jp3_12r
jp3_12r
jp3_12r
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Chapter II<br />
b. Security of Non-DOD Information Networks. While DCO are generally focused<br />
on the DODIN, which includes all networks owned or leased by DOD, DOD relies on many<br />
other networks, including private sector networks, to support DOD operations.<br />
Responsibility for these non-DOD information networks and systems falls to the network<br />
owners, which include other USG departments and agencies and private sector entities.<br />
Since all DOD-associated networks are known targets for our adversaries, protection of these<br />
non-DOD information networks and systems is just as important as protection of the<br />
DODIN. Unfortunately, DOD cannot guarantee the level of security of non-DOD<br />
information networks or the robustness of the security standards governing such networks.<br />
The JFC’s mission risk analysis should account for this uncertainty in security of non-DOD<br />
networks. It is essential that planners and those supporting CO coordinate with non-DOD<br />
essential network owners to better secure those networks. USCYBERCOM liaises with<br />
other USG departments and agencies that can facilitate necessary planning.<br />
c. Routine Uses of Cyberspace. Most military CO are routine uses of cyberspace.<br />
Routine uses of cyberspace, such as operating C2 or logistics systems, sending an e-mail,<br />
using the Internet to complete an on-line training course, and developing a briefing or<br />
document, employ cyberspace capabilities and complete tasks in cyberspace, but they do not<br />
amount to OCO, DCO, or DODIN operations. Other than being an authorized user of the<br />
network, DOD members need no special authorities to conduct these activities. However, it<br />
is through these routine uses of cyberspace where a majority of the vulnerabilities on our<br />
networks are exposed to, and exploited by, our adversaries. As such, the importance of<br />
cultivating a culture of cyber security among all DODIN users cannot be overstated. The<br />
challenge is to train DODIN users to recognize the trade craft of adversaries so that routine<br />
cyberspace uses do not continue to represent a source of unnecessary risk to the mission.<br />
DODIN operations functions, particularly interagency policies and training, are critical to the<br />
success of all types of DOD CO.<br />
d. Intelligence Operations. See JP 2-01, Joint and National Intelligence Support to<br />
Military Operations, for a more complete discussion of activities that fall under intelligence<br />
operations.<br />
e. Cyberspace Actions. While the JFC’s military missions in cyberspace (OCO, DCO,<br />
and DODIN operations) are categorized by intent, as described above, these missions will<br />
require the employment of various capabilities to create specific effects in cyberspace. To<br />
plan for, authorize, and assess these actions, it is important the JFC and staff understand how<br />
they are distinguished from one another.<br />
(1) Cyberspace Defense. Actions normally created within DOD cyberspace for<br />
securing, operating, and defending the DODIN. Specific actions include protect, detect,<br />
characterize, counter, and mitigate. Such defensive actions are usually created by the JFC or<br />
Service that owns or operates the network, except in such cases where these defensive<br />
actions would impact the operations of networks outside the responsibility of the respective<br />
JFC or Service.<br />
(2) Cyberspace ISR. An intelligence action conducted by the JFC authorized by<br />
an EXORD or conducted by attached SIGNT units under temporary delegated SIGINT<br />
II-4 JP 3-12