Secrecy News

Army Issues Guidance on Cyberspace Operations

For the first time the U.S. Army has produced official doctrine on military activities in cyberspace, including offensive, defensive and network operations.

A new Army field manual “provides overarching doctrinal guidance and direction for conducting cyber electromagnetic activities (CEMA)…. It provides enough guidance for commanders and their staffs to develop innovative approaches to seize, retain, and exploit advantages throughout an operational environment.”

It is “the first doctrinal field manual of its kind.” See FM 3-38, Cyber Electromagnetic Activities, February 2014.

The manual introduces the fundamentals of cyber operations, or “cyber electromagnetic activities” (CEMA), defining terms and identifying important operational factors and constraints.

“Today’s Army must operate in cyberspace and leverage an electromagnetic spectrum that is increasingly competitive, congested, and contested.”

However, “execution of CEMA can involve significant legal and policy considerations.” Also, “possibilities of unintended or cascading effects exist and may be difficult to predict.”

Several years ago, any official discussion of offensive cyber operations was considered classified information. That is no longer the case, and the new Army manual — which itself is unclassified — treats the subject as a normal part of military conflict.

“Army forces conduct OCO [offensive cyberspace operations] across the range of military operations by targeting enemy and hostile adversary activity and related capabilities in and through cyberspace,” the Field Manual says.

Cyberspace attacks in support of offensive operations “may be directed at information resident in, or in transit between, computers (including mobile phones and personal digital assistants) and computer networks used by an enemy or adversary.”

“Cyberspace attacks may employ capabilities such as tailored computer code in and through various network nodes such as servers, bridges, firewalls, sensors, protocols, operating systems, and hardware associated with computers or processors. Tailored computer code is only one example of a cyberspace capability… designed to create an effect in or through cyberspace.”

“Cyberspace attacks may employ manipulation which includes deception, decoying, conditioning, and spoofing to control or change information, information systems, and networks.”

The Army manual also presents doctrine on defensive cyberspace operations and on information network operations. “[Defensive] countermeasures in cyberspace should not destroy or significantly impede the operations or functionality of the network they are being employed against, nor should they intentionally cause injury or the loss of life.”

The manual devotes some attention to the legal framework governing cyber operations, which “depends on the nature of the activities conducted.”  Under all circumstances, the manual says, “Army forces conducting CO [cyberspace operations] will comply with the law of war.”

Ordinarily, the manual states, the U.S. Army should not be conducting offensive cyber operations against U.S. targets. “Unless approved by appropriate authorities, Army assets cannot be used to perform attack or exploit operations on U.S. entities.”

“Commanders must ensure that the legal, constitutional, and privacy rights of U.S. citizens are protected throughout the planning and execution of [cyber operations].”

    *    *    *

“Legal Reviews of Cyber Weapons” is one of the topics addressed in the latest issue of the Journal of National Security Law and Policy.

Brendan Koerner reported on “How America’s Soldiers Fight for the Spectrum on the Battlefield” in Wired Threat Level, February 18.

6 thoughts on “Army Issues Guidance on Cyberspace Operations

  1. Steven,

    Reading this manual proved an exercise in futility–I cannot understand the authority (morally, ethically, or legally), decision makers (who calls the the shots–pun intended), and to what affect to the relationship between the government and the sovereign is envisioned?

    From what I read, the authority for a CO under a OCO, the DoD can use lethality to defeat a hacker. Due process is not mentioned though clauses repeated say not in violation of the constitution–how can that statement be trusted?

    My concern, the government is hell bent on defeating our domestic representative democracy–and all I can say–game over.

  2. As an Aero Space weapons designer, let me say that not taking full and total advantage of ALL possibilities in the early stages of this new “Warfront” could be devastating to the United States and its Allies. The vastness of Space, the other Planets, the Earth Satellite communications systems, the World economy that relies on electromagnetics (and soon LaserCom)…..”If you do not stay on top of the thieves and pre-defend yourself: YOU WILL BE A VICTIM! Any small group of butt-heads with their own selfish, ignorant, agenda could greatly disrupt the lifestyle that we try to enjoy. Personal freedom is great, but on a tiny speck of dust in an immense Universe, we can not have 10-50 Billion Earthlings just doing their own thing w/o some sort of tracking and control….Especially with the Technologies being created by us Brainiacs every day! As a Science Fiction author, turned scientist, I can see the Horrors that are knocking on the door. REPEAT: “the horrors are knocking at the door!” FAS was created by the scientists who developed the nuclear fusion device, to help keep “Pandora In Her Box”….BUT; a fission device is only a marble in a child’s slingshot compared to what is coming…….I Know..I am creating them…..

    1. @ L. Steven Spak

      “If you do not stay on top of the thieves and pre-defend yourself: YOU WILL BE A VICTIM!”

      Well said, I just don’t know how to counter an out of control military industrial complex that would steal my liberty, privacy, taxes, and my own personal information–then sell it back to me. I don’t like paying thieves to return what belongs to me after they say…”Look, we’re protecting you mister target–I mean citizen.”

      Your statement doesn’t stand the philosophical litmus test, do your arguments comport with any rational socio-political premise? NO! Why stop there, what about a formal analysis; a lexical, semantic, postulate-based lemma that is combined with statistical tools to examine your statement… A mesh network based on your logic will functional collapse upon itself as the amount of energy to support your hypothesis will require converting this planet into a white dwarf–are you working on that?

    1. The difference is that the new concept of “cyber electromagnetic activities” includes electronic warfare, but it is broader than that. It extends to “cyberspace operations” — both offensive and defensive operations — and to spectrum management operations. More information can be found in the manual itself.

Leave a Reply

Your email address will not be published. Required fields are marked *