France and its doctrine of cyber operations – offensive actions

The approach of the state to actions in cyberspace is simply a subject of the river and the subject of discussion at both political and academic level. It is all the more interesting how different countries make their doctrines and face even the problem of how to respond to incidents, how to treat those whose origin is criminal activity, and how to respond to groups sponsored by another countries. In Europe, France is 1 of the more interesting examples of a comprehensive approach to the subject and formalisation of doctrine. In January 2019, the doctrine of offensive and defensive cyber operations was announced, and in October 2021 the doctrine of cyber influence operations. We will so look at how these papers form the approach to actions in cyberspace and how they affect the functioning of individual agencies.

So let's start with papers from 2019. Public Elements of the Cyber Operation Doctrine. This paper formalized cyber operations as part of the activities of the French Armed Forces, stating that the Ministry of Armed Forces had the capacity and doctrine to usage offensive cyber operations related to the tasks of the Armed Forces. Starting with the preamble, we can look at the motivation of politics. The paper places these capabilities on an equal footing with another elements of the defence system, listing them in 1 series with conventional and atomic forces. It further points to the request for France to implement its obligations in global order and the function of the Ministry of Armed Forces in a geopolitical situation where crisis situations, terrorist, conventional and hybrid threats are increasing. As concrete examples of threats, cyber attacks against Estonia in 2007, attacks on Ukrainian power networks, attacks on TV5 Monda tv station and Wannacra and NotPetya effects are indicated. The function of cyber operations is further highlighted as an increasingly common tool for impact in conflicts and crises and the associated expanding importance of hybrid and asymmetrical actions. It is besides worth to go back for a while to 2017 erstwhile COMCYBER was created – the Cyber Defence Command. In the preamble to doctrine, we will find that this component is liable for offensive and defensive actions in cyberspace ensuring the appropriate functioning of the ministry and the effectiveness of the armed forces.

Turning to the text, the very beginning indicates the position of cyber capabilities among another military capabilities. The Doctrine states that the ability to carry out defensive and offensive activities in cyberspace is part of the State's sovereignty warrant by providing operational advantage in the areas of the armed forces' activities and providing them with IT protection. The doctrine points to the 3 most crucial assumptions of cyber operations:

Firstly, offensive operations in cyberspace cover all activities, taking into account those carried out solely in the cyber dimension and in conjunction with conventional forces. Importantly, the definition of "cyber weapons" (l’arme cyber) is besides indicated here, which is intended to have effects in a manner consistent with global law against hostile systems in terms of availability and confidentiality of data. 3 dimensions of cyber operations are further described:

1. Physical layer – including computer and network equipment, existing physically and in the electromagnetic spectrum – like computers, routers, wires, satellite links.
2. Logical layer – consisting of data stored in digital form, processes and tools for managing and exchanging them and providing circumstantial functionality. As examples, here are the pilik, protocols, applications.
3. Semantic and social layer – information exchanged in cyberspace and identity of persons operating there. The creators here point to the digital dimension of existence as a individual in information exchange services and give pseudonyms, email addresses, IP addresses, blogs as examples of this layer.

The doctrine besides draws attention to the temporary aspect of the operation, noting that while the effects can be induced rapidly, the preparation and integration of operations with another forms of action may take a long time due to the request for long and precise planning. 2 points are highlighted for the effects of the operation. On the 1 hand, the anticipation of generating both material (as well as neutralisation of weapon systems) and intangible (collection of intelligence) effects. On the another hand, the function of cyber elements in the comprehensive increase in the efficiency of the armed forces as a full and the widest possible usage of how much military systems are networked.

As you can see, France treats cyber operations in a very comprehensive way, besides pointing to the layer of information sharing, and even to the circumstantial identities of individuals online. In addition, emphasising the function of the effectiveness of the armed forces as a full demonstrates the will for deep integration and the regulation of the "solosing" of conventional forces and cyber units. The second main point is that.

The second point is devoted to the intent of cyber operations as a means of providing military advantage in cyberspace. Here we will find an indication of the function cyber actions can play – from supporting the assessment of capabilities and situational awareness, by limiting and neutralising enemy military capabilities to misleading enemy forces through modifications of data available to the opponent. The doctrine besides mentions the function of cyber measures as independent and complementary actions for another operations of another types of armed forces. It is stressed here that targets can be achieved by connecting to the net or another network so it is not essential to physically contact in order to accomplish the objectives. Further, that operations can support defensive actions if hostile operations are directed against armed forces' systems by stopping the attack or what is worth paying attention to, targeting an attack against targets without value. France so considers a full scope of actions available from misleading the attacker to actively disrupting their operations to being equivalent. As we can see, therefore, the emphasis on the effects of the operation and their function in supporting the full armed forces is being pushed through the full document.

Finally, the 3rd point concerns the organisation of the units liable for cyber operations and the chain of command in this area. The doctrine speaks of the COMCYBER already mentioned as liable for planning coordination of actions under the office of president of the Republic and decisions of the Chief of Staff of the Armed Forces. This function is intended to guarantee efficient cooperation in planning and conducting operations with individual units and types of armed forces, as well as intelligence agencies. In addition, COMCYBER is to establish and make cooperation with allied forces. The objectives of cyber operations in a tactical and strategical dimension are then identified. Examples of tactical action are:

1. Provide information of direct and immediate importance to the activities of the armed forces.
2. Neutralisation of weapon systems or command centre.
3. Data change in hostile command system.

And the equivalents of these actions at strategical level:

1. Obtain information to prepare operations or make capabilities.
2. Neutralisation of hostile capabilities specified as propaganda activities or neutralisation of the command strategy at strategical level
3. Disruption of hostile propaganda centers.

Finally, the doctrine emphasizes the request for specialised units whose skills guarantee the success of highly successful activities.

The next part of the paper describes the hazard management methods associated with cyber activities. These operations are aligned with conventional actions, which translates into the request to measure proportionality, just in bello, efficiency and political context. In particular, according to the authors, the risks associated with cyber operations arise from the immediateity of the effects, the dual nature of the objectives and the degree of computerisation of modern infrastructure. The last 2 points are peculiarly highlighted in the doctrine, which speaks of the request to closely monitor the effects of the operation and to avoid collateral harm in the context that the operation may have effects beyond the intended objectives. This is due to the request to take into account unknown variables in terms of configuration and connection to another systems of targets under attack. Similarly, the paper indicates the anticipation of leaking offensive tools, which, as with software, can be copied or reproduced on the basis of intercepted artifacts. It besides draws attention to the asymmetrical dimension of action and the proportionally greater vulnerability of large countries with a highly informed economy. Therefore, account should be taken of the hazard associated with the anticipation of escalation by an entity with a smaller area of attack, thus bearing a lower risk. Finally, a very crucial point crowns this part of the doctrine – a reservation as to the confidential nature of the operation. All cyber operations are to be classified in rule to guarantee their efficiency and reduce the hazard of escalation. The decision to make the action public is of a political nature and can be taken by political and military authorities on the basis of an assessment of the facts in favour and against.

Further, the doctrine speaks of the request to operate under a legal government involving national and global law, including the law of armed conflicts. In particular, the paper points to defensive actions undertaken under the work of the Chief of Staff of the Armed Forces, which are subject to the Defence Law (code de la defense) and the Prime Minister's regulations on their application. France besides undertakes to support liable practices in the usage of cyberspace activities to guarantee stableness and conflict prevention, as well as the improvement of global law practice in this area.

In the following point, the paper mentions France's function in NATO and its partnership in Europe in ensuring cyberspace security, in which it refers to 2016 NATO commitments to strengthen capacity to defend against cyber attacks. Developing French capabilities to operate in cyberspace is so besides intended to strengthen collective defence, with national control over the final form of operation.

The last point of doctrine is to mark a further direction. 5 major challenges are indicated here:

1. Increase the pace of improvement of the armed forces' defence capabilities to combat cyber operations,
2. the improvement of a staff policy enabling staff with adequate qualifications to make and implement fresh opportunities,
3. conducting exercises on the usage of cyber operations in the context of armed actions and operations of combined types of armed forces,
4. adaptation of capacity building capabilities to the pace of IT development,
5. cooperation with partners, with emphasis on Europe, on allied actions.

So, as we can see, France places cyber operations as an integrated part of the ability of the armed forces to emphasise their function as both ancillary and an chance to accomplish their objectives independently. In the context of the organisation of units liable for conducting operations, it is worth noting a clear division into offensive and defensive parts. Whereas COMCYBER besides has defensive operations in its tasks to guarantee the safety of the armed forces, we will not find here an agency that, like the US NSA or the British GCHQ, would have in its structures departments liable for the offensive and supporting defence at the level of civilian state infrastructure. The ANSSI, or national cybersecurity entity, is not part of the French intelligence community, retaining its remit focused strictly on defence activities. Emphasis on discretion and secrecy of the operation is besides seen in the preference of a different model of taking work than that characteristic of even US direct indication of perpetrators. France avoids public contributions, but this approach is not absolute. ANSSI did not indicate circumstantial military or intelligence units liable for the attacks, however, it attributed actions to activity groups, which, given the contributions of another actors, can be read as a signal element, that France is aware of who is behind the attacks. On the another hand, we will not find a public confession to carry out offensive operations What we saw in June from the U.S. in connection with the war in Ukraine. And in the context of sending signals, it is besides impossible not to mention a public declaration Florence Parly, who has until late led the Ministry of Armed Forces, and who has said that France is able to identify the perpetrators of the attacks and is not afraid to usage offensive measures to retaliate. This position clearly fits into the doctrine-specific scope of usage of cyber operations, taking into account both supporting and independent actions.

Co-operation, efficiency, responsibility. These 3 words are possibly best characterized by the doctrine of cyber operations that France has accepted. The inactive highlighted place of specified actions as part of the armed forces' arsenal, emphasis on global cooperation and demarcation of work for individual elements of the cybersecurity strategy are pillars that specify the approach to the functioning and future of the country's cyber components. However, as I pointed out in the introduction, France besides defined its doctrines in terms of defence and information operations, which most likely shortly on counterintelligence.pl.