This report has been professionally converted for accurate flowing-text e-book format reproduction. The National Defense Authorization Act for Fiscal Year 2012 gave the Department of Defense the statutory authority to conduct offensive cyberoperations, subject to the Law of Armed Conflict. Four major types of offensive cyberoperations include destroying data on a network or a system connected to a network, being an active member of a network and generating bogus traffic, clandestinely altering data in a database stored on a network and degrading or denying service on a network. Conducting these operations, as opposed to cyberexploitation, will require military planners to analyze potential actions through the lens of the Law of Armed Conflict's constraint elements of military necessity, proportionality, perfidy, distinction and neutrality. The use of a recognized analytical framework lends legitimacy to actions undertaken by the United States, and shows a continued commitment to recognized rules of international law. Utilizing the present parameters of the existing LOAC framework, parallel legal and historical analogies and reasonable interpretations and applications of those analogies, the United States should legitimately be able to conduct the four types of offensive cyberoperations.

This compilation includes a reproduction of the 2019 Worldwide Threat Assessment of the U.S. Intelligence Community.

Offensive cyberoperations cover a wide range of computer-based activities aimed at disabling or disrupting an adversary's ability to use computer based resources or assets or to defend a nation's own network against exploitation. Offensive cyberoperations can range from activities such as collecting or copying data from foreign computer systems and databases to disrupting computer systems, denying its use by others and even covert action conducted by intelligence agencies aimed at damaging an adversary's computer systems.