Cyberspace Operations
Core Definition (BLUF)
Cyberspace Operations (CO) is the U.S. joint doctrine term for the employment of cyberspace capabilities to achieve objectives in or through cyberspace (JP 3-12). It encompasses three functional categories: Computer Network Exploitation (CNE — collection/espionage), Computer Network Attack (CNA — degrading, disrupting, or destroying adversary systems), and Computer Network Defense (CND — protecting friendly systems). As one of the five core pillars of Information Operations (alongside Electronic Warfare, Psychological Operations, Military Deception, and Operations Security), cyberspace operations have become the primary non-kinetic option for states seeking to impose cost on adversaries below the threshold of armed conflict.
Operational Categories
| Category | Abbreviation | Effect | Classification |
|---|---|---|---|
| Computer Network Exploitation | CNE | Intelligence collection; covert presence | Cyber Espionage |
| Computer Network Attack | CNA | Disrupt, degrade, destroy | Offensive CO |
| Computer Network Defense | CND | Protect friendly networks | Defensive CO |
| Offensive Cyberspace Operations | OCO | Encompasses CNE + CNA | Active operations |
| Defensive Cyberspace Operations | DCO | Encompasses CND | Passive + active defense |
Doctrine and Legal Status
Cyberspace operations exist in a contested legal and doctrinal space. Tallinn Manual 2.0 (2017) provides the NATO-aligned interpretation of how IHL applies to cyber operations — but it is non-binding. The threshold at which a cyber operation constitutes an “armed attack” triggering Article 5 collective defense (NATO) or armed conflict (IHL) remains disputed. Operations below this threshold (disrupting public services, financial systems, media) are treated as acceptable statecraft by Russia and China despite causing significant harm.
Contemporary Operational Cases
- Stuxnet (2009–2010): US-Israeli CNA against Iranian uranium enrichment centrifuges at Natanz — the first publicly confirmed destructive cyber weapon
- NotPetya (2017): GRU-attributed CNA via supply chain (M.E.Doc accounting software) causing ~$10B in global damage; attributed to Russia as retaliation against Ukraine
- SolarWinds (2020): SVR-attributed CNE via supply chain (Orion IT management software); compromised ~18,000 organizations including US Treasury, DoJ, NSA
Intersecting Concepts
- Component of: Information Operations, Multi-Domain Operations
- Includes: Cyber Espionage (CNE), Hack-and-Leak Operations (CNE + IO)
- Related capabilities: Electronic Warfare, Signals Intelligence