CybersecurityNew report urges policy overhaul, transparency in offensive cyber operations

Published 10 November 2014

A newly released report, titled Joint Publication 3-12(R) and authored by the Joint Chiefs of Staff, has revealed that some top commanders are calling for a policy overhaul and more public transparency in offensive cyber operations, given the growing need for such operations. Some previous documents have been published on the topic, but there is no official U.S. military policy book for cyber operations.

A newly released report, titled Joint Publication 3-12(R) and authored by the Joint Chiefs of Staff, has revealed that some top commanders are calling for a policy overhaul and more public transparency in offensive cyber operations, given the growing need for such operations.

As FCW reports, the document was first circulated in February of 2013 and only released publicly on 21 October. The paper acknowledges that “growing reliance on cyberspace around the globe requires carefully controlling OCO [offensive cyber operations], requiring national level approval.” The report also says that there is a need clearly to define offensive cyber operations as “those intended to project power by the application of force in and through cyberspace,” and what, ultimately, these operations can do to affect policy.

Many view the public release as a welcomed change.

“Just think of…the problems of classification over the last ten years,” said Jay Healey, the director of the Atlantic Council’s Cyber Statecraft Initiative, “By completely classifying ‘China’ and what was going on, treating it like it was a huge counterintelligence secret, it delayed us from trying to react to Chinese espionage, in ways, for decades.”

Healey hopes that the disclosure will make the public debate U.S. military goals within the realm of cyberspace. If physical conflicts deserved some debate on policy and strategy, then why not within the cyber realm as well?

“To get to the point where we can declassify some of this is a big step. The doctrine is legitimizing that seat at the table, where you are absolutely going to see offensive cyber operations used more often and more openly,” said Robert M. Lee, a digital forensic specialist at King’s College London and an active-duty Air Force cyber warfare operations officer.

Some previous documents have been published on the topic, but there is no official U.S. military policy book for cyber operations. “In that sense, the newly released document could help bring offensive cyber operations to the fore,” said Lee.

U.S. Cyber Command has been established four years ago, but its commander, Admiral Michael Rogers has reported that the unit is closely monitoring elements such as ISIS in cyberspace.

While there is still the issue of incorporating civilian agencies into the policy, as well as House Intelligence chairman Mike Rogers’s (R-Michigan) recent call for further cross-agency coordination, these steps by the military are expected to be some of the first to guide the definition of federal cybersecurity policy and strategy.