1 of 15

Using C2 problem space to integrate cyber & kinetic operations

Tim Grant

Professor emeritus, Netherlands Defence Academy

Retired But Active Researchers (R-BAR)

r̅

2 of 15

Overview

Goal:

To identify issues in integrating cyber & kinetic operations, mapping them onto C2 problem space

Overview:

Introduction & motivation
Relevant theory: Cyberspace & cyber kill chain
Relevant experience: Schnitger’s matrix & case studies
(Relevant doctrine)
C2 problem space: attributes & assessing values
Conclusions & recommendations

Integrating cyber & kinetic operations

2

28th ICCRTS, JHU APL, Nov 2023

3 of 15

Introduction

My research areas:

Command & Control:

Military & emergency management
Co-supervising 1 PhD student (Civil-Military Interaction)

Offensive cyber operations:

For deception in All-Domain Operations

C2 problem & solution spaces:

Integrating cyber & kinetic operations

3

28th ICCRTS, JHU APL, Nov 2023

familiarity

strength of

information position

rate of change

allocation of decision rights

distribution of

information

patterns of interaction

mapping

Alberts & Hayes, 2006

OE

(incl IE)

organisation

reporting chain

MO / TTPs / SOPs

permissions

3 candidates

(little researched)

1 candidate (C2 Approach Space)

(well researched)

(no research)

4 of 15

Relevant theory (1)

Cyberspace:

“A global domain within IE consisting of the interdependent network of ICT infrastructures and resident data”
Layered model:

Integrating cyber & kinetic operations

4

28th ICCRTS, JHU APL, Nov 2023

US DoD JP 3-12, 2018

MoDUK Cyber Primer, 2022

many-to-many mapping

(=> attribution problem)

5 of 15

Relevant theory (2)

Kill chains:

Integrating cyber & kinetic operations

5

28th ICCRTS, JHU APL, Nov 2023

Hutchins, Cloppert & Amin, 2011

Cyber kill chain (attacker)

Action verbs (defender)

Kinetic kill chain

(F2T2EA):

Find

Fix

Track

Target

Engage

Assess

(N.B. strongly geographic)

6 of 15

Relevant experience (1)

Scientific publications in open literature on OCO:

US National Academy of Sciences report
Calls for open OCO research
Journals & conferences
Books
Insights from 10 years operations:

OCOs depend on access positions
Preparing an access position requires INTEL legal mandate
Knowledge gained from access positions is difficult to hand over
OCOs need to be conducted secretly to protect analyst’s MO
OCOs can have longer planning cycles than kinetic operations
Division into strategic, operational & tactical levels less clear-cut
OCOs are not a silver bullet

Integrating cyber & kinetic operations

6

28th ICCRTS, JHU APL, Nov 2023

Owens, Dam & Lin, 2008

Denning & Denning, 2010

Lin, 2009

Anon & Anon, 2022

JIW

IJCWT

CyCon

ICCWS

ECCWS

Black Hat

Andress & Winterfeld, 2014

Sood & Enbody, 2014

Moore, 2022

7 of 15

Relevant experience (2)

7

28th ICCRTS, JHU APL, Nov 2023

Pure cyber

action

Cyber integrated

with kinetic action

Attack “out of the blue”

(own initiative)

Counter-attack

(react to adversary initiative)

A

B

C

D

“BGen Schnitger’s matrix”, 2010

This paper

Incoming cyberattack

(effects)

Detection

Damage assessment (& recovery)

Attribution

Eval options

Approval

Ops preparation

Counter cyberattack

8 of 15

Relevant experience (3)

Key research questions from matrix:

What is OCO in professional organisations?
How can cyber be integrated with kinetic action?

This paper

How can lead time to counter-attack be shortened?
What does cyber ISR involve?

And how to integrate it into all-source intel?

What is collateral damage in cyberspace?

And how can it be minimized?

How can BDA be conducted in cyberspace?

If OCO actions destroy access path

Integrating cyber & kinetic operations

8

28th ICCRTS, JHU APL, Nov 2023

Grant, Burke & van Heerden, 2012

Grant & Prins, 2013

Grant, 2014

Grant, 2015

Grant, van Eijk & Venter, 2016

Grant, 2017

Grant, 2018

Grant, 2019

Grant, van ‘t Wout & van Niekerk, 2020

Grant & Kantola, 2021

9 of 15

Relevant experience (4)

Pilot case study:

Suggests:

Cyber action suited to:

Deceive, delay, degrade, deny access; can be temporary / reversible
Engage entities in people, persona & information layers (+ relations?)

Kinetic action suited to:

Seize / capture, destroy; usually permanent
Engage physical entities in people, network, & geographic layers

9

28th ICCRTS, JHU APL, Nov 2023

Case	Trigger	Response chosen	Rationale
Operation Orchard (2007)	physical (WMD threat)	cyber (deceive operators) kinetic (destroy reactor)	Delay alerting air defence & deniability (operational & strategic)
Russo-Georgian war (2008)	physical (Georgian action)	cyber (degrade communications) kinetic (seize territory)	Delay Georgian response & deniability
Hamas hackers (2019)	cyber attack	kinetic (destroy building & equipment, and kill hackers)	Stop hacking permanently & send clear message
Stuxnet (2008)	physical (WMD threat)	cyber (deceive operators) kinetic (destroy centrifuges)	Kinetic unacceptable. Cyber stealthy & deniable
Ukrainian power grid (2015)	physical (Russian aggression)	Cyber operation (5 attacks: shut off electrical power to large areas, deny access to fault reporting, delay recovery & repair)	Kinetic unacceptable. Cyber deniable (but overt)

Grant & Kantola, 2021

10 of 15

Cyber vs physical

Integrating cyber & kinetic operations

10

28th ICCRTS, JHU APL, Nov 2023

11 of 15

C2 problem space

Integrating cyber & kinetic operations

11

28th ICCRTS, JHU APL, Nov 2023

C2 Problem Space	C2 Endeavour Space	Socio-technical complexity	Attributes
(Alberts & Hayes, 2006)	(Johansson et al, 2018)	(Walker et al, 2009)	(This paper)
Rate of change	Dynamics	Dynamism	Dynamism (tempo)
Degree of familiarity		Uncertainty	Uncertainty
Strength of information position		Uncertainty	Uncertainty
			Dependencies
	Coupling/causality	Multiplicity	Multiplicity
	Coupling/causality	Difficulty	Difficulty
		Importance	Importance
			Organization
			Goals
			Time stress

(Klein & Klinger, 1991)

inverse

12 of 15

Assessing attributes

Magnitude:

From # entities
Cyber: 2+ orders of magnitude

Dynamism:

From typical entity speed
C2 tempo likely proportional

Uncertainty:

Countered by familiarity & strong information position
ADO requires analysis of unfamiliar domain(s)
Attribution adds uncertainty in cyber domain; hybrid war even more

Difficulty:

From analysts’ workload
Cf. technical sophistication
Psycho-social effects cyber?

Integrating cyber & kinetic operations

12

28th ICCRTS, JHU APL, Nov 2023

Importance:

Already in targeting doctrine
Value of cyber targets unclear

Dependencies:

From # relationships between entities
Coupling concerns quality

Organization:

Commander’s first thoughts
Intel-operator teaming in cyber

Goals:

From mission & intent
Domain independent

Time stress:

From each player’s behaviour
Can cyber action raise/lower stress?

13 of 15

Assessed values

Integrating cyber & kinetic operations

13

28th ICCRTS, JHU APL, Nov 2023

14 of 15

Conclusions & recommendations

Conclusions:

In ADO, cyber & kinetic operations must be integrated
But major differences between cyber & physical domains
We identify issues involved, mapping them to C2 problem space

Contributions:

Cyber & kinetic features mapped to C2 problem space
Extends existing theory on C2 problem spaces

Further work into:

Harmonizing physical & cyber kill chains
Psycho-social effects of cyber actions
Evaluating military value of cyber targets
Whether cyber action can affect target DM’er time stress
Mapping C2 problem space to C2 Approach Space

14

28th ICCRTS, JHU APL, Nov 2023

15 of 15

Any questions?

Tim Grant

Retired But Active Researchers (R-BAR)

tim.grant.work@gmail.com

+31 (0)638 193 749

All conference papers in ResearchGate – search using “Tim Grant” & “R-BAR”