Brig. Gen.

Billy Mitchell
On September 12, 1918 at St. Mihiel in France, Col. Wil-
liam Mitchell became the first person ever to command
a major force of allied aircraft in a combined-arms opera-
tion. This battle was the debut of the US Army fighting
under a single American commander on European soil.
Under Mitchell’s control, more than 1,100 allied aircraft
worked in unison with ground forces in a broad offen-
sive—one encompassing not only the advance of ground
troops but also direct air attacks on enemy strategic tar-
gets, aircraft, communications, logistics, and forces beyond the front lines.

Mitchell was promoted to Brigadier General by order of Gen. John J. Pershing,

commander of the American Expeditionary Force, in recognition of his com-
mand accomplishments during the St. Mihiel offensive and the subsequent
Meuse-Argonne offensive.

After World War I, General Mitchell served in Washington and then became
Commander, First Provisional Air Brigade, in 1921. That summer, he led joint
Army and Navy demonstration attacks as bombs delivered from aircraft sank
several captured German vessels, including the SS Ostfriesland.

His determination to speak the truth about airpower and its importance to
America led to a court-martial trial in 1925. Mitchell was convicted, and re-
signed from the service in February 1926.

Mitchell, through personal example and through his writing, inspired and en-
couraged a cadre of younger airmen. These included future General of the Air
Force Henry H. Arnold, who led the two million-man Army Air Forces in World
War II; Gen. Ira Eaker, who commanded the first bomber forces in Europe in
1942; and Gen. Carl Spaatz, who became the first Chief of Staff of the United
States Air Force upon its charter of independence in 1947.

Mitchell died in 1936. One of the pallbearers at his funeral in Wisconsin was
George Catlett Marshall, who was the chief ground-force planner for the St.
Mihiel offensive.

ABOUT THE MITCHELL INSTITUTE: The General Billy Mitchell Institute for Airpower
Studies, founded by the Air Force Association, seeks to honor the leadership
of Brig. Gen. William Mitchell through timely and high-quality research and
writing on airpower and its role in the security of this nation.

ABOUT THE AUTHOR: Dr. Rebecca Grant is an airpower analyst with nearly 20
years of experience in Washington, D.C. She is a Senior Fellow of the Lexing-
ton Institute and president of IRIS Independent Research. She has written
extensively on airpower and serves as director, Mitchell Institute, for the Air
Force Association.

Published by Mitchell Institute Press

© 2008 Air Force Association
Design by Darcy Harris
 By Rebecca Grant

November 2008
A Mitchell institute special report
 TABLE OF CONTENTS

4
The Rise of Cyber War

Appendices

22
Remarks by Air Force Secretary Michael W. Wynne
C4ISR Integration Conference, Nov. 2, 2006

26
Remarks by Homeland Security Secretary Michael Chertoff
Chamber of Commerce on Cybersecurity, Oct. 14, 2008

31
Foundational Doctrine Statement and Selected Definitions

Air Force Gen. “Cyber warfare is already here,” Deputy Secretary
Kevin P. Chilton,
commander of of Defense Gordon England remarked in early 2008.
US Strategic
Command: “I In October of that year, Homeland Defense Secretary
firmly believe we’ll
be attacked in Michael Chertoff warned that the threat is on the rise.
that domain. Our “The reality is that cyber attacks aren’t decreasing,
challenge will be
to continue to said Chertoff. “They are increasing in frequency, so-
operate in that
domain.” (US Air phistication, and scope, and this has major implications
Force photo)
for our national and economic security.” Air Force Gen.
Kevin P. Chilton, speaking with Pentagon reporters in
Washington, D.C., expressed growing concern from a
military standpoint. “I firmly believe we’ll be attacked in
that domain,” said Chilton. “Our challenge will be to con-
tinue to operate in that domain.”1
Call 2008 the year that cyberspace—its vulnerabil-
ity, its defense, and its exploitation—passed the point of
no return as a major issue for national security officials.
International events and the confluence of several ma-
jor government moves drove the subject of cyberspace
higher up the list of priorities for Americans.
Overseas, an August 2008 conflict between Rus-
sia and the small neighboring state of Georgia saw a
wave of Russian cyber assaults directed against the
government of Georgia; civilian computer experts had
to step in to restore services.2 There has reportedly
been a series of foreign-origin attacks on networks at
the State, Commerce, Defense, and Homeland Secu-
rity departments over the past several years, known by
the code-name Titan Rain.3 According to the Washing-
ton Post, US government officials and cyber‑security
professionals believe some large attacks dating from
2005 that targeted US nuclear‑energy labs and large
defense contractors, had ties to Chinese Web sites.4
At home, Washington launched a multi‑step pro-
gram to put cyber security on a more urgent foot-
ing. President Bush in early 2008 signed a directive
expanding intelligence community powers to monitor
Internet traffic and repel mounting attacks on fed-
eral government computer systems.5 The classified
memorandum—National Security President Directive
54/Homeland Defense Presidential Directive 23—ap-
plies to both agencies. It authorized a new task force,
headed by the Director of National Intelligence, which
now manages US efforts to identify the source of
cyber‑attacks against government systems. DHS will
work to protect the computer systems; the Pentagon
will prepare plans for counterattacks.
The approval of the combined NSPD/HSPD
marked the most far‑reaching effort to date by the
United States government to neutralize threats in
cyberspace. Meanwhile, the Air Force and Navy both
tightened their focus on cyberspace with key organiza-
tional changes to cyberspace commands, while NATO
stood up a cyber response organization.
“In the area of cyberspace, both nation states and
non‑state actors continued to seek ways and means to
counter the advantages we obtain from our use of in-

1. “Cyber Warfare a Major Challenge, Deputy Secretary Says,” John J. Kruzel, American Forces Press Service, March 3, 2008. “Remarks on Cyber
Security to the Chamber of Commerce” Michael Chertoff, Office of the Press Secretary, Department of Homeland Security, Oct. 14, 2008. Gen.
Kevin P. Chilton, transcript of remarks to the Defense Writers Group, March 4, 2008.
2. “Tulip Systems Tries to Keep Other Georgia’s Web Sites Safe,” Kristi E. Swartz, Atlanta Journal Constitution, Aug. 17, 2008.
3. “Hackers Attack Via Chinese Web Sites,” Bradley Graham, Washington Post, Aug. 25, 2005.
4. “Bush Order Expands Network Monitoring, Intelligence Agencies to Track Intrusions,” Ellen Nakashima, Washington Post, Jan. 26, 2008.
5. Nakashima, Washington Post, Jan. 26, 2008.


formation and to turn those same advantages against
us in both conventional and unconventional ways,” said
Assistant Secretary of Defense Michael Vickers in tes-
timony before a House subcommittee.6
The shock of such attacks’ scope and magnitude
was a point of consensus among top government of-
ficials.
“The kind of attack that you would worry about is
the kind of thing we saw in Estonia last year—a deni-
al‑of‑service attack, where they flood the system with
so many e‑mail ‘botnets.’ You don’t shut the system
down, but you slow it down to the point that it’s unus-
able,” said Chilton.7 As England assessed the situation:
“I think cyber attacks are probably analogous to the
first time, way back when people had bows and arrows
and spears, and somebody showed up with gunpowder
and everybody said, ‘Wow. What was that?’”8
Despite unprecedented high‑level government at-
tention, cyberspace remains an area of dispute and
mystery. Some critics contend it is not a bona fide do-
main of warfare.9 Others criticized what they claimed
were questionable Air Force motives for its effort to
organize and streamline its cyberspace capabilities.10
At the same time, allies and potential competitors are
working to improve their own cyberspace capabilities.
The past few years have been consumed with ef-
forts to organize cyberspace and evaluate threats—
some to military and government systems, and many
to the privately‑owned infrastructure that extends
cyberspace throughout US commerce and daily life.
What’s missing is serious progress in understanding
how to think about cyberspace as a new warfighting
always been the case with sophisticated weapons of
war. Despite the secrecy, the broad outlines of key cy-
ber uncertainties are plain enough to stir discussion.
This paper addresses three of these areas. They
are:
n Definition of cyberspace as a domain of military
operations.
n Organization of the services, departments, and
agencies to meet cyber challenges.
n Development and assessment of theories of cy-
berspace power.
Nothing written here is the final word on these sub-
jects. In fact, the opposite is far closer to the truth. De-
bate is just now starting to pick up steam. That debate
is necessary to pull together strong, sound national
security policy for this newest domain: cyberspace.
A DOMAIN OF ELECTRONS AND
CONSCIOUSNESS
Over the last decade, cyberspace has become an
essential integrating medium for military operations,
one in which US armed forces want and need superior-
ity. Indeed, US Strategic Command already treats cy-
berspace as a vital war-fighting domain. “We’ve found
ourselves becoming dependent on it in the way we con-
duct ... military operations and so you would expect an
adversary to try to counter those advantages that the Russia’s conventional-
United States has to bring to the fight,” said Chilton, force attack
on Georgia in
USSTRATCOM commander.11 Summer 2008 was
accompanied by
The emergence of a new domain of combat is an cyber attacks on
that nation’s critical
exceedingly rare event. Warfare on land has always systems. (AP photo/
been with us. War at sea came along quite a bit later, Darko Bandic)

domain.
Understanding and plans do not spring into be-
ing overnight. It took several decades to establish the
place of airpower in national defense strategies and in-
ternational rules for armed conflict. With cyberspace,
the challenges will be similarity large and onerous. They
range from mastering the forensic tasks of attack at-
tribution all the way to much broader questions about
proportionality of response and legitimacy of certain
targets.
Much remains to be done in terms of thinking
through the implications of cyberspace as a warfight-
ing domain. Doubtlessly, the most fascinating discus-
sions occur behind a veil of secrecy. However, this has

6. Testimony of Michael Vickers, Assistant Secretary of Defense, hearing of the House Armed Services Subcommittee on Strategic Forces, Feb.
27, 2008.
7. “General Lays Out Challenge of Defending Cyberspace,” Jim Garamone, American Forces Press Service, March 14, 2008.
8. “Cyber Warfare a Major Challenge, Deputy Secretary Says,” John J. Kruzel, American Forces Press Service, March 3, 2008.
9. See for example William Matthews, “US Cyber Command’s Mission Remains Unclear,” Defense News, April 8, 2008.
10. See for example Noah Shachtman, “Air Force Will Fight Online Without Cyber Command,” Wired, posted Oct. 9, 2008.
11. Gen. Kevin P. Chilton, transcript of remarks to the Defense Writers Group, March 4, 2008.

Rise of Cyber War A Mitchell Institute Special Report 


Michael Chertoff,
Secretary of though it happened so many millennia in the past that
Homeland Security,
warns that cyber- it doesn’t really make much difference. Now, however,
adversaries can bring
down a system in two such transformative events have taken place with-
ways that, in the past,
could be done “only in just the past one hundred years.
when you dropped First came the arrival of the air domain, which
bombs or set off
explosives.” (State emerged during 1908-18. That decade was a period
Department photo)
that ranged from the first military flights at Ft. Myer,
Va.—in which the war potential of aircraft was demon-
strated to all—to the end of World War I, by which point
national air services had earned their places in com-
bined arms operations. Gen. James Cartwright, former
USSTRATCOM commander and now Vice Chairman of
the Joint Chiefs of Staff, had this to say about the event:
“When we started with air, it was sightseeing. Eventu-
ally, it became something important and, even further
down the road, it became something that contributed
to the other domains.”12 Of course, man had for centu-
ries dreamed of conquering the air. As a consequence,
many thinkers had been pondering its possible military
uses long before the invention of a functioning flying
machine early in the 20th century.
The second new domain—cyberspace—has been
only recently conceived, created, discovered, explored,
and exploited. A great controversy rages over what it
12. Gen. James A. Cartwright, Commander of US Strategic Command, interview with the author, Sept. 14, 2007.
13. “Joint Vision 2010,” Gen. John M. Shalikashvili, Office of the Chairman of the Joint Chiefs of Staff, July 1996.
14. See for example Vice Adm. Arthur K. Cebrowski and John J. Garstka, “Network-Centric Warfare: Its Origin and Future,” USNI Proceedings,
January 1998.
15. “A Brief History of the Internet,” Barry M. Leiner et al, Internet Society (http://www. isoc.org/internet/history/brief/shtml).
16. “About the NSA,” National Security Agency Central Security Service memorandum, (http://www.nsa.gov/publications/publi00015.cfm)

really is. It is a physical sphere, clearly, but it is also, in
no small part, a cognitive sphere.
A close look at the brief history of cyberspace con-
tains big clues as to why Washington’s national security
apparatus still is wrestling with policy, organization, and
resource-allocation issues. The cyberspace domain of
warfare emerged in the 1990s. Dating it precisely is
not easy. Trace elements of an emerging cyber-theater
were present in Operation Desert Storm in 1991. In
summer 1996, Gen. John Shalikashvili, the JCS Chair-
man, issued Joint Vision 2010, a paper presented as
a “conceptual template” to guide planning for future
warfare. It anticipated operations based on informa-
tion superiority—the collecting, processing, and dis-
seminating of an uninterrupted torrent of information
while damaging or denying an adversary’s ability to do
the same.13 Major discussions of so-called “net-centric
warfare” began to appear frequently in scholarly publi-
cations and in war college seminars.14 Military officers
debated the laws, methods, and organizations for po-
tential cyberspace operations. However, these largely
amounted to forecasts of computer network attack
(along with some warnings about the need for informa-
tion assurance.)
The real potential of fused intelligence and net-
work operations appeared with a vengeance in Opera-
tion Allied Force, the NATO air war over Serbia in 1999.
Cyberspace was exploited to direct attacking aircraft
and shape the nature of an attack. Soon, more and
more administrative and command and control opera-
tions were transferred to various cyber networks. Air-
men, at least, became dependent on cyber-integrated
communications and networks. This dependence was
generated by a combination of the rise of rapid, expedi-
tionary Air Force operations, the preference for preci-
sion, the need to rely on reachback systems, and the
insatiable appetite for information domain dominance
as a way to get maximum utility from smaller forces.
The situation is more complicated than this, how-
ever. The pedigree of cyberspace has actually been a
source of confusion as it has become a stand-alone
domain. First, key cyber structures and organizations
have lineages that predate the 1990s. The Internet
itself was set up in the late 1960s and was function-
ing fully in the 1980s.15 The National Security Agency,
the prime source of domain encryption, dates to the
1950s.16 The existence of such legacy agencies and en-
tities affects today’s view of cyberspace as a domain.
Second, cyberspace actually incubated within the US
Intelligence Community, not the nation’s military forces,
and was thus shaped by early Intelligence Community
doctrine created for information warfare.
In a way, these primordial features of the cyber
world have actually made it harder to grasp the reality
of cyberspace as a domain. On the one hand, it was in-
vestment in communications, intelligence, and informa-
tion functions that laid the foundation of today’s military
cyberspace. On the other hand, we have yet to disen-
tangle our modern cyberspace concepts from old-style
“information operations.” These information opera-
tions and cyber operations are closely related, but they
aren’t the same thing. There are key distinctions.
Two stand out. First, information warfare hinges
on use of refined content—deception, psychological
manipulation, counter-propaganda, influence opera-
tions, shaping—to achieve desired results. All of these
actions may be carried out in and through cyberspace
and be greatly enhanced thereby. However, various in-
formation operations are really nothing more than a
set of tools—information packages that support various
strategies and policies in the “real” world. Cyberspace,
on the other hand, is an actual domain, an arena for
many different types of actions. That is the essential
difference.
Second, there are differences in the value of the
transmitting medium. Most information operations
are nothing more than age-old warfare techniques
pioneered long before the rise of cyberspace. Decep-
tion, creation of operational security, some forms
of electronic warfare, and similar techniques can be
used without a resort to tightly integrated computer-
to-computer networks. True, use of cyberspace may
greatly enhance the speed and power of these kinds of
information operations, but don’t let this confuse you.
Cyberspace is a domain, a place, a theater. So-called
information operations are just directed missions.
Similar conceptual confusion grows out of the in-
terrelationship of cyberspace and the electromagnetic
spectrum. The intellectual linking of these two concepts
is essential, of course. After all, being a warfare domain
requires some sort of physical existence. The problem
stems from trying to draw a distinction between the
two things. This is a new problem. The line between
land and sea is easy to determine. The line between air
and space is more difficult to draw, but at least air and
space have very obvious physical differences. That is
not the case with cyberspace and the electromagnetic
spectrum.
The Joint Staff’s Joint Net-Centric Campaign Plan,
published in October 2006, promulgated a definition
of cyberspace as “a domain characterized by the use
of electronics and the electromagnetic spectrum to
store, modify, and exchange data via networked sys-
tems and associated physical infrastructures.”17 In
other words, the spectrum was declared to be the
true physical location of cyberspace. This determina-
tion solved a conceptual problem that had bedeviled all
thinking on the subject. It established that cyberspace
was not limited to “the Internet” or defined by the num-
ber of routers or users or their protocols. It could be
lots of other things, whose physical manifestation lay
within the electromagnetic spectrum.
However, some early attempts to help clarify cy-
berspace as a domain have almost done more harm
than good by leaning too much on the electromag-
netic spectrum. The false definition of cyberspace as
being any type of moving energy led in some cases to
arcane and essentially pointless debates about the “cy-
berness” of earlier electronic applications—from tele-
Command center at
USSTRATCOM, Offutt
AFB, Neb., which in
recent years has
been given a charter
for global operations,
including the offensive
cyber mission. (DOD
photo)

17. “Joint Net‑Centric Campaign Plan,” Joint Chiefs of Staff, Washington, D.C., October 2006 (http://www.jcs.mil/j6/ c4campaignplan/JNO_
Campaign_Plan.pdf )

Rise of Cyber War A Mitchell Institute Special Report 

 graphs to early signals intelligence. Because computer
network operations do take place within the spectrum
itself, it was easy to cast cyberspace as merely a set of
enabling operations.
Definition of cyberspace as a domain must recog-
nize the centrality of electromagnetic phenomenon that
are at the core of cyberspace operations. However, the
control and use of electromagnetic phenomenon alone
is not sufficient. Electronic signals have been around
longer than the cyberspace domain. Electronic com-
munications are supporting functions of other warfare
domains, too.
We have now arrived at the key. What is differ-
ent about the cyberspace domain is that it takes the
prevalent electromagnetic phenomena and assembles
them into new, higher sets of value: Intranets, the In-
ternet transport layer, data storage, and so forth. Vir-
tual networks or knowledge bases then take on a value
Marine Corps Gen. that is unique—vital to their functions and distinct from
James Cartwright,
Vice Chairman of the being a mere collection of uncoordinated signals not
Joint Chiefs of Staff, integrated with each other. Compare, for instance, the
said of the cyber
attacks in Georgia: value of a random set of telephone calls to that of chat
“What we’re trying room data assembled to underpin a rescue operation.
to understand is,
working our way You cannot sort out the difference merely on the basis
back, what are the of who uses electronic signals; they both do that. The
implications?” He is
pictured here with difference is that, in the case of the chat room, we have
Deputy Defense refined the application into a useful, “virtual” creation.
Secretary Gordon
Evidence of cyberspace’s “domain-ness” is no-
England. (DOD
photo/TSgt. Adam where more evident than in the tactical and operation-
Stump)
al networks built and used in cyberspace. Cyberspace
definitions comprise computer networks and the elec-
18. Gen. Kevin P. Chilton, transcript of remarks to the Defense Writers Group, March 4, 2008.
19. “8th Air Force, AFCYBER Joint Forces to Provide the Right Tools for Cyber Success,” Maj. Gen. William T. Lord and Lt. Col. Stephen Matson,
Feb. 25, 2008.
20. “Cyberspace Command Logs In,” Henry Kenyon, SIGNAL Magazine, August 2007.

tromagnetic spectrum, including some elements of
both. Control of information from space assets is one
example of this phenomenon. Satellite control of on-or-
bit communication and positioning is carried out mainly
by radio frequency. However, communications among
ground stations may move over the transport layer of
the Internet. “The ground stations are likely plugged
in, in some form or fashion, to the Internet,” explained
Chilton.18 “That’s how we move information around. So
you have to think about cyber defense” to assure that
network. In this example, dominance in cyberspace and
space go hand-in-hand.
The tactical aspect of cyberspace abounds in the
air domain. Reachback and precision effects often de-
pend on cyberspace for a final refinement of an attack
plan. “For that single [joint direct attack munition] to
achieve its effect, we rely on advanced technology to
put weapons on target—command and control sys-
tems, global positioning system satellites, communi-
cation networks, and electronic warfare capabilities,”
according to joint commentary by Maj. Gen. William T.
Lord, commander of Air Force Cyber Command (P), and
Lt. Col. Stephen Matson, a member of the AFCYBER(P)
team at Barksdale AFB, La.19
This wide and deep tactical and operational reli-
ance on cyberspace produces what the Air Force has
recently termed cross-domain dominance. Put in sim-
plest terms, the successful execution of global expedi-
tionary air and space operations depends on having un-
fettered access to the physical and virtual cyberspace
networks. This reliance is best described as a cognitive
feature of the networks, for it shapes the way opera-
tions are planned and conducted, and it shapes com-
manders’ intent and expectations.
This has a major impact on how things are done
in the other domains of air, space, land, and sea. In a
2007 interview, Air Force Lt. Gen. Robert J. Elder, com-
mander of 8th Air Force, summed up the situation with
these words: “Cyberspace exists alongside the other
warfighting domains and should be protected and ex-
ploited in a similar fashion. This reflects the need to
gain and maintain operational freedom in cyberspace—
cyberspace superiority—as a predicate to achieving
land, air, sea, and space dominance.”20
Dealing with the cognitive aspects of the cyber do-
main is important, but difficult. The argument for it is
tricky, and more philosophical than other aspects of the
debate. In this respect, it is useful to examine earlier
attempts to depict this domain visually. Typical images
include colored representations of the Internet con-
nections, images of people interacting with the Web
through computers, and mergers of global images
and Internet images. In each case, someone is trying
to depict cognition. The Internet grid maps attempt to
depict a domain. Images with people serve as symbols
of interaction in this domain. Taken together, the ubiq-
uitous themes mark a struggle to ascertain just what
the domain is and what it means. In fact, using images
in this way constitutes a classic Western philosophical
way of dealing with a new reality. It marks an important
step toward drawing cyberspace into the framework
of social and political agreements that shape nations
and the international system. Think of all the graphic
artists images of cyberspace. They are trying to do two
things: depict the domain’s phenomena and depict the
human connection to it. The most famous of these im-
ages, seen on this page, is the photo of World Wide World Wide Web
on cyberspace policy, privacy, rules of engagement, pioneer Tim Berners-
Web pioneer Tim Berners-Lee holding a glowing gold differentiation between foreign and domestic issues, Lee with his golden
orb. (Getty image/
orb. It’s an attempt to express our connection to the and develop military response options. If history is any Catrina Genovese)
cyber domain. guide, the only way to get there will be through intense
Another big thought entails viewing cyberspace discussion of theory as well as practice, for the theory
as a new world “commons.” Think of Bruegel’s famous of cyber security, ultimately, will express the will of the
painting (shown opposite) of medieval merchants and people.
peasants cavorting in the town square. Or, just think In a sense, the “domain debate” is a preoccupa-
of New York’s Times Square on any New Year’s Eve. tion of only one community—the US defense commu-
The idea of the commons—like that of a city or a na- nity. Outside of it, thinkers have long since moved on to
tion-state—occupies a highly important symbolic posi- other matters. Agonizing domain debates do not occur
tion in international politics. It emanates from the re- in China, for example. There, cyberspace operations
lationships among nations and business entities, the already have been incorporated into a sophisticated, Pieter Bruegel’s
concept of “the
people in them, and their commerce and security. All commons.”
of our carefully drawn international rules flow from this
concept of the global commons. Within nations, de-
mocracies look to the rules of the commons for their
authority.
This is part of the enormous challenge posed by
cyberspace. As a physical, virtual, and cognitive do-
main, cyberspace creates a new commons, generat-
ing serious concerns about how to secure it and make
it usable for all parties in the face of the pressures and
dangers posed by nation-states. Surely, current inter-
national norms, practices, and law will help, but the
nation-state issues are tough. The old concepts and
standards of sovereignty do not function well in this cy-
ber world, where the limits of national ownership and
responsibilities are fuzzy and attack attribution can be
so difficult to establish.
We eventually will need a clearer understanding
of how the new commons should function. It is impera-
tive to develop it if we are to make further progress

Rise of Cyber War A Mitchell Institute Special Report 

 “layered” national defense strategy, the point of which
is to confuse Taiwan’s military reactions to any Chinese
aggression and to slow down anticipated deployment
of US forces in response.
“With budgets running into billions of dollars, the
[People’s Liberation Army] has assiduously prepared
to fight a future war in cyberspace with Taiwan and
the West,” contended one defense analyst at the New
Delhi-based Institute of Peace and Conflict Studies, an
important defense think tank.21 “Attacks on American,
Japanese, and South Korean systems, among others,
have been traced to China. The PLA has regularly simu-
lated computer virus attacks in its military exercises
and Chinese companies with strong links to the PLA
have also acquired the latest computer technology
from the US.” He went on to say, “Cyber warfare will
Airmen tend to
their duties at in the future, be as critical as air supremacy is today,
the Air Force’s
Global Cyberspace in disrupting and destroying the enemy’s lines of com-
Integration Center, munication and critical infrastructure.”
located at Langley
AFB, Va. (USAF All signs are that the problem is spreading quick-
photo/Amelia
Donnell) ly. By late 2007, security and defense agencies in
Washington, London, and Berlin all had been targets
of sophisticated Chinese cyber attacks. According to
various news reports, during her first official visit to
China in late summer 2007, German Chancellor An-
gela Merkel confronted Chinese Premier Wen Jiabao
over this matter.22 For its part, Beijing accuses Taiwan
and the US of conducting hacking attacks and inserting
malware into its own computer networks.23
There can be no denying, however, that cyber-
space is a domain that China wants to master, or that
it has invested heavily in a program to develop this
mastery. The specific doctrine governing its actions
has been described as “local wars under informational-
ized conditions.”24 Over the past decade, PLA doctrine
has shifted away from land force activity to center on
forging capabilities in air, space and cyberspace. The
Chinese high-tech doctrine that held sway in the period
1993-2004 has been refined to focus more heavily on
Chinese dominance of the electromagnetic spectrum.
Donald L. Fuell, a China expert at USAF’s National
Air & Space Intelligence Center at Wright-Patterson
AFB, Ohio, notes that the changes were approved by the
Central Military Committee in 2002 and announced in
2004.25 With this change, China’s cyber warfare com-
ponent is now more important than ever to Chinese
doctrine. China aims both to improve its own integra-
tion of cyberspace with ISR components and sharpen
tools for disrupting adversary use of cyberspace. Ac-
cording to Fuell, first strike computer network opera-
tions are part of China’s current cyberspace training,
along with a variety of hard and soft power options.
Fuell noted that, in recent years, China has overtaken
the US as the top exporter of information and commu-
nications technology goods.
Clear statements of China’s developing cyber pow-
er can be found in many different sources. One such is
contained in the Defense Department’s Annual Report
to Congress: Military Power of the People’s Republic
of China 2008. It states: “In the past year, numerous
computer networks around the world, including those
owned by the US Government, were subject to intru-
sions that appear to have originated within the PRC.
These intrusions require many of the skills and capabili-
ties that would also be required for computer network
attack. Although it is unclear if these intrusions were
conducted by, or with the endorsement of, the PLA or
other elements of the PRC government, developing ca-
pabilities for cyberwarfare is consistent with authorita-
tive PLA writings on this subject.”26
Lt. Gen. David A. Deptula, USAF’s deputy chief of
staff for intelligence, surveillance, and reconnaissance,
had this to say: “In terms of computer network opera-
tions, the PRC remains the greatest state-sponsored

21. “China and Taiwan Spar in Cyberspace,” Jabin T. Jacob, Institute of Peace and Conflict Studies, New Delhi, November 2003.
22. “Merkel: China Must Respect ‘Game Rules’,” Christopher Bodeen, Washington Post, Aug. 27, 2007.
23. “Chinese Official Accuses Nations of Hacking,” Edward Cody, Washington Post, Sept. 13, 2007.
24. “China’s National Defense in 2004,” a Whitepaper released by the State Council Information Office, Dec. 27, 2004.
25. “China’s Aspirations for Information Dominance,” Donald L. Fuell, National Air and Space Intelligence Center, unclassified briefing, 2006.
26. “Annual Report to Congress: Military Power of the People’s Republic of China,” Department of Defense, February 2008.

10
threat.”27 Deptula went on to call attention to China’s
proliferating abilities to deny, degrade, and disrupt
cyberspace operations, labeling it a “major threat” to
joint force operations.
In light of the actions of nations such as China,
it is important to keep a weather eye on how the do-
main may evolve. Cyberspace as a domain will always
comprise physical, virtual, and cognitive elements, but,
already, day-to-day operations within the domain have
been changed by the introduction of new technologies.
New and disruptive shifts within the domain are virtu-
ally certain to occur. Some, such as major changes in
where data resides, will have the potential to drasti-
cally alter the way militaries carry out operations in
cyberspace.
Now on the horizon is one such disruption called
“cloud computing.” It marks a potentially large shift in
the layout of the domain itself. To understand why, one
needs to have a grasp of the Pentagon’s concept of a
“Global Information Grid,” or GIG. The early definition of
Among the biggest
this GIG rested on assumptions about transport and noted Stephen Baker, writing in Business Week.28 In ev- recipients of Pentagon
cyber funding is
application layers, one of which was that most process- ery case, the cloud achieves the same purpose as the the supersecret
ing of data would take place at user sites—command 1960s-era supercomputer. It increases search com- National Security
Agency, the national
post screens, individual desktops, or airborne systems. plexity and speed. However, a supercomputer is to the cryptological and
signals intelligence
Analogies with a national power grid were apt—both cloud as candles are to a bonfire. As Baker wrote, “At establishment
headquartered at
input and output occurring at known locations. Data the most basic level, it’s the computing equivalent of Ft. Meade, Md. (DOD
might be exchanged over the GIG, but it would in the the evolution in electricity a century ago when farms photo)

end come to rest at a known site. In the worst case and businesses shut down their own generators and
attack scenario, a terminal could be disconnected, but bought power instead from efficient industrial utilities.”
users would hold on to data at their work stations and The ramifications for national security are poten-
F-15s go into action
continue to work until a connection was restored. The tially enormous. The cloud computing concept trans- in the 1991 Gulf War.
Trace elements of
application resided in a specific computer, not in the fers more “value” to the network itself. In a larger cyber war could be
GIG itself. sense, it confirms that the domain is not necessarily found even in that
conflict. (USAF photo)
However, cloud computing has begun to change
that model. Cloud computing is a general term for what
airmen might call “offboard data.” In this case, it’s best
defined as activity using any collection of servers stor-
ing vast amounts of data and linking them together
for applications. There’s no single cloud, since various
companies and organizations assemble their own. The
Internet is essential to the cloud and functions as its
transport layer.
For illustration, take the case of Google, the search
engine megalopoly. Its cloud is a network consisting of
possibly as many as a million cheap servers, each about
as powerful as a home personal computer. Combined,
they store staggering amounts of data, including nu-
merous copies of the World Wide Web, and produce
answers to billions of queries in a fraction of a second,

27. Lt Gen David A. Deptula, DCS/ISR, “Global Threat Awareness Brief,” Jan. 18, 2008.
28. “Google and the Wisdom of the Clouds,” Stephen Baker, Business Week, Dec. 13, 2007.

Rise of Cyber War A Mitchell Institute Special Report 11

 rooted in a specific set of relationships between work-
stations, servers, and software. For example, comput-
ing originally rested most of its value in large, distinct
computer systems, with smaller numbers of terminals.
The personal computer revolution in memory and soft-
ware moved the center of gravity to the desktop. Over
the last decade, the dominant model has been a grad-
ual tilt from desktop to Internet as the content value
of World Wide Web has risen. Business to business
transactions moved additional value to the Internet for
specific applications. Now, cloud computing is shaking
out the relationships again.
For now, there is no single cloud but groups of
clouds. They are commercial, and they vary in size. Us-
ers can purchase time on a cloud from ever-entrepre-
neurial Amazon, among others. Markets for search
and software will grow and revenue based on the cloud
should follow. Taken to its logical extremes, the cloud
offers new players more processing power for innova-
tive projects. Cloud computing also has the potential to
become a system of choice for data storage. Cloud ap-
plications are already beginning to replace the old sys-
tem of storing and exchanging files. Virtual groups can
connect into 24/7 work teams and keep their data in
the cloud. As to the clouds, their size is not limited.
Cloud computing reconfirms the definition of cyber-
space as a domain. Relationships shift but the domain
remains in force. This domain is a chameleon, capable
In Operation Allied of looking different under different configurations and
Force, NATO’s
1999 air war over applications. What does not change is the now-essen-
Serbia, the alliance
used cyber raids tial value proposition. If anything, the value grows every
to disable Serbian
defense systems and time cyberspace changes its colors.
communications. (AP Cloud computing as a trend underlines why the Air
photo/Srdjan Ilic)
12
Force (and all military services) need to embrace cy-
berspace as a domain and pay close attention to their
formal structures for maximizing it. Another decade
could bring significant evolutions in the way cyberspace
is used for data storage, exchange, and manipulation.
Migration of computing functions from PCs and net-
works to a larger cloud structure could increase ef-
ficiency and facilitate remote applications; it will also
place new demands on transport layers and on cloud
and network security.
Top military leaders, while they might disagree on
some definitions and courses of action, are neverthe-
less firmly united in their appreciation of the threats in
cyberspace. Few persons anywhere deny that cyber-
space is a serious arena for competition, especially
military competition.
ORDER AND DISORDER IN A WILD
WORLD
The second question about the future of cyber-
space might seem to be—but is not—a pedestrian one:
How should it be organized? The importance of this
decision is not readily apparent, yet having a thorough
understanding of the preferred structure of cyber-
space and knowing where to set lines of responsibility
will prove to be essential to the full exploitation of the
cyber world.
The rise of cyberspace has been haphazard, at
best, with its development and modes of operation
shooting off in many different directions at once. Some
heterodoxy was inevitable and useful. At the moment,
however, American activities are being managed and
exploited by an polyglot assemblage of federal entities,
some of which are working at cross-purposes with oth-
ers.
It’s not that the United States has made no prog-
ress at all; over the last five years, the military servic-
es, defense agencies, and other federal government
institutions have embraced significant organizational
changes, all of which have created a tighter focus on
securing the domain. For all that, though, cyberspace
still is characterized less by order than by disorder.
Unlike most other aspects of national defense,
cyberspace considerations cross through several de-
partments and permeate the interagency arena. In
this, today’s effort to manage cyberspace more closely
resembles the communal approach of the Intelligence
Community than it does the kind of detailed tactical
control, operational control, and administrative control
systems of the military services and joint commands.
Today, there are many players in the cyberspace
domain, but they fall more or less neatly into five major
categories. They are:
n The US military services.
n The 16-agency Intelligence Community (includes
defense and service intelligence entities).
n US Strategic Command at Offutt AFB, Neb.
n Agencies of the Department of Defense.
n Agencies of the Department of Homeland Secu-
rity.
Seen from a purely budgetary perspective, the
Defense Department clearly dominates. Most of the
funding that flows through the cyber world comes from
the Pentagon and goes out to its military, civilian, or
intelligence entities. Big recipients are the National Se-
curity Agency, headquartered at Ft. Meade, Md., and
USSTRATCOM, which in recent years has been given
a charter for global operations. The Department of
Homeland Security also spends lots of money on cy-
berspace.
Even a quick read of the map of US federal cyber
entities shows glaring requirements for better orga-
nizational structures. Each service command has a
different philosophy. USSTRATCOM has a clear mis-
sion, but liaison with the regional commands is still in
the formative stages. Just to execute efficient cyber
operations a refined organizational structure will be
necessary. The biggest “seams” are those between
the defense and intelligence worlds and between the
government and private civilian worlds. Responding to
crises and preparing sound long range fiscal and stra-
tegic policy will require a bridging of these gaps. It won’t
be easy.
Of all these actors, USSTRATCOM is the newest
and also one of the more active and powerful. Cyber-
space is today a fighting domain, in the view of Strate-
gic Command. “You need to be able to operate, defend,
and attack in the domain, and then cross-domain,”
said Chilton, “and I think there are opportunities to do
that.”29
USSTRATCOM has taken an unusual role as a uni-
fied command. It leads the development of cyberspace
warfighting capabilities, rather than merely organizing
them, and is tied to various defense agencies in a way
unlike other joint commands. The command became
the agent for cyberspace when it took over responsibil-
ity for Joint Task Force-Global Network Operations. This
JTF-GNO has front-line responsibility for cyber support
operations.
Since 2004, the Director of the Defense Informa-
29. “Military Needs Hackers, Stratcom Chief Says,” William H. McMichael, Army Times, Oct. 2, 2008.
tion Systems Agency has been the Commander of the Air Force Lt. Gen.
Robert Elder (r),
JTF-GNO, with responsibility for operation and defense commander of 8th Air
Force, was the first
of the Global Information Grid. Information assurance, leader of USAF cyber
protection, and delivery are the main goals of the JTF- efforts. “Cyberspace
superiority,” he
GNO. At the theater level, JTF-GNO staffs and man- said, is “a predicate
to achieving land,
ages Theater NetOps Centers. These were created by air, sea, and space
dominance.” He is
mergers of the Defense Information Security Agency’s pictured here with
Regional Network Operations and Security Centers, Marine Corps Gen.
James Cartwright.
Regional Computer Emergency Response Teams, and (USAF photo/SrA.
Sonya Padilla)
Regional Satellite Communication Support Centers.
The resulting centers establish, maintain, and provide
theater-level situation awareness on the global grid.
The centers offer several types of support to a com-
batant commander. They offer technical expertise as
needed. They provide tactical control for theater net
operations.
While defense of the Global Information Grid falls
under USSTRATCOM’s authority, the individual services
manage and defend their own enterprise-level cyber
networks. Each maintains network operations centers
and units able to assure critical network communica-
tions in deployed settings, whether this means at a
major overseas base, with expeditionary forces at an
relatively austere forward operating location, or (in the
case of the Navy) aboard ships at sea.
With thousands of airmen and billions of dollars
long since committed to the mission, the Air Force has
gone further than it ever before has gone, putting in
place a numbered air force dedicated to cyberspace
activities. Twenty-Fourth Air Force will become the Air
Force’s warfighting cyber element. It will handle net-
work operations and develop offensive and defensive
Rise of Cyber War A Mitchell Institute Special Report 13
 cyberspace capabilities for presentation to the joint
warfighting element, USSTRATCOM.
Twenty-Fourth Air Force, a brand new organiza-
tion, grew out of USAF’s two-year effort to raise up a
new major command—Air Force Cyber Command. The
Air Force had some success in streamlining its capa-
bilities under Air Force Cyber Command (Provisional.)
The service has now decided against going for a new
major command, but all of the preliminary effort will
Estonian Defense
Minister Jaak
Aaviksoo. His nation
suffered a far-
reaching cyber attack
last year, most likely
from Russia.
roll into 24th Air Force, which will align under Air Force
Space Command.
Beyond creating this organizational structure,
USAF must also develop cyber capabilities for Strategic
Command and the regional theater commanders. The
Air Force must provide forces to Central Command,
Northern Command, and Pacific Command, whatever
the mission might be, and this most definitely includes
cyberwar capabilities. This is why it is vital for the Air
Force to be a major stakeholder in the development of
such capabilities and not just leave the task to others
in the US intelligence and security organs.
A future Joint-Force Air Component Command-
14
er—or “air boss”—in these regions may have to rely on
cyber operations as part of an integrated campaign.
USAF may find a need to focus on developing computer
network attack capabilities within the air component
to present to theater and regional commanders. The
Air Force’s cyberspace vision statement notes that “to
support theater objectives, we will develop cyberspace
force packages as part of our expeditionary air and
space forces.” Ultimately, the JFACC and his staff will
become adept at determining when to neutralize a tar-
get by using non-kinetic “soft kill” weapons and when to
blow it to bits with a high-explosive bomb.
Soon, the corporate Air Force will probably need
to evaluate program funding for network attack to de-
termine whether there is enough money to develop
the needed capabilities. At a minimum, USAF needs a
strong policy position relating development of network
attack and defense capabilities for current and future
warfighting responsibilities.
The Air Force’s efforts to consolidate its extensive
cyberspace units and budgets under a new Air Force
Cyber Command generated a violent reaction almost
from the start, with some claiming it was an Air Force
power grab at the expense of the other services. The
charge was clearly bogus. Indeed, the Navy set up its
Network Warfare Command—an analogous organiza-
tion—in 2002, with nary a peep heard from the joint
community,
The Navy has the biggest and most widely rec-
ognized network operations command. Naval officers
have long been masters of signals intelligence, with
a history of excellence reaching back to World War
I. Moreover, the service starred in major code-break-
ing operations in the Pacific during World War II. The
Navy has built upon this heritage as it has developed its
cyberspace expertise. Several recent reorganizations
have integrated cyber and information functions, rang-
ing from cryptological activities to communications
with hand-held devices.
Network Warfare Command, or NETWARCOM, is
headed by a three-star admiral and is headquartered
near Norfolk, Va., at the amphibious base at Little Creek.
NETWARCOM now has more than 13,000 sailors as-
signed. The Navy subcontracts for its primary systems,
notably the Navy-Marine Corps Internet. Commercial
giant Electronic Data Systems built this system for the
Navy. NETWARCOM also has component operations
with the NSA at Ft. Meade.
“NETWARCOM is at the forefront of where the
next fight will begin, or has perhaps already begun, out
there in cyberspace,” said Vice Adm. H. Denby Starling
II, its commander.30 Navy personnel, he added, “are en-
gaged in the fight against the enemy 24 hours a day,
seven days a week, 365 days a year.”
In 2002, the Navy had quietly acknowledged the
central role of cyberspace in its operations. The Chief of
Naval Operations, Adm. Vern Clark, declared informa-
tion operations to be a primary Naval Warfare Area,
equivalent to the service’s air, land, maritime, space,
and special operations mission areas.
For the Navy, information operations cover five
core capabilities: computer network operations, elec-
tronic warfare, psychological operations, military de-
ception, and operations security. Vice Adm. James D.
MacArthur Jr., who was NETWARCOM’S second com-
mander, described information operations as “a major
part of naval forces’ overall strategic planning and op-
erations to shape and influence potential adversaries’
understanding and intent” and a way to “enhance de- German Chancellor
terrence and accelerate the pace of operations.”31 race to organize, train, and equip for the cyber mission. Angela Merkel
confronted Chinese
NETWARCOM has evolved as what the Navy calls However, the service has recognized the importance of Premier Wen Jibao
about cyber issues
a “type” command, roughly equivalent to well-known attending to this matter. According to the 2008 Army during her first
three-star commands that control naval air forces or official visit to China.
Posture Statement, “Cyberspace is a new battlefield, Berlin had been a
submarines and apportion them to numbered fleets. and new thinking on how to operate within this environ- target of Chinese
attacks. (Getty
Like other type commands, the cyber command re- ment is required.”33 Images/Guang Niu)
ports to the four-star Fleet Forces Command in its The Army’s Network Enterprise Technology Com- On Nov. 2, 2006,
type role. NETWARCOM personnel monitor Navy net- mand (NETCOM) notes that it has the duty to “provide, Secretary of the Air
Force Michael W.
work operations. The command is also the enterprise sustain, and defend the Network Enterprise” in order Wynne formally defined
cyberspace as a USAF
provider for current and future networks. However, to “enable information superiority, and ensure operat- warfighting domain.
NETWARCOM is about operationalizing cyberspace, (USAF photo/Josh
Plueger)
too. The Navy has taken steps to incorporate cyber-
space into its operations directorates. Information
operations personnel are now organized under the op-
erations or N3 divisions of major commands. The com-
mand added functions when it incorporated the fleet
information warfare centers and naval security groups
into Navy information operations centers in 2005.
Going forward, NETWARCOM will be managing
retirement of legacy systems and new bids for major
network contracts for service-wide and afloat systems.
Starling also hopes to increase the command’s impact
as a warfighting type commander “to get a better view
of what’s going on in our ships, squadrons, and aircraft
every day in the fleet in C4I [command, control, com-
munications, computers and intelligence], potential
conflict, and networks.”32
The Army clearly lags the other services in the

30. Vice Adm. H. Denby Starling II, remarks during assumption of command of Naval Network Warfare Command, US Navy release, June 15,
2007.
31. Vice Adm. James D. MacArthur Jr., interview with CHIPS Magazine, US Navy, Fall 2004.
32. “Command Swells with New Responsibilities,” Maryann Lawlor, SIGNAL Magazine, December 2007.
33. 2008 Army Posture Statement, Information Paper: Cyber Operations.

Rise of Cyber War A Mitchell Institute Special Report 15

 ing and generating forces freedom of access to the
network in all phases of Joint, Interagency and Multina-
tional operations.”34 The Army sees its primary cyber
warfare role to be a strong force-providing component
under USSTRATCOM. As part of the joint cyber force,
the Army will focus primarily on information assurance
and the protection of Army networks.
By comparison with the Air Force and Navy, the Ar-
my’s concept of cyberspace operations does not seem
to be a good fit with the service’s self-perception. “We
have operations in cyberspace, not cyberspace opera-
tions,” sniffed Col. Wayne Parks, Director of Army Infor-
mation Operations and Army Computer Network Oper-
ation-Electronic Warfare Proponents at the Combined
Arms Command, based at Ft. Leavenworth.35 That is a
broad Army sentiment.
Still, the Army’s much-touted Future Combat
System and other prospect Army programs depend
on tactical and operational uses of cyberspace as en-
ablers for maneuver, fires, and combat support. The
skill and training needed to use and defend cyberspace
An air operations will not be a nice-to-have, but rather a must-have.
center, such as this
one in Southwest Ironically, this new domain of warfare is unad-
Asia, has become dressed in the laws, agreements, and codes that define
a nerve center
of airpower, and service roles, missions, and functions. Two approaches
highly dependent
upon secure cyber will probably be required.
networks. (USAF
photo/SrA. Brian First, each service will have to develop competen-
Ferguson) cy in cyberspace for its own administrative and tactical
34. Army’s NETCOM/9th SC(A) mission statement (http://www.netcom.army.mil/)
35. “Parks: No Distinct Cyberspace Command,” SIGNAL Online blog posting by Robert K. Ackerman, Aug. 21, 2008.
36. Department of Homeland Security Fact Sheet: Protecting Our Federal Networks Against Cyber Attacks, April 8, 2008.
37. “Remarks to the RSA Conference,” Michael Chertoff, Office of the Press Secretary, Department of Homeland Security, April 8, 2008.
16
networks. Assuring the availability of these networks is
primarily the responsibility of usstratcom and disa. The
responsibility for defending the tactical tie-ins with air-
craft or ships or land combat vehicles will fall on the
services operating the systems.
Second, the military establishment will need to
sort out the question of who, if anyone, will have pri-
mary responsibility for being the premier warriors of
cyberspace. Since cyberspace is not part of Depart-
ment of Defense Directive 5100.1—the current blue-
print for roles and missions—neither the Air Force nor
any other service has a special claim on preparing for
cyberwar.
The organization questions exist not only in the
military agencies. They also are cropping up in civilian
departments, most notably the Department of Home-
land Security.
DHS picked up extensive new cyberspace duties
and responsibilities in 2008. The Department was des-
ignated the lead organization for implementation of the
Comprehensive National Cyber Security Initiative based
on National Security Presidential Directive 54/Home-
land Security Presidential Directive 23, signed by Bush
in early 2008.36 “We face a very serious challenge and
one that is likely to grow more serious as time passes,”
said Chertoff, in an address at a 2008 conference in
San Francisco.37 He added, “Building on efforts today
and reinforcing our cyber security initiatives, it would
almost be like a Manhattan Project to defend our cy-
ber networks.” According to Chertoff, a criminal gang
today can bring down a commercial or federal system
in a way that in the past “only came when you dropped
bombs or set off explosives.”
However, Homeland Security faces an issue that
makes some of the military challenges pale in compari-
son. Nearly 90 percent of cyberspace infrastructure
has private ownership. Therefore, the DHS policy role,
active as it may be, is limited to fostering cooperation
and awareness among major players in the world of
private industry, academia, finance, and so forth. Many
of these private entities, particularly in the banking in-
dustry, already collaborate on threat awareness with
industry partners. Truly securing the gates of domestic
cyberspace will require new concepts of governance
and public-private partnership. At some point, it may
become necessary to reassess the division of labor be-
tween DOD and DHS.
NEW THREATS, NEW THEORIES
With the maturing of the cyberspace domain, new
visions of threats and theories of conflict have begun to
emerge at a rapid pace. This is unsurprising. National
competition and war in cyberspace are sure to bring
new vexations, as well as some of the more-classical
misfortunes of war as it has long been waged within
the international system.
The world got a glimpse of this in summer 2008,
with Russia’s armed attack on Georgia. Russia’s con-
ventional-force attack was accompanied by cyber at-
tacks on that small nation’s critical systems. Russia at-
tacked on the ground and in the air Aug. 9 and agreed
to a ceasefire on Aug. 13. In mid‑August, however,
American officials were still attempting to assess and
magnitude of the cyber attacks. On Aug. 14, Marine
Corps Gen. James Cartwright, Vice Chairman of the
Joint Chiefs of Staff, told Pentagon reporters: “Most of
what we have seen and been able to monitor and verify
is the defacing of Websites, not really as robust as de-
nial of service. And so, what we’re trying to understand
is, working our way back, what are the implications?
Can we really tie this to the military activities, or was
this more of a separate group that had a more political
agenda? Those are unknowns at this point.”38
Some time later, Chertoff observed: “The Geor-
gia‑Russia conflict ... [was] perhaps the first instance
of a military action with a cyber component. Denial of
service attacks launched from Russian IP addresses
against Georgia occurred when we saw military action
taken by Russians against the Georgian government.
Large swaths of Georgians could not access any in-
formation about what was happening in their country.
Government websites were defaced and the delivery
of government information and services were cur-
tailed.”39
Not everyone was impressed with the Russian at-
tacks. One who found it lacking was Maurice H. Sachs
of the SANS (SysAdmin, Audit, Networking, and Secu-
rity) Institute, a provider of computer security training
and professional certification. Sachs dismissed the cy-
ber component of the war as coincidence, saying that
low-level intrusion activity was akin to cockroaches in a
kitchen—you don’t see them until you turn the light on.
“I realize that I’m being very cynical here, and that the
future prospects of real, no‑kidding, nation‑state cyber
Lt. Gen. David A.
warfare are very possible,” Sachs wrote on Aug. 16, Deptula (l), USAF’s
deputy chief of staff
2008, but, “is a botnet or a Website defacement an for intelligence-
surveillance-
act of war?”40 reconnaissance,
warned that China’s
Compared to Sachs, however, other observers growing cyber
were far more concerned. “Cyberweapons are becom- capabilities pose “a
major threat” to joint
ing a staple of war,” noted Siobhan Gorman in the Wall force operations.
(USAF photo)
Street Journal.41 “The Georgian conflict is perhaps the
first time they have been used alongside conventional
military action.” At least, it might be the first time for a
nation other than the United States.
The Georgia conflict gave rise to chilling questions.
There is overwhelming physical evidence that Tbilisi
suffered some serious denial-of-service cyber attacks.
However, as we have seen, the attribution of such at-
tacks to a culprit was uncertain at best. Most of the
response was focused on restoring service to Geor-
gian agencies and companies. The cyber attacks point-
ed out that the policy and procedure for legitimate,
sanctioned response remains embryonic at best. As
a Pentagon spokesman told WSJ’s Gorman, “It’s ulti-
mately the perception of the country under attack as
to whether an act of war was committed.”42
Indeed, cyberspace raises a number of difficult and
complex issues, starting with the unusually large array
of threat actors that are now in play. Already, the types

38. Gen. James Cartwright, Vice Chairman of the Joint Chiefs of Staff, DOD press briefing, Aug. 14, 2008, Washington, D.C.
39. “Remarks on Cybersecurity to the Chamber of Commerce,” Michael Chertoff, Office of the Press Secretary, Department of Homeland
Security, Oct. 14, 2008;
40. “Thoughts on the Russia vs Georgia Cyber War,” Maurice H. Sachs, Diary, Aug. 16, 2008 (http://isc.sans.org/diary.html?storyid=4903&rss).
41. “Cyber Attacks on Georgians are Reigniting a Washington Debate,” Siobhan Gorman, Wall Street Journal, Aug. 14, 2008.
42. Gorman, Wall Street Journal, Aug. 14, 2008.

Rise of Cyber War A Mitchell Institute Special Report 17

 of threats go beyond those that are canonical to the
“international system.” They jump over, and render ob-
solete, centuries of understandings about sovereignty
and national borders. Moreover, clear distinctions can
easily be drawn in other domains between public and
private sector attacks and responses. Not so in cyber-
space.
What motivates an attack in cyberspace? Cher-
toff, the chief of Homeland Security, and others have
laid out in detail the various motivations of criminals
and criminal groups seeking to profit from fraud and
other cyberspace scams. We are all familiar with the
apolitical but menacing recreational hacker, quasi-
nerds whose creative powers have visited thousands of
worms and viruses on the world’s computer networks.
Simple curiosity and devilment play their own roles, too.
Self-portrait created When it comes to national security, however, the range
by a massive Cray
1 supercomputer. of motives is wide and more difficult to decipher. This
Given the coming
of many types of poses a huge challenge to US officials.
advanced computing,
the supercomputer One USSTRATCOM leader, an officer whose pro-
has become passe. fessional duties require him to deal with these issues,
(Cray Inc. image)
divides external national security cyber threats into
three tiers:
Tier One. The denizens of this group are hack-
ers who possess significant skills and can be found in
every country. Most have a strong desire to demon-
strate their skills by taking on the most attractive foe—
the United States. “We’re the biggest and baddest
target in the world, so a lot of people want to come
43. “Command Swells with New Responsibilities,” Maryann Lawlor, SIGNAL Magazine, December 2007.
44. Testimony by J. Michael McConnell before Senate Select Committee on Intelligence, Feb. 5, 2008.
45. McConnell, testimony, Feb. 5, 2008.
18
at our networks,” says Starling of NETWARCOM.43 A
portion—and perhaps a significant portion—of these
cyber attacks are best described as nuisance attacks,
enabled and abetted by the relative anonymity of the
Internet. For anti-war and anti-authority types, such
attacks are attractive. In contrast, pranksters trying
to sneak on base or protesters attacking aircraft with
hammers face more risk, more inconvenience, and
usually get caught.
Tier Two. At this level are a range of groups
that are organized or at least semi-organized, what-
ever their motivations. They possess cyber skills signifi-
cantly higher than those of the lone hacker, but lower
than those of major nation state players. This strata
features most of the truly sophisticated criminal op-
erations, groups that deal in bank fraud, large-scale
computer theft, and organized crime activities. Politi-
cal and terrorist groups are there, too. Michael Mc-
Connell, the Director of National Intelligence, Chertoff,
and other officials have testified repeatedly about the
cyber presence of al Qaeda, the predominantly Sunni
outfit headed by Osama bin Laden, and Hezbollah, the
Iranian-backed Shiite guerrilla group based in southern
Lebanon. Other subnational militant groups also have
stated their desires to use cyberspace for mass at-
tacks.
Tier Three. Here, one finds the militaries and
non-defense security organizations of nation states.
These cyber players have the manpower, physical sanc-
tuary, cryptological know-how, and funding to generate
dynamic and dangerous effects in the cyber domain.
In early 2008, McConnell offered an unusually candid
statement about these kinds of threats. According to
McConnell, “cyber exploitation activity has grown more
sophisticated, more targeted, and more serious.”44 He
cited specific nation‑state threats. “We assess that
nations, including Russia and China, have the technical
capabilities to target and disrupt elements of the US
information infrastructure and for intelligence collec-
tion,” said the top US spy.
This stratification of threats is itself something
unique to the cyber domain among the various do-
mains of international conflict.
Beyond this, cyberspace adds a niche for insider-
style attacks. McConnell defined the nation’s informa-
tion infrastructure as “the Internet, telecommunica-
tions networks, computer systems, and embedded
processors and controllers in critical industries.”45 It is
a vast system. In the military and intelligence worlds no
less than the commercial sphere, the dangers posed by
disgruntled, vindictive, criminally motivated, or foreign-
directed insiders is always a problem. Such attacks are
much easier to carry out in the new wired world.
In the past, the threat of the insider tended to fo-
cus on intelligence, and this has been a launching point
for the cyber insider, too. Notorious turncoat spies
have caused substantial damage to national security
through the loss or compromise of sensitive informa-
tion. For disgruntled or compromised employees or
contractors, the technology of insider cyber espionage
is close to hand. Chertoff said he was concerned about
“the lowest-tech threat,” which he described as “some-
body coming with a thumb drive and downloading sen-
sitive information, including passwords, or planting
something [in a computer system] that enables some-
one to capture information and send it back over the
Internet.”46 According to the Homeland Security chief,
“That can cause as much damage as a classic hacking
attack.”
Individuals with network access can be duped into
providing personal data that compromises encryp-
tion. They might by accident insert into a computer a
compromised thumb drive or other device and upload
malicious code that damages the network. Intelligence
workers and officials know better than to open suspi-
cious, unfamiliar e-mails—assuming that any of these
are even permitted to reach an individual’s computer—
but they may visit World Wide Web sites which return
malicious code to their systems.
Awareness of the dangers is the vital ingredient for
cyber security against this form of intrusion. To 8th Air
Force’s Elder, cyber safety begins with understanding
network actions.47 Just as with flight safety or ground
safety, cyber safety depends on operational risk man-
agement enforced by supervisors. Some believe the
government should set approval levels in accordance
with degrees of risk. One technique is “whitelisting.” In
this, agencies do not ban visits to certain sites (“black-
listing”), but specify those specific sites which a worker
may access, excluding all others. This technique, used
in tandem with encryption, has come into increased
use.
All US armed services, agencies, commands, and
operators agree they need more and better informa-
46. “Remarks on Cybersecurity to the Chamber of Commerce,” Michael Chertoff, Office of the Press Secretary, Department of Homeland
Security, Oct. 14, 2008.
47. Interview with Lt Gen Robert J. Elder, July 2007.
48. “Command Swells with New Responsibilities,” Maryann Lawlor, SIGNAL Magazine, December 2007.
tion about rapidly metastasizing threats in cyberspace.
Starling, of NETWARCOM, said the top service lead-
ers are now aware of the importance of security, but
getting the word out to uniformed service men and
women sometimes is a slow and difficult process.
NETWARCOM’s commander, like others, has taken re-
sponsibility for closing that gap. Informing the fleet “is a
job that falls directly to me,” said Starling. “I think that
education is something that we here at NETWARCOM
have to do.”48
The intellectual decision to treat cyberspace as a
domain has created an obligation on the part of de-
fense officials to explore its relation to, and impact
upon, theories of conflict and power. Ultimately, the role
of cyberspace in national security depends on how the
domain and tools within it come to be regarded across
the international community.
Two airmen update
Statesmen, officers, academics, and thinkers antivirus software
at Air Force Cyber
have had many centuries to develop norms of behav- Command (P),
Barksdale AFB, La.
ior and rules of the road for the two oldest fighting (USAF photo/TSgt.
Cecilio Ricardo Jr.)
domains—land and sea. The air (and space) domain is
much younger; still, it has been around for 10 decades,
and much thought has gone into devising international
concepts to govern behavior there. In all three cases,
nations have engaged in protracted periods of debate
before they come to an ultimate settling of major con-
cepts and laws. Next will come cyber space. To date,
most of the effort has gone into attempts to describe
and organize the domain. However, it should come as
Rise of Cyber War A Mitchell Institute Special Report 19
 no surprise to political scientists that there is a wide
gap between domestic and international approaches
to cyberspace.
A hard part of developing military cyberspace
norms will be determining rules of engagement. This
in part stems from inherent difficulties such as attack
attribution and assessing the impact of non‑kinetic ef-
fects. However, the problem goes well beyond those
two factors. Cyberspace power fits only awkwardly into
the well‑worn grooves of international rules governing
use of force.
Details about the state of US cyber capabilities
and operations are shrouded in secrecy, though the
veil has dropped on occasion. There was, for example,
a bit of publicity about the 1997 US government exer-
cise titled “Eligible Receiver.”49 It documented that the
National Security Agency “hackers” who took part in
the exercise could gain superuser access to military
networks and some infrastructure elements. Other
reports suggest that limited cyber offense opera-
tions were carried out in the Gulf War, Operation Allied
Force, and the two more recent wars in Afghanistan
and Iraq.
Discussion of cyberspace has now raised an in-
teresting but confounding question: Does the nation’s
capabilities in the cyber realm constitute “soft” power
or hard power? The definition of hard power is clear
enough: national military and economic might. Soft
power, on the other hand, is more difficult to pin down.
The term was coined in 1990 by Joseph Nye, a Har-
vard professor who later served as a senior Pentagon
official during the Clinton Administration. According
to Nye, power is a means for “altering the behavior of
others to get what you want.”50 He saw three types:
coercion and payments, both of which were aspects
of hard power, and attraction, which is the essence of
soft power.
At first glance, operations in cyberspace seem to
be a natural fit for soft power because of the domain’s
non‑kinetic attributes and role in helping to shape infor-
mation. However, the reality is more complex.
In international politics, “attraction” translates into
propensity to take favorable action toward US foreign
policy intentions. It is a state of mind. A visit by a popu-
lar American president can produce huge soft power
spikes, for instance. The other side of soft power hinted
at by Nye lies in the arena of selective information and
continues into propaganda and deception. Having the
49. Eligible Receiver, Global Security.org.
50. “Think Again: Soft Power,” Joseph S. Nye, Foreign Policy, March 2006.
51. “The Benefits of Soft Power,” Joseph S. Nye, Harvard Business School Working Archive, August 2004.
52. “The Rise of China’s Soft Power,” Joseph S. Nye, Wall Street Journal, Dec. 29, 2005.
20
means to control and shape information is a potential
source of soft power in that it can directly affect the
“attraction” element at its core. Said Nye: “The ability
to share information—and to be believed—becomes an
important source of attraction and power.”51
An alternative view holds that cyber space is, first
and foremost, a domain of hard power. Hard power has
many definitions, but most include acts of violence, acts
of coercion, and acts of influence when they are gen-
erated and applied not as soft power “attraction” but
as the result of military force deployment, for example.
There is a presumption that cyber’s non‑kinetic forms
of action are immediate candidates for soft power in
one form or another. However, the evolution of the cy-
berspace domain has inevitably introduced significant
elements of hard power.
Here it is important not to let the nature of the
domain within the electromagnetic spectrum confuse
the issue of what is hard and what is soft. Electronic
countermeasures employed by aircrews on combat
missions fit unquestionably into the realm of hard
power. Location outside the visible spectrum does not
make them soft in any way. Many non‑kinetic actions
are nonetheless aspects of hard power. For example,
denial‑of‑service attacks are disruptive tools that fit the
definition of coercion better than attraction.
In later writings, Nye has linked hard and soft
power into a concept of “smart” power in which the
two power elements link up in appropriate ways. In an
article focused on China, he wrote: “In a global informa-
tion age, soft sources of power such as culture, po-
litical values, and diplomacy are part of what makes a
great power. Success depends not only on whose army
wins, but also on whose story wins.”52
With cyberspace, classic conflict problems re-
main, and in some cases, can be exacerbated by the
nature of the domain. The rise of multi‑polarity after
the Cold War and shifts in economic power and ideo-
logical tides have given rise to numerous types of con-
flict. The plethora of multinational military interventions
since the early 1990s illustrates the trend. It follows,
then, that cyberspace builds on the potentially wider
sources of conflict in the international system. Increas-
ing competition and confrontation in cyberspace opens
the door to re‑examine causes of conflict—out from un-
der the shadow of the post‑1945 nuclear peace.
Because of the rise of cyberspace, there may be a
need to reinvestigate the root causes of war to learn
about tripwires and miscalculations in this new do-
main. Decades of superpower nuclear confrontation el-
evated the concept of miscalculation to the position of
“most-feared” source of conflict. In the post-Cold-War
world, it now seems that that title belongs to optimis-
tic expectations that a particular war will prove to be
easy, short, and not too destructive. Historian Geoffrey
Blainey believes it is a factor in the outbreak of war.
“When the first nations formally declared war on one
another, they were not consciously declaring the begin-
ning of what came to be called the war of 1914‑1918,”
wrote Blainey.53 “They were rather declaring the begin-
ning of what they hopefully believed would be the war of
1914, or at worst, the war of 1914‑1915.” What Blainey
termed “the complicated trellis of hope” blunted fear of
the destruction of war with the confidence of speedy
victory.
Unfortunately, there is no obvious reason to be-
In 1990, Harvard
lieve that war within cyberspace will be exempt from cyberspace even now is up for grabs. Professor Joseph
such bone-headed tendencies of human behavior. Com- Once begun, conflict in cyberspace could carry Nye (center, in 2004
photo) coined the
petition in cyberspace may be even more subject to the some traditional and very nasty baggage, just in new term “soft power”—
non-military and
sense that attacks can be swift, successful, and leave forms. One of these is the dreaded stalemate, as non-economic means
for “altering the
opponents reeling with confusion. Added to the incen- seen most bloodily in World War I. Stalemate among behavior of others to
tive is the greater chance of escaping attribution. Even too‑evenly matched powers is not a far-fetched or im- get what you want.”
Is cyber power an
if the source of an attack can be determined, it is still probable prospect for cyberspace. Multiple top‑tier element of soft
power? (Harvard
possible that the presence of innocent bystanders or competitors already exist. News Office photo/
Rose Lincoln)
even friendly forces along the cyber pathways will deter The hope that cyberspace may spread the ratio-
armed reaction. The danger of damage from “friendly nality of commerce and therefore impede war-making
fire” would be too great. should also be taken cautiously. Thinkers from Machia-
Competition in the cyberspace domain may be velli to Norman Angell have observed periods of flour-
more likely than in other domains simply because the ishing commerce and communication and promulgated
threshold is low. Many have noted this, but usually theories of peace with enlightened self‑interest at their
without fully exploring the consequences. One of the center, the idea being that nations with so much wealth
most common observations is that barriers to entry at stake would never risk it for something primitive like
are extremely low. There is no need to build expensive power or ambition. In fact, there are those today who
expeditionary joint forces. With the Internet in place see the rise of cyberspace as brokering a new medium
as the transport layer of worldwide communications, free of kings and conquests. However, history suggests
the attack arena is already in place near to hand. War the most likely path is that cyberspace becomes one
is easier to characterize in hindsight than to predict, more arena of war, unfortunately.
but the ongoing level of intrusion attacks signals that

53. “The Causes of War,” Geoffrey Blainey, (The Free Press,1988) p. 35‑36.

Rise of Cyber War A Mitchell Institute Special Report 21

 APPENDICES
Michael W. Wynne
Secretary of the Air Force
Remarks as delivered to the C4ISR Integration Conference
Nov. 2, 2006, Crystal City, Va.
(http://www.airforce-magazine.com/DocumentFile/speeches/Pages/wynne_spch110206.aspx)
I want to discuss with you today a subject I regard
as extremely critical: the freedom of cyberspace.
Just last week, Deputy Secretary of Defense Gor-
don England, speaking before a major network warfare
audience, listed the attempts of hackers, “cyber-vigilan-
tes,” terrorists, and even hostile nation-states to de-
grade our fighting networks as the single issue that he
spends “more time thinking about in the middle of the
night, than any other.”
Before addressing cyberspace directly, I want to
set some context, first as to the mission of the Air
Force, then as to the topics of this conference, and
also as to what we are learning from current combat.
The mission of the Air Force is to deliver sovereign
options for the defense of the United States of Ameri-
ca and its global interests—to fly and fight in air, space,
and cyberspace. This was defined a year ago, and then
codified a month later, on December 5, 2005.
“Delivering sovereign options” means operating
across the joint spectrum so that we provide to the
President scalable choices that are unlimited by dis-
tance and time, and span the entire range from hu-
manitarian assistance to nuclear strike, kinetic, and
non-kinetic.
In short: global reach, global vigilance, global power.
This includes the powerful option to use timely in-
formation to deter and to avoid use of kinetic weap-
onry. General Curtis LeMay emphasized this when he
said, “Peace is our profession,” making it the slogan of
the Strategic Air Command.
All these options have one common foundation—
persistent, lethal, overwhelming air, space, and cyber-
space power massed and brought to bear anywhere,
anytime.
Thus, the Air Force serves by being prepared to
set strategic, and then, if needed, also tactical condi-
tions for deterrence, dissuasion, or defeat, and in this
way offer to our commanders options throughout the
spectrum of conflict.
Air Force Chief of Staff General Moseley likes to
say, “The soul of an Air Force is range and payload.”
22
I would salt and pepper persistence in there as well.
That is why, after 53 years, we are again seeking 21st
century parallel strategic assets in the form of new
tankers and global strike to meet our responsibilities
in the air domain, emphasizing expeditionary, as well as
persistent strategic options, to ensure the robustness
of the nation’s global power; and recognizing that the
replacement of our satellite constellation is at hand, to
fulfill our global vigilance task.
Now, consider how cyberspace stands in relation
to the topic of this conference. The topic is “C4ISR.” For
many in the military and certainly for others in the daily
walk of life, it helps to take a moment and parse the
elements of the acronym.
There are four Cs—command, control, computers
and communication, then, intelligence, surveillance,
and reconnaissance.
It started with “command and control,” an old mili-
tary studies term. Nowadays the two words are sepa-
rated as being two individual items, subject to debate.
There was even sometimes confusion as to whether
the “I” is “intelligence” or “information.”
Here are some things to notice. First, the whole
term C4ISR has the mantle of familiarity—we don’t
step back and pick it apart.
Second, each component is a function—not a battle
domain, but a function—a form of activity or service.
Third, the six functions are a grab-bag, bundled
over the years. While connected in a sense as func-
tions that move data, they are disparate as to physics.
But by common assent, we group them for conversa-
tion. This facilitates research in the varied areas of
sensors, electronic attack, and access and compiling
of commander-level information extracted from gath-
ered data.
Finally, the functions all are vital flows within each
of the battle domains of land, sea, air, space, and, as we
shall see, in cyberspace.
I have brought a video that illustrates the flows of
C4ISR functions—that means, the flow of data—in bat-
tle, today. As you watch the video I ask you to consider
two questions:
First, now that we have enhanced the application
space for networked operations and really moved com-
munications trust and reliability to a prominent posi-
tion in our concept of operations, how do we defend the
net on which all our capabilities depend?
Second, what new habits of thought do we need to
adopt in order to create the capacity to deter, guard,
rescue, strike, and assess in what will probably be the
cyberfight of the 21st century?
[video segment]
The video illustrates the components of what I call
the “information mosaic.” The whole data net—analog
and digital, pixels and composites, images—from all
sensors that can be collected and downloaded and
crossloaded for use by all in the fight.
By filtering critical data from the “information
mosaic” to the strategic planner and right out to the
weapon system itself, we increase flexibility and lethal-
ity. This requires common gateways such as cursor-on-
target to maximize data usage. As assistant Secretary
of Defense John Grimes recently put it—it is about the
data, and maximizing access.
All the information flow moves in the cyber domain,
meaning the entire flow can be vulnerable to a cyber-
space attack.
Let’s look at the two questions I asked before the
video:
First, how shall we defend the communication net
on which all our capabilities depend? This question is
critical. Our ability to fight in ground, sea, air, and space
depends on communications that could be attacked
through cyberspace. The capital cost of entry into the
cyberspace domain is low. The threat is that a foe can
mass forces to weaken the network that supports our
operations in any battle domain. The other side of the
coin of netcentric operations is cyber vulnerability. De-
fending and fighting in the cyber domain is absolutely
critical to maintain operations in ground, sea, air and
space.
The second question is, what new habits of thought
do we need in order to create and develop technology,
and to fight in the 21st century?
The answer is to go back to my comment at the
start, and think in terms of trust. Our operations in
each of our services all rely on trust. That is, the pilot
can trust information that a target is the foe, not inno-
cent inhabitants of a school building or hospital or em-
bassy. The ground fighter with a communication device
can trust that the device is not being tracked by a foe,
potentially exposing the ground force unnecessarily.
This new way of war is data-dependent. So we need
to think in terms of trust and securing trust.
So, now let us turn to the imperatives our country
confronts in the cyber domain and the actions which
the Air Force is taking. Here are some scenarios that
emphasize the imperatives:
Right now, a terrorist lies on his belly in a dusty
ditch. He holds a radio transmitter to detonate an im-
provised explosive device, to kill Americans as they con-
voy across a stretch of broken asphalt. His use of cy-
berspace is currently being contested, but not always.
Right now a drug trafficker sits under a tarp in
a boat, bobbing off a Caribbean beach, setting up,
potentially, a cocaine drop for nightfall. He gets GPS
coordinates on a SATCOM phone from a controller a
continent away. His use of cyberspace is practically un-
contested.
Right now a finance technician is moving US dol-
lars via laptop to support terrorist ops, while sipping
coffee in an internet cafe. His use of cyberspace is
practically uncontested.
Right now a foreign government engineer is in the
net using stolen American technology to build radar
and navigational jammers to counter American air su-
periority. His use of cyberspace is uncontested.
Right now a foreign hacker is crashing an Ameri-
can server that holds a web site with data he does not
like. His use of cyberspace is uncontested, though sub-
ject to pursuit.
Right now rogue securities traders, sex traffick-
ers, and data thieves are poised at computers world-
wide, reaching into the American net. In a speech just
last week, Attorney General Alberto Gonzales voiced
his concern about the predators who range through
cyberspace, accosting our children. Their access to cy-
berspace is uncontested, though, again, they are sub-
ject to some pursuit.
Each of these examples is real. I could name many
more.
What we are seeing is that the cyberspace domain
contains the same seeds for criminal, pirate, transna-
tional, and government-sponsored mischief as we have
contended with in the domains of land, sea, air, and now
contemplate as space continues to mature.
This reminds us of the history that it is military
capabilities that long ago helped make it possible to
free the Barbary Coast of pirates, so that our world
of commerce and ideas could enjoy freedom of the
seas, and that freedom of the seas continues to be
sustained thanks to the US Navy and Coast Guard
partnership with the appropriate authorities in coastal
jurisdictions.
This refers also to the idea that America’s opera-
tions in air and space set the strategic conditions for
world commerce to enjoy freedom of the skies.
Rise of Cyber War A Mitchell Institute Special Report 23
 I am told that by far the larger portion of the
goods in commerce worldwide, by value, travel by air.
The remainder moves by sea, mostly bulky commodi-
ties. Freedom of the skies is undergirded by the US
Air Force, more than by any other power or force, just
as freedom of the seas is undergirded by the US Navy
and Coast Guard, again in partnership with the right
authorities.
In sum, in cyberspace our military, America and
indeed all of world commerce face the challenge of
modern day pirates, of many stripes and kinds, steal-
ing money, harassing our families, and threatening our
ability to fight on ground, air, land and in space.
The National Strategy to Secure Cyberspace
states: “A spectrum of malicious actors can, and do
conduct attacks against our critical information in-
frastructures. Of primary concern is the threat of
organized cyber attacks capable of causing debilitat-
ing disruption to our Nation’s critical infrastructures,
economy, or national security.”
The strategy calls upon national security planners
specifically to:
“Improve capabilities for attack attribution and re-
sponse.”
“Improve coordination for responding to cyber at-
tacks within the US national security community.”
“Foster the establishment of national and interna-
tional watch-and-warning networks to detect and pre-
vent cyber attacks as they emerge.”
Now, my duty as the Secretary of the Air Force is
to put the nation’s most technologically capable force
on a path to do our share of the task of presenting
to our combatant commanders, and so to the Presi-
dent and the nation, the trained and ready forces they
may need to ensure the same security and freedom
of cyberspace that Americans and indeed many in the
world already enjoy in the oceans, in the air, and also
in space.
This duty is joint, and, as I have noted, it is interde-
pendent. The duty is to bring to the fight what the Air
Force has to offer, and to exercise good stewardship
of the Air Force personnel and resources that are in
some cases already devoted to operations in cyber-
space.
This does not mean “control” of cyberspace, any
more than the other domains of ground or maritime.
It does mean making our contribution to securing the
benefits of cyberspace for our military and, indirectly,
for our national and even world commerce.
This means recognizing that the idea of freedom of
cyberspace may in time be the same kind of principle
as freedom of the seas and freedom of the skies. This
means that cyberspace is a domain on which many rely
24
and in which warfighting can, and, actually by some defi-
nitions already, takes place.
One rough and ready demonstration that cyber-
space is a true domain on a par with land, air, space,
and sea is to apply the basic questions of the principles
of war.
For example, Can one mass forces in cyber? Yes.
Does surprise give an advantage in cyber? Of course.
Simplicity? Economy of force? Clarity of objective? Yes,
yes, and yes.
Here is a call for the professional military. The
domain is new, but the trained mind of the uniformed
warfighter is needed to wage this fight.
Just as the air domain is governed by aerodynam-
ic forces, and the space domain by orbital mechanics,
cyberspace has mathematical, and electromagnetic
principles at work. Due to the size of the global infor-
mation grid and easy access to the electromagnetic
spectrum, effects in cyberspace can take place nearly
simultaneously at many places. Effects can be massive
or precise, lasting or transitory, kinetic or non-kinetic,
lethal or non-lethal.
The definition of cyberspace must be broad
enough to enable us to integrate the vast possibilities
that the electromagnetic spectrum offers now and for
the future. Last month, the Joint Chiefs of Staff defined
cyberspace as:
“A domain characterized by the use of electronics
and the electromagnetic spectrum to store, modify,
and exchange data via networked systems and associ-
ated physical infrastructures.” This definition is being
codified in The National Military Strategy for Cyber-
space Operations.
Today I am announcing the steps the Air Force is
taking towards establishing an Air Force Cyberspace
Command.
The aim is to develop ultimately a major command
that stands alongside Air Force Space Command and
Air Combat Command as the providers of forces on
whom the President, combatant commanders and the
American people can rely for preserving freedom of
access and commerce in air, space, and, now, cyber-
space.
Let me summarize the major developments we’ve
undertaken in the past year and the plans for develop-
ing the capability to contribute to do our job in ensuring
freedom of cyberspace.
In December 2005, General Moseley and I re-
stated the Air Force mission Statement to include
cyberspace as a domain where the Air Force delivers
sovereign options.
This step simply recognized the existing fact that
significant Air Force personnel and technology have
long been engaged in fighting in cyberspace.
Good stewardship means attending to the system-
atic training, organizing, and equipping that is our job.
This includes especially attending to the career pro-
gression of the airmen involved in cyberspace, includ-
ing our guard, reserve, and civilian professionals.
The step included consultation with General
James Cartwright, the commanding general of US
Strategic Command, for he is a principal commander
to whom I have the duty to present organized, trained
and equipped cyberspace forces.
We stood up a cyberspace task force in January,
led by military strategist Dr. Lani Kass.... The task force,
composed of officers from across the Air Force, has
spent the past ten months gathering data, research-
ing options.
We addressed cyberspace extensively at the four-
star level during a major warfighting meeting in July.
General Moseley and I have subsequently tasked the
commanders of Air Combat Command and Air Force
Space Command to submit a proposal for establishing
an operational command for cyberspace.
We tasked the commander of Air Education and
Training Command to develop a training plan and the
commander of Materiel Command to analyze the re-
sourcing plans with Air Staff assistance to support an
operational cyberspace command.
The new cyber command is designated as the 8th
Air Force, with a long and strategic deep strike heri-
tage, under the leadership of Lieutenant General Rob-
ert Elder. He will develop the force by reaching across
all Air Force commands to draw appropriate leaders
and personnel.
The 67th Wing and other elements under 8th Air
Force provide the center of mass for this startup activ-
ity. General Elder remains as a force provider to com-
batant commanders.
Simultaneously, General Elder has been asked by
General Moseley and me to develop a roadmap that
could be used to grow the cyberspace command “up-
wards” and have the framework of a full major com-
mand, a peer with Air Combat Command and Air Force
Space Command. We expect that this work will stretch
out for the bulk of this next year.
The mission of bombers now within the 8th Air
Force will remain.
It is fitting that this historic step, the elevation of
cyber to major command status, will take place from
the heart of the 8th Air Force. The 8th Air Force is a
home of heroes. In World War II, it was a breakthrough
force, bringing a new strategic dimension to the fight. It
was the vision of such leaders as Hap Arnold, Ira Eaker,
and Curtis LeMay. In this century, the Eighth Air Force
will be the home of new breakthroughs. This is a noble
home for the mission of ensuring freedom in a whole
new domain.
As I close, here are key points to bear in mind:
The focus is to make the Air Force mission com-
plete on an organize, train, and equip basis. Properly
presenting trained and ready forces offers the right
sovereign options in this domain.
This is a battle domain in which the Air Force oper-
ates with, and supports our sister services, first re-
sponders, and many times non-government organiza-
tions and the many non-military authorities who also
work to keep cyberspace secure. There are many part-
ners across this domain.
There will be careers and a strong future for the
airmen whose work is in the cyberspace domain. Air
Force personnel experts are at work now forming the
career and schooling paths that ensure a full career
with full opportunities for advancement to the highest
ranks of the Air Force, for our military and civilian pro-
fessionals.
When planning and fighting in cyberspace as
a battle domain, the task is one for the professional
warfighter, that is, the trained military professional who
lives, and breathes, and thinks the principles of war. The
Air Force has long had these professionals in uniform,
and I honor them for their service to our country.
As I look across this room, I marvel at the harness-
ing of technology, the invention of applications, and the
representation of the strength that each of you em-
body.
It gives me confidence that freedom of cyber-
space will be secured. The technological innovations
that many of you are directly responsible for, plus the
courage and bravery of our networked force, from mis-
sile defense to tactical commanders and the men and
women they command, defend every day the freedoms
we enjoy in all five domains.
And now, I turn to you and conclude with this ques-
tion. I hope that each of you can ponder it and help our
services and our country find the best answers: In this
21st century, how shall we best carry out the C4ISR
functions in the cyberspace domain?
Thank you for your service, for your continued sup-
port; and may God continue to bless the United States
of America. Thanks for allowing me the honor to pro-
vide the keynote address for this important forum.
Rise of Cyber War A Mitchell Institute Special Report 25
 Michael Chertoff
Secretary of Homeland Security
Remarks to the Chamber of Commerce on Cybersecurity
October 14, 2008, Washington, D.C.
(http://www.dhs.gov/xnews/releases/pr_1224091491881.shtm)
I would like to thank the Chamber for inviting me to
discuss one of the most important initiatives we have
ever undertaken at the department, and in the country,
in the domain of homeland security. This, of course, has
to do with the issue of cybersecurity: the protection of
our information technology and its networks....
This is a major priority for this administration and
I am convinced will be a major priority for the next ad-
ministration. In fact, this month is National Cyber Secu-
rity Awareness month. In recognition of this particular
moment in time, the President has actually asked me
to share a message from him to you.
As follows, “I send greetings to those observing
Cyber Security Awareness Month. Americans and
American business rely on the Internet and protect-
ing its infrastructure is essential to our economy, se-
curity, and way of life. This month is an opportunity for
citizens to learn how to guard themselves and their
families, businesses, and information against online
threats. My administration has taken important steps
to strengthen our defenses against cyber attacks. In
2002 the Department of Homeland Security was cre-
ated to help protect America, including online. In 2003
the National Strategy to Secure Cyberspace created
a framework to help prevent cyber attacks against
America’s infrastructure, reduce vulnerability to cyber
attacks, and minimize damage and recovery time from
cyber attacks that do occur. In January this year, my ad-
ministration implemented the National Cyber Security
Initiative to protect federal networks, and explore ways
to assist industry in securing their infrastructure. I ap-
preciate all those dedicated to securing the Internet.
Your efforts play a key role on an important front of our
nation’s security....”
Unquestionably, cybersecurity is the issue that
touches all of us both in our business capacities and as
individuals in terms of the way our families deal with our
own home computers. It is an issue that will continue to
be on the front burner through the next administration.
Unlike some other areas of homeland security, how-
26
ever, cybersecurity is not exclusively, or even largely, a
federal responsibility, or something the federal govern-
ment can impose on the rest of the nation.
The federal government does not own the nation’s
IT networks or communications infrastructure, nor
would we want to force a burdensome and intrusive
security regime on what is, clearly, one of the most
fluid, dynamic, and reliable engines of our economy. On
the other hand, that doesn’t mean that cybersecurity
is solely a private sector responsibility either. While
the vast majority of the nation’s cyber infrastructure
is in private hands, the reality is that its benefits are
so widely distributed across the public domain, and so
integrated and interdependent in the various different
sectors of our economy, that we face clear national
security risks and consequences with respect to its
protection.
No single person or entity controls the Internet or
IT infrastructure. There is no centralized node, or data-
base, or entry point. No single person, or company, or
government can fully protect it. On the other hand, the
failure in even one company, or one link of the chain,
can have a cascading effect of everybody else. That is
why protecting our IT systems and networks has to be
a partnership in which all of us have to bear our share
of responsibility.
If you wanted an illustration on how important pro-
tecting interdependent systems are, and how impor-
tant a partnership is with respect to trust, just look
at what is going on in the financial area. This has not
been an IT problem, but it has been an all too dramatic
illustration of what happens when there is a failure of
trust across a large domain of institutions. Much of the
solution to this crisis is one that requires a partnership
between the private sector and public sector. I would
argue that as we, hopefully, preempt any crisis in the
area of our IT networks and the Internet, the only way
do that is a joint effort in partnership between the pri-
vate sector and all elements of government.
Let me say there is also a very strong business
case to be made for cybersecurity apart from the na-
tional security case. Most companies understand their
own interest in investing in security measures that will
help shield them from attacks or disruption or will give
them resilience to recover quickly if an attack occurs.
I would also venture to say customers’ trust can easily
be lost in this day in age if the systems through which
people do business with companies become degraded,
or inoperable, or corrupted. This element of trust and
confidence, which is the very DNA of the Internet, is re-
ally the highest value of what allows us to function and
take advantage of the very fluid and beneficial qualities
of having a network 21st century world.
Today I would like to talk about the specific ac-
tions the federal government is proposing to take to
protect cyber infrastructure. The private sector’s role
in this effort and what you can do to help us protect
cyber systems and cyber infrastructure. First, let’s talk
about threat. You know, the Internet has been around
for about two decades. For about the same amount of
time we have been dealing with cyber attacks. Some
people might be tempted to suggest that cyber at-
tacks are merely a cost of doing business, a nuisance
we have dealt with in the past and can deal with in the
future, and there is no real reason to treat this as a
concerted national priority. I think that would be a very
misguided approach and I am sure everyone here un-
derstands why.
The fact is, because in the 21st century and our
reliance on the Internet for everything we do, whether
is the homework our kids do at school, or the business
transactions we engage in multi-billion dollar financial
institutions, we have invented an era of new threats
and greater vulnerabilities in the cyber domain. I am
sure everyone here understands the consequences of
failure have become correspondingly greater and that
is why we are at a moment now where we have to act
with greater urgency and purpose than ever before.
The intelligence community has publicly stated its
assessment that nations, including Russia and China,
have the technical capabilities to target and disrupt
elements of the US information infrastructure, or to
use that infrastructure to collect intelligence and other
kinds of information. Nation states and criminal groups
target our government and private sector information
networks in order to gain competitive advantage in the
commercial sector, as well as in the area of security.
Terrorist groups, including Al Qaeda, Hamas, and Hez-
bollah have expressed the desire to use cyber means
to target the United States. Criminal elements contin-
ue to show a growing and alarming sophistication in
technical capability and targeting, and today operate
a pervasive, mature economy in illicit cyber capabilities
and services that are made available to anybody who
is willing to pay.
As we have seen recently, cyber threats can im-
pact both individuals and nations alike. Let me give you
two examples. First, the Georgia-Russia conflict of ear-
lier this year, perhaps the first instance of a military ac-
tion with a cyber component. Denial of service attacks
launched from Russian IP addresses against Georgia
occurred when we saw military action taken by Rus-
sians against the Georgian government. Large swaths
of Georgians could not access any information about
what was happening in their country. Government web-
sites were defaced and the delivery of government in-
formation and services were curtailed.
A similar denial of service attacked was perpetrat-
ed in 2007. On the criminal side of the house, earlier
this summer in August I announced the largest ID cyber
theft in history. This was a Secret Service case involv-
ing 40 million credit card numbers that had been sto-
len from nine major retailers through a sophisticated,
international scheme perpetrated through what they
call “war driving.” This involved capturing the wireless
transmission of this information from point to point so
it could then later be converted into data that could be
used for criminal purposes. This scheme led to millions
of dollars being withdrawn from the bank accounts of
innocent consumers all around the world. As I said, it is
the worst case of identity theft in US history.
The reality is that cyber attacks aren’t decreas-
ing. They are increasing in frequency, sophistication,
and scope and this has major implications for our na-
tional and economic security. So, how do we protect
ourselves from malicious activity whether it is criminal
in nature, whether it is an extension of state power,
whether it is government or commercial espionage,
or whether it is routine hacking by people who are in-
terested in showing their cyber hacking skills to their
friends. The answer is a comprehensive cybersecurity
initiative.
From the government’s perspective, the first
thing we need to do is to ensure that our own house
is in order, that our federal civilian networks are ad-
equately protected. That means we have to be able to
look across the government and civilian domains, just
as the Defense Department looks across the military
domains, and assess what the vulnerabilities are, re-
duce the points of vulnerability, put into effect the kinds
of tools and regimes that will reduce or eliminate the
possibility of attack, and then, using a 24/7 monitor-
Rise of Cyber War A Mitchell Institute Special Report 27
 ing capability, make sure that we are constantly staying
ahead of an evolving adversary.
I want to make it clear that, although people
tend to think about this issue from the [standpoint of
the] most sophisticated hacking attacks or assaults
launched over the Internet, in fact, there is a wide va-
riety of places from which the threat can be mounted.
To be sure, hacking and penetration over the Internet
is an important part of the threat and therefore some-
thing we need to tend to in terms of defense. We also
have to continue supply chain security, what is being
embedded in our hardware or our software at the time
it is created and before it is sold to us. This is particu-
larly difficult in a global environment where the various
components of what make up a finished product might
be produced at various places around the world where
quality control is not 100 percent.
There was a story in the newspaper over the
weekend about people whose bank account informa-
tion was being stolen because, embedded on some of
the computers being used was ... a code that was [not]
put there by hackers but was manufactured into the
boards and the chips—little trap doors that allowed the
collection of information and the rerouting of it over-
seas. So, that is the second potential attack vector—the
hardware and software that is part of the architecture
of our systems.
Finally, we need to be concerned about the insider
threat. It is the lowest-tech threat, ... somebody coming
with a thumb-drive and downloading sensitive informa-
tion, including passwords, or planting something that
enables someone to capture information and send it
back over the Internet. That can cause as much dam-
age as a classic hacking attack coming over the Inter-
net itself.
With all these things in mind, the [goals] of our
cyber initiative are: establishing good lines of defense
over the Internet; defending against all these threats,
whether they come through the network, by way of the
supply chain, or an insider; and shaping the future en-
vironment by educating the next generation of cyber
professionals and producing leap-ahead technologies
that allow us to stay ahead of the adversary.
I also want to emphasize, because we are dealing
with communications and the Internet—traditionally a
very open architecture and a culture of freedom—we
have to be exceptionally focused on the need to make
sure privacy and civil liberties considerations are at the
center of our efforts. We are not interested in what
is done in some parts of the world where the govern-
ment sits over the Internet and tries to control what
28
people see. That is not the model we are seeking to
emulate here, and that is why we want to be very clear
in everything that we do. Perhaps in more than any
other domain, we need to be [sensitive to] privacy and
civil liberties.
Let me talk about the major elements of the strat-
egy bearing in mind these major focus elements—es-
tablishing lines of defense, defending against the full
range of threats, and shaping the future environment.
First, as it relates to the government, we recog-
nize there are, literally, a thousand connection points
between our government domains, civilian domains,
and the Internet, and we need to limit that number of
access points so we can begin to get a handle on the
threats that are coming through those access points
and build a series of capable defenses. So, even now we
are in the process of reducing the number of connec-
tions over time—the number of connections between
government systems and the Internet so we can better
secure and reduce the vulnerabilities in a much smaller
number then say we had six months ago. We need to
expand our US capability and our national cybersecurity
capability to provide oversight, accreditation, and vali-
dation across the government civilian domains to make
sure everybody has in place the appropriate levels of
security, both in terms of what they permit into the In-
ternet and also how they handle their systems in their
own departments and agencies. We have established
a National Cyber Security Center to coordinate across
a number of individual agency cybersecurity centers
to provide crosscutting situational awareness and to
make sure we’re coordinating among the various cyber
centers that operate in various kinds of government
domains. Once we have reduced the number of entry-
ways, we need to find better ways to mount defenses
at these bridges. We currently have an intrusion detec-
tion system called Einstein. I might use an analogy from
the physical world. If you think of television programs
like “CSI New York” or “CSI Miami”, our current system
is a passive intrusion detection system that comes af-
ter the fact. In other words, we learn there has been a
malicious intrusion, we get the information about what
we can about the signature and the code, and then we
disseminate that information. It is a little bit like sending
your crime scene investigators in after the crime has
been committed to try and collect the evidence and
give warning the next time. We need to move to the
next level, which is Einstein 2.0, which we are currently
in the process of beginning to deploy. That is a real-time
intrusion detection capability. It doesn’t wait until after
the crime is committed. Using information and tools
we were able to get from across the federal govern-
ment, it enables us to detect, in real time, if an attack
is underway. It is a little bit like moving from policemen
who investigate the crime after the fact to the police-
men who is actually standing, watching people go by
on the road and the highway, and when the policemen
sees a suspicious character he or she calls into the
potential target and warns them there is a suspicious
character on the way. You’re asking me here: “You have
a cop who sees a suspicious character? Why doesn’t
he just stop him and arrest him on the spot?” That is
Einstein 3.0. That is where we move from intrusion de-
tection, to intrusion prevention. That is a system that
we are currently working to develop which would allow
us when we see and detect malicious code, or other
indications of an attack, to actually stop it cold before it
permeates and infects our systems. That is the first el-
ement of creating lines of defense. Reducing the entry
points and building better capabilities to protect, and
ultimately prevent, penetration.
The next focus area, which is defending against
full spectrum threats, includes protecting the global
supply chain, working with the private sector to have
better validation about the source of critical elements
of software and hardware, particularly for those sys-
tems where we have high value information that we
want to protect and secure. At the same time, [we
need] old-fashioned counter intelligence, working with
our government systems to make sure we are prevent-
ing people from committing old-fashioned espionage
against us—stealing our data, stealing our passwords,
stealing our capabilities, or implanting in our systems
trap doors that can be used against us.
Finally, the third focus element [is] shaping the
future environment. We are working across the gov-
ernment domain to help recruit and build the next gen-
eration of cybersecurity professionals. That is going
to mean, in particular, working with the private sector
to boost cyber education, training, and recruitment,
as well as working to fund leap-ahead technology and
game changing capabilities that will enable us to in-
crease our cybersecurity. Some months back I was out
in Silicon Valley. Someone was saying to me that part
of the problem is, when people graduate from college
or graduate school, their focus tends not to be on tech-
nology, but developing new systems that are faster,
move more readily vertically and horizontally, and are
quicker at processing data. It seems that cybersecu-
rity has become a little bit of a stepchild. I am going to
suggest that that is going to change in the very near
future, if it hasn’t changed already. Ultimately, the value
of the Internet and all the commerce and activity that
occurs on the Internet, will only succeed in multiplying if
people are confident that they will not lose their crown
jewels when they play in cyberspace. It is easy to man-
age the systems for purchasing goods or getting on
eBay, or exchanging information would become much
less appealing if there were more and more stories
about people losing their most secure information,
their most secure financial data every time they get
onto the Internet. So, my belief is that, more and more,
the issue of cybersecurity is going to be a cutting-edge
area in which smart kids are going to realize there is a
great future, because there is going to be an incredible
demand to keep security up with the increasing expo-
nential growth of the Internet as a tool of commerce,
as well as a tool of social networking. Here is where
private sector cooperation is particularly critical. A lot
of this work is going to be done with you and we want
to make sure you are focused on this....
How do we work with the private sector to secure
not only our own networks but also to help you to se-
cure your networks? We have a structure in place that
allows us to do this at DHS and as you all know it is the
National Infrastructure Protection Plan. It is a model
in which we have 18 sectors of the national economy
we have identified, we work with sector coordinating
councils, representatives of industry, and government
coordinating councils to set goals and priorities and ex-
change information about security as it relates to the
particular sector we are talking about. Recognizing, for
example, the needs of the financial community are very
different from that of the commercial real estate sec-
tor or the communication sector.
What we have done is go back to these sectors
and we have asked under each of these plans that in-
dustry and government look at cyber risks and mitiga-
tions. We are going to bring all this together through
our cross-sector Cyber Security Working Group, look-
ing in particular at interdependencies, information
sharing, and cyber issues that affect multiple sectors
or cut across all the sectors. We are going to explore
options to share Einstein, or similar capabilities includ-
ing capabilities drawn from across the entire govern-
ment, with interested industry partners.
I want to be clear; this is an invitation, not a man-
date. We are not in the business of telling the private
sector you must do this, you must let us in, we are go-
ing to sit on top of you. That would be the easiest way to
alienate most of the people who use the Internet. What
we are going to do is offer a service, offer an invitation.
For those in the private sector who want to take us up
Rise of Cyber War A Mitchell Institute Special Report 29
 on this, we are going to work to see how we can best
mesh with your particular industry architecture to give
you some of the benefit of our capabilities, but in a way
that doesn’t interfere with your basic processes or ...
alienate the trust of your customers and your consum-
ers and get them to be concerned about their own pri-
vacy and civil liberties.
We need to work with the private sector to put
together metrics to make sure we can chart our prog-
ress and to particularly focus on how we can mitigate
the risks that are apparent in the globalization of the
commercial technology industry. How do we help you
build standards that enable the private sector to gauge
the integrity of which systems you are buying, a way
that doesn’t impede the flow of commerce but gives
business consumers and even private consumers the
confidence that they know what they are getting?
Just as we are increasingly concerned in a global
environment about the food we eat, and the toys we
give to our children—and you all know what I am talk-
ing about, because it is in the news all the time—I sub-
mit to you that we have to be equally concerned about
the software and hardware we are bringing into our
homes and our businesses, for precisely the same
reason. Therefore, we have to have precisely the same
kind of approach to ensure we are validating what it is
we are buying and what are the ingredients of the sys-
tems we are bringing into our own places of business
and homes.
30
In short, we have put together a comprehensive
strategy to address cyber threats. The president has
strongly endorsed it and has pushed us very hard in
moving forward to implement it. This will not happen
overnight. It is a multi-year effort. It will require a great
deal of interagency and private sector coordination.
We have made a lot of progress, both in getting our
own house in order and in consulting with the private
sector, and we stand ready to work with you to get
this done as rapidly as possible. We encourage you to
continue to work with us through established channels
we have used in securing infrastructure in the physi-
cal world. Namely, the Critical Infrastructure Advisory
Council and the Cross Sector Cyber Security Working
Group and the individual sector coordinating councils
we have under the net.
The bottom line is: We have a common interest.
Time is short. The people who want to interfere with
our systems have been very busy. They will continue to
refine their tools. We have some very good tools in our
defense, but they’re not going to do us a lot of good if
they sit on the shelf. We ought to make sure we polish
them up and deploy them as effectively as possible.
I know your being here is a [testament] to your un-
derstanding and dedication to this issue. I think it is a
front burner issue, clearly, for the next administration.
I ask for you help and support as we move this forward
as rapidly as possible. Thank you.
 Cyberspace Operations
Air Force Doctrine Document 2-11 [extract]
Draft 2008
FOUNDATIONAL DOCTRINE STATEMENTS
Foundational doctrine statements are the basic
principles and beliefs upon which AFDDs are built. Oth-
er information in the AFDDs expands on or supports
these statements.
Cyberspace is a global domain within the infor-
mation environment consisting of the interdependent
network of information technology (IT) infrastructures,
including the internet, telecommunications networks,
computer systems, and embedded processors and
controllers.
Friendly use of cyberspace needs to be protect-
ed and an adversary’s use countered in support of US
objectives.
The vastness, complexity, volatility, and rapid
evolution of cyberspace place a premium on continu-
ous intelligence preparation of the operational environ-
ment (IPOE).
Ensuring freedom of action in cyberspace is a
complex undertaking that requires comprehensive situ-
ational awareness, understanding of relevant network
segments, and an exceptionally fast decision cycle to
dominate command and control within the domain.
Cyberspace superiority is the degree of domi-
nance in cyberspace of one force over another that
permits the conduct of operations by the former and
its related land, air, sea, space, and special operation
forces at a given time and place without prohibitive in-
terference by the opposing force.
Defensive operations seek to deter adversaries
from intruding on friendly networks, detect and deny
access when attacks are attempted, minimize the ef-
fectiveness of attacks, and determine their source(s).
Offensive operations deny, degrade, disrupt,
destroy, alter, or otherwise adversely affect an adver-
sary’s ability to use cyberspace in support of US objec-
tives.
Once cyberspace superiority is achieved, offensive
operations take advantage of cyberspace freedom of ac-
tion by creating effects in other domains.
Operations to achieve cyberspace superiority
can be integrated with the operational rhythm of the
appropriate air and space operations center (AOC).
Gaining and maintaining access is a critical first
step to achieving effects in other domains and coun-
tering adversary use of cyberspace.
US forces should be capable of operating
through a cyberspace attack. They should recognize
and isolate an attack while continuing to perform criti-
cal actions. Following an attack, they should be able to
reconstitute and regenerate capability rapidly.
Operations in cyberspace can have significant
effects in other domains.
To be successful in this new era of cyberspace
operations, life-long learning is paramount.
Cyberspace professionals are individuals trained
to establish, control, and project combat power in and
through cyberspace.
SELECTED DEFINITIONS
computer network exploitation. Enabling opera-
tions and intelligence collection capabilities conducted
through the use of computer networks to gather data
from target or adversary automated information sys-
tems or networks. Also called CNE. (JP 1-02)
cyberspace. A domain characterized by the use of elec-
tronics and the electromagnetic spectrum to store,
modify, and exchange data via networked systems and
associated physical infrastructures. (AFDD 2-11).
cyberspace superiority. The degree of dominance in
cyberspace of one force over another that permits the
conduct of operations by the former and its related
land, air, sea, space, and special operation forces at a
given time and place without prohibitive interference by
the opposing force. (AFDD 2-11).
defensive cyberspace operations. Actions taken to
create, sustain, and defend friendly use of cyberspace.
(AFDD 2-11).
electronic attack. Division of electronic warfare involv-
ing the use of electromagnetic energy, directed energy,
Rise of Cyber War A Mitchell Institute Special Report 31
 or antiradiation weapons to attack personnel, facilities,
or equipment with the intent of degrading, neutralizing,
or destroying enemy combat capability and is consid-
ered a form of fires. Also called EA. (JP 1-02)
electronic protection. Division of electronic warfare
involving actions taken to protect personnel, facilities,
and equipment from any effects of friendly or enemy
use of the electromagnetic spectrum that degrade,
neutralize, or destroy friendly combat capability. Also
called EP. (JP 1-02)
electronic warfare. Military action involving the use
of electromagnetic and directed energy to control the
electromagnetic spectrum or to attack the enemy.
Electronic warfare consists of three divisions: electron-
ic attack, electronic protection, and electronic warfare
support. Also called EW. (JP 1-02)
electronic warfare support. Division of electronic
warfare involving actions tasked by, or under direct
control of, an operational commander to search for,
intercept, identify, and locate or localize sources of in-
tentional and unintentional radiated electromagnetic
energy for the purpose of immediate threat recogni-
tion, targeting, planning and conduct of future opera-
tions. Also called ES. (JP 1-02)
electromagnetic spectrum. The range of frequencies
of electromagnetic radiation from zero to infinity. It is
divided into 26 alphabetically designated bands. Also
called EMS. (JP 1-02).
information operations. The integrated employment
of the core capabilities of electronic warfare, comput-
er network operations, psychological operations, mili-
tary deception, and operations security, in concert with
specified supporting and related capabilities, to influ-
32
ence, disrupt, corrupt or usurp adversarial human and
automated decision making while protecting our own.
Also called IO. (AFDD 2-5)
kinetic. Actions or effects that physically alter the ma-
terial characteristics of a target. Kinetic actions may
have lethal or nonlethal results. (AFDD 2-11).
malware. Software such as viruses or Trojans de-
signed to cause damage or disruption to a computer
system. (AFDD 2-11)
network attack. The employment of network-based
capabilities to destroy, disrupt, corrupt, or usurp infor-
mation resident in or transiting through networks. Also
called NetA. (AFDD 2-5).
network defense. The employment of network-based
capabilities to defend friendly information resident in or
transiting through networks against adversary efforts
to destroy, disrupt, corrupt, or usurp it. Also called
NetD. (AFDD 2-5).
network operations. Activities to operate and defend
the Global Information Grid. Also called NetOps. (JP 1-
02).
nonkinetic. Actions or effects that do not physically al-
ter the material characteristics of a target. Non-kinetic
actions may have lethal or nonlethal results. Examples
include use of cyberspace weapons, information opera-
tions, or electronic warfare. (AFDD 2-11)
offensive cyberspace operations. Actions taken to
deny, degrade, disrupt, destroy, alter, or otherwise ad-
versely affect an adversary’s ability to use cyberspace
in support of US objectives. (AFDD 2-11).
 About the Air Force Association

The Air Force Association, founded in 1946, exists to promote

Air Force airpower.

We educate the public about the critical role of aerospace

power in the defense of our nation, advocate aerospace power
and a strong national defense, and support the United States
Air Force, the Air Force family, and aerospace education.

AFA is a 501(c)(3) independent, nonpartisan, nonprofit educa-

tional organization, to which all donations are tax deductible.
With your help we will be able to expand our programs and
their impact. We need your support and ongoing financial
commitment to realize our goals.

AFA disseminates information through Air Force Magazine,

airforce-magazine.com, the General Billy Mitchell Institute for
Airpower Studies, national conferences and symposia, and
other forms of public outreach. Learn more about AFA by vis-
iting us on the Web at www.afa.org.

1501 Lee Highway

Arlington VA 22209-1198
Tel: (703) 247-5800
Fax: (703) 247-5853