Home  /  Newsroom  /  Insights  /  Integrating the cyber domain in Multi Domain Operations

Integrating the cyber domain in Multi Domain Operations

The future development of military Cyberspace Operations

Throughout the history of warfare, military forces have tried to coordinate actions by land, sea and air, to acquire battlefield advantages. Now, with the development of modern technologies, the contemporary challenge is to insert and coordinate actions cyberspace into the multi domain battle. This will require new doctrinal concepts, new training programs and facilities and finally obtaining and maintaining new skills and capabilities. Cyberspace is commonly recognized as the Fifth Operational Domain and is now part of the current warfare equation together with the conventional domains. Accordingly, the Italian Ministry of Defense (MoD)¹, in 2020, established the Joint Command for Network Operations, to provide and manage C4/ICT² services, ensuring a robust cyber defense capability for the Italian Defense networks and, nonetheless, the capability to plan and conduct cyberspace operations as part of multi-domain operations. 

This three-star Command centralizes competences, responsibility and chain of command of both the network infrastructure and cyber capabilities. Since last year, the Command has been fully involved in the military operations stakeholders, under the control of the Joint Operational Headquarters, along with two other two Joint Commands: Space and Special Operations. The JCNO³  has three Departments (see picture 1). The C4 Department provides a 24/7 service, based on the integration of NOC⁴ SOC⁵ and IOC⁶. The Cyber Defence & Security Department is responsible for the CERT⁷ of Italian MoD, synergistically working with the aforementioned integrated operations center, to prevent and react to events and security incidents. Finally, the Cyber Operations Department plans and conducts full-spectrum cyberspace operations in counter possible threats or adverse actions against Defence Networks, Systems and Services.

  1 Ministry of Defence
  2 Command, Control, Communication, and Computers / Information Communication Technology
 

  3 Joint Command for Network Operations
  4 Network Operations Center
  5 Security Operations Center
  6 Infrastructure Operations Center
  7 Computer Emergency Response Team

Picture n.1 - Joint Command for Network Operations

In the context of Military Operations, we are comfortable in referring to a joint model. However, to understand the real significance of Multi Domain Operations, we first need to understand the paradigm shift, which distinguishes these operations from traditional joint operations. Joint operations are based on the need to achieve superiority in the domain of competence. Alternatively, the essence of Multi Domain Operations in the awareness that it is not possible to maintain supremacy in all domains. Therefore, their goal is to maintain freedom of movement in all domains to exploit any opportunity by taking advantage by the convergence of effects to be achieved through the synchronization of cross-domain actions. Carrying out Cyberspace Operations is actually a powerful enabler as an “effect” contribution to multi-domain operations. So, Cyberspace Operations should be addressed to these cross-domain purposes and better support the chain of command with increased situational awareness. Currently it is possible to identify a series of assets, capabilities and activities that rely on cyberspace. Technologies and systems like radar sensors or logistic information platforms are critical to military operations. Most of the CNI⁸, such as power grids or fuel pipelines, are controlled and supervised by specific hardware and software also called ICS⁹. Furthermore, substantial amounts of data are exchanged daily through human interactions by mean of digital tools are essential for development, commerce and services to citizens. All those mentioned technologies, assets and capabilities could be possible targets for effects like denial services, data exfiltration, data manipulation and, in general, actions that could influence public opinion or, even worst, political decisions. Therefore, those assets and capabilities, if friendly, must be defended and in case they are enemy assets, they could be exploited. Cyberspace Operations can be split in operations that are carried out inside the boundaries of an internal infrastructure and operations that are carried beyond those boundaries (see picture 2). Hence, we identify the “Blue Cyberspace” where to conduct proactive DCO¹⁰ and guarantee Info Assurance trough the CISIO¹¹ and the “Red Cyberspace” where to conduct reactive DCO without excluding the possibility to conduct OCO¹² with the aim to generate specific effects and to reach the desired end-state.

  8 Critical National Infrastructure
  9 Industrial Control System
  10 Defensive Cyberspace Operations
  11 Communication Information System Infrastructure Operations
  12 Offensive Cyberspace Operations

Picture n.2 - Blue cyberspace and Red cyberspace.

Picture 3 is an example on how a deployed Task Group can be organized, in a crisis context, to carry out Cyberspace Operations

Picture n.3 - Deployable Cyber Task Group.

Particularly the Command Staff will be composed by SMEs¹³ that include Officers for Informative Support, personnel for the Operation Control and LNOs¹⁴ are the tactical level. The Staff will produce a recognized Cyber Operational Picture that will be shared with the JCNO, providing a reach back capability. The JCNO will receive and collect CyOPs¹⁵ from all the active scenarios and this collection will inform a complete CyOP. The CyOP, combined with the pictures coming from the other domains and from functional areas, will be one of the pillars sustaining the overall project of the Joint Common Operational Picture that is currently under development. The CyOP will provide the necessary bit of information concerning the Cyberspace Domain to the overall scenario of the Multi Domain Operations. See picture 4.

  13 Subject Matter Experts
  14 Liaison Officers
  15 Cyberspace Operational Picture

Picture n.4 - Cyber Command Operational Platform and Joint Common Operational Picture.

At the tactical level, several tools like MISP¹⁶ and others that are normally used to fulfil the internal standard procedures are grouped under the Cyber Command Tactical Platform. This platform will inform the operational tool called the CyCOP¹⁷. This platform will provide an updated representation of the Physical and Logical layers for the benefit of the Situation Room. In the MDO context, the CyOP will be the cyber layer of the Joint Common Operational Picture that will be displayed in the Joint Operations Center. 

In summary, all the relevant information composing the Cyberspace Operational Picture are graphically represented in the Situation Room of the Joint Command for Network Operations. Integrating the cyber domain in the MDO means not only to developing advanced technological assets but also highly professional personnel within a well-defined qualifications system, that identifies specific knowledge, skills and abilities in terms of adapting to the rapid and continuous evolution of relevant threats. 

  16 Malware Information Sharing Platform
  17 Cyber Command Operational Platform

Picture n.5 - Cyber Range facility.

Additionally, a so-called “Cyber Range” is essential to long-tern success. This training tool is an opportunity to provide tailored education and simulations in which cyber professionals can perform hands-on and specialized activities to improve their knowledge. Importantly, this need extends beyond the national level. In particular, the JCNO can be involved in several international events, selecting the most relevant ones (NATO, UE, CCD COE, International) in terms of different level of engagement (technical/tactical or operative) and specific competences required (Blue/Red Team plays).Moreover, another future opportunity includes deploying of a Cyber Operations Component Command. That certainly needs deeper analysis and developments together with the new concept of the Cyber Rapid Reaction Teams, a high readiness Unit that could be deployed to face specific cyber issues. In conclusion, integrating the cyberspace domain into Multi Domain Operations requires attaining and maintaining an adequate level of technical and operational capabilities. This long-term requirement is critical especially when cyber military assets are deployed abroad to support our National contingents, through the execution of Defensive Cyber Operations and mission critical IT systems hardening procedures. The JCNO is working with a group of Italian Universities and Industries, on behalf of the Defense Staff, to develop proper training facilities. 

Story by Brig. Gen. (ITA Army) Giuseppe TORTORELLI - Cyber Operations Department Chief at the Joint Command for Network Operations