89
Targeting Technology:
Mapping Military Oensive
Network Operations
Abstract: State-sponsored network intrusions are publicly and frequently exposed
but assessing how militaries conduct offensive network operations remains difcult.
Data can be transmitted near-instantaneously, yet cyber-attacks can take months or
even years to mature, complicating attempts to integrate them into joint operations.
What challenges, risks, opportunities and advantages are associated with attacking
networks? This paper argues that military offensive network operations can be usefully
cast into a two-part taxonomy: event-based attacks and presence-based attacks. These
are then applied to practical use-cases drawn from existing strategies, case studies
and current military platforms. Event-based operations include all instances in which
the target is directly and in real time attacked by compromise of its software and may
appear roughly analogous to physical weapons. Presence-based operations include
all network intrusions in which the attackers traverse compromised networks until
targets are located, assessed, and weaponized for later activation, more analogous to
a clandestine sabotage operation. Distinguishing between these two types is crucial;
they offer different solutions, encompass varying risks, and may require different
resources to accomplish. Event-based attacks can offer a tactical advantage against
a single adversary platform or network. A successful presence-based operation may
result in a strategic advantage against a stronger force. Each of the two operation types
is broken into phases as dened by the US Department of Defense Common Cyber
Threat Framework. The model envisions four steps in the network operation life-
cycle: preparation, engagement, presence and effect. By anchoring the assessment
using the framework, the unique characteristics of both operation types become easier
to analyze.
Keywords: cyber warfare, network operations, cyber attacks, offensive cyber
Daniel Moore
Department of War Studies
King’s College London
London, United Kingdom
daniel.d.moore@kcl.ac.uk
2018 10th International Conference on Cyber Conict
CyCon X: Maximising Eects
T. Minárik, R. Jakschis, L. Lindström (Eds.)
2018 © NATO CCD COE Publications, Tallinn
Permission to make digital or hard copies of this publication for internal
use within NATO and for personal or educational use when for non-prot or
non-commercial purposes is granted providing that copies bear this notice
and a full citation on the rst page. Any other reproduction or transmission
requires prior written permission by NATO CCD COE.
