Cyber Warfare: A Simple Framework for Understanding Its Role in Armed Conflict
Cyber Warfare: A Simple Framework for Understanding Its Role in Armed Conflict
The use of cyber for warfare is an endlessly exciting, complex, and misunderstood topic. In order to help understand the military use of cyber I will outline a basic conceptual framework. This framework is so useful that many people have independently arrived at the same core structure.
- Danny Moore's book, "Offensive Cyber Operations," is an in-length analysis of military cyber using his own variant of this framework.
- Victor Zhora (Deputy Chairman and Chief Digital Transformation Officer of the SSSCIP of Ukraine) has used a version when discussing Russian cyber attacks.
- Max Smeets (Director of the European Cyber Conflict Research Initiative) has used a different variant when discussing Russian cyber operations in Ukraine.
To name but a few...
Just to be clear, I make no claim to the core concepts of this framework. Just like everyone else, I have arrived at a simple solution to a difficult problem.
Enough beating around the bush. You have answers, I have questions. Lets get started.
Cyber Operations during War
Cyber warfare encompasses a wide range of activities, but which ones are but most useful during a war? And how do they interact with other elements of armed conflict? This article presents a simple framework for reasoning about the use of cyber during war, focusing on three core functions: information operations, effects operations, and espionage operations.
A Useful Framework for Cyber Operations in Armed Conflict
During wartime, cyber capabilities can provide roughly three core functions. Each of these functions has its own strengths and weaknesses, roles to play, resource costs, strategic considerations, and tactical utility.
- Information Operations: Broadly speaking, these involve influencing the narrative or promoting a viewpoint to aid one side in a conflict. Information operations typically do not involve destructive actions such as denial-of-service attacks or data manipulation.
- Effects Operations: These entail actively doing something to the target—such as deploying wipers or ransomware, defacing websites, or manipulating data—in order to achieve specific objectives.
- Espionage Operations: These involve collecting information through spying and other covert means. Unlike effects operations, espionage is passive in terms of its impact on the target.
It is important to note that cyber operations can include elements of all three functions outlined above. Access gained for espionage purposes can be used to enable effects operations, while intelligence gathered from espionage can be used for information operations.
This framework is not meant to be prescriptive or universal; instead it serves as a simple model that provides shorthand concepts for reasoning about the utility of cyber capabilities during wartime.
Balancing Espionage and Effects Operations
Espionage and effects operations are often in competition with each other because they utilize the same resources. Information operations generally do not require tight integration with strategic planning or state control (integration into the command chain).
Effects operations may be easier to execute in some ways but require precise timing to maximize their utility and ensure that the opportunity cost is worth the gain from the effects. Espionage operations, on the other hand, require more discretion and closer integration with the command structure. This is because not only is the intelligence collection process secret, but so are the gaps in knowledge that need to be filled, what is already known, and what is believed to be known.
The discussion around civilian volunteers in cyber warfare often assumes that they can significantly impact the game. However, any group operating outside of a state's command structure faces significant challenges in executing espionage or effects operations effectively.
Civilian volunteers are unlikely to be able to properly conduct espionage operations due to their lack of integration with state security forces. Furthermore, they may struggle to coordinate closely enough to create effects at the right time. In many cases, these limitations mean that civilian volunteer efforts can be counterproductive rather than helpful.
Conclusion
The simple framework presented here divides cyber operations during armed conflict into three core functions: information operations, effects operations, and espionage operations. While not definitive or comprehensive, this model can help guide strategic thinking about how best to leverage cyber capabilities during wartime.
Ultimately, effective cyber warfare requires a careful balance between espionage and effects operations as well as close integration with state security forces and command structures. Civilian volunteers may face significant challenges in contributing meaningfully to these efforts without extensive preparation and coordination.