Integrating Cyber Effects into the Joint Targeting Cycle Published Feb. 3, 2020 By Capt James M. Black, USAF Wild Blue Yonder / Maxwell AFB, AL -- Since World War II, the US military has conducted joint targeting as a way to integrate capabilities and resolve disagreements about the application of these capabilities to targets. This concept arose when the military corporately realized that target lists, prioritization of these targets, and the plan to effect these targets were being created in different agencies simultaneously, thus duplicating effort and causing friction between competing mission priorities. What is known today as the Joint Targeting Coordination Board (JTCB) was introduced as a forum for service and component planners to meet and decide on target criticality to best utilize American airpower to defeat Axis forces. The impetus for this forum arose from a disagreement between US Army Air Corps and Navy leaders and Gen Douglas MacArthur, the supreme commander of forces in the Pacific, who wished to use airpower for direct support of American forces during the anticipated invasion of the Japanese mainland. The US Army Air Corps and Navy leaders believed that utilizing airpower to blockade and conduct strategic bombing over Japan was more important. This conflict, and the lack of a specific office or official charged with the arbitration of targeting caused the Joint Chiefs of Staff (JCS) to produce the Joint Target Group, which they gave the task of conduct targeting analysis and integrating among the military services and other organizations and providing target recommendations.1 This set the basis for joint targeting, which is now fleshed out in Joint Publication 3-60 Joint Targeting and Chairman of the Joint Chiefs of Staff Instruction (CJCSI) 3370.01C Target Development Standards, as well as many service-specific publications. Joint targeting has been a proven cornerstone of successful operations, culminating in the success of operations such as Desert Storm and, more recently, Iraqi Freedom. At the opposite end of the developmental spectrum is cyberwarfare, a method of waging war that has gained in popularity, scope, and effectiveness since the 1980s. Initially, cyberweapons were relatively simple, as illustrated by a virus dubbed “Brain.A,” a program that renamed a file on an infected computer to “Brain” and had the potential to freeze the machine as well. This virus, while relatively innocuous, was the first cybershot in a war that has reached a fever pitch in the modern era. Cyberweapons have evolved, first into “worms” that copied themselves repeatedly, creating denial of service (DNS) issues, then to elaborate scams known as phishing. Today, cyberweapons have revolutionized the battlefield, with botnets taking control of legions of computers worldwide and conducting malicious, automated operations: stealing personal data, collecting sensitive documents, and even piecing together personal profiles of victims to conduct social engineering for waging influence operations (IO) against unwitting target audiences.2 The concept of cyberwarfare has not been limited to negative effects; indeed, many of the same capabilities used by the proverbial bad guys have been adapted to conduct defensive and even offensive operations by the US military. The oft cited example of Stuxnet is generally attributed to American cyberactors, sponsored by the US government. Richard Clarke, the US counterterrorism czar under three administrations, related in a 2012 interview with Smithsonian Magazine, “I think it’s pretty clear that the United States government did the Stuxnet attack.”3 Indeed, the evidence is consistent with US objectives in countering Iranian access to refined uranium, but there has been no official statement from the US government, nor anyone else, claiming responsibility for the event. Additionally, the United States, via US Cyber Command (USCYBERCOM) and other organizations, routinely conducts defensive cyberactions to safeguard American interests online. What this illustrates is the widening of warfare, and the investment the United States has made into conducting cyberwarfare, which begs the question: How are effects in the cyber domain linked into combat operations, and how are cybertargets decided upon? Using guidance presented in JP 3-0, JP 3-60 and CJCSI 3370.01C, cyber effects and targeting may be effectively presented for a combatant commander in the same format as “traditional” targets. With development of better “supported/supporting” command relationships between USCYBERCOM and combatant commands, cyberwarfare must be expanded to effectively meet the demands of operation plans through timely, effects-based targeting. Effects-based targeting, known more widely as effects-based approach to operations (EBAO), refers to the fact that modern US military planners are expected to work toward a desired end state.4 These end states are defined as effects, in that action taken against a target must have a desired effect to justify it. For example, if a planner targets an infantry position and elects to engage it with high-explosive (HE) artillery fires, it is justified because the commander’s intent demands it in the form of a desired effect, in this case, “Attrit and degrade enemy infantry formations to shape the battlefield in preparation for a follow-on infantry assault.” While this example is simple, it illustrates the point that any action taken must be underpinned by an intended effect, in this case, weakening enemy troop strength to prepare the battlefield for friendly operations. HE artillery rounds are largely an effective weapon against unprepared infantry positions and, therefore, a good munition for the intent. The ends must justify the means. The same can be said for cyberspace, which is another domain among the others: land, air, sea, space, and the electromagnetic spectrum. It offers commanders additional capabilities and challenges, when conducting operational planning, but is essential in preparing to fight on future battlefields. Because of the increased role that domains such as cyberspace, space, and the electromagnetic spectrum play in military operations, service leaders have reshaped the training and focus of their respective forces to adapt. Known generally as multi-domain operations, this new conceptualization is reminiscent of the AirLand Battle doctrine from the 1980s, which stressed the complimentary and gap-filling roles each domain’s respective capabilities played and the optimal utilization of forces in military operations.5 Multi-domain operations expands on this idea by including space and cyber forces in the friendly order of battle (FrOB) and is intended to provide combatant commanders with capabilities to make their forces more lethal, flexible, and effective, while also increasing their unity and economy. This also means that existing doctrinal maxims are undergoing alteration, while still retaining the pillars that make up the framework of proven concepts such as joint targeting. Photo Details / Download Hi-Res (US Air Force photo by TSgt D. Myles Cullen) Figure 1. Demystifying multi-domain command and control. Brig Gen David J. Kumashiro, USAF, Joint Force Integration director, Deputy Chief of Staff for Strategy, Integration and Requirements, discusses demystifying multi-domain command and control during the Air Force Association’s Air, Space, and Cyber Conference in National Harbor, MD, 17 September 2019. The conference is a professional development seminar that offers the opportunity for DOD personnel to participate in forums, speeches, and workshops. Throughout the period from 2001 to 2019, the US military has been engaged in low-intensity irregular warfare against foes with little conventional capability, instead relying on asymmetric capabilities. Conflict environs have largely been permissive, meaning that forces could be employed at a time and place of the commander’s choosing. This span of time has caused an atrophy in understanding how to wage conventional war. Members that entered the service since 2001 have only known the counterterrorism fight and now make up the bulk of the DOD’s echelons. It is difficult to find veterans of the Cold War in the ranks—those familiar with large-scale, transcontinental conflict. This has led to a corporate brain drain, and leaders are working to establish effective forces to prepare for engagements with adversaries that are of relative parity to the United States. Examples include the renewed interest in large-scale conventional training exercises in Europe, changes in force posturing and basing, and even in uniforms, as witnessed by the recent acquisition of Operational Camouflage Pattern (OCP), which is adaptable to multiple environs outside of the Middle East. Moreover, services are reintroducing classical techniques of war fighting, such as celestial navigation and operations in austere environments, to cope with the realities of a battlefield stripped of the technological high ground and forward operating bases enjoyed during the counterterrorism fight. These changes reflect the urgency the DOD is feeling as the focus of future fights shifts to near peers and highlight the need for a force that is integrated in terms of capabilities and domains. As the chairman of the Joint Chiefs of Staff seeks to transform the armed forces from a regional mind-set to a “global” one, so too must combatant commands revise their thinking concerning the relationship of supported and supporting commands.6 USCYBERCOM has never fully adopted the concept of support to other combatant commands. A clear illustration of this may be observed in Joint Publication 3-12 Cyberspace Operations. Under the topic of command relationships, the JP stipulates that during day-to-day operations “CNMF commander has OPCON of NMTs/NSTs and national CPTs. . . . [and that] JFHQ-C commanders have OPCON of CMTs/CSTs,” meaning that combatant commanders, who are identified as supported commanders, have no actual operational authority over any fielded forces, except those assigned to them, meaning any personnel that happen to be from a cyber career field but not part of the cyber mission force. This relationship changes under contingency conditions, “(a) USCYBERCOM commander retains OPCON of any cyberspace forces USCYBERCOM provides to support a CCDR for crisis/contingency operations. (b) When directed, CCDRs receiving forces from USCYBERCOM for crisis/contingency operations (e.g., a mission-tailored force package [MTFP]) have TACON of those forces,” which still does little for a combatant commander, in that even though forces have been assigned to the command, they have not adequately been planned for, as USCYBERCOM did not provide support for deliberate planning and only provides “mission-tailored force packages,” before defining what the mission actually is for those force packages. This relationship has impacted CCMDs worldwide, because the only available cyber forces to do planning fall under combatant commands and, therefore, have not been delegated adequate authorities or liaison relationships with USCYBERCOM to know what they may plan with in terms of capabilities and degree of support to be expected in the event of contingencies. USCYBERCOM should be responsible for organizing, training, and equipping cyber forces and present them to combatant commands for operational employment in the same way as Air Combat Command does for fighter units. This produces several benefits: (1) ambiguities in planning factors are reduced as cyber capabilities may be included in the FrOB; (2) combatant commands may deliberately plan for cyber capabilities, adding scalability, reversibility, and flexibility to their plans; and (3) combatant commanders can create operation plans that are conducive to multidomain engagement options. Improving operation plans means also improving targeting, which is done with an eye to commander’s intent. Under the current supported/supporting relationship, cyber personnel are beholden to the needs of both USCYBERCOM and the combatant commands. Therefore, targets that are of interest to the combatant command may not get the planning, development, and apportionment needed to best employ cyberfires, as USCYBERCOM retains operational control of all cyber mission forces in any circumstance and will likely get a majority vote when any conflict arises.7 Cyber planners must split their priorities between their assigned combatant command and their parent command and would not be able to dedicate the appropriate amount of time and effort needed to facilitate effective targeting. To demonstrate this point, CJCSI 3370.01C presents the expectations that must be satisfied in target development. Target development is conducted by the owners of the targets, in this case, cyber planners. Owners must conduct basic, intermediate, and advanced target development, which includes a multitude of responsibilities, including identification of targets, functionally characterizing targets, determining their significance, creating expectation statements, collecting source documentation, and more. JP 3-60 charges UCSYBERCOM to “plan, coordinate, integrate, synchronize,” while at the same time “conduct military cyberspace operations to enable actions throughout the operational environment” and also “facilitate US multinational partner freedom of action in cyberspace while denying the same to our adversaries.” Moreover, the LeMay Center for Doctrine Development and Education intimates that “achieving joint force commander’s (JFC’s) objectives can be accomplished by creating lethal and nonlethal effects, using a variety of kinetic and non-kinetic capabilities.” The LeMay Center continues, “targeting should integrate the full spectrum of capabilities beginning at the onset of planning.” The potential for a rift between competing responsibilities, to say nothing of competing combatant command targeting priorities, puts cyber planners into an untenable situation. The success of the military on the future battlefield depends on the adaptation of new command relationship paradigms. This, coupled with other information-related capabilities, guarantees that the United States may retain a competitive military edge well into the future. Capt James M. Black, USAF Captain Black is a candidate for the USAF’s new 13O multi-domain command-and-control career field. He currently serves as deputy of a target effects team, which integrates combat effects in support of Combined Forces Command objectives and taskings. Captain Black holds a master’s degree in organizational communication of the University of Colorado at Denver and a bachelor’s degree in journalism for the University of Northern Colorado. Notes 1 Maj Michael R. Moeller, “The Sum of Their Fears, The Relationship between the Joint Targeting Coordination Board and the Joint Force Commander” (thesis, Air University, 1995), https://media.defense.gov/. 2 Paul Rosenzweig, “From Worms to Cyber War,” Defining Ideas, 9 December 2011, https://www.hoover.org/. 3 Ron Rosenbaum, “Richard Clarke on Who Was Behind the Stuxnet Attack,” Smithsonian Magazine, 2012, https://www.smithsonianmag.com/. 4 “The Effects-Based Approach to Operations (EBAO),” Curtis E. LeMay Center, 2016, https://www.doctrine.af.mil/. 5 David E. Johnson, “The Lessons from AirLand Battle and the 31 Initiatives for Multi-Domain Battle” Rand Perspectives, 2018, https://www.rand.org/. 6 Jim Garamone, “Global Integration Seeks to Buy Leaders Decision Time, Increase ‘Speed of Relevance’,” Defense.gov, 2018, https://www.defense.gov/. 7 US Department of Defense, JP 3-12: Cyberspace Operations,” 2018, https://www.jcs.mil/.