Legal framework 230. To guarantee the legitimacy of the missions, responsibilities, tasks, activities and actions of the cyberspace force, its constitution must be secured by a legal norm at the highest possible level, no less than a ministerial decree. 231. The norm should include, at a minimum, the scope, mission, tasks, organization and subordination of the cyber force. Doctrine 232. The armed forces have a traditional doctrinal framework that establishes the fundamental principles, concepts, and guidelines for their organization, preparation, and employment in the land, sea, and air domains, as well as in the joint domain. The cyber force, as part of the armed forces, also needs a specific doctrine to guide its organization, preparation and employment in the cyberspace domain. 233. Due to the dynamic nature of cyberspace and the low maturity level of the cyberspace domain of operations, the doctrine of the employment of a cyber force may require revisions and modifications more regularly than traditional doctrines, and the guidelines established in it may require increased flexibility. 234. Cyberspace is cross-domain with respect to the rest of the domain of operations, being present in them and influencing or supporting their action. Therefore, it is also necessary that cyber defense capabilities be considered in the doctrine of the traditional domains, as well as in the joint operations doctrine. 235. Cyber defense doctrine establishes criteria, references, principles and procedures related to all operational aspects within the cyber force, in the context of the armed forces and at the national and international levels. 236. Doctrine is to be understood as a complete body of documents that facilitates the organization, preparation, and employment of the armed forces in cyberspace. This set must include, at least, the military cyber defense vision of the chief of defence, the concept of cyber defense, the doctrine for the employment of the cyber force, the operating procedures for each type of cyber operation, technical instructions, guides, recommendations and good practices of cyber defense activities and the integration of cyber defense in other consolidated doctrines. 237. International collective defense organizations such as NATO have a significant responsibility in the formulation of doctrine that serves as a reference to neighboring nations. However, NATO’s level of maturity in relation to the cyber defense doctrine is insufficient for current national needs, which forces nations to generate their own doctrine, which could lead, in the future, to the coexistence of doctrines with a different approach that would hinder multinational and international cooperation in cyber defense.
The cyber force itself must promote the drawing up of cyber defense doctrine necessary for its operational effectiveness and for the required understanding of cyber defense by other involved actors, thus eliminating areas of conflict or uncertainty.