White Paper

An Esri UK White Paper

Cyber Warfare - The GeoSpatial Approach

Cyber Warfare - The Geospatial Approach

Executive Summary

However, recent experience highlights that this is a challenge with which UK forces continue to struggle as the volume, velocity and variety of information increases against an imperative to act more quickly and with more precision, usually with diminishing resources.

1. Cyber Warfare is something which defence has always undertaken but it is a concept that must now be considered and addressed within the defence and government networks, across the electromagnetic spectrum, global media and cyber holistically. Cyber warfare could be as defined as influencing target audiences by optimising and controlling information flows whilst denying the adversaries the ability to do the same. This document therefore seeks to bring greater clarity and understanding of what cyber warfare includes and what it can achieve.

2. In dealing with cyber there are three domains all of which have a geospatial component:

a. The cognitive domain is the sphere in which human decision-making occurs - effect is created by altering the way in which information is perceived.

b. The virtual domain is the sphere in which intangible activity occurs, it can be used to influence the cognitive domain by denying, altering or manipulating information.

c. The physical domain is the sphere in which physical activity occurs – everything happens somewhere. Human geography can sit both within this domain as well as within the other domains.

3. Offensive and/or defensive intelligence led operations activity can take place in any of these domains in order to achieve effect and key to being more effective in influencing the cognitive domain will require a better understanding of human geography. Activity within the virtual domain has increased significantly – this has resulted in both greater opportunity and increased vulnerability and therefore conducting cyber intelligence activities within the virtual domain offers the potential for: asymmetric attack; greater effect at less cost; more precise effects (but there is still scope for considerable collateral damage) and better alignment with non-military organisations. Activities in the physical domain are the traditional preserve of military forces. However, the nature of the physical effects that may be required is likely to change as there is the need to create effect, kinetic and non-kinetic, within the expanded virtual domain.

4. Using cyber strategically is about exerting influence to change people’s behaviours and attitudes and information they can be exposed to is a key tool in achieving this with the speed, ubiquity and pervasiveness of the worldwide media presenting a highly effective mechanism to get information to a range of target audiences. However, these same mechanisms also result in a risk that UK’s own tactical mistakes could have significant detrimental strategic effect. Achieving influence via this mechanism requires a better understanding of human geography – which includes geospatial information

Information has always been the lifeblood of warfare. The fundamental advantage of knowing more about yourself, your environment and your adversary, than they do, is a constant.

2

Cyber Warfare - The Geospatial Approach

and intelligence, therefore needing to become more proficient at operating in the cognitive domain. There is also a need to understand the information that is critical to the prosecution of operations, which is not the same as needing to know all the information about operations.

5. Defence intelligence activity must be shaped, planned and executed in alignment with the strategic narrative as there is a need to turn the ‘strategic corporal’ to advantage and empower personnel at all levels to interact with the outside world, thus delivering stronger and more coherent influence. Consequently decision making must be rapid enough to plan and authorise engagement with the media at a tempo which can counter adversaries and therefore staff will need the appropriate capabilities e.g. capability, training and bandwidth in order to engage rapidly via a variety of traditional and contemporary channels, direct from the battlespace.

6. In delivering increased precision there is the requirement to synchronise activity across the levers of power; the Confused, Congested, Cluttered and Contested future operating environment and the increasing accuracy offered by weapons technology, all demand greater precision in time and space. This precision is required in the cognitive, virtual and physical domains. To enable this there is a need to have: greater understanding of human terrain/geography; greater understanding of the information flows through the virtual domain; more granular and accurate intelligence information and better ‘meshing’ so that the J2/3/5 functions deliver synergistic effect. The employment of a capability such as a geographical information system (GIS) helps ‘join up the dots’ across all staff branches. This results in a Full Spectrum Targeting cycle with greater processing effort and less combat engagement activity in order to achieve exponential effect. The challenge is to conduct this processing as quickly as possible in order to support an overall increased tempo of warfare and also to support time sensitive targeting.

7. Successful cyber warfare is founded on the basic principles of information assurance (IA), information management (IM) and information exploitation (IX): IA means relying on the availability and integrity of information; IM means knowing what information is held and the ability find it in a timely fashion when needed and IX means exploiting information and presenting it in a form which can then be used in direct support of operational activity. Critical information also needs the disciplines of IA, IM and IX to produce relevant actionable intelligence. Taking a data centric approach migrating through an information approach to one of knowledge based is supported using geospatial information/intelligence. The four core capabilities of cyber warfare are intelligence, battlespace management, command and control and full spectrum targeting defended by force protection and supported by sustainment and service continuity. All these capabilities, but in particular the core four, must be properly managed and integrated in order to deliver improved effect.

8. This model of cyber warfare is akin to the Mission Thread construct which enables better delineation of responsibilities and capability management in the delivery of the core capabilities. Fundamental to this model is location – everything happens somewhere and therefore geography underpins cyber warfare. This document set out to expand the concept of cyber warfare. It is such a broad topic that it defies a neat and succinct definition – but more important perhaps, is how it needs to evolve in order to address the emerging issues.

3

Cyber Warfare - The Geospatial Approach

What has changed? In many respects, nothing. Information has always been the lifeblood of warfare - the fundamental advantage of knowing more about yourself, your environment and your adversary than they do is a constant. However, recent experience highlights that this is a challenge with which UK forces continue to struggle as the volume, velocity (receiving information far quicker) and variety of information increases against an imperative to act more quickly and with more precision, usually with diminishing resources. The world around us is becoming more complex, requiring us to operate in environments where there may be no clearly defined adversary, but rather complex collections of target audiences over which we must seek to exert influence by our words and deeds. To succeed in this environment we must understand the thoughts, beliefs and likely behaviours of all those within the battlespace to conduct operations in order that we can influence them in accordance with our strategic objectives.

Cyber Warfare is something which defence has always undertaken. It is not a separate branch of warfare which has clearly defined physical domains, but rather a concept that must now be considered and addressed within the defence and government networks, across the electromagnetic spectrum, global media and cyber holistically. It is a key enabler of warfare as a whole, and thus a discipline in its own right. Cyber warfare or cyber security could be as defined as influencing target audiences by optimising and controlling information flows whilst denying the adversaries the ability to do the same. However, this is a very broad definition and this document therefore seeks to bring greater clarity and understanding of what cyber warfare includes and what it can achieve. So, what has changed? There are a number of trends which highlight where defence needs to do better if it is to succeed in the future 2020 contingency basis operating environment:

� UK defence is getting smaller – Information is a force-multiplier. Defence forces are continuing to shrink in capability, in terms of both people and platforms. The overall mass is reducing and so if there is a requirement to maintain the same momentum – the same effect – then there is a need to increase speed. There are many recent historical examples of smaller forces achieving disproportionate results where their agility has enabled them to respond quicker, understand the situation ahead of the enemy, adapt rapidly to the unforeseen and, ultimately, make better decisions ahead of their adversary. There is therefore a need to become more agile, make quicker decisions and thus operate at a faster tempo than an adversary.

� Defence is engaged in a battle of narratives. Everything that defence says and does is exposed to instantaneous global scrutiny and the information environment is thus as much a part of the strategic environment as the terrain or weather. Influencing an adversary, their supporters and, indeed, the UK national audience, are key factors in any military campaign and it is particularly challenging when UK adversaries are unfettered by the moral, legal, hierarchical and reputational constraints under which the UK must operate. Communication and information activities must therefore be fully integrated with military activities – to the point that must be an acceptance

What has changed and what is Cyber Warfare?

4

Cyber Warfare is something which defence has always undertaken. It is not a separate branch of warfare which has clearly defined physical domains, but rather a concept that must now be considered and addressed within the defence and government networks, across the electromagnetic spectrum, global media and cyber holistically.

Cyber Warfare - The Geospatial Approach

that the cyber battle is no longer necessarily subordinate to the application of force. Defence must use cyber as a weapon in itself and consider strategic communications and information operations at the heart of warfighting efforts.

� Defence forces are being asked to deliver greater precision. Political imperatives resulting from an increasingly Contested, Congested, Confused and Cluttered environment are demanding greater precision in both time and space. Whilst developments in intelligence collection, including open source and social media and analysis as well as weapon technology offer the ability to achieve this, it results in a more involved targeting process which must support the full spectrum of kinetic and non-kinetic activities. Witness the power of social media reporting and the need to be able to publically rebut/confirm the information almost immediately. All this requires defence to deal with more information more quickly and efficiently than it has done in the past. Defence must deliver effect with greater precision in both time and space.

� Defence has become critically dependent on information. Commercial technology is now commonplace across the military spectrum. Defence relies on this technology in nearly everything that it does both within the business and operational space, yet has invested little in mitigation or revisionary methods of operation in the event of denial of service. Information and therefore cyber is perhaps already the Centre of Gravity and therefore needs to be defended as it is an obvious and attractive target for any adversary. The current era sees a shift in potential targets and attack vectors from military equipment and personnel to military and national infrastructures such as transportation, communications, banking, logistics, markets and healthcare. An adversary will seek to attack these areas to destabilise social infrastructures to create disruption, discord, unrest and perhaps ultimately to change or influence perceptions eg Eastern Ukraine. Defence needs to better understand the information critical to the prosecution of its operations and be wary of not letting the need for information to become its CoG due to perhaps a mistaken belief that information superiority can only be achieved by knowing everything about everything. Defence must protect its information and networks more effectively.

� Threats to the UK’s security have changed in nature. Disease, epidemics, natural disasters, chronic economic decline, demographic pressures, climate change, scarce resources, government weakness, corruption and loss of identity and nationhood continue to dominate news headlines and are the key drivers which compromise a state’s security, economy, governance and the rule of law leading to failed or failing states. The UK Government has clearly set out its policy that the ungoverned spaces resulting from failed or failing states lead to safe havens and fertile recruiting grounds for extremists who, given time and freedom of action, will threaten the security and stability of the UK. National policy therefore remains interventionist, but with an emphasis on the stabilisation of complex situations as part of an Integrated or Comprehensive Approach rather than the simple projection of military power. Defence must get better at integrating actions with diplomatic activities, other Government Departments and Non-Governmental Organisations.

54

As a backdrop to all this, society is producing and exploiting information in ways undreamed of five years ago and the pace of innovation continues unabated. These technologies are rapidly finding their way into the military domain and thus the variety, velocity and volume of information is increasing exponentially with both our equipment and processes struggling to keep up. Key to all of the above is geography – a common thread that ties all the various factors, influencers and events etc in time and space. Everything happens somewhere.

Cyber Warfare - The Geospatial Approach

Cyberspace

Figure 1 - Visualising the Information Domain

. In order to understand how cyber might be used more effectively in a military context, it is helpful to have a conceptual framework to explain how information flows and how it is used – this is known as cyberspace. Physical events happen in the real world, these are then captured or reported on in some way and transmitted as information before reaching people’s minds where that information is processed to produce actionable intelligence amongst other things. These three stages equate to three domains:

� The cognitive domain is the sphere in which human decision-making occurs. Here, new information is set against previously assimilated knowledge acquired through thought, experience and sense in order to gain understanding and make appropriate decisions. Effect is created here by altering the way in which information is perceived .

� The virtual domain is the sphere in which intangible activity occurs, such as the generation, maintenance and transfer of information eg the internet is part of the virtual domain. Essentially, this is how people and entities communicate. This domain can be used to influence the cognitive domain by denying, altering or manipulating information as it passes through the virtual domain.

� The physical domain is the sphere in which physical activity occurs – everything happens somewhere. Activity in this domain may create effect purely through physical attrition or perhaps be used to degrade the physical equipment which supports the virtual domain. However, physical actions eg use of posture, presence or poise may also and can have a direct impact on the cognitive domain. Further human geography can sit both within this domain as well as within the other domains

Within the three domains there are specific layers of activity which can be identified and ‘mapped’. The physical domain made up of the sea, land and air environments, including weather and space, together with the physical networks which transmit the data. Within the virtual domain are the various layers and repositories of information – the internet is a good example of this where information exists in a virtual form which is completely disassociated from the network and physical topology. The virtual domain also includes persona which can also be mapped. For example, an individual may have a number of email accounts, a Facebook and a Twitter account; collectively these form their virtual persona and, in theory, all relate to the same individual. However, persona can be hijacked or impersonated relatively easily which provides a vector to influence information as it flows through the virtual domain and also identifies that this must be a key area to be protected. Finally, people and the social groups which they move in form the cognitive layer. This domain can also be mapped as the others using a combination of tools such as IBM i2 ANB and Esri’s GIS. Viewing cyberspace in this way within a geospatial context allows consideration of which domain it is most appropriate to create effect – both in terms of the operational intelligence imperatives but also, critically, the overall strategic narrative, context and effect

6

Cyber Warfare - The Geospatial Approach

Operating Across Cyberspace

Consider an example where the desired effect is to prevent an opposing commander from initiating an attack. In the physical domain, this might be achieved by fires (artillery) activity which destroys or degrades the adversary’s C² infrastructure. Within the virtual domain, a cyber-attack could deny, alter or delay information as it is exchanged, thus either removing the commander’s key indicators and warnings or disrupting the C² information flow. Finally, placing a warship a few miles off the coast, or placing a squadron of attack aircraft in a neighbouring country, would be a direct influence on the cognitive domain and may persuade an adversary not to take any action. Three different methodologies have been employed, but all lead to the same effect. It will also be vital to evaluate other factors such as necessity, humanity, distinction and proportionality as part of an integrated intelligence process which ensures alignment with the overall strategy. Ultimately, a carefully synchronised combination of all three activities might be the most effective course of action and using geospatial information to help portray and determine likely options and outcomes.

Operating in the Cognitive Domain

The ultimate aim is normally to exert influence in the cognitive domain – ie to achieve a change in the behaviour and attitude of a potential adversary. To successfully orchestrate activities in the virtual and physical domains in order to achieve this, then there is a need to fully understand the human terrain/geography – the social, political and economic organisation, beliefs and values and forms of interaction of a population. This requires a shift in emphasis/priorities of the intelligence cycle to understand the people first in order to shape which courses of action might be viable in the virtual and physical domains.

Operating in the Virtual Domain

Intelligence has always operated in all three domains, however, the level of activity that goes on within the virtual domain has now increased significantly. Communications between entities in the battlespace used to involve for example, point to point radio networks – so the virtual domain was limited to the electromagnetic transmission between them. Today entities communicate using email and chat rooms which route traffic via satellites and network operating centres around the world. This results in multiple opportunities to disrupt or deny information flows or perhaps modify persona. The global information revolution is resulting in growing opportunities for both state and non-state actors to access cyber technologies and thus act freely in the virtual domain. Thus, the almost guaranteed integrity and availability of the virtual domain which has been enjoyed in the past is unlikely to continue with future conflicts.

6 7

Cyber Warfare - The Geospatial Approach

However, just as intelligence has expanded into the virtual domain, so to have adversaries. They take full advantage of the reach, speed and anonymity offered by the virtual domain – but they are often, but not always, dependent on insecure commercial technology and so their vulnerability in this domain is considerable. Nevertheless adversaries are becoming increasingly sophisticated in their use of technology. Offensive activities within the virtual domain can be rapid, initiated without warning and utilise any number of attack vectors eg persona, networks, databases, email, chat, webpages, social media and electromagnetic transmissions – it therefore offers intelligence the opportunity to develop asymmetric actions against an adversary ranging from ethereal non-state actors to nation states.

Intelligence led operations within the virtual domain can also be more cost-effective than their physical alternatives. They are certainly not without cost – significant investment is required to obtain effective capabilities that can act within the virtual domain. However, returning to the example above and considering the resources required to disrupt C² capabilities across a wider region, it is clear that the attack vectors using the virtual domain will require far less resource than either the capital cost of procuring multiple warships/planes or the costs of providing platforms and munitions capable of conducting fires. Whilst some degree of credible force will always be needed, in a resource constrained era together with use of precision strike to minimise collateral damage, cyber has the potential to offer greater effect for less cost especially via the investment in the provision of geospatial information/intelligence.

It was outlined in the introduction that the future operating environment will be increasingly Contested, Congested, Confused and Cluttered. Whilst this will also extend into the virtual domain, achieving greater precision of effect with less physical collateral damage is inherently ‘easier’ than operations in the physical domain. This mechanism of achieving effect via intelligence operations is therefore better aligned with the National Security Strategy’s increased focus on Soft Power, and is also more able to support activities as part of the Integrated/Comprehensive Approach as fires are often seen to be, at best, unpalatable and, at worst, can be counterproductive in achieving the overall political end-state. However, there is significant potential for collateral damage and unintended second order effects within the virtual domain. For example, cyber activities to disrupt power infrastructures could also affect hospitals or schools in the local area. Thus, the potential for collateral damage as a result of virtual activities will need to be evaluated equally as rigorously as for physical fires and hence why the use of the geographic approach helps overcome such issues.

Operating in the Physical Domain

Ultimately, there is likely to be the requirement to create effect in the physical domain. This is what military forces have always done – typically to achieve either physical attrition or counter command activity. However, the expanded virtual domain and a greater understanding of the cognitive domain means that activity in the physical domain will also need to change. The complexities of the virtual domain offer physical opportunities to create effect – network components, transmission paths, and communication infrastructure – which will have impact in the virtual domain. Similarly, a greater understanding of how this might achieve influence in the cognitive domain is likely to result in a number of non-traditional physical targets which may need to be targeted more precisely both in time and in space. This is where the power of geospatial information/intelligence utilising for example open source (OSCINT) can have dramatic effect

8

Cyber Warfare - The Geospatial Approach

Using Cyber StrategicallyUltimately, as part of the contribution towards a political end-state, military activity aims to achieve a change in behaviours and attitudes of one or more target audiences – ie a shift within the cognitive domain. These changes are achieved by exerting influence on individuals that make up the target audiences. The information that these individuals are exposed to is as a result of a communication campaign through words, images and actions and is therefore critical in an attempt to achieve influence.

This, in itself, is nothing new – information and indeed misinformation has always been used to exert influence. However, what has changed is the evolution of an almost instantaneous worldwide media operating in a globalised, interconnected world where target audiences are no longer defined along geographic or even political boundaries. This results in a plethora of uncontrollable communications channels which have the capacity to exert considerable influence over both an adversary and wider target audiences such as the broader Diasporas, NGOs, OGDs and civilian populations. An adversary and their supporters are quick to exploit these channels and are often first to enter the information space as procedural and organisational constraints leave defence struggling to keep up. Information has become a strategic instrument in its own right which can span from Main Building to the forefront of the battlefield via middle England in an instant. It is an aspect of warfare which is now so ubiquitous and of such import, that it must be integral to strategy, planning and execution.

The tools to enable this are already in place. MoD Joint Action doctrine provides a framework to integrate intelligence activities using Full Spectrum Targeting as the means to decide which activities are most appropriate in achieving our desired objectives; this is the key mechanism which allows the bringing of information to the centre of intelligence led operations. Further, within the development of intelligence led operations, geospatial information/intelligence is rapidly becoming a foundation capability, a ‘joint enabler’ upon which other intelligence disciplines can ‘overlay’ their information to synergistic effect.

98

Delivering Increased PrecisionThe Requirement for Increased Precision

Precision can be defined as the ability to deliver the desired effect (in space and time) with the minimum of assets while, at the same time, minimising collateral damage. It will be essential to the successful conduct of operations in the future 2020 contingency operating environment for a number of reasons:

� Precision across the Levers of Power. The ‘levers of power’ must be coherent within the strategic narrative in order to maximise their effect. In being coherent, effects must be synchronised across all lines of activity – this is, in essence, the Integrated/Comprehensive Approach and demands precision in time and space, which geospatial information/intelligence provides, in order to be effective.

Cyber Warfare - The Geospatial Approach

� Precision in the Future Contingency based Operating Environment. In many respects, traditional confrontational and attritional warfare is simple. The future operating environment adds significantly greater complexity to the planning and conduct of operations, exacerbated by intense global media scrutiny that amplifies the impact of military activity – both good and bad. This Confused, Cluttered, Congested and Contested global stage demands precise effects across the full spectrum of military, diplomatic and economic activities against a backdrop of political zero-tolerance for any collateral damage.

� Realising the Precision offered by future Weapons. Weapons systems are becoming ever more accurate and therefore have the potential to deliver precise effect. If we are to be able to capitalise on these technologies, the full spectrum targeting process, and the information and intelligence on which it relies must therefore be of requisite, if not greater, accuracy in terms of relevance, timeliness and precision.

� Managing the increasing Volume, Velocity and Variety of information to deliver increased Precision. The impact of 5th Generation Warfare – typified by a focus on the destruction of opponents through the domination and disruption of cyber networks that control and manage a nation’s infrastructure, manifests itself in several ways. The proliferation of diverse information requirements, the sheer volume of that information and the necessary speed at which it must be processed to produce intelligence in order to make it of use to the Commander and his staff, is extremely challenging. Improving our ability to retrieve/discover, filter, and process information and intelligence within the complex operating environment will enable us to operate with greater precision.

Delivering Increased Precision

The drivers outlined above indicate that increased precision will be required in all three domains of cyberspace and for which geography provides the ‘glue’:

� Precision in the Cognitive Domain is primarily achieved through a full understanding of the Human Terrain. The complex interactions between all the actors affected must be clearly understood. Information and intelligence led operations and activities in the Cognitive Domain can have an extremely damaging effect if imprecisely targeted, and the tactical, operational and strategic aspects of the impact of any intended activity must be analysed and considered. A full and nuanced understanding is therefore vital in order to deliver clinical precision. Precise planning and execution based on this expanded understanding of the human terrain has the potential to manipulate an adversary’s understanding, altering their perceptions of their support base and reinforcing the freedom of action through ensuring enduring support. Synchronising these activities properly can deliver significant positive strategic effect - potentially greater than that which might be realised from kinetic attack. Conversely, incoherent activities have the potential to be counter-productive and extremely damaging .

� Precision in the Virtual Domain starts with a thorough understanding of the entirety of the virtual terrain – the networks, information topologies and persona mappings utilised by all the actors involved. Assessing an adversary’s

10

Cyber Warfare - The Geospatial Approach10 11

Information Needs Analysis (their information flow requirements) will reveal opportunities to attack within the virtual domain through a combination of offensive activities that should include cyber.

� Precision in the Physical Domain also starts with a thorough understanding of the geospatial environments backed up by accurate intelligence information of appropriate granularity. This must be complemented by a Battlespace Management mechanism which also has the capacity to operate, when appropriate, at a high level of accuracy. Precision in time is achieved through this enhanced Shared Situational Awareness supported by an Intelligence cycle that is appropriately and chronologically meshed with the Battlespace Management, command and control and full spectrum targeting cycles.

The implication of delivering increased precision in all three domains is a change in the historical ratio of targeting to fires. Traditionally, a relatively small amount of targeting effort supported a significant amount of military effect which was primarily fires in the physical domain. In order to deliver the increased precision required in all three domains, we are likely to see an increase in the amount of targeting activity required, albeit within shorter timescales, to support a reduced amount of military activity with less emphasis on the physical domain.

Enabling Cyber WarfareHaving examined the scope of what cyber warfare has the potential to achieve, how might this be enabled? The conceptual model for joint operations via joint action demonstrates that effects are enabled by the core capabilities of C², Battlespace Management, full spectrum targeting and intelligence, especially geospatial intelligence all defended by force protection. Subsequent analysis looking at agility, tempo, strategic effect and precision all highlight that effective integrate these capabilities is critical to improving effect. It can therefore be deduced that the four capabilities form the core of cyber warfare. However, in turn these capabilities are dependent on three critical supporting activities which deserve specific attention. Information Assurance, Information Management and Information Exploitation are foundation activities which support all aspects of cyber warfare, some of which will be geo-enabled, others will not be. These terms are:

� Information Assurance – Secure and ensure the Information. This is the bedrock on which cyber warfare depends. Not being able to rely on information being there when needed, or its provenance cannot be trusted, leads to failure. This area encompasses activities such as computer network defence, user authentication, continuity planning and physical security. IA also encompasses service management and risk management - protecting information is important, but a balance has to be struck between protecting it and constraining its use. Information Assurance is achieved by a combination of training, processes and technology.

Cyber Warfare - The Geospatial Approach

� Information Management – Organise the information. Information is useless if it cannot be found or, even worse, if its existence is not known – this alludes to perhaps the issue of discovery and searching for information. The electronic storage of documents means that everybody has a responsibility to ensure that the right information is stored in the right place with the relevant metadata, the use of a geodatawarehouse is a key component in this storage and retrieval issue. However, whilst Information Management tools can help in dealing with the increasing volumes of information, this activity must be enforced by a combination of training and discipline focused on IM for operations. Information Management is achieved by a combination of training, discipline, leadership, careful planning, processes and tools .

� Information Exploitation – Turn Information into actionable Intelligence. Information without context is data; context and assessment derives intelligence. At JFIG for example, most analysts are conducting information exploitation and generate Intelligence on a continual basis. This might involve complex applications help analyse a plethora of data sources, or it might be as simple as generating a graph from a table of information. Information exploitation is therefore something which is performed at various levels using a disparate variety of tools that range from the simple to the complex and geographical information systems (GIS) are a core component. In many cases this therefore requires career specialists in order to be able to both understand the context and process the information successfully. The particular slant or type of intelligence required will vary and successful information exploitation is therefore output driven ie the method of exploitation must be derived from the nature of intelligence that is required. Information Exploitation is achieved by a combination of correctly trained specialists, training for all personnel within the force, processes and tools - all driven by strong leadership and the culture of mission command.

It can therefore be concluded that cyber warfare depends upon information assurance, information management, information exploitation and service continuity supporting command and control, battlespace management, intelligence, full spectrum targeting, force protection and sustainment.

12

Cyber Warfare - The Geospatial Approach12 13

Figure 2 - The Components of Cyber Warfare

The set of capabilities which are derived are in effect, a set of Mission Threads. The relationship between these capabilities and military activities ie Joint Action is shown in Figure 2 above. The arch construct shows that all mission threads are dependent on IA, IM and IX but are also reliant upon each other in order to maintain overall integrity – remove one component and the arch collapses. This concept, which is the subject of ongoing UK doctrinal development for Joint and Coalition use, has been developed and proven on complex coalition operations in Afghanistan. A key feature of mission threads is that they are championed from within the J3/5 community supported by a technical lead within the J6 cadre and subject matter expertise from branch specialists – such as J2 they thus have operational provenance and are not a specific technical capability, service or process. The mission thread construct also enables more effective capability management across all the Defence Lines of Development (DLODs) as each thread can be broken down into a set of core operational services and supporting enabling services which consists of a combination of people, equipment, organisation and process elements. Thus, a clear link can be made between capability and military effect.

Cyber Warfare - The Geospatial Approach

Conclusions

Cyber warfare is about ... ... which leads to ... … and requires …… increasing our ability and

propensity to operate in the virtual

domain

• actions which are more appropriate

to the future operating environment

(Congested, Cluttered, Confused and

Contested)

• the ability to achieve more with less

alignment with the national security

strategy aspiration to use more soft

power

• the potential to conduct asymmetric

warfare of own actions which are more

likely to be aligned with and part of an

Integrated Approach

• more opportunities to create effect as

our adversaries become increasingly

dependent on the virtual domain

• a better understanding of the cognitive domain

and the associated human terrain

• a change in mindset to consider the virtual domain

as a primary area of warfare

• full consideration of information activities as part

of the estimate and targeting process

• appropriate tools and equipment to influence and

exploit the virtual domain

• intelligence tools and analysis which reflect our

focus on the virtual and cognitive domains –

utilising the geographic approach

• Situational Tools which support geospatial and

non-geospatial representations

… enabling greater agility and tempo • faster, more accurate decisions

• a tempo of operations which overwhelms

the adversary, getting inside his OODA

loop

• Decision Superiority

• Information Superiority

• A decision making process where BM, Int and C²

are fully meshed and integrated

… operating effectively in the

strategic information environment

• influence at the centre of intelligence

activities

• intelligence activity which is coherent with

the strategic narrative

• personnel at all levels who understand

the strategic narrative and thus shape

their actions accordingly

• quicker and more effective interaction

with non-defence audiences in order to

achieve influence

• better understanding of the human terrain

• a strategic narrative

• consideration of the strategic narrative in all

aspects of planning

• delegation of authority to engage with the media

to the lowest levels

• appropriate tools to interact with the media and

target audiences

… being more precise in space and

time

• less collateral damage

• more effective fires

• activity in the cognitive and virtual

domains which is more appropriate in the

future operating environment

• better synchronisation of effects – so

more effective

• ability to exploit more accurate weapon

systems

• more intensive targeting cycle requiring more

accurate and timely intelligence

• more timely and accurate BM and Int functions

which are properly ‘meshed’ with the targeting

cycle (J2-3-5 integration)

• better understanding of the human terrain (all

actors)

• better understanding of the information flows

through the virtual domain (all actors)

… understanding and defending our

own information

• freedom of action at all times

• assured C²

• assured communications channels

• understanding of the vulnerability of operating in

the virtual domain

• more robust procedures for ensuring persona are

valid

• fallback equipment, networks and procedures

14

This paper set out to expand the concept of cyber warfare and how geography and the geographic approach is germane to the topic. The use of geography is both key to organising and structuring information as well as in its use to help derive analysis within all three domains, underpinning situational awareness, developing options and driving outcomes. Cyber warfare is a broad topic that defies a neat and succinct definition – but more important perhaps, is how it needs to evolve in order to address the emerging issues identified in the introduction. Therefore cyber warfare is described in terms of what it is about and what it could achieve:

14

Esri UK | Millennium House | 65 Walton Street | Aylesbury | Buckinghamshire | HP21 7QGT 01296 745500 F 01296 745544 E info@esriuk.com www.esriuk.com© ESRI (UK) Limited 2015. Registered in England and Wales No.1288342. VAT No.787 4307 91. Registered Address: Millennium House, 65 Walton Street, Aylesbury, Bucks HP21 7QG. All rights reserved.

The Esri globe and Esri products, services and trademarks mentioned are trademarks of Environmental Systems Research Institute, Inc. Other companies and products mentioned herein are the property of their respective trademark owners.

About Esri UKEsri is the world’s leading provider of Geographic Information Systems (GIS), providing solutions, technology and services. With the single, largest pool of GIS expertise, Esri UK is the technical authority on GIS in Great Britain. More than 10,000 UK customers across various industries and sectors use our solutions to gain enhanced insight and knowledge about their customers, assets and operations. Our customers are part of the largest GIS user community in the world, with more than one million users in nearly 300,000 organisations.

For more information please contact:

Esri UKsales@esriuk.com01296 745500

www.esriuk.com