Ace your studies with our custom writing services! We've got your back for top grades and timely submissions, so you can say goodbye to the stress. Trust us to get you there!

Order a Similar Paper Order a Different Paper


Using APA styles format, In 800 words answer the following question below using the

attached articles. Provide specific examples and citations from the articles to support


Discussion Questions:

1. Is there such a thing as a cyber domain? 

2. How is it similar to or distinct from other traditional physical domains? 

3. What are the consequences or challenges to policy makers due to any unique characteristics of cyber-power?

4. What are the hazards Libicki warns us of by calling cyber a warfighting domain? 

5. What do we lose if we don’t?

International Journal

2014, Vol. 69(3) 394–412

! The Author(s) 2014

Reprints and permissions:

DOI: 10.1177/0020702014540618

Scholarly Essay

On domains: Cyber and
the practice of warfare

Chris McGuffin
Canadian Armed Forces, ON, Canada

Paul Mitchell
Canadian Forces College, ON, Canada


Cyberspace is a new and evolving realm of human interaction with specific security and

defence concerns. Threats to commercial and government interests are being identified

and many nations have accepted cyberspace as a domain of military of operations. While

governments are investing in the development of military cyber capabilities, there are

few examples of military cyber operations from which military doctrine can be devel-

oped. In order to bridge the gap between speculation and experience, the principles

related to land, sea, and air forces can be used to provide a helpful reference for the

cyber domain. The adoption of cyberspace as a domain has more to do with marketing

than doctrinal consistency with physical domains. Until some future military cyber

operations are categorized as armed attacks, there is insufficient cause to categorize

cyberspace as a distinct domain.


Cyber warfare, military operations, information technology, military technology,

defence policy

Every fortnight the senior civilian and military leaders of Canada’s Department of
National Defence meet as a Programme Management Board (PMB) to decide the
fate of key projects and initiatives. These leaders, representing the army, navy, air
force, and each of the other departmental Level 1 organizations,

have a keen

interest in the allocation of resources. Decisions regarding the staffing of new pos-
itions are particularly contentious at a time when the Canadian Armed Forces’

Corresponding author:

Paul Mitchell, Canadian Forces College, 215 Yonge Blvd, Toronto, ON M5M 3H9, Canada.

Email: [email protected]

1. Level One Organizations are those at the top of the DND bureaucratic hierarchy, generally headed
by a three-star officer, including the three services, the vice chief of the defence staff, the Canadian
Joint Operations Command, and the Canadian Special Forces Command.

(CAF’s) strength is being reduced due to budgetary limitations.
Nonetheless, when

the PMB chairperson, the vice chief of the defence staff, raised the subject of
staffing for the CAF Cyber Task Force, the board members approved the imme-
diate allocation of 20 persons to undertake the new assignments.

These people will

have to be exceptionally motivated, technically proficient, and well supported to
deliver the advice, education, and doctrine required for the CAF.

These challenges have been faced before. A similar decision was made 100 years
ago when Canada’s minister of militia and defence ordered the creation of the
Canadian Aviation Corps.

As early as 1907, in a work of science fiction, H.G.

Wells described the German rise of air power and how they ‘‘may seize the air—as
once the British seized the seas.’’

Two years later, Giulio Douhet, an Italian staff

officer, predicted that ‘‘the sky would become another battlefield no less important
than the battlefields on land and sea.’’

At the start of the First World War, and

only 5 years after the first controlled powered flight in Canada, the initial attempt
to create a national air force experienced numerous challenges.


Canada eventually contributed flight training, pilots, and two squadrons of aircraft
to the allied war effort. It was not until the Second World War that the employ-
ment of military aviation would reach a sufficient level of maturity for commanders
to capitalize on the capabilities delivered by air power. Douhet, who would rise to
command Italy’s air force at the end of the First World War, published The
Command of the Air in 1921. This early treatise on air power presented the case
for a separate and distinct military service.

Douhet’s writing was a welcome foundation to air power theory but it also
contained several exaggerations. As he noted: ‘‘Nothing man can do on the surface
of the earth can interfere with a plane in flight, moving freely in the third dimen-

The influence of ground-based air defence systems and stinger missiles on

aircraft are reminders that it is unwise to be so definite when making predictions
about new technology.

The statements made by military theorists addressing new

2. Budgetary reductions in fiscal year 2012 imposed a cap of 68,000 regular force members and a
reduction in reserve force contracts. New capabilities like the C–17, Chinook helicopters, and the
Cyber Task Force create additional demand for personnel without offering trade-offs. See http:// (accessed 22 May 2014); and
David Pugliese, ‘‘Canada to freeze size of regular forces, shut down facilities,’’ National Post, 24
October 2011,
shut-down-facilities/ (accessed 11 March 2014).

3. A.B. Donaldson, ‘‘Memorandum to PMB – Immediate surge requirements in support of CF Cyber
Force,’’ 1150-110/P15 (Cyber TF), February 2012.

4. ‘‘The history of Canada’s Air Force,’’
(accessed 13 January 2013).

5. Herbert George Wells, The War in the Air, Project Gutenberg EBook #780, 10 August 2008, chapter

6. Douhet, cited in Dan McCaffery, Battlefields in the Air: Canadians in the Allied Bomber Command
(Toronto: Lorimer, 1995), 3.

7. ‘‘The history of Canada’s Air Force,’’
(accessed 28 May 2014).

8. Giulio Douhet, The Command of the Air, Dino Ferrari, trans. (Washington, DC: Air Force History
and Museums Program, (1921) 1998), 10.

9. P.W. Singer, Wired for War (New York: Penguin Press, 2009), 9.

McGuffin and Mitchell 395

capabilities may be influenced by partisan perspectives or the belief that overesti-
mations are required in order to be acknowledged.


The Internet has matured considerably since the first packet-switching networks
of the 1960s.

Standardization of the TCP/IP network interconnection protocol

and the affordability of personal computers in the 1980s initiated a growth that
would expand rapidly with the distribution of commercial Internet service pro-
viders in the late 1980s. In 2000, 5 percent of the world’s population and 31 percent
of North Americans made use of the Internet. By 2012, those numbers were 34
percent and 79 percent.

Today, a sufficiently representational portion of our

cultural exchanges occur over this electronic medium that we think of it as the
artificial environment described in 1980s cyberpunk writing by William Gibson:
‘‘The matrix has its roots in primitive arcade games . . . Cyberspace. A consensual
hallucination experienced daily by billions of legitimate operators, in every


Of course, there are many forms of social exchange, licit and illicit. It is therefore
not surprising that early technophiles wanted to do more than the messaging and
file exchanges permitted by Bulletin Board Services in the 1980s. By the 1990s,
marketing, commerce, sex services, and crime began to thrive. Robert O’Connell
suggests a pattern for the evolution of human social interaction in Ride of the
Second Horseman: The Birth and Death of War. As the population increased in
early Sumerian times, O’Connell describes an environment rich in social interaction
that naturally led to culture, politics, and conflict.

This same evolution can be

observed in the Internet’s history. Today, there appear to be more opportunities for
military activity in this artificial environment than originally envisioned by its cre-
ators within the Advanced Research Projects Agency of the United States
Department of Defense.


After the attacks on Estonia in 2007, Georgia in 2008, Iran in 2009, and Burma
in 2010, the wired nations of the developed world are just beginning to rationalize
the scope and nature of the powers that threaten their sovereignty in the virtual

Notably, the US Cyber Command declared initial operational capability

10. Nate Silver, The Signal and the Noise: Why So Many Predictions Fail—But Some Don’t (Penguin
Press e-pub, 2012), introduction, 24/32.

11. Barry M. Liner et al., ‘‘Brief history of the Internet,’’
what-internet/history-internet/brief-history-internet (accessed 13 January 2013).

12. Internet World Stats, ‘‘World Internet Usage and Population Statistics,’’ 30 June 2012, http:// (accessed 25 January 2013).

13. William Gibson, Neuromancer (Ace Books e-publication, January 2010), 91/720. Gibson first
described cyberspace in Burning Chrome (1982). Fiction author Jack Womack suggested that
these writings shaped the development of the Internet. See the afterword in the 2000 re-issue of

14. Robert O’Connell, Ride of the Second Horseman: The Birth and Death of War (Oxford: Oxford
University Press, 1995), 93.

15. Liner et al., ‘‘Brief history of the Internet.’’
16. Matt Murphy, ‘‘War in the fifth domain,’’ The Economist, 1 July 2010, http://www.econo- (accessed 11 March 2014); Jim Giles, ‘‘Are states unleashing the dogs
of war?’’ NewScientist, 16 December 2010,
are-states-unleashing-the-dogs-of-cyber-war.html (accessed 13 January 2013); NATO Cooperative

396 International Journal 69(3)

in May 2010 and the existence of a Cyber Centre in the People’s Liberation Army
of China was reported in July 2010.

The Canadian response to cyber threats is

articulated in general terms in the 2010 Canada Cyber Security Strategy.

actuality the CAF have been operating in cyberspace for as long as that nomen-
clature has existed. The Defence Wide Area Network (DWAN), classified and
environmental networks, even the issued Blackberry devices, constantly give us
access to what people think of as cyberspace. Given that these established systems
are already maintained and defended by network administrators, what changes are
called for to address military activity to operational practice in cyberspace?

This paper will argue that cyberspace does not possess the characteristics neces-
sary to be categorized as a separate domain. While this new realm introduces new
and distinct methods with which to apply force, it falls short of the full war-fighting
spectrum that can occur in land, sea, air, and space conflicts. Several authors have
taken to describing cyberspace as the fifth domain of operations.

While we agree

that cyber threats must be recognized, studied, and countered, operational practice
and the opportunities for decisive control in cyberspace differ significantly from
those that exist in established domains of operation.

The nature of a domain

The tremendous cost of maintaining professional military forces should compel the
parent nation to be deliberate and discriminating about the capabilities that will be
resourced. Political opponents frequently target decisions to acquire costly equip-
ment for criticism. To substantiate these costly investments, procurement decisions
are often implicitly based on doctrinal employment concepts and government
defence policy. Doctrine—‘‘the fundamental principles by which military forces
guide their actions in support of objectives’’

—is developed for each of the ser-

vices, whether armies, navies, or air forces. These principles serve as an authorita-
tive guide to how the group thinks about fighting in its corresponding environment.
The various environments (land, sea, and air) have become known as ‘‘domains’’ in
military terminology.

Within these domains, military capabilities are applied to

Cyber Defence Centre of Excellence, ‘‘The Tallinn Manual,’’
(accessed 19 December 2012).

17. United States Department of Defense, ‘‘DOD Announces First U.S. Cyber Command and First
U.S. CYBERCOM Commander,’’¼13551
(accessed 28 May 2014); Times of India, ‘‘PLA sets up cyber base, assures it’s not for war,’’ 23 July
security-base (accessed 13 January 2013).

18. Government of Canada, Canada’s Cyber Security Strategy (Ottawa: Her Majesty the Queen in
Right of Canada, 2010), 10.

19. See Murphy,‘‘War in the fifth domain,’’ and William Lynn, ‘‘Defending a new domain,’’ Foreign, September/October 2010,
lynn-iii/defending-a-new-domain (accessed 18 April 2013).

20. NATO, AAP–6(V) NATO Glossary of Terms and Definitions (Brussels: NATO, 2008).
21. Unfortunately, the use of the terms environment, domain, and dimension are not consistent in

Canadian doctrine publications. The United States JP 1–02, Department of Defense Dictionary of

McGuffin and Mitchell 397

observe, move, defend, and strike; the manner in which military objectives are
pursued varies with the environment in which the activity takes place. The domains
are where the activity takes place to create effects and ultimately compel an adver-
sary to comply with the will of the victorious state.

The continental perspective

The original domain of military operation is land, where early people hunted,
gathered, and eventually formed communities. The recorded history of land-
based warfare extends back to Sumerian times when conflict was sufficiently preva-
lent to document early doctrinal concepts: ‘‘The state weak in armaments—The
enemy will not be driven from its gates.’’


The fundamental principles of land operations are prescribed by the nature of
the terrain itself. Sun Tzu wrote: ‘‘The natural formation of the country is the
soldier’s best ally.’’

However, the opposite is also true. Terrain can be a persistent

opponent to land forces even when the enemy is not present. In Military Strategy,
J.C. Wylie explains that terrain is ‘‘the point of departure for the soldier’s concept
of warfare.’’

The land domain comprises geography, weather, indigenous popu-

lation, infrastructure, and the enemy. Canadian doctrine states that land combat is
‘‘characterized by friction, uncertainty, ceaseless change, and violence . . . it is a
fundamentally human endeavour.’’

The proximity of the soldiers to their envir-

onment and the limits of range and endurance result in a perspective on the oper-
ational environment that is different from those operating in other domains. The
natural boundaries created by shores, mountains, and deserts delineate soldiers’
views into theatres, whereas the nature of sea and air compel a much larger view
from sailors and aviators.


Land forces exist to control the threats that may jeopardize security, however
defined. The most obvious expression of control is through combat power, but land
forces are employed in a wide spectrum of activities. This spectrum can be
described as a continuum of operations between peace at the low end and war at
the high end. Defensive operations are used ‘‘to defeat or deter an adversary’s
offensive actions, and to hold ground.’’ Manoeuvre operations are used to gain
an advantageous position and include advancing to the enemy, envelopments, and
obstacle crossings. Delay operations are used to gain time, usually to permit the
completion of a defensive position. Stability operations are meant ‘‘to establish and

Military and Associated Terms (15 December 2012) uses domain in the context proposed in this

22. O’Connell, Ride of the Second Horseman, 98.
23. Sun Tzu and Lionel Giles, The Art of War (Internet Classics Archive: 1994), chapter X, paragraph

24. J.C. Wylie, Military Strategy: A General Theory of Power and Control (New York: Rutgers, 1967),

25. Canada, Department of National Defence, B–GJ–300-001/FP–001, Land Operations (Ottawa:

DND Canada: 2008), 2–17.
26. Wylie, Military Strategy, 49.

398 International Journal 69(3)

maintain the conditions for normal civic activity and responsible government.’’
Land force activities are designed to attack an adversary’s cohesion, or to affect
the will of the adversary and other legitimate targets. Canadian doctrine states that
these operations are executed through three core dynamic functions: ‘‘Find, Fix,
and Strike.’’

Thus, we have a doctrinally based starting point.

The maritime perspective

The second domain of military operation is maritime. The first water craft were
used for harvesting food from, and for transportation on, lakes, rivers, and seas.
There are 8000-year-old Chinese maritime artifacts illustrating the early history of
people using watercraft. The Khufu ship buried at the foot of the Great Pyramid of
Giza is an impressive example of shipbuilding skill from 4500 years ago. The
technology of naval warfare likely evolved from the vessels used for commerce.
In 500 BCE, the Greeks and Persians were using ships to transport troops and
supplies over the Mediterranean Sea. Navy crew began defending their ships and
eventually adopted offensive weapons and procedures. The Vikings were successful
raiders and reached North America by ship 200 years before the Portuguese and
Spanish. Ship propulsion technology progressed from oar to sail to steam to oil,
and today the atom powers the largest military vessels.


An increase in maritime trade led to greater interest in protecting trade routes.

Navies were expanded both in order to defend the sources of prosperity and
because of them. Canadian doctrine lists four roles for the navy: sea control, sea
denial, fleet in being, and maritime power projection.

Naval historian S.W.

Roskill has explained that maritime strategy is not so much ‘‘to establish complete
control of all sea communications . . . as to develop the ability to establish zones of
maritime control wherever and whenever they may be necessary.’’

It is pertinent

to note that these roles are not viewed in isolation. Sea control can be limited in
scope, geography, or time and still achieve the desired freedom of movement.


Wiley adds that maritime theory is both the ‘‘control of the sea, and the exploit-
ation of the control of the sea toward establishment of control on the land.’’


Notwithstanding the relative autonomy of modern war ships, which are able to
sail for months at a time (limited only by food supply in the case of nuclear vessels),
there remains a strong joint element to naval forces. In his examination of sea

27. Canada, Department of National Defence, Land Operations, 749, 793, 419.
28. Geoffrey Till, Seapower—A Guide for the Twenty-First Century (London: Frank Cass, 2004), 9;

Danee Gilmartin, ‘‘Did Pharaohs get seasick? Khufu Boat Museum: Giza, Egypt,’’ 1 March 2010, (accessed 29
January 2013); Colin Gray, The Leverage of Sea Power (New York: The Free Press, 1992), 94.

29. Till, Seapower, 10.
30. Canada, Department of National Defence, Securing Canada’s Ocean Frontiers—Charting the

Course from Leadmark (Ottawa: DND Canada, 2005), 18.
31. S.W. Roskill, History of the Second World War, The War at Sea 1939–1945, vol. 1, The Defensive

(London: HMSO, 1954), 3.
32. Gray, The Leverage of Sea Power, 9.
33. Wylie, Military Strategy, 39.

McGuffin and Mitchell 399

power, Colin Gray has noted that ‘‘Navies fight at sea only for the strategic effect
they can secure ashore, where people live.’’

The blockade may occur on the ocean

but its purpose is to isolate land from a maritime line of communication. Sparta,
for example, was unable to defeat Athens in land warfare due to the resources
Athens accessed through maritime commerce. Athens was defeated only after
Persia supplied Sparta with the resources necessary to build a powerful naval
fleet. Joint requirements similarly drove modern operations in the Second World
War when the re-conquest of Europe and the Pacific islands required the merging
of ships, weapons, communications, and doctrine to permit amphibious operations
against a defending enemy.


Operations on open water are vastly different than those on land. While land
forces seek to maintain contact with the enemy, opposing navies will search,
pursue, and evade until they have opportunity to engage the adversary in advan-
tageous conditions. Historical victories at sea were therefore the result of superior
scouting and concealing one’s intentions and naval power: essentially the basis for
manoeuvre warfare.


Admittedly, operating in littoral waters shares some similarities with continental
warfare. Naval vessels must negotiate the coast and bottom terrain features.


Icebergs and islands can be obstacles to movement and limit radar and visual
observation. Weather will degrade the performance of a ship just as it degrades
land operations. However, unlike land force personnel, the navy moves, lives, and
fights in an environment that can ultimately consume it. The Spanish Armada
sailing against England in 1588 was decimated by an unusually strong North
Atlantic storm off the west coast of Ireland. The US Navy has lost over 40 ships
to storms in its history, 22 of them in the last century.


The aviator’s perspective

The air domain was used for military purposes well before the first controlled
heavier-than-air flight in 1903. The Chinese reportedly made use of small, hot-air
‘‘sky lanterns’’ as military signals in the third century, and balloons were employed
for reconnaissance and artillery spotting by France in 1794 and by both sides in the
American civil war in the 1860s. Aerial capabilities developed rapidly in the First
World War, evolving from strictly reconnaissance platforms to specialized fighter
and bomber aircraft. The pace established in the early twentieth century has con-
tinued since, with new capabilities such as supersonic speeds, precision guided

34. Gray, The Leverage of Sea Power, 1.
35. Wylie, Military Strategy, 41.
36. Wayne Hughes, ‘‘Naval manoeuvre warfare,’’ Naval War College Review 50, no. 3 (summer 1997):

37. Canada, Department of National Defence, Securing Canada’s Ocean Frontiers, 34.
38. See ‘‘The Spanish Armada,’’ (accessed

18 April 2013); and Naval Historical Center, ‘‘U.S. Navy ships lost in selected storm/weather
related incidents,’’ 3 June 2005, (accessed 18
April 2013).

400 International Journal 69(3)

munitions, stealth technology, and unpiloted aerial vehicles (UAVs) appearing with
astonishing swiftness.


In spite of the advances in aircraft technology, several of the principles proposed
by Douhet before the First World War have survived in contemporary air power
doctrine. Concepts like the deep battle and destroying adversary air forces while
they are on the ground remain sound. Likewise, his definition—‘‘command of the
air means to be in a position to prevent the enemy from flying while retaining the
ability to fly oneself’’

—is readily applicable to modern air forces.

Aircraft provide a platform from which to deliver valuable military capabilities,
but they are also finicky. Aircraft are capable of delivering rapid effects such as the
movement of troops, bombs on targets, and imagery of specific sites with little
concern for surface obstacles.

However, flying operations are sensitive to weather

and can be limited by crew fatigue and mechanical wear. The physical platforms
are fragile and depend on infrastructure both to protect them from damage and for
the conduct of frequent maintenance. The versatility of aircraft creates consider-
able demand for support to land and sea forces. Bombers can reach far beyond the
range of artillery guns, and aircraft can rapidly insert regular soldiers and para-
troopers on the battlefield where they can be most effective. Aircraft greatly expand
the range of ship sensors beyond the horizon; they can launch torpedoes at distant
enemy vessels; and they provide a lifeline to shore for high-priority personnel and
equipment movement. This versatility creates a demand that has traditionally
exceeded available capacities. To address the need for prioritization, the CAF
employs the tenet of centralized control and decentralized execution of air power.


Common domain attributes

In each of the three domains, military forces are able to observe, move, strike
targets, defend from threats, and exist. Each of these abilities is affected to some
degree by weather conditions. Military power can be projected from any of the
previous domains to generate effects in the other domains. Land forces employ air
defence systems that deny access to aircraft.

Aircraft can drop bombs on land

39. ‘‘What is Sky Lantern?’’ (accessed 5 February 2013); Civil War
Trust, ‘‘Civil war ballooning,’’
civil-war-ballooning.html (accessed 20 April 2013); Century of Flight, ‘‘Aces of World War
One,’’ (accessed
8 February 2013); David Axe, ‘‘Real U.S. stealth-tech advantage: Its assembly lines,’’ 6 July
2011, (accessed 6 February 2013).

40. Douhet, The Command of the Air, 24.
41. Canada, Department of National Defence, B–GA–400–000/FP–000, Aerospace Doctrine (Ottawa:

DND Canada: 2010), 25.
42. Ibid., 28.
43. In Canada the air defence role is assigned to the artillery branch while other countries like

Germany have assigned the role to the air force. However, hand-held ground-to-air missiles
known as Man Portable Air Defense Systems (MANPADS) like the US-made Stinger and
Russian SA series are available to land forces in over 100 countries. See Australia, Department
of Foreign Affairs and Trade, ‘‘MANPADS Countering the Terrorist Threat,’’ Commonwealth of

McGuffin and Mitchell 401

targets or anti-submarine torpedoes in the water. Navy destroyers can reach land
targets with their guns and some nuclear submarines carry inter-continental bal-
listic missiles (ICBMs). The littorals and seaways are where ships are vulnerable to
land-based defences.

Land forces have the ability to strike maritime targets using

direct and indirect fire from guns and artillery, as evidenced by the military forts
that pepper the Great Lakes in North America.

The land, sea, and air domains each possess a dimensional quality. The funda-
mental objective of the elemental forces is to control portions of those domains.
Army elements may measure progress in kilometres, defend a frontage of specific
width, and compare the effective ranges of their weapons. Range and distance are
critical factors for both aviation and maritime forces. The freedom of movement
and freedom of action that come from the control of land, maritime, and air traffic
are what permit one force to dominate another. As such, the exercise or imposition
of sovereign control is also closely related to these dimensional attributes.

Comparing matter and space

The examination of space provides a yardstick with which to compare the criteria
distilled from the first three domains. Space is classified as a separate domain of
military operation by Canada, NATO, and the US, and has been supported by a
distinct military command in the US military since 1982.

As with the other three

domains, there are unique physical characteristics associated with space operations.
Foremost are the particularities associated with orbital mechanics. Satellites travel
at speeds and altitudes that are orders of magnitude beyond those of atmospheric
craft. Global positioning satellites, for example, travel 11,000 kilometres per hour
at an altitude of 20,000 kilometres.

Boeing’s 737, the most common passenger

airliner, flies at a comparatively slow 800 kilometres per hour and 10–12 kilometres
in altitude. Satellites are not flown or controlled like airplanes.

Orbits are fixed by

the final trajectory of the launch delivery system and only minor changes can be
made to correct attitude and rotation speed. The amount of fuel that powers the
thrusters for attitude control is a critical factor in the service life of the satellite.
When there is no means of correcting a satellite’s attitude, it will eventually degrade
due to a variety of physical forces. These positional changes affect communications
controlling the satellite, since antennas cannot be oriented toward their ground

Australia, June 2008,
pdf (accessed 19 April 2013).

44. Peter Dutton, Robert S. Ross, and Oystein Tunsjo, Twenty-First Century Seapower (New York:
Routledge, 2012), 21.

45. Robert Kehler, ‘‘Shaping the joint fight in air, space and cyberspace,’’ Joint Force Quarterly 49,

quarter 2008): 33.

46. ‘‘Everything you ever wanted to know about GPS,’’ 23 March 2010,
2010/03/23/everything-you-ever-wanted-to-know-about-gps/ (accessed 11 March 2014).

47. Max Kingsley-Jones, ‘‘6,000 and counting for Boeing’s popular little twinjet,’’, 22
April 2009,
popular-little-twinjet-325472/ (accessed 9 February 2013).

402 International Journal 69(3)

stations. The remoteness of objects in orbit makes them costly to refuel and they
normally become space debris in the course of their lifecycle.

The argument favouring the integration of space operations into the domain of
air power provides an alternate view of the space domain. While their extreme
elevation is beneficial for political and technical reasons, the capabilities delivered
by satellites can be compared with those delivered by assets operating in earth’s
atmosphere. The command and control, monitoring, and management of these
assets are similar to long-range and high-endurance UAVs, like the Global
Hawk, which are occupying a greater role in some fixed-wing fleets.

The dimensional and atmospheric qualities of space also create some notable
differences. National sovereignty does not extend to space in the same way as on
land, water, and air. Above 100 kilometres—the lowest altitude that can accom-
modate an earth satellite—international treaties do not recognize national owner-

The 1967 Space Treaty makes clear that assets in space are owned by the

nation of origin but space and celestial bodies cannot be claimed by states. The
weak signals used to communicate between satellites and their ground stations are
subject to atmospheric attenuation, which is further degraded by rain, snow, and
dust. Atmospheric attenuation applies only to objects in low earth orbit, but solar
wind and flares can affect all satellites.


The dimensional aspects of objects in orbit also change the notion of control in
space. In Counterspace Operations for Information Dominance, James Lee suggests
that it is unnecessary to control space by destroying satellites. The lasting impact of
space debris makes the physical destruction of adversary satellites problematic.
Conventional jamming, destruction of, or interference with satellite ground sta-
tions can deny an adversary the benefit of satellite imagery and communications
that are valued by the military. By targeting the information flow to and from
satellites, space control can be achieved indirectly.



Canadian, NATO, and US doctrine provide a sound basis from which to draw key
attributes for defining a domain. By comparing the land, sea, air, and space domains
we can also conclude that domains possess a dimensional quality that can define an
area of operation but is not necessarily bound by the historical concept of sovereign
territory. From each of the domains examined, it is possible to project influence into

48. Several equatorial countries claimed the space above their borders in 1976 through the Bogota
Declaration, but their claims have not been acknowledged. Thomas Gangale authored an explan-
ation of why terrestrial land claims principles should not apply to orbital mechanics. See Thomas
Gangale, ‘‘National sovereignty over the geostationary orbit,’’ Out of the Blue and into the Black, (accessed 28
May 2014).

49. Peter J. Brown, ‘‘Solar weather effects on satellites,’’
talk/solar-weather.asp (accessed 28 May 2014).

50. James G. Lee, ‘‘Counterspace operations for information dominance,’’ MA research paper, School
of Advanced Airpower Studies, Air University, Maxwell AFB, AL, 1996.

McGuffin and Mitchell 403

the other domains. The physical environment of each domain directly shapes the
conduct of activity therein. The ability to direct activity, observe, move, strike,
defend, and preserve those abilities is key to the projection of military force and
influence that results in direct control of activities taking place within them.

The nature of cyberspace

While cyberspace possesses many of the characteristics necessary to qualify as a
domain of military operations, it lacks permanence and habitability. Cyberspace is
not easily defined by physical operational boundaries and is influenced by multiple
actors, most of them non-governmental. This creates a high potential for interfer-
ence. These characteristics imply the need for centralized control and centralized
execution of cyber operations. This section will argue that the aforementioned
deficiencies make it inappropriate to compare cyberspace with the four established
domains. In many ways, cyberspace has more in common with special operations
than an environmental domain.

Land, sea, and air power theories are derived from our occupation of the cor-
responding environment and how its characteristics influence the way we project
force. The army, navy, and air force all train specialists in the tactics and oper-
ations of those domains. Notwithstanding the years of study required to develop
that domain-centric proficiency, soldiers, sailors, and aviators can draw parallels
and understand the other’s domain using joint language.

Even space, defined by

vacuum, gravity, and orbits can be described in plain terms to a non-specialist.
Space can become as accessible to military operations as the atmosphere is today.
This is not the case with cyberspace.

Contemporary military doctrine is struggling with the form and function of
cyberspace. Vincent Manzo, a research analyst at the National Defense
University, agrees that it is misleading to treat cyberspace as an independent
domain when its effects are better categorized as a ‘‘cross-domain enabler.’’


This struggle is consistent with previous attempts to qualify non-physical force
projection in common terms. Despite the ubiquity of cyberspace through private,
corporate, and government activity, non-specialists fail to understand it. As
Michael Hayden, former director of the US National Security Agency, has
noted: ‘‘rarely has something been so important and so talked about with less
clarity and less apparent understanding than this phenomenon.’’

This new

realm has expanded and continues to grow faster than our ability to grasp the
military implications.

51. Refer to Canadian Forces Joint Publication A1: Department of National Defence, A–AE–025–
000/FP–000, Joint Doctrine Development Manual (Ottawa: DND, May 2008), forward; and Till,
Seapower—A Guide, 33.

52. Vincent Manzo, ‘‘Deterrence and escalation in cross-domain operations: Where do space and
cyberspace fit?’’ JFQ 66 (3

quarter 2012): 9.

53. Quoted in Thomas Rid, ‘‘Cyber war will not take place,’’ Journal of Strategic Studies 35, no.1
(2012): 9.

404 International Journal 69(3)

Fundamentally, it is the malleability of cyberspace and our inability to occupy it
that set it apart from the established domains. Cyberspace can be exploited for
military purposes and may prove to be decisive in future conflicts. However, that
possibility does not provide the seed from which to grow a cyberspace force akin to
the Royal Canadian Air Force. While land, sea, and air can be called doctrinal
siblings and space is (for now) a cousin, cyberspace is not in the same family.

What is cyberspace?

Cyberspace comprises all existing computer networks and all the devices connected
to those networks.

This scope is much larger than the Internet. The Internet,

rather, is a vast network of commercial, educational, government, and private
computer networks all linked and able to exchange data using a common set of
communication protocols. Connectivity is a criterion for inclusion for the Internet,
so a regular mobile telephone, an MP3 player, and GPS receiver are excluded.
Cyberspace, however, includes the three previous devices just as it includes all
network enclaves and isolated devices so long as they contain a data processing

Engineers use a variety of models to simplify the complex relationships between
hardware, software, and human users. The various elements in these models are
typically broken up into ‘‘layers.’’ The key to understanding activity in cyberspace
is to recognize that, whatever model is used, each layer offers intentional or unin-
tentional opportunities for access into the environment.


The terrain of cyberspace is defined by each of the layers that make up an IT
system. The hardware can be compared with continental geography. The latter is
permanent and immobile: shaped into mountains, swamps, rivers, and highways at
the time it was manufactured. The firmware provides the first layer of program-
ming and data for the hardware. It may remain unaltered for the life of the device if
it is recorded on permanent memory. If it is recorded on Electronically
Programmable Read Only Memory (EPROM) or flash memory, it can be upgraded
or altered in a process sometimes referred to as ‘‘jailbreaking.’’

This malleability

is the first characteristic that truly separates cyberspace from the other domains.
‘‘Cyber-geography’’ can be altered in subtle ways. The pressure for IT compa-

nies to deliver products with a vast array of features in order to remain competitive

54. Richard Clarke, William Barnes, and Robert Knake, Cyber War: The Next Threat to National
Security and What to Do about It (Harper Collins e-books, 2010), 148/571.

55. The OSI model separates an information system into seven layers, each of which can be vulnerable
to attacks that influence the availability, integrity, or confidentiality of the data or service: phys-
ical, data link, network, transport, session, presentation, and application. With reference to the
Internet, the Transmission Control Protocol and Internet Protocol (TCP/IP) model describes four
layers: link, Internet, transport, and application. See Bradley Mitchell, ‘‘OSI Model—Open
Systems Interconnection Model’’; and H. Zimmerman, ‘‘OSI Reference Model—The ISO model
of architecture for open systems interconnection,’’ IEEE Transactions on Communications 28
(1980): 425–432.

56. Apple iPhone School, ‘‘What is Jailbreaking?’’, http://www. (accessed 7 April 2013).

McGuffin and Mitchell 405

drives a continuous cycle of innovation. Many of these features are made possible
by the computational speed of central processing units and special purpose inte-
grated circuits. In a process known as ‘‘vertical specialization,’’

the outsourcing

of production from brand name firms to secondary manufacturers also accelerates
the cycle between product design, engineering, manufacturing, and delivery to
market. This product delivery model creates an opportunity for the manufacturer
to add features to the integrated circuits or the firmware that would be known only
to it; the complexity of the assemblies is such that new features are likely to remain
undetected. The result is that any level of outsourcing creates opportunities for an
adversary to take advantage of these ‘‘cyber terrain features.’’ The US House of
Representatives’ intelligence committee has stated publicly that products from
Huawei and ZTE, large Chinese technology firms, are cyber security threats to
national telecommunications infrastructure. Other Chinese companies that assem-
ble computers and load software have been accused of adding malware and coun-
terfeit operating systems with security vulnerabilities.


The subsequent layers of the IT systems are as malleable as they are porous to
intrusion, and those entry points come from many sources. Operating systems,
software applications, and the user interface can all contain thousands of lines of
programming code. Frequently, they are created to achieve the objectives of the
program before there are any thoughts of security. Even when security is a delib-
erate consideration at the designing and programming stages of application devel-
opment, vulnerabilities are common. When first revealed, these weaknesses are
called zero-day exploits, a reference to the time the manufacturer has had to correct
the vulnerability.

There was also a cultural shift in programming from the 1980s

to the 1990s. As the cost of computer memory dropped, there was less pressure on
programmers to be efficient and elegant with their code. The popularity of Object
Oriented Programming in the 1990s established large libraries of modular
code from which programmers could draw to accomplish common tasks.
Programmers can integrate these modules for interpreting mouse movements,

57. Boy Lüthje, ‘‘IT and the changing social division of labor: The case of electronics contract man-
ufacturing,’’ draft paper for Conference on Transforming Enterprise, Washington, DC, 27–28
January 2003, 5. See also Cyber Media, ‘‘From the labs: Information technology,’’ http:// (accessed 2 April 2013); and Keshav Murgesh,
‘‘Innovation to drive growth in IT,’’ Business Standard, 15 February 2013, (accessed
6 April 2013).

58. Charles Arthur, ‘‘China’s Huawei and ZTE pose national security threat, says US committee,’’
Guardian, 8 October 2012,
security-threat, (accessed 7 April 2013); Associated Press, ‘‘Malware infecting PCs on production
line, Microsoft says,’’, 13 September 2012,
09/13/tech-ap-malware-microsoft.html (accessed 12 March 2014). See also Sally Adee, ‘‘The hunt
for the kill switch,’’ IEEE Spectrum, 1 May 2008,
the-hunt-for-the-kill-switch (accessed 29 August 2013).

59. Larry Dignan, ‘‘Why is security usually an afterthought?’’ ZDNet, 8 February 2008, http:// (accessed 7 April
2013); ‘‘Zero-day exploit,’’ SearchSecurity,
day-exploit (accessed 2 April 2013).

406 International Journal 69(3)

manipulating data, or creating graphics without ever seeing the way those lines
were coded. The now common practice of introducing new versions of popular
software that remain compatible with previous versions also invites the retention of
vulnerabilities that an adversary can exploit, such as the case with Java.


Programming practices are not the only source of porosity. Vulnerabilities can
stem either from the way the system was designed or the way it is employed by the
end user or administrator. The analogy of automobile security provides a useful
reference. Modern locks and electronic theft deterrents are intended to enhance
security, yet cars can still be stolen if the vehicle operator leaves the doors
unlocked. Similarly, factory settings for devices like routers, when left unchanged
by users, amount to unlocked doors for adversaries to exploit.


Comparing cyberspace and real space

There are many rational explanations for the current popular acceptance of cyber-
space as a domain. The growth of this artificial environment over the past 15 years
has delivered new ways of communicating, conducting business, and projecting
influence. Clearly, an environment that permits the exchange of services, currency,
and ideas can be compared with the physical world. Cyberspace can, in some
circumstances, be used to compel behaviour and create tangible physical effects.


Supporters of the cyber domain will argue that an environment that supports
criminal activity and police work can also be used for military purposes.


The US military endorsed the addition of cyberspace as the fifth domain with
the announcement of a US Cyber Command in 2009. Its mission statement spe-
cifies the conduct of ‘‘full spectrum military cyberspace operations.’’

We suggest

that a structure of tactical means, operational organization, and strategic policy is
required to effect control in any domain. The creation of a new command may

60. Oregon State University, ‘‘Thinking object oriented,’’�budd/
Books/oopintro2e/info/chap01.pdf. (accessed 2 April 2013); Luca Cardelli, ‘‘Bad engineering
properties of object-oriented languages,’’ Digital Equipment Corporation, Systems Research
Center, (accessed 2 April 2013); Jeong
Wook (Matt) Oh, ‘‘Recent Java exploitation trends and malware,’’ n.d., 2012, https://media.
Malware_WP.pdf (accessed 2 April 2013).

61. H.D. Moore, ‘‘Whitepaper: Security flaws in universal plug and play: Unplug, don’t play,’’
Security Street, 29 January 2013, (accessed 2
April 2013).

62. Russell F. Mathers, ‘‘Cyberspace coercion in phase 0/1: How to deter armed conflict,’’ research
paper, US Naval War College, 2007, (accessed
3 April 2013).

63. David S. Wall, ‘‘Policing cybercrimes,’’ revised version of Wall, ‘‘Policing cybercrimes: Situating
the public police in networks of security within cyberspace,’’ Police Practice & Research: An
International Journal 8, no. 2 (2007): 183–205,
2011/03/David-Wall-Policing-CyberCrimes.pdf (accessed 3 April 2013).

64. U.S. Cyber Command factsheet, (accessed
7 January 2014).

McGuffin and Mitchell 407

eventually lead to the required understanding in those areas if international policies
can mature with technological advancements.

Much information can be gathered from network accessible storage once a
computer network has been penetrated through techniques like Trojans and key
logging malware. In their book Cyber War, Richard Clarke et al. describe cyber
threats that have the potential to deliver physical effects. Experiments have demon-
strated that the electrical grid, power generators, and the control systems for
hydroelectric dams can, under certain conditions, be compromised by malware.


In terms of defence, the protection of data, network integrity, and availability
remains a full-time effort for network administrators and information technology
security staff. There is a complex ecosystem of viruses and malware circulating and
interacting in cyberspace.

Most of the threats are variants of a few hundred

distinct viruses, none of which are openly known to originally have been launched
for military purposes. Once a piece of code has been released into the wild it can be
recycled and repurposed by other actors. Malware can be ‘‘weaponized’’ for mili-
tary use as demonstrated by Stuxnet, which exploited a vulnerability originally
targeted by the Conflicker worm.

Command can be enabled by cyberspace just

as it is enabled by the electromagnetic spectrum upon which radios depend.
Command can also be crippled by a cyber-attack that disables radars, networks,
or databases, but the effect can be directed to the land, sea, air, and space domains
just as much as the cyber domain.

Key differences

The key differences between cyberspace and the other domains are technical, pro-
cedural, and physical. The fundamental technical difference is that cyberspace is a
human creation that can be altered, creating considerable volatility in what we have
described as cyber-geography. In cyberspace this volatility presents opportunities
for the sides with the technical ability to identify vulnerabilities and reprogram the
environment in which they wish to operate.

An advancing army with this power

could flatten hills, create open lanes, turn night into day, and neutralize enemy
weapons. Although it is possible to alter the physical environments in the conduct
of war, laying minefields, destroying bridges, and establishing air defence barriers
take time and are frequently limited by geography, weather, politics, and the desire
to minimize post-conflict reconstruction.

65. Clarke et al., Cyber War, chapter 3/59.
66. Ed Bott, ‘‘The malware numbers game: How many viruses are out there?,’’ ZDNet, 15 April 2012,
4783 (accessed 5 April 2013).

67. Stuxnet has been described as a sophisticated cyber-weapon and we do not intend to trivialize the
effort or accomplishment of the designers. Simply, it is pertinent to note that existing malware was
leveraged to create Stuxnet. See Aleksandr Matrosov et al., Stuxnet under the Microscope Rev 1.31
(ESET 2011), 34.

68. Martin C. Libicki, Cyberdeterrence and Cyberwar (Santa Monica, CA: Rand Corporation, 2009),

408 International Journal 69(3)

Procedural differences result from the technical distinctions between cyberspace
and the physical domains. The volatility of cyberspace suggests that security vul-
nerabilities can be corrected or countered

as soon as they are recognized. This

places a premium value on the zero-day vulnerabilities that are identified. Since an
exploit is unlikely to compromise an adversary network the same way twice,


malware produced with that aim may be controlled at very high levels in a military
hierarchy. However, a large portion of cyberspace is governed by civilian infra-
structure and software. The Border Gateway Protocol, Domain Naming Service,
and Secure Sockets Layer have held known vulnerabilities for several years.


System administrators can alter network security settings to considerable effect,
but short of removing commercial software, some vulnerabilities will remain until
they are addressed by the software manufacturer. Cyberspace’s volatility also
means that vulnerabilities can be eliminated at any time, rendering a cyber-
weapon useless. This unknown ‘‘best-before’’ and ‘‘bad-after’’ expiry date may
result in a greater inclination for commanders to launch the malware. If there is
concern that subordinate commanders will launch cyber-weapons prematurely,
control over them will be retained at the highest levels.

The potential for conflicting cyber activities also suggests that a high level of
control will be necessary. If a subordinate commander’s cyber soldiers were con-
ducting an operation to benefit their mission, the act could alert the adversary that
their network has been compromised.

This might derail higher-priority cyber

operations planned to occur at a later time. Therefore, coordination of and author-
ity for cyber operations are likely to remain at a very high level.

Furthermore, it may be impossible to establish the full control over cyberspace
that can be practised in physical domains. The only physical control that can be
exercised over cyberspace is to create enclaves by severing the links to external
networks. Moreover, Stuxnet demonstrated that ‘‘air-gapped’’ networks remain


Finally, people cannot enter or occupy cyberspace. In his examination of mari-
time and air power, Wylie explains that naval guns and aerial bombs, while

69. An organization may not have the ability to eliminate a security vulnerability, but its awareness of
that vulnerability enables different forms of mitigating action. For example, deliberate traffic
screening, router port controls, staff procedures, and data segregation can all be applied to counter
some forms of network infiltration.

70. Libicki, Cyberdeterrence and Cyberwar, 20.
71. Richard Bejtlich, ‘‘Review of Cyberdeterence and Cyberwar,’’, 25 November 2009, (accessed 6 April 2013).
72. Ralph Langer has discussed the two different attack vectors associated with Stuxnet, noting that

the first was meant to confuse the Iranian engineers working on Natanz centrifuges, whereas the
second was intended to send a deliberate message to them that they were under cyber assault.
Langer suggests that this explains why the first attack remained undetected, while the second was
quickly revealed. Ralph Langer, To Kill a Centrifuge: A Technical Analysis of What Stuxnet’s
Creators Attempted to Achieve, 16 November 2013,
uploads/2013/11/To-kill-a-centrifuge.pdf (accessed 31 January 2014). Thomas Rid has made simi-
lar observations regarding the possibilities influencing attribution in cyber-attacks. Thomas Rid,
Cyber War Will Not Take Place (Oxford: Oxford University Press, 2013), 158–159.

73. Matrosov et al., Stuxnet under the Microscope, 43.

McGuffin and Mitchell 409

formidable, are incapable of winning a war in isolation.

Douhet’s theory that air
power was the ultimate means for military victory was proven wrong in the Second
World War, when the massively destructive bombing campaigns failed to subdue
either Axis or Allied nations. In order to achieve victory, military force must be in
direct contact with the adversary and its population (through soldiers on the
ground). Cyber warriors may be highly skilled technicians, programmers, or engin-
eers, but they will fight from a keyboard physically removed from the battle space.
Cyber operations will certainly be key enablers to each of the domains, but cyber-
space does not need the status of a domain to achieve that effect.


While the doctrinal functions described earlier in this article can be helpful in
categorizing cyber activities, other terms have no meaning in cyberspace.


Tactical terms used in continental warfare such as vital ground and in-contact are
not consistent with an environment where bits and bytes are proxies for warriors.
Unless designed to erase itself, malware cannot be recalled by the nation that
launches it, so a withdrawal is just as impossible as an occupation is meaningless.
Air superiority does not translate to an environment where friendly and adversary
activities can occur simultaneously and without attribution.

The blockade, a key

form of sea control, cannot occur without a network being isolated.

The traditional domains of warfare evolved as technological innovations intro-
duced new ways for people and nations to exert physical force against each other.
The different environmental influences in the physical domains have compelled
dissimilarities in the manner in which land, sea, air, and space power is applied
to achieve military effects. However, there are also consistencies in the doctrine that
apply to each domain. Each of the domains possesses a dimensional quality that
military forces seek to control. The nature of that control can be limited in scope or
duration, but the common purpose is to establish freedom of action for friendly
forces and deny the same to the adversary. Military operations in any of the estab-
lished domains can create effects in the other domains.

Cyberspace is fundamentally different from land, sea, air, and space. The IT
sandwich made of hardware, firmware, and software layers creates a complex arti-
ficial environment that few people truly understand. First, this virtual space is
impermanent. System administrators are regularly updating software, adding

74. Wylie, Military Strategy, 41.
75. For how metaphors complicate the understanding of cyber security, see David Betz and Tim

Stevens, ‘‘Analogical reasoning and cyber security,’’ Security Dialogue 44, no. 2 (2013): 149.
76. Some authors have ranked certain nations based on their perceived cyber capability. However,

cyber war is not like an aerial dogfight. There is no evidence that a superior ‘‘cyber war strength’’
will translate into superiority in conflict. See Clarke et al., Cyber War, 300/571. Furthermore, as
Rid has noted, ‘‘History does not know of acts of war without eventual attribution.’’ Rid, Cyber
War Will not Take Place, 2.

77. Martin C. Libicki, ‘‘Cyberspace is not a warfighting domain,’’ I/S: A Journal of Law and Policy for
the Information Society 8, no. 2 (fall 2012): 333.

410 International Journal 69(3)

hardware, and changing settings with corresponding effects to the space. The com-
plexity of each layer, market-driven prioritization of feature delivery over security,
and sourcing from dubious manufacturers create vulnerabilities that adversaries
can use to their advantage. The cyber terrain is also subject to the influence of
commercial software and hardware providers.

The impermanence of cyberspace compels a centralized control and execution
structure that is unlike the physical domains. Vulnerabilities require a high level of
skill to identify and may be useful for only one attack. Those that can be used in
zero-day exploits have an unknown useless-after date. Also, the possibility of inter-
ference between different actors (allied or otherwise) suggests that a central control
and execution command structure is required for operations in cyberspace.

Cyber war is an extension of the theories that evolved from information warfare,
command and control warfare, and network-centric warfare, concepts with which
militaries have struggled since their introduction.

While there is agreement that

force and influence can be projected through cyberspace, the examples thus far
have not been considered armed attacks. Even the kinetic effects resulting from
Stuxnet were not described as an armed attack by the targeted state. The ephemeral
nature of electronic signatures from cyber-attacks creates an attribution problem
that shares more commonality with special operations than the projection of force
in the physical domains. This conclusion suggests the employment of cyber cap-
abilities in a supporting role to enable war fighting on land, on sea, in air, and in
space. There is insufficient doctrinal commonality between physical domains and
cyberspace for it to warrant the status of a domain. Rid has argued that the
adoption of cyberspace as a war-fighting domain has more to do with marketing
and resourcing than the conduct of military activities. The senior officers are accus-
tomed to operational activities from their experiences in the four physical domains.
Therefore, they have a natural tendency to describe cyberspace in similar terms
when creating policy and lobbying for resources to generate the desired capabil-

In 1995, Libicki compared discussions of cyber warfare with a Victorian-era

discussion of air-to-air combat.

It follows that doctrinal maturity of cyber war-
fare may not be realized until the cyber equivalent of two great wars has passed.


We would like to acknowledge the Centre for Operational Research and Analysis
of Defence Research and Development Canada for their generous assistance in
funding research into cyber warfare at the Canadian Forces College.

78. Martin C. Libicki, ‘‘The specter of non-obvious warfare,’’ Strategic Studies Quarterly, 6, no. 3 (fall
2012): 90; Martin C. Libicki, What is Information Warfare? (Washington, DC: National Defense
University Press, October 1995), 1–6.

79. Rid, Cyberwar Will Not Take Place, 165.
80. Libicki, What Is Information Warfare? 75.

McGuffin and Mitchell 411

Author Biographies

LCol. Chris McGuffin is the commander of 76 Communications Group in the
Canadian Armed Forces.

Dr. Paul T. Mitchell is the deputy chair of the Department of Military Plans and
Operations at the Canadian Forces College (Toronto, Ontario). The opinions
expressed here are those of the authors alone. They do not represent those of the
Canadian Forces College or the Department of National Defence.

412 International Journal 69(3)

Reproduced with permission of the copyright owner. Further reproduction prohibited without

A Model for Measuring Perceived Cyberpower

Joey Jansen van Vuuren1,2 and Louise Leenen1
1Defence Peace Safety and Security: CSIR, Pretoria, South Africa
2University of Venda, Thohoyandou, South Africa
[email protected]
[email protected]

Abstract: Cyber Defence is a core driver in the attainment of national security for any country. Perceived Cyberpower can be
determined by the analysis of the elements of cyberspace as part of national security. In this paper the Perceived
Cyberpower formula that formed part of the national security determinants and formula for Perceived National Power (PNP)
(Jansen van Vuuren, Leenen, Plint, Zaaiman, & Phahlamohlaka, 2017) will be used determine the level of cyberpower of a
country. Cyberpower is a multifaceted phenomenon: it consists of both physical attributes (as represented by diplomacy,
information, military and economics) as well as the cognitive levels of abstraction that are included in the strategic purpose
or intangible part of the Perceived Cyberpower formula. Cyberpower comprises both physical attributes and an abstraction
or synergy of all these attributes and thus cyberpower is best understood as a way of achieving national power, rather than
simply a means or attribute of national power. It is important to understand how these elements of cyber power interrelate
because that also influences the measurement of cyberpower. This paper presents a new methodology to create a model
for the measurement of cyberpower. This new methodology is based on Saaty’s Analytical Network Process (ANP), Zwicky’s
General Morphological Analysis (GMA) (Ritchey, 1998) and the Perceived Cyberpower formula (Jansen van Vuuren et al.,
2017). Due to the absence of accurate values or comparable values, the judgements of knowledgeable experts can be used
to rank the cyberpower of different countries. This paper shows how to measure cyberpower that represents the cyber
environment of a country using the Perceived Cyberpower formula (Jansen van Vuuren et al., 2017).

Keywords: cyber power, national security, cyber defence, national power, analytic network process

1. Introduction
Cyberpower, as defined by Langer, is a society’s organized capability to leverage digital technology for
surveillance, exploitation, subversion and coercion in international conflict (Langer, 2016). Cyber however is a
multifaceted phenomenon with three distinct layers, physical, informational and cognitive (Jansen van Vuuren
et al., 2017). In this paper, cyberpower includes the military as an attribute because in the context of national
security context cyberspace is used for the attainment of national power. Although cyber is part of the
information space, it is also part of all the other domains; Land, Air Sea and Space (Raymond, 2010) . Cyberpower
is not an independent domain but rather layers of abstraction that touches all aspects of national power and
human existence. Using social and other media cyber can also be used to influence people and change their will.

The only index for cyberpower is the Cyber Power Index developed by Booz Allen Hamilton that focuses on
policy, and organizational and technical aspects of cybersecurity (Booz Allan Hamilton, 2011). The goal of the
Booz Allen Hamilton Cyber Power Index is to provide a benchmark of the ability of the G20 countries to withstand
cyberattacks and to deploy the digital infrastructure needed for a productive and secure economy,. However,
there is no reference to military power.

Several Indexes for Cybersecurity were developed over the years. The indices for countries include
(International Telecommunications Union (ITU), 2017):

The Cyber Maturity in the Asia –Pacific Region developed by Australian Strategy Policy Institute;

The National Cybersecurity Index developed by the Estonian e-Governance Academy;

The Global Cybersecurity Index developed by ITU;

The Kaspersky Cybersecurity Index;

The Asia –Pacific Cybersecurity Dashboard developed by BSA;

The Cyber Readiness Index developed by Potomac Institute for Policy Studies (which includes military
capabilities); and

The Cyber Green Index that focuses mostly on technical threats.

As indicated earlier, the only cyberpower index currently available is that of Booz Allen and Hamilton (Booz Allan
Hamilton, 2011). The Booz Allen Hamilton Cyber Power Index relies on experts from the economic intelligence


Joey Jansen van Vuuren and Louise Leenen

unit as analysts to identify categories and indicators. The Index uses the four categories: Legal and Regulatory
Framework, Economic and Social Context, Technology Infrastructure and Industry Application. Each category
has several indicators and sub indicators. Data was obtained from quantitative indicators of national and
international statistics and where data was not available, estimates were made. Indicators were rated on a scale
of 0 to 4 (there were some exceptions). However, real values were used when available. The experts recorded
their input on the relative value of each category and indicator. The weighting assigned to each category in these
indicators can be changed to reflect different assumptions about their relative importance, but the default
weightings were set to the experts defined weightings. Indicators for which a higher value means a more
favourable cyber power environment, have been normalised. These normalised values are transformed from a
0-1 value to a 0-100 score. The overall Cyber Power Index is calculated from a simple average of the category
and indicator scores. The problem with the Cyber Power Index is that the interrelations between the categories
could not be modelled in such a hierarchical process. In addition, the military contribution is not taken into

An analytical method for dealing with a complex multi-criteria decision making problem is required to derive a
model to measure cyberpower. The first choice was to use Saarty’s Analytic Hierarchy Process (AHP) (T. L. Saaty,
1999). The AHP is a well-known multi-crieria decision making tool (Ravi, Shankar, & Tiwari, 2005) that structures
a problem into a hierarchy with a goal, decision criteria and alternatives. However, AHP considers all elements
in the hierarchy to be independent of all the others; it does not consider interrelationships and feedback
between elements in a model. This shortcoming may result in misleading decision making (Piantanakulchai,

The Analytic Network Process (ANP), introduced by Saaty in 2004 as a generalization of the AHP, is a multicriteria
measurement tool used to drive relative priority scales of absolute numbers from individual judgments (or from
actual measurements normalized to a relative form) (T. L. Saaty, 2004). The ANP structures a problem as a
network instead of a hierarchy, and it can capture the interdependencies between the criteria under
consideration, hence allowing for a more systemic analysis. The ANP allows the inclusion of criteria, both
tangible and intangible (difficult to quantify), which has some bearing on making the best decision. A pairwise
comparison process is used to determine the relative influence of one of two elements over themselves as well
as on a third element in the system, with respect to an underlying control criterion. The ANP synthesizes the
outcome of dependence and feedback within and between clusters of elements with a supermatrix of which the
entries are themselves matrices of column priorities. This tool overcomes the limitation of linear hierarchical
structures and their mathematical consequences (T. L. Saaty, 2004). When factors have some level of
interdependency among them, ANP modeling is a better fit because it includes modelling interrelationships.
(Ravi et al., 2005).

The ANP relies mostly on judgements of experts when comparisons of elements are made and when the
influences of elements on each other have to be determined. To support this phase of the ANP we use General
Morphological analysis (GMA) (Ritchey, 1998). GMA is a well-known problem structuring technique aimed at
solving complex problems. This form of non-quantified modelling relies on the judgmental processes of subject
matter experts. GMA uses facilitated workshops (pre-workshop and workshop) with the group of subject matter
(domain) experts that are able to address the specific problem complex. One of the principles of GMA is to
identify the relationships and given uncertainties inherent in such multi-dimensional problem spaces and
present this in a structured, reduced format, called a morphological field. The authors modified GMA slightly
and used Modified GMA in this paper (Jansen van Vuuren et al., 2017).

2. Modelling measurement of cyber power

2.1 Analytic Network Process (ANP)

The ANP consists of two parts. The first part is to decide on the control hierarchy or network of criteria and sub-
criteria that controls the interactions. The second part is to construct a network of influences among the
elements and clusters. The pairwise judgments evaluate the relative influence of one of two elements over a
third element in the system using the pairwise comparison process. The more dominant of the two elements
influencing the third element is determined with respect to a specific criterion. This criterion used to make all
comparisons, represents the impact and is also known as the control criteria. When an element has no influence
on another element, its influence priority is assigned (not derived) as zero. The network normally varies from


Joey Jansen van Vuuren and Louise Leenen

criterion to criterion. A priority vector is derived from the paired comparisons results in a priority vector to form
a column in the supermatrix. For each of the control criteria, a different supermatrix of limiting influence is
created, where components are compared according to their relative importance. Decisions are made after
each one of these supermatrices are weighted by the priority of its control criterion and the results are
synthesized through the addition for all the control criteria. This weighted supermatrix or stochastic matrix thus
includes comparison of clusters according to their impact on each other with respect to the general control
criteria (T. L. Saaty, 2004).

Modelling a problem with the ANP can be described in the following steps.

Step 1: Problem formulation (Piantanakulchai, 2005):

Modelling of the problem as a network

Describe the problem statement and identify the elements. The elements are the entities that interact with
each other in the system and include the criteria, sub-criteria, and alternatives. The decision makers and
stakeholders can also be elements.

Group the elements into clusters. A cluster is a group of elements with a common characteristic. Note that
in a complex system with a large number of elements, it may not be viable to compare all the elements with
each other. Elements that share characteristics can be grouped in a cluster.

Construct the network.

Analyze the influences in the network. Determine the clusters that influence the elements in a selected
cluster. The dependencies are either relations or feedback between elements.

Step 2: Structure the Influence matrix (da Silveira Guimarães & Salomon, 2015):

Construct an influence matrix (supermatrix without weights), which lists all the elements arranged in their
clusters by laying out the clusters in the order they are numbered and all the elements in each cluster both
vertically on the left and horizontally at the top.

Step 3: Do pairwise comparisons (R. W. Saaty, 2016). The comparisons are done on two levels:

Pairwise comparison is done on elements in the clusters based on their influence on other elements in the
same cluster (inner dependence) or elements they are connected to in another cluster (outer dependence).
All comparisons are done based on a criterion, and when the comparison concerns the extent of influence
other elements have on a given element, a control criterion or sub-criterion of the control hierarchy drives
the comparison.

Comparisons have to be made on clusters based on the influence they have on other clusters to which they
are connected. If there is no influence a weight of zero is assign, otherwise derived weights are included in
the supermatrix to get the weighted column supermatrix. The supermatrix is equal to the influence matrix
multiplied by the priorities of the clusters. Columns are normalized.

Do consistency checking.

Step 4 : Compute the limit supermatrix and determine the result (the global priority of each element of the
network) (R. W. Saaty, 2016).

Perform sensitivity analysis on the final outcome and interpret the results of sensitivity by noting how stable
this outcome is. Compare it with the other outcomes by taking ratios and observing how large or small these
ratios are.

In this paper, the ANP process is used because it is capable to model interrelations. In cases where exact data is
not available, the judgements via pairwise comparisons can be used to model subjective indications. In the case
of these pairwise comparisons, a geometric mean will be used to calculate an average index from the experts’
judgements for implementation in the model.

2.2 General morphological analysis

GMA is a non-quantified modelling method for structuring and analysing ill-structured problems that contain
uncertainties and require a judgemental approach. This method builds an inference model that strives to
represent the total problem space and a maximum number of possible solutions. The GMA methodology


Joey Jansen van Vuuren and Louise Leenen

comprises a number of iterative steps, in which a subject specialist or focus group iterates through a number of
analysis and synthesis cycles. A morphological analysis is carried out in two phases. The Analysis phase defines
the problem complex in terms of variables and variable conditions. During the analysis phase, the most
important dimensions of the problem are identified and defined. Each dimension (or parameter) is given a
number or a range of values or conditions. A multi-dimensional configuration space is constructed (called a
morphological field) by setting these parameters against each other, with each as the heading of a column and
its values in the rows. One state (or solution) of the problem is found by selecting one value from each column.
A morphological field represents the total solution space and thus can have many possible solutions. The
Synthesis phase links variables and synthesises an outcome space. In a synthesis cycle, the participants reduce
the number of possible solutions by doing a Cross-Consistency Assessment (CCA): every pair of values in the
morphological field is checked for consistency. The set of possible solutions is reduced to contain only internally
consistent configurations. Note that the success of GMA depends on the availability of a group of subject
specialists. The output of GMA is no better than the quality of its input. The following references can be
consulted for more information and detailed descriptions of GMA ((Ritchey, 1998); (Ritchey, 2002)).

The modified GMA (MGMA) follows similar steps to the GMA, but in the MGMA process, facilitators are allowed
to contribute knowledge during the preparation phase by pre-selecting certain variables (Jansen van Vuuren et
al., 2017).

2.3 Perceived Cyberpower

The Perceived Cyberpower formula, used in this paper to define cyberpower, is based on the Jablonsky formula
for perceived national power and the Cline formula for national power as presented by Jansen van Vuuren et al.
(Jansen van Vuuren et al., 2017). The formula used for the measurement of Perceived Cyberpower for this paper

Perceived Cyberpower=(C+E+M+I) *(S+W) + Interrelations (C, E, M,I)

Where, pertaining to cyber:

C = Critical Mass that includes the size and age of the population as well as the level of cyber-awareness of
the population. This will also include the differences in cyber-awareness of geographical distributed
population. (e.g. awareness in rural, semi-rural and urban areas). The citizens play a critical role in your
national cybersecurity and therefore national security because citizens can be exploited to either divulge
sensitive information or be part of a botnet or the enemy’s attack. The number of the cyber experts in
addition also have an effect.

E = Economic includes the cyber infrastructure, technology and critical information infrastructure
development and access. This also includes technical and other cyber support or cyber workforce available.

M = Military includes the inclusion of cyber in military forces and the development of a cyber command or
similar (cyber defence capability).

I = Informational. Includes communication and information from systems and technology or the lack of
access due to unavailability of systems.

S = Strategy includes the implementation of a national cyber strategy, prevention of cybercrime, and
education systems for cyber.(includes legal and regulatory frameworks)

W = Will or influencing of people to use cyber responsibly (awareness) and the prevention of cybercrime.

To determine cyberpower, index indicators need to be developed for the above categories.

3. Model for the measurement and ranking of Perceived Cyberpower
As previously indicated, the ANP is also a tool to gain deeper insight into a complex decision problem (Goepel,
2011) and MGMA is a tool to model complex problems. To model the measurement and ranking of cyberpower,
a combination of the ANP and MGMA methods are used.

Klaus Goepel (Goepel, 2011) indicates that the development of the ANP model is the most difficult part of the
process. To set up the model you need to:

Give careful consideration and a clear description of the decision problem.


Joey Jansen van Vuuren and Louise Leenen

Do thorough brainstorming to find important criteria and relevant factors.

Clarity criteria and factors and define their exact meanings. (Keep the number of factors between three and
five in a cluster).

Do a systematic investigation of interconnections between nodes.

Simplify the model. If there is large number of factors, use comparisons to eliminate some of the factors).

Perform a critical assessment of results.

The MGMA model is an excellent model to gain insight in complex problems. With the use of a MGMA model,
the difficulty of steps 1 and 2 of the ANP (as described by Goepel above) can be simplified. We therefore suggest
a combined model of ANP and MGMA for modelling the measurement of Perceived Cyberpower. The combined
methodology Modified General Morphological Analytical Network Process is set out in Figure 1.

Figure 1: Modified General Morphological Analytic Network Process

3.1 Implementation of the model

3.2 Steps 1-2 ANP model

The first step in the modelling of the Perceived Cyberpower includes the identification of categories and the set-
up of relationships. The Modified General Morphological Analysis technique can be used to identify these
categories. It should be noted the all feedback dependencies require experts in multi-disciplinary fields to
ensure they are able to judge the relative importance of upper level criteria with respect to a single lower
criterion or indicators (Piantanakulchai, 2005). Therefore an expert will base his preferences on his knowledge
field and his input on the other fields will be adjusted with pressure from other experts (inner dependence). If,
for example, all the experts are military experts the input will be biased on military capability only. This can
influence the relative weights significantly.

Stage 2:
Complete ANP

Stage 1:
Problem formulation using GMA

Literature search.
Define problem

and domain.

Investigate the totality
of relationships

(parameters and
variables) using GMA /

modified GMA.

Set up variables/

categories, and

Final result and

Set up

Do pairwise
and calculate



Formulate the

Do pairwise
and calculate


Set up



Final result


Define goal,

criteria and

Process Iteration

network and


Process Iteration


Joey Jansen van Vuuren and Louise Leenen

The Perceived Cyberpower formula consist of two clusters, the Capability and Influencing/diplomacy, each with
different elements as shown in Figure 2.

Figure 2: Perceived Cyberpower elements

The elements of the Perceived Cyberpower formula in Figure 2 (and in Table 1) are used as input to the MGMA
exercise. The authors have made progress with these steps but the MGMA still has to be completed.
Intermediate results are shown. During the exercise the clusters, criteria and subcriteria are identified as well
as the alternatives to be used for the model. For each of the clusters a separate MGMA table and cross
consistency matrix must be completed. The information gained from the MGMA for cluster 1 (capability) is
reflected in Table 2. For the benefit of writing this paper, the categories identified by Booz Allen Hamilton
(2011) , as well as other literature review resources e.g. Inkster (2017), Klimburg (2011) and Aschman (2015)
were used to determine the criteria and sub-criteria of the elements displayed in Table 2. The relationships
between Elements and Subcriteria will be represented in the Cross-Consistency Matrix which is not shown in
this paper. The MGMA cross-consistency matrix is then used to determine both the interrelations in the network
as well the knowledge needed to complete the influence matrix.

Table 1: Elements of Perceived Cyberpower formula used in MGMA

Capability Critical Mass (C)
Economic (E)
Military (M)
Informational (I)

Table 2: Elements, Criteria, Subcriteria and Alternatives as Identified by the MGMA Model

Elements Criteria Subcriteria
Critical Mass


Educational levels Tertiary student enrolment as a percentage of total enrolment
Expected years of education

English Literacy
Technical skills

Labour productivity growth

Researchers in research and development per million people
Cybersecurity, Computer Science and Engineering graduates

Economic (E)


Information and communications technology exports as a percentage
of total exports

Information and communications imports as a technology percentage
of total imports

Openness to trade
Innovative environment

Research and development as a percentage of gross domestic products

Domestic patent filings
Private equity and venture capital as a percentage of gross domestic

Smart Grids

E-Commerce and

Intelligent transportation

Placement of orders via internet(business and individual)

MilitaryCritical Mass Informational



Strategy Will




Joey Jansen van Vuuren and Louise Leenen

Elements Criteria Subcriteria

Financial (internet banking etc)
Military (M) Cyber capability

Military research facilities

Military cyberwarfare education institutions
Cyber Range for training

Access to non-state actors
Cyber and Intelligence
Operations Capability

Cyber Defence Strategy
Military Cyber Units (Cyber Command / Cyber Army)

Cyber Weapons


Access to information and


Internet penetration
Mobile cellular penetration

Wifi hotspot per million people
Social media penetration

Quality of information and


Internet bandwith

Affortability of Information
and Communication


Mobile phone tariffs
Broadband Internet tariffs

Information technology spending as a percentage of GDP
Secure servers Software and hardware protective measure

Regular vulnerability testing
Resilience programs

The ANP network model (step 1) in the ANP process is created using the results of the MGMA that includes the
criteria and subcriteria, alternatives and inter relations between the elements. As indicated before, inter
dependencies and outer dependencies between the criteria and subcriteria can be modelled by using the results
of the cross-consistency matrix of the MGMA. The resulting ANP network model is given in Figure 3. The
influence matrix can also directly be populated by using the results of the cross-consistency matrix of the MGMA.
The Influence matrixes will be set up for the cluster Capability and the cluster Influencing/Diplomacy.

Figure 3: The ANP Network for Perceived Cyberpower

3.3 Steps 3-4 of the ANP model

The remainder of the ANP process should now be completed, i.e. doing the pairwise comparisons and
determining the weight vectors. It is important to do the consistency checking as well. If all the experts were
part of the MGMA exercise, the results from the pairwise comparisons can be directly implemented. When
different groups of experts are used, a geometric mean must be calculated to determine pairwise comparisons.
The supermatrix is then be implemented using the eigenvectors obtained from cluster level comparison with
respect to the control criterion applied as the cluster weights. The resulting matrix is normalized so that each of
the columns of the matrix will sum up to unity. A sensitivity analysis can then be performed to ensure acceptable

Will Strategy




information Country 1

Country 2

Country 3

Country 4

Country 5


Joey Jansen van Vuuren and Louise Leenen

4. Conclusion
Although cyberpower is an accepted indicator of national security, the means to measure the cyberpower of a
country is an obstacle that is often raised by researchers and other experts in the domain. In this paper a new
methodology, Modified General Morphological Analytical Network Process, is introduced to measure and rank
the cyberpower levels of different countries. This methodology is based on the Modified General Modified
Analysis (MGMA), the Analytical Network Process (ANP) and the Perceived CyberPower formula. This
methodology is applied using the elements described in the Perceived Cyberpower formula and the judgements
of knowledgeable experts. The authors are continuing to refine the study, and due to the absence of accurate
data, information from other studies were also included in the paper. The authors also present intermediate
results of a MGMA process to identify the network (goal, criteria subcriteria and alternatives) required for the
ANP phase of the process. The authors’ intention is to test the methodology early in the next quarter. Invitations
for the MGMA phase will be done with expertss from the military, public and private sectors to include the whole
spectrum of cyber. These results will be used in the modelling of the ANP. The final results of the study and the
usefulness of the method will be discussed in the next paper.

Aschmann, M., Jansen van Vuuren, J. C., & Leenen, L. (2015). Towards the establishment of an African Cyber-Army. The

Journal of Information Warfare, 14(3).
Booz Allan Hamilton. (2011). Cyber power index: findings and methodology. Retrieved from
da Silveira Guimarães, J. L., & Salomon, V. A. P. (2015). ANP applied to the evaluation of performance indicators of reverse

logistics in footwear industry. Procedia Computer Science, 55, 139-148.
Goepel, K. D. (2011). AHP-ANP practical Application with Pros and Cons. Retrieved from

Inkster, N. (2017). Measuring Military Cyber Power. Survival, 59(4), 27-34. doi:10.1080/00396338.2017.1349770
International Telecommunications Union (ITU). (2017). INDEX OF CYBERSECURITY INDICES 2017. Retrieved from
Jansen van Vuuren, J. C. , Leenen, L., Plint, G., Zaaiman, J. J., & Phahlamohlaka, J. (2017). Formulating the Building Blocks

for National Cyberpower. International Journal of Cyber Warfare and Terrorism (IJCWT), 7(3).
Klimburg, A. (2011). Mobilising cyber power. Survival, 53(1), 41-60.
Langer, R. (2016). Cyber Power: An emerging factor in national and international security. Journal of International Relations

and sustainable development. HORIZONS: Global Security Challenges, Autumn 2016(8).
Piantanakulchai, M. (2005). Analytic network process model for highway corridor planning. Paper presented at the

Proceedings of the 8th International Symposium on the Analytic Hierarchy Process.
Ravi, V., Shankar, R., & Tiwari, M. (2005). Analyzing alternatives in reverse logistics for end-of-life computers: ANP and

balanced scorecard approach. Computers & industrial engineering, 48(2), 327-356.
Raymond, J. W. (2010). Functional concept for cyberspace operations. Retrieved from
Ritchey, T. (1998). General Morphological Analysis, a general method for non-quantified modeling. Paper presented at the

16th EURO Conference on Operational Analysis,, Brussels.
Ritchey, T. (2002). Modelling complex socio-technical systems using morphological analysis. Adapted from an address to

the Swedish Parliamentary IT Commission, Stockholm.
Saaty, R. W. (2016). Decision Making in Complex Environments: Super Decisions Software for Decision Making with

Dependence and Feedback. Pittsburgh, PA: Super Decisionss.
Saaty, T. L. (1999). Fundamentals of the analytic network process. Paper presented at the Proceedings of the 5th

international symposium on the analytic hierarchy process.
Saaty, T. L. (2004). Fundamentals of the analytic network process — Dependence and feedback in decision-making with a

single network. Journal of Systems Science and Systems Engineering, 13(2), pp 129–157.



conferences. His award-winning research has gained a spotlight as the Best Paper of the 15th International Conference on
WWW/Internet in Mannheim Germany.

Dr Joey Jansen van Vuuren is the manager of the Cybersecurity Centre of Innovation at the CSIR in South Africa. The
Centre focuses on the promotion of cybersecurity research collaboration, education and threat exchange. As Research
Leader for Cyber Defence she gave strategic research direction for South African National Defence Force and Government
sectors. Her own research focus on cybersecurity governance and policy.

Anas Mu’az Kademi is a doctoral candidate under the supervision of Assoc. Prof. Ahmet Koltuksuz in computer engineering
at Yasar University. His PhD research explores how cyberspace can be formalized–using cellular automata. He holds M.Sc.
from the same university. Interested in information security, cyber-warfare, networking, cellular automata and strategic

Min Kang is a 2d Lt and is currently a student pursuing his Master’s degree in Computer Science with a concentration in
Cyber Security at the Air Force Institute of Technology. After graduation, he will attend Undergraduate Cyber Training to
become a Cyberspace Operations Officer.

Martti J Kari is PhD student of cyber security in Jyväskylä University, Finland. He retired as colonel from Finnish Defense
Intelligence in the end of year 2017. His last post was assistant chief of Defense Intelligence. He has MA in Russian
language and literature in Jyväskylä University. Kari has worked as a university teacher from the beginning of year 2018 In
Jyväskylä University.

Omer F. Keskin is a Ph.D. Student in Engineering Management and a Graduate Assistant in Old Dominion University. He
holds an MS Degree in engineering management and a BS degree in systems engineering. His research is focused on risk
and reliability analysis of critical infrastructure cyber physical systems.

Anne Kohnke is an assistant professor of IT at Lawrence Technological University in the United States where she teaches
courses in both information technology and organization development/change management disciplines at bachelor
through doctorate levels. Her research focus is in the areas of cybersecurity, risk management, IT governance, and
extraterritorial surveillance and privacy. Anne earned her PhD from Benedictine University.

Captain Juha Kukkola has Master’s degree in Political science (2005) and Military science (2008) and serves as a research
officer at Finnish National Defense University (FNDU). He is currently PhD student at FNDU and is writing his doctoral thesis
on Russia’s military cyber power and strategy. He has served in Finnish Defense Forces from 2008 as a platoon leader,
signals officer, staff officer and lecturer. He is specialized in Air defense, C4 systems and Russian and Cyber studies. He can
be contacted by email at [email protected]

Hyong Lee is a Senior Policy Analyst with National Defense University’s (NDU) Center for Applied Strategic Learning (CASL)
in Washington DC. Mr. Lee started his career in government service in 1992 as a Presidential Management Intern (PMI),
now known as Presidential Management Fellows. In 1996, Mr. Lee moved to Hawaii, where he eventually became Chief of
the Decision Support Branch (J084) at US Pacific Command. As Chief of J084, he oversaw the development and execution
of a number of seminar games and table top exercises. Mr. Lee joined NDU in January 2002 when he started working at
the National Strategic Gaming Center (NSGC), the prior incarnation of CASL. He supports exercise efforts for the various
components of National Defense University, the Joint Staff, combatant commanders, and CASL outreach audiences. His
more recent projects include anti-terrorism / force protection, consequence management, cyber security, and integrating
more technology into exercises.

Louise Leenen is a Principal Researcher in the Cyber Defence research Group at the Council for Scientific and Industrial
Research (CSIR), South Africa. She holds a PhD Computer Science (in Constraint Programming) from the University of
Wollongong in Australia. Her research focus is on artificial intelligence applications in the defence environment, cyber
defence and ontology development. She is the Chair of the IFIP Working Group 9.10 on ICT in War and Peace.

Martti Lehto, PhD (Military Sciences), Col G.S. (ret.) is Professor in Cyber security in the University of Jyväskylä in the
Faculty of Information Technology. He has over 30 years’ experience as developer and leader of C4ISR Systems in Finnish
Defence Forces. Now he is a Cyber security and Cyber defence researcher and teacher and the pedagogical director of the
Cyber Security MSc. program. He is also Adjunct professor in National Defence University in Air and Cyber Warfare. He has

Reproduced with permission of copyright owner. Further reproduction
prohibited without permission.

Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.

Cyber Domain Conflict in the 21st Century
Cilluffo, Frank J;Cardash, Sharon L
The Whitehead Journal of Diplomacy and International Relations; Winter 2013; 14, 1; ProQuest Central
pg. 41

Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.

Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.

Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.

Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.

Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.

Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.





Mihai-Ştefan DINU, PhD

Abstract: The acknowledgement of the cyber domain as the fifth one – after

land, sea, air and space – along with an unprecedented technological development

have led to a change. A change in security culture and mentality, education and

practice, change that is being shaped by the academic knowledge, trained in

laboratories and practiced in organizations.

The paper focuses on the undeniable relation between the outstanding

developments of information society, along with the increasing types of threats

against it, threats that tend to target every national security domain and the

measures taken against those threats.

Key words: Cyber domain, the 5th domain, information society, NATO’s

cyber defense concept, education

1. Introduction
When it comes about the Cyber domain, a vast number of authors

refer to William Gibson’s novel Neuromancer. There is no doubt that

modern human life of the 21st century could not be perceived in its entirety

without the significant role of technology, especially information and

communication technology (ICT). Indeed, ICT permitted in the last two

decades a burst regarding not only the professional level of communication

and information of human activities, but also to the individual intimate level

of every individual. Along with these aspects of human life, research and

development activities benefitted of the means provided by the

Senior Researcher at the Information Systems Department of Security and Defense

Faculty, „CAROL I” National Defense University

Mihai-Ştefan DINU, PhD


technological development. However, as researchers, educators and

professionals we must mention the fact that Yoneji Masuda in his work The

Information Society as Post-Industrial Society depicted the emergence of

ICT in human society several years before the appearance of William

Gibson’s novel
. Thus, Masuda promoted information utility as the main

production center of information society. In his perspective, the information

utility consists in information networks and data banks
, in other words a

public infrastructure based on interconnected computers.

In the same period when Masuda’s view was being promoted, another

significant event was taking place: The Internet emerged public from the

military testing laboratories. Initially perceived as a tool that facilitated

communication, the Internet rapidly expanded its functions along with the

implementation on extended geographic areas.

Today, the Internet is not only a technological tool. In 2011, the

United Nations declared in a report issued by the Special Rapporteur Frank

LaRue on the promotion and protection of the right to freedom, opinion, and

expression that by the fact that it facilitates the realization of a range of

other human rights
, the access to internet is a fundamental right. This

statement comes in the context in which, 11 years earlier, Estonia legislated

Internet access as a basic human right, in the year 2009 France

Constitutional Council
declared it a fundamental right and, similarly, a

2010 decision
of Costa Rica Constitutional Court.

Obviously, the free access to internet did not attract only positive

actions, but also criminal ones. The vast virtual cyberspace becoming

populated not only with actors offering social, educational or professional

Yoneji Masuda, The Information Society as Post-Industrial Society, World Future

Society, Washington D.C., 1981
Ibidem, pp.30-33

***, A/HRC/17/27/ – Report of the Special Rapporteur on the promotion and protection of

the right to freedom and opinion and expression, Frank LaRue, United Nations’ General

Assembly, 16 May 2011, p. 7
Stephen Tully, A Human Right to Access the Internet? Problems and Prospects, in Human

Rights Law Review, vol. 14, Issue 2, Oxford University Press, pp. 175-195
***, Decision no. 2009-580 of June 10

2009 at

constitutionnel/root/bank_mm/anglais/2009_580dc.pdf (14.02.2017)
Sala Constitutional, La Sala en la Prensa 2010(2011) p. 118 at www.poder- (14.02.2017)



tools but with diverse criminal actors whose actions lead to decisions taken

by vast majority of nation states to legally, politically and technically

protect their infrastructures against cyber-attacks.

2. Cyberspace the 5

operational domain

The existence of cyber acts in 2007 in Estonia as well as in 2008 in

Georgia, led to the conclusion that cyberspace can be a battlespace.

Therefore the Internet, a generally used tool after its original development in

the military labs, returned to its starting activity domain, through the

opportunities opened by the technological development, and got a

militarized dimension. Moreover, the 2014 events in Ukraine were preceded

by an orchestrated cyber- attack on communications, cell networks jamming

and internet connections severing, in a Russian attempt to obtain an

information blackout

On this background, military organizations realized the fact that

successful results of the conventional military operations are increasingly

dependable on or enabled by the access to cyberspace together with the

access to civil critical infrastructure within both the national borders and

foreign operational theatre. In this sense most states started to develop cyber

security strategies, along with the necessary doctrine to support cyber

operations. Cyber Defense concepts were developing both at national and

international level.

A very illustrative example is the evolution of NATO Cyber Defense


3. Evolution of NATO Cyber Defense Concept

As a political-military alliance NATO has always focused on its

communication and information systems, so when an Alliance Web server

had been shot, down back in 1999, by a series of attack DDoS type, military

leaders understood that bombs could also be logical, as the investigations

they performed revealed traces leading to Serbian military
. As a result,

Shane Harris, Hack attack, Foreign policy, 3 March 2014 at
Ellen Messmer, Serb supporters sock it to NATO, US web sites, CNN, 6 April 1999, at

Mihai-Ştefan DINU, PhD


starting with the 2002 NATO Summit held in Prague, the Alliance has been

developing NATO Cyber Defense Concept.

We can consider that so far, the development of afore mentioned

concept has had five successive stages, as follows (table no. 1).




– Recognition 2002 Prague NCIRC establishment


– Foundation 2008 Bucharest NCD Policy 1.0


– Centralization 2010 Lisbon

Capability targets in NATO Defense

Plan Process

Information Sharing

NCD Policy 2.0



– Enhancement 2014 Wales

NCD 3.0

Legal issues

Creation of Cyber Range

Fostering Partnerships


– Adaptation 2016 Warsaw

Cyber Defense Pledge

Cyberspace as the 5



Partnerships at national and

international level with industry and


Table no. 1. Evolution Stages of NATO Cyber Defense Concept

The main characteristics of each stage will be further discussed.

The first stage, RECOGNITION, constituted a purely technological

approach, with exclusive focus on protection of key NATO systems as a

result of recognition of cyber threats to NATO networks. It is the creation

stage of NCIRC (IOC)

The second stage, FOUNDATION, at Bucharest Summit, represents

in fact the first step in policy approach by:

Issuing NCD Policy 1.0


NATO Computer Incident Response Capability



Adopting 1
Policy following 2007 cyber-attacks in Estonia

Establishing objectives and principles (NATO and allies’


Organization of CDMA

structure, later CDMB

The third stage, CENTRALIZATION, represents the moment when:

NCD Policy 2.0 was issued

Lisbon Strategic Concept was launched

 2

policy was adopted (June 2011)

Protection was centralized through NCIRC (FOC) with 80 million

euro invested

Cyber defense capability targets were agreed upon in the framework

of NATO Defense Planning Process

Information Sharing Mandate was issued

In the fourth stage, ENHANCEMENT represents moment when cyber

defense was directly linked to NATO’s core task of collective defense and,

additionally, the following aspects were settled:

The applicability of international law in cyberspace was recognized

The focus on training, education and exercises was enhanced

The creation of cyber range was decided upon

The Enhancing Information Sharing process was initiated, including


Calls for partnership were launched, including industry

The current stage, ADAPTATION, shows a focus on:

Strengthening and enhancing national cyber defense capabilities as a

matter of priority by issuing Cyber Defense Pledge

Recognition of cyberspace as a domain of operation in which NATO

must defend itself as effectively as in the air, on land, at sea and in space.

Starting new and enhancing existing partnership with countries,

international organizations, industry and academia.


Cyber Defense Management Authority

Cyber Defense Management Board

Mihai-Ştefan DINU, PhD


4. Implications of the NATO Cyber Defense Concept on CAROL

I NDU educational process

“Carol I” National Defense University as a military educational,

research, and cultural flagship, shared NATO’s assumed mission to enhance

the capability, cooperation and information sharing among NATO, NATO

nations and partners in the field of cyber defense through education,

research and development, lessons learned in order to accumulate, create

and disseminate knowledge by its many degree programs at several levels

and forms of university education: doctoral programs, masters,

undergraduate programs, open education distance majors, and other training


Consequently, in the framework of “Carol I” NDU the Military

Information Systems and Defense Information Department (MISDID) was

developed, whose specialized programs cover research and educational

aspects regarding the cyber defense field. Moreover, the Information

Systems Department manages graduation and post-graduation programs for

officers and for the civilian students. Thus, Information Systems graduation

program is open to any civilian student who might want to attend it,

following an exam, as the positions are limited to a number of 25 each year.

Subsequent to the admission to the graduation program, the students will

benefit from training with the NDU professors and internships in different

organizations in the field. Considering the fact that during the three years’

study program the disciplines are gradually developed toward cyber security

leadership essentials, many classes are destined to cover hands-on activities

in the Cyber Defense Laboratory. In the lab, students have the opportunity

to practice their theoretical knowledge and develop their skills participating

in practical exercises on network vulnerabilities, cyber threat detection,

active defense and incident response or red team-blue team type of

exercises. The main objective of theoretical knowledge and laboratory

training is not only to learn about security, but also to learn about managing


Along with afore mentioned program, MISDID manages a number of

13 post-graduation programs in the department fields of study and an MA

program in the field of communications, IT and cyber defense.

During their study program, students have the opportunity to enroll in

third party specialized courses: Juniper, Mikrotik, CISCO etc.



At the same time, professors and some selected students take part in

an annual project targeted at the development of cyber security culture

named Cyber-security for the jeans generation. The project consists in

activities that take place in high schools, mainly workshops led by MISDID

professors/researchers and students in which high school students and

teachers are invited to participate actively.

The initial start of the project was grounded on several issues that

emerged due to the large use of modern ITC devices:

Protection of privacy

Personal data protection

Cyber bullying

Cyber harassment

Increased frequency of cyber-attacks targeting single individuals

Therefore, this project is based on the idea that creating and

developing a cyber security culture will lead in fact to the creation and

development of a certain behaviour, namely the security behaviour of the

users who interact with different types of information and communication

technology in the large framework of ideas and values developed in the

cyber security field.

A solid research dimension grounds all previous educational

programs, activities and projects. Inspired by the guidelines projected in the

“Carol I” NDU Research Strategy, research is conducted in MISDID by the

heads of chair in the field of information systems, communications,

intelligence and cyber defense, in the collaboration with the department

researchers in the framework of department board.

Outside NDU, the research dimension is developing mainly on four

main cooperation efforts:

Centre of Excellence for Advanced Technologies in Cyber Security

(coordinated by the Military Technical Academy) – training courses and

exercises, research and innovation to address cyber security challenges,

developing best practices and guidelines to identified cyber security

solutions, solutions for protecting communication and information system,


Mihai-Ştefan DINU, Emergence of a discipline: Information Law, in Annals Series on

Military Sciences, Volume 9, Number 1, 2016, pp. 52-59.

Mihai-Ştefan DINU, PhD


developing collaboration and information sharing between academia and


Research Center for Navy – theoretical ground for identification of

risk factors in littoral areas, cyber security management policies and

procedures etc.

Private companies which main activity lies in cyber security domain

– internships, documentary stages, scientific event, research project


Independent think-tanks focused on cyber domain – creating and

developing knowledge hubs, fostering dialogue between decision makers

and academia, leadership and policy projections etc.

5. Conclusions

In the cyber defense domain NATO focuses formally and de facto on

the doctrine, which proves to be a defensive one, as NATO does not

approach the use of offensive cyber operations. The complex and very

dynamic nature of challenges rising in cyberspace leads NATO towards

establishing a solid direction in education, training and exercises. In this

respect, “CAROL I” NDU education and research programs are evolving at

the same time with NATO Cyber Defense Concept, nowadays professors

and researchers grounding the standards for legal evaluation of cyberspace

acts, meantime developing a cyber defense culture not only at military

organization level, but also for the civilian segment.


*** A/HRC/17/27/ – Report of the Special Rapporteur on the promotion and

protection of the right to freedom and opinion and expression,

Frank LaRue, United Nations’ General Assembly, 16 May 2011;

*** Decision no. 2009-580 of June 10

2009 at www.conseil-

2009_580dc.pdf (14.02.2017);



DINU M.Şt., Emergence of a discipline: Information Law, in Annals Series

on Military Sciences, Volume 9, Issue 1, 2016;

HARRIS S., Hack attack, Foreign policy, 3 March 2014 at;

MASUDA Y., The Information Society as Post-Industrial Society, World

Future Society, Washington D.C., 1981;

MESSMER E., Serb supporters sock it to NATO, US web sites, CNN, 6

April 1999, at


Sala Constitutional, La Sala en la Prensa 2010(2011) at www.poder-


TULLY S., A Human Right to Access the Internet? Problems and

Prospects, in Human Rights Law Review, vol. 14, Issue 2,

Oxford University Press.


Cyberspace Is Not a Warfighting Domain


Like everyone else who is or has been in a US military
uniform, I think of cyber as a domain. It is now enshrined in
doctrine: land, sea, air, space, cyber. It trips off the tongue,
and frankly I have found the concept liberating when I think
about operationalizing this domain. But the other domains
are natural, created by God, and this one is the creation of
man. Man can actually change this geography, and anything
that happens there actually creates a change in someone’s
physical space. Are these differences important enough for us
to rethink our doctrine?

General Michael V. Hayden,
USAF, Retiredi

In the beginning was the land domain; with the discovery of
flotation came the sea domain. A century ago, the air domain was
added to the list; a half-century ago, the space domain was added as
well. Within the last quarter-century, the combination of ubiquitous
networking and universal digitization has given rise to cyberspace, the
newest addition to the growing family of domains. Cyberspace, we are

*Martin Libicki is a senior management scientist at the RAND Corporation. His research
focuses on the impacts of information technology on domestic and national security.
Libicki recievied his Ph.D. in economics and M.A. in city and regional planning from the
University of California, Berkeley, and his S.B. in mathematics from the Massachusetts
Institute of Technology.

1 Michael V. Hayden, The Future of Things “Cyber,” 5 STRATEGIC STUD. Q. 3,4(2011),
available at http://http://ww

2 By contrast with cyberspace, which is considered a domain and which, as a domain, is
headed by a full general, radio-frequency spectrum, the control over which nations have
sparred over since 1940, is not considered a domain. Even through far more money is
spent on electronic warfare equipment than in cyberwar equipment, in no Service does the


told, pervades the other domains in the sense that warfighters in each
of the prior domains would be severely handicapped if their access to
cyberspace were successfully challenged. Thus understood, cyberspace
has become the new high ground of warfare, the one domain to rule
them all and in the ether bind them, which, as this essay will argue, is
the wrong way to view cyberspace and what militaries can do by
operating “within” it.

Whether cyberspace does or does not have the essence of a
warfighting domain as per some platonic ideal is not at issue. Instead,
this essay contends that understanding cyberspace as a warfighting
domain is not helpful when it comes to understanding what can and
should be done to defend and attack networked systems. To the extent
that such a characterization leads strategists and operators to
presumptions or conclusions that are not derived from observation
and experience, this characterization may well mislead. In other
words, connotations rather than denotations are the problem. The
argument that cyberspace is a warfighting domain, only a really
different one, begets the question of what purpose is served by calling
cyberspace a domain in the first place. Our purpose is, therefore, akin
to what our ancient Chinese friends would have called the rectification
of terms: making the name of the thing match the nature of the thing.

To do this, I first characterize cyber operations and their tenuous
relationship to cyberspace. Next, I examine how warfighting describes
the set of tasks necessary to defend or, alternatively, offend networked
information systems. Lastly, I describe some of the conceptual errors
that may arise by thinking of cyberspace as a warfighting domain
analogous to the traditional warfighting domains.


The networked systems used by countries and their militaries are
designed to carry out the commands of their owner-operators. Whose
orders these systems actually carry out, however, depend not on their
design, but upon the code that reifies their design.3 As a rule, the

person whose primary mission is to command electronic warriors rank higher than a
brigadier general.

3 It is possible to carry out cyber attacks by subverting not the code but the users. An
authorized user can be a spy/saboteur or be persuaded to do the wrong thing using social
engineering. From a system perspective, however, most users are clients. Good engineering
practices would limit the damage that can be done to servers by the actions of rogue client
machines, but the servers into which such principles are encoded may themselves have
vulnerabilities, hence returning to the issue of code as a primary issue.

[Vol. 8:2322


systems’ code and design conform almost perfectly, but in the term
“almost” lies the entire basis for offensive cyber operations.
Information systems are complex and, in their complexity, there can
often be minute cracks, no more than a bitstream wide, that hackers
can take advantage of by issuing commands to systems to which they
have no rights. These minute cracks are vulnerabilities; they are
invariably specific and can usually be patched once discovered and
understood. By depending on information systems to supply us the
right information or to command machines, we rely on their correct
performance, but this assumption is not always correct, particularly
when such systems are under pressure.

Offensive cyber operations attempt to exploit such vulnerabilities
to create effects that interfere with the ability of their victims to carry
out military or other tasks, such as production. As a rule, the more
these tasks require correct working of the systems, the greater the
potential for disruption or corruption that can be wreaked by others.
Similarly, the more widely connected the information systems, the
larger the population of those who can access such systems to wreak
such havoc. Conversely, the tighter the control of information going
into or leaving information systems, the lower the risk from the threat.
Stated more broadly, the sounder the security design of an
information system, the lower its susceptibility to such threats, the
faster such threats can be recognized, the easier they can be thwarted,
the less the damage, and the faster the recovery. Ultimately, the ability
to carry out offensive cyber operations is a direct function of the
weakness of the target system-something that cannot be said for, say,
cities threatened by nuclear weapons. To be sure, clever hackers can
do more damage than mediocre ones-but a large part of their skill set
rests on the ability to discover and discern how to exploit these
vulnerabilities,4 if they exist in the first place.

What is there about such effects that necessarily describe a
medium of combat? The answer is empirical: the most common way
of accessing one information system is to take advantage of the fact
that systems are typically connected to other information systems, and
ultimately to all information systems, usually through the Internet.
The Internet is basically tantamount to cyberspace; everything

4 To wit, those who discover a vulnerability can usually generate the tools required to
exploit it-but a set of tools without the requisite vulnerabilities is not particularly useful. A
similar point is made about nuclear bomb making-no state that has the requisite fissile
material has failed to figure out how to make a bomb from what it has. See Peter D.
Zimmerman, Proliferation: Bronze Medal Technology Is Enough, 38 ORBIs 67, 75-78

2012] 323


connected to the Internet is connected to cyberspace and, therefore,
part of cyberspace. The connection even extends to systems where the
connection is intermittent and asynchronous-the best example being
how bytes can be inserted into and extracted from supposedly closed
systems, such as those that run Iran’s centrifuges at Natanz or the
Department of Defense’s (DoD’s) SIPRNET, using removable media,
such as USB drives.

Internet connectivity is an epiphenomenon of system attack, but
there are other ways to introduce errors into computer systems. An
authorized user could be a foreign agent. A special forces operator
could gain illicit access to a system and command it for long enough to
make it err. The system may contain rogue logic components that
create certain types of errors based on particular circumstances (e.g.,
if the radar sees a U.S. warplane, a circuit in the radar instructs the
screen not to show anything). A message sent over a short-range,
point-to-point radio-frequency connection could be overwritten by a
long-range, high-power signal from outside the supposed perimeter.
None of these methods require cyberspace to work, but they can
create the same effects. Nevertheless, operating through cyberspace is
the preferred method of entry for reasons of economy, certainty, and


It is one thing to recognize that the ability of advanced militaries
to carry out missions in the four physical domains requires that they
alone can command their systems. It is another to conflate the
epiphenomenon of Internet-connectivity of such military systems with
the proposition that cyberspace is a military medium subject to the
tenets of warfare that exist in the other physical media.

Everyone concedes that cyberspace is man-made. This is what
makes it different from its predecessors. Most then proceed as if the
difference between a natural and a man-made combat medium is of
no greater importance than the difference between natural and man-
made fibers. But it is not the man-made nature of cyberspace that
makes it different. Cities are man-made, but city combat shares many
of the rules of country combat. What matters is that cyberspace is
highly malleable by its owners, hence its defenders, in ways other
media are not. Cities, although man-made, are not particularly
malleable (at least not by those defending them).

How malleable is cyberspace? In the commercial world, there are
many givens: the overwhelming majority of all machines run some
version of Microsoft Windows; most software products are dominated

[Vol. 8:2324


by a handful of firms, often just one; communications with the outside
world have to use various protocols of the Internet suite (e.g., TCP/IP,
the Border Gateway Protocol); and major communications companies
transmit most of the traffic over what are, in the short run, fixed
hardware infrastructures. This still leaves a great deal of discretion for
the average user, even in the short run: which systems are connected
to the outside; what is accessible through systems so connected; what
provisions are made for back-up or process validation; how networks
are managed and secured (including which products and services are
purchased); where encryption and digital signatures are used; how
user and administrator identities are authenticated; how such
individuals are vetted for their responsibilities; what version of
software is used and how diligently its security is maintained; what
security settings are applied to such software (and who gets to change
them); how personnel are vetted; and so on.

In the slightly longer run, radically better system architectures and
ecologies are possible. Take Apple’s iPad. Little, if any, malware has
been written for it.5 Why? The iPad operating system will only run
software acquired through Apple’s iStore and such offerings are vetted
and never anonymous. Thus, while apps are not foolproof, they are
small, not resident (because iPads do not support multitasking, few
apps are on all the time), and much less likely than web pages to
deliberately become sources of malware (unfortunately, apps can be
quite nosy.) The iPad version of the Safari web browser limits plug-ins
(most famously, Adobe’s Flash player) and web downloads. The iPad’s
apps tend to be much simpler than those designed for personal
computers. The iPad also shuts down (but in a state-full way) when
not in use, thereby flushing memory-resident processes. It is unclear
how robust the iPad model is for general-purpose computing (its apps
come with far fewer user-set options than PC applications and
heavyweight database processes, for instance, have little presence on
the iPad). Yet the iPad demonstrates how alternative architectures
may radically change the security equation.

The U.S. military has a real need to shape its information systems.
Unlike most of us, it faces more competent, potentially serious foes

5 As of April, 2012 there has been no known malware for systems built with Apple’s iOS5,
which runs not only the iPad, but the iPhone and the iPod touch. Yes, the iPad itself is new,
but 25 million had been sold by mid-2011. Sam Costello, What Are iPad Sales All Time?,,
(last visited Apr. 9, 2012). Furthermore, the same generalizations apply to the iPod Touch
and the iPhone which use the same operating system and which all together have sold over
250 million units. Charles Jade, iPod Touch Now Outselling iPhone, GIGAOM, Jan. 28,

2012] 325


with a clear interest in preventing its operations from working,
particularly while fighting a war, when its capabilities are most
important. Foes are more than willing to penetrate the military’s
computers to do so. Thus, the DoD should be and is willing to make
tradeoffs that ensure its systems do as they are told even if doing so
makes systems somewhat costlier and more inconvenient. Many of its
systems are air-gapped, that is, with no electronic links to other
networks. 6 Encryption is widespread, particularly on RF links, which
characterize communications among warfighting platforms. The DoD
imposes many restrictions on what its users can do; access, for
instance, requires a Common Access Card (CAC). The DoD has its own
Internet domain and runs its own domain-name server. It has
acquired most of the source code for Microsoft Windows so that it can
understand, and in some cases alter, its security features. It vets users
tightly. It operates a complex system of document security
(classification). It has hired some of the world’s smartest people in
information security, many of whom work for the National Security
Agency (NSA). In sum, the DoD has even more scope to shape its
share of cyberspace than most organizations do and uses this
discretion vigorously. In other words, its cyberspace is definitely
malleable. Unlike the physical domains, cyberspace is not a given
environment within which the DoD must maneuver on the same basis
with its foes. Indeed, the task in defending the network is not so much
to maneuver better or apply more firepower in cyberspace but to
change the particular features of one’s own portion of cyberspace itself
so that it is less tolerant of attack.


The use of “its cyberspace” when discussing the DoD suggests
another feature of cyberspace-it is not a single medium as, say, outer
space. Cyberspace consists of multiple media-at the very least, yours,
theirs, and everyone else’s. Each of these media often contains sub-
media. Your cyberwarriors are trying to get into their cyberspace as a
way of getting their systems to misbehave and theirs are trying to get
into yours for the same reason. The question of who controls the

6 Air-gapping is no panacea. (What is?) To be perfect, air-gapping has to exclude removable
media, intermittent connections (e.g., for software updating), and stray RF signaling. Even
then, an air gap can be defeated by those willing to penetrate physical security perimeters
or by the insertion of rogue components. But efforts to penetrate air-gapped systems are
costly and do not scale well.

326 [Vol. 8:2


public share of cyberspace, while important, is usually ancillary to the
ability of each military to carry out operations.

The extent to which our adversaries’ systems are an
undifferentiated subset of the greater Internet, and thus of public
cyberspace, varies. As a rule, the more sophisticated and well-financed
the adversary, the more it maintains its own communications links. In
any case, connectivity among mobile units has to use a different
architecture than the land-line Internet. Conversely, the less
sophisticated and well-financed the adversary, the less likely it is to be
able to afford the kind of networking upon which the United States
and comparable militaries have grown so dependent. Countries are
either too technically sophisticated to allow the systems on which they
depend to rely heavily on the Internet or countries lack the
technological sophistication to afford the systems upon which their
warfighting would depend. In other words, the ability to command or
at least to confound the Internet of foreign countries is likely to be of
modest military value. This is far from saying that such countries are
impervious to operations against their systems. It does mean,
however, that carrying out such operations requires playing in their
corner of cyberspace and they too have considerable scope to shape
what they become dependent upon-cyberspace is not a given for
them either.

What about this broad cyberspace in the middle-is it worth trying
to dominate or preventing others from dominating? To some extent, it
is. Cyberspace operations can keep a state’s leaders from
communicating with its population easily, as Russia’s operations did
against Georgia in 2008. It can make life uncomfortable for citizens of
another state, as the operations of Russia against Estonia did in 2007.
The ability to interpose messages into media can have psychological
effects. The ability to take down web sites (e.g., Jihadist sites) can
complicate recruitment efforts. Interfering with services from, for
example electric and transportation utilities or maintenance
organizations, can reduce the support that militaries receive from
them. But these operations are carried out, not so much against
cyberspace which is to say the Internet per se, as against systems
connected by cyberspace to the rest of the world. Such systems, and to
some extent their connections, are themselves malleable. Thus,
Estonia reduced its vulnerability by having Akamai redo its network
architecture and Georgia did similarly by having U.S. companies, such
as Google and Tulip, re-host their web sites. Power companies do not
have to be vulnerable to hackers; they can air-gap their generation,
transmission, and distribution systems in advance. If they feel the
consequences of their failures to do so beforehand, they can correct
matters afterwards, albeit not instantly. Maintenance activities for the

2012] 327


electric grid companies can adopt back-up methods (e.g., phones and
modems, VSATs) so that they can continue to serve their customers
should the need arise. Trying to control the Internet in order to
interfere with civilian activities may contribute to an overall
warfighting effort, but, as a general rule, what lies on the civilian
Internet is usually secondary to how physical wars are fought.

We are left to conclude that in great contrast to other domains,
cyberspace is composed of multiple media and is malleable in ways
that advantage its various owner-operators.


Thinking of cyberspace as a warfighting domain tends to convert
the problems associated with operating in cyberspace-creating useful
effects in your adversaries’ systems and preventing the same from
being done to you-into a warfighting mold shaped by the four older
domains. This shifts the focus of thought from the creation and
prevention of specific effects to broader warfighting concepts, such as
control, maneuver, and superiority. This approach emphasizes the
normal attributes of military operations, such as mass, speed,
synchronization, fires, command-and-control, and hierarchy, at the
expense of other ways, such as engineering, as a way of creating or
preventing effects.

Start with the problem of preventing effects arising from mis-
instructed systems, often understood as “defending networks.” As
noted earlier, such a task might otherwise be understood as an
engineering task-how to prevent errant orders from making systems
misbehave. One need look no further than Nancy Leveson’s Safeware
to understand that the problem of keeping systems under control in
the face of bad commands is a part of a more general problem of
safety engineering,7 a close cousin of security engineering as Ross
Anderson’s classic of the same name expounds.8 Safeware,
incidentally, has no mention of militaries or military metaphors.9
Security Engineering rarely discusses military matters and much of
what it does cover is the safe command and control of nuclear



9 LEVESON, supra note 7.

328 [Vol. 8:2


weapons.10 Together with engineering, one could add the related
disciplines of architecture (how the various parts fit together
influences how faults echo throughout a larger system),
administration, and policymaking (how to make intelligent tradeoffs
between values such as security on the one hand and cost and
convenience on the other). For systems so complex that predicting
what they do by analyzing their components is difficult, warding off
unwanted effects may also call on the talents of a scientist used to
dealing with complexity theory.

Granted, there may well be ways of managing networks which
require activities that may be likened to warfare. Even well-designed
systems have to be tended to constantly. (Indeed, well-designed
systems facilitate such management.) Systems managers may even be
lucky enough to see incoming or circulating malware and intervene to
limit its malign effects by isolating and neutralizing it. In other words,
there may be something worthwhile about having warriors “live in the
network.” But is such a reactive ability important compared to
systems engineering or is it simply something to be emphasized in
order to make network defense look like warfighting? Perhaps another
analogy may be illuminating. If illegal migrants entered the United
States in large gangs, forcing their way past border guards, a military
response to their penetration attempts may be appropriate. As it is,
illegal migrants enter this country using guile by sneaking across
lightly guarded terrain or by overstaying their visas. Staunching their
flow is rightly seen as a police problem. Similarly, the problem of bad
bytes traversing borders is not a matter of force but guile and the
military metaphor just does not fit.

The same question may be asked of certain aspects of “active
defense.”,’ Cyber warriors want to take the fight to the enemy by
finding, targeting, and disabling the servers from which the intrusions
came. This is probably not a bad idea if foes lack the care or
sophistication to launch an attack in other ways, for example by using
fire-and-forget weapons (Stuxnet2) or by operating from multiple

10 ANDERSON, supra note 8.

11 “Active defense” comprises a large number of defensive activities which are “active” in
the sense of doing something other than waiting for the detection of malware or an
intrusion before acting. One component, for instance, is the collection of malware
signatures from the outside to constantly upgrade the list of material whose ingestion is

12 Stuxnet was a worm that infected and likely destroyed uranium centrifuges in Iran’s
Natanz facility. Once released, it carried instructions on how to destroy such centrifuges
without requiring further human command.

2012] 329


servers up to and including peer-to-peer networks of bots. Against
better foes, search and disable missions are likely to be much less
productive. Here, again, the conventional imagery of cyberspace as a
warfighting domain distorts how cyber operations are understood.

More broadly, the emphasis on defending the domain puts the
information assurance cart before the mission assurance horse.
Militaries adopt networked systems in order to facilitate kinetic
operations. Adversaries target these networks in order to neutralize
the help that networked systems provide to operations or, even worse,
to exploit the dependence on such systems to render militaries less
effective than if they had never adopted network systems at all.
Information assurance refers to how militaries minimize such a
threat, but what these militaries really need is mission assurance. A
large component of mission assurance is being able to carry out
operations in an environment in which the enemy has penetrated
their networks. This component requires understanding the
relationship of operations to information flows and adjusting
accordingly in order to manage risk. It also includes training to ensure
that warfighters can function in an environment where networks are
occasionally unavailable and information from a single source is not
always trustworthy. But if cyberspace is viewed as a domain that needs
to be mastered by warfighting, the subsidiary nature of this domain to
kinetic operations is lost and the emphasis shifts to achieving control
in this domain for its own sake rather than understanding exactly why
such control was needed in the first place.


If understanding cyberspace as a warfighting domain is a poor way
to approach mission assurance, might it nevertheless be a good way to
understand offensive cyber operations? At first glance, yes. Envision
teams of cyber warriors entering the networked systems of
adversaries-controlling, disrupting, and corrupting as they go.

However, at second glance, not quite. The metaphor of warfighters
living in cyberspace is exactly that, a metaphor. In practice, a great
deal of what offensive cyber warriors do is reconnaissance, or
exploration; in no other military endeavor is intelligence so integral to
warfighting. But the nature of the reconnaissance is not simply to
observe and report. The real purpose of cyberspace reconnaissance
has a more scientific bent-to examine a logical structure and
determine its flaws, either by observation or by experimentation. As it
is, the relationship between reconnaissance and operations in
cyberspace has changed a great deal in the last dozen years and may

[Vol. 8:233o0


change yet again. In the late 199os, the act of exploration consisted of
lone hackers getting past barriers and interacting in real-time with the
target system. In that respect, it was much like special operations.
These days, the entry point is more likely to be some malware that has
been downloaded by some client. (A half-dozen years ago, servers
were a more logical entry point than they seem to be today.) Offensive
cyber warriors then communicate to the target system via the
malware. The center of gravity of such an operation is the act of
determining the target system’s vulnerabilities and creating a tool
embodied in malware to exploit them. In a sense, if defensive
cyberwar is largely a question of engineering systems to make them
resistant to attacks, then offensive cyberwar is reverse-engineering
target systems to understand how they may be vulnerable to attacks.
All this dynamism further argues against trying to force-fit cyber
operations into any mold, not the least of which is domain dominance.
None of these is alien to warfighting, but they do have different

Such rhythms necessarily derive from the unique nature of
cyberspace. A key characteristic of offensive cyberspace operations is
that most of them are hard to repeat; once the target understands
what has happened to its system in the wake of an attack, the target
can often understand how its system was penetrated and close the
hole that let the attack happen. Even if it cannot find the hole, the
target learns where its system is vulnerable and may rethink the
accessibility or trustworthiness of its system. The strong likelihood
that targets of cyberwar will make such adjustments suggests that
offensive cyber operations may be front-loaded over the course of a
campaign. The use of offensive operations against a naive target set is
likely to be considerably more effective than against the harder target
set several weeks later. This is not so characteristic of other
warfighting domains which retain their importance throughout a

Indeed, one can characterize offensive cyber operations as a set of
carefully prepared one-offs that have a well-defined role to play as
niche operations in certain phases of a conflict. Stuxnet could be
described that way. But such a characterization ill fits the notion of
cyberspace as a continuous warfighting domain in the same way as
land, sea, air, and space.

Finally, focusing on cyberspace as a domain suggests that cyber
warriors be organized the same as warriors in other domains.
Using/Implementing a division of authority in which the enlisted
greatly outnumber officers (typically by more than four-to-one)
implies converting cyber warfare into a set of operations in which
most elements can be broken down into routines and taught to people

2012] 331


who are well-trained but not extensively educated. The wiser
alternative is to determine what skill mix the domain requires, then
recruit and train appropriately without worrying too much about
whether the resulting hierarchy characterizes what are understood to
be warfare domains.


Calling cyberspace a warfighting domain also promotes the urge to
force-draft warfighting concepts from the earlier domains of land, sea,
and air,13 which may be required because everyone in the field,
particularly at the senior officer level, started in a service dedicated to
a historic domain and came equipped with frameworks that can be
used to shape how cyberspace is understood.

Perhaps the most pernicious concept is the notion of domain
superiority-the notion that power in a domain can prevent
adversaries from doing anything useful in it. In the air or seas,
whoever’s fleet can keep the other from taking off or leaving port has
achieved superiority. But, as argued, cyberspace is not unitary. In a
war of two sides, there are at least three sub-domains: mine, yours,
and, least relevant for warfighting, everyone else’s. The best hackers in
the world can do little to interfere with a truly air-gapped network of
their adversaries. Enough said.

Notions of cyberspace as a high ground whose dominance
presages the dominance of all other domains are similarly
meaningless. The ability to get useful work done with one’s systems
and make it difficult for adversaries to do likewise is helpful, but only
instrumental. The traditional, and partially obsolete metaphor, that
air control means I can hit you and you cannot hit me is not even close
to an accurate pricis of what competent cyber warriors permit.

Other misleading metaphors come from ground warfare. For
example, take “key terrain.” True, in any network some physical nodes
and services are more important than others. But offensive cyberspace
operations generally cannot break physical nodes and the services

13 Why not outerspace? Fortunately for warfighters in that domain, it has yet to produce its
first Clausewitz, Mahan, or Douhet. Although many have tried, all have thankfully failed to
achieve such conceptual heights. Part of the problem is that the physics of orbital
mechanics are so daunting, and the art of the possible is quite constrained. Despite the
recurrent urge felt among space warriors that their instruments should be designed for
combat amongst each other, satellites are entirely used to support the terrestrial campaign,
so far at least.

[Vol. 8:2332


provided by networks can be and are increasingly virtualized. The very
plasticity and malleability of software makes gaining the “possession”
of key terrain an empty victory. Or take “maneuver.” Again, no self-
respecting cyber warrior wants to stay in one place waiting for the
enemies to hone in, but, by the time this metaphor of place is
translated into cyberspace, it may be drained of all effective meaning.
Should malware be polymorphic? Should it be hopping from client to
client? Should systems dynamically reconfigure their address space?
Should server capacity be distributed across the cloud? These are all
good questions, but it is unclear how translating all of them into some
aspect of maneuver is particularly helpful in answering them.

If cyberspace is like other domains, then under current rules of
engagement for kinetic combat, U.S. forces are allowed to fire back
when under fire. This particular rule provides a robust rationale for
disabling machines that appear to be sending bad packets to military
networks. Such a rule arises in part because it is deemed unreasonable
to order people to be put in harm’s way without being able to protect
themselves-and people do put themselves in harm’s way in
cyberspace. As noted above, this perspective puts too much emphasis
on firing back as a way of protecting networks despite the likely
ineffectiveness against even a halfway-sophisticated adversary.
Interpreting this doctrine more broadly carries substantial risks,
particularly given the problems of attribution. A closely related
assumption is that conflict in cyberspace features an opposing force
that one is supposed to disarm or destroy. But hackers cannot be
destroyed by a cyber attack and they cannot be disarmed because
none of the three weapons in their arsenal-intelligence, computers,
and networks-can be destroyed by a cyber attack in the same way
that kinetic warfare makes possible. Hence, such a quest is futile.

Fortunately, although these issues make writing concepts and
doctrine an error-prone exercise, the influence of concepts and
doctrine on what people actually do on a day-to-day basis is limited.
But why not start by not having to jettison such inaccurate concepts in
the first place?


Anointing cyberspace as a domain creates expectations that the
DoD, notably the U.S. Cyber Command (USCYBERCOM), will protect
the nation’s cyberspace in the same way that the Army, Navy, and Air
Force keep hostile forces away from our borders. The U.S. Department
of Homeland Security has signed technical-assistance agreements
with DoD knowing the latter brings the lion’s share of expertise into

2012] 333


the domestic fight for cyberspace protection. U.S. defense officials
argue that, notwithstanding their intention to concentrate on
protecting the military domain, should some digital Pearl Harbor
ensue, the DoD will have to answer for why it stood aside and did
nothing to protect the country in this domain.

Can the United States be protected by USCYBERCOM from hostile
forceS14 in this domain? Clues to that possibility may be found in the
Einstein III program which is being rolled out to protect the U.S.
government’s portion of the Internet (.gov). Proponents have
advocated extending the protection to the nation’s critical
infrastructure5 and the defense-industrial base.16 Such a program
would sit between the Internet and the protected networks, inspecting
the contents of all incoming packets and neutralizing those that
contain the signature of known malware-a firewall to end all
firewalls. But would it work, or at least work better than what already
exists? Bear in mind that these institutions can also contract with
professional information security companies to obtain the same
services without raising government-spying issues. If USCYBERCOM
has an edge, however, it could only be because it knows something
about malware signatures that these private companies do not, either
arising from harvested intelligence unavailable to private firms17 or
from having found a vulnerability themselves and telling no one.
There is surely some malware known to the intelligence community
that has not yet been seen in the wild, but there is undoubtedly even
more malware unknown to the intelligence community by dint of
being developed in small cells that do not display their wares over the
unencrypted Internet. It is hard to imagine, for instance, that an
Iranian equivalent would have discovered Stuxnet.

14 Chris C. Demchak & Peter Dombrowski, Rise of a Cybered Westphalian Age, 5
STRATEGIC STUD. Q. 32,38-39 (2011), available at
http://ww (suggesting that
many states are likely to try anyway).

15 Siobhan Gorman, U.S. Plans Cyber Shield for Utilities, Companies, WALL ST. J., Jul. 8,
2010, at A3, available at

16 Marc Ambinder, Pentagon Wants to Secure Dot-Com Domains of Contractors,
ATLANTIC, Aug. 13, 2010,

17 The larger information-security companies (including Microsoft) have so many monitors
in place that they do, in fact, gather a great deal of what would be called intelligence if done
by governments.

[Vol. 8:2334


What Einstein III offers, a better firewall, is just one element of a
more complex array of information security measures. Returning to
Stuxnet, relying on such a firewall could have blinded defenders to the
need for inherent defenses, including eliminating USB ports on the
air-gapped network, ensuring that the programmable logic chip (PLC)
that governed the centrifuges could not be reprogrammed in situ, or
separating the mechanisms that controlled the centrifuges from the
mechanisms that monitored what the centrifuges were actually doing.
Indeed, creating something like Einstein III under government
auspices may well reduce the amount of real effort expended on
cybersecurity, just as USCYBERCOM has provided the Services with
excuses for not defending their own networks. Then, users can hide
behind the fiction that they are being fully protected and can no longer
be compelled to protect themselves, thereby limiting potential
lawsuits arising from third-party damage. After all, no one expects
private firms to mount their own anti-aircraft weapons.18


The notion that cyberspace is a warfighting domain is deeply
engrained in doctrine and the minds of those who carry out such
doctrine. This essay argues that this concept is misleading, perhaps
even pernicious. Faced with the question-if cyberspace is not a
“domain” what is it-one answer may be that “it” does not exist in a
sufficiently meaningful form to make conflict-related statements
about it. Such a stance suggests that the term be totally avoided, but
since the author himself has no intention of following such advice, the
second-best alternative is to use the term carefully. Take a sentence
with the offending word in it-for example, the United States must
achieve superiority in cyberspace-and restate it without that term.
The resulting sentence will likely be wordier, but if it is also
nonsensical or excessively convoluted, perhaps the underlying thought
needs rethinking as well. As for the argument that the military’s
calling cyberspace a domain is necessary if it is to organize, train, and
equip forces for combat in that medium,19 what is wrong with focusing

i8 More likely, such enterprises will object vociferously because they do not want the U.S.
government reading the contents of all their incoming traffic. Commercial satellite
operators, for which the case for protection is somewhat stronger, are adamant about not
wanting the DoD’s help.

19 The first strategic initiative of the DoD Strategy for Operating in Cyberspace is, “treat
cyberspace as an operational domain to organize, train, and equip so that DoD can take full
advantage of cyberspace’s potential.” DEP’T OF DEF., STRATEGY FOR OPERATING IN

2012] 335


on the problems that such forces must solve-defending networked
systems, interfering with those of the adversary-and then organizing,
training, and equipping to solve such problems? Militaries do this for
electronic warfare without the latter, as noted, having been elevated
into a separate domain.

Nevertheless, is the fight over calling cyberspace a domain over
even before it has begun? Is it time to move on? A dozen years ago, a
similarly misguided notion plagued the defense community. The
concept of information warfare created a false unity binding diverse
activities such as cyberspace operations on the one hand and
psychological operations on the other. Fruitless hours were spent
developing a comprehensive theory covering this agglomeration.
When questioned about whether such a unity was not illusory, high
defense officials retorted: be that as it may, the concept was
established and that was that. But things did change. The term
information warfare, in the process of morphing into “information
operations,” created “influence operations,” which covers
psychological operations and concomitants, such as strategic
communications. The cyber part of this formulation, computer
network operations, married the “cyber” prefix and separated itself
completely from matters psychological. Electronic warfare returned to
its own aerie. So, at least the term, information warfare, has been

CYBERSPACE 5 (2011). Although the Strategy never uses the term “warfighting domain” as
such, cyberspace is to be treated no differently than the historic four, “As directed by the
National Security Strategy, DoD must ensure that it has the necessary capabilities to
operate effectively in all domains[-]air, land, maritime, space, and cyberspace.” Id.

336 [Vol. 8:2

Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.

The Cyber Domain
Metcalf, Andy, USMC;Scott, Dan
Marine Corps Gazette; Aug 2015; 99, 8; ProQuest
pg. 57

Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.

Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.

Looking for top-notch essay writing services? We've got you covered! Connect with our writing experts today. Placing your order is easy, taking less than 5 minutes. Click below to get started.

Order a Similar Paper Order a Different Paper