Getting off the Bench: Challenges to Integrating Cyber into Multi-Domain Operations

By Joed Carbonell

Nations have been conducting operations across multiple domains for centuries. For the United States, operations were conducted through the land and maritime domains as far back as the Revolutionary War. Thus, even if the name is new, the concept of multi-domain operations is not. It has, however, evolved dramatically over the years. In the 20th century, air and space joined the land and maritime domains as war-fighting domains; this century, the cyberspace domain was added. The ability to conduct operations across any combination of these five domains, multi-domain operations (MDO), is critical in order to achieve the Joint Force Commander’s (JFC) objective(s).

The joint community and each of the Services have had the luxury of time to develop doctrine, tactics, techniques, and procedures for conducting war through the first four of these domains. Utilizing cyberspace as a warfighting domain is still, however, in its infancy. It must evolve similar to how the utilization of the air domain evolved during the 20th century. During this period, air operations advanced from short range air support missions providing tactical advantages to long range bombing, mobility, refueling, and strike missions projecting a strategic advantage. However, despite all of its benefits, military conflicts cannot be won through air operations alone. It must always be used in combination with other domains to achieve the JFC’s objective(s). Likewise, JFCs and their staff must learn how cyberspace fits in to their current MDO, similar to how commanders had to learn how to incorporate air into their operations during its introduction as a warfighting domain a century ago.

Effectively integrating cyberspace into multi-domain operations will require three overarching changes across the joint community and Services: a common vernacular, an operational work force, and a change in culture.

Common Vernacular

While Joint Publication (JP) 3-12 provides definitions for cyberspace and cyberspace operations, their broadness has allowed JFCs and Services to define cyber ambiguously ranging from communications and information technology (traditional “6” functions), to intelligence (traditional “2” and Title 50 functions), to operations (traditional “3” functions). In the context of MDO and as a warfighting domain, cyber operations can only fall in to one of these categories: operations. Communications, information technology (IT), and all of the functions associated with operating and securing them are critical support functions that enable operations across every domain – but they are not operations. Similarly, intelligence activities are critical support functions for cyber operations in the same way they support the air, land, maritime, and space domains – but again, they are not operations.

Additionally, the joint community and Services should refrain from merging the operations of a domain (i.e. Department of Defense Information Network or DODIN operations) from the conduct of war through a domain (i.e. cyber operations). Operating the network is a critical enabler to the conduct of war in the same way that the builders and maintainers of planes, ships, and tanks are critical enablers to the conduct of war in the other domains. Specifically, cyber operations are the conduct of defensive and offensive operations through the cyberspace domain.

To further clarify, defensive cyber operations (DCO) is the proactive hunting and neutralization of the enemy within the DODIN. While this is more law enforcement or counterintelligence in nature, the key is that operators are proactively pursuing the enemy not conducting a mission assurance function. Offensive cyber operations (OCO) deliver kinetic and non-kinetic effects through the cyberspace domain. While OCO might also include surveillance and reconnaissance operations to prepare for mission execution, these Title 10 functions are no different than the surveillance and reconnaissance operations an infantry battalion would conduct in preparation to execute their mission.

Operational Workforce

The corollary to the ambiguity in terminology discussed in the previous section is the development of an operational workforce. An operational domain requires professional operators, not technicians, developed and trained in the conduct of war and joint operations. This requires an enlisted and officer corps that are developed and trained to conduct DCO and OCO early in their careers. From there, they should transition to targeting and tactical planning at the joint team level where they learn how those operations are integrated with the other domains to conduct MDOs in support of the JFC’s objective(s). After this they should then progress to integrate their cyber operations expertise at the operational and strategic levels. What is critical is that they remain operationally focused throughout their careers and not be forced to transition between DODIN functions and cyber operations in order to advance in their careers. The Army and Navy have recognized the importance of creating an operational work force and the Marines are catching on as well.

cyber trainingThe Air Force, however, continues to struggle with this. While the development of the enlisted Cyber Warfare Operations (1B4) career field created a dedicated corps of cyber operations Airmen, the Cyberspace Operations Officer career field (17X) is shared between IT support and cyber operations functions. This has held the Air Force back in developing a strong officer cadre that is well versed in operational doctrine and that is operationally integrated and respected by their operator peers (11X, 12X, and 13X) career fields. By splitting time between operations and support, 17X’s will always fall behind their operationally dedicated peers, hampering development of true cyber operations integration. Separating these two functions into distinct career fields would allow IT professionals to focus on securing and operating base networks and systems while enabling cyber operations officers to focus on conducting DCO and OCO. In turn, the Air Force benefits from a cadre of operators experienced in operations, planning, and strategy that will be better prepared and positioned to integrate cyber into MDO within a Combatant Command and its component commands.

Change in Culture

The previous two sections underpin the driving force for successful integration of cyber into MDO: a change in culture. This must start at the top of DOD, Intelligence Community (IC), and, ultimately, U.S. Government. The first change that needs to occur is linked to the need for a common vernacular. There needs to be a common understanding of what is considered operations, and what is not. Right now, there is a cultural coupling between DCO/OCO and DODIN operations that is limiting the full integration of cyber into MDO. While there is definitely a relationship between DODIN operations and DCO/OCO, one is strictly a support function, not operations. DODIN operations can be equated to the heroic work aircraft maintainers do to keep planes operating properly; they are conducting critical enabling functions, but they are not conducting operations. Likewise, the incredible work the National Security Agency and the Intelligence Community does in their intelligence support function is critical support to cyber operations, but this work is not the operations themselves. They simply provide intelligence support to the JFC relevant to each of the five domains. Confusing these distinct functions obfuscates what cyber operations does within the joint community.

The second change that needs to occur is in how OCO is treated by senior leaders. Because of the difficulty in measuring success, collateral damage, etc., compared to traditional kinetic weapons, the employment of OCO has been very tightly controlled at the highest levels of government. In order to fully leverage it within MDO, the DOD, led by Cyber Command and the Joint Staff, must develop new assessment mechanisms to better predict collateral damage and overall effects of OCO capabilities. This would provide them the tools necessary to gain the trust of Senior leaders and overseers to employ OCO capabilities at the lowest echelons necessary. As these capabilities are developed, authority to employ them should be delegated down to the JFC and subordinate commands. This is tied directly to the third change needed: availability of capabilities.

To be effective, OCO capabilities need to be made available to the lowest echelon possible at a much more rapid pace. JFCs are responsible for conducting MDO, not the IC or Services. Cyber will always be left out of MDOs if the JFC is required to get approval from the highest echelon of government every time. It will also be left out if the process for requesting and employing them remains so bureaucratic and cumbersome. The desired end state is one where cyber can be equally a part of time sensitive targeting and current operations as it is in strategic planning.

The last change in culture required is the elimination of stovepipe thinking. As Will Garvin discussed in depth in his OTH article, multi-domain operations begin with multi-domain thinking. Whether conducting DCO or OCO, cyber operations have to be conducted as part of a broader JFC objective. Cyber operators and planners must proactively seek to understand what other activities and operations are occurring throughout every domain within their operational environment. For example, the deployment of a carrier strike group in a region could increase threat activity within the DODIN. Multi-domain thinking would immediately see the linkage driving an increase in alert and defensive postures. It’s important to note, the multi-domain thinking in this example would need to occur at multiple echelons. JFC, maritime, and cyber components must each recognize the linkage and potential impact to their respective DODIN enclaves. Ultimately, these proposed culture changes are critical for operators, planners and their enablers across every domain.

While cyberspace is the newest domain, it should not require a reinvention of how we operate as a joint force. Instead we should be applying the proven principles of joint doctrine and operation into the cyberspace domain without “cybering” everything. As the newest domain, it is incumbent on the cyber operations forces to verse themselves in joint doctrine and learn how to integrate their capabilities into the joint fight similar to how Billy Mitchell did in the onset of air operations doctrine. They must also guard themselves from viewing the world strictly through the lens of cyber. The objectives of our JFC commanders can never be met through a single domain. They can only be met leveraging our full range of operational capabilities across multiple domains.

Joed Carbonell is a Cyberspace Operations and Intelligence Officer with four combat tours in support Operations Enduring and Iraqi Freedom. He is currently the commander of the 276th Cyberspace Operations Squadron with the Maryland Air National Guard and an adjunct professor of global management and international cybersecurity policy at Indiana Wesleyan University. Lastly, he is a graduate of the National Security Agency’s Junior Officer Cryptologic Career Program and earned his Doctor of Strategic Leadership with an emphasis in Strategic Foresight from Regent University.

The views expressed are those of the author and do not reflect the official policy or position of the Department of Defense or the U.S. Government.


Leave a Reply