35+ Years of Freedom of Information Action

Targeting in Cyber Operations: FOIA release discusses considerations of US military targeting doctrine

Published: Sep 5, 2019
Briefing Book #683

Edited by Michael Martelle

For more information, contact:
202-994-7000 or nsarchiv@gwu.edu

Washington D.C., September 5, 2019 - Recently declassified materials from U.S. Cyber Command provide new details about an important component of cyber operations – the targeting process – as well as clues to considerations regarding the potential linkage between cyber and traditional military force in U.S. planning.

Much of the publicly released information on USCYBERCOM targeting practices has suggested that the US military’s cyber operators use a version of the joint targeting cycle outlined in JP 3-60 for planning operations in cyberspace. This use of the joint targeting cycle, a framework for applying kinetic force across domains, supports previous observations that US conduct of military cyber operations has drawn on kinetic operational concepts.

Today the National Security Archive Cyber Vault is posting a presentation, obtained through FOIA declassification, by the USCYBERCOM Joint Intelligence Operations Center (JIOC), Combat Targets Division entitled “Improving Targeting Support to Cyber Operations.” Despite significant redactions, this release:

  • Confirms that the joint targeting cycle has been used for cyber operations
  • Communicates uncertainty about its effectiveness for non-kinetic operations
  • Reveals that the JIOC recommended maintaining use of the cycle in some cases and dispensing with it in others
  • Implies that USCYBERCOM found PPD-20, the Obama administration’s cybersecurity framework, to have meaningful impact on the targeting process
  • Suggests that Operation Glowing Symphony (the counter-ISIL operation undertaken by USCYBERCOM JTF-ARES) provided significant lessons for cyber targeting.

To contextualize this FOIA release we are also providing a selection of military/academic writing and US military doctrine covering the topics of joint targeting and cyberspace operations.

“Improving Targeting Support to Cyber Operations”

The document being posted for the first time today [9] is a set of presentation slides examining the suitability of the US Military’s joint targeting cycle (JTC) for cyberspace operations with an eye towards decreasing the time between operation planning and execution. The presentation quickly accepts the argument that the cycle “is optimized for lethal effects” and “therefore JTC is sub-optimized for non lethal and temporary effects.”

Additional Considerations


Further discussion argues that, from the perspective of US cyber operators, the prime function of the joint targeting cycle is to synchronize “at the operational level of war” and ensure that targets are “relevant to an operational level commander”. The implication is that, while useful in linking cyber operations to non-cyber goals, the JTC alone is insufficient for planning cyber operations but must feed into a cyber operations specific function.

Targeting at USCYBERCOM


Target development Relationship



The presentation goes on to recommend that the JTC only be used in cases where cyber operations are comparable to “fires”. While this is left vague, there are specific recommendations that the cycle should not be used for functions such as signal operation instructions (SOI) and military information support operations (MISO). This implies that “fires” here are seen as offensive actions on par with the use of weapons systems.

Takeaways and Recommendations


The final portion of the presentation, “USCC Targeting Way Ahead”, alludes to the broader context in which the problem was being viewed by USCYBERCOM.

USCC Targeting Way Ahead


  • Mention of discussions with targeting working groups and committees around the topic of “networks” joining the FIVEO framework (Facility, Individual, Virtual, Equipment, Organization) for targeting categories in cyberspace underscores the degree to which “targeting enterprise” concepts were in flux. The results of this discussion, or if it occurred, are currently unknown.
  • A short mention of PPD-20, the potential for an update to the classified Obama administration directive governing cybersecurity policy, and the context (“What we can’t change”) are likely to be especially interesting to watchers of US cyber policy. The mention suggests that the directive was seen to have had an impact on the practice of targeting.
  • The counter-ISIL activity Operation Glowing Symphony had been authorized for execution shortly before the date of the “Improving Targeting Support to Cyber Operations” presentation. Particularly interesting is the recommendation that lessons learned from the counter-ISIL mission (JTF-ARES and Operation Glowing Symphony) be incorporated into future US doctrine, which underlines the impact USCYBERCOM expected the operation to have on the combatant command and US military cyber warfighting doctrine and capabilities.

Targets, Targeting, and the Joint Targeting Cycle in Cyberspace

Most recently released in January of 2013, JP 3-60 is the doctrinally authoritative publication on the targeting process for the entirety of the United States Military.

Understanding Targets and Targeting


Joint Targeting Cycle


The discussion of targeting in cyberspace, particularly when integrating with joint operations, has received no small amount of attention from military planners and theorists. Previous FOIA releases to the National Security Archive have revealed that USCYBERCOM used the joint targeting cycle supported by an adaptation of the air tasking cycle to conduct cyber operations, but some writing in official publications has pulled on specific points of tension between planning in kinetic operations and cyber operations. In summer of 2018 the Joint Chiefs of Staff issued an update to JP 3-12 Cyberspace Operations [8]. The document signaled a limit to the joint targeting cycle’s utility for cyber operations (CO).

4. Targeting