GUÍA DE
CIBERDEFENSAORIENTACIONES PARA EL DISEÑO, PLANEAMIENTO, IMPLANTACIÓN Y DESARROLLO DE UNA CIBERDEFENSA MILITAR
72 486.
Cyber
defense is a combat capability specialized in the cyberspace domain of operations and not a joint function. It is one more option in the hands of the mission commander to create the desired effects on the battlefield or area of operations or to support other traditional forces.
487.
To facilitate the organization and use of cyber defense as a military capability and to ensure its smooth integration into joint action with land, sea and air capabilities, cyber defense needs to be governed by the same doctrinal principles or principles of joint operations (based on the traditional principles of war) and adapt them to the particularities of cyberspace.
488.
Military operations are based on different means, resources
and tactics for each domain, but must be governed by the
same principles that ensure intellectual agreement and effective joint action.
489.
The
doctrinal principles that guide the action of the military forces in operations are the fundamental principles (will to win, freedom of action and ability to execute) and the operational principles that derive from the fundamental principles (objective, offensive, mass,
maneuver, economy of force, unity of command, security, surprise,
simplicity, restraint and perseverance).
490.
Will to win is the firm intention of the commander and the troops to prevail over the adversary and carryout the mission in any situation, however disadvantageous it maybe. In cyberspace, will to win takes on special relevance due to the numerous occasions when a defender will find him or herself at a disadvantage due to combat asymmetry or when an attacker will encounter apparently impenetrable defenses.
491.
Freedom of action is the possibility to decide, prepare and execute plans despite the action of the adversary. This requires a solid understanding of the adversary’s cyber defense capabilities and networks and its own cyber defense capabilities. It is acquired when cyber supremacy or cyber superiority is reached and maintained.
492.
Ability to execute is the faculty to effectively and efficiently determine, adapt and use the cyber defense means according to the mission, establishing the necessary plans for the deployment of cyber operations, executing them according to the plan and modifying them according to the situation if necessary.
493.
Given the dynamic nature of cyberspace, the modification of cyber operations plans
will occur not occasionally, therefore, it will be necessary to develop mechanisms to facilitate agile changes in the plans, in order to adapt them to the new situation, according to the information obtained from a solid cyber situational awareness (CSA) and predefined indicators.
494.
The objective advocates military cyber operations aiming
at achieving a clearly defined, decisive and achievable objective.
495.
Each component in the cyber operation must know, clearly and unambiguously, the objective (system, network, service, user, information, etc, the required effect (exfiltration, interruption,
degradation, destruction, etc) and the particular conditions of time and security (anonymity, side effects, etc.).
496.
The objective must be profitable. Profitability should be valued according to the comparison between the resources used and the benefit for the mission and not based on valuations exclusively within the scope of the cyber force.