GEOG 479
Cyber-Geography in Geospatial Intelligence




Advance Force Operations

An operation which precedes the main effort in an objective area in order to prepare the objective for the main assault by conducting such operations as reconnaissance, seizure of supporting positions-including key network systems or nodes-pre-emplacement or clearing of weapons--such as minesweeping, preliminary bombardment, underwater demolitions, or cyber accesses and/ or weapon implants -and air support.

Replaces: CNE when used to describe cyberspace operations intended to support/facilitate a specific planned operation or set of operations via clandestine means, e.g., by delivery of software payloads that may facilitate preparation of the battlespace and/ or provide effects in support of an operation.

Aim Point (Derived from Air Warfare TIPs)
After compensation for such factors as course, speed, turbulence, target and for terrain characteristics, target depth/elevation, and weapon characteristics, the point at which a weapon is aimed in order to achieve the desired effect at the target location. Multiple aim points may be assigned to a particular target location in order to multiply or complement the effects of a single weapon or propagate those effects to a target location not directly accessible to the weapon. If the target can only be affected indirectly, a geographically separated aim point, such as a supporting facility or component, may be selected in order to achieve the desired effect at the target location.
Asymmetric Threats
Can include the use of surprise in all its operational and strategic dimensions and the use of weapons in ways unplanned by the United States.
Collateral Effect

Unintentional or incidental effects including, but not limited to,injury or damage to persons or objects that would not be lawful military targets under the circumstances ruling at the time. Includes effects on civilian or dual-use computers, networks, information, or infrastructure. Such effects are not unlawful as long as they are not excessive in light of the overall military advantage anticipated from the activity. In cyberspace operations, Collateral Effects are categorized as:

  • "High": Substantial adverse effects on persons or property that are not lawful targets from which there is a reasonable probability of loss of life, serious injury, or serious adverse effect on the affected nation's national security, economic security, public safety, or any combination of such effects.
  • "Medium": substantial adverse effects on persons or property that are not lawful targets.
  • "Low'': Temporary, minimal or intermittent effects on persons or property that are not lawful targets.
  • "No": Only adversary persons and computers, computer-controlled networks, and/or information and information systems are adversely affected.
Computer Network Attack
(DOD) A category of fires employed for offensive purposes in which actions are taken through the use of computer networks to disrupt, deny, degrade, manipulate, or destroy information resident in the target information system or computer networks, or the systems/ networks themselves. The ultimate intended effect is not necessarily on the targeted system itself, but may support a larger effort, such as information operations or counter-terrorism, e.g., altering or spoofing specific communications or gaining or denying access to adversary communications or logistics channels.
Computer Network Defense
Actions taken to protect, monitor, analyze, detect, and respond to unauthorized activity within the DOD information systems and computer networks.
Computer Network Defense Response Actions
Deliberative, authorized defensive measures or activities that protect and defend DOD computer systems and networks under attack or targeted for attack by adversary computer systems and networks. Response actions extend DOD's layered defense-in-depth capabilities and increase DOD's ability to withstand adversary attacks (Assistant SECDEF Memorandum, "Guidance for Computer Network Response Actions").
Computer Network Exploitation
Enabling operations and intelligence collection capabilities conducted through the use of computer networks to gather data from target or adversary automated information systems or networks.
Computer Network Operations
Comprised of CNA, CND, and related CNE enabling operations.
Counter-Cyber (CC)
A mission that integrates offensive and defensive operations to attain and maintain a desired degree of cyberspace superiority. Counter-cyber missions are designed to disrupt, negate, and/ or destroy adversarial cyberspace activities and capabilities, both before and after their employment.
Information gathered and activities conducted to protect against espionage, other intelligence activities, sabotage, or assassinations conducted by or on behalf of foreign governments or elements thereof, foreign organizations, or foreign persons, or international terrorist activities.

That form of military science that, by the employment of devices and/ or techniques, has as its objective the impairment of the operational effectiveness of undesirable or adversarial activity, or the prevention of espionage, sabotage, theft, or unauthorized access to or use of sensitive or classified information or information systems.

  • Defensive Countermeasures includes actions to identify the source of hostile cyber activities; protection/ mitigation at the boundary (e.g., Intrusion Protection Systems (IPS), preemptive blocks, blacklisting); hunting within networks (actively searching for insiders and other adversaries or malware); passive and active intelligence (including law enforcement) employed to detect cyber threats; and/ or actions to temporarily isolate a system engaged in hostile cyber activities.
  • Offensive countermeasures might include electronic jamming or other negation measures intended to disrupt an adversary's cyber capabilities during employment.
Critical Cyber System/ Asset/Function (Draft NCIRP Feb 20 10)

An information system Is considered to be vital if a physical or cyber incident affecting the confidentiality, integrity, and availability of the system, asset, or function would have significant negative impact on the national security, economic stability, public confidence, health, or safety of the United States.

Critical Infrastructure (Draft NCIRP Feb 2010): Systems and assets, whether physical or virtual, so vital that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters, across any Federal, State, regional, territorial, or local jurisdiction.

Cyber Attack
CyA actions combine CNA with other enabling capabilities (such as EA, physical attack, and others) to deny or manipulate information and/or infrastructure. A hostile act using computer or related networks or systems, and intended to disrupt and/ or destroy an adversary's critical cyber systems, assets, or functions. The intended effects of cyber attack are not necessarily limited to the targeted computer systems or data themselves-for instance, attacks on computer systems which are intended to degrade or destroy infrastructure or C2 capability. A cyber attack may use intermediate delivery vehicles including peripheral devices, electronic transmitters, embedded code, or human operators. The activation or effect of a cyber attack may be widely separated temporally and geographically from the delivery.
Cyber Content Management
CyCM is the technology, processes, and policy necessary to provide awareness of relevant, accurate information; automated access to newly discovered or recurring information; and timely, efficient, and assured delivery of information in a usable format.
Cyber Counterintelligence
Measures to identify, penetrate, or neutralize foreign operations that use cyber means as the primary tradecraft methodology, as well as foreign intelligence service collection efforts that use traditional methods to gauge cyber capabilities and intentions (JP 2-01.2).
Cyber Defense

CyD is actions that combine information assurance, computer network defense (to include response actions), and critical infrastructure protection with enabling capabilities (such as EP, critical infrastructure support, and others) to prevent, detect, and ultimately respond to an adversary's ability to deny or manipulate information and/or infrastructure. CyD is integrated with the dynamic defensive aspects of CyberWar to provide defense in depth. The integrated application of DoD or US Government cyberspace capabilities and processes to synchronize in real-time the ability to detect, analyze, and mitigate threats and vulnerabilities, and outmaneuver adversaries, in order to defend designated networks, protect critical missions, and enable US freedom of action. Cyber Defense includes:

  • Proactive NetOps: (e.g., configuration control, information assurance (lA) measures, physical security and secure architecture design, intrusion detection, firewalls, signature updates, encryption of data at rest);
  • Defensive Counter Cyber (DCC): Includes: military deception via honeypots and other operations; and redirection, deactivation, or removal of malware engaged in a hostile act/ imminent hostile act.
  • Defensive Countermeasures.
Cyber Enterprise Management
CyME is the technology, processes, and policy necessary to effectively operate computers and networks.
Cyber Exploitation
CyE is actions combining CNE with enabling capabilities (such as ES, SIGINT, and others) for intelligence collection and other efforts.
Cybergeomatic Intelligence
the exploitation and analysis of GeoInt and Cyber data sources to describe, assess, and visually depict geographically referenced activities on the Earth in terms of an “effects based” CyberGeomatic perspective.
Cyber Network Operations
the component of CyberOps that establishes, operates, manages, protects, defends, and provides command and control of the LandWarNet, CIKR, and other specified cyberspace.
Cyberspace Operations (CO) (CM-0856-09 1 Sep 09)
The employment of cyber capabilities where the primary purpose is to achieve objectives in or through cyberspace. Such operations include computer network operations and activities to operate and defend the Global Information Grid.
Cyber Operational Preparation of the Environment (C-OPE)
Non-intelligence enabling functions within cyberspace conducted to plan and prepare for potential follow-on military operations. C-OPE includes but is not limited to identifying data, system/network configurations, or physical structures connected to or associated with the network or system (to include software, ports, and assigned network address ranges or other identifiers) for the purposes of determining system vulnerabilities; and actions taken to assure future access and/ or control of the system, network, or data during anticipated hostilities. (See: OPE (JP 3-13): Non-intelligence activities conducted to plan and prepare for potential follow-on military operations.) Replaces: CNE or CNA when used specifically as an enabling function for another military operation.
All organizational actions required to ensure freedom from danger and risk to the security of information in all its forms (electronic, physical), and the security of the systems and networks where information is stored, accessed, processed, and transmitted, including precautions taken to guard against crime, attack, sabotage, espionage, accidents, and failures. Cybersecurity risks may include those that damage stakeholder trust and confidence, affect customer retention and growth, violate customer and partner identity and privacy protections, disrupt the ability to conduct or fulfill business transactions, adversely affect health and cause loss of life, and adversely affect the operations of national critical infrastructures.
Cyber Situational Awareness
The immediate knowledge of friendly, adversary, and other relevant information regarding activities in and through cyberspace and the EMS. It is gained from a combination of intelligence and operational activity in cyberspace, the EMS, and in the other domains, both unilaterally and through collaboration with our unified action and public-private partners.
Cyber Support
Those supporting activities which are generated and employed to specifically enable CyNetOps and CyberWar. They include vulnerability assessment and operational force-based security assessment and remediation, reverse engineering malware, cyber aspects of site exploitation, counterintelligence and law enforcement, forensics, RDT&E, combat development, and acquisition.
A global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers (JP 1-02). Characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures.
Cyberspace Operations
The employment of cyber capabilities where the primary purpose is to achieve objectives in and through cyberspace. Such operations include computer network operations and activities to operate and defend the GIG.
Cyberspace Superiority
the degree of dominance in cyberspace by one force that permits the secure, reliable conduct of operations by that force, and its related land, air, sea, and space forces at a given time and sphere of operations without prohibitive interference by an adversary.
Cyberspace Warfare
The component of CyberOps that extends cyber power beyond the defensive boundaries of the GIG to detect, deter, deny, and defeat adversaries. CyberWar capabilities target computer and telecommunication networks and embedded processors and controllers in equipment, systems, and infrastructure. CyberWar uses CyE, CyA, and DCyD in a mutually supporting and supported relationship with CyNetOps and CyberSpt. Military operations conducted to deny an opposing force the effective use of cyberspace systems and weapons in a conflict. It includes cyber attack, cyber defense, and cyber enabling actions.
Defensive Counter-Cyber (DCC)
All defensive countermeasures designed to detect, identify, intercept, and destroy or negate harmful activities attempting to penetrate or attack through cyberspace. DCC missions are designed to preserve friendly network integrity, availability, and security, and protect friendly cyber capabilities from attack, intrusion, or other malicious activity by pro-actively seeking, intercepting, and neutralizing adversarial cyber means which present such threats. DCC operations may include: military deception via honeypots and other operations; actions to adversely affect adversary and/ or intermediary systems engaged in a hostile act/ imminent hostile act; and redirection, deactivation, or removal of malware engaged in a hostile act/ imminent hostile act. Replaces: "CND-RA," "active defense," "dynamic network defense" where used to connote operations outside the DOD network perimeter to counter a hostile act or demonstrated hostile intent in cyberspace.
Dynamic Cyber Defense
DCyD actions combine policy, intelligence, sensors, and highly automated processes to identify and analyze malicious activity, simultaneously tip and cue and execute preapproved response actions to defeat attacks before they can do harm. DCyD uses the Army defensive principles of security, defense in depth, and maximum use of offensive action to engage cyber threats. Actions include surveillance and reconnaissance to provide early warnings of pending enemy actions. DCyD is integrated with the defensive aspects of CyNetOps to provide defense in depth.
Effects Assessment (EA)
The timely and accurate evaluation of effects resulting from the application of lethal or non-lethal capabilities against a military objective. Effects assessment is composed of physical effect assessment, functional effect assessment, and target system assessment.
Electronic Attack
Division of electronic warfare involving the use of electromagnetic energy, directed energy, or antiradiation weapons to attack personnel, facilities, or equipment with the intent of degrading, neutralizing, or destroying enemy combat capability and is considered a form of fires.
Electronic Protection
Division of electronic warfare involving actions taken to protect personnel, facilities, and equipment from any effects of friendly or enemy use of the electromagnetic spectrum that degrade, neutralize, or destroy friendly combat capability.
Flexible Deterrent Option (FDO) (JP 1-02)
A planning construct intended to facilitate early decision making by developing a wide range of interrelated responses that begin with deterrent-oriented actions carefully tailored to produce a desired effect. The flexible deterrent option is the means by which the various diplomatic, information, military, and economic deterrent measures available to the President are included in the joint operation planning process.
Global Information Grid
The globally interconnected, end-to-end set of information capabilities, associated processes, and personnel for collecting, processing, storing, disseminating, and managing information on demand to warfighters, policy makers, and support personnel. The GIG includes owned and leased communications and computing systems and services, software (including applications), data, security services, other associated services, and National Security Systems.
Hostile Act
Force or other means used directly to attack the US, US forces, or other designated persons or property, to include critical cyber assets, systems, or functions. It also includes force or other means to preclude or impede the mission and/ or duties of US forces, including the recovery of US personnel or vital US Government property.
Hostile Intent
The threat of an imminent hostile act. Determination of hostile intent in cyberspace can also be based on the technical attributes of an activity which does not meet the hostile act threshold but has the capability, identified through defensive countercyber or forensic operations, to disrupt, deny, degrade, manipulate, and/or destroy critical cyber assets at the will of an adversary (such as a logic bomb or "sleeper" malware). Because an individual's systems may be used to commit a hostile act in cyberspace without their witting participation, the standard for attribution of hostile act/intent for defensive counter-cyber purposes is 'known system involvement,' and is not witting actor or geography-dependent.
Facts, data, or instructions in any medium or form; the meaning that a human assigns to data by means of the known conventions used in their representation.
Information Assurance
Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and nonrepudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. Actions that protect and defend information systems by ensuring availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating detection, protection, and reaction capabilities
Information Environment
The aggregate of individuals, organizations, and systems.
Information Operations
The integrated employment of the core capabilities of EW, computer network operations, psychological operations, military deception, and operations security, in concert with specified supporting and related capabilities, to influence, disrupt, corrupt, or usurp adversarial human and automated decision-making while protecting the same.
The product resulting from the collection, processing, integration, evaluation, analysis, and interpretation of available information concerning foreign nations, hostile or potentially hostile forces or elements, or areas of actual or potential operations. The term is also applied to the activity which results in the product and to the organizations engaged in such activity.
Intelligence Preparation of the Battlespace
An analytical methodology employed to reduce uncertainties concerning the enemy, environment, and terrain for all types of operations. Intelligence preparation of the battlespace builds an extensive database for each potential area in which a unit may be required to operate. The database is then analyzed in detail to determine the impact of the enemy, environment, and terrain on operations and presents it in graphic form. Intelligence preparation of the battlespace is a continuing process.
Intelligence, Surveillance, and Reconnaissance
Activities that synchronize and integrate the planning and operation of sensors, assets, and processing, exploitation, and dissemination systems in direct support of current and future operations.
An action to divert, disrupt, delay, or destroy an adversary's military capability before it can be used effectively against friendly forces or systems, or to otherwise achieve objectives. (See: Interdiction {JP 3-03}-An action to divert, disrupt, delay, or destroy the enemy's military surface capability before it can be used effectively against friendly forces, or to otherwise achieve objectives. Note: If "surface" is deleted from current Interdiction definition, Cyber interdiction becomes a subset of this type of operation.) Replace: "CND-RA" where preemptively removing or rendering ineffective malware targeted at DOD or vital national systems on the adversary system or in transit is intended.
An electronic communications network that connects computer networks and organizational computer facilities around the world.
Intelligence, Surveillance, and Reconnaissance (ISR) (JP 2-01)
An activity that synchronizes and integrates the planning and operation of sensors, assets, and processing, exploitation, and dissemination systems in direct support of current and future operations. This is an integrated intelligence and operations function. Replaces "CNE" when used in defensive countercyber or in support of offensive (USC Title 10) operations in cyberspace. Where CNE is intended purely for the collection of foreign intelligence, it is cyber-enabled foreign intelligence (CEFI), or computer network exploitation (CNE).
Intrusion (JP 1-02)
Movement of a unit or force within another nation's specified operational area outside of territorial seas or territorial airspace, not specifically approved by that nation, for surveillance, intelligence gathering, or other operation in time of peace or tension.
Joint Intelligence Preparation of the Operational Environment (JIPOE)
An analytical methodology employed to reduce uncertainties concerning the adversary, environment, and terrain, including cyberspace operations. Intelligence preparation of the battlespace is a continuing process. Also called Intelligence Preparation of the Battlespace (IPB).
Mission Assurance Category (MAC) (DODD 8500-1)

Applicable to DoD information systems, the mission assurance category reflects the importance of information relative to the achievement of DoD goals and objectives, particularly the warfighters' combat mission. Mission assurance categories are primarily used to determine the requirements for availability and integrity. The Department of Defense has three defined mission assurance categories:

  • Mission Assurance Category I (MAC I). Systems handling information that is determined to be vital to the operational readiness or mission effectiveness of deployed and contingency forces in terms of both content and timeliness. The consequences of loss of integrity or availability of a MAC I system are unacceptable and could include the immediate and sustained loss of mission effectiveness. MAC I systems require the most stringent protection measures.
  • Mission Assurance Category ll (MAC II). Systems handling information that is important to the support of deployed and contingency forces. The consequences of loss of integrity are unacceptable. Loss of availability is difficult to deal with and can only be tolerated for a short time. The consequences could include delay or degradation in providing important support services or commodities that may seriously impact mission effectiveness or operational readiness.
  • Mission Assurance Category lll (MAC III). Systems handling information that is necessary for the conduct of day-to-day business, but does not materially affect support to deployed or contingency forces in the short-term. The consequences of loss of integrity or availability can be tolerated or overcome without significant impacts on mission effectiveness or operational readiness. The consequences could include the delay or degradation of services or commodities enabling routine activities.
Mitigation (US CERT CONOPS, NRF)
Solutions that contain or resolve risks through analysis of threat activity and vulnerability data which provide timely and accurate responses to prevent attacks, reduce vulnerabilities and fix systems. Activities providing a critical foundation in the effort to reduce the loss of life and property from natural and/ or manmade disasters by avoiding or lessening the impact of a disaster and providing value.
National Military Strategy for Cyberspace Operations (NMS-CO)
The comprehensive strategy of the US Armed Forces to ensure US military superiority in cyberspace. The NMS-CO establishes a common understanding of cyberspace and sets forth a military strategic framework that orients and focuses DOD actions in the areas of military, intelligence, and business operations in and through cyberspace.
Network Operations
Activities conducted to operate and defend the GIG.
Offensive Counter-Cyber (OCC)
Offensive operations to destroy, disrupt, or neutralize adversary cyberspace capabilities both before and after their use against friendly forces, but as close to their source as possible. The goal of OCA operations is to prevent the employment of adversary cyberspace capabilities prior to employment. This could mean preemptive action against an adversary. Replaces: CNA where it refers to a SECDEF-directed cyber attack, presumably in a period of hostilities, specifically aimed at damaging an adversary's ability to use its cyberspace capabilities against friendly forces. It differs from the generic use of "cyber attack" in that the latter can be used to affect non-cyber systems, including but not limited to infrastructure, lADS, transportation, and other networks, etc., and is not specifically tied to imminent or ongoing of hostilities.
Offensive Cyberspace Operations (OCO)
Activities that, through the use of cyberspace, actively gather information from computers, information systems, or networks, or manipulate, disrupt, deny, degrade, or destroy targeted computers, information systems, or networks. This definition includes Cyber Operational Preparation of the Environment (C-OPE), Offensive Counter-Cyber (OCC), cyber attack, and related electronic attack and space control negation.
Sensitive Reconnaissance (CJCSI-3250.0 1)
Reconnaissance operations which, by virtue of their collective objectives, means of collection, or area of operation, involve significant military risk or political sensitivity.Replaces: CNE when referring specifically to specific, high risk, politically sensitive cyber operations which require additional interagency deconfliction, coordination, or execution authorities.
Special Reconnaissance (SR) (JP 3-05, JP 1-02)
Reconnaissance and surveillance actions conducted as a special operation in hostile, denied, or politically sensitive environments to collect or verify information of strategic or operational significance, employing military capabilities not normally found in conventional forces. These actions provide an additive capability for commanders and supplement other conventional reconnaissance and surveillance actions. Replaces: Can replace CNE used specifically to denote cyberspace ops executed in highly sensitive areas or for highly sensitive purposes, using means or capabilities not normally employed by Service component forces; e.g., direct human action in gaining accesses or implanting tools, or specific target development in support of planned operations. Will generally apply to CO conducted by special forces or via other non-conventional means.
Supervisory Control and Data Acquisition (scada)
An electronic system that provides for monitoring and controlling systems or processes remotely.
Target Location
The specific location at which an effect is intended to manifest. If a cyber action will result in kinetic or kinetic-like effects (e.g., changing the function of a physical system, or file manipulation that results in a financial loss), the target location is the physical location of the effect, The target location may differ from the aim point(s) of the action- e.g., generating or blocking a command at a server or router to generate a desired effect (protection from malware, re-routing of packets, or an end-user being unable to access a site) at another node.
Any transmission, emission, or reception of signs, signals, writings, images, sounds, or information of any nature by wire, radio, visual, or other electromagnetic systems (1-02).
Title 10, U.S. Code
This title addresses securing U.S. interests by conducting military operations in cyberspace.
Title 18, U.S. Code
The focus is on law enforcement and the principle agency is the Department of Justice. This title addresses crime prevention, apprehension, and prosecution of cyberspace criminals.
Title 32, U.S. Code
The focus is on the first line of defense of the U.S. The principle agencies are the Army and Air Force National Guards. This title addresses the support to the defense of U.S. interests in cyberspace through critical infrastructure protection, domestic consequence management, and other homeland defense-related activities.
Title 40, U.S. Code
The focus is on CIO roles and responsibilities. All Federal department and agencies are responsible. This title establishes and enforces standards for acquisition and security of information technologies.
Title 50, U.S. Code
The focus is on foreign intelligence and counterintelligence activities. The principle agencies are the intelligence agencies aligned under the Office of the Director of National Intelligence. This title addresses intelligence gathering through cyberspace on foreign intentions, operations, and capabilities.
Title 60, U.S. Code
The focus is on homeland security and the principle agency is the DHS. This title addresses the security of U.S. cyberspace.
Warning Status (WS)

Established by Combatant Commander to identify threat and support implementation of appropriate rules of engagement (ROE).* Standard WS levels are:

  1. White: Attack by hostile forces is improbable without adequate warning
  2. Yellow: Attack by hostile forces is probable
  3. Red: Attack by hostile forces is imminent or is in progress. Replaces: INFOCON and use as significant component of CYBERCON conditions evaluation
Weapon action (JP 1-02)
The effect-producing mechanisms or functions initiated by a weapon when triggered.
Weapon Categorization

A binning of cyber weapon capabilities into categories, based on risk assessment and the release authority required for their use, that is used to determine authorization level for its use. Example categories might be:

  • Category I -Combatant commander release;
  • Category II -Pre-approved for combatant commander use in specific OPLANs or under specific warning/weapon status ROE;
  • Category III-President/SECDEF release only.
Weapons Control Status (JP 1-02 {NATO})

The degree of fire control imposed by appropriate command authorities upon units with assigned, attached, or organic weapons. WCS is established and adjusted based on friendly and enemy dispositions, and may be modified for specific operations to prevent unintended effects or fratricide, or to facilitate rapid target engagement. WCS may differ from unit to unit depending on situation. For example, JTF commanders may have the authority to direct permissive WCS within their theater to protect their forces or aid in achieving wartime military objectives, yet may impose greater restrictions in areas where friendly forces are known to be operating. WCS is paired with warning status. The three WCS in descending order of restriction are:

  1. WEAPONS HOLD/SAFE (JP 1-02 NATO): A weapons control order imposing a status whereby weapon systems may only be engaged in self defense or in response to a formal order.
  2. WEAPONS TIGHT (JP 1-02 NATO): A weapons control order imposing a status whereby weapon systems may engage only targets recognized under the ROE in effect as hostile.
  3. WEAPONS FREE (JP 1-02 NATO): A weapons control order imposing a status whereby weapon systems may engage any target not positively recognized as friendly.
Weapon Effect
A direct or indirect objective (intended) result a weapon action, typically specified by a specific target scope, desired effect type (material, behavioral) and level, and start time and duration. A direct (or first-order) effect is an outcome created directly by the weapon's action. An indirect effect is an outcome that cascades from one or more direct or other indirect effects of the weapon's action (also known as second, third, nth order effects, etc.). Because of the interconnected nature of cyberspace, indirect effects must be determined to the greatest extent possible and evaluated for acceptability before weapon use. These assessments will feed the Weapon Categorization process.
Weapon System (JP 1-02)
A combination of one or more offensive capabilities with all related equipment, materials, services, personnel, and means of delivery and deployment (if applicable) required for self-sufficiency. (Source: JP 1-02.) (Note: Offensive cyber capabilities, though they may be available ("in the wild," or developed by a single individual, go through a process of effect determination, characterization, categorization, and crew training before they are considered "weaponized" and available for use by DOD operators). Replace: "tool" or "toolkit" where weaponized offensive (meets use of force criteria) capability is intended.