Cyber Operations and Planning PDF
Cyber Operations and Planning PDF
Cyber Operations and Planning PDF
net/publication/291970833
CITATIONS READS
0 792
4 authors, including:
Some of the authors of this publication are also working on these related projects:
Information Security Risk Assessment Applying AHP in “R” Project View project
Applying Fuzzy Integral Approach for Ranking Criteria of Innovative Education View project
All content following this page was uploaded by Kerim Goztepe on 26 January 2016.
Muhammer Karaman, Hayrettin Catalkaya, Ahmet Zeki Gerehan and Kerim Goztepe
Operations and Intelligence Turkish Army War College
War Colleges Command, 4. Levent/Istanbul, 34330, Turkey
mkaraman@harpak.edu.tr; hcatalkaya@harpak.edu.tr; azgerehan@harpak.edu.tr;
d065006003@sakarya.edu.tr
ABSTRACT 1 INTRODUCTION
Improving ICT infrastructure, dramatic increase in Throughout history, there has always been a
internet usage and increasing dependence on networks struggle of force among communities. Struggles,
have carried with cyber risks and threats. Complex, conflicts or fights have managed to reach up to
shape shifting and emerging risks and threats have modern times with different forms of tools, tactics
systematically paved the way for cyberspace to emerge and techniques [1]. Strategies are developed to
as a new domain after land, air, maritime and space. It
direct and command armies and also envision the
is obvious enough that cyber threats probably continue
to take part in global cyber theatre for years. However, enemy and its tactics. These strategies mainly vary
it is sometimes hard to pinpoint at first a specific axis depending on the commanders’ intents that form
of cyber threats; they are generally varied merely from the desired end state on the enemy. When we
a simple computer code to systematic cyber strikes like compare two outstanding military strategists, Sun
targeted cyber attacks, cyber terrorism and industrial Tzu and Clausewitz, and their work in order, “The
espionage activities. Due to the exponential use of Art of War” and “On War”, we can see some
cyberspace and the complex nature of cyber attacks, differences in them. For example, the concepts of
along with the multivariable cost they cause, it Sun Tzu generally imply that the force should be
becomes a requirement for operation planners to the last resort to apply. If the enemy is defeated
handle cyber operations and the problems in this without fighting that is better or to take a state
sphere in an operational design process. In this study,
untouched is recommended by him [2] On the
we tried to handle cyber operations in operational
design process in order to comprehend, visualize and other hand, Clausewitz emphasizes theoretically
enlighten complex cyber incidents holistically and the importance of "total war" or "absolute war".
present preventive and systematic approaches by As it is understood, he defines a war that is waged
proposing a cyber operational design model. By against the enemy with all resources and
presenting such model, we aim to help operation momentum until the enemy is wiped out [2]. In
planners understand the complexity of cyber today’s complex and multi-dimensional security
operations, show the advantage of using factor and environment, commanders need to analyze the
center of gravity analysis (COG) that is generally strategies and also take the new variables like
handled in military decision making process (MDMP) cyberspace, which is emerging as a new domain
and finally help the technical personnel to have an after air, land, maritime and space [3], into
understanding of operational planning. With the cyber
account. The operational environment, comprising
operational design presented as a sample in this study,
we plan to provide the commanders with a of friend, enemy and neutral systems, has been
comprehensive approach in cyber operations. experiencing a new factor, cyberspace, that
supports and interacts with operational variables
KEYWORDS like political, military, economic, social,
information, infrastructure etc [4] [5]. The
Cyberspace operations, operational design, cyber operational environment (OE) is not separate from
threats, cyber operational design, military decision information system infrastructure due to the large
making process (MDMP). amount of information running on networks [3].
Evolving technology and the increasing use of
social networks has necessitated the governments
21
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 5(1): 21-29
The Society of Digital Information and Wireless Communications, 2016 (ISSN: 2305-0012)
and institutions to have at first the situational procedures, plans and doctrines to operate in this
awareness and then more than that. evolving and ambiguous area, cyberspace, where
Particularly, increasing use of information it is replete with criminal organizations and
communication technologies (ICT), smart devices individuals [3]. The targets of cyber attacks can
(phones and tablets) and over three billion people vary according to the causes and desired end states
having internet access have popularized the use of which the planners or perpetrators struggle to
blogs and social networks[6][7]. And along with attain. Qiao and Wang, The Two Chinese
these facts, cyberspace has become a suitable area Strategies, define the battlefield: “The battlefield
for criminals and terrorist organizations [8]. For is next to you and the enemy is on the network.
example, ISIS has been using the social media to Only there is no smell of gunpowder or the odor of
spread its ideology and message after it seized blood” [14].
Mosul, Iraq’s second-largest city, [9]. In In this study, we tried to adapt cyber
particular, ISIS was able to succeed in creating an operations to fit in an operational design and
atmosphere of fear in Iraq by releasing the named it cyber operational design in order to help
execution videos and photos on social networks cyber and operation planners to understand each
like Twitter and YouTube [10]. The power of other better and share this new OE in common.
social networks, during elections, street incidents Operational design is generally done before
in repressive regimes or during natural disasters, planning to visualize the enemy and operation
has proved its ability to change traditional one- environment and deal with the ill structured
way media, from news agency to people. With this problems in a more comprehensive way [15]. In
change in media, big news agencies also have section two we emphasized the need of cyber
taken advantages of user generated footage [11] operational design with mentioning about the well
As a consequence of those facts, some government known cyber attacks having strategic objectives.
actions are seen on interferences and restrictions In this section we also defined our study that it is
on access to information sources especially from not based on a real cyberspace operation. We
social networks that provide instant feeds. haven’t discussed about the legality of cyberspace
In this new operational environment where it operations in this section. In section 3, we
is easy to conceal itself for a long period of time, mentioned about operation planning, military
cyber wars have been waged similarly with decision making process (MDMP), operational art,
physical ones [12]. Being as real as physical ones, operational design and its elements. We also
cyber wars start in cyberspace and have effects prepared a sample cyber factor analysis that sheds
and influences in real life [13]. Increasing number light on cyber operational design explained in the
and diversities of cyber attacks require people, following section. In section 4, we defined the
institutions and countries to take strong measures relations between cyberspace operations and cyber
against them. These precautions range from operational design and the need of understanding
personal actions like being aware of cyber risks, of these two. In this section we prepared a
having situational awareness to strategic actions cognitive map of cyber operational design by the
like having a national cybersecurity document, help of factor analysis and cyber center of gravity.
forming a computer incident response team In conclusion, we have drawn attention to the need
(CIRT). More comprehensive approaches are also of cyber operational design and by this we have
put into action by founding governmental and shown the importance of bringing cyber specialists
military cyber organizations to protect the assets, and operation planners together for better planning
defense and cooperate. In these organizations, of military operations.
according to its level, vulnerability assessment,
cyber incident handling, configuration 2 METHODOLOGY
management and cyber training activities are
handled. As an institution, military organizations Understanding a complex operational environment
must ensure that its cyber assets are being such as cyber warfare requires a combination of
protected and must be prepared by adapting its art and science and ability to blend knowledge,
22
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 5(1): 21-29
The Society of Digital Information and Wireless Communications, 2016 (ISSN: 2305-0012)
experience, intuition, and critical thinking that are of a higher command. In our study, we have
essential to operational design with analytical assumed that the complex security environment
methods and tools that support detailed planning. that we are currently living in, the interoperability,
[15]. In this study we assume that cyber operations joint operations and cutting-edge technology are
(defence, active defense or offense) have become going to play a significant role. What we have
an integral planning factor in operational and deducted from our assumption are to understand
strategic operations of countries or a operation planners and cyber professionals each
supplementary tool in reaching strategic other better in order to have a thorough, well
objectives. We reach this data from some cyber prepared cyber operation planning and to draw
and intelligence related incidents that quite many also a cyber situational awareness to both
professionals call them “cyber warfare” One of the technical and staff personnel.
leading cyber incidents is Stuxnet that intended to
disrupt a country’s nuclear facilities and it is 3 OPERATION PLANNING, MILITARY
widely believed that it is driven by a nation or DECISION-MAKING PROCESS (MDMP)
nations having a strategic objectives. Other cyber
warfare and intelligence activities can be Flame, 3.1 Operation Planning
Duqu, Red October, Regin and so on. Some of
these are believed to be initiated by intelligence Planning is an activity that helps bring the
organizations and some are also nation sponsored. commander’s visualization into practice and forms
Due to the complexity of cyberspace and lack of course of actions to reach a military target [16].
enough legal evidence on attribution to a specific Due to the ambiguous nature of military
source, they are not yet rightly ascribed to a source operations, many variables of the operational
or structure. environment and unforeseen events necessitate the
In our study, we will not discuss the legality of planning to be a continuous activity. According to
waging cyber warfare to an organization, country the Field Manual 5-0, The Operations Process,
or enemy and we will not probe the philosophy of planning is associated with art and firstly
just or unjust war. We are interested in the process comprehending then visualizing a fact and putting
of planning cyberspace operations (CO) alone or forward the ways to reach the target. [17].
as a part of another operation. We also emphasize Regardless of its level, planning is an
that a clear definition of jobs related to cyber indispensable part of an every organization. To
operations in military organizations should be manage the available time effectively and spare
prepared in detail and legal issues both in maximum time to subordinates [18], parallel
government and institutional level must entitle the planning is applied during a military decision
commanders and operation planners to act freely making process which is an analytical process or a
within the boundaries of a legal framework. checklist to carry out every element in sequence to
In this paper, we haven’t planned a real cyber reach a detailed document without escaping even a
operation and analyzed a previously planned cyber small point one’s notice.
operation either. We struggle to adapt cyber Operational design and operational planning
operations to take advantage of operational design, are two close, concurrent elements that can be
operational planning and military decision making prepared by a different or same team. It may not
process (MDMP) and used the elements of be easy to have two different (designers and
operational design to fit cyberspace operations planners) teams doing these two jobs. Besides,
(CO) like cyber line of operations (CLOO), cyber having two separate teams may result with lack of
center of gravity (CCOG), cyber decisive points coordination, synchronization and may harm the
(CDC) and cyber desired end state. While there nature of coupling of these two. Operation
are also some other elements of operational planning, is a set of procedures that are needed to
design, we haven’t analyzed all of them here. Our be started after getting a higher command’s order,
study can be better executed in operational and commander’s initial guidance or directly from the
strategic level unaided or in tactical level as a part situation. Operational planning can be classified in
23
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 5(1): 21-29
The Society of Digital Information and Wireless Communications, 2016 (ISSN: 2305-0012)
two sections, conceptual and detailed planning Besides, it develop and compare courses of action
[19]. In this context; while the operational design and select appropriate decision.
forms the conceptual planning (with a cognitive
map) the military decision-making process forms 3.2.1 Factor Analysis
the detailed planning. [19]. And FM 5-0 also
describes that a powerful and useful planning is Factor analysis or the three-column format is sort
composed these two (conceptual and detailed) of a checklist for staff officers to take all factors
kinds of planning [20]. into account and deduct to do’s from it. It is a
frequently used methodology in MDMP and it can
3.2 Military Decision Making Process (MDMP) be used in all levels of operations. It functions as a
checklist for staff officers offering planners to
The military decision-making process (MDMP) is evaluate the operational environment, according to
a continuous and recurrent process helping their functionality areas and also put forward the
commander and staff to comprehend the situation, requirements to achieve the desired end state.
to analyze the mission, to get the commander’s It offers a way of ordering the commander’s and
initial guidance, to develop course of actions [22] staffs’ thought processes, and generates discipline
[23]. With the inputs of each staff officers relating in identifying the outputs of factor analysis. It is
with their professions, functional areas (Command generally prepared in three column format
and control, engineering, air defense etc.), started (Critical Vulnerability, Deduction and Output) and
mission and other iterative planning methodology named also the same. Factor analysis in table 1 is
that integrates the activities of the commander, prepared in cyber means helping the CO planners
subordinate headquarters, staff and other partners to help put forward mission, critical activities
to understand the situation. about its functional area and critical
vulnerabilities. The clear definition of these will
Table 1: A Sample of Cyber Factor Analysis (Three Column also help CO and operation planners to analyze the
Format) center of gravity both of enemy and friend.
Mission / Critical
Activity / Functional
Deduction Output
Area/
Critical Vulnerability
To plan professional cyber security trainings
Being unable to envision the cyber risks.
on theory and hands on.
To plan cybersecurity lessons in military high schools
Lack of Talented Cyber Being exposed to cyber incidents and and academies.
Specialists in Military unaware of them for a long time. Station some personnel on job training to scientific
Organizations. organizations and institutes dealing with cybersecurity.
To plan cyber threat situational awareness training for
Being unable to sustain situational
commanders and staff to remind that cybersecurity is
awareness among commanders and staff.
the commander responsibility.
Enough workforce assignment of cyber To defend information systems 24/7.
professional and a clear definition of
To Defend Army Critical To hire part time or full time civilian contractors,
“defense, active defense and offense” in
Information Systems engineers, hackers and malware analysts.
procedures.
Against cyber Attacks.
Building strong coordination with To assign liaison personnel mutually between cyber
intelligence organizations. command and intelligence units.
To plan cyber exercises to draw attention of leading
Being an easy target to fishing attacks.
cyber attacks (fishing, waterhole attacks, etc.)
The Risks of Open Source
Gathering OSINT via social networks with To limit the use of social networks in military
Intelligence (OSINT) and
masked and fake social network accounts. organizations.
Social Networks.
Using metadata of uploaded contents and To assign a content operator to control, erase and
EXIF information of uploaded photos [21] change the metadata and other information of contents.
24
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 5(1): 21-29
The Society of Digital Information and Wireless Communications, 2016 (ISSN: 2305-0012)
26
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 5(1): 21-29
The Society of Digital Information and Wireless Communications, 2016 (ISSN: 2305-0012)
27
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 5(1): 21-29
The Society of Digital Information and Wireless Communications, 2016 (ISSN: 2305-0012)
[13]. Al-Ahmad, W. (2013). A Detailed Strategy for [27]. Bloom, B., & Englehart, M. F. E., Hill, W., &
Managing Corporation Cyber War Security. Krathwohl, D.(1956). Taxonomy of educational
International Journal of Cyber-Security and Digital objectives: The classification of educational goals.
Forensics (IJCSDF), 2(4), 1-9. Handbook I: Cognitive domain.
[14]. Liang, Q., & Xiangsui, W. (1999). Unrestricted warfare [28]. Joint Publication 5-0 (2011) Joint Operation Planning,
(pp. 551-563). Beijing: PLA Literature and Arts Headquarters Department of Defense.
Publishing House.
[15]. Joint Staff, J-7 (2011) Planner’s Handbook for
Operational Design, Joint and Coalition Warfighting
Suffolk, Virginia.
[16]. Lussier, J. W., Shadrick, S. B., & Prevou, M. I. (2003).
Think Like a Commander prototype: Instructor's guide
to adaptive thinking (No. ARI-RP-2003-02). Army
Research Inst. for the Behavioral and Social Sciences
Alexandria VA.
[17]. FM 5-0. (2010) The Operations Process, Headquarters
Department of The Army.
[18]. FM 101-5. (1997) Staff Organization and Operations,
Headquarters Department of the Army Washington,
DC.
[19]. Kober, A.E. (2010) Bridging the Planning Gap:
Linking Conceptual Army Design to Military Decision-
Making, School of Advanced Military Studies United
States Army Command and General Staff College Fort
Leavenworth, Kansas.
[20]. Grigsby Jr, W. W., Gorman, S., Marr, J., McLamb, J.,
Stewart, M., & Schifferle, P. (2012). Integrated
Planning the Operations Process, Design, and the
Military Decision Making Process. Military Review,
92(4), 15.
[21]. Catalkaya H., Karaman M. (2015). Institutional
Cybersecurity: The Risk of Open Source Intelligence
(OSINT) and Social Networks, International
Conference on Military Security Studies (ICMSS-
2015), Istanbul.
[22]. Kem J.D. (2012) Planning for Action: Campaign
Concepts and Tools, U.S. Army Command and General
Staff College U.S. Army Combined Arms Center Fort
Leavenworth, Kansas.
[23]. Goztepe, K., Kahraman, C. (2015) A New Approach to
Military Decision Making Process: Suggestions from
MCDM Point of View, International Conference on
Military and Security Studies-2015, Istanbul, 118-122.
[24]. Joint Publication 1-02 (1994) Department of Defense
Dictionary of Military and Associated Terms,
Headquarters Department of Defense.
[25]. McCauley, D. (2011). Design and Joint Operation
Planning. Canadian Military Journal, 12(1), 30-40.
[26]. Scriven M., Paul R. (1987) “National Council for
Excellence in Critical Thinking”, 8th Annual
International Conference on Critical Thinking and
Education Reform, Summer 1987.
29