Updated December 18, 2018
Defense Primer: Cyberspace Operations
Overview
force; (2) compete and deter in cyberspace; (3) strengthen
The Department of Defense (DOD) defines cyberspace as a
alliances and attract new partnerships; (4) reform the
global domain within the information environment
department; and (5) cultivate talent.
consisting of the interdependent network of information
technology infrastructures and resident data, including the
Three operational concepts identified in the DOD Cyber
Internet, telecommunications networks, computer systems,
Strategy are to conduct cyberspace operations to collect
and embedded processors and controllers. The DOD
intelligence and prepare military cyber capabilities to be
Information Network (DODIN) is a global infrastructure
used in the event of crisis or conflict, and to defend forward
carrying DOD, national security, and related intelligence
to disrupt or halt malicious cyber activity at its source,
community information and intelligence.
including activity that falls below the level of armed
conflict. Defending forward may involve a more aggressive
Cyberspace operations are composed of the military,
active defense, meaning activities designed to disrupt an
intelligence, and ordinary business operations of the DOD
adversary’s network when hostile activity is suspected.
in and through cyberspace. Military cyberspace operations
use cyberspace capabilities to create effects that support
Cyber Mission Force
operations across the physical domains and cyberspace.
DOD began to build a Cyber Mission Force (CMF) in 2012
Cyberspace operations differ from information operations
to carry out DOD’s cyber missions. The CMF consists of
(IO), which are specifically concerned with the use of
133 teams that are organized to meet DOD’s three cyber
information-related capabilities during military operations
missions. Specifically, Cyber Mission Force teams support
to affect the decision making of adversaries while
these mission sets though their respective assignments:
protecting our own. IO may use cyberspace as a medium,
but it may also employ capabilities from the physical
Cyber National Mission Force teams defend the nation
domains.
by seeing adversary activity, blocking attacks, and
maneuvering in cyberspace to defeat them.
Cyberspace operations are categorized into the following:
Cyber Combat Mission Force teams conduct military
Offensive Cyberspace Operations, intended to project
cyber operations in support of combatant commands.
power by the application of force in and through
cyberspace. These operations are authorized like
Cyber Protection Force teams defend the DOD
operations in the physical domains.
information networks, protect priority missions, and
prepare cyber forces for combat.
Defensive Cyberspace Operations, to defend DOD or
other friendly cyberspace. These are both passive and
Cyber Support Teams provide analytic and planning
active defense operations and are conducted inside and
support to National Mission and Combat Mission teams.
outside of DODIN.
Cyber Mission Force teams reached full operational
DODIN Operations, to design, build, configure, secure, capacity at over 6,200 individuals in May 2018.
operate, maintain, and sustain DOD communications
Organizationally, the Cyber Mission Force is an entity of
systems and networks across the entire DODIN.
the United States Cyber Command.
Cyber Strategy
United States Cyber Command
In September 2018, the White House released a national
In response to the growing cyber threat, in 2009 the
cyber strategy consisting of four pillars: (1) protecting the
Secretary of Defense directed the establishment of a new
American people, homeland, and way of life by
military command devoted to cyber activities.
safeguarding networks systems, functions and data; (2)
USCYBERCOM’s stated mission is to “direct the
promoting prosperity by nurturing a secure, thriving digital
operations and defense of specified Department of Defense
economy and fostering strong domestic innovation; (3)
information networks and; prepare to, and when directed,
preserving peace and security by strengthening the ability
conduct full spectrum military cyberspace operations in
of the United States, its partners, and allies to deter and
order to enable actions in all domains, ensure US/Allied
punish those who use cyber maliciously; and (4) advancing
freedom of action in cyberspace and deny the same to our
influence to extend the key tenets of an open, interoperable,
adversaries.” Elevated to a unified combatant command in
reliable, and secure internet.
May 2018, USCYBERCOM is commanded by a four-star
general, who is also the director of the National Security
Following these pillars, DOD released its own cyber
Agency and chief of the Central Security Service. The
strategy outlining five lines of effort: (1) build a more lethal
commander manages day-to-day global cyberspace
https://crsreports.congress.gov
Defense Primer: Cyberspace Operations
operations and leads defense and protection of DODIN.
Under Title 50, a “covert action” is subject to a presidential
Each of the military services provides support to
finding and Intelligence Committee notification
USCYBERCOM.
requirements. 50 U.S.C. 3093 allows the President to
authorize the conduct of a covert action if he determines
Military Service Components
such an action is necessary to support identifiable foreign
policy objectives of the United States and is important to
Army Cyber Command: 2nd Army (ARCY)
the U.S. national security, which determination shall be set
Air Forces Cyber Command: 24th Air Force (AFCY)
forth in a finding that shall be in writing, unless immediate
Navy Fleet Cyber Command: 10th Fleet (FLTCY)
action is required. The question of whether Title 10 or Title
50 applies to offensive cyberspace operations has been of
Marine Corps Forces Cyberspace Command: MAR4CY
particular interest to Congress with respect to its oversight
duties.
Other Defense Components
The Obama Administration’s classified Presidential Policy
Other entities within the DOD are tasked with a supporting
Directive 20 governed U.S. cyber operations policy, but it
or collaborative role in cyberspace operations.
did not grant new authorities. According to the former
officials, the document required interagency approval for
National Security Agency
significant cyber operations. In September 2018, the White
The National Security Agency (NSA) works closely with
House acknowledged replacing it with new guidance,
USCYBERCOM. NSA’s two primary missions are
National Security Presidential Memorandum 13, which is
information assurance for national security systems and
said to offer more authority to the commander of
signals intelligence. USCYBERCOM is co-located with the
USCYBERCOM.
NSA at Fort Meade, MD.
Law of Armed Conflict in Cyberspace
Defense Information Systems Agency
The law of war regulates the conduct of armed hostilities. It
The mission of the Defense Information Systems Agency
encompasses all international law binding on the United
(DISA) is to provide and ensure command and control and
States, including treaties and international agreements to
information-sharing capabilities and a globally accessible
which the United States is a party, and applicable
enterprise information infrastructure in direct support to
customary international law. DOD policy states that the
joint warfighters across the full spectrum of military
fundamental principles of the law of war will apply to
operations. The Director of DISA is responsible for the
cyberspace operations. These principles include military
remediation of critical DODIN infrastructure issues.
necessity, preventing or avoiding unnecessary suffering,
proportionality, and distinction (discrimination).
Federal Role
The Department of Homeland Security (DHS) is the lead
Relevant Statutes
federal department for critical infrastructure protection and
nonmilitary federal cybersecurity. DOD is responsible for
Title 10, U.S. Code, Armed Forces, Section 111: Man, train, and
supporting the DHS coordination of efforts to protect the
equip US forces for military operations in cyberspace.
Defense Industrial Base (DIB) and the DODIN portion of
Title 50, U.S. Code, War and National Defense, Section 3093:
the DIB. Together, the two are charged with defending the
Secure US interests by conducting military and foreign
U.S. homeland and U.S. national interests against
intelligence operations in cyberspace.
cyberattacks of significant consequence. Military cyber
assets may be deployed in the event of a major cyberattack
on U.S. critical infrastructure only when directed to do so.
CRS Products
Authorities
CRS Report R43955, Cyberwarfare and Cyberterrorism: In Brief,
by Catherine A. Theohary and John W. Rollins
Title 10 of the United States Code is the authority under
which the military organizes, trains, and equips its forces
for national defense. Section 954 of the National Defense
Authorization Act for Fiscal Year 2012 affirms that “the
Other Resources
Department of Defense has the capability, and upon
DOD. Joint Publication 3-12, Cyberspace Operations, February
direction by the President may conduct offensive
5, 2013.
operations in cyberspace to defend our Nation, Allies and
DOD. The Department of Defense Cyber Strategy, September
interests, subject to the policy principles and legal regimes
2018.
that the Department follows for kinetic capabilities,
including the law of armed conflict and the War Powers
Resolution.” Section 1642 of the FY 2019 NDAA provides
authority for DOD “to take appropriate and proportional
action in foreign cyberspace to disrupt, defeat, and deter” in
Catherine A. Theohary, Specialist in National Security
response to “an active, systematic, and ongoing campaign
Policy and Information Operations
of attacks against the Government or people of the United
IF10537
States in cyberspace, including attempting to influence
American elections and democratic political processes.”
https://crsreports.congress.gov
Defense Primer: Cyberspace Operations
Disclaimer
This document was prepared by the Congressional Research Service (CRS). CRS serves as nonpartisan shared staff to
congressional committees and Members of Congress. It operates solely at the behest of and under the direction of Congress.
Information in a CRS Report should not be relied upon for purposes other than public understanding of information that has
been provided by CRS to Members of Congress in connection with CRS’s institutional role. CRS Reports, as a work of the
United States Government, are not subject to copyright protection in the United States. Any CRS Report may be
reproduced and distributed in its entirety without permission from CRS. However, as a CRS Report may include
copyrighted images or material from a third party, you may need to obtain the permission of the copyright holder if you
wish to copy or otherwise use copyrighted material.
https://crsreports.congress.gov | IF10537 · VERSION 3 · UPDATED