Joint Force Quarterly 85 (2nd Quarter, April 2017)
Download the Entire Issue
In Memoriam: General John W. Vessey, Jr., USA
By John Wagner
By William T. Eliason
An Interview with David L. Goldfein
By William T. Eliason
Toward a Unified Metric of Kinetic and Nonkinetic Actions: Meaning Fields and the Arc of Effects
By Bradley DeWees, Terry C. Pierce, Ervin J. Rokke, and Anthony Tingle
Information Warfare in an Information Age
By William R. Gery, SeYoung Lee, and Jacob Ninas
The Rise of the Commercial Threat: Countering the Small Unmanned Aircraft System
By Anthony Tingle and David Tyree
Forensic Vulnerability Analysis: Putting the “Art” into the Art of War
By Darryl Williams
Operational Graphics for Cyberspace
By Erick D. McCroskey and Charles A. Mock
The Need for a Joint Support Element in Noncombatant Evacuation Operations
By George K. Dixon
Policing in America: How DOD Helped Undermine Posse Comitatus
By Steven C. Dowell, Jr.
The U.S. Government’s Approach to Health Security: Focus on Medical Campaign Activities
By George E. Katsos
The Advent of Jointness During the Gulf War: A 25-Year Retrospective
By Christopher G. Marquis, Denton Dye, and Ross S. Kinkead
By Bruno Carvalho
Margin of Victory
By John Dethlefs
The New Grand Strategy
By Michael D. Russ
Improving Joint Doctrine for Security in Theater: Lessons from the Bastion-Leatherneck-Shorabak Attack
By Nicholas J. Petren
Joint Publication 3-20, Security Cooperation: Adapting Enduring Lessons
By Keith D. Smith, Mark H. Lauber, and Matthew B. Robbins
Joint Doctrine Update
By The Joint Staff
This font was created to accompany the article, "Operational Graphics for Cyberspace," by Erick D. McCroskey and Charles A. Mock.
Please follow these steps to install the font:
You should then be able to open a Word document and use the font. The Operational Graphic symbols that appear in the table below have been assigned the letters a thru x.
Adaptation of Tactical Task Graphics to Cyberspace
Potential Use in Describing Cyberspace Operations
Actions by Friendly Force
Attack by fire
The use of direct fires, supported by indirect fires, to engage an enemy force without closing with the enemy to destroy, suppress, fix, or deceive that enemy.
Overt actions where an origination (or interim relay) point can be determined, such as distributed denial-of-service attacks, broad intrusive scans, where these actions create the intended effect on the target.
Break through or establish a passage through an enemy defense, obstacle, minefield, or fortification.
Noncredential-based access (penetration through a firewall, using an exploit or hacking tradecraft).
Maneuver around an obstacle, position, or enemy force to maintain the momentum of the operation while deliberately avoiding combat with an enemy force.
Credential-based access (use captured credentials for login).
Remove all enemy forces and eliminate organized resistance within an assigned area.
Comprehensive scans and forensics, removing all malware and adversary points of presence and external connections.
Maintain physical influence over a specified area to prevent its use by an enemy or to create conditions necessary for successful friendly operations.
Standard cybersecurity mission to protect a domain, typically assigned to a cyber security practitioner (CSP).
Provide early warning to the protected force.
Detection activities on a boundary or domain.
Protect the main body by fighting to gain time while also observing and reporting information and preventing enemy ground observation of and direct fire against the main body. Units conducting a guard mission cannot operate independently because they rely upon fires and combat support assets of the main body.
Domain-wide detection and hunt-type activities by a cyber protection Team or local defensive unit, augmenting the capabilities of a CSP.
Protect the main body by fighting to gain time while also observing and reporting information and preventing enemy ground observation of and direct fire against the main body.
Domain-wide detection, hunt, and reposturing of defensive boundary controls by a CSP.
(No symbol exists. Symbol shows the flow of exfiltrated data, a substantial deviation from the existing definition of this task.)
Remove Soldiers or units from areas under enemy control by stealth, deception, surprise, or clandestine means.
Movement of data from its original location to a location under enemy control, typically by means of stealth, deception, or clandestine means.
Move a friendly force into an area so that it can control that area. Both the force’s movement to and occupation of the area occur without enemy opposition.
Deployment of a cyber protection team to a domain in advance of suspected adversary activity.
Ensure that a terrain feature controlled by a friendly force remains free of enemy occupation or use.
Defense of a network device or domain to prevent any adversary access.
Prevent a unit, facility, or geographical location from being damaged or destroyed as a result of enemy action.
Defense of a network device or domain to prevent an adversary from making any changes to data or functionality.
Take possession of a designated area by using overwhelming force.
Gain control of a device, network, data, or credentials. In cyberspace, two opposing forces may have simultaneous control of any or all of these assets.
Support by fire
A maneuver force moves to a position where it can engage the enemy by direct fire in support of another maneuvering force.
Overt actions where an origination (or interim relay) point can be determined, such as distributed denial-of-service attacks, broad intrusive scans, and where these actions are designed to set the conditions for success for the primary attack actions.
Effects on Enemy Force
Deny the enemy access to an area or prevent the enemy’s advance in a direction or along an avenue of approach.
Also an obstacle effect that integrates fire planning and obstacle efforts to stop an attacker along a specific avenue of approach or prevent the attacking force from passing through an engagement area.
Use or modification of blacklists, whitelists, access control lists, routing policies, credentials (username-password pairs, or machine-issued), or filters on firewalls, domain name servers, domain controllers, Web servers, email servers, or others to prohibit or terminate access based on specific criteria.
Restrict enemy movement to a narrow zone by exploiting terrain coupled with the use of obstacles, fires, or friendly maneuver.
Use of routing policies, honeypots/honeyports/honeynets, or other defensive techniques to direct potential adversary traffic to desired network locations.
Stop, hold, or surround enemy forces or to cause them to center their activity on a given front and prevent them from withdrawing any part of their forces for use elsewhere.
Not strictly possible in cyberspace, since forces exist as a function of effort being expended. However, could be used to indicate quarantine of malware or emails.
Physically render an enemy force combat-ineffective until it is reconstituted. Alternatively, to destroy a combat system is to damage it so badly that it cannot perform any function or be restored to a usable condition without being entirely rebuilt.
Deleting all files from a server, flashing basic input-output system or firmware, or causing physical damage to industrial control systems.
Integrates direct and indirect fires, terrain, and obstacles to upset an enemy’s formation or tempo, interrupt the enemy’s timetable, or cause enemy forces to commit prematurely or attack in a piecemeal fashion.
Interrupting connections periodically, enforcing time limits on sessions, or actions that require an enemy to repeat previous steps, upset an enemy’s tempo, interrupt the enemy’s timetable, or cause the enemy’s efforts to proceed in a piecemeal fashion.
Prevent the enemy force from moving any part of that force from a specific location for a specific period.
Not strictly possible in cyberspace, since forces exist as a function of effort being expended, but used to indicate actions that require an enemy to focus effort to restore function (for example, reboot a domain controller or data server following an induced system crash); to expend much greater effort than planned to obtain an objective (for example, consuming attacker resources using a realistic honeynet); or to refrain from using capabilities for fear of detection (for example, refrain from activating implants because of increased random scans for active malware).
Prevent, disrupt, or delay the enemy’s use of an area or route.
Denial-of-network (data transport) services, or limiting access to services.
Requires a unit to seal off—both physically and psychologically—an enemy from sources of support, deny the enemy freedom of movement, and prevent the isolated enemy force from having contact with other enemy forces.
Removal of a device infected with malware from the network, moving a phishing email from the server to a forensics sandbox.
Render enemy personnel or materiel incapable of interfering with a particular operation.
Any action taken against another cyberspace unit that prevents it from using its offensive or defensive capabilities (for example, interrupt the sensor feeds from a target domain to the responsible cyber defense unit).
* As described and depicted in various DOD sources, including MIL-STD-2525D, Joint Military Symbology, June 10, 2014; Field Manual (FM) 1-02/Marine Corps Reference Publication 5-12A, Operational Terms and Graphics, February 2, 2010 (incorporating Change 1); FM 3-90-1, Offense and Defense, vol. 1, March 2013; FM 3-90-2, Reconnaissance, Security and Tactical Enabling Tasks, vol. 2, March 2013.