maintaining relevant information enabling the commander and staff to achieve situational
understanding of friendly, enemy, and adversary utilization of cyberspace, including the cyberspace related use of the EMS.
● Determining, validating, and mitigating network intrusions or other unauthorized activities within friendly force networks,
particularly the Army’s contribution.
● Information collection efforts to support cyberspace operations to produce and disseminate a common operational picture
and to answer the commander's critical information requirements (see FM 3-55 for additional information). Continuous
tracking, monitoring and assessment of friendly force activity inside and outside of the DODIN including collaboration with
higher headquarters and their development of joint cyberspace situational awareness (see JP 3-12[R] for additional
information).
● Identifying and applying authorities, other legal considerations, intelligence gain or loss, and associated risks that each
serve to inform decision making.

● Direct coordination with host nations to develop and monitor the status of critical infrastructure and key resources.

1-73. It is important to ensure commanders and staff understand how cyberspace enables their operations. Cyberspace includes
physical and logical networks and cyber-personas. The networks include nodes linked together by transmission paths. A link is the
connection between nodes. A node is broadly defined as an element of a system that represents a person, place, or physical thing
(see JP 3-0). A technical definition describes a node as a physical location that provides terminating, switching, or gateway access
services to support information exchange (see JP 6-0). Nodes, along with the transmission paths that link them together, contain
in-transit and resident data available for access and use by individuals, groups, and organizations. Combining a network diagram
with other situational information enhances the understanding of the operational environment because of the inclusion of
cyberspace specific information.
1-74. Some nodes in cyberspace, especially commercial systems, are used by various entities, including friendly, neutral, and
enemy or adversary. Figure 1-7 displays friendly, threat, and neutral (or non-attributed) networks in an operational area. Network
nodes, links, and communications link types provide additional information to form a better picture of the operational environment.
Included is the threat network overlay depicting network nodes used by enemies and adversaries. The graphic includes nodes
located at known unit, adversary and host nation locations as elements of physical infrastructure, and transmission paths as wired
or wireless links (through the EMS). Friendly units aid in situational understanding by identifying their location relative to the
enemy, adversary, and host nation nodes. Combining the operational view with the network diagram aids in identifying key terrain
in cyberspace.
Figure 1-7. Operational area with network topology information

1-75. In the context of traditional land operations, key terrain is any locality, or area, the seizure or retention of which affords a
marked advantage to either combatant (JP 2-01.3). However, cyberspace operations uses the concept of key terrain as a model to
identify key aspects of the cyberspace domain. Identified key terrain in cyberspace is subject to actions the controlling combatant
(whether friendly, enemy, or adversary) deems advantageous such as defending, exploiting, and attacking. References to key
terrain correspond to nodes, links, processes, or assets in cyberspace, whether part of the physical, logical, or cyber-persona
layer. The marked advantage of key terrain in cyberspace may be for intelligence, to support network connectivity, a priority for
defense, or to enable a key function or capability.

CYBERSPACE AND THE OPERATIONAL VARIABLES


1-76. Commanders and staffs continually analyze and describe the operational environment in terms of eight interrelated
operational variables: political, military, economic, social, information, infrastructure, physical environment, and time. Each variable
applied to an analysis of designated cyberspace can enable a more comprehensive understanding of the operational environment.
The analysis describes the planning, preparation, execution, and assessment activities for both the wired and EMS portions
cyberspace operations. (See FM 6-0 for more information on operational variables.) The following are operational variable
example questions specific to networks and nodes—
● Political. What networks and nodes require the most emphasis on security and defense to enable the functioning of the
government?
● Military. Where are networks and nodes utilized by enemy and adversary actors to enable their activities?
● Economic. What networks and nodes require the most emphasis on security and defense to enable commerce and other
economic-related activities?
● Social. What network nodes enable communication with the host nation population for the purpose of providing information
or protecting them from potential negative effects caused by military operations in cyberspace?
● Information. What is the nature of the data transiting cyberspace that influences or otherwise affects military operations?
● Infrastructure. What networks and nodes enable critical infrastructure and key resource capabilities and supporting
supervisory control and data acquisition systems?
● Physical Environment. How are wireless networks affected by the electromagnetic environment which includes terrain and
weather?
● Time. What are the optimal times to create effects to support the overarching mission?

CYBERSPACE AND THE MISSION VARIABLES


1-77. The analysis of mission variables specific to cyberspace operations enables Army forces to integrate and synchronize
cyberspace capabilities to support Army operations. Mission variables describe characteristics of the area of operations. The
mission variables are mission, enemy, terrain and weather, troops and support available, time available, and civil considerations.
(See ADRP 5-0 and FM 6-0 for more information on mission variables.) For cyberspace operations, mission variables provide an
integrating framework upon which critical questions can be asked and answered throughout the operations process. The questions
may be specific to either the wired portion of cyberspace, the EMS, or both. The following is a list of the mission variables example
questions—
● Mission. Where can we integrate elements of cyberspace operations to support the unit mission? What essential tasks
could be addressed by the creation of one or more effects by cyberspace operations?
● Enemy. How can we leverage information collection efforts regarding threat intentions, capabilities, composition, and
disposition in cyberspace? What enemy vulnerabilities can be exploited by cyberspace capabilities?
● Terrain and weather. What are the opportunities and risks associated with the employment of cyberspace operations
capabilities when terrain and weather may cause adverse impacts on supporting information technology infrastructures?

● Troops and support available. What resources are available (internal and external) to integrate, synchronize, and execute
cyberspace operations? What is the process to request, receive, and integrate these resources?
● Time available. How can we synchronize OCO and related desired effects with the scheme of maneuver within the time
available for planning and execution?
● Civil considerations. How can we employ cyberspace operations without negative impacts on noncombatants?

RISK IN CYBERSPACE
1-78. Risk is inherent in all military operations. When commanders accept risk they create opportunities to seize, retain, and exploit
the initiative and achieve decisive results. The willingness to incur risk is often the key to exposing enemy and adversary
weaknesses considered beyond friendly reach (ADRP 3-0). Commanders assess and mitigate risk continuously throughout the
operations process. Many of the risks to the DODIN and the Army’s contribution to cyberspace come from enemies, adversaries,
and insiders. Some threats are well equipped and well trained while some are novices using readily available and relatively
inexpensive equipment and software. Army users of the DODIN are trained on cybersecurity, focusing on safe use of information
technology and to recognize how threats operate to help mitigate risks.
1-79. Risk management is the Army’s primary decision-making process for identifying hazards and controlling risks. Using this
process, operational effectiveness and the probability of mission accomplishment increases. This provides a way of identifying
hazards, assessing them, and managing the associated risk. The process applies to all types of operations, tasks, and activities
including cyberspace operations. The factors of mission, enemy, terrain and weather, troops and support available, time available,
and civil considerations provide a standardized methodology for addressing both threat and hazard based risk. Risks associated
with cyberspace operations fall into four major categories—
● Operational risks.
● Technical risks.
● Policy risks.
● Operations security risks.

Note. See ATP 5-19 for more on risk management.

OPERATIONAL RISKS
1-80. Operational risks pertain to consequences that cyberspace threats pose to mission effectiveness. Operational consequences
are the measure of cyberspace attack effectiveness. Cyberspace intrusions or attacks can compromise technical networks,
systems, and data; which can result in operational consequences such as injury or death of personnel, damage to or loss of
equipment or property, degradation of capabilities, mission degradation, or even mission failure. Exfiltration of data from Army
networks by the enemy can undermine the element of surprise and result in an ambush. Enemy or adversary forces may conduct
cyberspace and EMS attacks to exposed friendly networks and capabilities, compromising future cyberspace attacks and
cyberspace exploitation missions.

TECHNICAL RISKS
1-81. Technical risks are exploitable weaknesses in Army networks and systems. Nearly every technical system within the Army is
networked, creating shared vulnerabilities. These potentially vulnerable networked systems and components directly impact the
Army's ability to project military power and support the mission. DCO and cybersecurity measures mitigate risks and defend
against the threats from taking advantage of the technical vulnerabilities. Robust systems engineering, supply chain risk
management, security, counterintelligence, intelligence, hardware and software assurance, and information systems security
engineering disciplines enable the Army to manage technical risk to system integrity and trust. Friendly forces examine the
technical risks when conducting cyberspace attacks to avoid making friendly networks vulnerable to enemy cyberspace
counterattacks. The Army uses a defense-in-depth approach, utilizing software; such as anti-virus and anti-malware programs,
monitoring hardware and software, network sensors, intrusion prevention, and physical security to mitigate technical risks. These
are effective when all elements are implemented and updated regularly.

POLICY RISKS
1-82. Policy risk pertains to authorities, legal guidance, and international law. Policies address cyberspace boundaries, authorities,
and responsibilities. Commanders and decision makers must perform risk assessments and consider known probable cascading
and collateral effects due to overlapping interests between military, civil, government, private, and corporate activities on shared
networks in cyberspace. Policies, the United States Code (USC), Uniform Code of Military Justice, regulations, publications,
operation orders, and standard operating procedures all constitute a body of governance for making decisions about activities in
cyberspace.
1-83. Risk occurs where policy fails to address operational necessity. For example, due to policy concerns, an execution order or
applicable rules of engagement may limit cyberspace operations to only those operations that result in no or low levels of collateral
effects. A collateral effects analysis to meet policy limits is distinct from the proportionality and necessity analysis required by the
law of war. Even if a proposed cyberspace operation is permissible after a collateral effects analysis, the proposed cyberspace
operation must determine a legitimate military objective also be permissible under the law of war.
1-84. Policy risk applies to risk management under civil or legal considerations. An OCO mission requested by an Army unit may
pose risk to host nation civilians and noncombatants in an operational environment where a standing objective is to minimize
collateral damage. During the course of a mission, it may be in the Army's best interest for host nation populations to be able to
perform day-to-day activities. Interruptions of civil networks may present hazards to Army networks and pose dangers to Army
forces because of social impacts that lead to riots, criminal activity, and the emergence of insurgent opportunists seeking to exploit
civil unrest.

OPERATIONS SECURITY RISKS


1-85. Cyberspace provides a venue for operations security risks. The Army depends on security programs and cybersecurity
training to mitigate the operations security risks. Commanders emphasize and establish operations security programs to mitigate
the risks. Operations security measures include actions and information on the DODIN and non-DODIN information systems and
networks. All personnel are responsible for protecting sensitive and critical information. (See AR 530-1 for information about

operations security.) Note. See AR 530-1 for information about operations security.

THREATS IN CYBERSPACE
1-86. The Army faces multiple, simultaneous, and continuous threats in cyberspace. A threat is any combination of actors, entities,
or forces that have the capability and intent to harm the United States forces, United States national interests, or the homeland
(ADRP 3-0). Threats include state and non-state actors, criminals, insider threats, and the unwitting individuals who intend no
malice. These diverse threats have disparate agendas, alliances, and range of capabilities. Enemies and adversaries employ
regular and irregular forces and use an ever-changing variety of conventional and unconventional tactics. Risks from insiders may
be malicious or cause damage unintentionally. Insider risks include non-compliance of policies and regulations, causing
vulnerabilities on the network. Table 1-1 on page 1-21 lists sample threat capabilities with examples of methods, indicators, and
first order effects.

Table 1-1. Sample cyberspace and electronic warfare threat capabilities


Capability Methods Indicators First-order effects
Abnormal network
performance, inability to
Denial of service attack navigate web and access
whel sites, uncontrolled spam, and
a system reboots
Degraded network
e, capabilities ranging
r, or from limited
operational planning
ork to total denial of use
with Degraded network
to capabilities ranging
ume from limited
rces operational planning
nting to total denial of use
mate Degraded network
capabilities ranging
Abnormal network performance, from limited
inability to navigate web and operational planning
access sites, uncontrolled spam, to total denial of use
and system reboots
Network site to site, requests
penetrat to upgrade and
ion validate information,
- and unknown links
Unfamiliar e-mails,
official looking
addresses requiring
urgent reply,
internet protocol
, packets replaced,
non-legitimate
pages with the look
ed of legitimate sites,
directed moves from
site to site, requests
s to upgrade and
oor validate information,
and unknown links
Uncontrolled
Unfamiliar e-mails, access to
official looking networks,
addresses requiring manipulation of
urgent reply, networks leading to
internet protocol degraded or
packets replaced, compromised
non-legitimate capabilities that
pages with the look deny situational
of legitimate sites, awareness or theft
directed moves from of data
Uncontrolled spyware, and
access to rootkits)
networks,
Phishing,
manipulation
spear- of
networks
phishing,
leading to
degraded
pharming, or
compromised
insider threat
capabilities
introduction,
that
deny open- situational
source
awareness
automation
or theft
of dataservices, victim
Uncontrolled
activated
accessthrough drive- to
networks,
by downloads
manipulation
and victim
of
networks
emplaced
leading to
data
degraded
storage or
compromised
devices
capabilities that Pop-ups, erroneous
deny situational error reports,
awareness or theft planted removable
of data storage media,
unknown e- mail
attachments,
changed passwords
without user
Emplaced knowledge,
malware automatic
(virus, worms downloads,
unknown apps, and degrading system
degraded network performance
Pop-ups, erroneous Spyware and
error reports, malware on
planted removable affected systems
storage media, allow electronic
unknown e- mail reconnaissance,
attachments, manipulation, and
changed passwords degrading system
without user performance
knowledge,
automatic
downloads,
unknown apps, and Disrupt or
degraded network deny
Spyware and information
malware on systems in the
affected systems EMS
allow Prevent
electronic
friendly
reconnaissance,
antennas and
manipulation, from
receiving
degrading data
system
transmitted in
performance
Spywarethe EMSandby
malwareusing military
on
or systems
affected
allow commercially
electronic
available high-
reconnaissance,
powered and
manipulation,
high data
Degraded or
s, complete denial of
service in ability to
d or control the EMS
eered denying situational
ation awareness and
degrading
Symptoms may not operational planning
be evident if Degraded or
passive; may complete denial of
manifest as service in ability to
transmission control the EMS
interference, denying situational
software or awareness and
hardware degrading
malfunctions, or the operational planning
inability to transmit Degraded or
data complete denial of
Symptoms may not service in ability to
be evident if control the EMS
passive; may denying situational
manifest as awareness and
transmission degrading
interference, operational planning
software or
hardware
malfunctions, or the
inability to transmit
AUTHORITIES

1-87. The United States Constitution establishes the authority of the President as Commander in Chief of
the Armed Forces and gives authority for Congress to fund and regulate the Armed Forces. The President,
as Commander in Chief commands the missions of the Armed Forces and, according to the laws passed by
Congress, administers the Armed Forces.
1-88. Army Commanders conduct cyberspace operations and EW when directed by the orders of the
President of the United States, the Secretary of Defense, and Combatant Commanders designated to
conduct operations on behalf of the President. These orders are issued under the President’s authority from
Article II, United States Constitution, in consideration of the Bill of Rights, other executive orders,
presidential policy, DOD and DA regulations, U.S. Treaty obligations, and other laws (including funding
appropriations) passed by Congress.

1-89. Within this legal framework, Army forces conduct cyberspace and EW operations as authorized
through Execute Orders (EXORDs); Operations Orders; Rules of Engagement; and the policies directed by
the Secretary of Defense and the Combatant Commanders.
1-90. Army forces conduct cyberspace operations and EW as part of the joint force. Army forces may
conduct OCO, DCO, and EW with Army force organic or joint requested effects to support the joint
commander’s intent. (See JP 3-12(R), Cyberspace Operations and JP 3-13.1, Electronic Warfare for more
information.) United States Strategic Command has overall responsibility for directing DODIN operations
and defense, which has been delegated to the Commander, U.S. Cyber Command for execution. U.S. Army
Cyber Command (ARCYBER) and Second Army conduct DODIN operations and DCO within Army
networks, and when directed, within other DOD and non-DOD networks.
1-91. Army forces conduct operations directed by the President while adhering to appropriations,
authorizations, and statutes of the USC by Congress. These statutes cover wide areas of law including
domestic security, the regulation of the Armed Forces, Federal crimes, the National Guard, information
technology acquisition and service, electromagnetic spectrum management, and intelligence.
1-92. Domestic Security, USC Title 6. Establishes responsibilities for information analysis and infrastructure
protection, chief information officers, and cybersecurity oversight. USC Title 6 responsibilities include
comprehensive assessments of key resources, critical infrastructure vulnerabilities, and identifying priorities
for protective and supportive measures regarding threats. (For more information, see U.S. Code Title 6.)
1-93. The Armed Forces, USC Title 10, Enables the Army to organize, train, equip, and provide land,
cyberspace operations, and EW units and headquarters. USC Title 10 authorities and restrictions provide
context and foundation for how the Secretary of Defense directs military cyberspace operations, EW, and
military intelligence operations.
1-94. Crimes and Criminal Procedure, USC Title 18. Army forces conduct cyberspace operations and EW in
compliance with Federal law and takes measures to ensure operations respect the rights of persons against
unlawful searches and seizures pursuant to the 4th Amendment. Coordination with the Army Criminal
Investigation Division ensures appropriate investigation of criminal activity on the DODIN under Title 18
authorities. USC Title 18 includes those crimes conducted in cyberspace.
1-95. The National Guard, USC Title 32. National Guard units are state military units which are equipped
and trained pursuant to Federal statutory authorization. The National Guard, may conduct missions for their
state, but paid for by the Federal government under USC Title 32, if the Secretary of Defense determines
the mission is in the interests of the DOD.
1-96. Information Technology Acquisition, USC Title 40, Ch. 113, is applicable to the Army and all Federal
agencies. USC Title 40 establishes the responsibilities of the agency heads and agency chief information
officers and guidance for acquisition of information technology.
1-97. USC Title 44, Public Printing and Documents, establishes responsibilities of agency heads for
statutory requirements and authority for ensuring information security and information resource
management. This includes information security in cyberspace.
1-98. Telecommunications, USC Title 47, prescribes the statutory requirements and authority for access to,
and use of, the EMS within the United States and Possessions to Federal agencies. The chief information
officer/assistant chief of staff, signal (G-6), as outlined in AR 5-12, implements national, international, DOD,
joint, host nation, and Headquarters, Department of the Army spectrum management policies and guidance
throughout the Army. In this capacity, the chief information officer/G-6 ensures compliance with 47 USC as
well as other applicable Federal, DOD, and military department EMS governance and policy to minimize
radio frequency interference at DOD and Service test ranges and installations for activities such as GPS
testing and EA clearances for training, testing, and evaluating.
1-99. War and National Defense, USC Title 50, provides authorities concerning the conduct of both military
and intelligence activities of the U.S. Government. Intelligence activities conducted by the U.S. Government
must be properly authorized, conform to the U.S. Constitution, and be conducted under presidential
authority. Executive Order 12333, establishes the framework and organization of the intelligence community
as directed by the President of the United States. For example, the order directs the NSA as the lead for
signals intelligence. DOD policy documents, including DoD Manual 5240.01, “DoD Intelligence Activities,”
establish DOD policy for the conduct of intelligence operations.
1-100. The Army strictly limits and controls collection of information on U.S. persons and collection in the
United States. AR 381-10 identifies the types, means, and limitations concerning collection retention and
dissemination of information in the United States and on U.S. persons. This regulation applies to cyberspace
within the boundaries of the United States and U.S. persons abroad. Table 1-2 on page 1-24 provides more
information on authorities in cyberspace.
11 April 2017 FM 3-12 1-23
Chapter 1
Table 1-2. United States Code-based authorities
United States Code (USC)
1-24 FM 3-12 11 April 2017
Title Key Focus Principal
Organization
Role in Cyberspace
Title 6
Domestic Security
Homeland Security Department of
Homeland Security
Security of U.S. government portion of cyberspace
Title 10
Armed Forces
National Defense Department of
Defense
Man, train, and equip, U.S. forces to conduct military operations in cyberspace
Title 18
Crimes and Criminal Procedures
Federal Offenses Department of Justice Crime prevention,
apprehension, and prosecution of criminals operating in cyberspace Title 32 National
Guard
National defense and DSCA training and operations in the U.S.
Army National Guard, Air National Guard
Domestic consequence management when in a Title 32 status Title 40 Public
Buildings, Property, and Works
Chief Information Officer roles and responsibilities
All federal departments and agencies
Establish and enforce standards for acquisition and security of information technologies Title 44 Public
Printing and Documents
All federal agencies All federal
departments and agencies
Information security and information resource management Title 47 Telecom-
munications
All federal agencies All federal
departments and agencies
Use of the electromagnetic spectrum
Title 50 War and National Defense
A broad spectrum of military, foreign intelligence, and counterintelligence activities
Commands, Services, and agencies under the Department of Defense and intelligence community agencies
aligned under the Office of the Director of National Intelligence
Secure U.S. interests by conducting military and foreign intelligence operations in cyberspace
Cyberspace and Electronic Warfare Operations Fundamentals
SECTION III – ELECTRONIC WARFARE OPERATIONS
1-101. This section includes fundamental information about EW including EA, EP, ES, and considerations
for employment.

ELECTROMAGNETIC SPECTRUM OPERATIONS


1-102. EMSO are comprised of EW and SMO. The importance of the EMS and its relationship to the
operational capabilities of the Army is the focus of EMSO. EMSO include all activities in military operations
to successfully control the EMS. Figure 1-8 illustrates EMSO and how they relate to SMO and EW.
Figure 1-8. Electromagnetic spectrum operations

ELECTRONIC WARFARE
1-103. Electronic warfare refers to military action involving the use of electromagnetic and directed energy to
control the electromagnetic spectrum or to attack the enemy (JP 3-13.1). EW capabilities enable Army
forces to create conditions and effects in the EMS to support the commander’s intent and concept of
operations. EW includes EA, EP, and ES and includes activities such as electromagnetic jamming,
electromagnetic hardening, and signal detection, respectively. EW affects, supports, enables, protects, and
collects on capabilities operating within the EMS, including cyberspace capabilities. (See figure 1-9 on page
1-26.) With proper integration and deconfliction, EW can create reinforcing and complementary effects by
affecting devices that operate in and through wired and wireless networks. Throughout this document, the
term EW operations refers to planning, preparing, execution, and continuous assessment of the electronic
warfare activities of an operation. The term EMSO indicates the addition of those operationally related
spectrum management operations activities.
Figure 1-9. Electronic warfare missions

ELECTRONIC ATTACK
1-104. EA involves the use of electromagnetic energy, directed energy, or anti-radiation weapons to attack
personnel, facilities, or equipment with the intent of degrading, neutralizing, or destroying enemy combat
capability and is considered a form of fires. EA includes—
● Actions taken to prevent or reduce an enemy's effective use of the EMS.
● Employment of weapons that use either electromagnetic or directed energy as their primary
destructive mechanism.
● Offensive and defensive activities, including countermeasures.

1-105. EA includes using weapons that primarily use electromagnetic or directed energy for destruction.
These can include lasers, radio frequency weapons, and particle beams. Directed energy is an umbrella
term covering technologies that relate to the production of a beam of concentrated electromagnetic energy
or atomic or subatomic particles (JP 3-13.1). In EW, most directed-energy applications fit into the category of
EA. A directed-energy weapon uses electromagnetic energy to damage or destroy an enemy's equipment,
facilities, and/or personnel. In addition to destructive effects, directed-energy weapon systems support area
denial and crowd control.
1-106. Army operations use offensive and defensive tasks for EA. Examples of offensive EA include—
● Jamming electronic command and control or enemy radar systems.
● Using anti-radiation missiles to suppress enemy air defenses (anti-radiation weapons use radiated
energy emitted from a target as the mechanism for guidance onto the target).
● Using electronic deception to provide false information to enemy ISR systems.
● Using directed-energy weapons to deny, disrupt, or destroy equipment or capabilities.
1-107. Defensive EA uses the EMS to protect personnel, facilities, capabilities, and equipment. Examples
include self-protection and other protection measures such as the use of expendables (flares and active
decoys), jammers, towed decoys, directed-energy infrared countermeasures, and counter radio-controlled
improvised explosive device systems.

ELECTRONIC ATTACK ACTIONS


1-108. Actions related to EA are either offensive or defensive. Though they are similar actions and
capabilities, they differ in purpose. Defensive EA protects friendly personnel and equipment or platforms.
Offensive EA denies, disrupts, or destroys enemy capability. EA actions include—
● Countermeasures.
● Electromagnetic deception.
● Electromagnetic intrusion.
● Electromagnetic jamming.
● Electronic probing.
● Electromagnetic pulse.

Countermeasures
1-109. Countermeasures are that form of military science that, by the employment of devices and/or
techniques, has as its objective the impairment of the operational effectiveness of enemy activity (JP 3-
13.1). They can be deployed preemptively or reactively. Devices and techniques used for EW
countermeasures include electro-optical-infrared countermeasures and radio frequency countermeasures.
1-110. Electro-optical-infrared countermeasures consist of a device or technique employing electro- optical-
infrared materials or technology that is intended to impair the effectiveness of enemy activity, particularly
with respect to precision guided weapons and sensor systems (JP 3-13.1). Electro-optical-infrared
countermeasures may use laser jammers, obscurants, aerosols, signature suppressants, decoys,
pyrotechnics, pyrophorics, high-energy lasers, or directed infrared energy countermeasures.
1-111. Radio frequency countermeasures are any device or technique employing radio frequency materials
or technology that is intended to impair the effectiveness of enemy activity, particularly with respect to
precision-guided weapons and sensor systems (JP 3-13.1). Radio frequency countermeasures can be
active or passive. Expendable jammers used by aircraft to defend against precision guided surface-to-air
missile systems are an example of radio frequency countermeasures.

Electromagnetic Deception
1-112. Electromagnetic deception is the deliberate radiation, re-radiation, alteration, suppression,
absorption, denial, enhancement, or reflection of electromagnetic energy in a manner intended to convey
misleading information to an enemy or to enemy electromagnetic-dependent weapons, thereby degrading or
neutralizing the enemy’s combat capability. Types of electromagnetic deception include manipulative,
simulative, and imitative. Manipulative involves actions to eliminate revealing, or convey misleading,
electromagnetic telltale indicators that may be used by hostile forces. Simulative involves actions to simulate
friendly, notional, or actual capabilities to mislead hostile forces. Imitative introduces electromagnetic energy
into enemy systems that imitates enemy emissions.

Electromagnetic Intrusion
1-113. Electromagnetic intrusion is the intentional insertion of electromagnetic energy into transmission
paths in any manner, with the objective of deceiving operators or of causing confusion (JP 3-13.1).
Electromagnetic intrusion is often conducted by inserting false information. This information may consist of
voice instructions, false targets, coordinates for fire missions, or rebroadcasting prerecorded data
transmissions.

Electromagnetic Jamming
1-114. Electromagnetic jamming is the deliberate radiation, reradiation, or reflection of electromagnetic
energy for the purpose of preventing or reducing an enemy’s effective use of the electromagnetic spectrum,
and with the intent of degrading or neutralizing the enemy’s combat capability (JP 3-13.1). Examples of
targets subject to jamming include radios, radars, navigational aids, satellites, and electro-optics.

Electronic Probing
1-115. Electronic probing is intentional radiation designed to be introduced into the devices or systems of
potential enemies for the purpose of learning the functions and operational capabilities of the devices or
systems (JP 3-13.1). This activity is coordinated through joint or interagency channels and supported by
Army forces.

Electromagnetic Pulse
1-116. Electromagnetic pulse is the electromagnetic radiation from a strong electronic pulse, most
commonly caused by a nuclear explosion that may couple with electrical or electronic systems to produce
damaging current and voltage surges (JP 3-13.1). An electromagnetic pulse induces high currents and
voltages in the target system, damaging electrical equipment or disrupting its function. An indirect effect of
an electromagnetic pulse can be electrical fires caused by the heating of electrical components.

ELECTRONIC PROTECTION
1-117. EP involves actions taken to protect personnel, facilities, and equipment from any effects of friendly
or enemy use of the EMS that degrade, neutralize, or destroy friendly combat capability. For example, EP
includes actions taken to ensure friendly use of the EMS, such as frequency agility in a radio or variable
pulse repetition frequency in radar. Commanders should avoid confusing EP with self-protection. Both
defensive EA and EP protect personnel, facilities, capabilities, and equipment. However, EP protects from
the effects of EA (friendly and enemy) and electromagnetic interference, while defensive EA primarily
protects against lethal attacks by denying enemy use of the EMS to guide or trigger weapons.
1-118. During operations, EP includes, but is not limited to, the application of training and procedures for
countering enemy EA. Army commanders and forces understand the threat and vulnerability of friendly
electronic equipment to enemy EA and take appropriate actions to safeguard friendly combat capability from
an exploitation and attack. EP measures minimize the enemy's ability to conduct ES and EA operations
successfully against friendly forces. To protect friendly combat capabilities, units—
● Regularly brief friendly force personnel on the EW threat.
● Safeguard electronic system capabilities during exercises and pre-deployment training.
● Coordinate and deconflict EMS usage.
● Limit the EMS signatures to reduce adversary ability to locate nodes.
● Provide training during routine home station planning and training activities on appropriate EP active
and passive measures under normal conditions, conditions of threat EA, or otherwise degraded
networks and systems.
● Take appropriate actions to minimize the vulnerability of friendly receivers to enemy jamming (such as
reduced power, brevity of transmissions, and directional antennas).

● Ensure redundancy in systems is maintained and personnel are well-versed in switching between
systems.
1-119. EP also includes spectrum management. A spectrum manager works for the assistant chief of staff,
signal G-6 (S-6) and for the cyberspace planner in the CEMA Section. The spectrum manager is key in the
coordination and deconfliction of spectrum resources allocated to the force. Spectrum managers or their
direct representatives participate in the planning for EW operations.
1-120. The development and acquisition of communications and EMS dependent systems includes EP
requirements to clarify performance parameters. Army forces design their equipment to limit inherent
vulnerabilities. If EA vulnerabilities are detected, then units must review these programs. (See DODI
4650.01 for information on the certification of spectrum support and electromagnetic compatibility.)

ELECTRONIC PROTECTION ACTIONS


1-121. There are several actions related to EP. They include—
● Electromagnetic compatibility.
● Electromagnetic hardening.
● Electronic masking.
● EMS management.
● Emission control.
● Wartime reserve modes.

Electromagnetic Compatibility
1-122. Electromagnetic compatibility is the ability of systems, equipment, and devices that use the
electromagnetic spectrum to operate in their intended environments without causing or suffering
unacceptable or unintentional degradation because of electromagnetic radiation or response (JP 3-13.1). It
involves the application of sound EMS management; system, equipment, and device design configuration
that ensures interference-free operation. It also involves clear concepts and doctrines that maximize
operational effectiveness.

Electromagnetic Hardening
1-123. Electromagnetic hardening consists of action taken to protect personnel, facilities, and/or equipment
by blanking, filtering, attenuating, grounding, bonding, and/or shielding against undesirable effects of
electromagnetic energy (JP 3-13.1). Electromagnetic hardening is accomplished by using a comprehensive
shielding of sensitive components and by using non-electrical channels for the transfer of data and power.

Electromagnetic Spectrum Management


1-124. Electromagnetic spectrum management is planning, coordinating, and managing use of the
electromagnetic spectrum through operational, engineering, and administrative procedures (JP 6-01). The
objective of spectrum management is to enable electronic systems to perform their functions in the intended
environment without causing or suffering unacceptable interference.
Electronic Masking
1-125. Another task of electronic protection is electronic masking. Electronic masking is the controlled
radiation of electromagnetic energy on friendly frequencies in a manner to protect the emissions of friendly
communications and electronic systems against enemy electronic warfare support measures/SIGINT without
significantly degrading the operation of friendly systems (JP 3-13.1).

Emission Control
1-126. Emission control is the selective and controlled use of electromagnetic, acoustic, or other emitters to
optimize command and control capabilities while minimizing, for operations security: a. detection by enemy
sensors; b. mutual interference among friendly systems; and/or c. enemy interference with the ability
identifying, and locating friendly forces. It is also used to minimize electromagnetic interference among
friendly systems.

Wartime Reserve Modes


1-127. Wartime reserve modes are characteristics and operating procedures of sensors, communications,
navigation aids, threat recognition, weapons, and countermeasures systems that will contribute to military
effectiveness if unknown to or misunderstood by opposing commanders before they are used, but could be
exploited or neutralized if known in advance (JP 3-13.1). Wartime reserve modes are deliberately held in
reserve for wartime or emergency use and seldom employed outside of conflict.

ELECTRONIC WARFARE SUPPORT


1-128. ES involves actions tasked by, or under direct control of, an operational commander to search for,
intercept, identify, and locate or localize sources of intentional and unintentional radiated electromagnetic
energy for the purpose of immediate threat recognition, targeting, planning, and conduct of future operations
ES enables U.S. forces to identify the electromagnetic vulnerability of an enemy’s or adversary’s electronic
equipment and systems. Friendly forces take advantage of these vulnerabilities through EW operations.
1-129. ES systems are a source of information for immediate decisions involving EA, EP, avoidance,
targeting, and other tactical employment of forces. ES systems collect data and produce information to—
● Corroborate other sources of information or intelligence.
● Conduct or direct EA operations.
● Create or update EW databases.
● Initiate self-protection measures.
● Support EP efforts.
● Support information related capabilities.
● Target enemy or adversary systems.

1-130. ES and SIGINT missions may use the same or similar resources. The two differ in the intent, the
purpose for the task, the detected information’s intended use, the degree of analytical effort expended, the
detail of information provided, and the timelines required. ES missions respond to the immediate
requirements of a tactical commander or to develop information to support future cyberspace or EW
operations. (See ADRP 2-0 and FM 2-0 for more information on SIGINT.)

ELECTRONIC WARFARE SUPPORT ACTIONS


1-131. There are several actions related to ES. They include—
● Electronic intelligence.
● Electronic reconnaissance.
● Electronics security.

Electronic Intelligence
1-132. Electronic intelligence is technical and geolocation intelligence derived from foreign
noncommunications electromagnetic radiations emanating from other than nuclear detonations or
radioactive sources (JP 3-13.1). Electronic intelligence is a subcomponent of SIGINT. Examples of
noncommunications electromagnetic radiations include radars, surface-to-air missile systems, and aircraft.

Electronic Reconnaissance
1-133. Electronic reconnaissance is the detection, location, identification, and evaluation of foreign
electromagnetic radiations (JP 3-13.1). Electronic reconnaissance is used to update and maintain the threat
characteristics information. The threat electronic characteristics information is used in the planning and
integrating processes.

Electronics Security
1-134. Electronics security is the protection resulting from all measures designed to deny unauthorized
persons information of value that might be derived from their interception and study of noncommunications
electromagnetic radiations, e.g., radar (JP 3-13.1). Examples of electronics security are EMS mitigation and
network protection.

Note. See JP 3-13.1 and ATP 3-36 for additional information on EW capabilities, tasks, and
techniques.

ELECTROMAGNETIC INTERFERENCE
1-135. Electromagnetic interference is any electromagnetic disturbance, induced intentionally or
unintentionally, that interrupts, obstructs, or otherwise degrades or limits the effective performance of
electronics and electrical equipment (JP 3-13.1). It can be induced intentionally, as in some forms of EW, or
unintentionally, because of spurious emissions and responses, intermodulation products, and other similar
products.

ELECTRONIC WARFARE REPROGRAMMING


1-136. Electronic warfare reprogramming is the deliberate alteration or modification of electronic warfare or
target sensing systems, or the tactics and procedures that employ them, in response to validated changes in
equipment, tactics, or the electromagnetic environment (JP 3-13.1). These changes may be the result of
deliberate actions on the part of friendly, enemy, adversary, third parties, or they may be brought about by
electromagnetic interference or other inadvertent phenomena. The purpose of EW reprogramming is to
maintain or enhance the effectiveness of EW and target sensing system equipment. Electronic warfare
reprogramming includes changes to self-defense systems, offensive weapons systems, ES, and intelligence
collection systems. Joint and multinational coordination of Service reprogramming efforts ensures friendly
forces consistently identify, process, and implement reprogramming requirements. (For more information on
EW reprogramming, see ATP 3-13.10.)

EMPLOYMENT CONSIDERATIONS
1-137. EW has specific ground-based, airborne, and functional (EA, EP, or ES) employment considerations.
The electronic warfare officer (EWO) ensures EW-related employment considerations are properly
articulated early in the operations process. Each capability employed has certain advantages and
disadvantages which are considered during the course of action development in the MDMP before selecting
the best course of action. The staff plans for these before executing EW operations.

GROUND-BASED ELECTRONIC WARFARE CONSIDERATIONS


1-138. Ground-based EW capabilities support the commander’s scheme of maneuver. Ground-based EW
equipment can be employed by a dismounted Soldier or on highly mobile platforms. Due to the short-range
nature of tactical signals direction finding, EA assets are normally located in the forward areas of the
battlefield, with or near forward units.
1-139. Ground-based EW capabilities have certain advantages. They provide direct support to maneuver
units (for example, through counter-radio-controlled improvised explosive device and communications or
sensor jamming). Ground-based EW capabilities support continuous operations and respond quickly to EW
requirements of the ground commander. To maximize the effectiveness of ground-based EW capabilities,
maneuver units must understand the associated EMS signature and protect EW assets from enemy ground
and aviation threats. EW equipment should be as survivable and mobile as the force it supports. Maneuver
units must logistically support the EW assets, and supported commanders must clearly identify EW
requirements.

1-140. Ground-based EW capabilities have certain limitations. They are vulnerable to enemy attack and can
be masked by terrain. They are vulnerable to enemy geolocation, electromagnetic deceptive measures, and
EP actions. In addition, they have distance or propagation limitations against enemy electronic systems.

AIRBORNE ELECTRONIC WARFARE CONSIDERATIONS


1-141. While ground-based and airborne EW planning and execution are similar, they significantly differ in
their EW employment time. Airborne EW operations are performed at much higher speeds and generally
have a shorter duration than ground-based operations. The timing of airborne EW support requires detailed
planning.
1-142. Airborne EW requires the following—
● A clear understanding of the supported commander’s EW objectives.
● Detailed planning and integration.
● Ground support facilities.
● Liaisons between the aircrews of the aircraft providing the EW support and the aircrews or ground
forces being supported.
● Protection from enemy aircraft and air defense systems.

1-143. Airborne EW capabilities have certain advantages. They can provide direct support to other tactical
aviation missions such as suppression of enemy air defenses, destruction of enemy air defenses, and
employment of high-speed anti-radiation missiles. They can provide extended range over ground-based
assets. Airborne EW capabilities can provide greater mobility and flexibility than ground-based assets. In
addition, they can support ground-based units in beyond line-of-sight operations.
1-144. The various airborne EW assets have different capabilities. The limitations associated with airborne
EW capabilities are—
● Time-on-station.
● Vulnerability to enemy EP actions.
● Electromagnetic deception techniques.
● Geolocation by enemy and adversary forces.
● Limited assets (support from nonorganic EW platforms need to be requested).

ELECTRONIC ATTACK CONSIDERATIONS


1-145. EA includes both offensive and defensive activities. These activities differ in their purpose. Defensive
EA protects friendly personnel and equipment or platforms. Offensive EA denies, disrupts, or destroys
enemy or adversary capability. Considerations for planning or employing EA include—
● Integration with the scheme of maneuver and other effects.
● Persistency of effect.
● Intelligence collection.
● Friendly communications.
● EMS signatures allowing enemy and adversary geolocation, and targeting by threats.
● Non-hostile local EMS use.
● Hostile intelligence collection.

1-146. The EWO; the assistant chief of staff, intelligence (G-2/S-2); the assistant chief of staff, operations G-
3 (S-3); G-6 (S-6); the spectrum manager; and the IO officer coordinate closely to avoid friendly
communications interference that can occur when using EW systems on the battlefield. Coordination
ensures that EA systems frequencies are properly deconflicted with friendly communications and
intelligence collection systems or that ground maneuver and friendly information tasks are modified
accordingly.
1-147. The number of information systems, EW systems, and sensors operating simultaneously on the
battlefield makes deconfliction with communications systems a challenge. The EWO, the G-2 (S-2), the G- 6
(S-6), and the spectrum manager plan and rehearse deconfliction procedures to quickly adjust their use of
EW or communications systems.

1-148. EA operations depend on EW support and intelligence, especially SIGINT to provide targeting
information and battle damage assessment. However, not all intelligence collection is focused on supporting
EW. If not properly coordinated with the G-2 (S-2) staff, EA operations may impact intelligence collection
significantly deterring the ability to answer information requirements. In situations where a known conflict
between the intelligence collection effort and the use of EA exists, the EW working group brings the problem
to the G-3 (S-3) for resolution.
1-149. EA supports unified land operations. Integrating EA with the scheme of maneuver is critical to ensure
units fully exploit the effects delivered against enemy or adversary forces. The limited duration of these
effects require close coordination and synchronization between EW assets and forces and the supported
maneuver forces.
1-150. Other operations rely on the EMS. For example, a given set of frequencies may be used for IO to
broadcast messages or cyberspace operations for wireless communications. In both examples, the use of
EA could unintentionally interfere with such operations if not properly coordinated. To ensure EA does not
negatively impact planned operations, the EWO coordinates between fires, DODIN operations, and other
functional or integrating sections, as required.
1-151. EA can adversely affect local media, communications systems, and infrastructure. Planners should
consider unintended consequences of EW operations and deconflict these operations with the various
functional or integrating cells. For example, friendly jamming could potentially deny the functioning of
essential services such as ambulance or fire fighters to a local population. EWOs routinely synchronize EA
with the other functional or integrating cells responsible for the information tasks. In this way, they ensure
that EA efforts do not cause fratricide or unacceptable collateral damage to their intended effects.
1-152. The potential for hostile intelligence collection also affects EA. An enemy or adversary can detect
friendly EW capabilities and thus gain intelligence on friendly force intentions. For example, the frequencies
Army forces jam could indicate where they believe the enemy’s capabilities lie. The EWO and the G-2 (S- 2)
develop an understanding of the enemy’s collection capability. Along with the red team (if available), they
determine what the enemy might gain from friendly force use of EA. A red team is an organizational element
comprised of trained and educated members that provide an independent capability to fully explore
alternatives in plans and operations in the context of the operational environment and from the perspective
of enemies, adversaries, and others (JP 2-0).
1-153. The primary effects of jamming only persist when the jammer is within range of the target and
emitting. Secondary and tertiary effects of jamming are evident in the actions of the enemy or adversary
following the EA mission.

ELECTRONIC PROTECTION CONSIDERATIONS


1-154. EP is achieved through physical security, communications security measures, system technical
capabilities (such as frequency hopping and shielding of electronics), spectrum management, and emission
control procedures. The EW working group must consider the following key functions when planning for EP
operations—
● Vulnerability analysis and assessment.
● EP measures and how they affect friendly capabilities.

Vulnerability Analysis and Assessment


1-155. Vulnerability analysis and assessment is the basis for formulating EP plans. The Defense Information
Systems Agency conducts vulnerability analysis and assessment, focusing on automated information
systems.

Electronic Protection Measures Affects


1-156. EP includes any measure taken to protect the force from hostile EA. EP measures can also limit
friendly capabilities or operations. For example, denying frequency usage to counter-radio-controlled
improvised-explosive-device EW systems on a given frequency to preserve it for a critical friendly
information system could leave friendly forces vulnerable to certain radio-controlled improvised explosive
devices. The EWO and the G-6 (S-6) carefully consider these second-order effects when advising the G-3
(S-3) regarding EP measures.

ELECTRONIC WARFARE SUPPORT CONSIDERATIONS


1-157. Whether an asset is performing a SIGINT or EW support mission depends on mission purpose and
intent. Operational commanders task assets to conduct EW support for the purpose of immediate threat
recognition, targeting, future plans, and other tactical actions. The EWO coordinates with the G-2 (S-2) to
ensure EW support needed for planned EW operations is identified and submitted to the G-3 (S-3) for
commander approval. In cases where EA actions may conflict with the G-2 (S-2) intelligence collection
efforts, the G-3 (S-3) or commander decides which has priority. The EWO and the G-2 (S-2) develop a
structured process within each echelon for conducting this intelligence gain-loss calculus during mission
rehearsal, exercises, and pre-deployment preparation, providing the commander with the intelligence and
operational gain-loss considerations in order to enable a decision on which activity to prioritize.

ELECTRONIC WARFARE REPROGRAMMING CONSIDERATIONS


1-158. EW reprogramming refers to modifying friendly EW or target sensing systems in response to
validated changes in enemy equipment and tactics or the electromagnetic environment. Each Service or
organization is responsible for its respective EW reprogramming support programs. During joint operations,
swift identification and reprogramming efforts are critical in a rapidly evolving hostile situation. The key
consideration for EW reprogramming is joint coordination. (For more information on EW reprogramming, see
ATP 3-13.10.)

SPECTRUM MANAGEMENT
1-159. Spectrum management is the operational, engineering, and administrative procedures to plan,
coordinate, and manage use of the electromagnetic spectrum and enables cyberspace, signal and EW
operations. Spectrum management includes frequency management, host nation coordination, and joint
spectrum interference resolution. Spectrum management enables spectrum-dependent capabilities and
systems to function as designed without causing or suffering unacceptable electromagnetic interference.
Spectrum management provides the framework to utilize the electromagnetic spectrum in the most effective
and efficient manner through policy and procedure.

SPECTRUM MANAGEMENT OPERATIONS FUNCTIONS


1-160. SMO are the interrelated functions of spectrum management, frequency assignment, host nation
coordination, and policy that together enable the planning, management, and execution of operations within
the electromagnetic operational environment during all phases of military operations. The SMO functional
area is ultimately responsible for coordinating EMS access among civil, joint, and multinational partners
throughout the operational environment. The conduct of SMO enables the commander’s effective use of the
EMS. The spectrum manager at the tactical level of command is the commander’s principal advisor on all
spectrum related matters.
1-161. The conduct of SMO enables and supports the execution of cyberspace operations and EW. SMO
are critical to spectrum dependent devices such as air defense radars, navigation, sensors, EMS using
munitions, manned and unmanned systems of all types (ground and air, radar, sensor), and all other
systems that use the EMS. The overall objectives of SMO are to enable these systems to perform their
functions in the intended environment without causing or suffering unacceptable electromagnetic
interference.
1-162. SMO are normally performed by trained spectrum managers from the battalion through Army
component level. SMO are largely hierarchal processes. SMO requirements are requested from lower
echelons, but EMS resources are allocated from higher echelons.
1-163. Understanding the SMO process in planning, managing, and employing EMS resources is a critical
enabler for cyberspace and EW operations. SMO provides the resources necessary for the implementation
of the wireless portion of net-centric warfare (see ATP 6-02.70).

ELECTRONIC WARFARE COORDINATION


1-164. The spectrum manager should be an integral part of all EW planning. The SMO assists in the
planning of EW operations by providing expertise on waveform propagation, signal, and radio frequency
theory for the best employment of friendly communication systems to support the commander’s objectives.
The advent of common user “jammers” has made this awareness and planning critical for the spectrum
manager. In addition to jammers, commanders and staffs must consider non-lethal weapons that use
electromagnetic radiation. Coordination for EW will normally occur in the CEMA section. It may occur in the
EW cell if it is operating under a joint construct or operating at a special echelon.
1-165. Although in some respects the functions of the EWO and the spectrum manager appear similar, they
differ in that the spectrum manager is concerned with the proper operation of friendly spectrum dependent
devices, while the EWO is the expert on threat EW capabilities and their effects on operations and works to
protect the EMS for friendly forces while denying the enemy use of the EMS.

FREQUENCY INTERFERENCE RESOLUTION


1-166. Interference is the radiation, emission, or indication of electromagnetic energy (either intentionally or
unintentionally) causing degradation, disruption, or complete obstruction of the designated function of the
electronic equipment affected. The reporting end user is responsible for assisting the spectrum manager in
tracking, evaluating, and resolving interference. Interference resolution is performed by the spectrum
manager at the echelon receiving the interference. The spectrum manager is the final authority for
interference resolution. For interference affecting satellite communications, the Commander, Joint
Functional Component Command for Space is the supported commander and final authority of satellite
communications interference. (For more information on satellite communications interference, see Strategic
Instruction 714-04.)
1-167. Interference may come from signal devices (such as unintentional friendly and unfriendly radios and
radars) and from non-signal devices (such as welders or vehicle engines). The skill level of systems
operators and maintenance personnel can mean the difference between a minor inconvenience and
complete system disablement.
1-168. When experiencing harmful interference, the operator should be able to discern whether the
interference is coming from natural phenomena or man-made sources. If natural phenomena is the cause,
the operator should try to work through the interference. An alternate frequency may be assigned if the
interference persists. If the operator suspects man-made interference, ensure an internal equipment check
is conducted to exclude equipment malfunctions. Improper alignment, degraded components, antenna
disorientation, or poor maintenance is usually the cause of interference. After the operator has ruled out
internal causes, a check with other friendly units in the area may reveal incompatibilities between
operations.
1-169. If a compromise cannot be worked out between the units, the case is referred to the spectrum
manager at the next higher echelon. The spectrum manager will conduct an analysis of the database, a site
survey (if possible), and coordinate with other units in the vicinity to identify the cause of the interference. If
the spectrum manager is unable to isolate the cause of the interference, the spectrum manager will submit a
report to the next spectrum management level for resolution. For interference affecting satellite
communications, a joint spectrum interference resolution report will be generated according to CJCSM
3320.02 D.

You might also like