Detect, Deny, Degrade, Disrupt, Destroy, Deceive: which is the greatest in OCO?

Abstract

In the cyber kill chain literature, possible courses of action are listed as detect, deny, degrade, disrupt, destroy, and deceive (a.k.a. “the 6Ds”). These verbs denote defensive action to be taken against an intruder. By comparison, military doctrine for cyberspace operations encompasses cyberspace exploitation and attack, as well as defence. The question arises whether the 6Ds are also applicable to offensive action, i.e. exploitation and attack, or whether additional action verbs are needed. Military doctrine is evolving towards all-domain operations, in which action in cyberspace is integrated with action in the physical domains of land, sea, air, and space. This prompts the question as to whether the 6Ds are also suited to action in a physical domain. A pilot study of actual military operations that integrated cyber and physical action suggests that deception, delay, and denial of organisational and cyber entities is suited to cyber action, while seizure, capture, and destruction of physical entities is suited to physical action. Preference among action verbs may indicate when it is best to engage targets using cyber or physical resources and which action is preferred. This paper identifies which action verbs are best suited to offensive cyber operations in the context of all-domain operations. The paper reviews related theory on cyberspace and the cyber kill chain. It identifies action verbs in US Department of Defense (DoD) doctrine on information and cyberspace operations, comparing them to those in the US DoD Dictionary of Military and Associated Terms. After discussing the findings, the paper draws conclusions and recommends further work.