Illuminating a New Domain: The Role and Nature of Military Intelligence, Surveillance and Reconnaissance in Cyberspace

Abstract

Created in 2009 to “[synchronize] warfighting effects across the global security environment as well as providing support to civil authorities and international partners” the United States Cyber Command has spent the intervening years developing a foundation of cyber military doctrine, harnessing and integrating extant forces, and developing the critical mass needed to execute its global mission.Key among the challenges faced by the still fledgling US Cyber Command is the task of effecting intelligence, surveillance and reconnaissance (ISR) in a domain where real-time cognizance is the lifeblood of needed agility while observable distinctions between ISR, preparation for attack, and offensive cyber operations are small and, in many cases, dependent more on context than on objective discriminants.This paper will make the case that real-time ISR in cyber space is an essential and achievable foundation for success in military operations in or dependent on cyberspace. The paper will focus on military vice law enforcement or private sector operations, and will summarize the characteristics of the cyber domain, the attributes needed for success in dynamic and time sensitive operations, and recommend both doctrine and strategy for further development along these lines.The paper assumes that issues of when and where to employ US Cyber Command resources will be resolved in a manner that leaves the current US Cyber Command roles and responsibilities largely intact. None of what follows is intended to suggest US Cyber Command attain authorities it does not currently enjoy under extant law, policy, and tasking. In a similar vein, the paper does not directly consider the organizational structure of operating cyber forces and their support elements though, in the spirit of ‘form follows function’, insights on which structures are best suited to accomplish organizational objectives may be derived from conclusions contained herein.Note: This paper was prepared for a workshop on the strategic use of offensive cyber operations held in March 2016 and organized by the Stanford Cyber Policy Program. On August 18, 2016, this paper was submitted to the Journal of Cybersecurity for entry into its review process and perhaps for publication.