Small Wars Journal

The Cyberspace Operations Planner

Tue, 11/05/2013 - 12:18pm

The Cyberspace Operations Planner: Challenges to Education and Understanding of Offensive Cyberspace Operations

Jason M. Bender

Men often oppose a thing merely because they have had no agency in planning it, or because it may have been planned by those whom they dislike.

-  Alexander Hamilton

After nearly three years in the cyber community, my continual experience is one where we regularly confront our own shortcomings in understanding cyberspace, as well as a general misunderstanding of cyberspace operations and basic planning at the military service operational and tactical echelons. This spans a spectrum of a lack of understanding of operations and planning processes by those in the cyberspace operations community, to a lack of comprehension of how to integrate effects from cyberspace operations into plans and operations by the operations community. In the case of the latter, misunderstanding is quickly attributed to an lack education covering the basic tenets of cyberspace operations within the services’ common-core professional military education (PME) and functional training, and in some cases complete lack of visibility or access to functional training that specializes in offensive cyberspace operations (OCO).[1] In the case of the former, misunderstandings in many cases arise from OCO planner’s inability to grasp basic joint or warfighting function concepts, or understanding the linkage of desired effects to operational objectives.

After returning from a temporary duty assignment with 8th U.S. Army to advise them on cyberspace operations this past spring, I was asked by my commanding general – Lieutenant General Rhett Hernandez, then-Commanding General of U.S. Army Cyber Command – what, or who, I thought was a ‘cyber planner’. This is also a question often asked by senior staff officers and commanders while engaging with them at the operational level and tactical echelons. Having given the question considerable thought, experiences while planning OCO brought with them the realization that many commanders, staff officers, and planners between the two communities do not understand one another. The operations community often regards, somewhat tongue-in-cheek, the cyberspace community as populated by individuals ‘getting their geek on’ – in other words, with no operational sense – and often believe that cyberspace operations are too hard to understand and better done by someone else. Well-trained and technically savvy cyberspace operators, on the other hand, are frequently hindered by junior rank and a lack of service or branch common core education, and lack of tactical- or operational-level planning experience, among other things, and frequently compounded by an inability to communicate in common doctrinal or operational language. The two communities effectively stand on their ‘side of the street’ looking at each other intently, but often fail to cross and understand one other.

The highly technical nature of the cyberspace operations community breeds its own problems. While well-trained and technically savvy in their cyberspace fields, technical experts deployed in support of operational-level and CCMD planning efforts are hindered many times by junior rank compounded by lack of service or branch common core education; differences in inter-service or joint force culture; lack of tactical- or operational-level planning experience; and in some cases, individual personalities incompatible with working in collaborative, multi-service planning teams. This cultural divergence – ‘mouth-breathing-knuckle-draggers’ versus the ‘pocket-protector-and-horn-rimmed-glasses-wearing-geeks’ – often frustrates effective communication or understanding of operational objectives, desired effects, tactical tasks, or expectations and limitations faced by the other. Failures in communication or understanding then lead to planning that does not link effects created by the supporting unit to the supported unit’s objectives, or worse, planning and targeting that work at cross-purposes or unnecessarily duplicate efforts.

First-hand experience while planning OCO for continually reinforces that successful planning of cyberspace operations requires a solid foundation of doctrinal planning and operations processes coupled with a working knowledge of joint (or warfighting) functions and elements of combat power. Multiple advisory and training engagements with Army operational and tactical units, training and doctrine centers, and professional organizations demonstrate a critical need to develop commanders’ and planners’ understanding of cyberspace as an integral part of the operating environment. These experiences provided opportunities to interact one-on-one with commanders, staff officers and planners who demonstrated an eagerness to understand cyberspace operations. Until such time that the military institutionalize cyberspace operations into their common-core curricula and training practica, the only alternative to the question-and-answer sessions that follow briefings, office calls, and planning sessions is through a dedicated program of professional reading by the individual. Without knowledge of cyberspace operations – particularly OCO – it is incredibly hard for commanders to visualize appropriate end states or describe their intent based on planners’ inability to understand the operating environment (OE) as an aggregate of cyberspace and the traditional physical domains.

Staff officers – planners in particular – are a product of their formative experiences in terms of assignments and professional (and personal) education. Experiences are heavily informed by service or branch culture and, in some cases, lead to overly-specialized technical or functional educations that eschew basic foundations in doctrinal operations and planning (e.g., grounding in basic concepts for maneuver, fires, or intelligence, surveillance, and reconnaissance planning). While unintentional, the result is not different than if the subjects were deliberately excluded. Planning experiences within the cyberspace operations community continually highlighted a disjointed and non-doctrinal planning process that focused on access and capabilities which may or may not link to the supported unit’s objectives and end states rather than supported objectives and desired effects.

More than anything, experiences in both communities reinforce the need for all planners comprehend the requirement to “integrate [cyberspace operations] into joint operations… [and ensure] synchroniz[ation of] operations and fires, to include [cyberspace operations],” regardless of whether the operations are conducted in cyberspace or the physical domains.[2] This cannot be over-emphasized and is echoed by others in the cyberspace operations community.[3] Just as operational commanders and planners need to understand OCO and the OE, cyberspace operations planners require a firm foundation in doctrinal joint functions and operations processes. Without knowledge and understanding of the other by both sides, the two communities will continue to stand on their respective side of the street glaring at one another.

Despite considerable thought as to what or who a ‘cyber planner’ is, this monograph does not answer the question. It does, however, present and address challenges and struggles within the services – specifically the Army – as they attempt to codify cyberspace operations in terms of the personnel and doctrine needed in order to successfully develop a way ahead. This is presented in three distinct areas. First, a possible model for future cyberspace operations planners is discussed with the presentation of the existing Army Space Operations and Electronic Warfare officers. There are parallels to draw from these two functional areas relative to individual development and educational shortcomings, and a lesson to be learned from the method by which those currently assigned as OCO planners are managed and assigned by their basic branches.

Second, a discussion is presented regarding the services’ need to institute standardized education on the basics of and considerations for OCO planning within their respective common-core PME and functional training. This is critical and must be accomplished soon in order to build future commanders’ and planners’ understanding of cyberspace and cyberspace operations as an integral part of the OE and operations process. Third, an overview of functional training that incorporates OCO is provided to help commanders and senior leaders gain visibility on what is available to develop individual planning capacity, as well as address challenges to accessing it. Integral to this discussion is self-development, and a recommended professional reading list is provided to serve as a guide for who actively seek it. If nothing else, this monograph is intended to generate an open and frank discourse within the military community in order to develop a broader understanding of the challenges faced and spur individual thought regarding those challenges and possible solutions.

‘Cyber Planner’ – An Individual or a Skill?

Cyberspace has become the fifth domain of warfare, after land, sea, air and space. Some scenarios imagine the almost instantaneous failure of the systems that keep the modern world turning. As computer networks collapse, factories and chemical plants explode, satellites spin out of control and the financial and power grids fail.

- “Cyberwar” (The Economist, July 3, 2010)

Approaching the question in the context of an individual brings up the question of whether a ‘cyber planner’ is a career field, a branch or functional area, or a specific military occupational specialty (MOS), and also brings into question whether cyber should be a service of its own along the lines of the Army, Navy, or Air Force, or whether U.S. Cyber Command (USCYBERCOM) should organize itself similar to U.S. Special Operations Command.[4] Most of these questions are beyond the scope of this monograph and are currently pursued by the services and the Department of Defense. However, the question of what a ‘cyber planner’ is remains pertinent, with potential answers potentially resting in part with a general purpose force capability at the individual level, and in part with a specifically and specially trained planner.

In looking through the Army’s occupational specialties and functional areas, there is no ‘planner’ listed among any of them. Planning is an implied role of every branch, functional area, and career field, and generally only delegated to those that show an aptitude for it. Common-core education at the general staff and war colleges focuses on planning as only one part of the operations process (e.g., plan, prepare, execute, and assess), something that must be successfully accomplished in order for commanders and their staffs to develop operational concepts to the point of the “detailed planning necessary to understand, visualize, and describe their operational environment; make and articulate decisions; and direct, lead, and assess military operations.”[5]

If planning remains an implied task of anyone participating in the operations process, then those individuals working to plan OCO will approach it in the same manner, and using the same doctrinal processes, as planning conducted by individuals in the Army’s maneuver, fires, and effects, operations support, or force sustainment branches and functional areas. Cyberspace operations may be special due to the domain, but it is not so different (e.g., unique) that it requires a new or independent processes which differ substantially or depart completely from existing doctrinal operations and targeting processes.[6]

The issue of a specifically trained cyber planner demands recognition that a model already exists with the Army Space Operations officer that the cyberspace operations community could easily follow in terms of a functional area.[7]

[Army Space Operations] officers serve in shaping or operational positions supporting the Army and Joint, Interagency, Intergovernmental and Multinational (JIIM) organizations that focus on developing and integrating space capabilities as well as operationally supporting the warfighter with space-based capabilities. As the Army continues to identify requirements for the “space-empowered” Future Force, [Army Space Operations] officers are integrated into positions in which they can shape, research and develop, and acquire space-related capabilities or in operations and planning positions at all organizational levels within the Army or JIIM environments.[8]

Replace ‘space’ with ‘cyberspace’ or ‘OCO’ and a description quickly takes shape regarding the expertise and skills that OCO planners from the USCYBERCOM service cyber components provide when they deploy in support of CCMDs and their components, or in support of service operational or tactical units.

Somewhat similar to the Army Space Operations functional area, another model is the Army’s Electronic Warfare functional area.[9] For the last year, the Army pursued educating officers (also known as EWOs), warrant officers, and non-commissioned officers in its Electronic Warfare school as the cyber-electromagnetic activities (CEMA) specialist and staff planner at the tactical and operational levels (i.e., brigade combat team, division, corps and Army service component command). The Electronic Warfare courses have been the only courses currently taught in the U.S. Army that currently approach the creation of a service OCO planner rather than a technical specialist, but are only attended by officers designated for transition to or assessed into the Electronic Warfare functional area.

While academically trained on OCO, these officers and warrant officers are not programmed for assignments at USCYBERCOM or ARCYBER and do not benefit from practical experiences or further functional training to be had if assigned to those units. This ultimately indicates that creating a ‘cyber planner’ similar to the Army Space Operations or Electronic Warfare functional areas only marginally bridges the gaps in OCO planning and understanding. To overcome this, Army electronic warfare officers require assignment opportunities at ARCYBER and USCYBERCOM, and should be strongly considered for follow-on assignments to a geographic combatant command or Army service component command afterwards to fully capitalize on their experience.

Further frustrating the classification of a particular branch or functional area as a ‘cyber planner’ is that cyberspace operations must be acknowledged as a holistic effort that incorporates not only OCO, but also defensive cyberspace operations (DCO) and Department of Defense information network operations (DODIN) across the operations process, not just for planning.[10] In that OCO is only a part of larger cyberspace operations, the implication becomes one of the ‘cyber planner’ moving beyond simple classification as an MOS or functional area, and into the arena of becoming either a branch (e.g., a grouping of multiple common occupational specialties) or a career field (e.g., grouping of multiple branches and functional areas).[11] What this really indicates that while the Army Space Operations and Electronic Warfare functional areas are models for a possible future OCO planner, all models are wrong – some just happen to be more useful than others. In this case, the Space Operations and Electronic Warfare functional areas only address one aspect of the challenge (e.g., OCO) and a viable solution requires further elaboration in order to account for the DCO and DODIN.

The Army Chief of Staff’s recent steps toward creating a Cyber Center of Excellence by recommending the combination of the Army’s Signal Center of Excellence at Fort Gordon, GA, with the Army’s Cyber and Electronic Warfare Proponents, takes “the first step in what could be a significant reorganization of soldiers with connections to cyberspace operations.”[12] In conjunction with the recommendation, the Army’s Training and Doctrine Command announced plans to create a “cyber career field… for officers, enlisted soldiers, warrant officers and civilians… with the potential to absorb certain cyber, intelligence and signals soldiers from other branches because of their cyber skills.”[13] In that there is currently no consolidated cyber branch, functional area, or career field, this is a major step by the Army to in an effort to correct the disparate approach of its signals and military intelligence branches by “remov[ing]… conceptual barriers to create a ‘nuanced blending’ of signals, intelligence, electronic warfare and cyber electromagnetic activities skills….”[14] This is a positive step in the right direction in terms of career development, progression, and professionalization, but as of right now the Secretary of the Army has yet to approve the recommendations.

While there are no Army EWOs in the cyberspace operations community, there are a small number of combat arms officers, with a small number of Army field artillery field grade officers (MOS 13A) assigned to the ARCYBER fires element, and targeting warrant officers (MOS 131A) assigned to USCYBERCOM joint fires element. In addition to the sprinkling of combat arms officers spread throughout the ARCYBER and USCYBERCOM staff elements, there is also a population of service Information Operations personnel at USCYBERCOM and its service components who work day-in and day-out on integrating OCO into combatant command plans.[15] These personnel should be individually programmed for follow-on assignments to a CCMD, Army service components, or corps headquarters joint fires elements and targeting cells to capitalize on their skills, or permanently transitioned into the cyber career field. Their skills are critically in demand at the operational and tactical echelons, but without a by-name-request or specific instruction, these individuals are looked at for follow-on assignments to reintegrate them into their parent branch communities which largely have no room for cyberspace operators.

Unfortunately, assignments to USCYBERCOM and ARCYBER for maneuver, fires, and effects career field personnel are seen by the Army as only developmental – but, in truth, all assignments are developmental, with requirements for specialized or specific training and education driven only by the operational demands of the assignment.[16] The Army, however, has the ability to designate certain developmental positions as broadening assignments, those assignments that “develop a wider range of knowledge and skills, augment understanding of the full spectrum of Army missions” with the specific intent to “enhance [the individual’s] warfighting skills, increase their level of responsibility, develop their understanding of interoperability among Army branches, or expose them to… JIIM opportunities….”[17] By designating a billet as a broadening assignment, services place special emphasis on the assignment – making it not only competitive but preferential for future promotion. Another option is for the Army to designate certain billets (i.e., ARCYBER Chief of Fires or USCYBERCOM OCO Planner or Future Operations Chief) as ‘key billets’, those positions that require management of those assignments by Headquarters, Department of the Army to ensure only those colonels or lieutenant colonels with “specific, highly developed skills and experience” are assigned to the position.[18]

The recommendations for creation of a Cyber Center of Excellence and cyber career field, however, leaves unanswered questions. Unanswered is who the Army will immediately transfer into the cyber career field – speculated to be the wholesale Telecommunications Systems Engineer and Information System Manager functional areas, and selected signals and intelligence personnel – and how other senior officers, warrant officers, and non-commissioned officers from other career fields, basic branches and functional areas may be assessed for transfer for the benefit of the service. There are some maneuver, fires, and effects personnel should be considered for immediate transfer into the career field for the benefit of the new career field based on either previous cyberspace operations experiences, current position within the community, or by demonstration of expertise or required skills.[19]

For the most part, personnel are assigned to USCYBERCOM or its service components by their basic branch managers – e.g., Army field artillery or information operations; Marine Corps infantry or intelligence; Navy weapons equipment or information warfare; Air Force pilots or weapons and tactics specialists – and are reassigned back into the service or branch based on their basic branch skills rather than to capitalize on the experiences and skills gained in the cyberspace operations. If basic branches continuing to treat assignments to the cyberspace operations as career distracters, it should appropriately be viewed as mismanagement of talent. Worse, is it puts the individual at risk for promotion in that their experiences and performance in cyberspace operations do not look like that of their basic branch assignments and are hard to quantify or understand by others who have not experienced it, or by those reviewing the record during a promotion board. The more senior the individual, the more serious the problem. As these people depart the service, the services will be deprived of the senior leaders they need so dearly in this emerging career field.

Failure account for and consider the transition of these individuals from their parent branches into the new cyber career field will likely see them depart from the military as they see promotion opportunities in their basic branches evaporate. Until the cyber career field is formally instituted, they are essentially held hostage by a legacy branch system that focuses on producing commanders and does not account well for experiences, skills, or education outside of the confines of the branch perspective and purview.[20] In a sense, they are held hostage in a legacy branch system that grooms them for command rather than identifying them as members of an emerging field that need to be managed individually rather than in their basic branch general population. This was recently echoed by Command Sergeant Major Rodney Harris, the Army Cyber Command senior enlisted advisor, who pointed out perceived Army’s mismanagement of precisely those people who need to be retained, a problem the Air Force also faces.[21]

The question of whether the Army EWOs will be subsumed into the career field also remains open due to objections by the EW community. Additionally, the Army and Marine Corps might consider instituting or adopting a cyber operators qualification badge similar to the U.S. Air Force Cyberspace Operator Badge or U.S. Navy Information Dominance Warfare insignia. These badges, awarded to personnel that achieve specific levels of MOS and functional education, and time-in-position experience, communicate that experience and training to anyone working with whomever proudly wears the badge on their uniform.[22]

Whether or not a cyberspace operations career field is instituted, the services must seriously consider designating specific assignments as key or broadening assignments and filling them with personnel from other than intelligence or signal branches, but especially from the maneuver, fires and effects branches. Doing so presents opportunities to capitalize on their experiences if the services actively work to program the individuals for follow-on assignments as cyberspace operations planner at combatant command or component commands (e.g., numbered armies, fleets, air forces, or at a carrier strike group, corps, division, wing, or brigade/regimental combat team). If these same personnel are then identified for rotational assignments between the operational and cyberspace operations forces, not only will they leaven the cyberspace operations community with their tactical and operational planning and branch-specific warfighting skills, they will bring the knowledge, insight, and understanding of the challenges faced in planning and conducting cyberspace operations back to their force for further promulgation.

‘Cyber Planner’ – Commander and Staff Planner Understanding

Tell me and I forget. Teach me and I remember. Involve me and I learn.

- Benjamin Franklin

Turning back to the first case, the need for institutional incorporation of cyberspace operations in the services’ common-core education is readily apparent. While the services and joint community approach the defensive side of cyberspace operations in a meticulous and thorough manner in both common-core and MOS-specific training and education, education for OCO is sorely lacking. Common-core education which incorporates defensive cyber contrasts with functional training that includes offensive cyber which is generally only visible to those in the cyberspace operations community, or that often repeats concepts between non-related courses without building on complexity or increasing skill. That is not to say that the services are not pursuing it – they are all in the process of determining what it means to the specific service and how to instruct their personnel on it.

During a recent Joint Advanced Cyber Warfare Course offered by USCYBERCOM J7, the USCYBERCOM J3 Director of Operations, U.S. Air Force Major General Brett Williams, commented that:

… [for the most part] commanders don’t understand cyber. This leads to either too-tactical guidance… or abrogation to the signal and [intelligence planners] who [many times] have no idea regarding planning, or haven’t been involved in the planning process from the beginning. Apart from the [operators and] planning community, signal and [intelligence planners] weren’t developed for it.[23]

As Maj. Gen. Williams sees it, the challenge with respect to respective traditional military and cyberspace operations education at all levels is thus one of bifurcation between technical expertise that feeds cyber planning, and the conceptual abilities and understanding of how the warfighting functions drive planning in the larger operations process.[24] Many times this manifests itself in operational- and tactical-level planners becoming concerned that they have no understanding of offensive cyber capabilities or what they do.

Maj. Gen. Williams’ comments, however, point to a different issue – one of understanding the realm of the possible with respect to target development and a broad understanding of offensive cyber capabilities relative to target systems and target system components rather than any specific capability. To focus too closely on the capabilities leads to planning efforts that focus on accesses. Focusing on available accesses presents a risk of failing to link objectives to the effect created by the capability employed against the access.[25] Maj. Gen. Williams’ comments were preceded two years earlier by Brig. Gen. Wayne Grigsby, then-Director of the Army’s Mission Command Center of Excellence, during the June 2011 Cyber Warrior Summit held by the Army Cyber Proponent at the Johns Hopkins Applied Physics Laboratory. Brig. Gen. Grigsby also commented that while commanders and planners (“mouth-breathing knuckle-draggers”) need a working knowledge of cyberspace operations, cyber planners (“cyber geeks”) need a working knowledge of maneuver, fires, and intelligence functions and operations in order to communicate clearly with commanders and other non-cyber planners.

Without understanding of cyberspace operations by commanders and planners, or understanding by cyber planners of the warfighting functions and operational planning in the traditional domains, what is achieved is ‘talking past’. In talking past each other, especially when there is no common understanding, commanders and planners on both sides fail to grasp the possibility and feasibility of cyberspace operations – a point also made by Maj. Gen. Williams.[26] Worse is when misunderstanding (or lack of understanding) caused by talking past results in the development of excessive expectations by commanders and their staffs, and perceived under-delivering by the cyberspace operations planners who struggle to develop and maintain accesses and capability-pairing based intelligence.

Loss of access to a target in cyberspace, or a capability which fails to produce the desired effect, do not contribute to achieving a commander’s objectives. This is analogous to having lost access to a target in a physical domain. Consider the complete loss of air or water as a means by which to access the target, or a cruise missile or tube-launched artillery projectile that functions against only one type of target, but fails to function against anything else. Just as bad, are cyberspace operations that remain un-integrated or unsynchronized with other maneuver and fires, or operations that create unintended or unanticipated effects in areas where planners are not looking for feedback to validate measures of effectiveness.

While commanders and planners do not need a detailed knowledge of capabilities or accesses, OCO planners do require a working knowledge of effects-based targeting doctrine. The knowledge of how effects created against specific targets are linked to achievement of objectives is agnostic of domain or means used to create the effect.[27] Further, just as fires and intelligence planners do, OCO planners require an anticipatory capacity for determining possible unintended, collateral, or cascading effects. This points back to the challenges in understanding posed by the technical versus conceptual divide in terms of planning, integration, and synchronization of cyberspace operations with existing and future land, air, maritime, or space operations. Commanders and planners must, however, fully understand that they are “presented with the same considerations and challenges that are present for other joint capabilities” regardless of domain:

Targeting, deconfliction, commander’s intent, political/military assessment, and collateral effects considerations all play into the calculations of the [cyberspace operations] planner’s efforts. In a similar fashion, all of the principles of joint operations, such as maneuver and surprise, are germane to [cyberspace operations]. However, second and higher order effects in and through cyberspace can be more difficult to predict, necessitating more branches and sequels in plans. Further, while many elements of cyberspace can be mapped geographically in the physical domains, a full understanding of an adversary’s posture and capabilities in cyberspace involves not only understanding the underlying network infrastructure, but also requires profiles on system users and administrators, a clear understanding of what friendly forces or capabilities might be targeted and how, and an understanding of applicable domestic, foreign, and international laws and policy. Adversaries in cyberspace may be nation states, groups, or individuals, and the parts of cyberspace they control are not necessarily either with the geographic borders associated with the actor’s nationality, or proportional to the actor’s geopolitical influence.[28]

This highlights a critical requirement for the intelligence planners to build out adversary views and describes the OE and accounts for cyberspace in terms of operational variables during Intelligence Preparation of the Battlefield (IPB) or Joint Intelligence Preparation of the Operating Environment (JIPOE). It simply cannot be overlooked or avoided. To not account for it ignores critical capabilities, requirements, and vulnerabilities through which planners must view friendly forces and for the identification of key and decisive terrain in cyberspace, and by which they understand the adversary’s capabilities and vulnerabilities in cyberspace.[29] Further, doing otherwise generally leads OCO planners conducting access-based planning and capabilities-based targeting.

Planners must instead ensure planning efforts are focused on contributing to or achieving the supported unit’s objectives and end states, with targeting and target development efforts based on desired effects, rather than accesses and capabilities. Planners cannot afford to restrict their education or focus to what they think is their specific warfighting specialty, be it maneuver, intelligence, or fires, or to a specific operations community. Neither community – cyberspace or operations – holds a monopoly of expertise over the other, nor can they afford to not work together.[30] This further emphasizes the need for both communities to adhere to existing processes laid out in joint and service operations and planning doctrine, and recognizes that departure from the process frequently provides the stumbling blocks between planners from both communities.

While doctrine is best acknowledged as a guideline, similar to the pirate’s code from the Walt Disney movie Pirates of the Caribbean, it is imperative that planners grasp it before departing from it. In dealing with the problem sets posed by OCO, experience continues to indicate that planners out-think themselves when objectives are unclear or misunderstood, or when planning fails to follow an approach that is rational, logical, and sensical. Without a solid, doctrinal foundation by all involved, the ability to adapt to new concepts – particularly in cyberspace – will continue to result in a disjointed planning, and in an operations process that lacks full integration or synchronization.

The service command and staff colleges – to include their respective war colleges, specialized planning courses, and command preparation courses – must begin instructing their students on how cyberspace fits into the operating environment, an issue the Army is already actively pursuing for the space domain.[31] The basics tenets of OCO must be presented to common-core audiences in order for commanders and their staffs to appropriately understand and visualize the operating environment and how cyberspace as a domain fits within it. They must understand the “conditions, circumstances, and influences that affect employment of capabilities and bear on the decisions of the commander,” and how cyberspace influences those conditions and decisions.[32] Only in the last two years has cyberspace as a domain been considered by commander or planners in the creation and development of plans in terms of operational or mission variables. Unfortunately, guidance from the operations community to OCO planners generally consists of statements that, “I want to do some cyber here.” As funny as it might sound, this is not different than providing guidance “to do some logistics during Phase 2,” or “my intent is to reinforce the airborne insertion by doing some Air Force.”

Without inclusion in common-core PME at all levels, future staff officers and planners, in addition to current and future commanders, will not develop an understanding of cyberspace operations sufficient to guide them in the formation of commander’s intent, end states, and planning guidance that drives subsequent planning efforts and, ultimately, future operations. In spite of the lack of current education, commanders and planners must recognize that existing doctrinal operational and planning processes adequately account for operations in cyberspace – if cyberspace is actively considered as part of the OE along with the physical domains. OCO planners need similarly recognize this and assist their operations community counterparts in understanding realities, limitations, and constraints during planning.

Some of the needed change will be realized with publication of the forthcoming Army Field Manual 3-38: Cyber-Electromagnetic Activities (CEMA). FM 3-38 will present the operating environment as an overlapping aggregate of the physical domains, cyberspace domain, and the electromagnetic spectrum. The importance of this is that for first time not only are cross-domain operations and concepts acknowledged, but also a representative depiction of the OE to develop commanders’ and planners’ understanding by providing them with a holistic visualization that presents the relationship of all five operational domains, the information environment and the EMS.[33] Already published in the LandCyber White Paper from the Army’s Cyber Proponent, that describes the necessity of commanders understanding that not only are they responsible for the conduct of operations in their designated area of operations (AO), but also for the conduct of cyberspace operations based on the AO implicitly containing, touching, and being touched by, cyberspace.[34]

The challenge still facing planners is to describe the operational environment during the early stages of planning in terms of the operational domain relationships relative to the operational and mission variables, and this includes cyberspace.[35] If commanders and their staffs are unable to understand cyberspace as an integral part of the operating environment, they cannot be expected to accurately visualize and describe end states or objectives that are pursued in multiple domains simultaneously. In that cyberspace continues to rapidly evolve, recognition that it is unconstrained in comparison to the physical domains must drive the requirement for the dedicated and consistent professional development of planners in both communities to ensure the production of flexible, cohesive and integrated plans that maintain the ability to adapt by meeting operational requirements as they are identified, evolve or change.

It also remains problematic that previous service and joint doctrine depicted the physical domains (e.g., land, air, maritime, and space) in a linear and non-overlapping manner with cyberspace and the information environment being the only overlap between the domains.[36] Commanders and their planning staff must embrace that the physical domains overlap, and that cyberspace overlaps the physical domains – a point clearly made in Joint Publication 3-12.[37] While not a domain, the electro-magnetic spectrum (EMS) must also be understood in that it encompasses almost everything involved with cyberspace operations. Distinction, however, must be drawn between the natural EMS and the operational EMS, the latter being that portion of the EMS we can affect or that our adversaries can use to affect us (e.g., electronic warfare). Outside of specific training or education for the individual, this will only occur once the service staff colleges and universities incorporate cyberspace operations into their curricula to ensure the broadest possible coverage for students – all of whom are potential commanders and staff planners.

‘Cyber Planner’ – The How

There is no end to education. It is not that you read a book, pass an examination, and finish with education. The whole of life, from the moment you are born to the moment you die, is a process of learning.

- Jiddu Krishnamurti

How is education supposed to make me feel smarter? Besides, every time I learn something new, it pushes some old stuff out of my brain. Remember when I took that home winemaking course, and I forgot how to drive?

- Homer Simpson

The challenge faced by the services to develop planners versed in cyberspace operations comes partly from service general staff and war college institutions that shy away from the recently published Joint Publication 3-12 Cyberspace Operations and the Joint Application of Firepower (JFIRE) Multi-Service Tactics, Techniques and Procedures (MTTP). Both publications are classified and the general staff colleges’ inclusion of multi-national students and desire to maintain education and practica at an unclassified level frustrates use. While many of the available function training courses that openly incorporate JP 3-12 and JFIRES as part of their OCO training curriculum are U.S.-only, in many cases the courses are not normally visible to the operational force (e.g., those units outside of the intelligence and cyberspace operations communities), as previously pointed out.

The publications’ classification complicates the issue of common-core inclusion issue based on the schools’ desire to keep classifications at a level that allows maximum participation by all students.[38] In spite of the overall classifications of JFIRES and JP 3-12, the portions relevant to the OE, planning considerations, fires, and target development are unclassified in both publications. In other words, there is nothing stopping the institutions from revising existing programs of instruction to include cyberspace operations into education, if not also into practical exercises and planning practica – within reason – based on the participation by foreign students.

There are other solutions, but none are easy. All require time, whether from the individual who is away from his or her primary duties; from the unit who effectively loses the individual while they are in training; or from the institution where changes or additions to PME are not simply added but zero-sum (e.g., when something is added, something else goes away). First, and far from unfeasible, courses – likely electives – can be taught in a U.S.-only setting at the service command and staff colleges. Another option is to reduce the classification of the doctrinal publications, but this option is, unfortunately, tightly bound to political considerations and sensitivities and cannot be done in a timely manner.

The portions of Joint Publication 3-12 and the JFIRES MTTP that remain unclassified – specifically those that inform understanding the OE, planning considerations, and target characteristics – are essentially held hostage by the publication’s overall classification when it comes to inclusion in the common-core programs of instruction. The recent leakage to the media of the highly classified Presidential Policy Directive 20 (PPD-20) by Edward Snowden is unlikely to spur an open and public discourse between the Presidential Administration and the Department of Defense that results in a lowering of classification to allow a more open and unencumbered education and exercises for all military students, or that facilitates an open and frank public discourse regarding OCO that may serve to inform national policy.[39]

A third possibility is for USCYBERCOM J7 Training Branch to sponsor and conduct a cyberspace operations program of instruction for the service general staff colleges in order to ensure education at a common level across the services. USCYBERCOM J7 is already pursuing this with the Joint Staff College in Norfolk, VA, and is planning to conduct the cyberspace operations portion of several future courses in a train-the-trainer format to build the Joint Staff College instructor capacity.[40] Creation of capacity at the Joint Staff College has problems, however, with many students not attending Joint Professional Military Education (JPME) II until the end of their joint assignment, rather than at the beginning where instruction would be the most beneficial.[41] Additionally, this instruction will not reach many officers who do not qualify for JPME II attendance – having not completed a service Intermediate Level Education (ILE) or staff college course prior to their joint assignment. It will also not reach any of the senior non-commissioned officers assigned into joint positions that require them to participate in planning efforts unless it is also integrated into the 45-hour web-based Senior Enlisted JPME, thus increasing the length of the course or supplanting another critical subject.[42]

A fourth possibility is the creation of an annual or semi-annual USCYBERCOM-sponsored, U.S.-only cyberspace operations symposium and planning practicum. In this option, select students from the U.S. Army School of Advanced Military Studies, the U.S. Marine Corps School of Advanced Warfare, and the U.S. Air Force School of Advanced Air and Space Studies can be brought together for a one-week crash-course on cyberspace operations, and a follow-on week where the students participate in a Joint Task Force planning exercise similar to the Army’s Unified Quest.[43] Planners are then able to exercise not only their own individual warfighting function and domain expertise, but also their newly learned skills and knowledge in the realm of cyberspace operations.

Until cyberspace operations – especially OCO planning – is incorporated into existing institutional education, the question remains where planners can they receive needed education and training. That answer generally falls to the individual functional training courses, and what follows is an accounting of several of those courses that cover all or portions of cyberspace operations. While these courses are incredibly enlightening to those students who attend them – and are almost exclusively U.S.-only, the courses are not widely visible to the general force and students remain drawn mainly from those already in the cyberspace operations or intelligence communities.

  • Army Cyberspace Operations Planners Course (ACOPC). Formerly the Basic Computer Network Operations Planners Course, (BCNOPC), ACOPC is offered by the U.S. Army's 1st Information Operations Command. ACOPC is a course attended by U.S.-only students from across the forces at the rank of E-6 or above. ACOPC focuses on preparing students for the planning of full-spectrum cyberspace operations (cyberspace attack, cyberspace ISR, cyberspace defense, and operational preparation of the environment) across the levels of war, and especially the integration of cyberspace operations into Army and Joint planning processes. The course is offered as a 2-week resident course at Fort Belvoir, VA, and also as a mobile training team (MTT) that travels to Army and geographic CCMD headquarters to educate staff planners from across the services on full-spectrum cyberspace operations. For Army Officers and Warrant Officers, completion of ACOPC awards the additional skill identifier (ASI) N9, which identifies the recipient as a computer network operations planner.[44] ACOPC represents a major step forward by the Army’s 1st Information Operations Command to reflect changes in the operating environment relative to cyberspace operations from its previous BCNOPC as presented in Joint Publication 3-12 Cyberspace Operations, and the Joint Delivery of Firepower (JFIRES) Multi-Service Tactics, Techniques, and Procedures (MTTP) cyberspace appendix.
  • Joint Network Attack Course (JNAC). JNAC is a U.S. Strategic Command (USSTRATCOM) Cyberspace Training Initiative-sponsored 4-week U.S.-only, resident-only course held at the U.S. Navy’s Pensacola Naval Air Station Correy Station Annex. JNAC is “geared toward senior officer and senior enlisted either assigned to or en-route to, [cyberspace operations]-related billets.” It specifically provides students with “common core knowledge and skills in planning to support computer network attack (CNA) operations… to include an understanding of the appropriate authorities, battle damage assessment (BDA), review approval process (RAP), de-confliction, legal issues, targeting, weaponization and execution processes… [and provides] graduates [with] an understanding of the information operations and intelligence community organizations roles and responsibilities applicable to CNA.” [45] Similar to BCNOPC, the Army awards graduates with the computer network operations planner ASI (N9). While offered service-wide, JNAC is primarily attended only by personnel in the cyberspace operations or intelligence community.
  • Joint Cyberspace Operations Planners Course (JCOPC). JCOPC is taught by the same instructors that conduct JNAC, but in a 10-day U.S.-only MTT format available to CCMD staffs. There is no resident course and only personnel assigned to the requesting CCMD generally attend. JCOPC covers largely the same planning topics as JNAC with several planning exercises, but without the hand-on technical instruction that JNAC offers. The JCOPC curriculum is designed to “facilitate staff action at the joint level [by] provid[ing] training on USCYBERCOM business practices” in full-spectrum cyberspace operations. It focuses on a variety of topics ranging from integrating cyberspace operations into Joint operations and planning processes, intelligence preparation of the operating environment, fires and targeting in cyberspace.[46] JCOPC is not visible with the service automated training databases and is only visible based on announcement from USSTRATCOM and USCYBERCOM and, at least for the Army, cannot be added to enlisted or officer military education records.
  • Joint Advanced Cyberspace Warfare Course (JACWC). Conducted by USCYBERCOM J7, JACWC is a comprehensive 4-week U.S.-only course on full-spectrum cyberspace operations and is designed to be “an orientation to USCYBERCOM, the global cryptologic platform, the intelligence community, the [U.S. Government] community of interest, allies, and major partners in the conduct of cyber warfare… threats, cyber operations, planning, and analysis of desired effects.”[47] The course covers many of the same topics as JNAC and JCOPC, but with far more depth regarding USCYBERCOM organization and roles, the history of cyberspace, and interagency roles and policy challenges – but with absolutely no education on planning or practical exercises. JACWC is intended to be an entry-level course for those personnel in the cyberspace operations and intelligence community and is not structured to provide or strengthen students’ comprehensive planning skills. Far exceeding JCOPC and JNAC with the quality and depth of information presented, JACWC is a great course for those with altogether little experience with cyberspace operations and is extremely useful for service operational-level unit planners, but it is not useful to planners at the services’ tactical-level units and is attended almost exclusively by USCYBERCOM, CCMD, and intelligence community personnel and is not visible to service training managers.[48] Similar to JCOPC, JACWC is not visible with the service automated training databases and is only visible based on announcement from USSTRATCOM and USCYBERCOM and cannot be added to Army enlisted or officer military education records, and JACWC does not produce an ASI for Army graduates.
  • Cyber 200/300. Taught by the U.S. Air Institute of Technology (AFIT) at Wright-Patterson Air Force Base near Dayton, OH. Cyber 200 “focuse[s] on network exploitation and vulnerabilities from an operator's perspective… [and] Cyber 300 provide[s] the understanding of where these issues fit into the greater joint fight.”[49] Both courses are 3-4 weeks in length. Although widely attended by Air Force cyberspace operators – both courses are required for the awarding of different levels of the U.S. Air Force Cyberspace Operator Badge – they are only nominally attended by other services, and mainly only by personnel in the cyberspace operations or intelligence communities. Based on feedback from Army attendees of Cyber 200/300, Cyber 200 is analogous to JNAC and Cyber 300 is roughly similar to JCOPC. For Army personnel, Cyber 200/300 does not produce the N9 computer network operations planner ASI, but are required by Air Force personnel for qualification and award of the U.S. Air Force Cyberspace Operator Badge.[50]
  • Joint Operations Fires and Effects Course (JOFEC). Instituted in 2005 as bridge for the operational-level of war relative to fires and effects planning, JOFEC was until only recently taught in a U.S.-only resident (2-weeks) and MTT (10-days) format sponsored by the U.S. Army Fires Center of Excellence to all personnel involved in the fires and effects planning from the enlisted through to the senior officer ranks. The course “educate[s] all [service], [c]oalition, an [i]nter-agency personnel [on] the skills and processes necessary to apply and integrate joint lethal and non-lethal fires and effects.”[51] JOFEC bridged the gap between tactical-level instruction provided by the U.S. Air Force’s 6th Air Ground Operations Squadron in its Joint Firepower Control Course at Nellis Air Force Base, NV, and the Joint Staff’s Joint Targeting School taught at the Naval and Marine Core Intelligence Center at Dam Neck, VA. Similar to BCNOPC, JOFEC instructors travelled globally to teach CCMD staff officers from across the services. JOFEC course managers, working closely with the JFIRE MTTP Cyber Fires Appendix developers, instituted a familiarization block covering fires and targeting considerations for OCO prior to the official publication of the revised JFIRE MTTP in late 2012. Unfortunately, JOFEC was recently cancelled by the Army’s Fires Center due to budget cuts forced by sequestration.[52]
  • Joint Intermediate Target Development Course (JITDC). Offered by the Defense Intelligence Agency, this 8-day course establishes the detailed and technical aspects of basic and intermediate target development standards established for the joint community in Chairman of the Joint Chiefs of Staff Instruction (CJCSI) 3370.01 Target Development. While not exclusively focused on the cyber domain, it does teach students the ins-and-outs of research and documentation needed to develop targets – especially virtual targets – to the intermediate level in order to get them databased into the Multi-Service Integrated Data-Base (MIDB). Once appropriately databased, developing commands can nominate the targets for submission to the intelligence community vetting prior nomination to the supported command for inclusion on a target list and subsequent target development to the advanced level.[53]
  • Joint Targeting School (JTS). Overseen by the Joint Staff J7 and taught at the Naval and Marine Corps Intelligence Training Center at Dam Neck, VA, JTS focuses exclusively on the 6-step Joint Targeting Process as presented in JP 3-60 Joint Targeting. The 3-week Joint Targeting Staff Course is offered in both resident and MTT formats. The most rigorous of the service and joint schools in the targeting and fires community, it indoctrinates students with the Joint Targeting Process and the necessity of effects-based targeting founded on objectives-based planning. With the cancellation of JOFEC, JTS is the “only DoD venue for formal joint operational-level targeting training,” providing “an in-depth understanding of joint doctrine related to the joint targeting cycle.”[54] While it has nearly no coverage of cyberspace operations, it is a critical course for planners to develop understanding of the common operations process – plan, prepare, execute, and assess – by which CCMDs orient themselves during the development of targets that support their plans. It is expected that JTS will absorb the portion of cyberspace operations instruction covered by JOFEC.[55]
  • Joint Information Operations Planners Course (JIOPC). Billed by the Joint Forces Staff College as “establish[ing] a common level of understanding for [information operations] planners and IO capability specialists who will serve in joint operational-level IO billets,” by providing them with education about the “plan[ning], integrat[ion], and synchroniz[ation of] full-spectrum [information operations] into joint operational-level plans and orders.”[56] While the course instructs students on the “use of traditional planning methodologies within the joint planning community, it focuses on information operations relative to joint planning processes, military deception planning, and operations security and highlights the challenges with interagency coordination and JIPOE.  While Joint information operations doctrine addresses cyberspace operations as a “military capability that contribute[s] to [information operations]”, and the course is open to multinational students [mainly students from Canada, Great Britain, and Australia] in a classified environment, cyberspace operations is not covered other than in a cursory brief by conducted by representatives from USCYBERCOM, and does not address cyberspace operations planning or integration during any of course planning exercises.[57]

While there are other more-specialized or MOS-specific courses (i.e., the Army’s MOS 29A/290A Electronic Warfare officer and warrant officer qualification courses, or  the enlisted MOS 35Q Cryptologic Network Warfare Specialist qualification course), the key point is that all of these courses teach doctrinal processes – most of them oriented on a particular portion of the operations process or a process unique to cyberspace operations or warfighting function – and are the basis for developing a solid foundation in cyberspace operations for any planner through functional training.

Who attends the above courses does demonstrate a divide in the communities, and further illuminates a disconnection between the traditional operational planners and the cyberspace operations community – especially the signals (i.e., network operations) and signals intelligence communities. Whereas the maneuver, fires, and targeting communities strive to get their planners to their service command and staff colleges, JOFEC, JTS, and JITDC, the signals and intelligence communities focus mainly on attending BCNOPC (now ACOPC), JNAC, JCOPC, and JACWC. The reality is that fires and targeting planners would do well to attend ACOPC, JCOPC, and JACWC, just as signal and intelligence planners would benefit from attending JOFEC, JTS, and JITDC.

The larger issue is that it is not just fires, targeting, signal, and intelligence planners, but planners at all echelons that need these courses in order to better understand cyberspace as it pertains to the operating environment (OE) and cyberspace operations in general. If planners are to effectively assist their commanders to understand, visualize, and describe the OE in order for the commander to provide clear, unambiguous guidance that leads to the development of operational approaches, concepts, and targets to the point of feasibility, then planners require education outside their traditional or joint (warfighting) functional fields.[58] A goal is therefore set for the cross-pollination of traditional doctrine and planning processes with the technical aspects of cyberspace operations to create a well-rounded planner who understands both communities while remaining specialized in their particular field.

The cancellation of JOFEC poses a particular problem not only for the development of well-rounded cyberspace planners, but also for planners from the basic branches that have not had, or will not have, the opportunity to attend one of the service general staff colleges or specialized planning schools. While JOFEC was sponsored by the U.S. Army Fires Center and oriented primarily on joint fires and effects planning, the emphasis of the course was the integration of fires and effects throughout the operations process. One of the critical aspects of the course was the acknowledgement that it was primarily focused on the operational level of war, whereas most other fires and effects related training and education focuses on the tactical levels. A worthwhile point here is the definition of operational artistry: the linkage of strategic ends with tactical means.[59] Nowhere else in the joint force was this linkage being taught relative to fires and effects, and especially with cyberspace operations. Before its cancellation, after working with the ARCYBER Fires element, JOFEC included a substantial portion on targeting and fires specific to the cyberspace domain as was published in JFIRES. JOFEC’s cancellation effectively prevents that broadly-accessed education for a large swath of personnel assigned as maneuver, fires, or intelligence planners across the services and joint headquarters.

Prior to its cancellation by the Fires Center of Excellence, JOFEC was identified as a critical course that many members newly developed cyber mission forces would need in order to become fully qualified. The current solution is for the Joint Targeting School to fill the gap left by JOFEC’s cancellation, but while JTS may pick up at least the portion of instruction, the JTS cadre are still debating what and how much to incorporate into their existing program of instruction which covers only the joint targeting cycle as presented in Joint Publication 3-60. Even more problematic is the JTS through-put capability. JTS through-put, based on frequency and class-size, does not reach the total numbers that of JOFEC accomplished based on both resident and mobile training team (MTT) courses. USCYBERCOM is considering other alternatives to JOFEC, but none are as inclusive and in some cases require two or more courses which, cumulatively, are far longer than JOFEC’s two week length. The gap created by JOFEC’s cancellation for education in operational-level fires and targeting planning cannot be overstated.

If not through easily identified and accessed functional training, how can a planner develop themselves to understand cyberspace operations? That answer lies in professional reading, but this requires a commitment by the individual to spend time doing it. This is the one tool that everyone has at their disposal, and it can be employed without restriction simply by pursuing personal initiative with intellectual curiosity. In an article titled “Self-Development for the Cyber Warriors”, former USCYBERCOM planners Colonel Greg Conti and Commander James Caroland (and others) encourage self-development as a critically important aspect of building professional skills, pointing out that “many personnel have had to develop their cyber warfare expertise despite the system….”[60] Throughout the article the authors suggest areas for self-development including categories of cyber domain expertise, professional reading, relevant technologically-related blogs, professional societies, cyber-related conferences, videos and podcasts, and sources for training, education, and certifications.

In nearly all of the instances where someone deployed to conduct OCO planning in support of another unit, they encountered attitudes by the supported unit permanent-party planners that “this is too hard,” or “we’re too busy,” or “we don’t have the expertise” to plan for OCO. When discussing how to overcome the gap, at least at the individual level, strange looks were drawn from the same groups when implementation of a professional reading program was suggested. Regarding professional reading and self-development, General James Mattis has very pointed thoughts:

The problem with being too busy to read is that you learn by experience (or by your men’s experience), i.e. the hard way. By reading, you learn through others’ experiences, generally a better way to do business, especially in our line of work where the consequences of incompetence are so final for young men.

Thanks to my reading, I have never been caught flat-footed by any situation, never at a loss for how any problem has been addressed (successfully or unsuccessfully) before. It doesn’t give me all the answers, but it lights what is often a dark path ahead.[61]

In similar fashion to Col. Conti and Cdr. Caroland, and recognizing the importance placed on reading by Gen. Mattis, at the end of the article is a recommended reading list relevant to OCO, planning, and policy that planners at all levels should consider in order to develop themselves. As Maj. Gen. Williams pointed out, “While more sophisticated and nuanced in cyberspace, [the] processes and procedures aren’t different.” It behooves planners at all levels to be educated in these processes, whether through functional training or self-study. , and units should thus target specific fires, intelligence, and network operations planners for attendance at JTS to further build planners’ skills and understanding of doctrinal planning processes widely used at the operational levels, and applicable at the tactical levels.[62]


Crap!!  Someone knocked over my recycle bin… there's icons all over my desktop!!

- Anonymous

After three years in the cyberspace operations community as both the ARCYBER Chief of Fires and as an OCO planner, Lt. Gen. Hernandez’s question did not catch me by surprise, but it did spur me to reflect on my experiences in both communities. While this monograph does not answer “What is cyber planner?” it does present multiple points for discussion based on existing challenges in doctrine, training, and leader development. In light of these challenges, the services must approach solutions at both the individual and institutional levels.

In the case of individual planner, the requirement is for units to identify those personnel who show an aptitude for planning and target them for specific functional training and development. He or she becomes the unit’s subject matter expert in explaining the challenges faced in planning and execution OCO in support of national or CCMD plans and interests, and is the continual student of operational artistry within the cyberspace operations arena. Further, until a cyber career field or service is formally established, the individual’s parent branch must carefully manage them in order to protect from discrimination and risks to promotion, and manage their assignments for the benefit of the operational and cyberspace operations community.

In the case of the institution, the services must pursue broad and comprehensive common-core education for all potential commanders and planners regarding cyberspace operations. Doctrinal publication classifications must be carefully and appropriately overcome in order to get the word to the masses and educate them on the realm of the possible in terms of the operational environment relative to the cyberspace domain, the operations process, and fires and targeting. A healthy regimen of professional reading and self-study can help overcome some of these hurdles until institutional change takes place, but even once it occurs the true professional will always seek out alternative sources of education in an effort to develop themselves.

The opportunity to attend JNAC did not come until nine months into my current assignment (e.g., fall of 2011). The opportunity to attend JACWC did not present itself for almost two years after that (e.g., summer 2013). While my background as an Army fire supporter provided the a basic foundation for me as the ARCYBER Chief of Fires, it must be pointed out that CGSC, SAMS, JTS, and JITDC individually did not prepare me at all for duties as an OCO planner – and to be honest, neither did JNAC or JACWC. It was only an aggregate of institutional and functional education and training, self-study, and first-hand experiences that brought to where I am today. This is the point that must be internalized by planners and their commanders – but especially by those planners that recognize the importance of life-long learning. There is no silver bullet, and we can no longer afford to stand on our respective side of the street and hope for the best. Hope is simply not a doctrinal method.

Cyberspace is an ingrained and integral domain in the operating environment. Understanding and embracing it opens the doors to what is within the realm of the possible as well as clearly identifying limitations that exist. Possession of a solid foundation in the operational theory and planning doctrine, as well as critical thinking and problem solving skills is not a monopoly of either community. The necessity for commanders and planners in the operations community to grasp and understand the basic technical aspects of cyberspace operations is clear. It is incumbent for both communities to stop standing on their respective sides of the street, looking across at the other with derision. It is high time that they cross the street, meet, adhere to doctrinal processes and work as a single cohesive team to create the desired effects that lead to the achievement of objectives and the realization of end states.

Recommended Professional Reading List for Commanders, Staffs, and Planners (Especially OCO Planners)

Doctrine and Policy

Air, Land, and Sea Applications (ALSA) Center. Joint Application of Firepower (JFIRE) Multi-Service Tactics, Techniques, and Procedures (MTTP). Langley AFB, VA: ALSA, December 2012.

Chairman of the Joint Chiefs of Staff. 18th Chairman's Strategic Direction to the Joint Force. Washington, D.C.: The Joint Staff, 6 February 2012.

—. Chairman of the Joint Chiefs of Staff Instruction (CJCSI) 3370.01: Target Development Standards. Washington, D.C.: The Joint Staff, 15 September 2011.

—. Chairman of the Joint Chiefs of Staff Manual (CJCSM) 3130.03: Adaptive Planning and Execution (APEX) Planning Formats and Guidance. Washington, D.C.: The Joint Staff, 18 October 2012.

—. Joint Publication 3-0: Joint Operations. Washington, D.C.: The Joint Staff, 11 August 2011.

—. Joint Publication 3-12: Cyberspace Operations. Washington, D.C.: The Joint Staff, February 2013.

—. Joint Publication 3-13: Information Operations. Washington, D.C.: The Joint Staff, 27 November 2012.

—. Joint Publication 3-60: Joint Targeting. Washington, D.C.: The Joint Staff, 13 January 2013.

—. Joint Publication 5-0: Joint Operations Planning. Washington, D.C.: The Joint Staff, 11 August 2011.

—. Joint Staff Transitional Cyberspace Operations Command and Control Concept of Operations. Washington, D.C.: The Joint Staff, 15 May 2012.

—. The National Military Strategy for Cyberspace Operations. Washington, D.C.: Department of Defense, December 2006.

—. The National Military Strategy of the United States of America: Redefining America's Military Leadership. Washington, D.C.: Department of Defense, 2011.

Defense Information Systems Agency. Joint Information Environment Operations Concept of Operations. Fort Meade, MD: DISA, 25 January 2013.

Department of the Air Force. Air Force Doctrine Document (AFDD) 3-12: Cyberspace Operations. Maxwell AFB, AL: LeMay Center, 30 November 2011.

—. Cyber Vision 2025: United States Air Force Cyberspace Science and Technology Vision 2012-2025. Washington, D.C.: Headquarters of the Air Force, 13 December 2012.

Department of the Army. Army Doctrinal Publication 3-0: Unified Land Operations. Washington, D.C.: Headquarters, Department of the Army, 10 October 2011.

—. Army Doctrinal Reference Publication 3-0: Unified Land Operations. Washington, D.C.: Headquarters, Department of the Army, 16 May 2012.

—. Army Doctrinal Reference Publication 5-0: The Operations Process. Washington, D.C.: Headquarters, Department of the Army, 17 May 2012.

—. Army Posture Statement. Washington, D.C.: Headquarters, Department of the Army.

—. Army Tactics, Techniques, and Procedures (ATTP) 5-0.1: Commander and Staff Officer Guide. Washington, D.C.: Headquarters, Department of the Army, September 2011.

—. Field Manual 3-0: Operations. Washington, D.C.: Headquarters, Department of the Army, 22 February 2011.

—. Field Manual 5-0: The Operations Process. Washington, D.C.: Headquarters, Department of the Army, 26 March 2010.

Department of Defense. Department of Defense Cyberspace Policy Report. A Report to Congress Pursuant to the National Defense Authorization Act for Fiscal Year 2011, Section 934, Washington, D.C.: Department of Defense, November 2011.

—. Department of Defense Strategy for Operating in Cyberspace. Washington, D.C.: Department of Defense, July 2011.

—. Global Force Management Implimentation Guidance (GFMIG), FY 2012 – 2013. Washington, D.C.: Department of Defense, October 2011.

—. Quadrennial Defense Review Report. Washington, D.C.: Department of Defense, February 2010.

—. Sustaining U.S. Global Leadership: Priorities for 21st Century Defense. Washington, D.C.: Department of Defense, January 2012.

Department of the Navy. Navy Cyber Power 2020. Washington, D.C.: Department of the Navy, November 2012.

Office of the Director of National Intelligence. U.S. Cyber Operations Security Classification Guide (CYBEROPS SCG) Version 1.0. Washington D.C.: ODNI, 18 July 2013.

President of the United States of America. International Strategy for Cyberspace. Washington, D.C., May 2011.

—. National Security Strategy. Washington, D.C.: The White House, May 2010.

—. Presidential Policy Directive – 20: U.S. Cyber Operations Policy. Washington, D.C.: The White House, 16 October 2012.

—. The Comprehensive National Cybersecurity Initiative. Washington, D.C.: The White House.

—. The National Strategy to Secure Cyberspace. Washington, D.C.: The White House, February 2003.

—. Unified Command Plan. Washington, D.C., 06 April 2011 (w/ Change 1 dated 12 September 2011).

Secretary of Defense. Maintianing Readiness to Operating in the Cyberspace Domain. Memorandum for Secretaries of the Military Departments and Commanders of Combatant Commands, Washington, D.C.: The Pentagon, 07 December 2012.

U.S. Army Cyber Command (ARCYBER). The U.S. Army LandCyber White Paper 2018-2030. Fort Meade, MD: U.S. Army Cyber Command, 9 September 2013.

U.S. Army Training and Doctrine Command. TRADOC Pamphlet 525-3-0: The Army Capstone Concept, 2016 – 2028. Fort Monroe, VA: TRADOC, 21 December 2009.

—. TRADOC Pamphlet 525-7-8: The United States Army's Cyberspace Operations Concept Capability Plan 2016-2028. Fort Monroe, VA: TRADOC, 22 February 2010.

U.S. Marine Corps. Marine Corps Doctrinal Publication 1-0: Marine Corps Operations. Albany, GA: Marine Corps Logistics Base, 9 August 2011.

—. Marine Corps Warfighting Publication 5-1: Marine Corps Planning Process. Albany, GA: Marine Corps Logistics Base, 24 August 2010.

Journal and Periodical Articles

Applegate, Scott D. “Cybermilitias and Political Hackers: Use of Irregular Forces in Cyberwarfare.” IEEE Security & Privacy, September/October 2011: 16-22.

Arquilla, John. “How to Defeat Cyber Jihad.” Foreign Policy, 29 April 2013.

—. “The New Rules of War.” Foreign Policy, March/April 2010.

Baker, Stewart. "Denial of Service: Lawyers Don't Win Wars, But Can They Lose Them?" Foreign Policy. 30 September 2011.

Barcomb, Kris E. "From Sea Power to Cyber Power: Learning from the Past to Craft a Strategy for the Future." Joint Forces Quarterly, 2nd Quarter 2013: 78-83.

Brzezinski, Zbigniew. “The Cyber Age Demands New Rules of War.” Financial Times, 24 February 2013.

Butterworth, Robert L. "Space and the Joint Fight." Joint Forces Quarterly, 4th Quarter 2012: 63-70.

Clark, Brad. “Inverting Clausewitz: Lessons in Strategic Leadership from the 1918 Ludendorff Offensives.” Joint Forces Quarterly, 4th Quarter 2013: 95-98.

Gregory Conti, et. al. "Self-Development for Cyber Warriors." Small Wars Journal. 10 November 2011.

Gregory Conti and David Raymond. "Leadership of Cyber Warriors: Enduring Principles and New Directions." Small Wars Journal, 11 July 2011.

 “Cyberwar: It is time for countries to start talking about arms control on the Internet.” The Economist, 1 July 2010.

“Cyberwar Secrets: Time for a more open debate on offensive cyberweapons.” The Washington Post, 17 June 2012: 18.

Chris C.Demchak and Peter Dombrowski. "Rise of a Cybered Westphalian Age." Strategic Studies Quarterly, Spring 2011: 32-61.

Dunlap, Charles J. "Perspectives for Cyber Strategists on Law for Cyberwar." Strategic Studies Quarterly, Spring 2011: 81-99.

Enemark, Lee. "Challenges to Successful Capability Analysis in Cyberspace." IOSphere, Spring 2010: 16-17.

Foltz, Andrew C. "Stuxnet, Schmitt Analysis, and the Cyber "Use of Force" Debate." Joint Forces Quarterly, 4th Quarter 2012: 40-48.

Gary D. Brown and Owen W. Tullos. "On the Spectrum of Cyberspace Operations." Small Wars Journal. 11 December 2012.

Gina Cairns-McFeeters, et. al. "Winning the Ground Battles but Losing the Information War." 2009.

Goodman, Will. "Cyber Deterrence: Tougher in Theory than in Practice?" Strategic Studies Quarterly, Fall 2010: 102-135.

Hanna, Chris. “Cyber Operations and the 2009 Defence White Paper: Positioning the Australian Defence Organisation to be Effective, Transparent and Lawful”. Security Challenges, Summer 2009: 103-117.

Hayden, Michael V. "The Future of Things "Cyber"." Strategic Studies Quarterly, Spring 2011: 3-7.

Tim Hsia and Jared Sperli. “How Cyberwarfare and Drones Revolutionized Warfare.” The New York Times, 21 August 2013.

Ian Kallberg and Bhavani Thuraisingham. "Cyber Operations: Bridging from Concept to Cyber Superiority." Joint Forces Quarterly, 1st Quarter 2013: 53-58.

Jabbour, Kamal. “CyberVision and Cyber Force Development.” Strategic Studies Quarterly, Spring 2010: 63-73.

Jackson, William. "DOD struggles to define cyber war." GCN. 12 May 2010.

—. "How can we be at cyberwar if we don't know what it is?" GCN. 22 March 2010.

James G. Stavridis and Elton C. Parker III. "Sailing the Cyber Seas." Joint Forces Quarterly, 2nd Quarter 2012: 61-67.

Jones, James D. "Cyberspace Target Systems Analysis." IOSphere, Spring 2010: 37-41.

Lewis, James A. “Cyber Attacks, Real or Imagined, and Cyber War.” Washington, D.C.: Center for Strategic and International Studies, 11 July 2011.

Libicki, Martin C. "Cyberspace is Not a Warfighting Domain." I/S: A Journal of Law and Policy for the Information Society, 2012, vol. 8, issue 2: 321-336.

Libicki, Martin. "Cyberwar as a Confidence Game." Strategic Studies Quarterly, Spring 2011: 132-147.

Lin, Herbert S. "Offensive Cyber Operations and the Use of Force." Journal of National Security Law & Policy, 2010, vol. 4:63: 63-86.

Magee, Clifford S. “Awaiting Cyber 9/11.” Joint Forces Quarterly, 2nd Quarter 2013: 76-82.

Manzo, Vincent. "Deterrence and Escalation in Cross-domain Operations: Where do Space and Cyberspace Fit?" Joint Forces Quarterly, 3rd Quarter 2012: 8-14.

Martin, Wes. "OPSEC and CNO: A United Front in the Republic of Korea." IOSphere, Spring 2010: 42-43.

Messmer, Ellen. "Is Retaliation an Answer to Cyber Attacks?" The Connected Enterprise, 24 January 2011: 15-16.

Michael Flynn and Chuck Schrankel. "Applying Mission Command Through the Operations Process." Military Review, March-April 2013: 25-32.

Milevski, Lukas. "Stuxnet and Strategy: A Special Operation in Cyberspace." Joint Force Quarterly, 4th Quarter 2011: 64-69.

Mize, Larry. “Army Training Incorporates Space Strategy.” The Redstone Rocket, 16 October 2013.

Munoz, Carlo. “Obama authorizes new cyber warfare directive.” The Hill, 14 November 2012.

Murden, Simon. "Purpose in Mission Design: Understanding the Four Kinds of Operational Approach." Military Review, May-June 2013: 53-62.

Nye Jr., Joseph S. "Nuclear Lessons for Cyber Security?" Strategic Studies Quarterly, Winter 2011: 18-38.

Olson, Soren. "Shadow Boxing: Cyber Warfare and Strategic Economic Attack." Joint Forces Quarterly, 3rd Quarterly 2012: 15-21.

Palleschi, Amanda. "General Offers Details on Cyber Command Authorities, Organization Inside Defense." Defense News Stand. 2 February 2011.

Patch, John. "Obstacles to Effective Joint Targeting." Joint Forces Quarterly, 2nd Quarter 2007: 74-77.

Peifer, Douglas. "Riskless War: Technology, Coercive Diplomacy, and the Lure of Limited War." 2009.

Phillips, Kyle G. "Unpacking Cyberwar: The Sufficiency of the Law of Armed Conflict in the Cyber Domain." Joint Forces Quarterly, 3rd Quarter 2013: 70-75.

Propes, David N. "Targeting 101: Emerging Targeting Doctrine." Fires, March-April 2009: 15-17.

Reed, John. "Army and Marines creating systems for cyber fire support." Foreign Policy. September 10, 2012.

Rice, Jonathan C. “Core Questions for Cyber Attack Guidance.” Joint Forces Quarterly, 4th Quarter 2013: 32-39.

Rid, Thomas. "Cyber War Will Not Take Place." Journal of Strategic Studies, 2011: 1-28.

—. "Think Again: Cyberwar." Foreign Policy, March-April 2012: 80-85.

Rosemary M. Carter, Brent Feick, and Roy C. Undersander. "Offensive Cyber for the Joint Force Commander: It's Not That Different." Joint Forces Quarterly, 3rd Quarter 2012: 22-27.

Sam Arwood, Robert F. Mills, and Richard A. Raines. "Operational Art and Targeting Strategy for Cyberspace Operations." IOSphere, 2010, Spring: 30-36.

Shachtman, Noah. “How Technology Almost Lost the War: In Iraq, the Critical Networks are Social – Not Electronic.” 27 July 2011.

Shkarian, Paulo. "Stuxnet: Cyberwar Revolution in Military Affairs." Small Wars Journal, April 2009.

Shore, Zachary. "A Sense of the Enemy: Refocusing Prediction in Military and Foreign Affairs." Joint Forces Quarterly, 2nd Quarter 2012: 32-37.

Smart, Steven J. "Joint Targeting in Cyberspace." Air & Space Power Journal, 2011, Winter 2011: 65-75.

Sterner, Eric. "Retaliatory Deterrence in Cyberspace." Strategic Studies Quarterly, Spring 2011: 62-80.

Stavridis, James. “Why the Nation Needs a US Cyber Force.” The Boston Globe, 29 September 2013.

Thurnher, Jeffery S. "No One at the Controls: Legal Implications of Fully Autonomous Targeting." Joint Forces Quarterly, 4th Quarter 2012: 77-84.

Vego, Milan. "Science vs. the Art of War." Joint Forces Quarterly, 3rd Quarter 2012: 62-70.

Wall, Andru E. "Demystifying the Title 10 - Title 50 Debate: Distinguishing Military Operations, Intelligence Activities & Covert Action." Harvard National Security Journal, 2011, vol. 3: 85-141.

Wass de Czege, Huba. "Netwar: Winning in the Cyberelectromagnetic Dimension of ‘Full Spectrum Operations’." Military Review, March-April 2010: 20-32.

Wayne W. Gigsby, et. al. "Integrated Planning: The Operations Process, Design, and the Military Decision Making Process." Military Review, January-February 2011: 15-22.

West, Dondi. "Old vs. New: Legal Considerations of Cyber Targeting." IOSphere, Spring 2010: 10-15.

Books, Monographs, and Reports

Robert Belk and Matthew Noyes. On the Use of Offensive Cyber Capabilities: A Policy Analysis on Offensive US Cyber Policy. Office of Naval Research, 20 March 2012.

Bratton, Shawn N. Planning for Cyberspace: Ensuring the Integration of Cyberspace into the Joint Operations Planning Process at the Geographic Combatant Command. Monograph, Newport, RI: Naval War College, 27 October 2010.

Cahanin, Steven E. Principles of War for Cyberspace. Monograph, Montgomery, AL: Air University, 15 January 2011.

Carr, Jeffery. Inside Cyber Warfare: Mapping the Cyber Underworld (2nd Ed.). Sebastopol, CA: O'Reilly Media, 2011.

Center for Strategic & International Studies. A Human Capital Crisis in Cybersecurity: Technical Proficiency Matters. A White Paper of the CSIS Commission on Cybersecurity for the 44th Presidency, Washington, D.C.: Center for Strategic and International Studies, July 2010.

—. Cybersecurity Two Years Later. A Report of the CSIS Commission on Cybersecurity for the 44th President, Washington, D.C.: Center for Strategic and International Studies, January 2011.

—. Securing Cyberspace for the 44th Presidency. A Report of the CSIS Commission on Cybersecurity for the 44th Presidency, Washington, D.C.: Center for Strategic and International Studies, December 2008.

Richard A. Clarke and Robert Knake. Cyber War: The Next Threat to National Security and What to Do About It . New York: Harper-Collins, 2010.

Paul Cornish, et. al. On Cyber Warfare. A Chatham House Report, London: The Royal Institute of International Affairs, November 2010.

Doss, Andrew. The Cyber Sprinkle. Fort Meade, MD: JACWC, 27 August 2012.

Farmer, David B. Do the Principles of War Apply to Cyber War? Monograph, Fort Leavenworth, KS: U.S. Army School of Advanced Military Studies, 2010.

Glando, Bryant D. Cyberspace Warfare: A New DoD Core Mission Area. Thesis, Norfolk, VA: Joint Advanced Warfighting School, 2013.

Joe Habraken and Matt Hayden. Teach Yourself Networking in 24 Hours (3rd Edition). Indianapolis: SAMS Publishing, 2004.

Habiger, Eugene E. Cyberwarfare and Cyberterrorism: The Need for a new U.S. Strategic Approach. White Paper, Washington, D.C.: The Cyber Secure Institute, February 2010.

Jackim, Z. Walter. Applying Operational Art in the Space Domain. Monograph, Fort Leavenworth, KS: U.S. Army School of Advanced Military Studies, 2010.

Karagosian, Deborah S. The Megabyte Will Always Get Through. Monograph, Fort Leavenworth, KS: U.S. Army School of Advanced Military Studies, 2012.

Kelley, Olen L. Cyberspace Domain: A Warfighting Substantiated Operational Environment Imperative. Monograph, Carlisle, PA: U.S. Army War College, 2008.

Leed, Maren. Offensive Cyber Capability at the Operational Level: A Way Ahead. Washington, D.C.: Center for Strategic & International Studies, September 2013.

Leitzel, Benjamin. Cyber Ricochet: Risk Management and Cyberspace Operations. Carlisle, PA: U.S. Army War College Center for Strategic Leadership, July 2012.

Lewis, James. A Note on the Laws of War in Cyberspace. Washington, D.C.: Center for Strategic & International Studies, 2010.

—. Thresholds for Cyberwar. Washington, D.C.: Center for Strategic and International Studies, September 2010.

Martin C. Libicki, et. al. Byting Back: Regaining Information Superiority Against 21st Century Insurgents. Report Prepared for the Office of the Secretary of Defense, Washington, D.C.: RAND National Defense Research Institute, 2007.

Libicki, Martin C. Cyberdeterrence and Cyberwar. Arlington, VA: RAND Corporation, 2009.

Marshall, Stephen M. Offensive Cyber Capability: Can It Reduce Cyberterrorism? Monograph, Fort Leavenworth, KS: U.S. Army School of Advanced Military Studies, 2010.

Mulligan, Brett. The Role of Just War Theory in Cyberwarfare. Final Paper, 6 May 2009.

David W. Pendall, Ronald Wilkes, and Timothy J. Robinson. Cyberspace Operations in Support of Counterinsurgency Operations. Land Warfare Paper No. 95, Arlington, VA: Institute of Land Warfare, April 2013.

Rid, Thomas. Cyber War Will Not Take Place. New York: Oxford University Press, 2013.

Rosenzweig, Paul. Cyber Warfare: How Conflicts in Cyberspace are Challenging America and Changing the World. Santa Barbara, CA: Praeger, 2013.

Schilling, Jeffery R. Defining Our National Cyberspace Boundaries. Monograph, Carlisle, PA: U.S. Army War College, 2010.

U.S. Government Accountability Office. Defense Cyber Efforts: More Detailed Guidance Needed to Ensure Military Services Develop Appropriate Cyberspace Capabilities. Report to Congressional Requestors, Washington, D.C.: U.S. Government Accountability Office, May 2011.

—. Defense Management: DoD Faces Challenges In Its Cyber Efforts. Report to the Chairman, Subcommittee on Terrorism, Unconventional Threats and Capabilities, Committee on Armed Services, House of Representatives, Washington, D.C.: U.S. Government Accountability Office, May 2010.

Wilson, Clay. Information Operations, Electronic Warfare, and Cyberwar: Capabilties and Related Policy Issues. Congressional Research Service Report RL31787, Washington, D.C.: Congressional Research Service, March 2007.

Conference Proceedings and Presentations

Alexander, Keith B. Statement made before the U.S. House of Representatives Committee on Armed Services, Washington, D.C., 23 September 2010.

Alexander, Keith B. “Cyber Command Budget.” Statement made before the U.S. House of Representatives Committee on Armed Services Subcommittee on Emerging Threats and Capabilities, Washington, D.C., 16 March 2011.

Alexander, Keith B. Statement made before the U.S. House of Representatives Committee on Armed Services Subcommittee on Emerging Threats and Capabilities, Washington, D.C., 20 March 2012.

Alexander, Keith B. Statement made before the U.S. Senate Committee on Armed Services, Washington, D.C., 12 March 2013.

Alexander, Keith B. “Cybersecurity: Preparing for and Responding to the Enduring Threat.” Statement made before the U.S. Senate Committee on Appropriations, Washington, D.C., 12 June 2013.

Bender, Jason M. "Cyber-Electromagnetic Activities (CEMA) Element Brief." Presentation given to 8th U.S. Army Commanding General and Staff during Exercise Key Resolve 2013, 19 March 2013.

Bender, Jason M. "Fires and Targeting in Cyberspace." Presentation given at the Armed Forces Communications and Electronics Association (AFCEA) TechNet Conference, Baltimore, MD, 16 August 2012.

Hernandez, Rhett A. “Concerning Digital Warrior: Improving Military Capabilities in the Cyber Domain.” Statement made before the U.S. House of Representatives Committee on Armed Services Subcommittee on Emerging Threats and Capabilities, Washington, D.C., 25 July 2012.

Karl F. Rauscher and Andrey Korotkov. "Working Towards Rules for Governing Cyber Conflict: Rendering the Geneva and Hague Conventions in Cyberspace." The Russia-U.S. Bilateral on Critical Infrastructure Protection. Munich Security Conference: EastWest Institute, 4-6 February 2011.

Samuel Liles, et. al. "Applying Traditional Military Principles to Cyber Warfare." 4th International Conference on Cyber Conflict. Talinn: NATO CCD COE Publications, 2012. 169-180.

End Notes

[1] Important to the discussion is the understanding that OCO is hereafter referred based on the definition in Joint Publication 3-12 Cyberspace Operations as the “intended… project[ion of] power by the application of force in and through cyberspace,” and for the purposes of the discussion includes “cyberspace [intelligence, surveillance, and reconnaissance] ISR”, “cyberspace operational preparation of the environment”, and “cyberspace attack”. [Department of Defense, Joint Publication 3-12 Cyberspace Operations, Washington, D.C.: The Joint Staff, February 2013, II-2 – II-6.]

[2] JP 3-12, vi.

[3] See Deborah S. Karagosian, The Megabyte Will Always Get Through, (Monograph, Fort Leavenworth, KS: U.S. Army School of Advanced Military Studies, 2012).

[4] James Stavridis, “Why the Nation Needs a US Cyber Force,” The Boston Globe (29 September 2013), See also, Karagosian, The Megabyte Will Always Get Through.

[5] Department of the Army, Army Doctrinal Reference Publication (ADRP) 5-0: The Operations Process, (Washington, D.C.: Headquarters, Department of the Army, 17 May 2012), 1-2.

[6] See David B. Farmer, Do the Principles of War Apply to Cyber War? (Monograph, Fort Leavenworth, KS: U.S. Army School of Advanced Military Studies, 2010); James D. Jones, "Cyberspace Target Systems Analysis," IOSphere (Spring 2010), 37-41; Sam Arwood, Robert F. Mills, and Richard A. Raines, "Operational Art and Targeting Strategy for Cyberspace Operations." IOSphere (Spring 2010), 30-36; Steven J. Smart, "Joint Targeting in Cyberspace," Air & Space Power Journal (Winter 2011), 65-75; Ian Kallberg and Bhavani Thuraisingham, "Cyber Operations: Bridging from Concept to Cyber Superiority," Joint Forces Quarterly (1st Quarter 2013), 53-58; and Herbert S. Lin, "Offensive Cyber Operations and the Use of Force," Journal of National Security Law & Policy (2010, vol. 4), 63-86.

[7] In the Army, this officer is classified Functional Area 40. [Department of the Army, Department of the Army Pamphlet (DA Pam) 600-3: Commissioned Officer Professional Development and Career Management, (Washington, D.C.: Headquarters, Department of the Army, 1 February 2010), 235-240.] DA Pam 600-3 defines a ‘functional area’ as “a grouping of officers by technical specialty or skills other than an arm, service or branch that usually requires unique education, training and experience… [who] serve repetitive and progressive assignments within their functional area.” [DA Pam 600-3, 14.]

[8] DA Pam 600-3, 235.

[9] Ibid, 368-370.

[10] JP 3-12, II-2 – II-5.

[11] DA Pam 600-3, 14-15

[12] Joe Gould, “Cyber Careers,” Army Times (1 July 2013), 18. While not yet approved by the Secretary of the Army, approval is expected.

[13] Gould, “Cyber Careers,” 18.

[14] Ibid.

[15] Army Information Operations is Functional Area 30. [DA Pam 600-3, 192-198.]

[16] DA Pam 600-3, 14-15.

[17] Ibid.

[18] Ibid, 14.

[19] Ibid, 220-235.

[20] Stavridis, “Why the Nation Needs a US Cyber Force.”

[21] Jared Serbu, “Army ponders proper shape, size of cyber workforce,” Federal News Radio 1500 AM (28 October 2013),; Jared Serbu, “Air Force aims to turn cyber into a career,” Federal News Radio 1500 AM (01 March 2012), See also Stavridis, “Why the Nation Needs a US Cyber Force”; in making his argument regarding the need for a cyber service akin to the Army, Navy, or Air Force, Stavridis cites the need to centralize what is now service-specific recruiting and training efforts in an effort to ensure long-term retention and promotion opportunities for cyberspace operators.

[22] See Air Force Space Command Public Affairs, "New Air Force Cyberspace Badge Guidelines Released," (27 April 2010),; see also Chief of Naval Personnel Public Affairs, “Information Dominance Corps Warfare Insignia Approved,” (22 February 2010) .

[23] Brett Williams (Maj Gen, USAF), “Cyberspace Operations” (presentation at the Joint Advanced Cyber Warfare Course 11, Linthicum, MD, June 25, 2013).

[24] The warfighting functions are traditionally considered by the joint community as “joint functions” as command and control, movement and maneuver, fires, intelligence, protection, and sustainment. [See Chairman of the Joint Chiefs of Staff, Joint Publication 3-0 Joint Operations, (Washington, D.C.: The Joint Staff, 11 August 2011), III-2 – III-39.] The Army doctrine presents the joint functions as “warfighting functions”. [See Headquarters, Department of the Army, Army Doctrinal Reference Publication (ADRP) 3-0: Unified Land Operations, (Washington, D.C.: Headquarters, Department of the Army, 10 October 2011), 3-2 – 3-6.]

[25] This is a continual criticism of the Special Technical Operations (STO) community too.

[26] Maj. Gen. Williams – the current USCYBERCOM J3 – is an Air Force F-15C pilot with more than 3600 hours in the cockpit. A graduate of the Air Force the-School of Advanced Airpower Studies (SAAS), he was also the USPACOM J6 Director of Command, Control, Communications and Computer Systems (C4) from July 2009 to January 2011, and the Deputy Chief of Staff for Operations, Plans and Requirements at Headquarters, U.S. Air Force. [See U.S. Air Force, “Major General Brett T. Williams,”] Brig. Gen. Grigsby, an infantry officer, is the current Director of Training at Headquarters, Department of the Army G-3/5/7 and was previously the Deputy Commanding General (Operations) for the U.S. Army 1st Armored Division; Director, Mission Command Center of Excellence at the Army’s Combined Arms Center; and Director of the Army’s School of Advanced Military Studies (SAMS). He is a SAMS graduate and a former infantry brigade combat team and battalion commander. [See Department of the Army General Officer Management Office, “Brigadier General Wayne W. Grigsby, Jr.,”]

[27] Department of Defense, Joint Publication 5-0 Joint Operations Planning, (Washington, D.C.: The Joint Staff), III-21.

[28] JP 3-12, IV-1 – IV-2.

[29] Williams, “Cyberspace Operations.”

[30] Karagosian, The Megabyte Will Always Get Through, 55.

[31] See Larry Mize, “Army Training Incorporates Space Strategy,” The Redstone Rocket (16 October 2013), Insofar as the ‘specialized planning courses’, this refers to the Army’s School of Advanced Military Studies (SAMS); the Marine Corps’ School of Advanced Warfighting (SAW); and the Air Force’s School of Advanced Air and Space Studies (SAASS). General information on the service staff colleges and universities and the courses taught by each can be found at their respective websites: U.S. Army Command and General Staff College (; Army War College (; U.S. Marine Corps University (; U.S. Naval War College (; and U.S. Air Force Air University ( See also Gordon B. Davis and James B. Martin, “CGSC: Developing Leaders to Adapt and Dominate for the Army of Today and Tomorrow,” Military Review (September-October 2012): 63-74; and Vincent Bowhers, “Manage or Educate: Fulfilling the Purpose of Joint Military Professional Education,” Joint Forces Quarterly (4th Quarter 2012): 26-29.

[32] JP 3-0, IV-1.

[33] The visual depiction of this has so far been accepted by the Army’s doctrine developers and warfighting centers.

[34] See U.S. Army Cyber Command (ARCYBER), The U.S. Army LandCyber White Paper 2018-2030, (Fort Meade, MD: U.S. Army Cyber Command, 9 September 2013).

[35] JP 3-0 is a good indicator of this in that, as late as the most recent version (2011), cyberspace relative to the operating environment is only presented in terms of defensive cyberspace operations. [JP 3-0, IV-3. See also ADRP 3-0, 1-2 – 1-3.]

[36] Chairman of the Joint Chiefs of Staff, Joint Publication (JP) 3-13: Information Operations (Washington, D.C.: The Joint Staff, 13 February 2006), I-1. The 2006 version of JP 3-13 explained that “[t]he information environment is the aggregate of individuals, organizations, and systems that collect, process, disseminate, or act on information…  [and] even though the information environment is considered distinct, it resides within each of the four domains.” The 2012 version of JP 3-13 does not present the information environment this way and only presents it in terms of 2011 JP 3-0 definition of the ‘operating environment’ as previously discussed, relative to the physical, informational, and cognitive dimensions. [Chairman of the Joint Chiefs of Staff, Joint Publication (JP) 3-13 (Washington, D.C.: The Joint Staff, 27 November 2012), I-2 – I-3.]

[37] JP 3-12, II-1. [NOTE: This should be alleviated with the future publication of U.S. Army Field Manual 3-38 Cyber and Electromagnetic Activities (CEMA).]

[38] This insight was provided during a recent telephone conversation and email exchange with a U.S Army School of Advanced Military Studies (SAMS) civilian instructor. The inference across the sister service and joint schools is based on them including international students and rarely – if ever – conducting a U.S.-only common-core course in the respective command and staff or war colleges.

[39] See Mark Stout, “5 Reasons We Don’t Have Good Strategic Thought on Cyber,” War on the Rocks (22 October 2013), See also Federation of American Scientists, “Fact Sheet on Presidential Policy Directive 20,” Federation of American Scientists (Washington, D.C.: FAS, January 2013),

[40] Michael Hudson, “USCYBERCOM J72 Training and Exercises” (presentation at the Joint Advanced Cyber Warfare Course 11, Linthicum, MD, June 27, 2013).

[41] Bowhers, “Manage or Educate: Fulfilling the Purpose of JPME,” 28.

[42] See Joint Forces Staff College, “Senior Enlisted Joint Professional Military Education Course Overview,”

[43] See U.S. Army Capabilities Integration Center, “Unified Quest (UQ),”

[44] 1st Information Operations Command, “IO Training Overview,” See also U.S. Cyber Command, “J358 Assessments Team FY 12 Training Plan”, Appendix D. See also U.S. Army Cyber Command, “G5/7 Training Newsletter,” (October 2013).

[45] U.S. Marine Corps Detachment (MARDET) Correy Station, “Slick Sheet – Joint Network Attack Course (JNAC),” See also U.S. Cyber Command, “J358 Assessments Team FY 12 Training Plan”, Appendix D.

[46] U.S. Cyber Command, “Joint Cyberspace Operations Planners Course Announcement for 2013” (16 July 2012).

[47] Defense Intelligence Agency, “Joint Advanced Cyber Warfare Course (JACWC) Convening Announcement” (13 June 2012).

[48] U.S. Cyber Command, “USCYBERCOM Joint Advanced Cyber Warfare Course,”

[49] Carrie Solberg, “Navy Officer is First Graduate of AFIT’s Cyber 200 and Cyber 300 Courses,” (24 February 2012),

[50] USAF Space Command Public Affairs, “New Air Force Cyberspace Badge Guidelines Released.”

[51] U.S. Army Fires Center of Excellence and Fort Sill, “Course Information,”

[52] U.S. Army Fires Center of Excellence and Fort Sill, “Cancellation of Joint Operational Fires and Effects Course (2E-F229/250-F55),” (17 May 2013).

[53] Defense Intelligence Agency, “Joint Intermediate Target Development (JITD),”

[54] “Joint Targeting School,”

[55] U.S. Army Fires CoE, “Cancellation of Joint Operational Fires and Effects Course.”

[56] Joint Forces Staff College, “Joint Information Operations Planners Course (JIOPC),”

[57] JP 3-13, 2012, ix and II-9.

[58] Williams, “Cyberspace Operations.”

[59] ADRP 3-0, 4-1; see also JP 3-0, II-3. Army service doctrine points out that the operational art is the “arrangement of tactical actions in time, space, and purpose” where the goal is “the pursuit of strategic objectives, in whole or in part….” Joint doctrine informs that it is a “thought process that uses skill, knowledge, experience, and judgment to

overcome the ambiguity and uncertainty of a complex environment and understand the problem at hand” with that creative thinking oriented on the “design [of] strategies, campaigns, and major operations [that] organize and employ military forces…”

[60] Gregory Conti, et. al., “Self-Development for Cyber Warriors,” Small Wars Journal (10 November 2011), 2.

[61] James Mattis, quoted in Geoffrey Ingersoll, “General James ‘Mad Dog’ Mattis Email About Being ‘Too Busy to Read’ is a Must Read” (9 May 2013),

[62] Williams, “Cyberspace Operations.”


About the Author(s)

Lieutenant Colonel Jason Bender is a career U.S. Army Field Artillery Officer and is currently assigned as the Professor of Military Science at the University of Cincinnati Army Reserve Officer Training Corps (ROTC) “Bearcat” Detachment. Lt. Col. Bender holds a Master of Military Arts and Sciences from the U.S. Army Command and General Staff School; a Master of Science in International Relations (Strategic Studies focus) from Troy University; and a Bachelor of Science in Actuarial Mathematics from Oregon State University. He is a graduate of the U.S. Army Command and General Staff School’s Command and General Staff College (CGSC) and School of Advanced Military Studies (SAMS). Previous assignments include leadership, staff, and fire support positions in self-propelled cannon and rocket artillery units; senior fire support instructor and branch chief at the U.S. Army Aviation Center’s Combined Arms Division; staff officer at Headquarters, U.S. Forces Korea/ROK-US Combined Forces Command/United Nations Command; and as an Iraqi infantry division military transition team (MiTT) executive officer and fires advisor; and Chief of Fires and G5 Strategy and Policy Planner at U.S. Army Cyber Command/2nd U.S. Army. Lt. Col. Bender is also the author of “The Cyberspace Operations Planner” (2013) and “Advising Foreign Security Forces: Implications of Korea and Vietnam” (2010), and is a co-author of “Training Considerations for an Advise and Assist Brigade Combat Team” (2009).



Tue, 08/16/2022 - 12:56am

Extremely thorough and accurate article. The suggested reading list is priceless on its own. In order to satisfy my expectations for the research paper on two subjects that I paid for, the writer went above and above. She started by making a list of potential necessities she believed I would require, and then she inquired as to how far back in time I wanted her to go. You can read this page for PapersOwl review. The final product exceeded my expectations for a write-up, and I was amazed at the depth of her expertise in this field of study. Consult your PapersOwl writer if you have a topic but are unclear of how much to cover.


Much of your paper covers organizational and institutional questions which I'm not qualified to judge, but on the whole this article seems well thought out and researched.

There's a Symposium/Convention coming up in D.C. in December: "Synchronizing EW and Cyber to Achieve Spectrum Dominance" being organized by the AOC. I doubt the actual speeches are likely to give you greater insight, but the Keynote and Ranking speakers themselves are typically available at the social aspects of these types of things… or at least willing to refer officers such as yourselves to their own contact staff for consideration at a later date (after the schmoozing).

My own experience in this domain is from WAAAAYY outside conventional military adoption or organization. This admitted, it seems to me "planner" is MilSpeak for "Project Manager" in terms of Operations… relating to UW or IW or 4GW concepts of "Cyber" as opposed to the AOC concept of integration and improvement of existing functions, but applied or implemented with different types of tech. Personally, I've never agreed with what I believe to be the DoD/DIA and etc's very limited scope of targeting considerations… although I'd guess that the Admin and Pentagon largely agree with the DoD CIO's desire for a Treaty level definition of Rules of Engagement (a concept which, based on my own personal experience, is itself a unilateralist withdrawal from the Cyber Domain by the U.S. Military).

Currently the OPM is STILL printing and mailing the notification letters to the 3.7 million U.S. Federal Employees who've had their entire 'digital' and 'official' lives compromised… by what appears to be a foreign militaries Cyber Corps operation. Out of curiosity… hypothetically, let's say… what should have been, or could have been, the U.S. militaries response to this breech? (As your file was certainly amongst those flagged and set aside as priority…). As a Cyber planner, you probably have a good idea how Intelligence and Military personnel and their families can be targeted and exploited based on the data collected: how would you advise a retired Ranger NCO who wants to know the best course of action for himself and his family?


A. Scott Crawford

Ken Peifer

Mon, 12/02/2013 - 4:20pm

Not Sure Jason was aware of this.....After months of research across Service, CCMD, and agency schools and courses, we developed and launched a Air Force Cyber Operations Planner Training Course (COPTC) within AFCYBER/A3 early in 2012. We found we had to build our own to get what we needed, and even if we had the people, time, and $$ to send them to the best courses out there - we still had an internal gap to fill; collaborating and synchronizing from staff to tactical operators. As we taught our course, the other Services were looking for the same thing, and some core process changes were coming out of USCC, so we were constantly refreshing our curriculum to account for change and apply lessons learned from CCMD exercises and operations. We offered COPTC about once per quarter to primarily Airmen and CCMD planners. It was framed in JP-5.0 and influenced by a variety of other courses our members had attended including JACWC, JNAC and Joint Air and Space Operations Senior Staff Course (JSSC). The objective was to integrate Air Force cyber capabilities (OCO, DCO, DoDIN ops) into Joint and Air Force plans and operations. We did some curricula sharing with USCC J7 and J3 as well as with the Air Force Weapons School, the Army, USMC, and Air University. We achieved some success at establishing a baseline understanding of the doctrine and integration (problems outlined in this article)... it was done 100% out of hide as our small team was fully tasked in plans and operations with USCC, and several CCMDs, and we were implementing the Joint Staff Transitional C2 Construct for Cyber, OPDIR 21-001, and what all became the Cyber Mission Force. None of us were curriculum developers or instructors - we were staff planners with operational experience in cyber, IO, EW, special ops, and IJSTO. The COPTC has not been updated or offered for more than 9 months. I retired from AFCYBER/A3 on 1 Oct. Jason's article is exactly what he promised and well-written - the best articulation of the problem I've seen to-date. The quote that comes to mind at this point is..."Culture eats strategy for breakfast." It will take leadership and joint-mindedness to get us all on the same side of the street.

I positively enjoyed the ‘They Cyberspace Operations Planner’ article by Jason M. Bender, and it echoed many of my feelings regarding the challenges I see with the incorporation of offensive cyber at the operational and tactical levels of the Army. The role of a cyber planner is definitely a challenge due to the large gap for the integration of the technical aspects of cyber into the art of operations. I wanted to discuss a few topics although will lack the finesse of the original article.

One of the major issues currently with the integration of OCO is what staff officer is responsible for planning at the division, corps, ASCC. I would contend the answer is not a single staff officer, although the duties exist with the CEMA element, and according Draft FM 3-38 “The CEMA element is led by the electronic warfare officer (EWO) and provides the staff expertise for the planning, integration, and synchronization of cyberspace operations, EW, and EMSMO.” The challenge is the CEMA element only consists of the electronic warfare officers, and a spectrum manager thus brutally deficient in the necessary skill sets to conduct cyberspace operations. Due to this shortfall, the EWO is required to offset the shortfall by integrating the cyber professionals from within the G6 section via the CEMA Working Group. The units may have the ‘well-trained and technically savvy cyberspace operators’ although without the staff synchronization they will focus on their DCO duties within the confines of the G6 section. The EWO is responsible to develop and nominate the offensive cyberspace targets to support the commander’s plan.

The unique nature of OCO increases the difficulty in the EWOs to develop planning experience. The field artillery officer spends time in multiple career developing assignments providing the basis to understand the effects provided by fires, the best means to plan and integrate these effects albeit there is no impact area for the cyber planner to observe cyber fires, and simulations often lack the means to replicate non-lethal attacks. First-hand experience is imperative for the development of OCO planning although there are limited opportunities to obtain the experience and currently are no EWO positions with the N9 ASI thus hindering the attendance of the Army Cyberspace Operations Planners Course. The EWO will be challenged in advising the commander on how CEMA can influence an operational environment without the firsthand experience and the education background. This is compounded in associated varying OCO capabilities based upon the enemy systems and infrastructure.

While there is no ‘planner” listed in the Army’s occupational specialties and functional areas everybody in is expected to plan as the subject matter expert for their field. At the echelons with dedicated planners, yes they may have an aptitude for the ‘planning’ although they still rely upon the subject matter experts in the development of the unit plan. Established there is no Electronic Warfare planner in the Corps Plans section, albeit the SAMs graduate is not planning EW. They rely upon the EWO to participate in the operations process and incorporate electronic warfare into the plan. The expanding role of the EWO with CEMA implies they are integral with the cyber planning from the OCO aspect, and bear duty to ensure the G6 planning efforts cover DCO.

The creation of a Cyber Center of Excellence demonstrates a failure to distinguish CEMA and cyber as these terms on not interchangeable. While the naming is inaccurate, the concept is sound to integrate the three legs of CEMA: Cyber Operations, Electronic Warfare, and Spectrum Management into one center of excellence. Justify the creation of a cyber career field would be premature due to the vast array of specialized skills within CEMA. Plausible is designating a few positions that may be filled with 25, 29, 35, or 53 with CEMA experience. Similar to the multifunction logistician concept.

The lack of Army EWOs in the cyberspace operations community represents a detrimental flaw in our current organization. There is validity with the presence of 13As/131As although the development, vetting, and processing of offensive cyberspace targets within Army units is conducted by the 29A/290A/29Es. Additionally in the age of wireless networks, smart-phones, and SCADA using wireless technology, one could see infinite value a EWO would play in the cyber community, a gap that is not filled by field artillery or information operations. The assignment of a FA29 to ARCYBER would provide a great career development job as then the officer could return to a division or corps as an experience CNO planner.

Great article, and look forward to more articles regarding cyberspace operations.


Wed, 11/06/2013 - 8:31am

A thorough article with great detail, but I propose Jason did not consider the Army FA 30 (Information Operations) career field who clearly understand the operations and planning processes . Currently as the Field Support Division (FSD) Chief, I supervise eight Field Support Teams (FST) currently integrating information related capabilities into "the common operations process – plan, prepare, execute, and assess – by which combatant commands orient themselves during the development of targets that support their plans," across every Combatant Command including SOCOM. Since 1995, 1st IO Command (Land) personnel have integrated information related capabilities into operations by providing clear objectives, commanders intent, specific guidance, and desired effects.

1st IO Command planners practice a life-long learning process through formal and informal education to continuously leverage new capabilities as those capabilities become available to Army and Joint forces 1st IO Command continuously improves its training methods to leverage tactics, techniques, and procedures from leverage lessons learned and tactics, techniques, and procedures to improve assigned persons' abilities to synchronize physical domains, cyberspace, the information environment and the electromagnetic spectrum.

In the past six months, there are numerous examples where 1st Battalion, 1st IO Command FSTs integrated cyber operations operations through the globe with great success and acknowledgement by commanders and senior leaders of Army and Joint forces. The cyber operations were coordinated with the appropriate Combatant Commands and other government agencies. The successful activities integrated and synchronized the "technical aspects of cyberspace operations in order to provide clear objectives, along with solid intent, planning guidance, and desired effects that facilitate quick understanding by supporting planners" mentioned by Jason in the above article. He does clearly articulate

I also propose that Cyber is an additional information medium or information related capability (described by current Joint doctrine). It provides another dimension for collecting and disseminating information. Its similarity to the intelligence field (human, signal, image, and etc.) reinforce the additional dimension and provide an opportunity to integrate and synchronize effects that influence the physical, cognitive, human, and "cyber" dimensions. The cyber dimension while providing additional concepts and restrictions, are not beyond the laws of physics and can be integrated into current operations by those planners (FA 30, Information Operations planners) that understand and already provide clear objectives, commanders intent, specific guidance, and desired effects for other information related capabilities.


Tue, 11/05/2013 - 8:03pm

Offensive Cyber operations in the tactical environment, for the Marine Corps and Army, require that individuals on the ground have the capability to destroy or exploit enemy cyber infrastructure insitu in a coordinated fashion. That is to say that company level units need to have the capability to destroy ,exploit or compromise any enemy cyber infrastructure according to a plan that has been put together by a higher headquarters.

This is very different work than what an Army Space Operations Officer does when he reports in to a Marine Expeditionary Force HQ for duty. The Space Operations Officer is more of a liaison officer than a tactical planner because they normally coordinate the use of National or Theater Level assets and not much else. They do not plan tactical operations. A cyber warfare planner would have to continuously work with the local, higher and adjacent units to ensure that the offensive cyber operations conducted in any given AOR are coordinated and in sync with every other unit conducting these operations.

The statement “Replace ‘space’ with ‘cyberspace’ or ‘OCO’ and a description quickly takes shape regarding the expertise and skills that OCO planners from the USCYBERCOM service cyber components provide when they deploy to conduct planning in support of GCCs or service operational or tactical units” completely undersells the effort required that OCO planners from the USCYBERCOM service cyber components need to provide to ensure unified cyber operations. Cyber operators / planners need to be integrated at every level of command from the company on up. This will become more obvious as our enemies introduce semi-autonomous and autonomous machines onto the battle field.

Damn, very detailed and spot on essay. The recommended reading list alone is worth its weight in gold.