Updated December 15, 2020
Defense Primer: Cyberspace Operations
Overview
force; (2) compete and deter in cyberspace; (3) strengthen
The Department of Defense (DOD) defines cyberspace as a
alliances and attract new partnerships; (4) reform the
global domain within the information environment
department; and (5) cultivate talent.
consisting of the interdependent network of information
technology infrastructures and resident data, including the
Three operational concepts identified in the DOD Cyber
internet, telecommunications networks, computer systems,
Strategy are to conduct cyberspace operations to collect
and embedded processors and controllers. The DOD
intelligence and prepare military cyber capabilities to be
Information Network (DODIN) is a global infrastructure
used in the event of crisis or conflict, and to defend forward
carrying DOD, national security, and related intelligence
to disrupt or halt malicious cyber activity at its source,
community information and intelligence.
including activity that falls below the level of armed
conflict. Defending forward may involve a more aggressive
Cyberspace operations are composed of the military,
active defense, meaning activities designed to disrupt an
intelligence, and ordinary business operations of the DOD
adversary’s network when hostile activity is suspected.
in and through cyberspace. Military cyberspace operations
use cyberspace capabilities to create effects that support
Cyber Mission Force
operations across the physical domains and cyberspace.
DOD began to build a Cyber Mission Force (CMF) in 2012
Cyberspace operations differ from information operations
to carry out DOD’s cyber missions. The CMF consists of
(IO), which are specifically concerned with the use of
133 teams that are organized to meet DOD’s three cyber
information-related capabilities during military operations
missions. Specifically, Cyber Mission Force teams support
to affect the decision making of adversaries while
these mission sets though their respective assignments:
protecting our own. IO may use cyberspace as a medium,
but it may also employ capabilities from the physical
Cyber National Mission Teams defend the nation by
domains.
seeing adversary activity, blocking attacks, and
maneuvering in cyberspace to defeat them.
Cyberspace operations are categorized into the following:
Cyber Combat Mission Teams conduct military cyber
Offensive Cyberspace Operations, intended to project
operations in support of combatant commands.
power by the application of force in and through
cyberspace. These operations are authorized like
Cyber Protection Teams defend the DOD information
operations in the physical domains.
networks, protect priority missions, and prepare cyber
forces for combat.
Defensive Cyberspace Operations, to defend DOD or
other friendly cyberspace. These are both passive and
Cyber Support Teams provide analytic and planning
active defense operations and are conducted inside and
support to National Mission and Combat Mission teams.
outside of DODIN.
CMF teams reached full operational capacity at over 6,200
DODIN Operations, to design, build, configure, secure, individuals in May 2018. Organizationally, the Cyber
operate, maintain, and sustain DOD communications
Mission Force is an entity of the United States Cyber
systems and networks across the entire DODIN.
Command.
Cyber Strategy
United States Cyber Command
In September 2018, the White House released a national
In response to the growing cyber threat, in 2009 the
cyber strategy consisting of four pillars: (1) protecting the
Secretary of Defense directed the establishment of a new
American people, homeland, and way of life by
military command devoted to cyber activities.
safeguarding networks systems, functions and data; (2)
USCYBERCOM’s stated mission is to “to direct,
promoting prosperity by nurturing a secure, thriving digital
synchronize, and coordinate cyberspace planning and
economy and fostering strong domestic innovation; (3)
operations to defend and advance national interests in
preserving peace and security by strengthening the ability
collaboration with domestic and international partners.”
of the United States, its partners, and allies to deter and
Elevated to a unified combatant command in May 2018,
punish those who use cyber maliciously; and (4) advancing
USCYBERCOM is commanded by a four-star general, who
influence to extend the key tenets of an open, interoperable,
is also the director of the National Security Agency and
reliable, and secure internet.
chief of the Central Security Service. The commander
manages day-to-day global cyberspace operations and leads
Following these pillars, DOD released its own cyber
defense and protection of DODIN. Each of the military
strategy outlining five lines of effort: (1) build a more lethal
services provides support to USCYBERCOM.
https://crsreports.congress.gov
Defense Primer: Cyberspace Operations
Military Service Components
ongoing campaign of attacks against the Government or
people of the United States in cyberspace, including
Army Cyber Command: 2nd Army (ARCYBER)
attempting to influence American elections and democratic
Air Forces Cyber Command: 24th Air Force
political processes.”
(AFCYBER)
Under Title 50, a “covert action” is subject to a presidential
Navy Fleet Cyber Command: 10th Fleet
(FLTCYBER)
finding and Intelligence Committee notification
requirements. 50 U.S.C. 3093 allows the President to
Marine Corps Forces Cyberspace Command:
authorize the conduct of a covert action if he determines
MARFORCYBER)
such an action is necessary to support identifiable foreign
policy objectives of the United States and is important to
Some services are currently reorganizing their Cyber
the U.S. national security, which determination shall be set
Commands into Information Warfare Commands.
forth in a finding that shall be in writing, unless immediate
Other Defense Components
action is required. TMAs are excepted from this
requirement. The FY2018 NDAA required notification of
Other entities within the DOD and the IC are tasked with a
the use of cyber weapons and quarterly cyber operations
supporting or collaborative role in cyberspace operations.
briefings to the congressional Armed Services Committees.
National Security Agency
The Obama Administration’s classified Presidential Policy
The National Security Agency (NSA) works closely with
USCYBERCOM. NSA’s
Directive 20 governed U.S. cyber operations policy, but it
two primary missions are
did not grant new authorities. According to the former
information assurance for national security systems and
officials, the document required interagency approval for
signals intelligence. USCYBERCOM is co-located with the
significant cyber operations. In September 2018, the White
NSA at Fort Meade, MD.
House acknowledged replacing it with new guidance,
Defense Information Systems Agency
National Security Presidential Memorandum 13, which is
said to offer more authority to the commander of
The mission of the Defense Information Systems Agency
USCYBERCOM.
(DISA) is to provide and ensure command and control and
information-sharing capabilities and a globally accessible
Law of Armed Conflict in Cyberspace
enterprise information infrastructure in direct support to
The law of war regulates the conduct of armed hostilities. It
joint warfighters across the full spectrum of military
encompasses all international law binding on the United
operations. The Director of DISA is responsible for the
States, including treaties and international agreements to
remediation of critical DODIN infrastructure issues.
which the United States is a party, and applicable
Federal Role
customary international law. DOD policy states that the
fundamental principles of the law of war will apply to
The Department of Homeland Security (DHS) is the lead
cyberspace operations.
federal department for critical infrastructure protection and
nonmilitary federal cybersecurity. DOD is responsible for
supporting the DHS coordination of efforts to protect the
Relevant Statutes
Defense Industrial Base (DIB) and the DODIN portion of
Title 50, U.S. Code, War and National Defense, Section 3093:
the DIB. Together, the two are charged with defending the
Secure US interests by conducting military and foreign
U.S. homeland and U.S. national interests against
intelligence operations in cyberspace.
cyberattacks of significant consequence. Military cyber
assets may be deployed in the event of a major cyberattack
on U.S. critical infrastructure only when directed to do so.
CRS Products
Authorities
CRS Report R43955, Cyberwarfare and Cyberterrorism: In Brief,
Section 954 of the National Defense Authorization Act
by Catherine A. Theohary and John W. Rol ins.
(NDAA) for FY2012 affirms that “the Department of
Defense has the capability, and upon direction by the
President may conduct offensive operations in cyberspace
Other Resources
to defend our Nation, Allies and interests, subject to the
DOD. Joint Publication 3-12, Cyberspace Operations, February
policy principles and legal regimes that the Department
5, 2013.
follows for kinetic capabilities, including the law of armed
conflict and the War Powers Resolution.” Section 1632 of
DOD. The Department of Defense Cyber Strategy, September
the FY 2019 NDAA affirms that DOD may conduct
2018.
operations in cyberspace, including clandestine operations,
short of hostilities or in areas in which hostilities are not
occurring; it also states that a clandestine military activity
or operation in cyberspace shall be considered a traditional
Catherine A. Theohary, Specialist in National Security
military activity (TMA). Section 1642 of the FY 2019
Policy and Information Operations
NDAA provides authority for DOD “to take appropriate
and proportional action in foreign cyberspace to disrupt,
IF10537
defeat, and deter” in response to “an active, systematic, and
https://crsreports.congress.gov
Defense Primer: Cyberspace Operations
Disclaimer
This document was prepared by the Congressional Research Service (CRS). CRS serves as nonpartisan shared staff to
congressional committees and Members of Congress. It operates solely at the behest of and under the direction of Congress.
Information in a CRS Report should not be relied upon for purposes other than public understanding of information that has
been provided by CRS to Members of Congress in connection with CRS’s institutional role. CRS Reports, as a work of the
United States Government, are not subject to copyright protection in the United States. Any CRS Report may be
reproduced and distributed in its entirety without permission from CRS. However, as a CRS Report may include
copyrighted images or material from a third party, you may need to obtain the permission of the copyright holder if you
wish to copy or otherwise use copyrighted material.
https://crsreports.congress.gov | IF10537 · VERSION 6 · UPDATED