See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/350837997

INTEGRATION OF CYBER DEFENSE INTO THE OPERATIONAL PLANNING

PROCESS

Conference Paper · October 2015

CITATIONS READS

0 3

1 author:

Stefan-Antonio Dan-Suteu
National Defence University "Carol I"
16 PUBLICATIONS   1 CITATION   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

IISMA - Integrated information system for management of activities View project

POSDRU/187/1.5/S/155385 with the title “Integrated/educational network for the formation, counseling and orientation of doctoral students for a research career in
security, defense, public order and national security domains - SECNETEDU View project

All content following this page was uploaded by Stefan-Antonio Dan-Suteu on 13 April 2021.

The user has requested enhancement of the downloaded file.

 INTEGRATION OF CYBER DEFENSE INTO THE OPERATIONAL
PLANNING PROCESS

Ştefan-Antonio DAN-ŞUTEU

LTC, Senior instructor PhD candidate, Command and Staff Faculty

“Carol I” National Defence University
dan.antonio@gmail.com

Abstract: The emergence of the cyber operational environment and its associated issues raise several challenges
across the military operational planning process. This new paradigm should be acknowledged and taken into
account by commanders and military planners in order to ensure the success of their operations. Any future
military exercise and operation must contain a cyber component, in terms of specialized personnel, specific
activities, procedures and injections, which should ensure the necessary conditions for the availability,
protection and dissemination of information required by our own forces as well as the appropriate means to
deny, degrade or disrupt the use of the adversary command and control systems or other cyber capabilities.
Keywords: operational environment, operational planning, cyber defense, command and control.

The current context in which the
planning of military operations is
conducted is significantly influenced by
the implementation of technologies,
applications and systems pertaining to the
field of information and communication.
The increased network connectivity
ensures military planners with quick access
to significant data, accelerates the
processing and dissemination of
information analysis products, contributes
to an accurate common operational picture
and accelerates the preparations and
transmission of orders for military
operation. By judicious exploitation of
these above-mentioned benefits our own
decision cycle can be shortened,
overtaking the opponent's decision cycle
and ensuring the necessary conditions for
gaining or maintaining the initiative and
the success of own forces planned
operations.
Thus, in line with modern high-tech
battleground characteristics, populated
with increasingly complex command and
control systems, sensor networks,
communication and information systems,
drones and interconnected battle platforms
there is an obvious growing importance
that should be attributed to the cyber and
electromagnetic environments as they
Proiect cofinanţat din Fondul Social European prin Programul Operaţional Sectorial pentru Dezvoltarea Resurselor
Umane 2007-2013 „Investeşte în OAMENI”
become critical to the success of military
actions.
In extent, the large scale
implementation of information and
communication technologies
and their increasing importance in the
contemporary human and institutional
relationships determines the attribution of
a growing importance to the management
of the cyber and electromagnetic
environment. It is necessary that this new
reality, marked by the emergence of these
two new operational environments, to be
acknowledged and taken into account by
commanders and military planners in order
to ensure the success of their operations.
We believe that any military operation
must contain a cyber component (in terms
of specialized personnel and specific
activities), which should ensure the
provision for the availability, protection
and dissemination of information required
by own forces as well as the appropriate
means to deny, degrade or disrupt the use
of the adversary command and control
system and other cyber capabilities.
Some modern armed forces have
taken a leap forward on the way to
integration of cyber defense into the
operational planning. A good example is
the US provisional doctrine for unified

54
land operations which stipulates that staffs
and military commanders plan, conduct
and carry out operations in the cyber and
electromagnetic environments, defined as
"activities leveraged to seize, retain, and
exploit an advantage over adversaries and
enemies in both cyberspace and the
Figure 1. Operational view4
electromagnetic spectrum, while
simultaneously denying and degrading
adversary and enemy use of the same and
protecting the mission command system".1
Also the mission command
doctrine stipulates that, in order to ensure
the success of operations, the commanders
supported by their staff, must integrate, as
part of the operations process, the
cyberspace operations, electromagnetic
spectrum operations and electronic
warfare. “These activities must be
synchronized across all command echelons
and warfighting functions, enabling inform
1
ADRP 3-0, Unified Land Operations, Department
of the Army, Washington, DC, 16 May 2012;
Proiect cofinanţat din Fondul Social European prin Programul Operaţional Sectorial pentru Dezvoltarea Resurselor
Umane 2007-2013 „Investeşte în OAMENI”
55
and influence activities, signals
intelligence, and network operations.”2
At implementation level the US
doctrinal provisions are reflected in an
approach which aims the integration in the
operational planning and synchronization,
along three lines of effort, of the activities
to be conducted in the cyber and
electromagnetic environment, respectively
cyber operations, electronic warfare
operations and electromagnetic spectrum
management operations.3
From this perspective the figure 1
depicts the cyber electromagnetic activities
operational view.
In order to integrate and
synchronize4the elements from these three
areas of interest, this approach involves, in
2
ADRP 6-0, Mission Command, Department of the
Army, Washington, DC, 17 May 2012;
3
FM 3-38, Cyber Electromagnetic Activities,
Department of the Army, Washington, DC, 12
February 2014;
4
Ibidem;
addition to establishing a common
operational language, the justification and
definition of roles and responsibilities
associated with the commanders,
subordinate staff and troops.
The rational and efficient
exploitation of cyberspace, in conjunction
with the electromagnetic environment,
ensure the achievement of communication
requirements, processing and sharing of
information and the integration and
synchronization of military operations
along the entire chain of command and
along all the warfighting functions.
However, due to their specific
characteristics, the cyberspace and the
electromagnetic environment provides also
to the potential adversaries opportunities
for exploitation, ion terms of planning,
conducting and executing of cyber and/or
electronic attacks against our own
communication and information networks
and weapons systems. Therefore a
fundamental requirement needed to be met
for the successful execution of our planned
operations is to ensure the security and
defense of the cyber and electromagnetic
environment simultaneously denying their
use by the adversary.
This goal can be achieved through
the implementation of necessary measures
to integrate and synchronize operations
within cyberspace and the electromagnetic
spectrum, resulting in an improved
common knowledge of the operational
environment, a shortening of decision-
making cycle, an increased efficiency of
leadership at all command levels and
increased defense possibilities against
enemy attacks.
Taking into account the fact that
the activities in the cyber environment
depends increasingly on wireless
technologies it is obvious that operations
conducted in this environment must be de-
conflicted and synchronized with the
specific electronic warfare operations and
spectrum management, as they concurred
on the same natural resource. All three
types of operations should be perceived as
Proiect cofinanţat din Fondul Social European prin Programul Operaţional Sectorial pentru Dezvoltarea Resurselor
Umane 2007-2013 „Investeşte în OAMENI”
56
inter-relational and interdependent.
Starting from this joint feature of the cyber
and electromagnetic operations, the
military planners must determine, plan and
design in a joint manner the specific
operations, ensuring their integration and
synchronization with the classical physical
operations, kinetic by nature.
Within each military unit
establishment should exist a cyber staff
element responsible for the planning,
preparation, conduct and assessment of
cyber related activities and operations,
both defensive and offensive. This staff
element should ensure the achievement of
multiple and complex tasks as follows:
• Develop and integrate cyber
elements and actions into exercises and
operation plans;
• Support cyber policies and ensure
compliance of cyber activities with
applicable policy laws and regulations;
• Plan, prepare, execute, and assess
cyber operations;
• Identify and coordinate cyber
intelligence support requirements;
• Integrate intelligence preparation
of the cyber environment into the
operations process;
• Evaluate offensive and defensive
requirements for cyber capabilities;
• Maintain available cyber
resources;
• Identify and propose targets
within cyberspace to superior echelon for
assessment and approval;
• Plan, coordinate, and evaluate
friendly cyber operations;
• Implement friendly electronic and
network security measures;
• Identify civilian/commercial
cyber related infrastructure capabilities
within the unit assigned area of operations.
Cyber operations should be
integrated into plans and orders through
the military decision making process. The
staff element responsible for cyber
operations should be actively involved in
all the steps of the operational planning
process (receipt of mission, mission
analysis, course of action-COA
development, analysis, comparison and
approval, orders production, dissemination
and transition) as well as in preparation,
execution and assessment of the operation
phases. It should ensure also the
integration of cyber specific elements into
the intelligence preparation of the
battlefield, targeting process, risk
management, and continuing activities
processes.
Taking into account the complexity
and the very dynamic nature of cyber-
related activities, the cyber staff element
need to be directly connected and work
closely with the information staff element,
operations staff element as well as with the
communication and information systems
element, in order to achieve efficient
awareness and prompt reaction to the
changing operational environment.
It is important to emphasize that a
modern armed force must possess the
necessary capabilities to conduct cyber
operations while maintaining efficiency in
the use of advantages offered by an
electromagnetic spectrum which becomes
more and more congested. This approach
has the potential to provide tactical,
operational and strategic advantages,
which traditionally have been achieved
only through violent means and physical
destruction.
However, we must be keeping in
mind that cyber operations may involve a
number of problems and challenges that
require reflection. Thus, the associated
judicial-legal issues may negatively
influence the duration of decision making
and approval cycles for the courses of
action. Also, due to the increased
interconnectivity of current information
networks, cyber operations may cause
undesired effects, difficult to predict,
effects which may spread beyond the
classic battlefield geographical limits.
Although a permanent solution and
thoroughly tested throughout history, the
use of kinetic means and methods presents
the major disadvantage of direct and
Proiect cofinanţat din Fondul Social European prin Programul Operaţional Sectorial pentru Dezvoltarea Resurselor
Umane 2007-2013 „Investeşte în OAMENI”
57
collateral losses of lives and civilian
property. In antithesis, cyber operations
have a more subtle feature, they are mostly
non-lethal and, once started, takes place
virtually at the speed of information
transmission.
In order to ensure the unity of
effort in achieving the objective of creating
an operational cyber capability an
important role should be played by the
specific cyber doctrine requirements. Also
organizational and infrastructure
requirements should be aligned with the
selection, training and skills development
of cyber operations leaders and specialists.
This can be achieved through advanced
programs of study and training, mainly
with practical emphasis, which must
include, in an integrative manner,
disciplines which although related are
traditionally studied separately, disciplines
covering the fields of reconnaissance,
intelligence, information, communications,
computer networks and electronic warfare.
The cyber operations can have a
defensive or offensive feature. The
defensive operations can be easily
integrated in the operational planning as
they are passive in nature and network
protection is already implemented.
However, the offensive cyber operations
are directly linked to the available so
called cyber weapons.
The potential for integrating the
cyber weapons in the war game requires
further justification and experimentation.
Apparently, due to the typology and nature
of these new types of military means there
is no a significant difference between their
deployment and use at tactical, operational
or strategic level. The interconnected
structure of modern computer and
communications networks may prevent the
limitation of a cyber-attack, whose effects
can propagates beyond expectations and
may cause negative consequences of
different magnitudes, inducing a
significant potential risk even at political
level.
 It is necessary that the armed forces
determine ways to use the new information
technologies and applications in order to
identify the attackers before a cyber attack
can occur, or at least during its on-going
timeframe, and not in a post-factum
manner, as the majority of cyber attacks
are currently assessed.
Due to the specific characteristics
of cyber environment the offensive and
defensive actions deployed in this
environment are not easy to be separated,
the differences between them having a
high degree of uncertainty and been
characterized by the fact that it is not
possible to be defined with clarity and also
by the fact that they cannot be conducted
in isolation mode. Even though, the
majority of cyber experts agreed on the
fact that, regardless an exact definition, the
cyber environment favors the attacker.
These considerations emphasize the
potential role that offensive cyber
operations may play in the future military
confrontations. As a general said, through
an analogy with a medieval kinetic
confrontation "Catching arrows is not all
that much fun. At some point, it's
preferable to go kill the archer."5
Initiatives for integration of cyber
defense into the operational planning exist
also at NATO level. The adopted Smart
Defense concept aims an innovative
approach to support the development of the
Alliance's military capabilities, including
cyber capabilities, through improved
cooperation between the military,
academia and industry and through
encouraging national and multinational
initiatives in the field of cyber defense.
However, the use of defense
planning process of the Alliance in the
cyber realm is facing serious challenges,
mainly due to the large variation in
equipment and training, to the degree of
5
Maj. Gen. Brett Williams, article Offense and
defense not clearly separable in cyberspace, at
http://www.fiercegovernmentit.com/story/offense-
and-defense-not-clearly-separable-cyberspace-says-
cybercom-general/2013-02-25
Proiect cofinanţat din Fondul Social European prin Programul Operaţional Sectorial pentru Dezvoltarea Resurselor
Umane 2007-2013 „Investeşte în OAMENI”
58
development of cyber capabilities at the
component nation’s level and also due to
national strategies, policies and laws in the
field of cyber security.
“The precondition for an effective
use of the defense planning process in
cyber defense is not only information
about existing capabilities, but also
differing national policy, legislative and
doctrinal approaches. Since the
overarching goal of the defense planning
process is to bring together the civilian and
military aspects of Allied defense, there is
no reason to rule out its application to
cyber capability development”.6
In accordance with the NATO
Cyber Defense Policy endorsed at the
Wales summit, the cyber-attacks can be
treated as harmful as conventional attacks
and cyber defense is now considered a part
of NATO’s core task – collective defense.
The ambiguity however remains as to what
degree of intensity under what kind of
circumstances would warrant the Article 5
response since the decision ultimately rests
with the North Atlantic Council that
decides on a case-by-case basis. There is
also vast discrepancy between NATO
members’ cyber capabilities.
Currently only about half of NATO
member nations dispose of some type of
cyber defense capability within their armed
forces but national cyber capability targets
are to be elaborated within the NATO’s
Defense Planning Process by 2016 giving
rise to calls for future establishment of a
joint cyber command under the SACEUR
and development of NATO cyber warfare
doctrine.7
Annually NATO plans and
conducts specialized cyber defense
exercises and also aims to incorporate
cyber defense elements in all its military
6
Krause H., NATO on its way towards a comfort
zone in cyber defence, NATO CCD CoE, Tallin,
Estonia, 2014;
7
Kufčák J., NATO after the Wales Summit:
Readying the Alliance for the Future, Octomber
2014, at http://www.amo.cz/editor/image/
produkty1_soubory/amocz_pp-2014-6.pdf
 exercises, both in the planning and the
execution stage. Despite the current trend
in decreasing defense budgets, the
challenges NATO must address are
increasingly complex and diversified,
prompting the need to find innovative
solutions to ensure the success of Alliance
operations not only in traditional
environments but also in the cyberspace.
Taking into account all the above-
mentioned considerations I can conclude
that determining how to address the
challenges and opportunities that
cyberspace offers will remain an open
issue in an evolving process.
A lot of variables, as political
direction, legal and doctrinal provisions,
resources at disposal, available technology,
time capital, specialized workforce, etc.
will determine the manner in how the
armed forces develop feasible solutions to
the cyber issue. However, I believe that the
requirement to operate within this part of
the operational environment will remain,
regardless of the various constraints,
because, in the near future, to obtain and
maintain an advantage in the cyberspace
will be crucial to a successful military
operation.
Bibliography
1. ADRP 3-0, Unified Land Operations,
Department of the Army, Washington,
DC, 16 May 2012;
Proiect cofinanţat din Fondul Social European prin Programul Operaţional Sectorial pentru Dezvoltarea Resurselor
Umane 2007-2013 „Investeşte în OAMENI”
59
View publication stats
2. ADRP 6-0, Mission Command,
Department of the Army, Washington,
DC, 17 May 2012;
3. FM 3-38, Cyber Electromagnetic
Activities, Department of the Army,
Washington, DC, 12 February 2014;
4. Krause H., NATO on its way towards a
comfort zone in cyber defence, NATO
CCD CoE, Tallin, Estonia, 2014;
5. Maj. Gen. Brett Williams, article
Offense and defense not clearly
separable in cyberspace, at
http://www.fiercegovernmentit.com/sto
ry/offense-and-defense-not-clearly-
separable-cyberspace-says-cybercom-
general/2013-02-25, accessed on 10th
of September 2015;
6. Kufčák J., policy paper NATO after the
Wales Summit: Readying the Alliance
for the Future, Octomber 2014, at
http://www.amo.cz/editor/image/produ
kty1_soubory/amocz_pp-2014-6.pdf,
accessed on 11th of September 2015.
This work was possible with the financial
support of the Sectorial Operational
Programme for Human Resources
Development 2007-2013, co-financed by
the European Social Fund, under the
project number POSDRU/187/1.5/S/155385
with the title “Integrated/educational
network for the formation, counseling
and orientation of doctoral students for a
research career in security, defense,
public order and national security
domains - SECNETEDU.