A Systems Analysis of U.S. Army Operations in Cyberspace
by Thomas P. Dirienzo
B.S. in Computer Science, May 2004, United States Military Academy
A Thesis submitted to
The Faculty of The School of Engineering and Applied Science of the George Washington University in partial fulfillment of the requirements for the degree of Master of Science
August 31, 2015
Thesis directed by
Julie J. C. H. Ryan Associate Professor of Engineering Management and Systems Engineering
Acknowledgements
I would like to express my sincerest appreciation to my advisors Dr. Stephen Chaney and Dr. Julie Ryan, as well as to Phil Sisson, Ian Hall, Nathan Krishnan, and Keith
Thomas. Surely, without their guidance and assistance this endeavor would not have been possible.
ii
Abstract
A Systems Analysis of U.S. Army Operations in Cyberspace
Operations in and through the Cyberspace Domain are transforming the ways in which the U.S. Army must conduct Unified Land Operations. The Army is reorganizing to address the convergence of combined arms maneuver, electromagnetic spectrum activities, and cyberspace operations. This paper provides a structural analysis of the cyberspace domain in relation to the functions of the U.S. Army. The research goal is to provide a construct that the Army may use to better visualize functions, understand interactions of land and cyber, and organize effectively for operations.
This research effort required the application of multiple research methods. A historical evaluation of the air and space domains provides insights for cyberspace as it relates to domains. An evolutionary view of the ‘cyberspace domain’ reveals an operational definition of the term. Decomposing domain elements using ontological methods provided a structural framework for discussing the cyberspace domain. Finally, applying systems modeling methods provides an organizational understanding of the cyberspace domain.
Critical findings of this research include the need to better understand the future of convergence within the information environment, including cyber and electromagnetic operations. This research suggests that might be best guided through integration group strategies. This would require designating operations that fall into these categories as
Information Technology Operations, and broadening the definition of the cyberspace domain. Redefining the cyberspace domain to the area of responsibility that supports information technological elements used to effect information systems would account for
iii this understanding. Aligning to reflect this view would also improve the military’s current organizational design to properly resource the domain with the required professionals.
iv
Table of Contents
Acknowledgements ...... ii Abstract ...... iii List of Figures ...... vii List of Tables ...... viii Glossary of Terms ...... ix List of Acronyms ...... x Chapter 1 – Introduction ...... 1 1.1 Statement of the Problem ...... 1 1.2 Organization of the Document ...... 1 1.3 Background ...... 2 1.4 Purpose ...... 3 1.5 Significance ...... 3 1.6 Scope and Limitations ...... 3 1.7 Summary of Findings ...... 4 Chapter 2 - Literature Review ...... 6 2.1 Understanding the Battlespace ...... 6 2.2 The Environment vs. The Domain ...... 8 2.3 An Ontological Approach ...... 14 Chapter 3 - Research Methods ...... 17 3.1 Research Goal ...... 17 3.2 Research Questions ...... 17 3.3 Research Analysis Approach ...... 17 Chapter 4 - Evolving the U.S. Army’s Operations in Cyberspace ...... 19 4.1 Understanding Military Domains Through Historical Analysis ...... 19 4.1.1 The Air Domain ...... 19 4.1.2 The Space Domain ...... 21 4.1.3 A Domain Comparison ...... 26 4.1.4 The Cyberspace Domain ...... 27 4.2 A Systems Analysis of Cyberspace Through an Ontology ...... 30 4.2.1 A Conceptual Domain Model ...... 30 4.2.2 Web Ontology Language and Metamodel ...... 32 4.2.3 OWL’s Analysis Capabilities ...... 35 4.3 Integration of U.S. Army Operations in Cyberspace ...... 41 4.4 Organizational Integration of the U.S. Army Cyberspace Design ...... 43 Chapter 5 - Conclusion ...... 47 5.1 Findings ...... 47 5.2 Recommendations ...... 49 5.3 Conclusion ...... 51 5.4 Areas for Additional Research ...... 52
v
Bibliography ...... 54 Appendix A ...... 62 Appendix B ...... 64 Appendix C ...... 67 Appendix D ...... 68
vi
List of Figures
Fig. 1: Physical vs. Information Environment (Paul et al., 2013) ...... 10
Fig. 2: Traditional Military Domains vs. the Cyber Domain (Paul et al., 2013) ...... 11
Fig. 3: Information Environment ...... 13
Fig. 4: Layered Ontology (Semy et al. 2004) ...... 15
Fig. 5: Systems Engineering V-Methodology ...... 18
Fig. 6: Triggering Events in Cyberspace ...... 29
Fig. 7: Military Cyberspace Domain Model ...... 31
Fig. 8: Cyberspace Taxonomy Viewed in Protégé Ontology Editor ...... 33
Fig. 9: Ontology Object Properties ...... 34
Fig. 10: Linking Ontology Instances ...... 34
Fig. 11: OWL Query Command ...... 36
Fig. 12: OWL Query Results ...... 36
Fig. 13: Electronic Device Link ...... 38
Fig. 14: Equivalency Statements Added to a Class in OWL ...... 38
Fig. 15: OWL Generated RDF XML Elements ...... 39
Fig. 16: Results of Running HermiT Reasoner on Ontology ...... 40
Fig. 17: Visual Interpretation of HermiT Reasoner ...... 40
Fig. 18: Cyber/EW Threshold (Pavadore, 2013) ...... 42
Fig. 19: Overlapping Network Warfare and Defense Tasks ...... 63
Fig. 20: Matrix Organization (Ancona et al., 2009) ...... 64
Fig. 21: C/EM Expertise Map (C/EM Contest 2010) ...... 66
vii
List of Tables
Table 1: Example Network Warfare Soldier Tasks ...... 67
Table 2: Example Network Defender Tasks ...... 67
viii
Glossary of Terms
“Cyber Electromagnetic Activities (CEMA): activities leveraged to seize, retain, and exploit an advantage over adversaries and enemies in both cyberspace and the electromagnetic spectrum, while simultaneously denying and degrading adversary and enemy use of the same and protecting the mission command system (ADRP 3-0). CEMA consist of cyberspace operations (CO), electronic warfare (EW), and spectrum management operations (SMO)” (FM 3-38, 2014).
“Cyberspace: is a global domain within the information environment consisting of the interdependent network of information technology infrastructures and resident data, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. Operations in cyberspace contribute to gaining a significant operational advantage for achieving military objectives” (JP 3-12, 2013).
“Cyberspace Operations: the employment of cyberspace capabilities where the primary purpose is to achieve objectives in or through cyberspace. Cyberspace operations consist of three functions: offensive cyberspace operations, defensive cyberspace operations, and Department of Defense information network operations” (JP 3-0, 2011).
“Information Environment: the aggregate of individuals, organizations, and systems that collect, process, disseminate, or act on information. This environment consists of three interrelated dimensions, which continuously interact with individuals, organizations, and systems. These dimensions are the physical, informational, and cognitive” (JP 3-13, 2012).
“Information Operations: the integrated employment, during military operations, of information related capabilities in concert with other lines of operation to influence, disrupt, corrupt, or usurp the decision making of adversaries and potential adversaries while protecting our own” (JP 3-13, 2012).
“Operational Environment: is a composite of the conditions, circumstances, and influences that affect the employment of capabilities and bear on the decisions of the commander. It encompasses physical areas and factors (of the air, land, maritime, and space domains) and the information environment (which includes cyberspace)” (JP 3-0, 2011).
Operational Definitions: Domain: is that which consists of all operational activities and responsibilities related by closely associated knowledge specialties, technologies, and organizational processes associated with an environment.
Cyberspace Domain: the area of responsibility that supports information technological elements used to effect information systems. Desired effects can be systems or people that transmit, receive, store, or manipulate equipment, or processes, that depend on the information systems.
ix
List of Acronyms
ADRP Army Doctrine Reference Pubication ARCYBER Army Cyber ARPA Advanced Research Projects Agency BFO Basic Formal Ontology BG Brigadier General CCRP Command and Control Research Program CBA Capabilities Based Assessment CYBERCOM Cyber Command CEMA Cyber Electromagnetic Activities CO Cyber Operations DoD Department of Defense DOTMLPF Doctrine, Organization, Training, Materiel, Leadership, Personnel, and Facilities DHS Department of Homeland Security DA Department of the U.S. Army EMS Electromagnetic Spectrum EMSO Electromagnetic Spectrum Operations EW Electronic Warfare FM Field Manual FSO Full Spectrum Operations IO Information Operations ITO Information Technology Operations IRC Information-Related Capabilities JP Joint Publication JOPP Joint Operation Planning Process MI Military Intelligence NASA National Aeronautics and Space Administration OWL Web Ontology Language RDF Resource Description Framework SWRL Semantic Web Rules Language SC Signal Corps SPARQL Simple Protocol and RDF Query Language SPIN SPARQL Inferencing Notation SMO Spectrum Management Operations SUMO Suggested Merged Upper Ontology UML Unified Modeling Language XML Extensible Modeling Language
x
Chapter 1 – Introduction
1.1 Statement of the Problem The U.S. Army requires a detailed understanding of the cyberspace domain in order to effectively integrate land and cyber operations. This paper uses a logic-based approach to develop a standardized ontology and establish a foundation for understanding
Cyberspace Operations.
1.2 Organization of the Document The first chapter is an introduction to the topic of cyberspace as it relates to the U.S.
Army, and the associated problem statement. In Chapter 1, the background is identified and the purpose and scope of the research are described. Lastly, a summary of the findings are detailed.
The second chapter is a review of the current literature related to the research, first focusing on the military’s organizational history within cyberspace. Next, focus is given to the significant distinctions between a ‘domain’ and an ‘environment’. With this understanding, a description of the evolution of the cyberspace domain is provided and closes by suggesting the need to refine the service’s current understanding of the domain with a visual representation. In chapter three the research goals and research methods of the thesis are presented. As well as questions to be answered through the systems analysis of the cyberspace domain.
Chapter four begins with an analysis of the air and space domains to better understand the linkage to that of the cyberspace domain. From this understanding, a more detailed definition of the military domain is provided. To support the expanded boundaries of the definition offered, the chapter applies a systems analysis of cyberspace by decomposing
1 its functions using a domain ontology. Lastly, insight is given into organizational necessities for cyberspace based on this decomposition.
Chapter Five concludes with the findings of the thesis and provides subsequent recommendations, with insights given to motivate the relevance of the topic.
Conclusions are drawn from the research and areas for future studies are offered.
1.3 Background The military operates in the four physical domains of air, land, maritime, and space; and one virtual domain: cyberspace. These domains are relatively easy to understand because they are based on physical traits, such as oceans and landmasses. Cyberspace is different. It includes aspects that are physical (servers, cables, antennas) but also aspects that transcend physical aspects. The distinction of cyberspace as a military domain emphasizes its significance, and the critical nature with which cyberspace interacts with other domains.
The Army developed the LandCyber Whitepaper to recognize the rapid convergence of, effects between, and areas of overlap in the cyberspace and land domains. Integrating cyberspace capabilities into the U.S. Army’s warfighting functions is pivotal to the success of the LandCyber solution. The premise for this framework is the converging direction of land with cyberspace operations. This convergence further creates interdependence in both domains, increasing the intricacy of operations.
To manage this difficult problem, it is necessary to understand not only the areas of convergence, but use these areas to maximize effects in the domain. Supporting this integration relies on a greater understanding of the constitution of the cyberspace domain so as to be able to support the transformation. An ontology offers a valuable way of
2 understanding the cyberspace domain and provides a systematic approach for standardizing the domain through a ‘computational logic-based language’ (OWL, 2012).
1.4 Purpose The challenges associated with this research included language, intricacy, and newness. The purpose is to provide a construct that the Army will use to better visualize functions, understand interactions of land and cyber, and organize effectively for operations. The research, therefore, aids in determining how to effectively organize, train, and equip forces for cyberspace operations.
1.5 Significance The U.S. Army is rapidly integrating cyberspace capabilities into its domain, while technology advances at the pace of Moore’s Law. The ontological model introduced in the research provides a systematic method for interrogating and cataloguing our knowledge of cyberspace. Expanding and formally adopting this type of model would create a standard for which to measure domain knowledge from and against. This standardization aids in such things as capability gap analysis and the development of
Army Universal Task Lists, while also providing a repository to build on for further analysis.
1.6 Scope and Limitations The scope of this research on cyberspace from a systematic point of view is to make recommendations for various aspects of U.S. Army doctrine, organization, and training within the informational environment. The systems engineering decomposition is limited to the strategic level in order to keep the research bounded to a manageable pursuit.
Also, this research does not attempt to make a full Doctrine, Organization, Training,
Materiel, Leadership, Personnel, and Facilities (DOTMLPF) study of the cyberspace
3 domain, however, the recommendations have implications on specific aspects of the
DOTMLPF framework.
In decomposing the domain, a model is developed and it is suggested to establish a formalized ontological model in this fashion. Within the context of the modeling and analysis the research is limited to the first principles examination of tasks, functions, and services of the cyberspace domain.
The development of a standardized and widely accepted ontology is a significant undertaking. This research seeks to capture the intricacies of the domain adequately to demonstrate why the capabilities of an ontology offer a preferred solution. The research, therefore, does not offer a comprehensive ontology, but rather a model to build from in pursuing that endeavor.
1.7 Summary of Findings It is a conclusion of this research that the Army is using the build, assess, build methodology for defining cyber operations. This domain must undergo a continuous development and refinement process in order to keep up with the changes in technology and our enemies’ tactics, techniques, and procedures. The military must also doctrinally define a ‘domain’ to properly distinguish it from an operational ‘environment’.
Subsequently, they should redefine the cyberspace domain to account for its significance on all technical operations within the information environment.
To clearly understand the boundaries, a formal ontology should be created for the domain using a structured model. An ontological method provides a representation of a complex domain. This representation not only aids in a domain understanding, but also grounds the knowledge of cyberspace and its interrelationships in a rich logic-based model.
4
The parameters in the cyberspace model are substantiated in a description of the properties as Information Technology Operations (ITO). Combining Field Manual (FM)
3-36 and FM 3-38 under FM 3-12 would support this grouping. Utilizing areas of information technological convergence will help identify the multidisciplinary necessities required for the U.S. Army’s implementation of the LandCyber framework. Lastly, the military’s organizational design should utilize techniques to properly leverage resources within this domain.
5
Chapter 2 - Literature Review
2.1 Understanding the Battlespace Maximizing the military’s effectiveness in cyberspace makes understanding required cyber related capabilities and the means of achieving them an ongoing issue. Increased awareness of the effects of cyber operations on physical domains, most notably toward critical infrastructures, necessitates an escalation of effort within the DoD and other governmental agencies. While those more familiar with cyberspace operations have long voiced concern over potential large-scale cyber related incidents, only as of late has the
DoD taken significant steps towards protecting against these threats and closing gaps in operational capabilities.
The evolution of the Department of Homeland Security’s (DHS) Cyber Security
Division over the past decade provides a case study in the government’s struggles to properly resource for cyber security. The turnover rate amongst Division Chiefs precipitated largely from concerns of bureaucratic infighting over organizational power struggles and an inability to receive proper legislative attention (Halliday 2014, Gorman
2009, Lemos 2004). Despite recognizing the ability for significant impacts in cyberspace, government funding for cybersecurity could not keep pace with the rapidly advancing technology, creating a capability gap in the nation’s defense.
Aside from ongoing command and control issues between executive departments, the emphasis on cyber security is at the forefront of policymakers’ minds. In a time of a shrinking defense spending, the requested $5.5 billion for cybersecurity budget represents one of the few areas of growth in the 2016 defense budget (McLeary 2014, Sternstein
2015). While funding for military operations in cyberspace is faring better than most
6 other defense appropriations, properly integrating operations into the military structure continue (Freedberg, 2014).
With the Defense Department’s role in cyberspace evolving, so too is their understanding of the battlespace itself. As Colonel Olen Kelley discussed in his research at the U.S. Army War College, the military’s 2001 joint publication on operations described cyberspace within the five warfighting domains of air, land, sea, space, and information (Kelley, 2008). This distinction originated from a Command and Control
Research Program (CCRP) conducted in 2001, which contextualizes the aspects of information as a domain versus an environment (Alberts, et al., 2001). Information as a domain, however, is what Kelley and others took exception to, asserting that cyberspace itself is the domain within an information environment.1 The debate over this point is not one merely of semantics. Understanding the difference between domains and environment sets the conditions for proper organization and allocation of resources.
Though remaining doctrinally unchanged, the organizational emphasis within the information environment increasingly went towards that of cyberspace operations, evidenced by the establishment of the U.S. Cyber Command (CYBERCOM). The focus on cyberspace as the command perpetuated the assertion that cyberspace constitutes the emphasis and the actual warfighting domain. The military’s establishment of cyberspace as an operational domain came officially with the Defense Department’s July 2011
Strategy for Operating in Cyberspace. Strategic Initiative 1 stated the DoD will “treat”
1 Geoffrey F. Weiss USAF “Exposing the Information Domain Myth: A New Concept for Air Force and Information Operations Doctrine.” Air & Space Power Journal 22, no. 1 (2008): 49–62,126. http://proxygw.wrlc.org/login?url=http://search.proquest.com/docview/217773213?accountid=11243. Mr. Weiss argues against the concept of an Information Domain as it bounds the scope of information operations.
7 cyber as an operational domain, making this distinction in order to maximize operations within it (2011, 5).
As a result, the National Security Strategy formally recognized cyberspace alongside that of air, land, maritime, and space domain. Though an operational command in 2010, this initiative formalized CYBERCOM as a Sub-Unified Command responsible for synchronizing the DoD’s cyberspace operations and delegated the four military service component Cyber Commands as subordinate (2011, 5). The concept of a cyberspace in concert with other operational domains, or at least the utility in such a framework draws question.
RAND Corporation’s Dr. Martin Libicki highlights in his article Cyberspace is not a
Warfighting Domain the discussion behind whether cyber belongs is somewhat irrelevant, except if its label forces illogical analogies as to its structure and application.
Dr. Libicki argues not against the justification for a domain, but its lack of utility in helping understand how to conduct operations within it (Libicki, 2012, 322). Thus cyberspace as a domain can be useful if it helps understand the capabilities, however, the term cannot be used to connote certain doctrinal or organizational outcomes. More plainly, the view of cyberspace as a domain helps highlight the significance of operations within it, though the name itself cannot imply how to operate within it.
2.2 The Environment vs. The Domain Furthering an understanding of the boundaries to cyberspace aids in properly scoping the areas of operations. Recent widespread attention on cyberspace, however, has also fostered broad generalizations and often misuse of the term, making the establishment of a widely agreed upon operational definition difficult. The former Operations Director for
8
Cyber Command, Major General (Ret.) Brett T. Williams, instead created four axioms that succinctly categorize cyberspace and the role it plays.
Three of the four axioms are most applicable in this context, with the first criticizing the term Cyberwar as an unproductive word as it detracts planning for Full Spectrum
Operations by promoting a narrow view of conflict (Williams, 2014).2 This tends to draw policy makers and planners out of strategic and into tactical level of decision-making.
Similarly, the second axiom recognizes that the Joint Operation Planning Process (JOPP) and current doctrine sufficiently facilitate strategic level planning and operations
(Williams, 2014). Lastly, the fourth axiom recognizes that the misuse of the word
‘cyber’ largely contributes to the difficulty in establishing a common operating picture.
MG Williams clarifies that cyber is neither a verb nor a noun and such usage promotes a singular vision of offensive cyber operations, as opposed to an integration of all capabilities (Williams, 2014).
Mentioned previously, the lack of a concise understanding of cyberspace is furthered when aligning doctrine such as JP 3-0 with the 2011 Strategy for Operating in
Cyberspace. The lack of doctrinal distinction in transitioning from an information domain, to a cyber domain within an information environment causes the often mistakenly interchangeable usage. Furthering the difficulty in understanding the differences is the military’s lack of a formal definition for a ‘military domain’ (Paul et al.,
2013).3
2 The term “Full Spectrum Operations” is no longer doctrinal, however, the point remains that this level of thinking pulls planners away from strategic and operational level thinking into more tactical planning. 3 Though each individual domain has a definition according to JP 1-02. There is still no definition of what an actual domain is. The definition’s, in fact, add more confusion as it suggests little distinction to that of an environment ie. Air Domain: The atmosphere, beginning at the Earth’s surface, extending to the altitude where its effects upon operations become negligible.
9
A RAND Corporation study identifies the difficulties in differentiating between an environment and a domain, offering succinct depictions to help distinguish. The easiest way to conceptualize the physical military environments is as the actual atmospheric, maritime, terrestrial, and space boundaries they encompass (Fig. 1).4 The shapes demonstrate the physical borders of the environments and their relation to the others.
The tangential relationship of the environments is representative of physical boundaries, as with that of the sea and a shore or air and space. The information environment, however, is not of a physical nature, but rather nodes that act on information across those traditional environments (JP 3-0, 2013).
Fig. 1: Physical vs. Information Environment (Paul et al., 2013)
Utilizing an understanding of operational environments, therefore, allows for a better supposition of the scope of military domains. As Paul et al. highlight, the doctrinal usage
4 In fact JP 1-02 DoD Dictionary of Military and Associated Terms also identifies an EM environment and a CBRN environment, but for these environments are the widely held terminology when discussing environments in relation to domains.
10 of military domains suggests it is “broader than the environments and are areas of both operation and responsibility.” Fig. 2 captures this relationship as the domains are overlaid as ellipses on the environments. The overlapping ellipses connote each service’s primary responsibility in their environment, while also operating in others. The U.S.
Army, for example, is executor for the terrestrial environment, but its aviation components are responsible for and operate in the atmospheric as well. The cyber domain therefore overlaps all domains and connects the nodes of the information environment. This again suggests a domain encompasses more than its physical environment, but their similarities explain the terms are incorrect and often synonymous misuse. Based on this assessment, for this research, an operational definition for domain is that which consists of all operational activities and responsibilities related by closely associated knowledge specialties, technologies, and organizational processes associated with an environment.
Fig. 2: Traditional Military Domains vs. the Cyber Domain (Paul et al., 2013)
11
An understanding of the information environment and the cyber domain provide a clearer picture of the capabilities they contain, though it is still important to differentiate.
Doctrinally, cyberspace operations are simply categorized as those operations that seek objectives in or through cyberspace (JP 3-0, 2011). This condition, like the term cyberspace, perpetuates ambiguity. Attempts to differentiate between cyberspace and information operations are important in framing the boundaries of the cyber domain, however, their convergence within this battlespace makes it difficult.
Information operations (IO) are characterized as capabilities such as public affairs, civil military operations, and strategic communication that either support decision- making or negatively impact that of our adversaries. The information environment itself is described as the interaction of physical, cognitive, and informational dimensions.5 The physical dimension is the material infrastructure, while the informational encompasses means for which information is utilized (ie. collected, stored, processed), and the cognitive represents the thought process of those who use the information (JP 3-13, I-2).
Unlike physical environments, as JP 3-13 highlights, IO does not constitute the control of specific information-related capabilities (IRCs), but combines them to maximize combat effectiveness. Therefore, information-related capabilities in IO are the means of influencing target audiences in Fig. 3.
5 “Unfortunately, few people outside the IO community understand the definition—and even fewer…understand how these diverse disciplines are theoretically combined into an effective IO plan. At the service level, each branch understands the term differently—with more or less emphasis based on the individual service competency or viewpoint. For example, most soldiers think of IO as influence operations, and PSYOP is predominant. For the Air Force, it’s mostly about CNO...” (Beebe, 2009 cited in Paul et al. 2013)
12
Fig. 3: Information Environment
Joint Publications 3-0 Operations, 3-12 Cyberspace Operations, and 3-13 Information
Operations distinguish between the specific capabilities, however, they still elude an accurate representation of cyber operations’ interdependencies as part of IRCs described within JP 3-13. Prior to 2011, when cyberspace operations remained within the information domain the construct in Fig. 3 had more validity. With the new doctrine of
JP 3-12 still lacking an operational definition of a domain, cyberspace now represents operations outside the scope of Information Operations. Rather than establishing a holistic account of the new domain, attempts to merge concepts of both publications cause problems in trying to define where cyberspace begins and ends.
As addressed in JP 3-12, Cyber Operations (CO) can be conducted as a stand-alone capability; however, integrating IRCs are necessary in order to accomplish full spectrum operations. The publication, however, makes a distinction between CO from that of
Information Operations in cyberspace. As previously stated, CO can be considered the
13 use of cyberspace to provide effects across the physical and cyber domains. Compare this with Cyber Information Operations, which is a function of integrating IRCs to achieve desired effects. Therefore, cyberspace is a domain for IRCs in cases of military deception, psychological operations, public affairs etc. when conducted through that medium.
This raises a logic question: is the current terminology of IRCs, particularly electromagnetic spectrum operations, part of cyberspace? If the answer is ‘yes’ then the domain does not account for them and if ‘no’, the question becomes, what domain accounts for these actions? This paper intends to show that these functions do belong in the cyber domain. This will not only account for how to integrate these capabilities, but also broaden the service’s understanding of cyberspace.
2.3 An Ontological Approach An ontology is a rich visual expression of definitional concepts (Vickery, 1993,
277). An ontological method is a process of categorization to determine ‘what is’ of a domain. This discipline seeks to represent ‘individuals’ as they exist in reality in order formulate conclusive classifications of complex structures. In computer science an ontology is this expression encoded in a way humans can process it, typically using some form of logic (Horrocks et al., 2004). For this research the term ontology is as used in the computer science form.
The product of an ontology should result in a clear definition and a common vocabulary of a domain. A meaningful ontology also relates individuals and events, allowing individuals to draw inferences from such relationships. Additionally, it provides a means for applying enhanced reasoning, as well as a visual representation of a structure. Because of these outputs, the process is beneficial in providing domain
14 terminology that seeks to avoid an “idiosyncratic lexicon” (Mandrick, 2011). In this manner, the ontological method is useful as a standardized and iterative approach in categorizing the complexities of cyberspace.
Top-level ontologies are the most basic categories of an entity, while domain ontologies are mid-level and more specific as they branch from the upper level (Semy et al. 2004). More specificity allows for greater detail of a structure and better visualization of interrelations that make up the domain (Fig. 4). These levels should not be confused with the high and low-level designs of the Systems Engineering V-Methodology.
Fig. 4: Layered Ontology (Semy et al. 2004)
Surveying authoritative references, such as joint doctrinal publications, to provide inputs for the ontology provides a way of focusing the scope of a domain (Obrst et al., 2012, 2).
These publications offer written expressions of definitions, descriptions, and relations by subject matter experts, or at a minimum the approved view. One method for establishing measures of effectiveness for domain ontologies are to place questions about the domain into five categories: General, Organizations & Agents, Processes, Products & Outputs, and Purposes (Mandrick, 2011). This framework aids in decomposing the domain and classifying entities and events by ‘type’ or ‘role’. For example, a house is a ‘type’ of
15 facility and can have certain properties that distinguish it from other types of facilities
(Obrst et al. 2012, Mandrick 2011).
The numerous doctrinal publications on cyberspace make it rich in resources, yet its intricacy leaves it difficult to comprehend. The lack of a formal process for defining the
‘what is’ of cyberspace makes an ontological approach an appealing option. In particular, the convergence of cyber-electromagnetic activities has been discussed in current Army doctrine surrounding the cyberspace domain using definitions in natural language. These definitions are challenging for a human to understand, visualize, and validate. Additionally, computers do not understand natural language well.
The value of this framework, therefore, is in standardizing the definitional process to adhere to a two-part principle. The first part of the definition references the individual’s parent class such as a building be a type of facility. The second part distinguishes the entity from individuals in the class as would be distinguishing a house from a hospital
(Mandrick, 2011). As Dr. Mandrick suggests, the process must be iterative, but the value gained is a systematic approach for which to continuously improve. The final phase in creating a repeatable process for an ontology is to govern the domain and revise it based on expert elicitation. The governance of the domain is necessary for maintaining integrity of the domain by establishing decision authority, adjudication issues, and change management (Mandrick, 2011).
16
Chapter 3 - Research Methods
3.1 Research Goal The research utilizes systems engineering practices to understand the convergence of operations within the cyberspace domain in order to discover ideas, constructs, and opportunities, to assist integration efforts. The research goal is to provide a construct that the Army will use to better visualize functions, understand interactions of land and cyber, and organize effectively for operations.
3.2 Research Questions The following questions are answered by systematically exploring an aspect of the research question to arrive at an answer. Answering each question builds to a final conclusion that provides a greater understanding of the cyberspace, than offers ways of optimally organize to support this new understanding:
How does the establishment and consideration of cyberspace as an operational
domain contribute towards maximizing its potential in military operations?
What insights are gained through a systems perspective of the Cyberspace Domain?
How can the cyberspace domain be modeled to contribute to the understanding of the
domain?
How can capabilities be grouped to maximize potential in cyberspace?
3.3 Research Analysis Approach This thesis utilizes the V-Life Cycle System Engineering Methodology as a framework for conceptualizing the given problem and generating solutions (MITRE SE
Guide, 2014, 2). This approach is most often used in software development, but works well as an approach for guiding this research. These levels of design are again different from the ontology levels and are not intended to correlate.
17
Fig. 5: Systems Engineering V-Methodology
The Literature Review in Section 2 is a review of cyberspace as a system, and understanding its general organization through an analysis of the environment and domain. The focus of Section 4.1 is to understand from a High Level Design of "how we fight" and organize in domains by using the air and space domains as reference. In section 4.2 a functional decomposition of cyberspace is conducted using the ontological method. Applying an understanding of this decomposition in Section 4.3, solutions are developed to properly group these individual functions. Building on this grouping than allows for an analysis on how to develop this construct in Section 4.5. Lastly, utilizing an understanding of the organizational needs, Section 5 is a final analysis to offer the appropriate organizational integration to support this construct.
18
Chapter 4 - Evolving the U.S. Army’s Operations in Cyberspace
4.1 Understanding Military Domains Through Historical Analysis
“Air power has rudely upset the traditions of the older services…In the future, no nation can call itself great unless its air power is properly organized and provided for, because air power, both from a military and economic standpoint, will not only dominate the land but the sea as well.”(Mitchell, 1926, x)
4.1.1 The Air Domain Milestones within military aviation provide context into the evolution of cyberspace as a warfighting domain. This passage from by Brigadier General (BG) William
Mitchell’s 1926 book proved prescient in artfully capturing the future of aviation. There are significant parallels in this statement to many echoes of today, particularly when discussing the rapid advancements in cyberspace that require skilled and dedicated professionals.
BG Mitchell was an early pioneer in military aviation development. By the end of
World War I he commanded all U.S. air forces in Europe (Mitchell, 1926). Throughout the war, he observed the speed with which aeronautical technology was progressing and understood the effects these advancements would have on military operations. Following the war he became extremely outspoken of the military’s need to modernize its structure to prepare for the forthcoming transformation in military affairs. Equally important,
Mitchell understood the commercial impact that aviation would have in the development of nations. This convergence of military and economic stability, through air power, captures the focus within the information environment towards cyberspace operations, as it is intrinsically tied with a nation’s success.
From the onset of airplane flight, the military sought to integrate this capability into military operations. In 1912, Congress appropriated its first major funding for an aeronautical section organized under the U.S. Army’s Signal Corps branch, becoming the
19
Air Service in 1919 (Prince, 2014). By the end of World War I, airplanes could execute fairly complex “dog fights” and reconnaissance missions, but saw limited progression in air to ground integration, leaving many unconvinced of the effects air power would have on warfare (Tate, 1998, 2).
By 1920, with a peacetime defense budget and significant cuts to the military, the air forces went from 178,149 to 8,428 enlisted personnel (Prince, 2014). Over the next several years a debate ensued. The majority holding a view that much like artillery, aviation would always be in support of ground forces and thus should remain in the U.S.
Army (Tate, 1998, 13; Stavridis and Weinstein, 2014). In 1921, BG Mitchell sought to prove the contrary by demonstrating how aircraft could be used to destroy “unsinkable” vessels by sinking a captured German battleship.
This demonstration should have impressed upon senior U.S. Army and Navy leaders the nascent capabilities of air power. Though popular opinion began to recognize this, it did little to sway military opinion. In a Joint Board Report by ranking active U.S. Army and Navy officers they concluded that though capable of being sunk by airpower, the battleship remained the backbone of the Navy, thus required stronger defense for protection (Tate, 1998, 17). Military leaders prevailed and the Air Corps Act of 1926 created the U.S. Army Air Corps, giving control of military aviation to the U.S. Army
(Tate, 1998, 47). This represented not only resistance by senior leaders to promote cultural change, but also the lack of responsiveness such large organizations can have toward change. (Stavridis and Weinstein, 2014).
The conduct of World War II proved most of what Mitchell stated of the effect rapid technological advances in aircraft would have on warfare. Twenty years after the
20 publication of his assertion, legislation recognized it in the creation of Department of the
Air Force under the National Security Act of 1947 (Stavridis and Weinstein, 2014). As stated, the establishment of the Air Force did not uniquely identify an air domain; rather it was the military’s way to “react logically to changes in state and non-state behavior”.
The capabilities itself escalated to a point, likely prior to World War II, when it became a warfighting-substantiated domain.
Summarizing the brief history leading up to this point can be characterized in three periods: 1900s-1919 Basic Capabilities, 1920-1935 Technological Advancements, and
1936-1945 Warfighting Substantiated. In the early 1900s airplanes became viable tools for integration in military operations. By the end of World War I, air warfare established tactics and capabilities to substantiate a role in military operations, yet lacked the technology to clearly define its future. Advancements in the 1920s demonstrated not only the art of the possible for air warfare, but also the speed with which the technology progressed. As Sheldon and Gray observe, the development of air power is the first domain that saw the practice of theorizing about its application during its evolution.
4.1.2 The Space Domain Though cyberspace often draws parallels to the origins of air power, the organization for space operations more closely reflects the military’s evolution for operations in cyberspace. Space and cyberspace remain organized as unified and sub-unified commands within the military, unlike a service specific component established for air power. While the Cold War space race generally dominates concepts of space history, viewing spaced-based assets as a means for information related capabilities is more explanatory of the military’s evolution (Launius, 2011). Though not widely recognized,
21 space-based capabilities are integral and widely applied in military operations (Zubrin,
2011).
Management of space activities predates the establishment of the Air Force, as the
Security Act of 1947 assigned the U.S. Army and Navy joint responsible for the environment. By 1950, all three services had independent space programs pursuing similar interests. However, the successful launch of the Soviet’s Sputnik I Satellite in
1957 made clear the U.S.’s need to escalate efforts (Barker, 2006, 3). In response,
President Eisenhower signed the National Aeronautics and Space Act of 1958, founding government structures for the current national space program (Boehm et al., 2000).
The movement towards centralizing the DoD space research and development started in 1958, with the establishment of the Advanced Research Projects Agency (ARPA)
(Boehm et al., 2000). The rationale for ARPA was to eliminate interservice rivalries and duplications of effort. However, reliance on service specific expertise and personnel resulted in 80% of its funding going to the Air Force. With the founding of the National
Aeronautics and Space Administration (NASA), ARPA lost its brief role as centralized agency and thus many of its programs (Spires, 1998, 58).
In a 2000 commission to assess U.S. Space Management and Organization, staff member Bill Savage identified the U.S. military’s integration of space as three eras:
1960-1974 Basic Capabilities, 1976-1990 Connecting Users, and 1991-2000 Battlefield
Integration (Savage, 2000). The first era, Basic Capabilities, of space integration saw a declining U.S. Army program though it was technically the first U.S. agency in space.
The introduction of new organizations wrested control of U.S. Army assets, and an escalation in Vietnam detracted focus (Boehm et al., 2000). By the second era,
22
Connecting Users, space capabilities began fulfilling a growing number of land-based needs in the form of intelligence and communications, the U.S. Army regained space research activities.
This progression continued and by 1985 an U.S. Army space study made recommendations for effectively conducting space operations, including the creation of an U.S. Army Space Command. This led to the establishment of the U.S. Army Space
Agency, which would become U.S. Army Space Command (Mitchell, 1991). By the third era, Battlefield Integration, an U.S. Army review board on organization and management recommended the consolidation of skills and functions. This resulted
USARSPACE combining with U.S. Army Strategic Defense Command to form the
Space and Strategic Defense Command. This would eventually become a major U.S.
Army command as the Space and Missile Defense Command (Boehm et al., 2000).
Like the U.S. Army, the first era of space operations saw a decline in the Navy’s role in space programs with many scientists and engineers being transferred to NASA (Stares,
1985). By the second era they too began to develop a unique space mission, namely to gain information superiority through strategic communications (Boehm et al., 2000). To better consolidate organizations the Navy created Naval Space Command in 1983, and to facilitate new research they created the Naval Center for Space Technology in 1986 under the Naval Research Laboratory (Savage, 2000).
The Air Force’s heavy involvement in Intercontinental Ballistic Missiles and NASA’s reliance on the Air Force for space boosters, protected them from the same cannibalization of programs and personnel as their sister services (Barker, 2006). Despite losing satellite reconnaissance programs in 1960 with the establishment of the National
23
Reconnaissance Office, the Air Force’s first era in space saw them emerge as the
“executive agent” for the military’s space development.
Even with the Air Force’s rapid growth in infrastructure, the decision to consolidate under a single command did not come about until the second era. With growing scrutiny from Congress on the DoD’s management of military space operations as well as internal
Air Force studies recommending unifying operations, the Air Force established their
Space Command in 1982. By 1985, in large part from President Reagan’s Strategic
Defense Initiative and the growing role of all services in space systems, DoD established the U.S. Space Command as the centralized entity (Barker, 2006).
By the “Battlefield Integration” era, space assets became integral to military operations, highlighted with Desert Storm in 1991 being dubbed the space war for its effect on the battlefield (Burgess, 1991 cited in Dolman et al., 2011). Whereas only 5% of aircraft were capable in Desert Storm, by the next Iraq war reliance on space capabilities grew exponentially and nearly all aircraft were equipped (Cooper et al.,
2011). Space operations have proven vital to military operations, yet experts like Dr.
Dale Hayden still posit, “…whether space has been involved in warfare long enough to observe best practices?”
In comparison to air power, many wonder where the Mitchell’s of space are, and what a comprehensive universal space theory would look. As they point out, space is still quite young and there is simply not enough history to draw upon from our largely uncontested use of it (Gray and Sheldon, 2011). Though the Cold War and the evolution of space provide valuable lessons, the main point is that the domain has enjoyed
24 superiority and thus has eluded a comprehensive strategy. It is perhaps too hard to determine from what point of observation space capabilities are at.
Though arguably lacking as much practical perspective to draw from as air power, the long history of organizational development for space proves equally fruitful. In 2000 a
Commission deliberated to assess national security space management and organization.
Based on congressionally mandated options for improving management, the commission arrived at three synthesized courses of action: Transition/Executive Agent, National
Security Space Organization, and Joint options.6
The two organizations most germane to this research are highlighted from each area.
The Transition/Executive Agent option is termed this because it is meant to facilitate a transition to either a Space Corps or Service. The support for this model is the unifying need for a holistic view of space programs. Similarly, a joint option would have the same desired end state, but place that organizational entity in a joint environment (Baker et al.,
2000). The expertise for the field would be absorbed into a joint entity similar to when
NASA took control of all U.S. space programs and personnel.
In a recap ten years on, the original members of the commission weighed in on the progress since the report. From the overall recommendation of needing a MFP, the commission described the implementation as a “virtual” MFP that penciled in the changes to an existing structure (Cambone et al., 2010). By 2006, they noted that any effort to organize and manage based on the Commission’s finding had completely vanished, partly due to focus on wars abroad and partly over concern for controlling costs. Thus, with many becoming increasingly concerned over the “attractiveness” of our
6 The Commission provides no decision of a specific course of action, however, they use each option to represent different aspects of their overall recommendations.
25 space capabilities by our adversaries, the military continues to search for ways to maximize space operations.
4.1.3 A Domain Comparison An air and space domain analysis elevates the significance of a domain above new technologies that simply integrate into previously recognized environments. This view differentiates between the effects of tanks and artillery in advancing warfare from the effects of aircraft in creating a revolution in military affairs. Recognizing a domain such as cyberspace, therefore, is acknowledging a technological advancement’s creation of a new epoch in warfighting. As Admiral (Ret.) Stavridis’ remarks, “Military institutions do not dictate the degree to which a domain constitutes a venue for warfare; rather, militaries merely react logically to changes in state and non-state behavior.”
The rapidity at which air power’s organizational changes were seen was due in large part to the short time span in which air theory, technological evolution, and practical application all occurred. The realization of air theory in the ‘Third Period’ coincides with the practical applications in the German Blitzkriegs and Japanese attack on Pearl Harbor.
This “trial by fire” is an important observation, as no other domain theories has had the luxury of being put into practice and refined through observation in such short order.
Though predictions during the second period of the air domain generally held, the ability for airpower to completely dominate warfare did not. Col (Ret) John Collins categorizes those in the “aeronautical school” of thought, such as Gen Giulio Douhet and
BG Mitchell, for incorrectly believing air power alone could supplant all other military power. Individuals subscribed to this theory believed that airpower would be able to force any adversary into submission, if left unabated.
26
This theory was also put into practice in World War II through strategic bombing efforts, with little success. Not to suggest that aerial bombing did not have tactical successes, only that it failed to support the predictions of the “aeronautical school” in making protracted combat obsolete (Collins, 2011). Aside from being inaccurate, this theory underestimated the resilience of populations, not accounting for the difficulty of delivering a “decisive attack” on critical infrastructures.
The space race provides the closest relation to that of the operational employment of aircraft in World War II, and by no coincidence the space domain saw the most significant changes in its organizational structure. In the initial launch of satellite technology, space substantiated its future as a warfighting domain. The triggering effects in space evolution, however, are more sporadic than that of air power over a longer time period.
As a direct result, unlike air power, space still struggles to optimally organize. This is largely from a lack of hindsight which air power benefited from during World War II.
Space capabilities have clearly evolved to become integral to military operations; however, the space domain has not been contested in a manner demanding an organizational reaction. Though space lacks the experience of being cycled through full scale capacity testing as a major war provides, implementing the findings of the Space
Commission would have negated this need.
4.1.4 The Cyberspace Domain Still doctrinally undefined air and space analysis substantiates the definition provided in this Literature Review, and builds a framework for understanding the cyberspace domain. A review of conflict in cyberspace tracks similarly to the periods leading up to the air domain. Jason Healey categorizes the evolution of cyber conflict in three eras:
27
The Realization 1980s-1998, Takeoff 1998-2003, and Militarization 2003-2012 (Healey,
2013).
The Morris Worm, a primary trigger of the first era, was a college prank that ended up shutting down 10 percent of the Internet (Healey, 2013, 30). This is the first report of an attack of this magnitude, which also caused significant financial losses. ‘Moonlight
Maze’ highlights the “Takeoff” era, which was the first major incident of cyber espionage against the U.S. (Healey, 2013). Lastly, “Militarization” saw the biggest advancement of cyber related events, including large-scale state sponsored espionage.
One of the most notorious incidents in the last era came from a reportedly joint venture between the U.S. and Israel that implanted the ‘Stuxnet’ virus in an Iranian
Nuclear Centrifuge. This virus was the first attack that resulted in the destruction of a physical system (Healey, 2013). This period also saw the first highly publicized use of cyberspace operations during nation-state conflict. In both Estonia and Georgia, either directly or through proxy, the Russians utilized deliberate means to deny both countries internet-based services. These incidents are relational in significance to BG Mitchell’s
1921 destruction of sea craft, by demonstrating ‘the art of the possible’. Though one event on its own does not complete that connection, combine they substantiate Mitchell’s thoughts.
BG Mitchell demanded recognizing air power, not just for military necessity, but also for the transformative effects nationwide. Thus, the future wealth of a nation, and its ability to project power, was inherently tied to the need for air power. This principle speaks specifically to the significance of cyberspace operations. Rather than looking at the previous cyber events chronologically, taking them holistically in shaping the facets
28 of a nation in the way BG Mitchell spoke of. As opposed to a trigger, which merely executes an action, these attacks were “triggering” events, as each event set a precedence causing a change in behavior.
Decompose a nation broadly as four stakeholders: the public, government, military, and private organizations. By looking at the aforementioned cyber events across these areas, each stakeholder has different responses or affected behavior as a result of the stimulus (Fig. 6). The figure supplicates in kind what BG Mitchell asserted as to the societal impacts of air power. It also demonstrates that cyberspace-triggering events can affect all stakeholders, thus substantiating the claim of its own domain.
Fig. 6: Triggering Events in Cyberspace
As earlier discussed, understanding cyberspace as a military domain acknowledges an epoch in warfighting. Revisiting the introductory questions within the Literature Review, how do we account for all EMSOs that could also have significant effects within cyberspace? With a better understanding of a domain in large, specifically this new domain, the boundaries of cyber must be broadened. Thus, the cyberspace domain is the area of responsibility that supports information technological elements used to effect information systems. Desired effects can be systems or people that transmit, receive,
29 store, or manipulate equipment, or processes, that depend on the information systems.7
This definition acknowledges that the domain is broader than the information environment and an area of both operation and responsibility.
4.2 A Systems Analysis of Cyberspace Through an Ontology The U.S. Army’s LandCyber concept is a framework for understanding how to leverage the future of cyberspace operations on all aspects of the U.S. Army. This framework indicates that the U.S. Army is undergoing significant change as a result of the ever-increasing convergence of cyberspace on land operations. A full understanding of the effects of cyberspace requires one to look at each domain individually before they are considered together, but how does one determine the edges of cyberspace’s seemingly boundless domain? The review of air and space evolution in the previous section offered insight into the scope and responsibility of military domains. This section focuses on a systems engineering approach of functionally decomposing cyberspace to answer this question. A decomposition of cyberspace according to military expressions offers the properties for a mid-level ontology that can visually and mathematically express the military’s understanding of this domain.
4.2.1 A Conceptual Domain Model In this section, a conceptual domain model is provided using a simplified version of the Unified Modeling Language (UML) data-modeling notation. The purpose of a conceptual model is to show key entities, or classes, and their relationship to one another.
Conceptual models are not in-depth domain models and are meant primarily to help
7 This definition attempts to capture the broader range of operations that are a part of cyberspace, while also highlighting the significance of the domain. The domain pulls from a definition posited by Dr. Stephen Chaney of the U.S. Army Cyber Center of Excellence. “Cyberspace or Cyber is the boundless and interactive technical domain within the Information Environment where Matter and the Electromagnetic Spectrum are used to transmit, receive, store, and/or manipulate data.”
30 engineers and information professionals understand the key concepts of a domain (Bell,
2003).
Fig. 7: Military Cyberspace Domain Model
The terms of significance for constructing this model are drawn from the definitions in the U.S. military’s manuals for Cyberspace Operations, Cyber-Electromagnetic
Activities, and Electronic Warfare. Based on this interpretation, the model demonstrates the importance of distinguishing between capabilities, operations, and effects. This process suggests that Cyberspace Operations and EW/SM Activities are integrated to create Cyber/EM Operations. Operations employ ‘capabilities’, and these capabilities create ‘effects’. SM, EW, and Cyber all have subordinate effects, which seek to achieve an objective through the Cyberspace Domain. The term ‘operation’ is thus used interchangeably as a function, while an ‘effect’ is a task. Decomposing the doctrine in this manner shows the necessity for precision in verbiage, while also suggesting the ability to standardize the language through the use of this type of ontology.
31
4.2.2 Web Ontology Language and Metamodel Fig. 7 above demonstrated a functional decomposition of high-level military related cyberspace concepts, based primarily on military doctrinal publications. The output of this process is a diagram a human is capable of reading, showing the concepts and the relationships between the concepts; however, a diagram of these relationships (or lack of there of) cannot be readily quantified for analysis. As a human readable diagram, one can do little if any formal processing of it with a mathematical formula or with a machine. Therefore, this section presents a transformation of the conceptual model in
Section 4.2.1 into a format that leverages the benefits of a formal computer science based ontology.8
The Web Ontology Language (OWL), which is part of the semantic web set of standards, is used as this modeling language or metamodel for the ontology (RDF Primer,
2014). This language was chosen for several reasons including: it is an open standard, it is capable expressing axioms from set theory and first order predicate logic, and it has free tooling available (OWL Primer, 2012).
In building this OWL based ontology, additional abstractions from the initial class model in Fig. 7 have been added, as well as key classes that intersect with the military doctrinal domain concepts provided. For example, the class ‘InformationArtifact’ was added with a subclass labeled ‘Software’. Two explicitly declared subclasses of
‘Software’ were created called ‘UserFacingSoftware’ and ‘NonUserFacingSoftware’.
This is visible in the hierarchal decomposition in Fig. 8.9
8 Note that in this paper the author uses a computer science definition of an ontology, here defined as the rich expression of a domain or domains of knowledge that is codified using a modeling language capable of expressing mathematical axioms understandable by a machine, and drawing inferences from these axioms. 9 Note the model’s taxonomy is based on a screenshot from the open source ontology tool Protégé. http://protege.stanford.edu
32
Fig. 8: Cyberspace Taxonomy Viewed in Protégé Ontology Editor
Additionally, the ontology’s object properties are seen in Fig. 9 below. Object properties in OWL are binary relationships that connect two individuals (Guus and Raimond, 2014).
Object properties may be thought of a edges of the OWL graph that link two Types, or nodes, together. A simple example of an object property is ‘hasMother’ and a statement using this property would be “JohnDoe hasMother JaneDoe” (OWL Primer, 2012).
33
Fig. 9: Ontology Object Properties
Individuals, or instances of the OWL classes, are linked in the ontology to other individuals using these Object Properties (Guus and Raimond, 2014). Fig. 10 shows the individual types of ‘Effect’ and ‘Military Objective’ and how they relate to each other through Object Properties. These are only the explicitly declared relationships. Simple axioms such as domain, range and inverseOf were also utilized to enforce basic integrity in the ontology.
Fig. 10: Linking Ontology Instances
34
4.2.3 OWL’s Analysis Capabilities The objective of this section is to illustrate the potential analysis capabilities of using
OWL for the cyberspace model (shown in Fig. 7). This analysis comes in two forms: the ability to query the model using a standardized query language, and the ability to perform analysis based on adding “rules” to the model. Based on the implied and specified rules an inference engine is run over the model to illustrate the ability of the ontology to infer new concepts not explicitly stated in the ontology.10
4.2.3.1 Querying of the Cyberspace OWL Model A unique and powerful concept of OWL is the metadata in the form of the model’s schema and semantics. One OWL feature of significance is that both this structural and semantic metadata, as well as the “instance data”, are all inherently capable of being queried using an open standard query language called the Simple Protocol and RDF
Query Language (SPARQL) (SPARQL Overview, 2013).11 Executing SPARQL queries is a simple tool for performing very basic analysis on the cyber ontology.
An example of this is the ability to quickly return all Individuals that are
‘actualizedThrough’ the Individual called ‘LandDomain’ (shown below in Fig. 11). The output of this query in Fig. 12 demonstrates a powerful way to understand the terms as well as assertions, or T-box and A-box.12
10 The inference engine is also known as a “reasoner”. In the OWL editors the reasoners, such as HermiT, can be executed on the ontology, which performs a check of any logical incongruences in the model and derives the inferences created. 11 Note that in object oriented languages, objects are “instances of classes”. However, in OWL the equivalent of an instance of a class is called an individual. 12 “Terminology-box (T-box) and Assertion-box (A-box) are terms from description logic. The terminology of a system is defined in a T-Box, and its statements are usually about concepts (sets of objects) and roles (binary relations). A-boxes are about individuals and contain two kinds of different statements: C(a) and R(a,b). C means “concept assertion”, where R is a “role assertion”. Examples look like Man(tom) and Parent(tom,jenny) (Endres-Neggemeyer, 2013, 122).”
35
Fig. 11: OWL Query Command
Fig. 12: OWL Query Results
4.2.3.2 Inference / Reasoning Over the Cyberspace OWL Model The primary benefit of formally modeling a cyberspace ontology in a metamodel like
OWL is the utilization of mathematical concepts and formal logic. OWL supports many axioms from predicate logic including quantifiers, inverse, transitivity, and symmetry
(Hitzler et al., 2012). This section is a demonstration of predicate logic and rules in
OWL that illustrate effective ways to accurately understand cyberspace concepts, while also visualizing areas of convergence discussed in this paper. The aforementioned
Semantic Web stack of standards and technologies support a formal Rules language known as the Semantic Web Rules Language (SWRL) (Horrocks, 2004). SWRL was not
36 used in this paper due to the paper’s narrow objectives and scope expressed earlier. The following case therefore illustrates a sample analysis strictly using existing OWL axioms and a publicly available reasoner plugin to the Protégé tool.
To simplify the modeling process, parameters were created to facilitate demonstrations of the capabilities of OWL: the first of which was using single inheritance for explicit subClassOf and type declarations. Here it is important to note that the author is using the term “explicitly declared” to mean what the author directly modeled. This contrasts with reasoned or inferred statements in the model where the reasoning engine has discovered statements not explicitly declared. Thus the cyberspace ontology ‘classes’ and ‘individuals’ explicitly declared statements (or triples) were modeled using single inheritance. For example, the ‘CyberAttackEffect’ class is explicitly declared as a subclass of the ‘CyberEffect’ class. OWL would allow the modeler to explicitly declare ‘CyberAttack’ as a subclass of ‘n’ number of other classes as well, such as a subclass of ‘MilitaryCapability’. Though perhaps intuitive to those not familiar with the modeling process, it quickly becomes dense in even small models.
Utilization of a separate set of “analysis classes” that is treated solely as a collection of classes that function as sets defined in Set Theory (Bargaria 2014, Hitzler et al. 2015).
Henceforth these shall be called “analysis classes”. These analysis classes are empty sets with no explicitly declared elements. However, the elements of the sets are populated temporarily, purely through inference over the model. The analysis via inference is able to occur because these analysis classes are defined by criteria in the form of logical
37 statements using OWL’s predicate logic axioms. Fig. 13 shows ‘AN_ALQ-
184ElectronicAttackPod’ as explicitly declared in the cyberspace ontology.13
Fig. 13: Electronic Device Link
A subclass category called ‘PhysicalCyberspaceAsset’ was added to the ontology, as noted earlier, purely as an analysis tool. There are no explicitly declared individuals in this ‘PhysicalCyberspaceAsset’ class.14 Fig. 14 shows the equivalency statements added to the ‘PhysicalCyberspaceAsset’ class, and the default results in Protégé.
Fig. 14: Equivalency Statements Added to a Class in OWL
Specifically, these equivalency statements are serialized as OWL Resource Description
Framework (RDF) Extensible Modeling Language (XML) elements shown in Fig. 15.
The reasoner is then run, using the HermiT reasoner Protégé plug-in, with the results in
13 For the readers’ reference, the AN_ALQ-184ElectronicAttackPod is typically known as an electronic counter measure device: http://www.raytheon.com/capabilities/products/alq184/. 14 Ontology development best practice would not include a class like this in the ontology itself, but instead would declare the analysis class in a different ontology, and then import it into the cyberspace ontology.
38
Fig. 16.15 In this example, the reasoner, or inference engine, executed the logic declared in the ontology and inferred that the ‘AN_ALQ-184ElectronicAttackPod’ is an inferred individual in the ‘PhysicalCyberspaceRelatedArtifact’ class. A way of interpreting this is represented in Fig. 17.
Fig. 15: OWL Generated RDF XML Elements
15 “HermiT is a reasoner for ontologies written using the (OWL). Given an OWL file, HermiT can determine whether or not the ontology is consistent, identify subsumption relationships between classes, and much more.” Available at http://hermit-reasoner.com.
39
Fig. 16: Results of Running HermiT Reasoner on Ontology
Fig. 17: Visual Interpretation of HermiT Reasoner
Thus the initial cyberspace model introduced helps portray the relation between cyberspace operations and electromagnetic activities. The analysis capabilities offered by OWL could then further interpret the means by which these classes interact with one another. The results produced offer a visual understanding to the question raised in the
40
Literature Review, as to the relation between Cyberspace and EMSO: “is the current terminology of IRCs, particularly electromagnetic spectrum operations, part of cyberspace?” This is the premise to build on for the reconstruction of the system by way of Information Technology Operations (ITOs) described in the next section.
4.3 Integration of U.S. Army Operations in Cyberspace The U.S. Army’s LandCyber concept is a framework for understanding how to leverage the future of cyberspace operations on all aspects of the U.S. Army. The
LandCyber Paper captures eight aspects of convergence as a framework to guide solutions for transformation, two of which have significance in this discussion. The first defines the convergence of the Electromagnetic Spectrum (EMS) and cyberspace operations (CO). This is “the point where cyberspace operations access the EMS to utilize code and data across wireless communication technologies and systems”
(LandCyber, 2013). The second highlights the predominance with which cyberspace has taken over the information environment. Thus the white paper recognizes cyberspace as the major medium for exchange within the information environment, yet doctrinally the concept of convergence needs development to reflect this. Appendix B offers a detailed practical representation of this concept.
EW and CO are often characterized as two discrete focus areas, however a better way of conceptualizing this relationship is as a range of operations along the same path, as presented by Anita Pavadore in Fig. 18.
41
Fig. 18: Cyber/EW Threshold (Pavadore, 2013)
In focusing on the question of how to categorize informational capabilities, they may be designated as either informational or technical functions (Paul et al., 2013, 9)16.
Differentiating informational capabilities in this way allows those functions that are technical in nature to reside within the cyberspace domain. Distinguishing between the informational and technical realm is accomplished by determining the action’s intended target. Informational functions target people, whereas technical functions target machines. Because the targets in the informational realm are humans, the critical aspect is the message itself and not necessarily the medium. However, within the technical realm, the capability to operate in the medium of exchange determines the appropriate means for achieving the objective.17
Visualizing these distinctions becomes clear when comparing an example of each operation. For example, a Public Affairs mission is an IRC, categorized as an informational function. The success of this type of mission is wholly dependent on the
16 Though these recommendations pertain wholly to information operations, they have significance for effective management of cyberspace operations. Paul et al. designated the distinction as the ‘psychological’ vs. the ‘technical’. However, it is thought to provide more clarity in distinguishing as informational and technical. 17 The study suggests the names to describe such functional areas as Information Technology Operations (ITO) and Inform and Influence Operation (IIO)
42 message having the intended effect on the human target. In contrast, a technical function, such as a CNO is deemed successful by enjoying the necessary means to execute the operation on the intended machine or infrastructure. The criticality of success in the technical realm is combining personnel expertise with the physical capability of implementation. The capabilities residing within this realm are grouped by the term
Information Technology Operations (ITOs) (Paul et al., 2013)
The characterization as viewed by Paul et al. distinguishes between the “apples” of the information content with the “apple carts” of the information system. Using these terms interchangeably would confuse capabilities that generate content with those that effect actual systems. This recognizes not just the technical or psychological nature of operations, rather it is fundamental in explaining how to properly group cyberspace operations in the information environment. This maximizes the converging relationships of disciplines and integrates missions towards effects-based solutions.
4.4 Organizational Integration of the U.S. Army Cyberspace Design The convergence of ITOs under the broader understanding of cyberspace provides the framework for how to more effectively organize in a force structure. The military’s general command organization follows a grouping by output/product. Given its size, however, grouping varies depending on the level of operations. A strategic perspective of CYBERCOM’s structure takes the form of a matrix organization, similar to that of
SPACECOM. Knowledge of this design helps understand the strengths of such a structure, in relation to the desired end state. This translates somewhat differently in a military perspective, as the goals are different from that of a business. However, it supports ARCYBER’s relation in reporting to CYBERCOM and the Department of the
43
Army (DA). ARCYBER seeks to maximize its capabilities that most benefit the needs of the U.S. Army, while integrating through CYBERCOM into the joint environment.
The drawback to this design is the challenge in fulfilling dual roles. If not properly managed the dual system can lead to redundant practices, unnecessary oversight, and slow responsiveness to emerging trends (Ancona et. al, 2009). Supporting two entities can also prove difficult if both are not synced in their goals and objectives. Recalling
ARPA’s struggles during its inception, if one entity is not properly resourced it becomes obsolete and the benefits of the matrix are negated (see Section 4.1.2). CYBERCOM does not appear to be headed for the same fate, as efforts for gaining the necessary expertise are in full effect (Sternstein, 2015). However, the concern over the large hierarchical design is what draws more criticism.
Among those arguing for a separate cyber service are many who feel the military’s rigid structure is incompatible with the agile needs of operating in cyberspace.
Furthermore, the culture of ‘flat’ organizations, with more accommodating atmospheres, is thought to be more appealing to those in technology fields. Appendix B offers a rebuttal to this, which puts the emphasis on recognizing excellence within technical career fields.
It is also important for Cyberspace operations, being largely multidisciplinary, not to typecast into discrete trade fields. Seeking mastery expertise in all areas requires a significant amount of time invested in an individual. Investing time towards grooming technologists is also in the fabric of the military. The United States Military Academy was founded on that same need from the Army in bridging a capability gap of qualified engineers for a rapidly advancing field. With some of the brightest thinkers supporting
44 the military’s technological pursuits, its structure is compatible for supporting technologists. This is already being placed into practice with DoD attempts at locating operations in Silicon Valley, and recruiting through colleges for the brightest engineers
(Zacharia, 2015).
At greater odds than recruitment, however, remains the ability for the services to integrate and operate under a unified command. These organizational issues appear akin to ARPA being unable to centralize space operations. Instead it required the establishment of NASA to centralize operations by taking over a majority of the programs. Furthermore, service specific operations in space evolved out the capabilities necessary for each service. Similar to the current constructs like aviation, where each service acquires aircraft that best support their needs. Cyberspace operations, rather, have evolved based on each component’s ability to expand its application. The cyberspace model, applied to air power, would have each service competing to acquire similar but distinct aircraft. Given cyberspace’s impact across all domains, it is not without reason for each service to maintain a presence; much like their capabilities across all domains. This still necessitates a true unity of command.
With the formal declaration of a cyberspace domain and the natural analogies of it to the other physical domains, the next logical progression is the ideation of a domain specific military service to maximize operations. The backdrop for this assertion is not only based in reasoning by comparison, but also in the lack of organization for cyberspace operations to fit in the current service structure. Ltc Gregory Conti and Col
John Surdu are the first to publish their opinions on the matter. In their article, the first point of contention is that none of the services, by their nature, hold any part of their
45 overall mission within this domain (Conti and Surdu, 2009). A counterargument to this is that all services now operate in the fifth domain and many of their operations are becoming dependent on it. The proposed model, however, would not be unlike other current cross-domain operations, analogous to the U.S. Army’s extensive operations in the air domain with its fleet of rotary wing aircraft.
The need for a dedicated cyber service can be perceived as a biased desire coming from those currently serving in cyber related billets. There are senior leaders at the highest levels of the military that also share this view, as former NATO Supreme Allied
Commander Adm. (Ret.) James Stavridis echoed a similar sentiment. This discussion over a separate military component for cyberspace is akin to the air domain’s evolution in establishing the Air Force.
At this point in observation of the domain, it is more beneficial to look at ways of maximizing operations from within (Sternstein, 2015). As recognized with the space commission, though a service component might be the inevitable progression, there is no expedient method of implementation without first defining and progressing toward a transition path. The intricacies associated with this extend beyond organizational issues into the ability to effectively manage the coordination and integration across varying career fields. This problem speaks to a need for more robust engineering management within the cyberspace domain. By recognizing the demand of supporting a technical field, these professionals are educated and trained specifically to manage technical organizations and complex technical projects to achieve desired end states.
46
Chapter 5 - Conclusion
5.1 Findings Analyzing air power’s evolution as a warfighting domain provided insight into operations in the cyberspace domain. Close analysis revealed similar challenges between air and cyberspace in introducing rapidly advancing technology and operating in a new environment. These rapid changes quickly impacted both the organization and operations of the other military domains in order to properly adapt. A critical insight from this analysis is that the U.S. Army should not only expect changes to its organization, but it also should explore how to best organize to facilitate transition into these design evolutions.
Many discussions of the cyber domain quickly cite the evolution of air power to draw a logical conclusion on the need for a cyber service. The development of air power does afford useful insight into the need for transformational change in response to rapidly evolving technology. Though, understanding cyberspace relationally through the evolution and historical context of air power cannot itself be justification for a given course of action.
As noted in a similar assessment on managing the space domain, a separate military service option may be inevitably be a preferred course for the future. However, the current requirements and force structure does not support that model. The establishment of an air service became the most desired organizational design given the requirements for air power, and the military’s capacity to support those requirements. The requirements for the military’s operations in cyberspace, much like the space domain, is not yet deemed at a point in which the benefits of a separate service outweigh the cost of implementation.
47
U.S. space history provides valuable insight into organizational development and management. The challenges in finding the best organizational solutions for maximizing space efforts are fertile ground for applying lessons learned towards cyberspace. One option may be to establish a commission similar to that of the Space Commission discussed in Section 4.1.2 to assess the cyberspace domain's organization and management, and issue recommendations. Though the impetus to create a separate
“cyber service” has yet to occur, by focusing on optimally organizing within the current structure this would allow the domain to mature. Thus, facilitating the transformation toward a mid and long-term desired organizational design.
Formal domain models, in the form of ontologies modeled in languages such as
OWL, are a powerful tool in understanding and defining a domain of knowledge, especially a new and somewhat intangible domain such as cyberspace. These models, if structured correctly, promise the ability to facilitate more objective and verifiable decisions making about the objective and scope of cyberspace.
The convergence in cyberspace should be based on this domain as “the most operational form of the information environment” (LandCyber, 2013). Echoing Paul et al., cyber network operations and electronic warfare should converge towards sharing the same people and processes. Grouping those information capabilities that belong as ITOs helps distinguish operations to better support convergence. In contrast to this grouping, the current separation of FM 3-36 and FM 3-38 makes it more difficult to support convergence.
A review of the military’s current organizational design in cyberspace provides insight on the ability to properly resource the domain. Hierarchical design is not often
48 conducive to the speed of operations within cyberspace. However, based on this research, it is the opinion of the author that the military is still adequately equipped to field the services with the necessary professionals. To succeed in cyberspace, the military would benefit from properly evolving as a technical organization with strong integrative management. To accomplish this the military should consider incorporating the successful attributes of other large technical organizations to properly recruit and cultivate the requisite talent.
The recent Defense efforts to leverage civilian expertise within cyberspace are examples of the proper measures to account for the transformational effects of the cyber domain on the services. The military is accustomed to supporting technologists within its organization, however, incorporating them into particular career fields is more difficult.
This revolves around balancing the ability of civilians to conduct operations under military authority. To properly source cyberspace career fields it is important to understand what areas demand the most significant skill sets and foster that development through similar processes for other high demand areas. Utilizing areas of information technological convergence will help identify the multidisciplinary necessities required for the U.S. Army’s transformation into LandCyber convergence.
5.2 Recommendations The U.S. Army should operationally define a ‘domain’. The term is too often misused or used interchangeably with an environment. As derived from this research, a suggested definition would be: a ‘domain’ is that which consists of all operational activities and responsibilities related by closely associated knowledge specialties, technologies, and organizational processes associated with an environment. The usage of
49 the term ‘domain’ is significant, but failing to use the word properly leads to misplaced notions of implementation.
Subsequently, based on this research a revised definition of the cyberspace domain is also offered as: ‘the area of responsibility that supports information technological elements used to effect information systems. Desired effects can be systems or people that transmit, receive, store, or manipulate equipment or processes that depend on the information systems.’ Failing to refine the definition will continue to stovepipe an understanding of the broader capabilities that exist within it.
Due to the widespread confusion and misunderstanding of cyberspace, the Army would benefit from developing a systematic process for understanding the domain.
Given an ontology focuses on determining ‘what is’ of a domain through a visual and logic based-model, this approach offers an apt solution for better understanding cyberspace. Using an ontology offers not only a visualize representation of the domain, but grounds the doctrine in a logical, reasoned structure.
Lastly, the term ‘information technology operations’ (ITO) should be utilized to describe those operations that exist within cyberspace. This will guide organizational and doctrinal changes to account for the full spectrum of cyberspace operations caused by convergence. To support convergence and the premise of ITOs, FM 3-36 and 3-12 should be combined to establish holistic and unified operations. This action is not to suggest that all tasks overlap, and it would certainly cause the size and scope of the manual to increase. Yet, failing to do this would continue creating duplications of effort and disjoint operations.
50
5.3 Conclusion Doctrinally the physical domains have been coined “God given”, whereas cyber is a new environment of man’s creation (DoD Cyber Strategy, 2011). While this offers more fuel for debates, the realization of the two previous domains did little to shape the way in which they evolved. Creating this division already mischaracterizes their differences, for as displayed, all domains are of a natural state. We merely attempt to logically react to changes in the technological behavior within each. As exemplified, the technical advancements of airplanes did not require the establishment of the Air Force; rather its creation came into fruition through a realization of the most effective way to manage this capability.
More precisely, there was a widespread failure to understand the transformational role that air power would have on how each service operates. Viewing the future of U.S.
Army operations through the lens of the LandCyber framework shows that senior leaders recognize this important lesson. The unknowns of operating in this domain are indicative of its intricacy. Broadening the precepts of the cyber domain increases the scope of responsibility. However, understanding convergence provides a path towards a unifying effort, both in capability and end state, to offer full spectrum solutions to difficult problems. Recognizing that operations within the information environment are converging in cyberspace, the U.S. Army can use this to guide how they organize, manage, and train in this domain. Developing written expressions into visual reasoned based models, such as an ontology, aids in creating a repeatable process that helps understand this.
51
5.4 Areas for Additional Research The findings in this paper offer many additional areas for research. These areas include: additional detailed ontology development on specific cyberspace concepts, an analysis of the value and challenges of mapping to a formal upper ontology, an investigation on the feasibility of using a formal rules language, such as the Semantic
Web Rules Language (SWRL) or the SPARQL Inferencing Notation (SPIN) for improved logical and business rules driven understanding of the cyberspace domain, and an analysis on the results of the 2000 Space Commission
The ontology developed for this paper was a high level ontology of the general cyberspace domain and was focused on ontology universals not ontology particulars.
Therefore, additional research should be done into more detailed domains within cyberspace such as cyber defensive operations, cyber offensive operations, electronic counter measures and electro-magnetic warfare. This would facilitate a broader visual understanding of the relationship between detailed domain concepts as well as the query, analysis and inference capabilities described in this paper.
There are currently many formal upper ontologies such as the Suggested Upper
Merged Ontology (SUMO), the Basic Formal Ontology (BFO) and Gist. Research should be done on the value of building formal cyberspace ontologies that derive off a formal upper ontology. This would be in depth research that would require expert elicitation in both cyberspace and ontology. The acceptance of this cyberspace model could standardize the military’s understanding of the relationships between operational tasks and capabilities.
This paper demonstrated the potential of using rules and inferencing in a cyberspace ontology. Additional research opportunities exist in building out more detailed rules and
52 evaluating more advanced capabilities of inferencing. Specifically, the SWRL and SPIN languages should be evaluated to facilitate building out cyberspace logic and business rules and subsequently the potential for cyberspace inferencing capabilities should be more fully detailed.
Lastly, the results of the 2000 Space Commission provide several pertinent ideas for organizing in cyberspace to prepare for transition. An in depth analysis of these courses of actions with how they would be applied in cyberspace can prove of great value. Of particular focus would be the recommendations for a ‘Corps’ structure similar to the
Army Corps of Engineers, or a structure similar to the Navy’s Nuclear Propulsion
Program structure.
53
Bibliography
Alberts, David S., John J. Garstka, Richard E. Hayes, and David A. Signori. “Understanding Information Age Warfare” CCRP, (2001). http://oai.dtic.mil/oai/oai?verb=getRecord&metadataPrefix=html&identifier=ADA39 5859 (accessed January 20, 2015).
Alexander, David. “Pentagon to Treat Cyberspace As Operational Domain.” Reuters. (Last modified 2011). http://www.reuters.com/article/2011/07/14/us-usa-defense- cybersecurity-idUSTRE76D5FA20110714 (accessed January 20, 2015).
Allen, Thomas J, and Ralph Katz. “The Dual Ladder: Motivational Solution or Managerial Delusion?” R&D Management 16, no. 2 (1986): 185–197. http://dx.doi.org/10.1111/j.1467-9310.1986.tb01171 (accessed January 20, 2015).
Ancona, Deborah G., Thomas A. Kochan, Maureen Scully, Jon Van Maanen, and D. Eleanor Westney. “Managing for the Future: Organizational Behavior & Processes”. 3rd ed. Cincinnati, OH: South Western College Pub. (2009). Print.
Baker, Craig, Joshua Boehm, Stanley Chan, and Mel Sakazaki. “A History of US National Security Space Management and Organization”, (2000). http://fas.org/spp/eprint/article03.html#3 (accessed March 20, 2015).
Bagaria, Joan. "Set Theory", The Stanford Encyclopedia of Philosophy (Winter 2014 Edition), Edward N. Zalta (ed.), plato.stanford.edu/archives/win2014/entries/set- theory/. (accessed July 25, 2015).
Bell, Donald. “UML Basics: An Introduction to the Unified Modeling Language.” IBM Technical Library (2003). http://www.ibm.com/developerworks/rational/library/769.html. (accessed July 20, 2015).
Barford, Paul, Marc Dacier, Thomas G. Dietterich, Matt Fredrikson, Jon Giffin, Sushil Jajodia, Somesh Jha, et al. “Cyber SA: Situational Awareness for Cyber Defense.” Advances in Information Security 46 (2010): 3–13. http://www.afcea.org/events/augusta/14/documents/T2S2AFCEATechnetCyberRequi rements.pdf (accessed Feb 22, 2015).
Burgelman, Robert A., Dennis L. Carter, and Raymond S. Bamford. “Intel Corporation : The Evolution Of An Adaptive Organization Epoch I : Intel The Memory Company, 1969-1985.” Stanford Business Case Study, Case No. SM65 (1999): http://www.gsb.stanford.edu/faculty-research/case-studies/intel-corporation- evolution-adaptive-organization (accessed November 16, 2015).
54
Butler, Sean C. “Refocusing Cyber Warfare Thought.” Air and Space Power Journal 27 (February 2013): 44–57. http://www.au.af.mil/au/afri/aspj/digital/pdf/articles/Jan- Feb-2013/F-Butler.pdf (accessed February 20, 2015).
Caton, Jeffrey L. “Army Support of Military Cyberspace Operations: Joint Contexts and Global Escalation Implications.” Strategic Studies Institute (2015). http://www.strategicstudiesinstitute.Army.mil/pubs/display.cfm?pubID=1246 (accessed November 16, 2015).
Chang, Welton, and Sarah Granger. “Warfare in the Cyber Domain.” Air and Space Power Journal (2011): 1–10. http://cnponline.org/p/air-and-space-power-journal- warfare-in-the-cyber-domain/ (accessed February 22, 2015).
Chen, Thomas M. “An Assessment of the Department of Defense Strategy For Operating in Cyberspace.” Strategic Studies Institute. Vol. I, (2007). http://www.carlisle.Army.mil/ssi (accessed February 20, 2015).
Cilluffo, Frank J, and Joseph R Clark. “Preparing For Netwars: Repurposing Cyber Command.” Parameters 43(4) 2, no. 2 (2013). http://www.strategicstudiesinstitute.Army.mil/pubs/Parameters/issues/Winter_2013/1 1_CilluffoandClark.pdf (accessed February 22, 2015).
Clayton, Mark. “Pentagon Unveils Its New Cyberstrategy. Well, Some of It, Anyway.” Christian Science Monitor. Last modified 2011. Accessed January 19, 2015. http://www.csmonitor.com/USA/Military/2011/0714/Pentagon-unveils-its-new- cyberstrategy.-Well-some-of-it-anyway (accessed January 19, 2015).
Collier, Zachary a., Igor Linkov, and James H. Lambert. “Four Domains of Cybersecurity: A Risk-Based Systems Approach to Cyber Decisions.” Environment Systems and Decisions 33 (2013): 469–470 http://download v2.springer.com/static/pdf/965/http://link.springer.com/article/10.1007%2Fs10669- 013-9484-z (accessed February 22, 2015).
Conti, Gregory, and John Surdu. “Army, Navy, Air Force, and Cyber — Is It Time for a Cyberwarfare Branch of Military?” IA Newsletter 12, no. 1 (2009): 14–18. http://iac.dtic.mil/csiac/download/Vol12_No1.pdf (accessed January 27, 2015).
Cordray III, Robert, and Marc J. Romanych. “Mapping the Information Environment.” IOSphere Joint Information Operations Center (2005): 7–10. http://www.au.af.mil/info-ops/iosphere/iosphere_summer05_cordray.pdf (accessed January 25, 2015).
Davis, Stanley M., and Paul R. Lawrence. “Problems of Matrix Organizations.” Harvard Business Review. Last modified 1978. https://hbr.org/1978/05/problems-of-matrix- organizations (accessed February 24, 2015).
55
Easterly, Jen. “Cyber Warriors Despite an Inhospitable Culture.” Smallwarsjournal.com 07 (2010). http://smallwarsjournal.com/jrnl/art/recruiting-development-and-retention- of-cyber-warriors-despite-an-inhospitable-culture (accessed February 4, 2015).
Endres-Niggemeyer, Brigitte. “Semantic Mashups: Intelligent Reuse of Web Resources”. Springer, 2013. Print.
Erbacher, Robert F, Deborah a Frincke, Pak Chung Wong, Sarah Moody, and Glenn Fink. “A Multi-Phase Network Situational Awareness Cognitive Task Analysis.” Information Visualization 9, no. 3 (2010): 204–219. http://ivi.sagepub.com/content/9/3/204.abstract (accessed February 4, 2015).
Frank L. Turner III. “The Army in Cyberspace.” Nation Security Watch 14-1, May (2014): 1–12. (accessed February 26, 2015).
Franke, Ulrik, and Joel Brynielsson. “Cyber Situational Awareness – A Systematic Review of the Literature.” Computers & Security 46 (2014): 41 (accessed February 22, 2015). http://dx.doi.org/10.1016/j.cose.2014.06.008 (accessed February 17, 2015).
Freedberg Jr., Sydney J. “People, Cyber & Dirt: Army & SOCOM’s ‘Strategic Landpower.’” Breaking Defense. Last modified 2013. (accessed February 5, 2015). http://breakingdefense.com/2013/10/people-cyber-dirt-Army-socoms-strategic- landpower/ (accessed February 4, 2015).
Freedberg Jr., Sydney J. “The Army’s Plan For Cyber, One Bright Spot In Its Budget.” Breaking Defense. Last modified 2014. http://breakingdefense.com/2014/02/the- armys-plan-for-cyber-one-bright-spot-in-its-budget/ (accessed February 5, 2015).
Gorman, Siobhan. “Cybersecurity Chief Resigns.” The Wall Street Journal. (Last modified 2009). http://www.wsj.com/articles/SB123638468860758145 (accessed February 22, 2015).
Gould, Joe. “Be an Army Hacker: This Top Secret Cyber Unit Wants You.” Army Times. Last modified 2013. http://archive.Armytimes.com/article/20130408/CAREERS/304080008/Be-an-Army- hacker-top-secret-cyber-unit-wants-you (accessed February 4, 2015).
Gray, Colin. “Making Strategic Sense of Cyber Power: Why the Sky Is Not Falling.” Strategic Studies Institute (2013) (accessed February 4, 2015)..
Halliday, Josh. “US Cyber Security Chief Quits After Hacker Attacks.” The Guardian. Last modified 2011. http://www.theguardian.com/technology/2011/jul/26/us-cyber- security-chief-quits (accessed February 23, 2015).
Hayden, Dale L. “The Search for Space Doctrine’s Warfighting Icon.” Air and Space Power Journal. (December 2014): 55–66.
56
http://www.au.af.mil/au/afri/aspj/digital/pdf/articles/2014-Nov-Dec/V-Hayden.pdf (accessed March 20, 2015).
Healey, Jason. “A Fierce Domain: Conflict in Cyberspace, 1986 to 2012.” (Cyber Conflict Studies Association, 2013). Print.
Headquarters, U.S. Department of Defense. “Department of Defense Strategy For Operating in Cyberspace.” (2011). http://www.defense.gov/news/d20110714cyber.pdf (accessed January 25, 2015).
Headquarters, U.S. Joint Forces Command “Cyberspace Operations” Joint Publication 3- 12, (February 2013):62. http://www.fas.org/irp/doddir/usaf/afdd3-12.pdf. (accessed February 5, 2015).
______. “Information Operations.” Joint Publication 3-13. (November 2012). http://www.dtic.mil/doctrine/new_pubs/jp3_13.pdf (accessed January 20, 2015).
______. “Joint Intelligence Preparation of the Operational Environment.” Joint- Publication-2-01.3, (June 2009): 285. http://fas.org/irp/doddir/dod/jp2-01-3.pdf (accessed February 5, 2015).
______. “Joint Operations.” Joint Publication 3-0. (August 2010):1–34. http://www.dtic.mil/doctrine/new_pubs/jp3_0.pdf (accessed January 20, 2015).
______. “Joint Operations Planning.” Joint Publication 5-0. (August 2011). http://www.dtic.mil/doctrine/new_pubs/jp5_0.pdf (accessed February 5, 2015).
______. “Space Operations.” Joint Publication 3-14. (May 2013). http://www.dtic.mil/doctrine/new_pubs/jp3_14.pdf (accessed April 12, 2015).
Headquarters, U.S. Department of the Army “Cyber Electromagnetic Activities.” U.S. Army Field Manual 3-38 (2014). http://armypubs. Army.mil/doctrine/DR_pubs/dr_a/pdf/fm3_38.pdf (accessed January 20, 2015).
______. “Cyberspace Operations Concept Capability Plan 2016-2028.” TRADOC Pamphlet 525-7-8, (February 2010). http://www.fas.org/irp/doddir/Army/pam525-7- 8.pdf (accessed February 24, 2015).
______. “The U.S. Army Land Cyber White Paper 2018-2030.” U.S. Army Cyber Command, (September 2013). http://dtic.mil/dtic/tr/fulltext/u2/a592724.pdf (accessed March 17, 2015).
Hurley, Matthew M. “For and from Cyberspace: Conceptualizing Cyber Intelligence, Surveillance, and Reconnaissance.” Air and Space Power Journal 26, (December 2012): 12–33 (accessed April 7, 2015).
57
Horrocks, Ian et al. “SWRL: A Semantic Web Rule Language Combining OWL and RuleML”. World Wide Web Consortium. (May 2004). http://www.w3.org/Submission/SWRL/ (accessed July 22, 2015).
Hitzler, Pascal, Markus Krötzsch, Bijan Parsia, Peter F. Patel-Schneider, Sebastian Rudolph. “OWL 2 Web Ontology Language: Primer ”. World Wide Web Consortium, 2nd Edition. (December 2012). http://www.w3.org/TR/2012/REC-owl2- primer-20121211/ (accessed July 10, 2015).
Kelley, Colonel Olen L. “Cyberspace Domain: A Warfighting Substantiated Operational Environment Imperative.” United States Army War College, (2008) (accessed March 20, 2015).
Kruse, Keith, Charles B. Cushman Jr., Darcy M.E. Noricks, and Craig Baker. “US Space Management and Organization: Evaluating Organizational Options.” http://fas.org/spp/eprint/article04/article04.html. (accessed April 11, 2015).
Lemos, Robert. “U.S. Cybersecurity Chief Resigns.” CNET News. Last modified 2004. http://news.cnet.com/U.S.-cybersecurity-chief-resigns/2100-7348_3-5392501.html (accessed February 22, 2015).
Libicki, Martin C. “Cyberspace Is Not a Warfighting Domain.” Journal of Law and Policy 8 (2012): 325–336 http://moritzlaw.osu.edu/students/groups/is/files/2012/02/4.Libicki.pdf (accessed January 20, 2015).
Lynn, William J. III. “Defending a New Domain: The Pentagon’s Cyberstrategy.” Foreign Affairs. Last modified 2010. http://www.foreignaffairs.com/articles/66552/william-j-lynn-iii/defending-a-new- domain (accessed February 20, 2015).
Mandrick, William. “A Strategy for Military Ontology” [PowerPoint Slides]. Retrieved from Lecture Notes Online Web site: http://ncorwiki.buffalo.edu/index.php/Ontology_for_Intelligence,_Defense_and_Secu rity (accessed June 15, 2015).
McGuffin, C., and P. Mitchell. “On Domains: Cyber and the Practice of Warfare.” International Journal: Canada’s Journal of Global Policy Analysis 69 (2014): 394– 412. http://ijx.sagepub.com/lookup/doi/10.1177/0020702014540618 (accessed February 20, 2015).
Mitchell, Edward John. “Apogee, Perigee, and Recovery: Chronology of Army Exploitation of Space.” RAND, (1991). http://www.rand.org/pubs/notes/N3103.html (accessed April 20, 2015).
58
Mitchell, William. “Winged Defense; The Development and Possibilities of Modern Air Power - Economic and Military”. New York London: G.P. Putnam’s Sons, (1926). http://hdl.handle.net/2027/mdp.39015064459731 (accessed March 17, 2015).
Murphy, Matt. “Cyberwar: War in the Fifth Domain.” The Economist. (2010). http://www.economist.com/node/16478792 (accessed January 20, 2015).
Obrst, Leo, Penny Chase, and Richard Markeloff. “Developing an Ontology of the Cyber Security Domain.” Seventh International Conference on Semantic Technologies For. Intelligence, Defense, and Security – STIDS 966, (2012): 49–56. http://ceur- ws.org/Vol-966/STIDS2012_T06_ObrstEtAl_CyberOntology.pdf. (accessed June 15, 2015).
Paul, Christopher, Isaac R. Porche III, and Elliot Axelband. “The Other Quiet Professionals: Lessons for Future Cyber Forces from the Evolution of Special Forces”, RAND (2005). http://www.rand.org/pubs/research_reports/RR780.html (accessed February 4, 2015).
Paul, Christopher, Isaac R. III Porche, Elliot Axelband, Michael York, Chad C. Serena, Jerry M. Sollinger, Endy Y. Min, and Bruce J. Held. “Redefining Information Warfare Boundaries For An Army In A Wireless World” Santa Monica, CA: RAND, 2013. Print.
Pavadore, Anita. “Cyber-EW Techniques for RF Communications”. [powerpoint slides], Cvber / Electronic Warfare Convergence, Module 2.3: Cyber-EW Techniques for RF Communications, Georgia Institute of Technology Research Institute, Cyber and Electronic Warfare Short Course Class Notes (2015).
Prince, Andrew. “NPR: Evolution Of Military Aviation.” National Public Radio. http://www.npr.org/news/graphics/2009/mar/flighttimeline/index.html?start=8 (accessed March 17, 2015).
Roberts, Priscilla Mary, and Spencer Tucker. “World War I, 1914-1918— Encyclopedias”. Santa Barbara, Calif: ABC-CLIO, (2005). http://proxygw.wrlc.org/login?url=http://search.ebscohost.com/login.aspx?direct=true &db=e000xna&AN=140915&site=ehost-live (accessed March 17, 2015).
Robinson, D., and G. Cybenko. “A Cyber-Based Behavioral Model.” The Journal of Defense Modeling and Simulation: Applications, Methodology, Technology, 9 (2012): 195–203.
Savage, Bill. “Defense-Intelligence Space Integration”, Commission to Assess United States National Security Space Management and Organization. (2000). http://fas.org/spp/eprint/article01.html (accessed April 11, 2015).
59
Schreiber, Guus and Yves Raimond. “RDF 1.1 Primer”. W3C Working Group, (February 2014). http://www.w3.org/TR/rdf11-primer/ (accessed July 10, 2015).
Semy, Salim K., Mary K. Pulvermacher, and Leo J Obrst. “Toward the Use of an Upper Ontology for U.S. Government and U.S. Military Domains An Evaluation.” Mitre Technical Report. (2004). handle.dtic.mil/100.2/ADA459575 (accessed July 12, 2015).
SPARQL Working Group. SPARQL 1.1 Overview. W3C Recommendation. (March 2013). http://www.w3.org/TR/sparql11-overview/ (accessed July 10, 2015).
Stavridis, James (ADM. Retd), and David Weinstein. “Time for a U.S. Cyber Force.” U.S. Naval Institute Proceedings. Last modified 2014. http://www.usni.org/magazines/proceedings/2014-01/time-us-cyber-force. (accessed February 4, 2015).
Sternstein, Aliya. “Attention, Cyber Pros: The Pentagon Wants You-3,000 of You.” Defense One, Last modified 2015. http://www.nextgov.com/cybersecurity/2015/03/pentagon-has-until-2016-extend- 3000-jobs-offers-civilian-cyber-whizzes/106842/. (accessed April 24, 2015).
______. “The Military’s Cybersecurity Budget in 4 Charts.” Defense One, Last modified 2015. http://www.defenseone.com/management/2015/03/militarys- cybersecurity-budget-4-charts/107679/ (accessed April 12, 2015).
Sy, Thomas, and Laura Sue D’Annunzio. “Challenges and Strategies of Matrix Organizations: Top-Level and Mid-Level Managers’ Perspectives.” Booz Allen Human Resource Planning 28 (2005): 39. http://www.boozallen.com/media/file/HRPS_Challenges_Strategies_Matrix_Orgs.pdf (accessed February 24, 2015)
Tate, Dr. James P. “The Army and Its Air Corps: Army Policy Toward Aviation 1919– 1941.” Air University Press, (June 1998). http://www.au.af.mil/au/aupress/digital/pdf/book/b_0062_tate_Army_air_corps.pdf (accessed March 17, 2015).
The MITRE Corporation, “MITRE Systems Engineering Guide (SEG),” (2014): 2. http://www.mitre.org/sites/default/files/publications/se-guide-book-interactive.pdf (accessed August 11, 2015).
Tilghman, Andrew. “Drone Medal Dumped; High-Tech Troops To Be Honored With Device.” Army Times. Last modified 2013. http://archive.Armytimes.com/article/20130415/NEWS/304150023/Drone-medal- dumped-59-high-tech-troops-honored-device. (accessed February 24, 2015).
60
U.S. Army Training and Doctrine Command Combined Arms Center, Capability Development Integration Directorate “Army Cyber/Electromagnetic Contest Capabilities Based Assessment” (December 2011). https://info.publicintelligence.net/Army-CyberContest-1.pdf (accessed February 28, 2015).
Vergun, David. “Cyber Network Defender MOS Now Open to NCOs.” Army News. Last modified 2014. http://www.Army.mil/article/123328/ (accessed February 4, 2015).
Vickery, B C. “Ontologies.” Journal of Information Science 23 (4) (1997): 277–86. http://jis.sagepub.com/content/23/4/277.full.pdf+html (accessed August 8, 2015).
Weiss USAF, Geoffrey F. “Exposing the Information Domain Myth: A New Concept for Air Force and Information Operations Doctrine.” Air & Space Power Journal 22, no. 1 (2008):49–62,126. http://proxygw.wrlc.org/login?url=http://search.proquest.com/docview/217773213?ac countid=11243 (accessed January 27, 2015).
Williams, Brett T. “The Joint Force Commander’s Guide to Cyberspace Operations.” Joint Force Quarterly 2nd Quarter, no. 73 (2014): 12–19. http://ndupress.ndu.edu/News/NewsArticleView/tabid/7849/Article/577499/jfq-73- the-joint-force-commanders-guide-to-cyberspace-operations.aspx (accessed February 22, 2015).
61
Appendix A
Drawing from the LandCyber Framework on convergence, a 2013 study from the
RAND Corporation highlighted cyberspace, electronic warfare (EW), and the EMSO are intrinsically overlapped and converging as Cyber-Electromagnetic Activities (CEMA).
The study similarly used the standard view of a system as elements functioning together to produce results, or provide a function (Rechtin, 1991). This system’s perspective allowed for a decomposition of the functions to determine areas of similarity or convergence (Paul et al., 2013, 46). To demonstrate the LandCyber’s framework of convergence, the study did an analysis of overlaps in tasks related to EW and EMSO. In comparing the tasks they asked, “Is this EMSO task involved in accomplishing this EW task?” and “Is this EW task involved in accomplishing this EMSO task?”18 Of the 435 possibilities their findings suggested an overlap in 106, or 24% of the tasks (Paul et al.,
2013). Therefore to facilitate this convergence they recommended the U.S. Army refine their doctrinal organization for operations in cyberspace.19
Applying the same methodology and questions, let us now consider the relation, not in areas of operations, but in the tasks of two potentially different career fields; the first within the Signal Corps (SC) and the second within Military Intelligence (MI) shown in
Appendix C. The tasks represent an example drawn upon from individual required skills at the Brigade to Corps level, based on the U.S. Army Universal Task List.20 The results in Fig. 19 show similarities to the previous study.
18 The phrasing of these questions is significant because convergence and overlap of endstates does not imply the methods of achieving the endstate are the same. As an example, a military task may be to destroy a building. This would require two very different sets of skills if it were to be carried out by a tank versus a plane. 19 The study gave other recommendations that were put into effect. The focus of this section is the areas that still need resolution. 20 http://armypubs.mil/doctrine/DR_pubs/dr_a/pdf/fm7_15.pdf
62
Network Defender Tasks SC1 SC2 SC3 SC4 SC5 SC6 SC7 SC8 SC9 SC10 SC11 MI1 MI2 MI3
Network Warfare Tasks MI4 MI5 MI6 MI7 MI8 MI9 MI10 MI11 MI12
MI13 MI14 MI15 MI16 Fig. 19: Overlapping Network Warfare and Defense Tasks
Calculating the overlap is simply the sum of the tasks with a ‘yes’ answer to the proposed questions, divided by the total number tasks. The mathematical source for the calculation of similarity can be understood through the Jaccard Index: � �, � = |!∩!|. |!∪!|
82 of the 176 tasks, or 47%, displayed either direct correlation or represented an area where one task relied on knowledge of the other. This further supports convergence, but also draws attention to the training redundancy of two disparate career fields.
Convergence is thus the catalyst to reorganize and integrate operational capabilities.
63
Appendix B
The distinguishing aspect of a matrix organization is that two entities are given equal value, as seen in Fig. 20 each node within the matrix would be responsible to report to a business and a function (Ancona et al., 2009). The strength of this design is the ability to balance two equally important roles: ie. the first node in Fig. 20 would allow an engineer to maintain technical coordination, while working for Business A.
Fig. 20: Matrix Organization (Ancona et al., 2009)
Large businesses, like the Intel Corporation, disprove the notion that technical organization cannot succeed under large matrix structures such as these. This is because, similar to the military, different groupings at different levels achieve the desired endstate.
More importantly, they have organizational practices that promote technical expertise.
An examination of what makes large technical organizations successful offers opportunity for military application.
Intel’s founding depicts one of the earliest examples of a ‘flat’ organization, born out of the ambitions of scientists who wanted to leave behind hierarchical and bureaucratic structures to pursue their true ideals (Burgelman et al., 1999). With the company’s success came growth, which meant increased organizational structure. In present, the
64 corporation’s size represents something the early founders may have walked away from.
Having its roots as a tech leader, and maintaining that status has helped to recruit and retain talent. Yet in a time when many technology savvy personnel are often mobile with their careers, it is also the way in which they support their experts that fosters commitment.
The concept of a ‘dual ladder’ is nothing new, the term has in fact grown to draw rebuke for its lofty goals and failure to deliver (Allen et al., 1986). The theory is simple, the execution difficult; create a career progression for technical positions that can parallel managerial ones. Intel, however, has been able to prove its feasibility by creating a system that recognizes the prestige of its experts. As growth during the 1980s led to cultural changes, implementing a dual ladder did not prove easy (Burgelman et al., 1999).
To do so required not only equal pay, but also recognition of the highest levels of technical excellence by creating the position of Senior Fellow, on par with that of a
General Manager.21
The military cultural shift would be in applying this same recognition towards highly skilled positions in cyberspace. This idea, in fact, supports the U.S. Army’s vision for the technical progression within this field as highlighted in Fig. 21 from the 2010 Cyber
Capabilities Based Assessment (CBA) Contest (U.S. Army, 2010). Furthermore, the services’ already know how to recruit and incentivize specialty fields. Paul et al. made this point as an example for similar career progressions in the technology field.
21 These cases suggest that in current discussions, when debating a technologist’s unwillingness to work in a large bureaucratic culture, the cultural lens seems to have more significance than the actual strategic grouping.
65
Fig. 21: C/EM Expertise Map (C/EM Contest 2010)
66
Appendix C
Table 1: Example Network Warfare Soldier Tasks
MI No. MI Task MI1 Analyze a Computer System Architecture MI2 Analyze a Computer Network Architecture MI3 Produce an Assessment of a Target Network Security Posture MI4 Determine an Exploitation Method MI5 Analyze Digital Forensics Data MI6 Perform Basic Analysis of Suspicious Software MI7 Develop a Cryptologic Network Warfare Capability Requirement MI8 Perform Intermediate Analysis of Suspicious Software MI9 Validate an Assessment of a Target Network Security Posture MI10 Collect Digital Forensics Data MI11 Validate Architectural Analysis MI12 Implement an Exploitation Method MI13 Perform Cryptologic Network Warfare Mission Management Functions MI14 Direct Digital Forensics Processes MI15 Draft a Cryptologic Network Warfare Plan MI16 Direct an Exploitation Operation
Table 2: Example Network Defender Tasks
SC SC Task No. SC1 Implement Network Protection Measures SC2 Implement Information Assurance Policy SC3 Recognize Electronic Attack (EA) and Implement Electronic Protection (EP) SC4 Establish ECCM Network SC5 Conduct Electronic Counter- Countermeasures (ECCM) Network Controller (ENC) Operations within the Defense Satellite Communications System (DSCS) SC6 Conduct Cyberspace Operations-Focused Intelligence Preparation of the Environment Analysis SC7 Identify the basic structure and terminology associated with computer networks and Supervisory Control and Data Acquisition (SCADA) SC8 Recognize the cyber-focused Intelligence Preparation of the Battlefield processes SC9 Identify DoD’s structural framework for conducting Computer Network Exploitation. SC10 Recognize the relevance of the Joint Operation Planning Process and the Adaptive Planning and Execution System (APEX) as they apply to Information Operations (IO) and Cyberspace Operations SC11 React to a Possible Attack on a Government Networked Device
67
Appendix D
The outcome of remaining modularized, and failing to respond to convergence is represented in the evolution of doctrine and organization in U.S. Army Aviation operations. The role of U.S. Army helicopters generally took its mission from the design of each aircraft. Thus an observation helicopter held the role of reconnaissance and an attack helicopter that of attack operations. A helicopter battalion was constructed by specific airframe, which can be viewed as a grouping by function. In this case the aircraft with the role of reconnaissance were grouped together in that function. Though each aircraft could perform both missions, doctrine split between FM 1-114 Air Cavalry
Squadron and Troop Operations and FM 1-112 Attack Helicopter Operations (FM 3-
04.126, 2007, i). This resulted in not only overlapping doctrine, but also associated certain mission sets with particular aircraft.
Though both aircraft are mentioned in either manual, the separation promoted a singular mindset of mission capabilities within each airframe. Greater still, the grouping caused confusion for external agencies by associating aviation capabilities with specific aircraft. By having distinguishing manuals this resulted in associating a desired end state with a particular airframe. As an example, if ground forces needed reconnaissance conducted they would request an observation platform, as opposed to requesting an effect and letting planners determine the best allocation for the mission. In 2007 the manuals combined under FM 3-04.126 Attack Reconnaissance Helicopter Operations, which reduced redundancy and promoted interoperability of capabilities.
Further similarities are visible when looking at the current organization of an aviation battalion. In a garrison environment the units are still grouped by airframe type, or
68 functional organization. While in a deployed environment they group in task forces of various types of aircraft, similar to a product grouping, with the product being full spectrum aviation operations. Though recent military conflicts have further substantiated the need to organize as a task force, implementing this construct in garrison has proven difficult due to established practices. The benefits of grouping by ‘product’ in garrison operations are outweighed by the ease of continuing with the existing infrastructure.
69