Updated January 14, 2020
Defense Primer: Cyberspace Operations
Overview
force; (2) compete and deter in cyberspace; (3) strengthen
The Department of Defense (DOD) defines cyberspace as a
alliances and attract new partnerships; (4) reform the
global domain within the information environment
department; and (5) cultivate talent.
consisting of the interdependent network of information
technology infrastructures and resident data, including the
Three operational concepts identified in the DOD Cyber
Internet, telecommunications networks, computer systems,
Strategy are to conduct cyberspace operations to collect
and embedded processors and controllers. The DOD
intelligence and prepare military cyber capabilities to be
Information Network (DODIN) is a global infrastructure
used in the event of crisis or conflict, and to defend forward
carrying DOD, national security, and related intelligence
to disrupt or halt malicious cyber activity at its source,
community information and intelligence.
including activity that falls below the level of armed
conflict. Defending forward may involve a more aggressive
Cyberspace operations are composed of the military,
active defense, meaning activities designed to disrupt an
intelligence, and ordinary business operations of the DOD
adversary’s network when hostile activity is suspected.
in and through cyberspace. Military cyberspace operations
use cyberspace capabilities to create effects that support
Cyber Mission Force
operations across the physical domains and cyberspace.
DOD began to build a National Cyber Mission Force
Cyberspace operations differ from information operations
(NCMF) in 2012 to carry out DOD’s cyber missions. The
(IO), which are specifically concerned with the use of
NCMF consists of 133 teams that are organized to meet
information-related capabilities during military operations
DOD’s three cyber missions. Specifically, National Cyber
to affect the decision making of adversaries while
Mission Force teams support these mission sets though their
protecting our own. IO may use cyberspace as a medium,
respective assignments:
but it may also employ capabilities from the physical
domains.
ï‚· Cyber National Mission Teams defend the nation by
seeing adversary activity, blocking attacks, and
Cyberspace operations are categorized into the following:
maneuvering in cyberspace to defeat them.
ï‚· Offensive Cyberspace Operations, intended to project
ï‚· Cyber Combat Mission Teams conduct military cyber
power by the application of force in and through
operations in support of combatant commands.
cyberspace. These operations are authorized like
operations in the physical domains.
ï‚· Cyber Protection Teams defend the DOD information
networks, protect priority missions, and prepare cyber
ï‚· Defensive Cyberspace Operations, to defend DOD or
forces for combat.
other friendly cyberspace. These are both passive and
active defense operations and are conducted inside and
ï‚· Cyber Support Teams provide analytic and planning
outside of DODIN.
support to National Mission and Combat Mission teams.
ï‚· DODIN Operations, to design, build, configure, secure, NCMF teams reached full operational capacity at over
operate, maintain, and sustain DOD communications
6,200 individuals in May 2018. Organizationally, the
systems and networks across the entire DODIN.
National Cyber Mission Force is an entity of the United
States Cyber Command.
Cyber Strategy
In September 2018, the White House released a national
United States Cyber Command
cyber strategy consisting of four pillars: (1) protecting the
In response to the growing cyber threat, in 2009 the
American people, homeland, and way of life by
Secretary of Defense directed the establishment of a new
safeguarding networks systems, functions and data; (2)
military command devoted to cyber activities.
promoting prosperity by nurturing a secure, thriving digital
USCYBERCOM’s stated mission is to “direct the
economy and fostering strong domestic innovation; (3)
operations and defense of specified Department of Defense
preserving peace and security by strengthening the ability
information networks and; prepare to, and when directed,
of the United States, its partners, and allies to deter and
conduct full spectrum military cyberspace operations in
punish those who use cyber maliciously; and (4) advancing
order to enable actions in all domains, ensure US/Allied
influence to extend the key tenets of an open, interoperable,
freedom of action in cyberspace and deny the same to our
reliable, and secure internet.
adversaries.†Elevated to a unified combatant command in
May 2018, USCYBERCOM is commanded by a four-star
Following these pillars, DOD released its own cyber
general, who is also the director of the National Security
strategy outlining five lines of effort: (1) build a more lethal
Agency and chief of the Central Security Service. The
https://crsreports.congress.gov
Defense Primer: Cyberspace Operations
commander manages day-to-day global cyberspace
NDAA provides authority for DOD “to take appropriate
operations and leads defense and protection of DODIN.
and proportional action in foreign cyberspace to disrupt,
Each of the military services provides support to
defeat, and deter†in response to “an active, systematic, and
USCYBERCOM.
ongoing campaign of attacks against the Government or
people of the United States in cyberspace, including
Military Service Components
attempting to influence American elections and democratic
political processes.â€
Army Cyber Command: 2nd Army (ARCY)
Air Forces Cyber Command: 24th Air Force (AFCY)
Under Title 50, a “covert action†is subject to a presidential
Navy Fleet Cyber Command: 10th Fleet (FLTCY)
finding and Intelligence Committee notification
requirements. 50 U.S.C. 3093 allows the President to
Marine Corps Forces Cyberspace Command: MAR4CY
authorize the conduct of a covert action if he determines
such an action is necessary to support identifiable foreign
Some services are currently reorganizing their Cyber Commands
policy objectives of the United States and is important to
into Information Warfare Commands.
the U.S. national security, which determination shall be set
forth in a finding that shall be in writing, unless immediate
Other Defense Components
action is required. TMAs are excepted from this
Other entities within the DOD and the IC are tasked with a
requirement. The FY2018 NDAA required notification of
supporting or collaborative role in cyberspace operations.
the use of cyber weapons and quarterly cyber operations
briefings to the congressional Armed Services Committees.
National Security Agency
The National Security Agency (NSA) works closely with
The Obama Administration’s classified Presidential Policy
USCYBERCOM. NSA’s two primary missions are
Directive 20 governed U.S. cyber operations policy, but it
information assurance for national security systems and
did not grant new authorities. According to the former
signals intelligence. USCYBERCOM is co-located with the
officials, the document required interagency approval for
NSA at Fort Meade, MD.
significant cyber operations. In September 2018, the White
House acknowledged replacing it with new guidance,
Defense Information Systems Agency
National Security Presidential Memorandum 13, which is
The mission of the Defense Information Systems Agency
said to offer more authority to the commander of
(DISA) is to provide and ensure command and control and
USCYBERCOM.
information-sharing capabilities and a globally accessible
enterprise information infrastructure in direct support to
Law of Armed Conflict in Cyberspace
joint warfighters across the full spectrum of military
The law of war regulates the conduct of armed hostilities. It
operations. The Director of DISA is responsible for the
encompasses all international law binding on the United
remediation of critical DODIN infrastructure issues.
States, including treaties and international agreements to
which the United States is a party, and applicable
Federal Role
customary international law. DOD policy states that the
The Department of Homeland Security (DHS) is the lead
fundamental principles of the law of war will apply to
federal department for critical infrastructure protection and
cyberspace operations.
nonmilitary federal cybersecurity. DOD is responsible for
supporting the DHS coordination of efforts to protect the
Relevant Statutes
Defense Industrial Base (DIB) and the DODIN portion of
the DIB. Together, the two are charged with defending the
Title 50, U.S. Code, War and National Defense, Section 3093:
U.S. homeland and U.S. national interests against
Secure US interests by conducting military and foreign
cyberattacks of significant consequence. Military cyber
intelligence operations in cyberspace.
assets may be deployed in the event of a major cyberattack
on U.S. critical infrastructure only when directed to do so.
CRS Products
Authorities
CRS Report R43955, Cyberwarfare and Cyberterrorism: In Brief,
Section 954 of the National Defense Authorization Act
by Catherine A. Theohary and John W. Rol ins
(NDAA) for FY2012 affirms that “the Department of
Defense has the capability, and upon direction by the
President may conduct offensive operations in cyberspace
to defend our Nation, Allies and interests, subject to the
Other Resources
policy principles and legal regimes that the Department
DOD. Joint Publication 3-12, Cyberspace Operations, February
follows for kinetic capabilities, including the law of armed
5, 2013.
conflict and the War Powers Resolution.†Section 1632 of
DOD. The Department of Defense Cyber Strategy, September
the FY 2019 NDAA affirms that DOD may conduct
2018.
operations in cyberspace, including clandestine operations,
short of hostilities or in areas in which hostilities are not
occurring; it also states that a clandestine military activity
or operation in cyberspace shall be considered a traditional
Catherine A. Theohary, Specialist in National Security
military activity (TMA). Section 1642 of the FY 2019
Policy and Information Operations
https://crsreports.congress.gov
Defense Primer: Cyberspace Operations
IF10537
Disclaimer
This document was prepared by the Congressional Research Service (CRS). CRS serves as nonpartisan shared staff to
congressional committees and Members of Congress. It operates solely at the behest of and under the direction of Congress.
Information in a CRS Report should not be relied upon for purposes other than public understanding of information that has
been provided by CRS to Members of Congress in connection with CRS’s institutional role. CRS Reports, as a work of the
United States Government, are not subject to copyright protection in the United States. Any CRS Report may be
reproduced and distributed in its entirety without permission from CRS. However, as a CRS Report may include
copyrighted images or material from a third party, you may need to obtain the permission of the copyright holder if you
wish to copy or otherwise use copyrighted material.
https://crsreports.congress.gov | IF10537 · VERSION 4 · UPDATED