When Military Operations Look Like Intelligence Activities

When American forces entered Afghanistan shortly after the terrorist attacks of 9/11, the picture soon emerged of U.S. Army Special Forces (“Green Berets”) and CIA paramilitary officers operating together with Afghan warlords against a common al Qaeda and Taliban enemy.75  Presidential approval of the unconventional warfare plan for Afghanistan did much to quell rumblings about blurring of military and intelligence authorities, yet as the war in Afghanistan continued and the “war on terror” expanded globally those concerns became more prominent. Some argued the “tight integration” between special operations forces and the CIA in Afghanistan signaled “the erosion of distinctions between SOF and the CIA”—an “erosion” with supposedly dire legal consequences.76

A former general counsel for the CIA suggested an erosion of distinctions between military operations and covert action in the context of cyberwarfare.77 John Rizzo characterized the Title 10-Title 50 debate in terms of a dichotomy between “war-making authority” and “covert action” before concluding that “how these cyber-operations are described will dictate how they are reviewed and approved in the executive branch, and how they will be reported to Congress, and how Congress will oversee these activities.”78 Some commentators used Rizzo’s observation to suggest that the executive branch was disingenuously describing cyberwarfare in attempt to evade congressional oversight. We saw in Part II that oversight by the armed services committees is still congressional oversight. Part III will now explain why the same activities can properly be described as military or intelligence activities depending on their command and control, as well as funding, context and mission intent.

A. Unconventional Warfare

Just eight days after the terrorist attacks of September 11, 2001, Gary Schroen, a CIA paramilitary officer, packed three boxes with $9 million and flew to Afghanistan.79 The money would be used to pay Afghan warlords to fight with CIA and Special Forces personnel against al Qaeda and its Taliban collaborators. The operational plan was drafted by the CIA, vetted by the military and approved by the President. For the first time in American history, Special Forces working with CIA operatives were “the lead element in [a] war.”80 Yet even Secretary of Defense Donald Rumsfeld reportedly questioned who was really in charge.81 Eleven Special Forces teams operated with and coordinated the efforts of indigenous Tajik, Uzbek, Hazar, and Pashtun fighters, who were colloquially referred to as the Northern Alliance. Less than three months later, the Taliban government fell in an archetypal unconventional warfare campaign—small groups of highly skilled personnel operating with indigenous forces against a common enemy.

The U.S. military defines unconventional warfare as “[a]ctivities conducted to enable a resistance movement or insurgency to coerce, disrupt, or overthrow a government or occupying power by operating through or with an underground, auxiliary, and guerrilla force in a denied area.”82 This definition reveals three defining characteristics of unconventional warfare: 1) it is conducted “by, with, or through” indigenous forces, 2) those indigenous forces are “irregular” (i.e., non-governmental) forces,83 and 3) it supports “activities” against the government or occupying power.84

Activities conducted under the rubric of unconventional warfare include guerilla warfare, subversion, sabotage, intelligence collection, and unconventional assisted recovery.85 These activities do not necessarily by themselves constitute unconventional warfare, but rather they typify tactics and techniques commonly employed in unconventional warfare.86 In other words, not all intelligence collection falls under the unconventional warfare umbrella—even when it is conducted by SOF. Nor is guerilla warfare always conducted under the rubric of unconventional warfare.

Unconventional warfare is distinguished from other forms of warfare in that it uses irregular indigenous (surrogate) forces against the established or governing power in denied areas.87 The indigenous forces may be guerillas waging their own campaign against the government or they may be, essentially, independent agents working for the U.S. government. The indigenous forces have objectives of their own (political or pecuniary), so the mission for U.S. forces is to develop and sustain indigenous capabilities and channel them in ways that simultaneously accomplish U.S. national security objectives. For this reason, unconventional warfare is known colloquially as “by, with, or through.”

The goal of unconventional warfare is to exploit an adversary’s political, military, economic, and psychological vulnerabilities by developing and sustaining indigenous resistance forces to accomplish U.S. objectives. Unconventional warfare is “a classically indirect, and ultimately local, approach to waging warfare.”88 Unconventional warfare “is fought by subterranean armies composed of volunteers, revolutionists, guerillas, spies, saboteurs, provocateurs, corrupters, [and] subverters,” and it is waged through military, political, economic, and psychological means.89 In peacetime, unconventional warfare “operates at a level below that of outright provocations and the instigators do not appear in the open.”90

As we saw above, the U.S. military limits its definition of unconventional warfare to activities that take place within the context of insurgencies (conflicts in denied areas against the government or force in power). U.S. support to insurgencies “can be categorized as one of two types of campaign efforts: general war scenarios and limited war scenarios.”91 A typical general war scenario is when the U.S. military wants to prepare for possible conventional invasion of a foreign country by establishing an unconventional capability (i.e., the ability to use indigenous surrogates). During the preparation phase, which consists of initial contact and infiltration, the goal is to identify exactly what U.S. military needs or requirements would be, as well as which indigenous individuals or groups would be willing to work with U.S. personnel. Initial contact is when contact with resistance forces (potential partners) is first made; this may take place in another country (contacting expatriates or exiles), or through intermediaries such as CIA personnel. Infiltration is when U.S. personnel first enter the country where the potential indigenous partners are located; given the clandestine nature of unconventional warfare, the U.S. personnel will not likely enter the country in uniform, nor will their true intentions be apparent. Organization and buildup are stages where the capabilities of indigenous forces are developed through training and equipping. These indigenous capabilities are then employed to accomplish U.S. objectives. Unconventional warfare concludes with a transition phase that may include demilitarization. Historical examples of the U.S. military conducting unconventional warfare in the context of general war include the Jedburg teams inserted by the Office of Strategic Services (OSS) into occupied France during World War II,92 Afghanistan in 2001–2002,93 and Iraq in 2003.94

Unconventional warfare in the context of a limited warfare scenario is conducted in very similar phases. The key difference, however, is significant to our purposes here: in limited warfare the U.S. government seeks to apply pressure against an adversary via internal forces rather than a military invasion. In limited warfare, the U.S. government does not use conventional military forces to overtly invade the adversary, but seeks instead to accomplish political objectives through the use of small numbers of SOF, and often CIA personnel, working “by, with, or through” indigenous forces. Limited warfare is politically risky and, thus, conducted in secret: it is colloquially referred to as secret war, dirty war, small war, or low-intensity conflict.95 The United States conducted unconventional warfare in the context of limited war in North Vietnam in 1961–1964,96 the Bay of Pigs in 1961, Nicaragua in 1980–1988,97 and Afghanistan in 1980–1989.

Unconventional warfare is generally effectuated in seven phases: preparation, initial contact, infiltration, organization, buildup, employment, and transition.98 Each phase may not always be required, and phases may be conducted simultaneously or out of sequence.99 Each phase highlights the Title 10-Title 50 debate and related congressional oversight concerns that are the focus of this paper, yet these concerns are particularly acute in the initial contact and infiltration phases. During the initial contact phase, an interagency pilot team “composed of individuals possessing specialized skills” may make contact with indigenous forces and begin assessing the potential to conduct unconventional warfare.100 SOF often augment pilot teams led by, and primarily constituted of, CIA personnel.101

This brief overview of unconventional warfare illustrates why unconventional warfare often appears very similar to activities conducted by CIA personnel. Indeed, SOF typically work closely with CIA personnel while conducting unconventional warfare, although the relationship tends to be informal and focused more on mutual support. In other words, the relationship is one of cooperation in pursuit of mutual objectives rather than a formal superior-subordinate relationship. As we will examine in more detail in Part IV of this paper, this is an important distinction that directly answers whether the unconventional warfare mission is a military operation or intelligence activity.

B. Cyberwarfare

Cyberwarfare is no longer the future of warfare—it is the present and future. While a “hot” cyber war between major powers has thankfully not occurred, there are minor skirmishes, a silent cyber arms race, and major intelligence gathering.102 According to Mike Jacobs, formerly of the NSA, countries “are learning as much as they can about power grids and other systems, and they are sometimes leaving behind bits of software that would allow them to launch a future attack.”103 These may be acts of cyber espionage rather than cyberwarfare, but they are at least preparing cyberspace for warfare—and they highlight the integration of intelligence and warfare in cyberspace.

In January 2011, a front-page New York Times article detailed a sophisticated cyberattack straight out of science fiction.104 Strong circumstantial evidence suggested Iran’s nuclear program was delayed for several years after a computer worm named Stuxnet infiltrated the industrial control systems responsible for manufacturing Iran’s nuclear centrifuges. Since the computers controlling Iran’s nuclear enrichment facilities are not connected to the Internet, Stuxnet was apparently designed to infiltrate the computers of contractors working for Iran’s nuclear program and hitchhike on thumbdrives or similar removable media devices that were later connected to computers at Iran’s enrichment facilities. Stuxnet then caused the machines spinning centrifuges to create defective centrifuges while simultaneously reporting that all systems were performing normally. Experts suggested Stuxnet could only have been created by American or Israeli intelligence agencies.105 If true, Stuxnet heralded a new age of cyberwarfare able to destroy “targets with utmost determination in military style.”106

On June 23, 2009, U.S. Cyber Command was established to lead U.S. military efforts against “cyber threats and vulnerabilities” and “secure freedom of action in cyberspace.”107 Accepting the recommendation of Secretary of Defense Robert Gates, President Barack Obama nominated Lieutenant General Keith B. Alexander, the Director of the National Security Agency, to also serve as the Commander of U.S. Cyber Command. During the confirmation process, the Senate Armed Services Committee questioned various aspects of General Alexander’s proposed dual responsibilities—questions at the heart of the Title 10-Title 50 debate. How would he carry out his responsibilities as Director of the National Security Agency, an intelligence agency and member of the intelligence community, while also carrying out his responsibilities as Commander of U.S. Cyber Command, a military war-fighting command?

The Committee asked General Alexander, for example, whether the military conducts intelligence gathering of foreign networks, whether intelligence gathering of foreign networks is “authorized and reported to Congress under Title 10 or Title 50,” and whether cyberspace operations are traditional military activities. While many of General Alexander’s answers were provided to the Committee in a classified supplement, his unclassified answers and testimony at his confirmation hearing presumably provide insight into how the Secretary of Defense exercises his statutory and delegated authorities to conduct intelligence activities and military operations.108 General Alexander repeatedly explained that “while there will be, by design, significant synergy between NSA and Cyber Command, each organization will have a separate and distinct mission with its own identity, authorities, and oversight mechanisms.”109

Cyberspace is defined by the U.S. government as the “global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.”110 Others suggest a definition that emphasizes cyberspace as a global information environment unique in its “use of electronics and the electromagnetic spectrum to create, store, modify, exchange and exploit information via interdependent and interconnected networks using information communications technologies.”111 Indeed, the distinctive use of electronics and electromagnetic spectrum distinguishes cyberspace from the domains of land, sea, air, and space: it is “a physical environment . . . managed by rules set in software and communications protocols.”112 Cyberspace is governed by the laws of physics and the logic of computer code.113

Wikipedia defines Cyberwarfare simplistically: as the use of computers and the Internet to conduct warfare in cyberspace.114 The U.S. military does not define cyberwarfare in its unclassified dictionary, wisely avoiding the term “war” with its associated baggage and implications. The U.S. military instead categorizes cyber operations as defense, exploitation, or attack.115 This article focuses on the last two categories, exploitation and attack, and attempts to define the legal authorities and identify the type of activities associated with these categories. In the minds of some, exploitation infers intelligence activities while attack sounds like a military operation, yet our analysis here will add nuance to this simplistic characterization.

If the distinguishing characteristics of cyberspace are electronics and electromagnetic spectrum governed by the laws of physics and computer code, then how can we best distinguish cyber exploitation from attack? One could argue that cyber attacks affect electronics and electromagnetic spectrum by altering their physical characteristics or computer code, while exploitation merely gathers information. The problem is that cyber attack thus defined would include acts of computer network exploitation where computer code is left behind or altered (for example, keystroke logging or insertion of a “backdoor”).

Perhaps cyber attack should be defined or interpreted more in the classical international relations sense of forced political coercion.116 Cyber operations would not be considered attacks if they seek only to gain information or intelligence, and are not intended to alter or control the primary functions of the adversary’s electronics or electromagnetic spectrum—even if they do leave computer code behind, such as keystroke logging software or the insertion of a back door. Subsequent acts to exploit the identified vulnerabilities by asserting control, or coercion, over the systems would rise to the level of attacks.117

This distinction between merely altering computer code without asserting control or degrading function and actually assuming control or degrading functions is consistent with international law, which does not generally consider intelligence activities to be acts of war. Its weakness, however, is definitional reliance upon the intent of the sponsor.

Distinguishing cyber attack from exploitation based on the intent of the sponsor is analogous to the challenge of distinguishing between warning shots and an initiation of armed conflict: intent is clear to the person pulling the trigger, but much less so to those on the receiving end.

The salient point is this: during the initial period after you discover someone is or was inside your network, you may not know whether the other person is initiating an attack or merely attempting to exploit your network. The other party knows why he is inside your network, but you do not. If you know your network is being attacked, a broad range of responses may be justified in self-defense; however, if your network is merely being exploited (an intelligence activity) your range of responses are arguably more limited. Thus, this distinction helps define the legal authority to carry out an operation, but does little to define appropriate defensive responses.

Which is why intelligence is the key to successful cyberwarfare. Cyber exploitation plays a critical supporting role in cyber attack. Knowing where an adversary’s cyber systems are vulnerable will likely require computer network exploitation “to understand the target, get access to the right attack vantage point, and collect BDA [battle damage assessment].”118  In the words of one expert on cyber attack, “those who prepare and conduct operational cyberwar will have to inject the intelligence operative’s inclinations into the military ethos”—inclinations that include discrete effects, patience, an intuitive understanding of the adversary’s culture, a “healthy wariness of deception, indirection, and concealment . . . [and] a willingness to abandon attack plans to keep intelligence instruments in place.”119

As noted above, the intent or purpose of the actor is typically a key distinction between cyber exploitation and cyber attack. A recent report issued by the National Research Council suggests the distinction is really the nature of the payload, but acknowledges that technical similarities between attack and exploitation “often mean that a targeted party may not be able to distinguish easily between a cyberexploitation and a cyberattack.”120 The Report provides this helpful illustration:


This illustration is a helpful starting point, but its simplistic separation of Title 10 and cyber attack in one column and Title 50 and cyber exploitation in another column belies the stovepiped thinking of congressional overseers and ignores current operational realities. It ignores military intelligence collection efforts and operational preparation of the cyber environment by military personnel operating under military command and control— activities that are properly understood to be military operations and not intelligence activities, as we will see in Part IV of this paper.

Cyberwarfare differs from other forms of warfare in that the skills or tools necessary to collect intelligence in cyberspace are often the same skills or tools required to conduct cyber attack. Furthermore, the time lag between collecting information and the need to act upon that information may be compressed to milliseconds. Unlike the traditional warfighting construct where intelligence officers collect and analyze information before passing that information on to military officers who take direct action, cyber attack may require nearly simultaneous collection, analysis, and action. The same government hacker may identify an enemy computer network, determine its strategic import, and degrade its capabilities all in a matter of seconds.

This is precisely why President Obama put the same man in charge of cyber intelligence activities and military cyber operations. This is also the reason Congress evidenced considerable apprehension and asked many questions about authorities and oversight. After all, congressional oversight retains its antiquated, stovepiped organizational structure and presumes a strict separation between intelligence activities and military operations even when no such separation is legally required.

Foot Notes



77 Hiding our Cyberwar from Congress, EMPTYWHEEL (Jan. 14, 2011), http://emptywheel.firedoglake.com/2011/01/14/hiding-our-cyberwar-from-congress (last accessed Mar. 9, 2011). This blogger provides three examples to support the thesis that DoD is deliberately trying to avoid reporting information on cyberwarfare programs to Congress. The third example quotes from a speech delivered by John Rizzo, former general counsel of the CIA, to the American Bar Association’s Standing Committee on National Security. Rizzo stated: “I’ve always found fascinating and personally I think it’s a key to understanding many of the legal and political complexities of so-called cyberlaw and cyberwarfare is the division between Title 10 operations and Title 50 operations. Title 10 operations of course being undertaken by the Pentagon pursuant to its war-making authority, Title 50 operations being covert action operations conducted by CIA. Why is that important and fascinating? Because . . . how these cyber-operations are described will dictate how they are reviewed and approved in the executive branch, and how they will be reported to Congress, and how Congress will oversee these activities.” John A. Rizzo, “National Security Law Issues: A CIA Perspective” (University Club, Washington, DC) (May 5, 2010), available at http://www.americanbar.org/content/dam/aba/multimedia/migrated/natsecurity/multi media/ws_30274.mp3 (last visited Mar. 9, 2011).

78 Id.

79 STANTON, supra note 75, at 37. See also GARY SCHROEN, FIRST IN (2005); Henry A. Crumpton, Intelligence and War 2001–2, in JENNIFER E. SIMS, TRANSFORMING U.S. INTELLIGENCE (2005).

80 STANTON, supra note 75, at 33. In past wars, SOF were often the first to enter hostile territory, but they always operated under the command and control of conventional military forces.

81 ROTHSTEIN, supra note 75, at 111. The importance of this point will become apparent later in this paper, but the CIA operatives were working under CIA control and Title 50 authorities while the Special Forces and other military personnel were under the operational control of U.S. Central Command and Title 10 authorities. See BERNTSEN, supra note 75, at 86. Notwithstanding their separate lines of authority, the CIA and SOF on the ground in Afghanistan closely coordinated their operations and often operated in concert. In one instance, military commanders initially refused to send a rescue team to the aid of a five-man “CIA” team not realizing that, in fact, three of the five men on the team were active duty military officers. Id. at 287.


83 ARMY FIELD MANUAL FM 3-05.130, provides this distinction between regular and irregular forces:
Regulars are armed individuals or groups of individuals who are members of a regular armed force, police, or other internal security force . . . Regardless of its appearance or naming convention, if the force operates under governmental control, it is a regular force. Irregulars, or irregular forces, are individuals or groups of individuals who are not members of a regular armed force, police, or other internal security force . . . These forces may include, but are not limited to, specific paramilitary forces, contractors, individuals, businesses, foreign political organizations, resistance or insurgent organizations, expatriates, transnational terrorism adversaries, disillusioned transnational terrorism members, black marketers, and other social or political “undesirables.”

84 The third characteristic serves to distinguish unconventional warfare from irregular warfare. Irregular warfare is “a violent struggle among state and non-state actors for legitimacy and influence,” while unconventional warfare may be waged in support of both conventional state-on-state conflicts and insurgencies.

85 ARMY FIELD MANUAL FM 3-05, supra note 83, at 130.

86 “While many of the tactics and techniques utilized within the conduct of UW have significant application and value in other types of special operations, many of these techniques, such as sabotage and intelligence collection, are not exclusive to UW….” LTC MARK GRDOVIC, A LEADER’S HANDBOOK TO UNCONVENTIONAL WARFARE 9 (SWCS Pub 09-1)(2009) (SWCS is an acronym for the U.S. Army John F. Kennedy Special Warfare Center and School located at Ft Bragg, North Carolina).

87 This definition distinguishes unconventional warfare from “foreign internal defense”—a form of surrogate warfare where indigenous regular, or official, forces are trained, equipped, organized, and supported to conduct operations against insurgents or other forms of lawlessness. Prime examples of foreign internal defense are the U.S. military operations to organize, train, and equip government security forces in Iraq and Afghanistan to fight against insurgents. See also id. at 9.

88 ROTHSTEIN, supra note 75, at 159.

89 Morris Greenspan, International Law and Its Protection for Participants in Unconventional Warfare, 341 ANNALS AM. ACAD. POL.& SOC. SCI. 30, 31 (May 1962). Guerilla warfare generally consists of attacks conducted by irregular indigenous forces in areas they do not control. Insurgencies or other armed resistance movements normally use some form of guerilla warfare against the forces they are engaged in conflict with. “Victory is achieved not so much by knocking the enemy’s sword from his hand as by paralysing his arm.” Charles Townshend, The Irish Republican Army and the Development of Guerilla Warfare 1916–1921, 94 ENG. HIST. REV. 318, 318 (1979).

90 Townshend, supra note 89, at 318. Guerilla warfare is typified by “hit-and-run” attacks by forces that do not wear uniforms or openly advertise their armed nature. For example, when Umkhonto, the paramilitary wing of the African National Congress initiated its guerilla campaign against the apartheid government in South Africa in 1961, it “gave first priority to a campaign of sabotage against power and communication facilities and government buildings.” Sheridan Johns, Obstacles to Guerilla Warfare-A South African Case Study, 11 J. AFR. STUD. 267, 273 (1973).

91 GRDOVIC, supra note 86, at 17.

92 OSS deployed 93 Jedburgh teams into German-occupied France. The three-man Jedburg teams parachuted into enemy territory and advised, coordinated and directed French resistance fighters as they conducted sabotage and guerilla attacks against German forces. C.I.A., THE OFFICE OF STRATEGIC SERVICES: AMERICA’S FIRST INTELLIGENCE AGENCY (2007), available at https://www.cia.gov/library/center-for-the-study-ofintelligence/csi-publications/books-and-monographs/oss/art05.htm; MILTON J. SHAPIRO, BEHIND ENEMY LINES (1978).

93 ROTHSTEIN, supra note 75, at 27–29. Rothstein also asserts that U.S. forces conducted forms of unconventional warfare in the Revolutionary War, the War of 1812, the Mexican War of 1846–48, the U.S. Civil War and throughout the 20th century.

94 Prior to the initiation of aerial bombardment and the ground campaign in Operation Iraqi Freedom, U.S. Special Forces teams infiltrated northern Iraq and conducted unconventional warfare with Kurdish resistance elements, including the Patriotic Union of Kurdistan. GRDOVIC, supra note 86, at 7.


96 Unconventional warfare activities in North Vietnam between 1961 and 1964 qualify as being conducted in a limited war context as the U.S. government did not originally intend to introduce conventional military forces in large numbers into Vietnam. It was only after the limited war failed to achieve the desired results that the conflict escalated into general warfare. The Special Observations Group (SOG) was a cover name for a U.S. unconventional warfare task force, composed of SOF. SOG regularly infiltrated North Vietnam and conducted unconventional warfare primarily through intelligence activities, propaganda campaigns, sabotage, and guerilla attacks. See generally RICHARD H. SHULTZ JR., THE SECRET WAR AGAINST HANOI (1999); MARK H. WAGGONER, MILITARY ASSISTANCE COMMAND VIETNAM: COMMAND HISTORY (1970), esp. Annex B: Studies and Observations Group.

97 SOF worked with the CIA in supporting various resistance groups in Nicaragua. The operations are generally viewed as an example of how unconventional warfare should not be waged as the resistance groups, collectively referred to as the Contras, never succeeded in building necessary support inside Nicaragua and became viewed as mercenaries with little connection to the local population. See GRDOVIC, supra note 86, at 36.

98 ARMY FIELD MANUAL FM 3-05.130, supra note 83, at 4-4.

99 “For example, a large and effective resistance movement may require only logistical support, thereby bypassing the organization phase. The phases may also occur out of sequence, with each receiving varying degrees of emphasis. One example of this is when members of an irregular force are exfiltrated to a partner nation (PN) to be trained and organized before infiltrating back into the UWOA [unconventional warfare operating area], either with or without the ARSOF [Army Special Operations Forces] unit. In this case, the typical order of the phases would change.” Id.

100 Id. at 4-5. In the context of limited war, the Title 10-Title 50 issues that are the focus of this paper permeate every aspect of the mission. Indeed, the political risks involved and need for secrecy may dictate that the U.S. government not acknowledge its role in the operations, which strikes at the very heart of this debate.

101 Id. at 5-2. This manual states it is not unusual for SOF “to augment pilot teams led by and primarily constituted of OGA personnel.” The acronym “OGA” stands for other government agency and is generally understood to be a euphemism for the CIA. See John Henderson, The Conflict In Iraq, L.A. TIMES, Sep. 10, 2004, at A-1. Strictly speaking, a pilot team is not an unconventional warfare mission as much as it is a critical precursor to unconventional warfare. The pilot team’s mission is to conduct a feasibility assessment, which analyzes whether there is an indigenous force with which the U.S. can engage in an unconventional warfare campaign.

102 The Center for Strategic and International Studies compiled a list of 68 “significant cyber incidents” between 2006 and 2011. JAMES ANDREW LEWIS, CYBER EVENTS SINCE 2006, CSIS (Jan. 25, 2001), available at http://dev.csis.org/publication/cyber-events-2006.  See also RICHARD A. CLARKE AND ROBERT KNAKE, CYBER WAR: THE NEXT THREAT TO NATIONAL SECURITY AND WHAT TO DO ABOUT IT 6 (2010); Ellen Nakashima, For Cyberwarriors, Murky Terrain; Pentagon’s Dismantling of Saudi-CIA Web Site Illustrates Need for Clearer Policies, WASH. POST, Mar. 19, 2010, at A1.


104 William J. Broad, John Markoff and David E. Sanger, Israel: Test on Worm Called Crucial in Iran’s Nuclear Delay, N.Y. TIMES, Jan. 16, 2011, at A1.

105 Michael Joseph Gross, A Declaration of Cyber-War, VANITY FAIR, April 2011, at 152–59, 195–98.

106 Broad et al., supra note 104.

107 Robert F. Gates, Memorandum: Establishment of a Subordinate Unified U.S. Cyber Command Under U.S. Strategic Command for Military Cyberspace Operations, Department of Defense (Jun. 23, 2009).

108 It is unlikely that General Alexander would have provided written responses to the Committee without such responses being cleared or reviewed by the Secretary of Defense, or at least his subordinates such as the DoD General Counsel. It is also worth noting that while Cyber Command likely possesses significant delegated authorities, the 2011 National Military Strategy specifically calls for “executive and Congressional action to enable effective action in cyberspace.” CHAIRMAN OF THE JOINT CHIEFS OF STAFF, THE NATIONAL MILITARY STRATEGY OF THE UNITED STATES 10 (2011).

109 Hearing on the Nominations of VADM James A. Winnefeld Jr., USN to be Admiral and Commander, U.S. Northern Command/Commander, North American Aerospace Command; and LTG Keith B. Alexander, USA to be General and Director, National Security Agency/Chief, Central Security Service/Commander, U.S. Cyber Command, S. Comm. on the Armed Services, 105th Cong. 10 (2010).

110 JP 1-02, infra note 115, at 139. This definition is also contained in the 60-day Cyberspace Policy Review directed by President Obama shortly after taking office, which quotes classified NATIONAL SECURITY PRESIDENTIAL DIRECTIVE 54/HOMELAND SECURITY PRESIDENTIAL DIRECTIVE 23 (Jan. 8, 2008).

111 Dan Kuel, Cyberspace & Cyberpower: Defining the Problem, in CYBERPOWER AND NATIONAL SECURITY 28 (Franklin D. Kramer, Stuart H. Starr & Larry K. Wentz, eds., 2009).

112 Gregory J. Ratray, An Environmental Approach to Understanding Cyberpower, in CYBERPOWER AND NATIONAL SECURITY, supra note 111, at 254.

113 Id. at 255.

114 See CYBERWARFARE, WIKIPEDIA http://en.wikipedia.org/wiki/Cyberwarfare (last visited Mar. 7, 2011). Cyberwar is also defined as referring to “conducting, and preparing to conduct, military operations according to information-related principles. It means disrupting if not destroying the information and communications systems . . . on which an adversary relies to ‘know’ itself.” JOHN ARQUILLA AND DAVID RONFELDT, IN ATHENA’S CAMP: PREPARING FOR CONFLICT IN THE INFORMATION AGE 28 (1997).

115 Computer network defense consists of actions “taken to protect, monitor, analyze, detect, and respond to unauthorized activity within the Department of Defense information systems and computer networks.” Computer network exploitation is “[e]nabling operations and intelligence collection capabilities conducted through the use of computer networks to gather data from target or adversary automated information systems or networks.” Computer network attack consists of actions “taken through the use of computer networks to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves.” All three, defense, exploitation, and attack, fall under the general umbrella term computer network operations. U.S. DEPARTMENT OF DEFENSE, JOINT PUBLICATION 1-02, DEPARTMENT OF DEFENSE DICTIONARY OF MILITARY AND ASSOCIATED TERMS 95 (as amended through Apr. 2010). Examples of cyber operations or activities include mapping networks, scanning networks and industrial control systems (e.g., to find vulnerabilities), denial of service (flooding networks such that they become inoperable), hacking networks or systems to gain stored information (including insertion of malware or spyware), manipulating data on someone else’s network or system, taking over control of a system or network so sensors can be turned off or manipulated, activation of malicious code secretly embedded on computer chips during the manufacturing process, and other disruption or destruction of computer networks or systems.

116 Defining warfare is beyond the scope of this paper, but it suffices to say it involves the forced imposition of political will. It is, in Carl Von Clausewitz’s immortal words, the “continuation of political activity by other means.” CARL VON CLAUSEWITZ, ON WAR 87 (Michael Howard & Peter Paret, eds. & trans., Princeton Univ. Press 1976) (1832). See also MYRES S. MCDOUGAL & FLORENTINO P. FELICIANO, THE INTERNATIONAL LAW OF WAR: TRANSNATIONAL COERCION AND WORLD PUBLIC ORDER 11 (1994) which defines coercion as “a high degree of constraint exercised by means of any or all of the various instruments of policy.”

117 Here is a possible definition of cyberwarfare: politically coercive acts that affect electronics and electromagnetic spectrum by altering their physical characteristics or computer code such that the effect is analogous to an armed attack.


119 Id. at 156.