SYS-CON MEDIA Authors: Zakia Bouachraoui, Liz McMillan, Carmen Gonzalez, Roger Strukhoff, David Linthicum

Blog Feed Post

Twelve Principles of DoD Cyber Conflict

While rummaging through old files on my hard drive I encountered a piece I wrote in June 2002 which captured in writing something I had been briefing for several years.  I had been briefing “Principles” which I had observed/learned while the J2 of DoD’s JTF-CND and then later J2 of JTF-CNO.   My theory was that just as Admiral Bill Studeman has helped intelligence professionals understand their craft better by articulating principles, I could help build understanding of the new field of cyber conflict by generating dialog on principles.

I can’t take credit for any of these principles.  I really just wrote them down.  Many are things I observed or heard from others in the JTF at that time, like Marc Sachs, John Owens, Jay Healey and Michele Iverson.  There are also many common themes I learned from Rick Forno, Dan Kuehl and Matt Devost and others.

Now about a decade after I started briefing these principles I just reviewed them and think they still meet key requirements you would expect true principles to hold.  They still ring true and they still have insights relevant to operational decision-making, and, although they are definitely general in nature, I believe they still have a role in helping orient people to the missions of computer network defense (CND), computer network exploitation (CNE) and computer network attack (CNA).

Please give these a glance, and if you know a cyber warrior somewhere who you think would appreciate them please route them on.

One of these days I’ll re-write this to update the acronyms and get rid of the reference to the ancient US Space Command. So please let me know if you think I’ve missed something that should be captured as a principle, or if you think I have put any of these in the wrong context.

Twelve Principles of Computer Network Operations
June 2002
Bob Gourley

A growing number of uniformed military and government civilians practice the new military discipline of Computer Network Operations (CNO). CNO in the Department of Defense (DoD) consists of two specific yet complementary mission areas: Computer Network Defense (CND) and Computer Network Attack (CNA).

The CND mission is to protect and defend DoD computer networks, systems and the data that resides in them any unauthorized event whether it be a probe, scan, virus incident, or intrusion.1 The CNA mission is to coordinate, support and conduct, at the direction of the National Command Authority (NCA), computer network attack operations in support of regional and national objectives. CNA operations are designed to disrupt, deny, degrade or destroy adversary information resident in computers and computer networks.2

Operational lead for the DoD’s CNO efforts is USSPACECOM’s Joint Task Force for Computer Network Operations (JTF-CNO). But increasingly, traditional military forces are being called upon to conduct CNO operations by enhancing the defensive posture of networks under their control, by taking action against attacks, or by participating in attack planning or operations.

In most other warfare areas, Commanders can rely on established military doctrine to guide them in implementing and executing their missions. 3 The CNO mission is new, however, and little formal joint doctrine exists in this mission area.

This article provides firsthand observations on twelve key principles of CNO. I believe these observations can provide other CNO practitioners with a critical foundation required for successful CNO. These principles will also be of use to officers who whish to engage in the ongoing national security and policy discussions concerning CNO. After further examination and feedback from the field and the fleet, we expect them to become cornerstones of a new joint doctrine for CNO. Until then, I offer, Twelve Principles of CNO. They are:

#1 The Chain

#2 The Perimeter

#3 Interconnection

#4 The Laundry

#5 Prior Planning Prevents Poor Performance

#6 Know the Enemy

#7 Experience Counts

#8 Users Need Help

#9 Relativity

#10 One Basket?

#11 Unintended Consequences

#12 The Beauty of Attack

A bit more on all of the above is provided below:

#1 The Principle of the Chain. CNO is a chain; it’s only as strong as the weakest link. Like most of the rest of the principles outlined here, this sounds intuitive. But it is very important to stress this concept in the CNO world. Inattention to detail will ruin your CNO plans, whether for defense or offense. Two short illustrations:

- You fortify and protect an enclave by putting firewalls and IDS’s on gateways and hardening workstation software. But there are so many configuration choices for your IDS and firewall, and so many other settings you must make to ensure your enclave is secure. Did you overlook anything? Are your users trained? Do you have a response policy in place? Are you running the most up to date anti-virus software on your mail server? Should it be on individual workstations? These and many other questions must be considered by security professionals or any one could be the link that breaks the security chain.

- The chain for attack will also have weak links. This is easy for military professionals from any discipline to understand. All combat actions in any warfare area have potential weak links that can frustrate your attack or even lead to exploitation of your own forces. In the CNO realm the weak link may be the ability of an adversary to repair a patch in an application or the ability of an adversary to re-boot a router.

How do you protect against the weakest link? Attention to detail.

#2 The Principle of the Perimeter. Defenders must protect against every vulnerability. Attackers must only find one security flaw. A rough analogy is the requirement to continuously defend an Aircraft Carrier Battle Group in a high threat environment where attacks might come from below the sea or from the air or even from land. This principle calls for constant vigilance along every potential avenue of approach. CNO defenses must be robust and mobile.

#3 The Interconnection Principle. CNO is a multi-faceted discipline that includes military, civil, foreign, domestic, offense, defense, technology and human factor issues. It is an observable fact that we are all interconnected in this business. Decisions made in one area frequently have impacts in the other areas. That makes coordination between stakeholders and leaders in those areas an important goal that will result in better community-wide solutions. However, if taken to the extreme, this coordination can be a recipe for paralysis. Sometimes unilateral decisions must be made.

#4 The Principle of the Laundry. CNO is a continual process (like laundry, something always needs cleaning). Vulnerabilities in old software are discovered daily and new software is continually being produced and integrated into our architectures. All indications are that new software is just as buggy and has just as many vulnerabilities as old software, so we can expect the continued stream of vulnerability announcements to continue. Vulnerabilities that must be cleaned up and repaired as they are discovered. This is a never ending process.

#5 The Principle of Prior Planning. CNO must be pre-planned; you don’t just do it at the last minute and expect it to be done well. Too frequently the developers of systems and networks pay too little attention to security when they design their systems. We have found out the hard way that tacking it on the end just doesn’t work. This adage applies to users as well. If an organization does not think through the policies its users must adhere to, and does not train its users to be secure till it is too late, then the result will be poor security. The same thoughts hold true in the offensive sides to CNO. CNA requires extensive planning and coordination in advance.

#6 Know the Enemy. You must know your enemy better than your enemy knows you. This is easy to say but in practice very hard to accomplish, especially in the interconnected world of the Internet, where adversaries can take steps to hide their identify. But steps can be taken that let you make reasonable assumptions about your adversary before you know exactly who it is. These assumptions, combined with a continual study of threat actors will lead to a better ability to prevent, detect, react and defeat adversary activity.

You can and should also take steps to hide key information from your adversaries. All DoD unclassified networks should be under the umbrella of the NIPRNET, which affords some obscurity and protection from enumeration by an adversary. Enclaves should be configured to deny as much information as possible to potential adversaries. There is no reason why we should make the attacker’s job easier.

#7 The Principle of Professional Experience. Inexperienced CNO professionals are not CNO professionals. It is so easy in this business to find pseudo experts who can give a great brief or can market a CNO concept but have no first hand knowledge of how networks work or how to defend them. How do you tell a pseudo expert from a real expert? Be skeptical of anyone in this field till they have proven themselves to you. Ask for credentials, certifications, degrees or what their on the job experience is. Don’t be afraid to quiz them. No matter how polished they look, you want experience in this business.

- An important corollary for Commanders is that like in every other warfighting area, your people are paramount. Commanders must take responsibility to ensure that their CNO operators are trained and ready for the tasks that will face them.

#8 The Principle of User Faith. Users have no good way of comparing the security or vulnerability of systems. How can an individual user really tell that a system is secure? Is PKI secure? Is DMS secure? Who and what should a user trust? The current answer in DoD is that users must trust the systems managers in their organization, and those leaders must in turn trust accrediting authorities and program managers. We hope the corollary to this adage becomes “Trust, but verify.”

#9 The Principle of CNO Relativity. CNO is relative; no system will ever be 100% secure. This truism was realized long ago by the greats of the information security business, and has been witnessed again and again in DoD’s efforts.

- This truism is especially important in DoD, where we face some very sophisticated adversaries. Since no system can ever be 100% secure, if you want to be 100% certain that your information is protected, do not store it in any computer system anywhere. Of course this is unrealistic. But the point is that owners of information should weigh the risks vs. rewards of storing information in a computer system, and should take appropriate steps to protect computers and networks storing sensitive information.

#10 The Principle of the Single Basket. Never rely on technology (or anything else) as your only line of defense. This principle should seem intuitive to any operational military professional. No defender in combat would try to mount a defense with only one type of weapon, tool or technique. This is just as important in the CNO world, where true hackers will never give up, and where more sophisticated adversaries will try attacking through paths we may not have even considered yet.

#11 The Principle of Unintended Consequences. This applies to all aspects of the art of CNO, both offense and defense. Keep in mind that no matter how much you think these things through, there will age some risks of unintended consequences.

#12 The Principle of the Beauty of Attack. Sometimes you must take the fight to the enemy. To the military this frequently means the ability to use force on a battlefield to compel an enemy to do our will. But this principle is meant to bring to mind far more than that. In some cases, the US Government will have an ability to carry the fight to an adversary by attacking their computers. Individuals and individual units cannot do this, of course. This is a response reserved for decision-makers at the highest levels of government. But there are means for individuals and individual units to take action against attackers. Action can be taken by collecting detailed logs of the attacks and contacting law enforcement officials at the earliest possible moment.

The principles presented here are meant to explain the workings of a well-functioning computer network operations effort. They will be of use to any military professional struggling with the best ways to implement successful CNO in their organizations.

Are there other principles of CNO? Almost certainly. The disciplines of Computer Network Defense and Computer Network Attack are still new ones, and as they spread throughout the combat forces of DoD more principles, best practices and even doctrine will arise to help guide us as we prepare for combat. Consider the list above a start. It contains basic generalizations that I hold as true, that I propose to you as a starting point as you reason through your role in this mission.

1 Joint Publication 1-02, “DOD Dictionary of Military and Associated Terms.” Available online at: http://www.dtic.mil/doctrine/jel/doddict/

2 Joint Publication 1-02, “DOD Dictionary of Military and Associated Terms.” Available online at: http://www.dtic.mil/doctrine/jel/doddict/

3 Doctrine is the “Fundamental principles by which the military forces or elements thereof guide their actions in support of national objectives. It is authoritative but requires judgment in application.” Joint Publication 1-02, “DOD Dictionary of Military and Associated Terms.” Available online at: http://www.dtic.mil/doctrine/jel/doddict/

Related posts:

  1. The Future of Cyber Security and Cyber Conflict
  2. Top 10 CTO Principles
  3. Melissa Hathaway Op-Ed on Cyber Security

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com

Latest Stories
Moroccanoil®, the global leader in oil-infused beauty, is thrilled to announce the NEW Moroccanoil Color Depositing Masks, a collection of dual-benefit hair masks that deposit pure pigments while providing the treatment benefits of a deep conditioning mask. The collection consists of seven curated shades for commitment-free, beautifully-colored hair that looks and feels healthy.
The textured-hair category is inarguably the hottest in the haircare space today. This has been driven by the proliferation of founder brands started by curly and coily consumers and savvy consumers who increasingly want products specifically for their texture type. This trend is underscored by the latest insights from NaturallyCurly's 2018 TextureTrends report, released today. According to the 2018 TextureTrends Report, more than 80 percent of women with curly and coily hair say they purcha...
The textured-hair category is inarguably the hottest in the haircare space today. This has been driven by the proliferation of founder brands started by curly and coily consumers and savvy consumers who increasingly want products specifically for their texture type. This trend is underscored by the latest insights from NaturallyCurly's 2018 TextureTrends report, released today. According to the 2018 TextureTrends Report, more than 80 percent of women with curly and coily hair say they purcha...
We all love the many benefits of natural plant oils, used as a deap treatment before shampooing, at home or at the beach, but is there an all-in-one solution for everyday intensive nutrition and modern styling?I am passionate about the benefits of natural extracts with tried-and-tested results, which I have used to develop my own brand (lemon for its acid ph, wheat germ for its fortifying action…). I wanted a product which combined caring and styling effects, and which could be used after shampo...
The precious oil is extracted from the seeds of prickly pear cactus plant. After taking out the seeds from the fruits, they are adequately dried and then cold pressed to obtain the oil. Indeed, the prickly seed oil is quite expensive. Well, that is understandable when you consider the fact that the seeds are really tiny and each seed contain only about 5% of oil in it at most, plus the seeds are usually handpicked from the fruits. This means it will take tons of these seeds to produce just one b...
Steaz, the nation's top-selling organic and fair trade green-tea-based beverage company, announces its 2017 "Mind. Body. Soul." tour, which will bring authentic experiences inspired by the brand's signature Mind. Body. Soul. tagline to life across the country. The tour will inform, educate, inspire and entertain through events, digital activations and partner-curated experiences developed to support the three pillars of complete health and wellness.
The platform combines the strengths of Singtel's extensive, intelligent network capabilities with Microsoft's cloud expertise to create a unique solution that sets new standards for IoT applications," said Mr Diomedes Kastanis, Head of IoT at Singtel. "Our solution provides speed, transparency and flexibility, paving the way for a more pervasive use of IoT to accelerate enterprises' digitalisation efforts. AI-powered intelligent connectivity over Microsoft Azure will be the fastest connected pat...
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
ScaleMP is presenting at CloudEXPO 2019, held June 24-26 in Santa Clara, and we’d love to see you there. At the conference, we’ll demonstrate how ScaleMP is solving one of the most vexing challenges for cloud — memory cost and limit of scale — and how our innovative vSMP MemoryONE solution provides affordable larger server memory for the private and public cloud. Please visit us at Booth No. 519 to connect with our experts and learn more about vSMP MemoryONE and how it is already serving some of...
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understa...
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
As you know, enterprise IT conversation over the past year have often centered upon the open-source Kubernetes container orchestration system. In fact, Kubernetes has emerged as the key technology -- and even primary platform -- of cloud migrations for a wide variety of organizations. Kubernetes is critical to forward-looking enterprises that continue to push their IT infrastructures toward maximum functionality, scalability, and flexibility. As they do so, IT professionals are also embr...
Platform9, the leader in SaaS-managed hybrid cloud, has announced it will present five sessions at four upcoming industry conferences in June: BCS in London, DevOpsCon in Berlin, HPE Discover and Cloud Computing Expo 2019.
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
When you're operating multiple services in production, building out forensics tools such as monitoring and observability becomes essential. Unfortunately, it is a real challenge balancing priorities between building new features and tools to help pinpoint root causes. Linkerd provides many of the tools you need to tame the chaos of operating microservices in a cloud native world. Because Linkerd is a transparent proxy that runs alongside your application, there are no code changes required. I...