Expeditionary Cyberspace Operations

Cyberspace operations now officially has a physical dimension, meaning that the United States has official military doctrine about cyberattacks that also involve an actual human gaining physical access to a piece of computing infrastructure.

A revised version of Joint Publication 3-12 Cyberspace Operations—published in December 2022 and while unclassified, is only available to those with DoD common access cards, according to a Joint Staff spokesperson—officially provides a definition for “expeditionary cyberspace operations,” which are “[c]yberspace operations that require the deployment of cyberspace forces within the physical domains.”


“Developing access to targets in or through cyberspace follows a process that can often take significant time. In some cases, remote access is not possible or preferable, and close proximity may be required, using expeditionary [cyber operations],” the joint publication states. “Such operations are key to addressing the challenge of closed networks and other systems that are virtually isolated. Expeditionary CO are often more regionally and tactically focused and can include units of the CMF or special operations forces … If direct access to the target is unavailable or undesired, sometimes a similar or partial effect can be created by indirect access using a related target that has higher-order effects on the desired target.”


“Allowing them to support [combatant commands] in this way permits faster adaptation to rapidly changing needs and allows threats that initially manifest only in one [area of responsibility] to be mitigated globally in near real time. Likewise, while synchronizing CO missions related to achieving [combatant commander] objectives, some cyberspace capabilities that support this activity may need to be forward-deployed; used in multiple AORs simultaneously; or, for speed in time-critical situations, made available via reachback,” it states. “This might involve augmentation or deployment of cyberspace capabilities to forces already forward or require expeditionary CO by deployment of a fully equipped team of personnel and capabilities.”

Posted on May 26, 2023 at 7:12 AM9 Comments


Ted May 26, 2023 8:50 AM

“As electronic warfare and cyber capabilities are expected to be a big part of the battlefield in 2030…”

Does this mark a change?

Clive Robinson May 26, 2023 11:07 AM

@ Bruce,

“Cyberspace operations now officially has a physical dimension,”

I’m thinking as it’s “operations” ie plural it’s “have” not “has”. I suspect your brain was ahead of your fingers and you were thinking “physical dimension has a”.

Buy onto,

@ ALL,

There is the curious phrasing of,

“expeditionary cyberspace operations,” which are “[c]yberspace operations that require the deployment of cyberspace forces within the physical domains.”

Now that is ambiguous, so do they mean “In Place Covert Operative” style, “black bag” style, “Special Weapons And Tactics”(SWAT) style, or “bomb them back to the stone ages” Gen Curtis LeMay style?

Though with the oft said “We are leaving nothing off the table” type mantra, and that,

“… indirect access using a related target that has higher-order effects on the desired target.”

They could even be thinking 1983 style “Global Thermonuclear War”…

But also speaking of the 1980’s and earlier when the “Cold War” was simmering along,

“This might involve augmentation or deployment of cyberspace capabilities to forces already forward…”

That kind of implies GLADIO[1] type unit operations and similar with variois upto date and quite specialized skill sets.

Which also implies that opetatives might already be in place in corporations and the like. Some as “Secret Squirrels” known about to one or two of senior managment, others however placed or coopted to deliberately weaken the security of products in design, without any of their employers managment or other employees being aware of their role. As such the second group would be seen by IC Agencies as at best “contractors” working with “No Official Cover”(NOC).

It’s already known or assumed that both Russia and China have “contractors” in their home companies, as well as NOC’s in foreign nations the latter being quite an issue with US style VC led organisations…

So we can make reasonable guesses as to what “is on the table” if not “already in place”… A think back a decade to the Ed Snowden trove and that information about “implants” being put in equipment tells us what has been done, and it’s safe to assume in that decade, “Methods and Sources” have been significantly upgraded.

The fact the US is trying all manner of tricks and persuasion to get foreign semiconductor manufactures to build plants in the US, should scare the living daylights out of the leaders of the nations those manufacturers are in, as it represents a very significan “National Security Risk” for them.

Something South Korea, Japan, Taiwan and certain continental European Nations appear cognizant of. The question though is if they will be able to maintain things against the risk…

[1] Depending on who you talk to GLADIO is either “CIA” or certain European Intel Orgs. The reality is a little less glamorous, as far as we can tell it’s an extention of the British “Special Operations Executive” allegedly the brain child of Winston Churchill, designed to take the war behind the lines in German Occupied Europe in WWII. That is they carried out clandestine missions to support resistance organizations.

SOE agents were originally selected from UK and “free foreign” civilians who were then trained in three basic areas, espionage techniques, special demolition techniques and communications. The idea being to add specialist skills and training to existing underground / partisan forces in the occupied nations. This however fairly quickly changed due to political preasure from SiS who felt their perogative was being taken over. This a more military asspect was focused upon, that involved the civilian side of supporting underground / partisans, but more direct action, where there was no underground or they were not trusted for various reasons. In essence it was small “Special Opetations Teams” later known as “bricks” that behaved like commando or later SBS and SAS attack teams. However it was also realised at the time that German forces were still advancing and that rather than drop forces in, having them already in place was actually more desirable for quite a number of reasons. Thus the British organized and trained a quite large network of “Auxiliary Units”. Effrctively a guerrilla-force-in-waiting hiding in plain sight waiting for the German Troops to pass by. The AU tasks were initially to be inteligence gathering then move to frustrating the occuping forces by any means available to them, in Britain the AU’s were selected from “reserved occupation” and similar non military record personnel. However German forces ground to a halt thus most AU forces never actually saw action in that role. Whilst the AU’s were quietly disbanded later WWII somr of thrm became “Special Reservists”. The fact that Russia broke agreements about how far they would advance alarmed both the British and US politicians and military thus the idea got reborn but to be carried out by Continental European Nations. It’s known that “Operation Gladio” personnel and UK Special Forces still were “in role” even after the Berlin Wall had fallen. With the reorganisation of UK Military there are still “Special Forces” roles in this area to provide “Boots on the Ground” inteligence and various types of highly specialised suppport, including “Cyber-Security Expertise” of an offensive nature.

Meriam May 26, 2023 11:39 AM

“A revised version of Joint Publication 3-12 Cyberspace Operations—published in December 2022”


… another piece of Federal bureaucratic paperwork, of no real practical value to anyone

denton scratch May 27, 2023 5:32 AM

The language in this article is pretty bizarre. The pervasive use of the term “cyberspace” presumably derives from the US military unit called “Cyberspace Command”, a term that to me has always seemed pretentious sci-fi hype. What’s wrong with referring to this battlefield as “the internet”?

And because Cyberspace Command is a military unit, you then get phrases like “expeditionary cyberspace operations”, which appears to mean boots-on-the-ground physical access to computers; which isn’t cyberspace at all.

anon May 27, 2023 11:53 AM


Is that like being on an intergalactic cruise in your office?

I personally believe it would have been better if the United Nations had begun treating cyber attacks like physical ones. That way, when Russia or China cyber attacked us, we could morally respond with B-52 and B-2 bombers, and ICBMs. Oh, and vice versa.

Clive Robinson May 27, 2023 12:44 PM

@ Denton Scratch,

“What’s wrong with referring to this battlefield as “the internet”?”

The Internet is not by a long way the major part of cyberspace.

If you read the document in a little more depth you will find they talk about gaining control of systems issolated from accessable networks.

Including those not just “air-gapped” but insufficiently “energy-gapped”.

For some reason the ICTsec industry realy does not in the slightest understand about the true basics of “InfoSys Warfare” and how the “Intelligence, Surveillance and Reconnaissance”(ISR) in such non Internet environments works.

I’ve been dropping very broad hints on,

“The ISR capabilities you will face and how you need to build a protected environment”

On this blog for some years now as have others who nolonger appear to be around any more…

Leon Theremin May 28, 2023 11:36 AM

If you read the document in a little more depth you will find they talk about gaining control of systems issolated from accessable networks.

BadBIOS, the silicon trojan built-in all CPUs, already enables remote access to any computer, including Ring -3 privileges.

The world’s militaries need to recognize that there is a criminal organization using electromagnetic surveillance and sabotage for unfettered terrorism.

Clive Robinson May 28, 2023 2:05 PM

@ Leon, ALL,

Re : What arives without awareness.

“…need to recognize that there is a criminal organization using electromagnetic surveillance and sabotage…”

Firstly, it’s “ALL” that need to recognize including the lowest rung of consumers, buying a computer they hope will improve their childs chances in life.

Secondly, those that enable it do not think they are “criminals” even though they know that what they are doing is at best highly questionable.

Thirdly, it’s not an “organization” singular but “entities” plural.

In the late 1950’s for the next quater to third of a century things in electronics technology changed.

It went from post WWII with the Governments and Millitary in the driving seat, and the consumers getting a few crumbs, to the almost reverse. That is electronics and the resulting technology is no almost entirely consumer driven, and if they are lucky the military might get something a quater century old to play with.

To some this is iniquitus and I’m not just talking the MIC that we were warned about so many many years ago. The MIC is mainly about shifting money from home taxpayers pockets to a few self appointed pockets and via the likes of arms deals addressing the “trade imbalance” for cheap energy and the like.

Thus we tax payers “war monger to keep the lights on and for cheap toys to play with”. Every so often some twit, uses those MIC toys to kick off somewhere, and some of those in some positions of power try and fail to stuff the genie back in the bottle. So a few million or so get hurt, injured, maimed or killed as a result and entire cities get leveled. Just so the same twits can posture on the world stage like cockerels scratching in the dirt of the hen house run, crowing how wonderful they think they are…

Which means in the “Intelligence, Surveillance and Recognizance”(ISR) view of the world they want rather more than boots pounding the ground creating MICE sources. They also want trchnology of all forms so they can have “methods” to avoid having human sources at risk.

Thus as we know for atleast this century and we can safely assume some years going back into the 1990’s or earlier that various techbologies have had weaknesses added, to enable “methods” to happen.

It’s why I point out that “air-gapping” is totally insufficient and “energy-gapping” needs to be the mininum level you need to consider if you as a consumer want “Privacy” and the “Safety” that comes from others knowing as little as possible about you.

I’m not just talking about people being considered “A Person of Interest” by “spooks”, “secret squirrels” and the like of the various IC’s and LE’s (though way more people are than they realise). But also those targeted by the less than smart crooks runing companies and the like that see taking your privacy and the safety it gives you away, and selling it for just a few more cents dropped on the table to keep shareholders buying the stock etc.

People glibly talk of “surveillance capitalism” without realising that it is currently what the worlds largest industry “Sales and Marketing” are turning the wheels of the economy with…

The West actually has very little “industry” and now in effect nolonger “manufactures” thus does not generate actual “utility” thus “real wealth”. Instead we have “Info-economies” and other “faux-markets” where fiscal wealth is churned as fast as possible such that “financial markets” can take their slice off the top without adding utility. The not unexpected result is fiscal wealth is just numbers spining around creating inflation and driving us into a rent-seeking society. A society that needs surveillance so that those with any spare fiscal value they might actually use to buy assets with, can be “asset stripped” for the benifit of the very very few.

Thus the crooks that prey on the ordinary citizen/consumer are now in the driving seat of “surveillance methods” not the MIC or IC so much the IC these days.

Remember just about any piece of technology you aquire or use, is these days designed to strip your privacy, thus safety in the name of profit… A situation that is only going to get worse with time, as that faux-economy based on “churn” not “manufacturing” displaces all other forms of wealth generation and a downward spiral is not just entered into but becomes a tornado like spiral, such is the way of the Western World these days.

Canis familiaris May 29, 2023 5:37 PM

@Clive Robinson

Clive, I feel you are in danger of your catchphrase becoming “It’s being so cheerful that keeps me going”.

And to stay on-topic with security/espionage, “Zis iss Funf speakink”

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.