Air Force Cyberspace Reports: Principles of War, Act and Actor Attribution, Legal Framework, Influence Operations and the Internet, Command and Control Model, Sea Power and Fleet Resources

Professionally converted for accurate flowing-text e-book format reproduction, this unique book reproduces five important military reports and studies dealing with cyberspace attacks and computer network security:

Act and Actor Attribution in Cyberspace: A Proposed Analytic Framework * Principles of War for Cyberspace * Influence Operations and the Internet: A 21st Century Issue * A Cyberspace Command and Control Model * Operating at the Convergence of Sea Power and Cyber Power: Bringing the Fleet Resources to the Joint Force Commander

Cyber attribution continues to vex cyber operators. Often, it is dismissed as impossible to definitively obtain, or worse, unnecessary. Properly analyzed, cyber attribution consists of two components. Actor attribution is concerned with determining who or what entity committed an act of cyber hostility. Act attribution consists of determining the relative severity of a hostile cyber act and whether the act is the equivalent of an armed attack. Attribution is critically important to government actors because it shapes both the proper response to a hostile cyber act and helps determine the appropriate responding agency. However, despite its highly technical context, cyber attribution is not a science. Instead, it is a subjective analysis similar to the attribution conducted every day by legal practitioners in criminal and civil courts. This paper proposes a subjective, continuum-based analytic framework for assessing cyber actor and act attribution. Proper application of such a framework helps cyber practitioners assess the proper response and responder for hostile cyber acts, helps define the roles and responsibilities of responding agencies, enhances deterrence, and promotes analytic consistency in an area dominated by ambiguity.

As the United States Air Force develops doctrine, education, and organization for cyberspace, we need to consider the traditional principles of war and how/if they apply to cyberspace, and under what situations, so we can develop a conceptual foundation for effective cyberspace warfighting doctrine. Most importantly, we should understand the cyberspace domain requires a new and different way of thinking to develop the most useful doctrine, education, and organizational structures. We must avoid falling into the trap of merely rewording existing air and space doctrine by simply replacing "air" or "space" with "cyber." There are generally two predominant traditions for principles of war—the western view of Clausewitz and the eastern view of Sun Tzu. Clausewitz's western Newtonian world conceptualizes war using mass, objective, and maneuver among other principles in a state-on-state kinetic war for a political objective. However, Sun Tzu's eastern world conceptualizes war focusing on the criticality of intelligence, deception to defeat the mind of the enemy, and knowing that relationships between things matter most in the strategy of war. It is essential to examine which tradition is the best guide for developing cyber strategy; or do we need a combination?

The conduct of information operations (IO), which includes military deception (MILDEC) and psychological operations (PSYOP), by the United States military, is based on both doctrinal precedence and operational necessity. The increasing use of cyber technology and the internet in executing IO missions offers technological advantages while simultaneously being a minefield fraught with legal and cultural challenges. Using Joint and Air Force doctrinal publications, published books, and academic papers, this thesis first defines relevant terminology and then identifies current operational and legal constraints in the execution of IO using cyber technology. It concludes with recommended remediation actions to enhance the use of the internet as a military IO tool in today's cyber world.