jp3_12r
jp3_12r
jp3_12r
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Chapter II<br />
on cyberspace around the globe requires carefully controlling OCO, requiring national level<br />
approval. This requires commanders to remain cognizant of changes in national cyberspace<br />
policy and potential impacts on operational authorities.<br />
(4) A common operational picture (COP) for cyberspace facilitates C2 of CO and<br />
real-time comprehensive SA. A cyberspace COP should include the ability to rapidly fuse,<br />
correlate, and display data from global network sensors to deliver a reliable picture of<br />
friendly, neutral, and adversary networks, including their physical locations and activities. In<br />
addition, the cyberspace COP should support real-time threat and event data from myriad<br />
sources (i.e., DOD, IC, interagency, private industry, and international partners) and improve<br />
commanders’ abilities to identify, monitor, characterize, track, locate, and take action in<br />
response to cyberspace activity as it occurs both globally for USSTRATCOM/<br />
USCYBERCOM and within the AOR for the GCC.<br />
c. Intelligence<br />
(1) Intelligence collected in cyberspace may come from DOD and/or national-level<br />
sources and may serve strategic, operational, or tactical requirements. JP 2-0, Joint<br />
Intelligence, covers the basics of military intelligence joint doctrine. This section addresses<br />
the unique challenges of military intelligence in cyberspace. Intelligence operations in<br />
cyberspace not associated with the JFC are covered in paragraph 3, “National Intelligence<br />
Operations In and Through Cyberspace.”<br />
(2) Understanding the OE is fundamental to all joint operations. Intelligence<br />
support to CO utilizes the same intelligence process (i.e., intelligence operations) as in all<br />
other military operations:<br />
(a) Planning and direction, to include managing CI activities that protect<br />
against espionage, sabotage, and attacks against US citizens/facilities; and examining<br />
mission success criteria and associated metrics to assess the impact of CO and inform the<br />
commander’s decisions.<br />
(b) Collection, to include surveillance and reconnaissance.<br />
(c) Processing and exploitation of collected data.<br />
(d) Analysis of information and production of intelligence.<br />
(e) Dissemination and integration of intelligence with operations quality.<br />
(f) Evaluation and feedback regarding intelligence effectiveness and quality.<br />
(3) Event Detection and Characterization. Activities in cyberspace by a<br />
sophisticated adversary may be difficult to detect. Unlike adversary actions in the physical<br />
domains which may be detected by the presence of equipment or specific activity, adversary<br />
actions in cyberspace may not be easily distinguishable from legitimate activity. Capabilities<br />
for detecting and attributing activities in cyberspace are critical for enabling effective DCO<br />
and OCO. Equally important, rapid assessment of DOD operations in and through<br />
II-8 JP 3-12