jp3_12r
jp3_12r
jp3_12r
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Chapter II<br />
c. Authorities Overlap. Like other military operations conducted by the JFC or<br />
Service elements, CO are covered by appropriate authorities, such as military orders,<br />
standing or supplemental rules of engagement, DOD policy, etc. This includes military<br />
intelligence activities that provide ISR in cyberspace. The JFC also receives support from<br />
DOD intelligence agencies, such as NSA, in accordance with national and departmental<br />
policies and guidance. Likewise, DOD ordinary business operations in cyberspace are<br />
accomplished by DOD agencies following DOD policy.<br />
2. Military Operations In and Through Cyberspace<br />
a. Cyberspace Operations. The successful execution of CO requires integrated and<br />
synchronized offensive, defensive, and DODIN operations, underpinned by effective and<br />
timely operational preparation of the environment (OPE). CO missions are categorized as<br />
OCO, DCO, and DODIN operations based on their intent. Specific actions are discussed in<br />
paragraph 2.e, “Cyberspace Actions.” All CO missions are informed by timely intelligence<br />
and threat indicators from traditional and advanced sensors, vulnerability information from<br />
DOD and non-DOD sources, and accurate assessments.<br />
See JP 5-0, Joint Operation Planning, Appendix D, “Assessment,” for more information on<br />
assessment and battle damage assessment (BDA).<br />
(1) Offensive Cyberspace Operations. OCO are CO intended to project power by<br />
the application of force in and through cyberspace. OCO will be authorized like offensive<br />
operations in the physical domains, via an execute order (EXORD). OCO requires<br />
deconfliction in accordance with (IAW) current policies.<br />
(2) Defensive Cyberspace Operations. DCO are CO intended to defend DOD or<br />
other friendly cyberspace. Specifically, they are passive and active cyberspace defense<br />
operations to preserve the ability to utilize friendly cyberspace capabilities and protect data,<br />
networks, net-centric capabilities, and other designated systems. DCO responds to<br />
unauthorized activity or alerts/threat information against the DODIN, and leverages<br />
intelligence, counterintelligence (CI), LE, and other military capabilities as required. DCO<br />
includes outmaneuvering adversaries taking or about to take offensive actions against<br />
defended networks, or otherwise responding to internal and external cyberspace threats.<br />
Most DCO occurs within the defended network. Internal defensive measures include<br />
mission assurance actions to dynamically reestablish, re-secure, reroute, reconstitute, or<br />
isolate degraded or compromised local networks to ensure sufficient cyberspace access for<br />
JFC forces. DCO also includes actively hunting for advanced internal threats that evade<br />
routine security measures. However, some adversary actions can trigger DCO response<br />
actions (DCO-RA) necessary to defend networks, when authorized, by creating effects<br />
outside of the DODIN. DCO consists of those actions designed to protect friendly<br />
cyberspace from adversary actions. DCO may be conducted in response to attack,<br />
exploitation, intrusion, or effects of malware on the DODIN or other assets that DOD is<br />
directed to defend. DOD’s DCO mission is accomplished using a layered, adaptive, defensein-depth<br />
approach, with mutually supporting elements of digital and physical protection. A<br />
key characteristic of DOD’s DCO activities is a construct of active cyberspace defense. The<br />
Department of Defense Strategy for Operating in Cyberspace describes active cyberspace<br />
II-2 JP 3-12