New cyber doctrine shows more offense, transparency

futuristic cyberwar

The Pentagon this week published a doctrine that was unusually candid about offensive scenarios in cyberspace, a transparency that experts say could lead to an open and perhaps overdue policy debate.

The document, released internally by the Joint Chiefs of Staff in February 2013 and publicly on Oct. 21, argues that the "growing reliance on cyberspace around the globe requires carefully controlling OCO [offensive cyber operations], requiring national level approval. This requires commanders to remain cognizant of changes in national cyberspace policy and potential impacts on operational authorities."

The document also clearly defines offensive cyber operations as those "intended to project power by the application of force in and through cyberspace." The document is a reference point for top brass in planning cyber operations, not something that the budding force of thousands of military cyber specialists will draw on in day-to-day work, if ever.

Jay Healey, director of the Atlantic Council's Cyber Statecraft Initiative, said the document was a welcome departure from past military practice of over-classifying discussions of strategy.

"Just think of ... the problems of classification over the last 10 years. By completely classifying 'China' and what was going on, treating it like it was a huge counterintelligence secret, it delayed us from trying to react to Chinese espionage, in ways, for decades," he said.

Healey, a former member of a cyber war-fighting unit in the Air Force, hopes that making the document public will open up debate among experts and officials on U.S. military goals for cyberspace. Physical conflicts in Vietnam, Iraq and Afghanistan came with at least some debate of strategy, he said, so why not the same for cyberspace?

Robert M. Lee, a digital forensic specialist and Ph.D. candidate at King's College London, agreed that in a military often hampered by over-classification, "to get to the point where we can declassify some of this is a big step" that will prompt debate among experts in and out of government.

The newly released doctrine, banally named Joint Publication 3-12 (R), builds on a 2006 document known as the National Military Strategy for Cyberspace Operations (NMS-CO), which then-Chairman of the Joint Chiefs Gen. Peter Pace described as the armed forces' "comprehensive strategic approach for using cyberspace to assure U.S. military strategic superiority in the domain."

The NMS-CO touched on cyber offense, but another key document, DOD's Strategy for Operating in Cyberspace (SOC), published in July 2011, made no mention of it at all. The day the Pentagon unveiled that strategy, Gen. James Cartwright, then vice chairman of the Joint Chiefs, said the U.S. approach to cyberspace was "too predictable" and lamented the lack of an offensive strategy.

There is no one authoritative document on U.S. military cyber operations. But there is a body of literature whose shape reveals the trajectory of U.S. policy.

In that sense, the newly released document could help bring offensive cyber operations to the fore, Lee said. The doctrine is "legitimizing that seat at the table, where you are absolutely going to see offensive cyber operations used more often and more openly. I think there's an argument to be made that it would be done anyway, but documents like this that really firm it up add to the process," said Lee, who is an active-duty Air Force cyber warfare operations officer.

Codifying an offensive cyber option builds it into the chain of command for military operations like the ongoing one against the Islamic State of Iraq and Syria. The Pentagon established U.S. Cyber Command four years ago for chain-of-command clarity, and its commander, Adm. Michael Rogers, has said he has a close eye on ISIS in cyberspace.

Though a doctrinal hurdle to offensive cyber operations may have been cleared with the release of the joint doctrine, a large bureaucratic hurdle apparently remains. The military wants to dominate cyberspace, but enlisting the help of civilian agencies could present a huge challenge.

House Intelligence Chairman Mike Rogers (R-Mich.) recently identified a lack of cross-agency coordination as a barrier to more offensive cyber operations. No doctrine from the Joint Chiefs can solve that problem.

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.