2014 Information Dominance Essay Contest Third-Place Winner, Sponsored by HP
In Capstone Concept for Joint Operations: Joint Force 2020 (CCJO, 28 September 2012), General Martin Dempsey, Chairman of the Joint Chiefs of Staff, outlined his vision of globally integrated operations. This centerpiece has had broad implications throughout the Department of Defense, as it continues to develop over the course of this decade. The CCJO dives into various supporting concepts and requirements that will make these global operations a reality in just a few years, but one factor underlines the whole: information flow. The CCJO provides the “what” of General Dempsey’s future vision, but it does not detail the “how.” That was given in the Joint Information Environment (JIE) white paper (22 January 2013). With information flow as the binding force enabling General Dempsey’s vision to become reality, the JIE details the importance of making vital information available when and where it is needed at all echelons. This will break down the walls separating the hundreds of individual networks throughout the DOD, to create an environment allowing for near-instant communication, the use or manipulation of data, and resiliency in the face of failure or attack.
The JIE will fall under the umbrella of a larger network concept, the Department of Defense Information Network. Once a discussion involves this system, it automatically turns into a conversation about cyberspace. This inclusion in the DOD network, and by extension cyberspace, makes administering the JIE a significant challenge. With the JIE representing both equipment and battlespace at the same time, the added layer of intermingled data on a global scale blurs all lines of ownership and command and control. Thus, the entire Department of Defense Information Network’s system must be addressed in order to solve the JIE administration problem. Despite organizational changes, including the standup of a subordinate unified command and numerous joint and service organizations responsible for cyberspace operations, a definitive command-and-control arrangement for cyberspace operations, ranging from daily routine use to force projection and protection, remains unresolved.
The 27 April 2011 Unified Command Plan and a comprehensive standing order by U.S. Strategic Command delegate the authority for conduct of most operations in cyberspace to U.S. Cyber Command. These responsibilities have been further broken down into three distinct mission areas: defend the nation from strategic cyberspace attack; provide support to the combatant commands; and operate, secure, and defend the Department of Defense Information Network.1 It would appear at first glance that the latter mission covers everything needed with regard to the JIE, but things are not so simple in the world of DOD cyberspace operations.
Perhaps the greatest stumbling block in identifying the right lanes of authority for JIE rests with the DOD’s accepted definition of cyberspace. According to joint doctrine, it is “a global domain within the information environment consisting of the interdependent network of information technology infrastructures and resident data, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.” 2 This definition presents several problems when attempting to identify responsibilities for administration of massive network constructs such as the JIE. Additionally, the fact that the Secretary of Defense has declared cyberspace as a battlespace domain, on par with the land, air, maritime, and space domains, further invalidates the definition. To understand where the Joint Information Environment truly fits within cyberspace, and therefore where the lanes of responsibility are divided, the very definition of cyberspace must be deconstructed, examined, and reevaluated.
Cyberspace Is Not Equipment
Human beings are land creatures. Earth was the first battlespace domain and, most important, remains the only domain in which we can operate without enabling equipment. It is a physical arena that can be seen and felt. Because it is the realm in which we all live, it is also the one to which all combat effects are ultimately directed. The maritime and air domains are foreign to humans. We cannot fly on our own, nor can we sustain life in a purely maritime environment for any length of time. For humans to operate in these spheres, we must use specifically designed equipment. Watercraft and aircraft allow us to exist, operate, maneuver, and generate effects from the maritime and air domains. Like land, the maritime and air environments are also physical. Our ability to operate in space is limited at present, but the same overall concepts apply there. This physicality is the prime difference between cyberspace and the other domains.
True cyberspace (not as defined by the DOD) cannot be defined in physical terms. It is data, or information, that is at rest, in motion, or in flux, and it is also the flow of said information. The technology infrastructure, networks, and computer systems are simply pieces of equipment, no different in this way from the ships that allow us to operate on water or the aircraft that move us through the air. Ships and planes are not considered part of the domains to which they belong; they are military assets and treated as equipment. Cyberspace must be viewed through this same lens.
It will be difficult to adapt the mindset of much of the military to accept a domain that cannot be held or seen. But it is not beyond possibility. Not much longer than a century ago, military minds struggled with the idea of three-dimensional combat in the skies. The concept of flying is seldom given a second thought today. Once this new notion of cyberspace has been accepted, JIE must be reexamined. Because U.S. Cyber Command has an established mission (operate, secure, and defend) that heavily involves the JIE, it is best to carry out the reappraisal by analyzing that mission and its applicability to the JIE.
Buying and Running the Machinery
The first piece of the U.S. Cyber Command’s mission is to operate the Department of Defense Information Network. From a JIE perspective, to “operate” means to establish the physical infrastructure and ensure proper baseline functionality. Setting up physical parts of JIE generally falls under the services’ equip responsibility (man, train, equip, and organize). But the Defense Information Systems Agency (DISA) also has a role to play, because of the nature of the equipment itself.
Part of the DISA’s responsibility is, as delegated by the DOD chief information officer, implementing standardization across the enterprise network. In the JIE construct, DISA will take the lead in developing and establishing the standards for equipment operation within the network, meaning that to be considered part of the JIE, computing and network gear will need to meet DISA criteria. The procurement of equipment will remain a service responsibility, with the additional requirement that tools fall within the DISA-established standards.
To “operate” the JIE will also mean to ensure the flow of data as required, a core component of the JIE concept. Both DISA and the services have well-delineated responsibilities here as well. General Dempsey’s vision for data in the JIE is a cloud storage environment. DISA will need to establish the benchmarks for how data moves into and out of the cloud, including protocols and security. The services will likely take on shared responsibilities for purchasing equipment that ultimately makes up the cloud. Distributing the purchase and placement of gear among the services provides a level of redundancy and fault tolerance that is envisioned in the JIE concept.
Securing the JIE is, like all kinds of safety measures in the DOD, ultimately everyone’s responsibility. Both DISA and U.S. Cyber Command have significant roles in this regard. As part of the establishment of standards for the JIE, DISA will also direct baseline security standards that must exist on all equipment. Basic security for information systems is commonplace throughout the industry, yet is rarely sufficient. This is where U.S. Cyber Command provides additional direction for JIE security. As the DOD component primarily responsible for operations in cyberspace, U.S. Cyber Command directs actions taken to increase protection of DOD information systems and computing/networking equipment across the entire span of the Department of Defense Information Network, including the JIE.
This brings the security level of the JIE to a higher point for global operations. Protection of the data itself also falls to DISA for the creation of the initial standard. U.S. Cyber Command, working with the National Security Agency, will direct additional security measures needed in response to the rapidly changing threats against the JIE and Department of Defense Information Network. As in many other areas of joint standards, services may choose to apply more stringent protection requirements for their data, but may not undermine the DISA or U.S. Cyber Command–established criteria.
By its nature, defense is a combat action. Unlike the previous two pieces of the Cyber Command mission for the DOD network, this aspect will not involve DISA, and see a reduced involvement by the services. In the joint environment, the combatant commands fight; the services provide forces so they can fight. The same holds true in the cyberspace domain. Combatant commands will direct cyberspace defense actions within their areas of responsibility (AORs) in the same way they would direct any other military operations. But defining a combatant command’s AOR in cyberspace is usually easier said than done.
Even before JIE, the boundaries of this in cyberspace were fuzzy at best, with debate over who owned various pieces of equipment and network infrastructure. The JIE’s very concept clouds this discussion even further, but the combatant command’s AOR in cyberspace must be thought of in the same fundamental way as in the physical domains. An area of responsibility does not involve where equipment sits or originates from, but rather the location of the realized effects. In the same was as all effects are ultimately directed against the land domain, in and through cyberspace, they are eventually manifested in the physical world. It is the location of those demonstrated effects, as plotted on a map depicting combatant commands’ physical AORs, that determines which one is responsible.
U.S. Cyber Command, acting under authority delegated by U.S. Strategic Command in accordance with the Unified Command Plan, directs global defense actions that cross, or are otherwise independent of, combatant-command AOR boundaries. As the JIE concept matures, so too must the way the DOD views cyberspace, operations in that domain, and the division of responsibility and authority among the many related organizations.
Much of the doctrine and policies that address the tough questions have been written. A shift in mindset about cyberspace as a whole is needed at all levels of leadership, to properly align now-established ideas to the domain of cyberspace. By matching mature concepts to new technology and capabilities, the administration of the JIE, and of the entire Department of Defense Information Network, will be successful. To fight against entrenched beliefs and essentially reinvent the wheel as the JIE develops will involve taking several steps back while reaching for the future.
- Cheryl Pellerin, “Cyber Command Adapts to Understand Cyber Battlespace,” American Forces Press Service, 7 March 2013.
- Joint Publication 1-02, Department of Defense Dictionary of Military and Associated Terms, 15 March 2014.
Lieutenant Rolfe is a Reserve intelligence officer supporting the Cyber Division of the Naval Criminal Investigative Service. He is also a contractor with U.S. Cyber Command, working on the development and employment of the new Cyber Mission Force. Previously he served for 14 years as an active-duty enlisted soldier with assignments as a signals intelligence analyst, cryptanalyst, and computer network operations subject-matter expert. He is now working toward a master’s in history.