Offensive Cyber Operations

Understanding Intangible Warfare

🎙️ Comps Prep (Oral Comprehensive Exam)

• If analysts want a defensible threshold for “cyber-warfare,” then they should require Moore’s five cumulative parameters (target, impact, attacker, goals, relationships), because leaving any out collapses warfare into routine espionage/crime. So what for strategy: build escalation and response policy around the narrow set of operations that meet all five criteria. (PDF p. 25; PDF p. 6)

• When militaries treat “cyber” as a single bucket, then they misalign timelines and authorities, because presence-based OCOs require long intrusions and strategic approvals while event-based OCOs can be reusable, tactical tools. So what for strategy: design force structure, legal authorities, and planning assumptions around that bifurcation. (PDF p. 6; PDF p. 15; PDF p. 118)

• If cyber is framed as “intangible warfare” alongside EW and information operations, then planners can integrate OCOs into familiar strategic concepts (surprise, deception, destruction), because the novelty is less the logic than the intensified scale/reach/sophistication of targeting modern networks. So what for strategy: prioritize integration and resilience over techno-utopian “virtual victory” expectations. (PDF p. 53; PDF p. 74; PDF p. 120)

• Bridge link: Moore supports the broader “cyberwar is rare” line associated with Rid by arguing that cyber-warfare is “often discussed and rarely seen,” and by redirecting attention to how OCOs actually function in state competition. (PDF p. 6)

Online Description

Moore argues that “cyber-warfare” is rarer than the rhetoric suggests and should be reframed as a spectrum of offensive cyber operations (OCOs). He introduces “intangible warfare” as a way to connect cyber operations to older traditions of fighting through non-physical means, and proposes a practical typology—presence-based versus event-based operations—to clarify timelines, authorities, and military utility. The book then uses theory and operational logic to show how OCOs can support military strategy, followed by comparative case studies of how the United States, Russia, China, and Iran employ OCOs based on differences in culture, resources, history, and circumstance. (PDF p. 6–7)

Author Background

TBD

---

60‑Second Brief

• Core claim (1–2 sentences):

  Cyber-warfare is a narrow subset of what people call “cyber,” and most incidents fall below that threshold; the practical strategic task is to understand and employ offensive cyber operations as part of a broader tradition of intangible warfare, not as a standalone war-winning domain. (PDF p. 6; PDF p. 25; PDF p. 74)

• Causal logic in a phrase:

  Better thresholds + better typologies → better strategy and integration. (PDF p. 25; PDF p. 6; PDF p. 118)

• Why it matters for IW / strategic competition (2–4 bullets):

  • Keeps “cyberwar” hype from distorting escalation policy and success metrics by separating intrusions, attacks, and warfare. (PDF p. 244–245)

  • Forces planners to respect time: presence-based capabilities require long prepositioning, while event-based tools can generate immediate localized effects. (PDF p. 6; PDF p. 81; PDF p. 118–119)

  • Reframes OCOs as enablers (surprise, deception, disruption) that complement other instruments, rather than coercing surrender through “virtual victory.” (PDF p. 75; PDF p. 120)

  • Helps compare national approaches (US/Russia/China/Iran) as different ways of operating in the same intangible competition space. (PDF p. 6–7)

• Best single takeaway (1 sentence):

  Treat cyber conflict as a spectrum of OCOs—distinguish presence-based from event-based, and integrate them into strategy with realistic thresholds and timelines. (PDF p. 6; PDF p. 15; PDF p. 118)

Course Lens

• How does this text define/illuminate irregular warfare?

  • Moore does not foreground “irregular warfare” as a primary label, but he repeatedly emphasizes that most meaningful cyber activity sits below the threshold of warfare and often operates in ambiguous space between peace and war—an IW-adjacent logic of competition short of overt armed conflict. (PDF p. 6; PDF p. 25; PDF p. 148)

  • His OCO typology (presence/event) naturally maps to “irregular” features: covert penetration, long timelines, and indirect effects that shape the operational environment rather than “decisive battle” outcomes. (PDF p. 6; PDF p. 81; PDF p. 118–120)

• What does it imply about power/control, success metrics, and timeline in IW?

  • Power in OCOs often flows through dependency: networks become “operational crutches,” and attacks target nodes of convergence like command-and-control hubs. (PDF p. 119)

  • Success metrics should emphasize enabling effects (surprise, deception, temporary paralysis, degraded awareness) and the time window they create for other instruments, not permanent “cyber dominance.” (PDF p. 120; PDF p. 52)

  • Timeline is bifurcated: presence-based operations require months/years of intrusion and maintenance, while event-based tools trade persistence for immediate effect. (PDF p. 6; PDF p. 81; PDF p. 118–119)

• How does it connect to strategic competition?

  • The case studies treat OCOs as competitive instruments shaped by national context—US doctrine (persistent engagement/defend forward), Russian holistic information contest, Chinese asymmetry/A2AD logic, and Iranian deterrence-by-punishment behavior. (PDF p. 130–131; PDF p. 150–151; PDF p. 187; PDF p. 202)

---

Seminar Questions (from syllabus)

• How would you classify the threshold for what constitutes warfare in cyber?

• Is it possible to have a violation of sovereignty and not reach the threshold of cyber warfare?

• How can cyberspace operations best contribute to battlefield success?

• What is the relationship between electronic warfare, cyber warfare, computer network operations, and information warfare?

• How do these relationships affect the analysis of cyber operations and the overall strategy?

• To what extent does knowledge of the technical aspects of cyber operations alter your perception of cyber power?

• Are there any misconceptions that US policymakers commonly hold about cyber operations, and how do these misconceptions affect strategy?

✅ Direct Responses to Seminar Questions

• Q: How would you classify the threshold for what constitutes warfare in cyber?

  • A:

    • Moore proposes a five-parameter assessment (target, impact, attacker, goals, relationships) and argues all five must be satisfied for an incident to fall within the spectrum of cyber-warfare. (PDF p. 25)

    • The model is designed to exclude most routine network activity (crime, espionage, low-impact intrusions) from “warfare,” because those incidents lack military-quality targets, strategic goals, or the relevant conflict relationship context. (PDF p. 25; PDF p. 6)

    • “Cyber-warfare” becomes most recognizable when operations directly support kinetic campaigns or generate significant influence in a broader military-political context. (PDF p. 42)

    • The analytical payoff is strategic: if you misclassify below-threshold activity as “war,” you risk inflationary escalation logic and misaligned response options. (PDF p. 244–245)

• Q: Is it possible to have a violation of sovereignty and not reach the threshold of cyber warfare?

  • A:

    • Yes—Moore stresses that operations against networks “mostly fall below the required threshold,” often manifesting as criminal activity or intelligence collection rather than warfare. (PDF p. 6)

    • Even militaries can pursue OCOs in peacetime, and non-military actors can conduct operations in conflict; the overlap between “military OCOs” and “cyber-warfare” is partial, not total. (PDF p. 25)

    • The key distinction is not “intrusion happened” but whether the incident satisfies the warfare-threshold parameters—especially goals and relationships in the broader strategic context. (PDF p. 25)

    • Moore’s NotPetya discussion highlights how classification can be context-specific: the same operation may be interpreted as cyber-warfare against one target set/context, but not necessarily against collateral victims. (PDF p. 14)

• Q: How can cyberspace operations best contribute to battlefield success?

  • A:

    • By functioning as enablers that create windows for other instruments—surprising, deceiving, confusing, or weakening an adversary so kinetic or other actions can succeed. (PDF p. 105; PDF p. 120)

    • Moore argues OCOs “cannot single-handedly achieve strategic objectives” and are “best used when complemented by others” (including kinetic strikes and broader information operations). (PDF p. 52)

    • Event-based operations can create temporary breakdowns in command and control or communications, facilitating conventional strikes and tactical advantage. (PDF p. 120)

    • Presence-based operations—while slow to establish—can be held in reserve to generate strategic surprise or disrupt critical nodes when the timing is most valuable. (PDF p. 118–119)

    • Tactical integration examples in the text (e.g., cyber/EW-style contributions in support of kinetic operations) underline that the most “palatable” cyber-warfare cases are often tightly coupled to physical campaigns. (PDF p. 41)

• Q: What is the relationship between electronic warfare, cyber warfare, computer network operations, and information warfare?

  • A:

    • Moore frames cyber-warfare as part of a broader lineage of intangible warfare—conflict waged through non-physical means including the electromagnetic spectrum and information systems. (PDF p. 6; PDF p. 53)

    • He argues there is a “familial relationship” between cyber-warfare and electronic warfare, and that many attributes treated as unique to cyber have long existed in EMS contestation. (PDF p. 53)

    • The connective tissue is that information and its supporting systems are targeted through multiple channels; Russia in particular treats information as the object “independent of the channel” through which it is transmitted. (PDF p. 151)

    • In strategic practice, OCOs often sit inside (or alongside) broader information operations logics rather than existing as a neatly separable “cyber-only” activity. (PDF p. 52; PDF p. 151)

• Q: How do these relationships affect the analysis of cyber operations and the overall strategy?

  • A:

    • They determine whether you build analysis around a domain silo (“cyber”) or around a holistic picture of intangible competition in which EMS, networks, and information are interlinked layers. (PDF p. 147; PDF p. 242–243)

    • Analytical categories shape strategy: Moore’s presence/event typology is explicitly meant to prevent both oversimplification (“all cyber is the same”) and over-complication (unusable taxonomies). (PDF p. 15; PDF p. 118)

    • Misclassification produces strategic error: not all intrusions are attacks, and not all attacks are warfare; strategic planning must respect those distinctions or risk hyperbole-driven policy. (PDF p. 244–245)

    • Organizational boundaries (intelligence vs military, authorities vs execution) are partly products of how relationships among EW/cyber/IO are conceptualized—and those boundaries can enable or impede battlefield integration. (PDF p. 15; PDF p. 146–147)

• Q: To what extent does knowledge of the technical aspects of cyber operations alter your perception of cyber power?

  • A:

    • Moore argues technical and operational aspects are “uniquely inseparable,” so serious assessment of cyber power requires understanding both the engineering and the strategic employment. (PDF p. 244)

    • Technical realities temper cyber “magic” thinking: presence-based operations are brittle and resource-intensive, and discovery can undo years of work. (PDF p. 102; PDF p. 118–119)

    • The operational lifecycle matters: capability depends on preparation, engagement, presence, and effect—with different failure points and timelines in each phase. (PDF p. 81)

    • Future technical trends (exploit markets, automation/AI, autonomy) can shift costs, speed, and uncertainty—potentially raising stakes and intensifying the cybersecurity dilemma. (PDF p. 232; PDF p. 242)

• Q: Are there any misconceptions that US policymakers commonly hold about cyber operations, and how do these misconceptions affect strategy?

  • A:

    • Moore highlights how senior-level rhetoric about “getting cyber in the game” and “cyber bombs” created confusion about what cyber offensives were actually accomplishing. (PDF p. 12)

    • He warns against “capability-based strategies” driven by infatuation with technology—where technology leads and strategy follows—because it reproduces earlier errors from other tech-centric approaches. (PDF p. 119; PDF p. 12)

    • Mislabeling incidents as “war” amplifies threat narratives and can distort response logic; Moore notes persistent hyperbole in coverage of network incidents even amid improving nuance. (PDF p. 244–245)

    • Treating cyber as a distinct domain can become a conceptual hurdle that encourages organizational siloing rather than integration of networks into all domains of operations. (PDF p. 146–147)

---

Chapter-by-Chapter Breakdown

Chapter 0: Introduction (PDF p. 12–23)

• One-sentence thesis: The “cyberwar” narrative outpaces reality; strategy should lead technology by clarifying thresholds, categories, and how OCOs actually contribute to military outcomes. (PDF p. 12)

• What happens / what the author argues (5–10 bullets):

  • Establishes the puzzle: networks are indispensable, yet “battles waged between and against networks” have not delivered a revolution; “war remains innately kinetic.” (PDF p. 12)

  • Uses the ISIS “cyber bombs” episode to illustrate how rhetoric can outstrip measurable operational contribution and generate confusion about utility. (PDF p. 12–13)

  • Frames OCOs as a spectrum and previews the need to distinguish where “cyber-warfare” begins and ends. (PDF p. 12; PDF p. 6)

  • Discusses NotPetya as a large-scale destructive incident and shows why context matters for classification and strategic meaning. (PDF p. 14)

  • Argues that most incidents are below warfare threshold; only a small subset are military-mandated and politically strategic. (PDF p. 14)

  • Introduces the core typology: event-based vs presence-based OCOs, intended to avoid both oversimplification and over-complication. (PDF p. 15)

  • Lays out the book’s structure: theory/strategy/practicalities first, then four country case studies (US, Russia, China, Iran). (PDF p. 6–7)

• Key concepts introduced (0–5):

  • OCO spectrum (vs “cyberwar” framing) (PDF p. 6)

  • Event-based vs presence-based operations (PDF p. 15)

• Evidence / cases used:

  • US campaign against ISIS / “cyber bombs” rhetoric (PDF p. 12–13)

  • NotPetya attribution and classification problem (PDF p. 14)

• IW / strategy relevance (2–4 bullets):

  • Clarifies how below-threshold cyber activity fits strategic competition logic.

  • Shows why definitions and success metrics matter before force design.

• Links to seminar questions:

  • Q1 (threshold), Q2 (sovereignty vs warfare), Q7 (misconceptions)

• Notable quotes (0–2):

  • “It is imperative for strategic intent to lead the use of technology, rather than have technology create de facto strategies.” (PDF p. 12)

Chapter 1: Principles of Cyber-Warware (PDF p. 24–52)

• One-sentence thesis: Cyber-warfare is a narrow subset of network activity; Moore offers a structured threshold model to distinguish warfare from crime/espionage and to clarify cyber’s military utility. (PDF p. 25; PDF p. 42)

• What happens / what the author argues (5–10 bullets):

  • Argues the conceptual problem is definitional: “cyberwar” rhetoric frequently conflates non-war activity with warfare-level operations. (PDF p. 43)

  • Introduces five cumulative parameters—target, impact, attacker, goals, relationships—to assess whether an incident meets warfare threshold. (PDF p. 25)

  • Emphasizes how most incidents fail on impact (rare physical effects) and goals (often criminal/ideological rather than military-strategic). (PDF p. 25)

  • Highlights that relationships/geopolitical context is often the key differentiator between warfare and other adversarial situations. (PDF p. 25)

  • Uses specific incidents to show why a “ticks-the-boxes” approach still needs political-strategic context (e.g., how goals and relationships shape classification). (PDF p. 39–41)

  • Argues cyber-warfare is most visible when tied to kinetic campaigns or major military-political effects; the global state is “comparably calm” once the bar is applied. (PDF p. 42)

  • Discusses how different military cultures integrate cyber differently, previewing country variation in later chapters. (PDF p. 51–52)

  • Notes doctrinal/institutional evolution: cyber treated as a domain by NATO/US, with implications for integration and bureaucracy. (PDF p. 51)

• Key concepts introduced (0–5):

  • Five-parameter cyber-warfare threshold model (PDF p. 25)

  • Cyberwar vs cyber-warfare distinction (PDF p. 43)

• Evidence / cases used:

  • Critical national infrastructure as a warfare-relevant target set (PDF p. 30)

  • Stuxnet as sabotage/threshold ambiguity (PDF p. 40–41)

  • 2007 Israeli operation against Syrian reactor (and alleged air-defense compromise) as a “palatable” cyber-warfare case (PDF p. 41)

  • NATO doctrine evolution and Article 5 implications (PDF p. 51)

• IW / strategy relevance (2–4 bullets):

  • Provides a usable escalation threshold framework for distinguishing coercion/competition from warfare.

  • Shows how classification depends on political relationships, not only technical facts.

• Links to seminar questions:

  • Q1 (threshold), Q2 (sovereignty vs warfare), Q4–Q5 (relationships among domains/strategy), Q7 (misconceptions)

• Notable quotes (0–2):

  • “The Venn diagram of military OCOs and cyber-warfare is not a circle.” (PDF p. 25)

  • “All five parameters must be met if an incident is to qualify as within the spectrum of cyber-warfare.” (PDF p. 25)

Chapter 2: Charting Intangible Warfare (PDF p. 53–74)

• One-sentence thesis: Cyber-warfare is best understood as an intensified form of longstanding intangible warfare (EW/IO/C2 contest), whose “uniqueness” comes from modern scale, reach, and dependence on networks. (PDF p. 53; PDF p. 74)

• What happens / what the author argues (5–10 bullets):

  • Establishes that warfighting has long operated in the “imperceptible” mediums of the electromagnetic spectrum and information systems. (PDF p. 53)

  • Argues cyber’s relationship to electronic warfare is familial; many “unique” cyber attributes resemble older EMS contest dynamics. (PDF p. 53)

  • Surveys overlapping concepts: electronic warfare, electromagnetic warfare, command and control warfare, information operations, cyber operations—and treats them as visibly related. (PDF p. 53)

  • Places cyber in historical cycles of offence–defence innovation and counter-innovation, linking technology and doctrine evolution. (PDF p. 57–60)

  • Rejects “revolution” framing as simplistic: cyber capabilities are not new; they are the latest iteration of targeting technologies. (PDF p. 72)

  • Emphasizes escalation of complexity: modern networks, supply chains, and the brittleness of revealed capabilities intensify the intangible warfare challenge. (PDF p. 73)

  • Concludes that cyber’s domainhood stems from intensified parameters (pervasiveness and potential impact), not from a fundamentally new logic of war. (PDF p. 73–74)

• Key concepts introduced (0–5):

  • Intangible warfare framing (PDF p. 53; PDF p. 72)

  • Cyber/EW/IO lineage and overlap (PDF p. 53)

• Evidence / cases used:

  • Historical examples of intangible warfare evolution (radar, radio, jamming, networked command and control) (PDF p. 53–74)

  • Engagement with information warfare literature (e.g., Denning) (PDF p. 72)

• IW / strategy relevance (2–4 bullets):

  • Encourages planners to integrate cyber with EMS and information contest rather than treat it as unprecedented.

  • Suggests policy should prioritize resilience and adaptation over “new domain” novelty.

• Links to seminar questions:

  • Q3 (battlefield contribution), Q4 (EW/cyber/CNO/IO relationships), Q5 (strategy implications), Q6 (technical knowledge)

• Notable quotes (0–2):

  • “Cyber-warfare is merely the latest method of targeting military vulnerabilities.” (PDF p. 72)

Chapter 3: Targeting Networks (PDF p. 75–104)

• One-sentence thesis: OCOs should be analyzed through their operational lifecycle and stakeholder ecosystem; Moore models how presence-based and event-based operations are prepared, executed, sustained, and exploited for effects. (PDF p. 81; PDF p. 103)

• What happens / what the author argues (5–10 bullets):

  • Rejects “virtual victory” fantasies: coercing surrender through digital infrastructure targeting is appealing but repeatedly unsupported by reality. (PDF p. 75)

  • Reiterates the utility of dividing OCOs into presence-based and event-based operations, tied to fundamentally different operational characteristics. (PDF p. 76)

  • Expands on the DoD Cyber Threat Framework to include the full ecosystem of actors required for success (intelligence, planners, engineers, operators, kinetic forces). (PDF p. 81)

  • Proposes four steps for understanding OCOs: preparation, engagement, presence, and effect—each with distinct processes and risks. (PDF p. 81)

  • Emphasizes that operations do not “start at reconnaissance” nor “end at payload activation”; strategic and tactical phases precede and follow. (PDF p. 81)

  • Highlights brittleness: discovery can undo long effort; thus intelligence support and operational security are central. (PDF p. 102)

  • Uses modern weapon platforms to show how networks and software create new attack surfaces and dependencies. (PDF p. 102–104)

• Key concepts introduced (0–5):

  • Four-step OCO lifecycle model (preparation/engagement/presence/effect) (PDF p. 81)

  • Stakeholder ecosystem for OCO success (PDF p. 81)

• Evidence / cases used:

  • Department of Defense Cyber Threat Framework (as a baseline model) (PDF p. 81)

  • F-35 vulnerabilities and ALIS logistics system as presence/event-based attack surfaces (PDF p. 102–104)

• IW / strategy relevance (2–4 bullets):

  • Clarifies the time/resource burdens that shape feasibility and escalation.

  • Reinforces that “cyber power” is often institutional and logistical as much as technical.

• Links to seminar questions:

  • Q3 (battlefield contribution), Q5 (analysis/strategy), Q6 (technical aspects)

• Notable quotes (0–2):

  • TBD

Chapter 4: Virtual Victory: Applied Cyber-Strategy (PDF p. 105–120)

• One-sentence thesis: Using OCOs well is harder than building them; doctrine should integrate presence-based and event-based capabilities with classic strategic principles while avoiding technology-led “capability-based strategies.” (PDF p. 105; PDF p. 119)

• What happens / what the author argues (5–10 bullets):

  • Argues capability is not self-justifying: misapplied OCOs can “burn away years” of technical and intelligence labor after activation. (PDF p. 105)

  • Reframes presence/event categories as a doctrine tool: presence-based tends strategic (slow, surprise-enabling) while event-based tends tactical (robust, immediate). (PDF p. 118)

  • Explores battlefield integration: event-based attacks can temporarily degrade C2/communications to enable conventional strikes. (PDF p. 120)

  • Warns against coercion fantasies: whittling national resolve through network attacks is controversial and success is tenuous; “virtual victory” is not a planning premise. (PDF p. 105; PDF p. 75)

  • Treats resilience as central: segmentation, redundancy, backups, recovery procedures reduce destructive value, though recovery still consumes time in conflict tempo. (PDF p. 118–119)

  • Argues networks create new “centres of gravity” targetability: convergence of command and control becomes a prime target in networked forces. (PDF p. 119)

  • Uses the strategic “trinity” of surprise, deception, destruction to anchor how OCOs should be conceptualized and measured. (PDF p. 120)

  • Emphasizes discourse across intelligence, operators, developers, commanders, staff, and policymakers as prerequisite to effective doctrine. (PDF p. 120)

• Key concepts introduced (0–5):

  • Applied cyber-strategy as integration problem (PDF p. 105)

  • Network resilience principles and recoverability (PDF p. 118–119)

  • Surprise/deception/destruction framing for OCO effects (PDF p. 120)

• Evidence / cases used:

  • Practical examples of operational constraints (e.g., recovery burdens for deployed platforms) (PDF p. 118–119)

  • Comparative analogies to tech-centric approaches in other domains (airpower, drones) (PDF p. 119)

• IW / strategy relevance (2–4 bullets):

  • Defines realistic “so what” measures for cyber effects (temporary disruption windows; enabling effects).

  • Reinforces that strategic intent and integration should drive technical employment.

• Links to seminar questions:

  • Q3 (battlefield success), Q5 (strategy), Q6 (technical aspects), Q7 (misconceptions)

• Notable quotes (0–2):

  • “Where the former is flexible, surprise-enabling, and strategic, the latter is robust and ideally predictable.” (PDF p. 118)

Chapter 5: American Cyber Superiority (PDF p. 121–147)

• One-sentence thesis: The United States built unmatched cyber capacity but often let technology lead strategy; recent doctrine (persistent engagement/defend forward) adapts, yet institutional integration remains the central challenge. (PDF p. 121; PDF p. 130–131; PDF p. 146–147)

• What happens / what the author argues (5–10 bullets):

  • Links US tech-centric military culture to cyber: technological superiority (e.g., Gulf War legacy) shaped expectations of network operations as a distinct advantage. (PDF p. 121)

  • Highlights how leaks and public reporting revealed the maturity of US offensive capability (platform development, persistent access, subtle effects). (PDF p. 121–122)

  • Frames OCOs as a tool to address modern operational challenges (penetrating prepared defenses; shaping escalation and the conflict environment). (PDF p. 126)

  • Traces doctrinal evolution toward continuous competition and “information friction,” culminating in persistent engagement. (PDF p. 130)

  • Explains defend forward as a proactive concept codified in the 2018 DoD Cyber Strategy, including activity below armed conflict and alongside joint forces. (PDF p. 131)

  • Shows US capability depth via intelligence-linked persistence and tooling ecosystems (e.g., discussion of the “Equation Group”/TAO). (PDF p. 142)

  • Argues the US struggles most with integration across services/agencies/industry; “the whole is less than the sum of its parts.” (PDF p. 146)

  • Suggests a presence/event-based separation could help reverse the cycle: task strategic presence intentionally and build reusable event capabilities aligned to operational theaters. (PDF p. 145–146)

  • Critiques domain siloing: treating cyberspace as a neat “box” can hinder integrating networks into all domains and encourages technology-led strategy. (PDF p. 146–147)

• Key concepts introduced (0–5):

  • Persistent engagement (USCYBERCOM posture) (PDF p. 130)

  • Defend forward (DoD 2018 cyber strategy posture) (PDF p. 131)

  • Integration challenge across institutions and industry (PDF p. 146–147)

• Evidence / cases used:

  • DoD cyber strategy documents and doctrinal statements (PDF p. 126; PDF p. 131)

  • Publicly analyzed US tooling/persistence (Equation Group/TAO discussion) (PDF p. 142)

  • US operational efforts against ISIS (contextual reference) (PDF p. 12–13; PDF p. 131)

• IW / strategy relevance (2–4 bullets):

  • Highlights the institutional dimension of cyber power—authorities, integration, and doctrine.

  • Shows how continuous competition concepts map to below-threshold strategic contest.

• Links to seminar questions:

  • Q3 (battlefield contribution), Q4–Q5 (relationships and strategy), Q6 (technical aspects), Q7 (misconceptions)

• Notable quotes (0–2):

  • TBD

Chapter 6: The Russian Spectrum of Conflict (PDF p. 148–176)

• One-sentence thesis: Russia views conflict as continuous strategic contest and integrates OCOs into a holistic information/EMS approach (including reflexive control), often operating below warfare thresholds to avoid retaliation and shape perceptions. (PDF p. 148–151)

• What happens / what the author argues (5–10 bullets):

  • Establishes Russia’s worldview: conflict is not neatly bounded by “peace vs war” but is a deterioration of relationships within constant contest. (PDF p. 148)

  • Explains reflexive control as a Soviet-derived concept of shaping adversary perceptions so they act against their own objectives. (PDF p. 150)

  • Argues Russian doctrine blurs distinctions between information operations and computer network operations; information is treated as the key object across channels. (PDF p. 151)

  • Emphasizes EW as a traditional Russian strength and a key reason OCO integration across intangible warfare layers is doctrinally plausible. (PDF p. 151)

  • Notes that, despite the holistic framing, many offensive actions remain distributed across GRU/FSB and affiliated actors, complicating agility and integration. (PDF p. 158)

  • Uses NotPetya to illustrate how Russian operations can be strategically risky and operationally “clumsy,” generating blowback and broader resistance. (PDF p. 158)

  • Explores deception-focused attacks and attribution games (e.g., high-profile disruptive incidents with contested blame). (PDF p. 171–172)

  • Concludes Russia’s history suggests IO/EW integration can yield asymmetry-impacting effects, but better integration and discipline would be required for consistent strategic advantage. (PDF p. 175–176)

• Key concepts introduced (0–5):

  • Reflexive control (PDF p. 150)

  • Holistic information spectrum doctrine (IO/EW/CNO blending) (PDF p. 151)

• Evidence / cases used:

  • NotPetya (scope, attribution, blowback) (PDF p. 158)

  • Estonia/Georgia/Ukraine-era cyber incidents and integrated conflict examples (PDF p. 148–176)

  • Disruptive/deceptive operations (e.g., Olympic-related disruptive campaign discussion) (PDF p. 171–172)

• IW / strategy relevance (2–4 bullets):

  • Strongly supports the “competition short of war” frame and highlights ambiguity as strategy.

  • Reinforces that cyber effects often serve perception management and political contest, not only battlefield destruction.

• Links to seminar questions:

  • Q1–Q2 (threshold/sovereignty), Q4–Q5 (EW/cyber/IO relationships and strategy), Q7 (misconceptions about cyber’s role)

• Notable quotes (0–2):

  • “information is the most important object of operations, independent of the channel through which it is transmitted”. (Akimenko and Giles, quoted in Moore) (PDF p. 151)

Chapter 7: Asserting Chinese Dominance (PDF p. 177–201)

• One-sentence thesis: China’s OCO logic is shaped by regional competition (especially Taiwan) and an asymmetry problem against the US; OCOs are positioned to support A2AD and joint operations by degrading or manipulating networked C4ISR. (PDF p. 177; PDF p. 187; PDF p. 196)

• What happens / what the author argues (5–10 bullets):

  • Frames the strategic setting: South/East China Sea friction and Taiwan reunification pressures create a high-stakes contingency environment. (PDF p. 177)

  • Describes PLA modernization toward information-era joint operations and the requirement to deter or defeat US involvement. (PDF p. 182–183)

  • Introduces A2AD as a Chinese-relevant strategic frame for offsetting conventional disparity and complicating US access and freedom of action. (PDF p. 187)

  • Argues OCOs are a partial fit for A2AD: event-based attacks can deny access locally; presence-based can enable deeper manipulation and surprise. (PDF p. 187)

  • Details how attacks could target communications/data links (e.g., Link-16 disruption/spoofing analogs) to create confusion and denial effects in the battlespace. (PDF p. 196)

  • Highlights that compromising terminals and nodes can enable message manipulation—erasing targets, injecting false messages, and degrading targeting and assessment. (PDF p. 196)

  • Uses limited-war scenarios (short, sharp campaigns around disputed islands) to show where OCOs could intensify fog of war and enable fast fait accompli operations. (PDF p. 200–201)

• Key concepts introduced (0–5):

  • OCOs as A2AD enablers (event denial vs presence manipulation) (PDF p. 187; PDF p. 196)

  • C4ISR targeting logic as center of gravity in networked conflict (PDF p. 196)

• Evidence / cases used:

  • Taiwan contingency framing (PDF p. 177–201)

  • Link-16 and C4ISR architecture discussion as attack surface (PDF p. 196)

  • Regional island dispute scenarios (Senkaku/Diayou mention) (PDF p. 200–201)

• IW / strategy relevance (2–4 bullets):

  • Shows cyber’s strategic value in limited, fast conflicts where confusion and tempo matter.

  • Highlights how OCOs can serve coercive aims by enabling quick faits accomplis rather than extended campaigns.

• Links to seminar questions:

  • Q3 (battlefield success), Q5 (analysis/strategy), Q6 (technical understanding of attack surfaces)

• Notable quotes (0–2):

  • TBD

Chapter 8: Approximating the Iranian Threat (PDF p. 202–226)

• One-sentence thesis: Iran’s cyber posture is “good enough” for deterrence-by-punishment and proxy-enabled competition; its OCOs emphasize disruption, signaling, and asymmetric pressure rather than technical perfection or decisive military cyber-warfare. (PDF p. 202; PDF p. 221)

• What happens / what the author argues (5–10 bullets):

  • Sets the strategic logic: Iran seeks survival and regime preservation under conventional inferiority, using indirect tools to raise costs for adversaries. (PDF p. 202)

  • Frames proxies as core to Iran’s strategic model (e.g., Hezbollah) and extends this logic into cyber-enabled and influence-adjacent activity. (PDF p. 210)

  • Distinguishes between noisy hacktivism “chaos” and more directed operations with strategic messaging value. (PDF p. 217)

  • Uses the Iran Cyber Army example (DNS redirection of Twitter) to illustrate transient disruption and signaling rather than deep technical innovation. (PDF p. 217)

  • Tracks capability development across campaigns: improvement occurs, but often without major innovation; targeting nuance can matter more than novelty. (PDF p. 221)

  • Discusses Shamoon campaign evolution and highlights supply-chain targeting as evidence of intelligence-guided selection. (PDF p. 221)

  • Concludes Iran’s proxy-heavy ecosystem enables compartmentalization but can hinder cohesion and learning, limiting overall maturation. (PDF p. 226)

• Key concepts introduced (0–5):

  • Deterrence by punishment via cyber-enabled disruption (PDF p. 202)

  • Proxy dynamics and compartmentalization tradeoffs (PDF p. 226)

• Evidence / cases used:

  • Hezbollah and proxy strategy context (PDF p. 210)

  • Iran Cyber Army / Twitter DNS incident (PDF p. 217)

  • Shamoon 3 and supply-chain targeting (PDF p. 221)

  • Operation Ababil / banking-sector DDoS context (appears in broader Iran discussion) (PDF p. 39; PDF p. 205–208)

• IW / strategy relevance (2–4 bullets):

  • Illustrates how a weaker actor can use OCOs for signaling and cost imposition under conventional inferiority.

  • Highlights “good enough” cyber as an IW-relevant competitive tool rather than war-winning capability.

• Links to seminar questions:

  • Q2 (sovereignty vs warfare), Q3 (battlefield contribution limits), Q7 (misconceptions about cyber power)

• Notable quotes (0–2):

  • TBD

Chapter 9: A Revolution in Cyber Affairs? (PDF p. 227–243)

• One-sentence thesis: The operational logic of OCOs is durable even as technology evolves; AI/autonomy may accelerate phases of operations and raise stakes, while the “cyber domain” concept may erode as networks become inseparable from human warfare. (PDF p. 227; PDF p. 242–243)

• What happens / what the author argues (5–10 bullets):

  • Opens with the challenge of durability: models risk obsolescence in rapidly evolving technology, so conceptual agility is required. (PDF p. 227)

  • Identifies key trends: AI/ML and autonomous platforms, which could alter speed, scale, and error profiles in both offense and defense. (PDF p. 227)

  • Notes rising costs and barriers for high-end exploits (exploit markets), potentially shifting advantage toward well-resourced actors or third-party providers. (PDF p. 232)

  • Argues the core model of network operations remains stable: access → lateral movement → objectives, while defense struggles with patching and operational constraints. (PDF p. 232)

  • Explores how AI could shorten the presence phase by automating lateral movement, detection avoidance, and repetitive micro-cycles of operation. (PDF p. 237)

  • Suggests AI could materially change vulnerability research, expanding targetability while reallocating human talent to novel challenges. (PDF p. 238)

  • Discusses autonomy and swarming as software/network-dependent, generating new critical infrastructure targets and raising escalation ambiguity. (PDF p. 241–242)

  • Raises the “cybersecurity dilemma” problem for autonomous systems: intelligence collection vs attack preparation becomes harder to distinguish. (PDF p. 242)

  • Argues “cyber as a domain” may become less coherent over time; many non-Western actors already treat information holistically rather than as a separate domain. (PDF p. 242–243)

• Key concepts introduced (0–5):

  • AI effects on OCO lifecycle (presence/preparation acceleration) (PDF p. 237–238)

  • Cybersecurity dilemma escalation under autonomy (PDF p. 242)

  • Domainhood erosion vs holistic information warfare framing (PDF p. 242–243)

• Evidence / cases used:

  • Exploit market dynamics (PDF p. 232)

  • Autonomous swarming and network dependence examples (PDF p. 241–242)

  • Comparative domain conception (US/NATO vs others) (PDF p. 242–243)

• IW / strategy relevance (2–4 bullets):

  • Suggests future competition may intensify below-threshold uncertainty due to autonomy and attribution ambiguity.

  • Reinforces that institutional and conceptual framing (domain vs holistic) shapes strategy and escalation.

• Links to seminar questions:

  • Q4–Q5 (relationships and strategy), Q6 (technical knowledge and power), Q7 (misconceptions)

• Notable quotes (0–2):

  • TBD

Chapter 10: Conclusions (PDF p. 244–255)

• One-sentence thesis: Cyber-warfare sits at the intersection of military thought, intelligence, and network security; analysis and strategy must integrate technical and operational realities, resist hyperbole, and distinguish intrusions/attacks/warfare to remain effective. (PDF p. 244–245)

• What happens / what the author argues (5–10 bullets):

  • Declares cyber-security multi-disciplinary and defines cyber-warfare as the intersection of military thought, intelligence, and network security. (PDF p. 244)

  • Argues technical and operational aspects are inseparable; separating them produces unused/misused capabilities and weak strategy. (PDF p. 244)

  • Warns that technology-led warfare must compensate for vulnerabilities it creates, which adversaries will increasingly exploit. (PDF p. 244)

  • Notes the persistent problem of hyperbole and mislabeling incidents; correct classification is hard amid constant malicious activity. (PDF p. 244–245)

  • Emphasizes basic security failures remain common (password reuse, patching, misconfigurations, phishing), complicating the broader strategic picture. (PDF p. 245)

  • Reinforces the core threshold claim: not all intrusions are attacks, and not all attacks are warfare. (PDF p. 245)

• Key concepts introduced (0–5):

  • Inseparability of technical and operational analysis (PDF p. 244)

  • Intrusion vs attack vs warfare distinction as a strategic necessity (PDF p. 245)

• Evidence / cases used:

  • Patterns of persistent basic security lapses and media hyperbole (PDF p. 244–245)

• IW / strategy relevance (2–4 bullets):

  • Offers a discipline for strategic competition: credible thresholds, realistic utility, and integrated analysis.

  • Emphasizes institutional learning and practical security as prerequisites to credible cyber power.

• Links to seminar questions:

  • Q1–Q2 (threshold), Q6 (technical aspects), Q7 (misconceptions)

• Notable quotes (0–2):

  • “In cyber, technical and operational aspects are uniquely inseparable and equal in importance.” (PDF p. 244)

---

Theory / Framework Map

• Level(s) of analysis:

  • Operational/tactical: how specific OCOs are prepared, executed, and generate effects (PDF p. 81; PDF p. 118–120)

  • Strategic: how OCOs contribute to military strategy and strategic competition (PDF p. 105; PDF p. 148)

  • State/organizational: how national cultures and institutions shape OCO employment (PDF p. 6–7; PDF p. 146–147)

• Unit(s) of analysis:

  • Network attack incidents (as candidates for “cyber-warfare”) (PDF p. 25)

  • Offensive cyber operations (OCOs) as military instruments (PDF p. 6)

  • National approaches to intangible warfare (US/Russia/China/Iran) (PDF p. 6–7)

• Dependent variable(s):

  • Whether an incident qualifies as cyber-warfare (PDF p. 25)

  • Military utility and strategic contribution of OCOs (PDF p. 6; PDF p. 120)

• Key independent variable(s):

  • Five-parameter threshold conditions (target/impact/attacker/goals/relationships) (PDF p. 25)

  • OCO category: presence-based vs event-based (PDF p. 6; PDF p. 15)

  • Institutional and doctrinal integration (domain vs holistic; intelligence vs military) (PDF p. 146–147; PDF p. 151)

• Mechanism(s):

  • Classification mechanism: incidents meet warfare threshold only when all five parameters jointly hold (PDF p. 25)

  • Operational mechanism: OCO lifecycle phases (preparation→engagement→presence→effect) determine feasibility, timing, and risk (PDF p. 81)

  • Strategic mechanism: OCOs generate advantage through surprise, deception, disruption, and enabling other effects, not through standalone coercion (PDF p. 120; PDF p. 52)

• Scope conditions / where it should NOT apply:

  • Not a framework for most cybercrime and routine espionage absent military-strategic goals and conflict relationships (PDF p. 6; PDF p. 25)

  • Not primarily a framework for broad influence/psychological campaigns where “technology is the conduit for deceptive content” rather than the targeted instrument (PDF p. 72)

• Observable implications / predictions:

  • Most network incidents will fall below cyber-warfare threshold when assessed rigorously (PDF p. 6; PDF p. 25)

  • Presence-based capabilities will skew strategic and require long lead times; event-based capabilities will skew tactical and be more “packagable” for commanders (PDF p. 118–119)

  • Militaries that integrate OCOs across EMS/information/doctrine should generate more usable effects than those that silo cyber as a separate “box.” (PDF p. 146–147; PDF p. 151)

Key Concepts & Definitions (author’s usage)

• Offensive cyber operations (OCOs)

  • Definition: Offensive operations “against networks” reframed as a spectrum rather than monolithic “cyberwar.” (PDF p. 6)

  • Role in argument: Primary unit for analyzing what states actually do in the cyber space below/at warfare thresholds.

  • Analytical note: Treat OCOs as tools requiring lifecycle investment and integration, not as an abstract domain effect.

• Cyber-warfare

  • Definition: A narrow subset of network operations meeting a warfare threshold; “often discussed and rarely seen.” (PDF p. 6; PDF p. 25)

  • Role in argument: The concept that needs demarcation to prevent analytical and policy inflation.

  • Analytical note: Operationalize with Moore’s five parameters; avoid conflating with “cyberwar.”

• Five cumulative parameters (target / impact / attacker / goals / relationships)

  • Definition: A structured test for whether an incident qualifies as cyber-warfare. (PDF p. 25)

  • Role in argument: Threshold model that excludes most incidents from warfare analysis.

  • Analytical note: Especially sensitive to (a) inferring goals and (b) interpreting relationships/political context.

• Intangible warfare

  • Definition: Conflict waged through non-physical means such as the information space and electromagnetic spectrum; cyber is its latest intensified expression. (PDF p. 6; PDF p. 53; PDF p. 72)

  • Role in argument: Connects cyber to historical doctrine and avoids “revolution” overclaims.

  • Analytical note: Useful for integrating EW/IO/CNO conversations into one strategic frame.

• Presence-based operations

  • Definition: Strategic capabilities that “begin with lengthy network intrusions and conclude with an offensive objective.” (PDF p. 6; PDF p. 76; PDF p. 118)

  • Role in argument: One half of the core typology; explains long timelines, intelligence dependence, and surprise potential.

  • Analytical note: Operationalize by dwell time, persistence mechanisms, and prepositioning requirements.

• Event-based operations

  • Definition: “Directly-activated tactical tools” that can be field-deployed to create immediate localized effects. (PDF p. 6; PDF p. 76; PDF p. 118–119)

  • Role in argument: Second half of typology; explains more reusable, tactical cyber effects.

  • Analytical note: Operationalize by reusability, predictability, and integration with battlefield tempo.

• Preparation / engagement / presence / effect (OCO lifecycle)

  • Definition: Four-step model expanding DoD’s framework to capture all phases and stakeholders. (PDF p. 81)

  • Role in argument: Explains why capability is expensive, brittle, and institutionally demanding.

  • Analytical note: Use to map where failure occurs (intel gaps, exploit failure, detection, effect unreliability).

• Network resilience

  • Definition: Principles like redundancies, segmentation, backups, and emergency recovery reduce the destructive value of network attacks. (PDF p. 118–119)

  • Role in argument: Limits “virtual victory” narratives by emphasizing recoverability and time windows.

  • Analytical note: Operationalize by recovery time, redundancy, and degraded-mode performance.

• Persistent engagement

  • Definition: US posture built on continuous “information friction” and the assumption of constant adversary contest. (PDF p. 130)

  • Role in argument: Illustrates how doctrine responds to competition below armed conflict.

  • Analytical note: Evaluate by frequency of contact, preemption success, and unintended escalation.

• Defend forward

  • Definition: US strategic concept codified in 2018 DoD Cyber Strategy emphasizing proactive disruption “at its source,” including below armed conflict. (PDF p. 131)

  • Role in argument: Connects OCOs to strategic competition and operational defense posture.

  • Analytical note: Analyze for tradeoffs between disruption, intelligence collection, and political risk.

---

Key Arguments & Evidence

• Argument 1: “Cyber-warfare” is rare and analytically narrow; most network incidents are below warfare threshold.

  • Evidence/examples:

    • Abstract claim that cyber-warfare is “often discussed and rarely seen,” with most operations below threshold. (PDF p. 6)

    • Five-parameter threshold model; “all five parameters must be met.” (PDF p. 25)

    • Context-sensitive classification discussion (e.g., NotPetya as warfare against one context but not necessarily collateral victims). (PDF p. 14)

  • So what:

    • Avoid escalation inflation and design response policy around a credible warfare threshold.

• Argument 2: OCOs are not a monolith; separating presence-based and event-based operations clarifies timelines, authorities, and strategy.

  • Evidence/examples:

    • Explicit typology definition and rationale (lengthy intrusions vs immediate effects). (PDF p. 6; PDF p. 15)

    • Applied strategy chapter: presence = flexible/surprise-enabling/strategic; event = robust/predictable/tactical. (PDF p. 118)

    • Lifecycle model shows distinct burdens across preparation/presence phases. (PDF p. 81)

  • So what:

    • Force design should match the category: authorities, acquisition, and integration are different problems.

• Argument 3: Cyber is best understood as intensified intangible warfare, not an unprecedented revolution that rewrites strategy.

  • Evidence/examples:

    • “Familial relationship” between cyber and EW; related intangible concepts. (PDF p. 53)

    • “Cyber-warfare is merely the latest method” of targeting vulnerabilities; uniqueness is reach/sophistication/scope. (PDF p. 72; PDF p. 74)

  • So what:

    • Integrate OCOs into joint doctrine and classic strategic principles rather than chasing cyber exceptionalism.

• Argument 4: National approaches diverge because of culture/resources/history, shaping how OCOs are integrated into strategy.

  • Evidence/examples:

    • Abstract claim of differing national approaches (US/Russia/China/Iran). (PDF p. 6–7)

    • US: persistent engagement/defend forward plus integration challenges. (PDF p. 130–131; PDF p. 146–147)

    • Russia: reflexive control and holistic IO/EW/cyber spectrum framing. (PDF p. 150–151)

    • China: asymmetry/A2AD and C4ISR attack-surface logic. (PDF p. 187; PDF p. 196)

    • Iran: deterrence-by-punishment and “good enough” capabilities. (PDF p. 202)

  • So what:

    • Strategic competition analysis must treat OCOs as context-shaped instruments, not universal templates.

⚖️ Assumptions & Critical Tensions

• Assumptions the author needs:

  • Analysts can infer or approximate attacker identity and goals sufficiently to apply the threshold model (even if imperfectly). (PDF p. 25)

  • Presence/event typology is “abstract enough” for planning but still discriminating in practice. (PDF p. 6; PDF p. 15)

  • OCO military utility is best evaluated as enabling effects, not standalone coercion. (PDF p. 52; PDF p. 75)

• Tensions / tradeoffs / contradictions:

  • Secrecy vs utility: using a capability risks discovery and “burning” years of effort; not using it may yield no operational value. (PDF p. 105; PDF p. 102)

  • Intelligence vs military control: presence-based intrusions are often intelligence-driven, but wartime utility demands integration with commanders and planners. (PDF p. 15; PDF p. 145–146)

  • Domain silo vs holistic integration: domain framing can enable bureaucratic clarity but impede integrated operations. (PDF p. 146–147; PDF p. 242–243)

  • Resilience vs effect: defenders can reduce destructive value via resilience, but conflict tempo makes even temporary disruption strategically meaningful. (PDF p. 118–119)

• What would change the author’s mind? (inference)

  • If repeated, well-documented cases showed standalone OCOs reliably coercing state capitulation or achieving major strategic objectives without complementary instruments.

  • If future AI/autonomy shifts made OCO effects consistently predictable, durable, and scalable enough to overturn current brittleness assumptions. (PDF p. 237–238)

Critique Points

• Strongest critique:

  • The five-parameter model’s hardest elements (goals/relationships) can be underdetermined in real time, risking analyst overconfidence or inconsistent application.

• Weakest critique:

  • The presence/event typology may appear too coarse for some niche operational planning—though Moore’s stated intent is strategic usability rather than technical completeness. (PDF p. 6; PDF p. 15)

• Method/data critique (if applicable):

  • Heavy reliance on publicly known incidents, leaked/attributed reporting, and open-source analysis can bias conclusions toward visible operations and away from the most sensitive wartime OCOs.

• Missing variable / alternative explanation:

  • Some “lack of cyber-warfare” may reflect secrecy and survivorship bias rather than true rarity; Moore acknowledges classification and visibility challenges, but the empirical base remains constrained. (PDF p. 244–245)

---

Policy & Strategy Takeaways

• Implications for the US + partners:

  • Treat “cyber-warfare” as a narrow threshold category and use clear parameters to prevent escalation inflation and misaligned response options. (PDF p. 25)

  • Build doctrine and force design around presence vs event operations—align authorities, targeting timelines, and expectations accordingly. (PDF p. 15; PDF p. 118)

  • Integrate OCOs with EMS and information contest; avoid siloing “cyber” as a separate conceptual box that impedes joint integration. (PDF p. 146–147; PDF p. 53)

  • Emphasize resilience and degraded-mode operations so temporary disruption doesn’t become operational paralysis. (PDF p. 118–119)

• Practical “do this / avoid that” bullets:

  • Do: Treat OCOs as enabling tools for surprise/deception/disruption in support of broader plans. (PDF p. 120)

  • Do: Preposition presence-based access with strategic intent when feasible, not only as opportunistic intel collection. (PDF p. 145)

  • Do: Build reusable, theater-relevant event-based options for commanders that match battlefield tempo. (PDF p. 145–146)

  • Avoid: Technology-led, capability-based strategies that assume “virtual victory” or standalone coercion. (PDF p. 119; PDF p. 75)

  • Avoid: Conflating “intrusion,” “attack,” and “warfare” in policy messaging and escalation logic. (PDF p. 245)

• Risks / second-order effects:

  • Collateral and blowback risk from malware propagation and unintended spread (NotPetya-style dynamics). (PDF p. 14; PDF p. 158)

  • Intelligence loss and capability burn from exposure, undermining long-term access and deterrence options. (PDF p. 105; PDF p. 73)

  • Escalation ambiguity—especially as autonomy increases and intent becomes harder to infer (cybersecurity dilemma). (PDF p. 242)

• What to measure (MOE/MOP ideas) and over what timeline:

  • Presence-based MOPs: time-to-access, dwell time, persistence reliability, detection rate, ability to hand off access to operational users. (PDF p. 81; PDF p. 145)

  • Event-based MOPs: effect predictability, reuse rate across similar targets, integration latency with commanders, mission success rate within conflict tempo. (PDF p. 118–120)

  • MOEs: measurable windows of operational advantage created (C2 disruption duration, degraded awareness period) and downstream outcomes enabled (strike success, maneuver tempo, reduced friendly losses). (PDF p. 120)

⚔️ Cross‑Text Synthesis (SAASS 644)

• Where this aligns:

  • Aligns with Patterson’s strategic competition framing by treating OCOs as tools of continuous contest often below declared war thresholds. (PDF p. 130; PDF p. 148)

  • Aligns with Biddle’s emphasis on institutions and integration: cyber power depends on organizational cohesion, doctrine, and operational competence—not technology alone. (PDF p. 146–147; PDF p. 244)

  • Aligns with German-style “nontraditional means” emphasis (especially in the Russia chapter) by showing cyber’s utility as part of broader information and perception operations. (PDF p. 150–151)

• Where this contradicts:

  • Complicates “cyber RMA” determinism by arguing cyber is an intensified continuation of intangible warfare, not a clean break that guarantees decisive outcomes. (PDF p. 72; PDF p. 74; PDF p. 75)

• What it adds that others miss:

  • A practical, strategist-usable typology (presence/event) plus an operational lifecycle model (prep/engage/presence/effect) that links strategy to technical feasibility. (PDF p. 15; PDF p. 81; PDF p. 118)

• 2–4 “bridge” insights tying at least TWO other readings together:

  • Moore + Biddle + Patterson: competitive advantage in “grey-zone” conflict comes from institutional integration and realistic utility, not novelty; cyber is an instrument that must be absorbed into doctrine and force design. (PDF p. 146–147; PDF p. 130)

  • Moore + Kalyvas + Simpson: cyber effects matter when they translate into changed behavior and control—often through information and perception shaping (reflexive control), echoing the politics/narrative and control-information logic in irregular conflict. (PDF p. 150–151)

  • Moore + German + Patterson: Russia’s holistic IO/EW/cyber spectrum illustrates nontraditional competition short of war; OCOs are one layer in sustained coercion and ambiguity management. (PDF p. 148–151)

  • Moore + Biddle + Mao (careful inference): the “time” problem (presence-based months/years) suggests a protracted competition dynamic where preparation and adaptation can be decisive—less like a single battle, more like cumulative mobilization and learning over time. (PDF p. 118–119; PDF p. 81)

---

❓ Open Questions for Seminar

• If Moore’s five-parameter model is right, what institutional processes should determine when an incident is labeled “warfare” in real time—military, intelligence, or civilian political leadership?

• How should a state design escalation policy when the same OCO can be warfare in one context but “non-war” in another (collateral victims, third states, blowback)?

• What organizational architecture best supports presence-based operations: an intelligence-led model, a military-led model, or a hybrid—given the “burn” risk and long timelines?

• In joint planning, what is the cleanest way to integrate cyber, EW, and IO without turning everything into an unmanageable “everything is related” soup?

• How should measures of effectiveness be defined for enabling cyber effects (surprise/deception) that are valuable but hard to attribute to one cause?

• If autonomy and AI shorten the presence phase, does that raise or lower escalation risk—and what should “defend forward” look like in that environment? (PDF p. 237–242)

✍️ Notable Quotes & Thoughts

• “Cyber-warfare is often discussed and rarely seen.” (PDF p. 6)

• “The spectre of cyberwar can and should be turned into a spectrum of offensive cyber operations, or OCOs.” (PDF p. 6)

• “It is imperative for strategic intent to lead the use of technology, rather than have technology create de facto strategies.” (PDF p. 12)

• “The Venn diagram of military OCOs and cyber-warfare is not a circle.” (PDF p. 25)

• “All five parameters must be met if an incident is to qualify as within the spectrum of cyber-warfare.” (PDF p. 25)

• “Cyber-warfare is merely the latest method of targeting military vulnerabilities.” (PDF p. 72)

• “Where the former is flexible, surprise-enabling, and strategic, the latter is robust and ideally predictable.” (PDF p. 118)

• “Network operations are intrinsically geared towards surprise and deception.” (PDF p. 120)

• “information is the most important object of operations, independent of the channel through which it is transmitted”. (Akimenko and Giles, quoted in Moore) (PDF p. 151)

• “In cyber, technical and operational aspects are uniquely inseparable and equal in importance.” (PDF p. 244)

Exam Drills / Take‑Home Hooks

• Prompt 1: “Is cyberwar real? Define the threshold and explain why it is rare.”

  • Outline:

    1. Define the problem: rhetoric vs reality; intrusions vs attacks vs warfare. (PDF p. 6; PDF p. 245)

    2. Present Moore’s threshold model: five cumulative parameters; explain why most incidents fail. (PDF p. 25)

    3. Strategic implication: escalation policy and response should map to the narrow warfare set; everything else is competition/espionage/crime. (PDF p. 244–245)

• Prompt 2: “How should OCOs be integrated to contribute to battlefield success?”

  • Outline:

    1. Start with the typology: event-based vs presence-based; timeline/authority implications. (PDF p. 15; PDF p. 118–119)

    2. Explain enabling effects: surprise/deception/disruption; temporary C2 breakdowns; target network “crutches.” (PDF p. 120; PDF p. 119)

    3. Caution: avoid virtual-victory coercion narratives; measure effects as windows enabling other actions. (PDF p. 75; PDF p. 52)

• Prompt 3: “Compare US and Russian approaches to OCOs and what they imply about strategic competition.”

  • Outline:

    1. US: persistent engagement/defend forward; strong capability but integration problems and domain silo risk. (PDF p. 130–131; PDF p. 146–147)

    2. Russia: continuous contest, reflexive control, holistic IO/EW/cyber integration; ambiguity and below-threshold operations. (PDF p. 148–151)

    3. Implication: institutional framing shapes how OCOs are used for coercion, perception management, and escalation control. (PDF p. 150–151)

• Prompt 4: “Does technical understanding change how you assess cyber power?”

  • Outline:

    1. Cyber power = technical + operational inseparably; reject armchair “magic.” (PDF p. 244)

    2. Lifecycle burdens: preparation/engagement/presence/effect; brittleness; burn risk. (PDF p. 81; PDF p. 102; PDF p. 105)

    3. Future trend: AI/autonomy may accelerate phases and intensify dilemma/ambiguity. (PDF p. 237–242)

• If I had to write a 1500‑word response in 4–5 hours, my thesis would be:

  Moore shows that “cyber-warfare” is a narrow threshold phenomenon and that the real strategic challenge is integrating presence-based and event-based OCOs into broader intangible warfare and joint operations with realistic timelines and success metrics. (PDF p. 25; PDF p. 15; PDF p. 120)

• 3 supporting points + 1 anticipated counterargument:

  • Supporting point 1: A defensible warfare threshold requires cumulative parameters; most incidents fail the bar. (PDF p. 25; PDF p. 6)

  • Supporting point 2: Presence/event typology clarifies authorities, tempo, and utility; lifecycle analysis explains feasibility. (PDF p. 15; PDF p. 81; PDF p. 118)

  • Supporting point 3: Cyber’s novelty is intensified scale and dependence, not a new logic; integration with EW/IO and classic principles is decisive. (PDF p. 53; PDF p. 74; PDF p. 120)

  • Counterargument (anticipated): “We don’t see cyber-warfare because the real operations are classified; therefore it might be more common and decisive than Moore argues.”

    • Response (sketch): Even if visibility is limited, Moore’s lifecycle and brittleness constraints still imply high resource costs and integration burdens that should temper claims of decisive standalone cyber coercion. (PDF p. 105; PDF p. 102; PDF p. 244)