Professional Documents
Culture Documents
For, in war, it is by compelling mistakes that the scales are most often turned.
—B.H. Liddell-Hart
Strategy: The Indirect Approach (1941)
102 Features / Cyber Power in 21st-Century Joint Warfare JFQ 74, 3rd Quarter 2014
pendent and interconnected networks and helped guarantee that it would fail.”2 (that is, information mobility), and at-
of electronics and the electromagnetic As a result, the requirement emerged to tack—in addition to orientation (that is,
spectrum where information is created, gain and maintain air superiority, thereby information/computer processing) and
stored, modified, exchanged, and securing the information advantage flow- command and control—without prohibi-
exploited.1 The 2008 Russia-Georgia ing from aerial observation. Despite its tive interference by the enemy. Cyber
war marks the only public incidence of value to effective land operations, aerial interdiction interrupts, destroys, or oth-
cyber power integrated with traditional reconnaissance could not directly degrade erwise neutralizes electronic information
kinetic military operations. To date, or defeat enemy operations. lines of communication and electronic
however, little attention has been paid In the same manner, cyber power’s information systems of supply (that is,
regarding how to integrate cyber power military development can trace its cyberspace) used by enemy land, sea, air,
into conventional military operations. roots to reconnaissance. As the recent and space forces for a sufficient length of
Rather, research has tended to focus on Mandiant report about Chinese cyber es- time that they will immediately or in due
the independent use of cyber power for pionage highlights, much of the impetus course prove fatal to his continuance of
espionage and as a means of strategic to develop cyber power arises from the effective operations. Unlike today, World
attack to punish and/or compel a state advantage that accrues to the side that War II bombers lacked the precision
to do one’s will. can conduct more effective cyber recon- attack capability to substitute for the le-
This article addresses this research gap naissance operations.3 In turn, effective thality of land forces to destroy an enemy
by focusing on how cyber power can best cyber reconnaissance and the information army. Hence airpower’s primary offensive
be integrated into joint warfare to fight advantage that comes with it depend contribution was air interdiction. Like
and win the Nation’s wars. Using the on possessing at least a degree of cyber air interdiction in Slessor’s time, cyber
Russia-Georgia war as an illustrative case, superiority. Like airpower, cyber recon- interdiction is the principal contribution
this article argues that the principal value naissance and cyber superiority can make of cyber attack operations in joint warfare
of integrating cyber power into a joint friendly operations more effective, but today.
military campaign is that it compels the they cannot directly degrade or defeat In the air and cyberspace domains,
enemy to make mistakes by performing enemy operations. offensive operations to destroy or neu-
three main warfighting tasks: reconnais- In 1936, 18 years after World War I tralize the adversary’s air and cyber forces
sance, superiority, and interdiction. It ended, Sir John Slessor of the Royal Air are the primary means of establishing
begins with a description of how cyber Force described how airpower could be superiority within each domain. Cyber
power’s main warfighting tasks support integrated with land operations to di- reconnaissance, however, plays a much
kinetic operations by degrading/disrupt- rectly and substantially degrade or defeat greater role in gaining cyber superiority
ing the enemy decision cycle. The cyber an adversary’s warfighting capability in than aerial reconnaissance plays in estab-
aspects of the Russia-Georgia war are airpower and armies. Using evidence lishing air superiority. At the tactical level
then analyzed to show how pro-Russian from British military operations in the in cyberspace, the speeds of action and of
forces employed cyber power to degrade Middle East, Slessor deduced that in ad- observation both approach the speed of
the Georgian decision cycle in support of dition to aerial reconnaissance, airpower’s light. In other words, cyber defenders do
kinetic military operations. Finally, impli- main warfighting tasks in a joint air-land not have the benefit of the warning time
cations for present and future integration campaign were to gain and maintain air that observation at the speed of light via
of cyber power into joint warfare are superiority and to interdict enemy land radar gives air defenders. Consequently,
discussed. lines of communication and supply. Air tactical defenses are unlikely to have suf-
superiority continues to provide friendly ficient warning to react against a cyber
Reconnaissance, Superiority, forces with the ability to exploit airpower attack and prevent significant negative
and Interdiction for reconnaissance, mobility, and attack effects. Tactical defense in cyberspace
Cyber power has evolved similarly to without prohibitive enemy interference.4 is more akin to battle damage repair,
early airpower and will likely make Air interdiction destroys or interrupts recovery, and reconstitution than to any
contributions to joint warfare now and those elements of an enemy’s system of analogous effort to parry a physical blow.
into the foreseeable future, namely to supply or communication for a sufficient Effectively defeating cyber attacks thus
conduct cyber reconnaissance, gain and time that the degradation will immedi- largely depends on fielding a set of defen-
maintain cyber superiority, and conduct ately or in due course prove fatal to his sive measures that one knows in advance
cyber interdiction. continuance of effective operations.5 an adversary cannot overcome. That is,
In World War I, the advantages of aer- Cyber superiority and cyber interdic- the most effective way to achieve cyber
ial reconnaissance gave birth to the battle tion can also be described in terms akin superiority is to field cyber defense and
for air superiority. Aerial reconnaissance to air superiority and air interdiction. cyber attack capabilities that render po-
“warned of any movement or change in Cyber superiority provides friendly forces tential corresponding enemy cyber attacks
the enemy camp, and with few excep- with the ability to exploit cyber power and defenses impotent a priori. The criti-
tions it foretold the enemy’s offensive for reconnaissance, communication cal requirement for neutering potential
enemy cyber attacks and defenses without can develop and field cyber defenses that transportation network is to deliver ac-
known precedents, and thus the key to negate adversary cyber attacks prior to curate, relevant, and timely supplies (that
cyber superiority, is technical intelligence their use as well as develop cyber attack is, the right stuff to the right place at the
about enemy cyber attack and defense capabilities impervious to enemy cyber right time)—or information in the case
capabilities, as well as tactics, techniques, defenses. Possessing cyber attack capa- of cyberspace.6 Regardless of whether an
and procedures. Although all-source bilities that are relatively impervious to interdiction campaign chooses to target
intelligence contributes to developing anticipated defenses is a critical require- a network’s capability to deliver supplies
this foreknowledge, the principal way ment for cyber interdiction. The kinetic with accuracy, relevancy, or timeliness, the
of gathering the requisite intelligence is corollary to this set of cyber reconnais- objective is the same: to introduce friction
cyber reconnaissance. Unlike orders of sance activities might be more commonly and uncertainty into the decision cycle so
battle, cyber capabilities only exist in cy- described as intelligence preparation of it becomes increasingly difficult for the
berspace and cannot be observed except the battlespace. Therefore, it is during the enemy to conduct effective operations in
from within cyberspace. Thus, those who intelligence preparation of cyberspace, comparison to friendly forces. Interdiction
win the cyber reconnaissance competition which should be constantly ongoing dur- is not about the impact of any one attack
in peacetime will likely win the battle for ing peacetime, when cyber superiority is on an enemy network, but rather the cu-
cyber superiority in wartime. won or lost. mulative effects of a stoppage.7
To gain and maintain cyber superi- Cyber interdiction is made possible A successful interdiction campaign
ority, peacetime cyber reconnaissance by, and complements, cyber superior- accounts for a network’s capacity—how
operations should prioritize intelligence ity. Interdiction in general is a network much (flow volume) and how fast (flow
about enemy cyber reconnaissance and warfare concept applicable to any domain. rate) supplies can travel through the
attack capabilities (for example, enemy An electronic information network is network to meet user demand. In air in-
malicious code development), followed simply a transportation network, but terdiction campaigns, air attacks and land
by enemy cyber defense capabilities. With rather than physical supplies, information operations complement each other to
intelligence about these activities, one is the commodity. The objective of any overwhelm the enemy’s supply network.
104 Features / Cyber Power in 21st-Century Joint Warfare JFQ 74, 3rd Quarter 2014
Air attacks destroy, disrupt, or degrade the decision advantage created by cyber Cyber Power in the 2008
nodes and links in the enemy’s land trans- reconnaissance over cyber interdiction. Russia-Georgia War
portation/supply network (for example, For example, the United States in World The 2008 Russia-Georgia war helped
rail and roads), reducing its capacity. War II, in what it anticipated to be a long focus attention on cyber power and
Simultaneously, land combat operations conflict, protected the information ad- its utility in war in a way that previous
create demand for a high volume of sup- vantage it gained from breaking German cyber power uses had not. That con-
plies to flow through the network at a and Japanese encryption rather than flict’s high profile caused it to become
high rate. Land combat operations place taking actions that might compromise the subject of much study, so it is a rich
timeliness requirements on an enemy’s this invaluable intelligence source. This source of information for analyzing the
supply network that air interdiction critical intelligence advantage allowed dynamics of cyber power in a joint mili-
prevents the network from meeting. For U.S. forces to decimate Japanese convoys tary campaign.
example, when combat was at a fever as well as choose the time and place of Following Georgian independence
pitch in the phase of the Korean War battle in a war that lasted more than 3 in 1991, secessionists seeking to remain
spanning the Inchon Landing to China’s years.8 Commanders going forward must part of Russia seized control of the ma-
entry, both sides consumed supplies weigh the costs and benefits of sacrificing jority of Abkhazia and portions of South
voraciously, demanding a high volume intelligence gained from cyber recon- Ossetia before cease-fire agreements were
and a high rate flow from their respective naissance over the long term against the reached in 1992 and 1994.9 These con-
networks. However, the North Korean effects created by cyber interdiction in flicts remained unresolved and formed
army had to rely on a low capacity rail the near term. the roots for the 5-day war between
and road network to meet its tremendous Cyber interdiction compels an enemy Russia and Georgia in 2008.10
needs. American air interdiction ensured to make a mistake. Like the complemen- On the surface, cyber power would
that North Korean forces could never tary relationship between air interdiction not appear to be particularly useful in a
accumulate enough supplies or resources and land operations, high intensity kinetic war with Georgia. Only 7 percent of the
in sufficient time to mount a successful operations create information demands citizens used the Internet daily,11 which
counterattack, and U.S. forces rapidly that can overwhelm an information might cause one to overlook Georgia’s
moved north to the Yalu River. At pre- network whose useful capacity has been critical cyber vulnerability—more than
cisely the time when the enemy needs the reduced by cyber interdiction. To limit half of 13 connections to the outside
most from its supply network, interdiction the effects of cyber interdiction, an op- world via the Internet passed through
makes it capable of providing the least. ponent could concentrate his information Russia, and most of the Internet traf-
A cyber interdiction campaign— supplies, which would place them at fic to Web sites within Georgia was
where cyber interdiction is the greater risk for destruction from cyber or routed through Turkish or Azerbaijani
destruction, disruption, or degradation kinetic attack. Additionally, cyber attacks Internet service providers, many of which
of nodes, links, and data in an enemy that alter, reroute, or delay data present a were in turn routed through Russia.12
information network to interrupt it and choice to an opponent. If a cyber attack Georgia’s Internet infrastructure suffered
reduce its capacity—functions similarly alters or reroutes an enemy’s data, he can from a dearth of internal connections
to an air interdiction campaign, with one act on the information he has, increas- known as Internet exchange points.13
critical exception. Unlike air interdiction, ing the likelihood that he will make a Consequently, a Georgian user’s request
cyber interdiction can make portions of mistake, or submit additional requests in for a Georgian Web site would likely be
cyberspace inaccessible for other opera- an attempt to acquire the missing data, routed through Russia, analogous to
tions such as reconnaissance. Air attacks thus reducing his network’s useful capac- having to travel through Mexico to get
do not prevent the use of the air domain ity and hindering timely information from Los Angeles to San Francisco.14
for mobility and reconnaissance. Because development. If he chooses the latter, As a result, pro-Russian forces could
cyberspace is composed of information he will compound the effects of cyber employ cyber power to affect a large
networks, cyber interdiction, which by attacks that add extraneous data into percentage of Georgia’s access to, and
definition will disrupt enemy informa- the network, further impeding timely use of, the portion of cyberspace known
tion networks, will probably hinder the information development and poten- as the Internet. Lacking control of the
ability of cyber reconnaissance to gather tially depriving him of new information infrastructure required for external or in-
intelligence data from targeted networks. altogether. Cyber interdiction thus com- ternal Internet use, Georgia could neither
As a result, tension exists between cyber promises an enemy’s decision cycle by disperse network traffic nor cut Internet
interdiction and cyber reconnaissance. placing him on the horns of a dilemma. connectivity from abroad as defensive
If one anticipates a long conflict, or Should he yield superiority in decision measures without ceding the cyber
if use of a specific cyber attack in one speed or yield superiority in decision advantages of Internet access if the state
conflict would significantly decrease quality? Either way the cumulative effect came under cyber attack.15
one’s cyber advantage in more vital po- of yielding decision superiority over time The Russia-Georgia war officially
tential contingencies, one should favor will inevitably lead to mistakes. started on August 7, 2008, after
106 Features / Cyber Power in 21st-Century Joint Warfare JFQ 74, 3rd Quarter 2014
Marine F/A-18 Hornets escort F-35 Lightning II to Eglin Air Force Base, Florida (U.S. Air Force/Joely Santiago)
forms—such as cell and land phones—ap- Furthermore, cyber interdiction In that war, cyber attacks for cyber
pear to have created a bottleneck. likely multiplied the effectiveness of superiority and cyber interdiction were
Georgians were trying to transmit cyber attacks conducted to achieve cyber mutually reinforcing. The result was
more data at a higher rate than the use- superiority by interfering with CERT a situation where Georgian commu-
ful capacity of their information network Georgia’s ability to gain situational nications—its system of information
could accommodate because a large pro- awareness and orient itself to more supply—were gummed up, preventing
portion was being consumed by cyber effectively respond. Slessor describes timely delivery of data and commands
attacks injecting extraneous data into the the problem of air superiority as “how to Georgian forces. The Georgians had
network. The cyber attacks effectively to deprive the enemy the ability to to choose whether to yield superiority in
jammed Georgia’s overall information interfere effectively by the use of his decision speed or decision quality. The ef-
network during the early stages of the own air forces.”33 Because all Georgian fect with either option was an unqualified
war when rapid and organized action by information communications were es- Russian military advantage that Georgia
Georgian defenses, cyber and kinetic, sentially jammed by the cyber interdiction could not overcome.
could have had the greatest impact.32 attacks, CERT Georgia would have
Cyber interdiction created a Russian had an extremely difficult time simply Implications
military advantage at the operational and gathering enough data to understand the As in the early days of airpower, cyber
tactical levels by hindering the Georgian cyber attacks’ effects, much less mitigate power today is critical to victory, but it
military’s ability to organize and conduct them. By jamming all Georgian com- probably cannot win wars alone if for no
effective operations to thwart kinetic munications, cyber interdiction not only other reason than its inability to create
Russian military operations. Cyber in- interrupted Georgia’s traditional military much violence, although this shortcom-
terdiction created conditions such that response but also likely stifled Georgia’s ing will likely fade in the future. Conse-
Georgian forces could not help but to cyber defenses, prolonging pro-Russian quently, it is imperative to understand
act mistakenly. cyber superiority. how best to employ cyber power in
108 Features / Cyber Power in 21st-Century Joint Warfare JFQ 74, 3rd Quarter 2014
support of air forces can dramatically ease D. Kramer, Stuart H. Starr, and Larry Wentz 23
Georgian Research and Educational Net-
(Washington, DC: NDU Press/Potomac working Association, available at <www.grena.
the dangerous task given to air forces—to Books, Inc., 2009); Joint Publication (JP) ge/eng/cert.html>; Tikk et al., 14–15.
penetrate the teeth of an enemy’s de- 1-02, DOD Dictionary of Military and As- 24
Greg Keizer, “Russian Hacker ‘Militia’
fenses at the outset when the defenses sociated Terms (Washington, DC: The Joint Mobilizes to Attack Georgia,” NetworkWorld.
are most lethal. The price of air warfare Staff, November 8, 2010, as amended through com, August 13, 2008, available at <www.
without a cyber advantage is steep. The October 15, 2011), 92. networkworld.com/news/2008/081208-
2
Lee Kennett, The First Air War: 1914– russian-hacker-militia-mobilizes-to.html>; Tikk
last time U.S. airpower fought through
1918 (New York: The Free Press, 1991), 220. et al., 12.
an enemy air defense without the benefit 3
Mandiant, APT 1: Exposing One of China’s 25
Bumgarner and Borg, 7.
of cyber superiority in World War II, Cyber Espionage Units, available at <http://in- 26
Stephen W. Korns and Joshua E. Kasten-
American aircrews had a lower probability telreport.mandiant.com/Mandiant_APT1_Re- berg, “Georgia’s Cyber Left Hook,” Param-
of survival than Marines fighting in the port.pdf>. eters 38, no. 4 (2008), 66–67.
4
JP 1-02, 16. 27
Bumgarner and Borg, 7.
Pacific.35 In addition, air operations can 5
John C. Slessor, Air Power and Armies 28
Ibid., 7.
unfold much more rapidly than land or (Tuscaloosa: The University of Alabama Press, 29
Ibid., 4.
sea operations. Surface forces move at 2009), 16–17. 30
John Oltsik, “Russian Cyber Attack on
tens of miles per hour compared to air 6
David S. Alberts, John J. Garstka, and Georgia: Lessons Learned?” NetworkWorld.
forces, which move at hundreds of miles Frederick P. Stein, Network Centric Warfare: com, August 9, 2009, available at <www.net-
Developing and Leveraging Information Supe- workworld.com/community/node/44448>;
per hour. Land and sea forces—much
riority, 2nd ed., rev. (Washington, DC: DOD Bumgarner and Borg, 2.
like the foot soldiers of World War I who C4ISR Cooperative Research Program, 1999), 31
Joseph Menn, “Expert: Cyber-attacks on
were too slow to convert a breakthrough 32. Georgia Web sites Tied to Mob, Russian Gov-
into a breakout—will in all likelihood 7
Slessor, 122–123. ernment,” Los Angeles Times, August 13, 2008,
be too slow to exploit the fleeting ad-
8
Thomas E. Griffith, Jr., MacArthur’s Air- available at <http://latimesblogs.latimes.com/
man: General George C. Kenney and the War in technology/2008/08/experts-debate.html>.
vantages created by cyber interdiction as
the Southwest Pacific (Lawrence: University of 32
Tikk et al., 6.
effectively as air forces. Kansas Press, 1998), 244–246. 33
Slessor, 31.
9
U.S. Department of State, “Background 34
Carl Shapiro and Hal R. Varian, Informa-
Conclusion Note: Georgia,” available at <www.state.gov/ tion Rules: A Strategic Guide to the Network
Cyber power is critically important in outofdate/bgn/georgia/index.htm>. Economy (Cambridge: Harvard Business School
10
Ibid. Press, 1999), 184.
joint warfare. Military cyberspace opera- 11
Eneken Tikk et al., Cyber Attacks Against 35
W. Murray and A.R. Millett, quoted in
tions should have as their priority the Georgia: Legal Lessons Identified (Tallin, Es- Paul Kennedy, Engineers of Victory: The Problem
attainment and maintenance of cyber tonia: Cooperative Cyber Defense Centre of Solvers Who Turned the Tide in the Second World
superiority and cyber interdiction in Excellence, 2008), 5; Kertu Ruus, “Cyber War War (New York: Random House, 2013), 142.
support of kinetic operations with a I: Estonia Attacked from Russia,” European
Affairs 9, no. 1–2 (Winter/Spring 2008), avail-
focus on supporting the air campaign.
able at <www.europeaninstitute.org/Winter/
Additionally, operations to gain and Spring-2008/cyber-war-i-estonia-attacked-
maintain cyber superiority should from-russia.html>.
concentrate on neutralizing enemy 12
Tikk et al., 6.
cyber attack and cyber reconnaissance
13
Ben Arnoldy, “Cyberspace: New Frontier
in Conflicts,” The Christian Science Monitor,
capabilities, followed by suppressing
August 13, 2008, available at <www.csmonitor.
enemy cyber defenses. Cyber interdic- com/USA/Military/2008/0813/p01s05-
tion attack operations should focus on usmi.htm>.
the cyber equivalent of rail marshaling 14
Ibid.
yards—data fusion centers—and tacti-
15
Tikk et al., 6.
16
David Hollis, “Cyberwar Case Study:
cal data links. Together, cyberspace
Georgia 2008,” Small Wars Journal, January
superiority and cyber interdiction yield 6, 2011, 1, available at <www.smallwarsjournal.
a powerful decisionmaking advantage in com/blog/journal/docs-temp/639-hollis.
joint warfare, the cumulative effect of pdf>.
which is to compel an enemy to make
17
Ibid.
18
John Bumgarner and Scott Borg,
mistakes that will likely prove fatal in
“Overview by the US-CCU of the Cyber
due course. JFQ Campaign Against Georgia in August of 2008,”
in Cyberwar Resources Guide, Item #138, 2–3,
available at <www.registan.net/wp-content/
Notes uploads/2009/08/US-CCU-Georgia-Cyber-
Campaign-Overview.pdf>.
1
Daniel T. Kuehl, “From Cyberspace
19
Ibid.
to Cyber Power: Defining the Problem,” in
20
Ibid., 4–5.
Cyberpower and National Security, ed. Franklin
21
Ibid., 5.
22
Ibid.