Bridging the Cyber Divide

Common Ground in Cyber Operations

By Maj. John Plaziak

Article published on: July 1st, 2025 in the Gray Space Summer 2025 Edition

Read Time:< 8 mins

Maj. John Plaziak, U.S. Army Command, General Staff College

Four countries, thirty-seven attacks, and thousands of lives lost. This was the devastating toll of the Islamic State in Iraq and Syria’s (ISIS) global campaign of terror following their 2014 capture of Mosul, Iraq’s second-largest city. As the extremist group transformed the ancient metropolis into their self-proclaimed capital, they unleashed a wave of violence that would soon force military strategists to reimagine modern warfare.

Online propaganda ran rampant. ISIS, through the Cyber Caliphate, began recruiting and messaging their cause through social media and dark web forums. Military operations needed to expand from the physical into the digital realm. The increasing cyber threat led to the formation of Joint Task Force ARES, a unit within U.S. Cyber Command, tasked with conducting Operation Glowing Symphony in 2016.

The mission aimed to disrupt ISIS’s digital infrastructure by infiltrating and compromising its media networks. Cyber operatives targeted ISIS’s servers, websites, and social media accounts, effectively impeding their ability to spread propaganda and coordinate activities. This cyber offensive significantly degraded ISIS’s online presence, hindering its recruitment efforts and operational planning.

Operation Glowing Symphony marked a pivotal shift in modern warfare, highlighting the importance of cyber operations in combating extremist groups. By targeting the digital platforms that facilitated ISIS’s growth, the operation showcased the potential of cyber strategies to undermine the capabilities of such organizations.¹

Analysis of OGS Through Strategy

A significant theme throughout OGS is the herculean task of understanding the parts and interconnected nature of the ISIS media network. Through Joint Intelligence Preparation of the Operational Environment, USCYBERCOM teams could “map out” this network of people, places, physical infrastructure, logical links, and information.

The resulting web of information seemed complex. The cause-and-effect analysis placed on different parts of the network map was difficult to understand, thus making it difficult to prescribe action against them. However, through careful analysis, a captain on a cyber mission team was able to identify patterns in the network map. Through these patterns, he began center of gravity analysis, an analysis of the source of strengths of the ISIS media network. He discovered critical capabilities, critical requirements, and critical vulnerabilities of the ISIS media network (Joint Staff, 2024, pp. IV-22 to IV-27). These critical vulnerabilities could be targeted to have a measured effect. He conducted intellectual bracketing by using a combination of intuition and cognition with the data, information, and knowledge available to him, resulting in a deeper understanding of his problem (McConnell, Mong, & Ptaschek, 2021). The ISIS media network was, in fact, a complicated system rather than a complex one. Joint Task Force Ares was created to conduct the operation against these identified vulnerabilities.

Analysis of OGS Through Tactics

Defeat mechanisms are essential in describing the desired effect of an offensive operation. Of the four mechanisms—destroy, dislocate, disintegrate, and isolate—OGS displayed qualities associated with destruction and disintegration (HQDA, 2022, pp. 3-20). It is conceivable that offensive cyberspace operations could support any defeat mechanism. Leaders across formations and branches must communicate their expectations in this common language to accomplish the commander’s intent.

In a traditional offensive operation, combat force ratios favor the defender, giving them a relative advantage (HQDA, 2023, p. 8-24). In cyberspace, however, this favor is reversed. In the military and industry, cyber defenders struggle to maintain the defensive posture required to keep an adversary out of their systems and networks. Due to the relatively low cost of an attack, as opposed to a traditional military offensive operation, an offensive cyber operation only needs to be successful once. The defender, however, must be successful every time. This concept flips the traditional framework that military planners use and should be accounted for when considering offensive and defensive operations in cyberspace. OGS planners could then use this analysis when planning and executing their mission.

Analysis of OGS Through Force Management

The Joint Capabilities Integration and Development System (JCIDS), a Department of Defense (DoD) process for identifying capability requirements and validating solutions, can be used literally and metaphorically during Operation Glowing Symphony (USAWC, 2021, pp. 2-14).

From a metaphorical perspective, the Department of Defense identified a critical gap in its plan to defeat ISIS. This gap led to a cyberspace line of effort aimed at combating the Cyber Caliphate and its associated media networks. Operation Glowing Symphony was born through this identified and filled capability gap.

From a literal perspective, JCIDS represents the mechanisms for leaders to identify gaps in the current cyber capability set through the Doctrine, Organization, Training, Material, Leadership and Education, Personnel, and Facilities (DOTMLPF) lenses. Once the gaps are identified, the force management system could create the appropriate material or non-material solution.

Analysis of OGS Through Sustainment

Sustainment provides three things to a commander: operational reach, freedom of action, and prolonged endurance (U.S. Joint Chiefs of Staff, 2023, p. III-26). While sustainment in the traditional sense provides resources to continue the fight in an area of operations, cyberspace operations typically defy those requirements due to their non-theater requirements, as depicted during OGS. However, operational contract support and finance are critical when considering cyberspace operations writ large.

Operational Contract Support is the process of obtaining supplies, services, and construction efforts from civilian sources to support military operations (HQDA, 2021, p. 1-1). The ability to hire contractors allows USCYBERCOM to bolster its capabilities, which it cannot create through force generation. Contracted support is paramount to accomplishing cyberspace operations missions.

Similarly, the Army utilizes its Military Personnel, Army (MPA) funding to provide the Cyber Assignment Incentive Pay to offset the difference between military and potential civilian pay. This pay differential rewards Soldiers fulfilling key, critical cyber work roles within the Army (ARCYBER, 2024).

Analysis of OGS Through Leadership

Leadership is paramount across the military, and cyberspace operations are no different. A mission commander on the OGS team described how he identified the vulnerabilities in the ISIS media network. As a captain, he was able to use influence techniques centered around his expertise to convince his supervisor that this idea was feasible. The pair then convinced senior military leadership across USCYBERCOM that their plan was viable, ultimately resulting in OGS itself. They demonstrate high emotional intelligence, the ability to influence beyond positional power and organizational trust, a willingness of senior leaders to trust their subordinates, and their subordinates’ willingness to come forward with ideas throughout USCYBERCOM and the OGS team. Their eventual approval reflected the organization’s commitment to fostering initiative and trust. This culture was further validated during the mission’s execution when an intelligence analyst provided a mission-critical response to an unforeseen threat. This action demonstrated the operational advantages of a command climate that values subordinate input, empowering leaders to remain agile under unpredictable conditions.

Analysis of OGS Through History

While it may seem unusual to consider cyberspace operations in a historical context due to their recent invention, history provides ways to compare the importance of events, thoughts, and actions over time.

During World War I, aircraft were primarily used for reconnaissance and surveillance (Muller, 1996, pp. 152–154). Towards the end, however, weapons were attached to the aircraft, and a new domain of warfare began to take shape. OGS faced a similar evolution. Initially, cyberspace operations were conducted for purely intelligence purposes. Worldwide events, namely a terrorist attack in Paris in 2015, led to the extension of operations against ISIS. A small “test” operation precluded OGS.

This “precursor” concept was present in World War II. Operation Torch allowed U.S. forces to demonstrate their mettle in combat operations to the Allies. A successful Operation Torch was the precursor to Operation Overlord, just as initial cyber effects operations were the predecessor to OGS.

Historical military thought is also present in cyberspace operations. Carl Von Clausewitz’s “fog of war,” or the uncertainty present in all military operations, was present during the initial planning for OGS (Clausewitz, 2006). The fog of war allowed the ISIS media network to masquerade itself as a complex system, decreasing the planning team’s ability to understand its structure. The fog of war seems omnipresent across all types of military operations.

Implications for Future Joint and Multinational Operations

Analyzing OGS through these lenses provides an opportunity to examine the future.

From the dawn of the internet to the execution of OGS in 2016, the operation represents a culmination of all technological and political acceptance of cyberspace operations and its place in modern warfare. From the Moonlight Maze to Stuxnet to OGS operations, we see a change in political acceptance from total secrecy to modest public discourse surrounding cyberspace operations.

OGS was inherently joint and multinational but was still a very strategic capability. As the U.S. builds partners and allies around the globe, it may become prudent to create a subset of cyberspace operations at the tactical level that can be shared with our multinational partners.

Utilizing the JCIDS process through DOTMLPF, potential solutions arise through the DOTMLPF framework. An organizational solution could be to create a cyberspace operations unit that is organic to the Corps. These organizations could use open-source and non-classified tools, tactics, techniques, and procedures at the operational and tactical levels. These Corps-level assets could then operate in step with Cyber Mission Force (CMF) capabilities to extend these capabilities’ reach, scope, and availability.

For example, a Cyber Protection Team (CPT) could deploy to a partner nation in the Indo-Pacific to assess and analyze critical port infrastructure. After their operation, the Corps could deploy its organic cyber unit during routine security cooperation exercises to provide follow-up assessments, analysis, and partner training that builds on the CPT’s original work. This redundancy would increase the number of touchpoints with our partner force while supporting potential U.S. interests in port operations in the Indo-Pacific.

In short, the CMF would maintain its strategic capability set while cyber units across the force could leverage non-classified tools to extend the capabilities and incorporate more multinational partners. Cyberspace operations are also helpful when creating and exploiting information advantages in support of decision dominance and imposing multiple dilemmas on the enemy, two imperatives of MDO. The Army has traditionally been excellent at integrating land, sea, and air across all levels of warfare, while cyberspace and space operations have traditionally lived in the strategic. Through critical and creative thinking and technological adaptation and innovation, there are ways to integrate cyberspace operations into the operational and tactical levels.

Conclusion

The pace of technology is increasing. While OGS represents a culmination of all development to that point in time, it also represents a springboard into the future. Leaders’ ability to analyze future possibilities is paramount to ensuring that the United States is at the forefront of technological solutions. This involves adapting these solutions across all levels of warfare while incorporating our multinational partners.

The analysis of Operation Glowing Symphony through these lenses underscores the need for military leaders to think critically and creatively about the evolving nature of warfare in the digital age. We understand the challenges and opportunities ahead by examining the operation’s implications for strategy, tactics, force management, sustainment, leadership, and history. As we strive to integrate cyberspace operations into the operational and tactical levels of warfare, we must remain adaptable, innovative, and committed to developing and integrating cyberspace operations and education for leaders across the Army.

Notes