DOD Publicly Releases Joint Cyber Doctrine

This month, Defense Department publicly released the joint cyber doctrine that was first issued in March 2013. The document sheds light on the policies and strategic direction shaping the joint Defense cyberspace operations information security activities. The document provides definitions of the roles and authorities across the Defense Department as well as outlining the roles of other organizations responsible for the nation’s cybersecurity, like the Department of Homeland Security and the Department of Justice.

As the document details, the Joint doctrine “applies to the Joint Staff, commanders of combatant commands, subordinate unified commands, joint task forces, subordinate components of these commands, and the Services.” This document takes precedence over any service level doctrines.

While some media coverage has noted the mentions of offensive capabilities, the definitions and discussion of capabilities in the public version remain at a high level. The doctrine offers three categories of cyberspace operations: offensive, defensive, and Department of Defense Information Network (DODIN).

CO missions are categorized as offensive cyberspace operations (OCO), defensive cyberspace operations (DCO), and DODIN based on their intent. OCO are CO intended to project power by the application of force in and through cyberspace. DCO are CO intended to defend DOD or other friendly cyberspace. DODIN operations are actions taken to design, build, configure, secure, operate, maintain, and sustain DOD communications systems and networks in a way that creates and preserves data availability, integrity, confidentiality, as well as user/entity authentication and non-repudiation.

The view addresses the varying types of activities (offensive, defensive, and infrastructure-related) as well as describing the operational environment and government roles within cyberspace. The military increasingly relies on cyberspace for command and control capabilities and also for logistics functions supported  by non-defense networks. The outline of organizational structures in the document help to illustrate the connections and  relationships within cyberspace.

For vendors, these details may be useful as the Defense Department targets moving towards shared services for information security solutions. It is important for contractors to understand that “Forces conducting CO may simultaneously support multiple users” and which organizations those users may represent. In terms of identifying potential solutions that meet operational requirements, anticipating this interplay between agencies and commands will require extensive coordination, planning, and early integration of requirements.

Although this publication provides broad perspective on the government’s operations in cyberspace, business opportunities with the Defense Department will continue to revolve around defensive capabilities, infrastructure enhancements, communications and network services, and professional services like training.