Winning wars in cyberspace might sound easy: the click of a mouse or the press of the enter key on a keyboard. Yet, the web of networks that constitutes cyberspace is imbued with challenges. Seemingly every day there is a new story of a government, business, or individual, suffering from a serious hack. These hacks are often attributed to state actors or transnational criminal organizations. Combined, the almost daily revelations of serious incidents compound a common misperception that cyberspace is an ungoverned space. The reality of cyberspace, however, is far different and constitutes a complex environment of overlapping jurisdictions. The overlapping geographic, legal, and technical boundaries affect everything from the freedom of information to the decision to engage in military operations. Technical specifications as well as laws and policies established by local and national governments, international institutions, non-governmental organizations, and corporations form the decision-making framework for national policy-makers and military commanders. Understanding how all the elements of cyberspace interact provides context for when, why and how the United States engages in military operations in cyberspace. This paper examines the complexities of the environment and their impact on the decisions of states (with emphasis placed on the United States) to engage in offensive cyber operations, cyber exploitation,1 and defensive cyber operations against other states and non-state actors. Moreover, it examines the important role that overlapping governmental and non-governmental organizations have in affecting the types of behaviors that occur within cyberspace.
READ MORE