The following is version 1.7.6 of the U.S. Strategic Command Cyber Warfare Lexicon produced in January 2009. For more information on the document, see our article on the subject.
THE CYBER WARFARE LEXICON: A LANGUAGE TO SUPPORT THE DEVELOPMENT, TESTING, PLANNING, AND EMPLOYMENT OF CYBER WEAPONS AND OTHER MODERN WARFARE CAPABILITIES
- 45 pages
- For Official Use Only
- January 5, 2009
- 12.36 MB
(U//FOUO) Since the 2006 signing of the National Military Strategy for Cyberspace Operations (NMS-CO), the emerging US cyber warfare community continues to mature and its capabilities increasingly compete for consideration when US forces plan operations. Computer network attack (CNA) and electronic attack (EA) technologies have progressed to the point where their use could be routinely considered in the context of existing and developing OPLANS. In order to effectively integrate and standardize use of these non-traditional weapons, the developers, testers, planners, targeteers, decision-makers, and battlefield operators require a comprehensive but flexible cyber lexicon that accounts for the unique aspects of cyber warfare while minimizing the requirement to learn new terms for each new technology of the future. Without a shared understanding of the accurate meanings of a significant number of frequently used terms, it will be difficult to make progress on the more complex and unresolved technical and operational issues for non-traditional weapons: actionable requirements, technical and operational assurance, effective mission planning techniques, and meaningful measures of effectiveness. In fact, the Secretary of Defense’s Information Operations (IO) Roadmap listed its first benefit to the combatant commanders as “a common lexicon and approach to IO, including support to integrated information campaign planning.” Although the focus of cyberspace operations is not the same as that of IO, they share some technologies and until now, no such lexicon (for IO, or any portion of IO) has been published.
(U//FOUO) Under Unified Command Plan (UCP) 2008, USSTRATCOM has overall responsibility for IO. This Lexicon was initiated and originally published by the STRATCOM IS-sponsored IO Joint Munitions Effectiveness Manual (JMEM) Working Group. As its scope and potential impact grew beyond the JMEM community, responsibility was transferred to the USSTRATCOM Joint Functional Component Command for Network Warfare (JFCC-NW) staff for further refinement and development. The publication of the NMS-CO established an obvious but ill-defined relationship between CO and IO. This Lexicon is an attempt to consolidate the core terminology of cyberspace operations, and to clarify somewhat the CO /IO relationship. However, many of the terms introduced or updated here are equally applicable throughout the testing, planning, and operational communities, regardless of the underlying technology, and suggest language that could even improve doctrine for traditional weapons and operations.
Select a term from the following list to read the full definition.
cyberspace | cyber weapon vulnerability | kinetic |
(U//FOUO) cyberspace: a global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. (from 12 May 2008 SECDEF memo)
[(U//FOUO) Previous version – cyberspace: A domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures. (from NMS-CO)]
(U//FOUO) cyberspace operations (CO): All activities conducted in and through cyberspace in support of the military, intelligence, and business operations of the Department. (based on NMS-CO description)
(U//FOUO) cyberspace operations (CO): The employment of cyber capabilities where the primary purpose is to achieve military objectives or effects in or through cyberspace. Such operations include computer network operations and activities to operate and defend the global information grid. (from 29 Sep 2008 VJCS Memo, however it is inconsistent with NMS-CO and improperly limited)
(U//FOUO) cyber warfare (CW): Creation of effects in and through cyberspace in support of a combatant commander’s military objectives, to ensure friendly forces freedom of action in cyberspace while denying adversaries these same freedoms. Composed of cyber attack (CA), cyber defense (CD), and cyber exploitation (CE).
(U//FOUO) cyber attack (CA): Cyber warfare actions intended to deny or manipulate information and/ or infrastructure in cyberspace. Cyber attack is considered a form of fires.
(U//FOUO) cyber defense (CD): Cyber warfare actions to protect, monitor, detect, analyze, and respond to any uses of cyberspace that deny friendly combat capability and unauthorized activity within the DOD global information grid (GIG).
(U//FOUO) cyber exploitation (CE): Cyber warfare enabling operations and intelligence collection activities to search for, collect data from, identify, and locate targets in cyberspace for threat recognition, targeting, planning, and conduct of future operations.
(U//FOUO) cyber warfare capability: A capability (e.g. device, computer program, or technique), including any combination of software, firmware, and hardware, designed to create an effect in cyberspace, but that has not been weaponized. Not all cyber capabilities are weapons or potential weapons.
(U//FOUO) cyber weapon system: A combination of one or more weaponized offensive cyber capabilities with all related equipment, materials, services, personnel, and means of delivery and deployment (if applicable) required for self-sufficiency. (Note: adapted directly from JP 1-02 of weapon system.)
(U//FOUO) cyber weaponization: The process of taking an offensive cyber capability from development to operationally ready by incorporating control methods, test and evaluation, safeguards, security classification guidance, interface/ delivery method, certified and trained personnel, employment recorder, CONOP, TIP, life-cycle support, and launch platform.
(U//FOUO) cyber weapon characterization: The process of determining and documenting the effect producing mechanisms and assurance factors of cyber weapons. Characterization includes aspects of technical assurance evaluation, OT&E, risk/protection assessments, and other screening processes. Answers the question: “What do I need to know about this weapon before I can use it?” [Note: Cyber Weapon Characterization is one step in the Cyber Weaponization process.]
(U//FOUO) cyber weapon categorization: A binning of cyber weapon capabilities into categories, based on risk assessment and the release authority required for their use. Useful for answering the question: “Who can authorize use of this weapon?” Example categories might be:
• Category I- Combatant commander release
• Category II – Pre-approved for combatant commander use in specific OPLANs
• Category III- President/SECDEF release only
(U//FOUO) cyber weapon delivery mode: The method via which a cyber weapon (or a command to such a weapon) is delivered to the target. Delivery may be via direct implant or remote launch. Hardware cyber weapons often require direct implant. Remote launched cyber weapons and/or commands may be placed via wired and/or wireless paths.
(U//FOUO) cyber weapon flexibility: The extent to which the cyber weapon’s design enables operator reconfiguration to account for changes in the target environment.
(U//FOUO) cyber weapon identification: The manner in which a cyber weapon is represented for inventory control purposes, based on the weapon’s forensic attributes (e.g. for software: file name, file size, creation date, hash value, etc., for hardware: serial number, gram weight, stimulus response, x-ray image, unique markings, etc.).
(U//FOUO) cyber weapon vulnerability: An exploitable weakness inherent in the design of a cyber weapon. Weaknesses are often in one of the following risk areas:
- detectability risk – The risk that a weapon will be unable to elude discovery or suspicion of its existence. This includes the adverse illumination risk of hardware weapons.
- attribution risk – The risk that the discoverer of a weapon or its effect will be able to identify the source and/or originator of the attack or the source of the weapon used in the attack.
- co-optability risk – The risk that, once discovered, the weapon or its fires will be able to be recruited, used, or reused without authorization.
- security vulnerability risk – The risk that, once discovered, an unauthorized user could uncover a security vulnerability in the weapon that allows access to resources of the weapon or its launch platform. This includes the risk of an adversary establishing covert channels over a weapon’s C2 link.
- misuse risk – The risk that the weapon can be configured such that an authorized user could unintentionally use it improperly, insecurely, unsafely, etc.
- policy, law, & regulation (PLR) risk – The risk that the weapon could be configured such that an authorized user could intentionally use it in violation of existing policy, laws, and regulations.
(U) access: Sufficient level of exposure to or entry into a target to enable the intended effect.
(U) collateral effect: Unintentional or incidental effects, including injury or damage, to persons or objects that would not be lawful military targets in the circumstances ruling at the time.
(U) deny: To attack by degrading, disrupting, or destroying access to or operation of a targeted function by a specified level for a specified time. Denial is concerned with preventing adversary use of resources.
- degrade
(U) degrade: (a function of amount) To deny access to or operation of a targeted function to a level represented as a percentage of capacity. Desired level of degradation is normally specified. - disrupt
(U) disrupt: (a function of time) To completely but temporarily deny access to or operation of a targeted function for a period represented as a function of time. Disruption can be considered a special case of degradation where the degradation level selected is 100%. - destroy
(U) destroy: To permanently, completely, and irreparably deny access to, or operation of, a target. Destruction is the denial effect where time and level are both maximized.
(U) dud: A munition that has not been armed or activated as intended or that failed to take an expected action after being armed or activated. (Note: adapted directly from JP 1-02 of dud.)
(U) effects assessment (EA): The timely and accurate evaluation of effects resulting from the application of lethal or non-lethal force against a military objective. Effect assessment can be applied to the employment of all types of weapon systems (air, ground, naval, special forces, and cyber weapon systems) throughout the range of military operations. Effects assessment is primarily an intelligence responsibility with required inputs and coordination from the operators. Effects assessment is composed of physical effect assessment, functional effect assessment, and target system assessment. Note: Battle Damage Assessment (BDA) is a specific type of effects assessment for damage effects. ” (This is a direct adaptation from the JP 1-02 definition of BDA.)
(U//FOUO) intended cyber effect: A sorting of cyber capabilities into broad operational categories based on the outcomes they were designed to create. These categories are used to guide capability selection decisions. Answers the question: “What kind of capability is this?” Specifically:
• denial – degrade, disrupt, or destroy access to, operation, quality of service, or availability of target resources, processes, and/or data.
• manipulation – manipulate, distort, or falsify trusted information on a target.
• command and control – provide operator control of deployed cyber capabilities.
• information/data collection – obtain targeting information about targets or target environments.
• access – establish unauthorized access to a target.
• enabling – provide resources or create conditions that support the use of other capabilities.
(U) kinetic: Of or pertaining to a weapon that uses, or effects created by, forces of dynamic motion and/ or energy upon material bodies. Includes traditional explosive weapons/ effects as well as capabilities that can create kinetic RF effects, such as continuous wave jammers, lasers, directed energy, and pulsed RF weapons.
(U) non-kinetic: Of or pertaining to a weapon that does not use, or effects not created by, forces of dynamic motion and/ or energy upon material bodies.
(U) lethal: Of or pertaining to a weapon or effect intended to cause death or permanent injuries to personnel.
(U) non-lethal: Of or pertaining to a weapon or effect not intended to cause death or permanent injuries to personnel. Nonlethal effects may be reversible and are not required to have zero probability of causing fatalities, permanent injuries, or destruction of property.
(U//FOUO) manipulate: To attack by controlling or changing a target’s functions in a manner that supports the commander’s objectives; includes deception, decoying, conditioning, spoofing, falsification, etc. Manipulation is concerned with using an adversary’s resources for friendly purposes and is distinct from influence operations (e.g. PSYOP, etc.).
(U) misfire: The failure of a weapon to take its designed action; failure of a primer, propelling charge, transmitter, emitter, computer software, or other munitions component to properly function, wholly or in part. (Note: adapted directly from JP 1-02 of misfire.)
(U) probability of effect (PE): The chance of a specific functional or behavioral impact on a target given a weapon action.
(U) target state: The condition of a target described with respect to a military objective or set of objectives.
(U) targeted vulnerability: An exploitable weakness in the target required by a specific weapon.
- objective vulnerability
objective vulnerability: A vulnerability whose exploitation directly accomplishes part or all of an actual military objective. - access vulnerability
access vulnerability: A vulnerability whose exploitation allows access to an objective vulnerability.
(U) weapon action: The effect-producing mechanisms or functions initiated by a weapon when triggered. The weapon actions of a kinetic weapon are blast, heat, fragmentation, etc. The weapon actions of a cyber attack weapon might be writing to a memory register or transmission of a radio frequency (RF) waveform.
(U) weapon effect: A direct or indirect objective (intended) outcome of a weapon action. In warfare, the actions of a weapon are intended to create effects, typically against the functional capabilities of a material target or to the behavior of individuals. Effect-based tasking is specified by a specific target scope, desired effect level, and start time and duration.
- direct effect
direct effect: An outcome that is created directly by the weapon’s action. Also known as a first order effect. - indirect effect
indirect effect: An outcome that cascades from one or more direct effects or other indirect effects of the weapon’s action. Also known as second, third, Nth order effects, etc.