Conflict now extends into networks, and the cyber warfare specialist fights there:\ngaining access to an adversary's systems for intelligence, denying or degrading them\nwhen lawful, without being seen, hitting the wrong target, or handing the enemy your\ntools. Code can now produce effects once reserved for munitions — blinding a radar,\nstopping a centrifuge, silencing a command network — and those effects propagate and\npersist in ways physical weapons never did. The work demands an intelligence officer's\npatience and a combatant's restraint.
\n","wordCount":81},{"heading":"Core Mission","id":"core-mission","markdown":"Achieve the commander's effect in and through cyberspace — access, intelligence, or\ndenial — under lawful authority and ROE, staying undetected as long as needed and never\ncausing an effect you didn't intend or can't bound.","html":"Achieve the commander's effect in and through cyberspace — access, intelligence, or\ndenial — under lawful authority and ROE, staying undetected as long as needed and never\ncausing an effect you didn't intend or can't bound.
\n","wordCount":34},{"heading":"Primary Responsibilities","id":"primary-responsibilities","markdown":"The real work is patient, deconflicted operations against a thinking defender on shifting\nterrain. A specialist conducts reconnaissance and develops access; weaponizes\nand delivers capability against a validated target; hides command and control; manages\npersistence and dwell time; collects intelligence (CNE) or delivers an authorized effect\n(CNA); practices relentless OPSEC; bounds collateral effects in a dual-use domain;\ndeconflicts with other operations and intelligence equities; and burns or preserves\nperishable zero-days — all while leaving no trace.","html":"The real work is patient, deconflicted operations against a thinking defender on shifting\nterrain. A specialist conducts reconnaissance and develops access; weaponizes\nand delivers capability against a validated target; hides command and control; manages\npersistence and dwell time; collects intelligence (CNE) or delivers an authorized effect\n(CNA); practices relentless OPSEC; bounds collateral effects in a dual-use domain;\ndeconflicts with other operations and intelligence equities; and burns or preserves\nperishable zero-days — all while leaving no trace.
\n","wordCount":77},{"heading":"Guiding Principles","id":"guiding-principles","markdown":"- **Access is patient; effect is final.** Pulling the trigger ends the access; don't\n spend it cheaply.\n- **OPSEC is the mission, not a checkbox.** Once tools or tradecraft are exposed, the\n operation's over.\n- **Bound the blast radius before you act.** A military effect can cascade into civilian\n infrastructure; know where it stops.\n- **Live off the land.** Custom malware is louder, more attributable, and more perishable\n than the target's own tools.\n- **A zero-day is a perishable munition.** Used once it's burned; spend it only when\n nothing else works.\n- **Deconflict or you fragment.** Two friendly operations on one target destroy more than\n the enemy.\n- **Attribution cuts both ways.** Assume your own attribution is as fragile as the hand\n you hide.","html":"Cyber warfare is an interagency endeavor that rarely acts alone. The specialist works\nwith intelligence analysts who set requirements and consume the collection; capability\ndevelopers who build the tools; infrastructure and access teams; legal advisors who own\nthe authorities and ROE; and policymakers for the most consequential effects. They\ndeconflict with other offensive operations, friendly defensive (blue) teams, and allied\npartners. Security and network engineers are the mirror image, and the best operators\nthink like defenders. The recurring friction is the equities seam, resolved by honest\ncoordination.
\n","wordCount":87},{"heading":"Ethics","id":"ethics","markdown":"Cyber effects are still acts of force, and the law of armed conflict — distinction,\nproportionality, military necessity, humanity — applies in cyberspace as on any\nbattlefield. The hardest ethical feature is propagation and dual-use: an effect aimed at\na military target can cascade into hospitals and power grids sharing the same software,\nso bounding the blast radius is a moral obligation. Acting only under lawful authority\nand ROE is non-negotiable; an available access is no license to use it. Capabilities,\nonce built, can be stolen and turned on the innocent — a duty of stewardship. And because\nattribution can be faked, the specialist owes rigor against a misdirected response.","html":"Cyber effects are still acts of force, and the law of armed conflict — distinction,\nproportionality, military necessity, humanity — applies in cyberspace as on any\nbattlefield. The hardest ethical feature is propagation and dual-use: an effect aimed at\na military target can cascade into hospitals and power grids sharing the same software,\nso bounding the blast radius is a moral obligation. Acting only under lawful authority\nand ROE is non-negotiable; an available access is no license to use it. Capabilities,\nonce built, can be stolen and turned on the innocent — a duty of stewardship. And because\nattribution can be faked, the specialist owes rigor against a misdirected response.
\n","wordCount":109},{"heading":"Scenarios","id":"scenarios","markdown":"**Asked for an effect, deciding to collect.** A commander wants a CNA to disable an\nadversary air-defense node before a strike. The specialist holds a quiet CNE access into\nthe target's command network — collection informing the whole campaign — that a visible\neffect would burn. Instead of destroying the node, the specialist uses that access to\nfeed it false tracks during the strike, blinding the radar while preserving the access.\nThe judgment is access-vs-effect: don't spend a quiet access on a loud effect when a\nquieter path works.\n\n**A worm that won't stay home.** Tasked with disrupting an isolated military control\nsystem, the specialist designs a self-propagating capability to reach the air-gapped\ntarget via removable media. But the same control software runs in civilian\nwater-treatment plants, and a self-spreading worm can't know it's left the target. So the\nspecialist adds a strict target check (executing only on the military hardware\nfingerprint, deleting itself elsewhere) and a hard expiration date — an effect you can't\nbound is one you may not lawfully release.\n\n**A provocation that smells wrong.** Friendly networks are hit by an intrusion bearing\nthe hallmarks of a known state adversary, with pressure to respond in kind. The\nspecialist treats attribution as intelligence, not fact: the indicators are suspiciously\nconvenient — public, easy-to-spoof tradecraft, none of the adversary's higher-tier\ntechniques, timing that benefits a third party. Suspecting a false-flag, the specialist\nwithholds retaliation pending corroboration, avoiding a fight with the wrong enemy.","html":"Asked for an effect, deciding to collect. A commander wants a CNA to disable an\nadversary air-defense node before a strike. The specialist holds a quiet CNE access into\nthe target's command network — collection informing the whole campaign — that a visible\neffect would burn. Instead of destroying the node, the specialist uses that access to\nfeed it false tracks during the strike, blinding the radar while preserving the access.\nThe judgment is access-vs-effect: don't spend a quiet access on a loud effect when a\nquieter path works.
\nA worm that won't stay home. Tasked with disrupting an isolated military control\nsystem, the specialist designs a self-propagating capability to reach the air-gapped\ntarget via removable media. But the same control software runs in civilian\nwater-treatment plants, and a self-spreading worm can't know it's left the target. So the\nspecialist adds a strict target check (executing only on the military hardware\nfingerprint, deleting itself elsewhere) and a hard expiration date — an effect you can't\nbound is one you may not lawfully release.
\nA provocation that smells wrong. Friendly networks are hit by an intrusion bearing\nthe hallmarks of a known state adversary, with pressure to respond in kind. The\nspecialist treats attribution as intelligence, not fact: the indicators are suspiciously\nconvenient — public, easy-to-spoof tradecraft, none of the adversary's higher-tier\ntechniques, timing that benefits a third party. Suspecting a false-flag, the specialist\nwithholds retaliation pending corroboration, avoiding a fight with the wrong enemy.
\n","wordCount":251},{"heading":"Related Occupations","id":"related-occupations","markdown":"The cyber warfare specialist lives at the intersection of offense, defense, and\nintelligence. The security engineer is the defensive mirror image, breaking the kill\nchain the specialist walks. The network engineer understands the terrain both fight over.\nThe software engineer builds and reverse-engineers the capabilities. The military\nintelligence analyst tasks the collection and consumes its product. The AI safety\nresearcher shares the discipline of reasoning about dual-use capabilities whose effects\nare hard to bound.","html":"The cyber warfare specialist lives at the intersection of offense, defense, and\nintelligence. The security engineer is the defensive mirror image, breaking the kill\nchain the specialist walks. The network engineer understands the terrain both fight over.\nThe software engineer builds and reverse-engineers the capabilities. The military\nintelligence analyst tasks the collection and consumes its product. The AI safety\nresearcher shares the discipline of reasoning about dual-use capabilities whose effects\nare hard to bound.
\n","wordCount":76},{"heading":"References","id":"references","markdown":"- *The Cyber Kill Chain* (Intelligence-Driven Computer Network Defense) — Hutchins,\n Cloppert & Amin (Lockheed Martin)\n- *MITRE ATT&CK Framework* — attack.mitre.org\n- *Tallinn Manual on the International Law Applicable to Cyber Operations*\n- *@War: The Rise of the Military-Internet Complex* — Shane Harris\n- *Countdown to Zero Day* — Kim Zetter","html":"