Cyberspace is a relatively new domain of operations for NATO, but also for many nations. Operations in cyberspace lack the doctrinal corpus and experience that operations in the other domains (land, air, sea) have accumulated over the years (or centuries, in many cases). The legal aspects of operating in a geographical domain that exceeds the Commander's area of responsibility further exacerbate the problem, calling for careful consideration when defending one's own cyber assets, when planning for missions and when delivering cyber effects. One of the main questions that the Commander must consider is how to decompose the problem of achieving objectives in and through, potentially contested, cyberspace. This question is not addressed in the latest military doctrine, but can be answered by decomposing a generic mission where cyber is to be employed and deriving a suitable functional analysis. Such decomposition would provide a "catalogue" of functions that the commander might need to execute, which in itself can inform the structure and manning of the cyber organization, the development of operational requirements and the subsequent development of a capability breakdown to satisfy those requirements. The mission decomposition can also provide a very useful starting point to the cyber capability engineering development process, thus removing most of the subjectivity and the likelihood for capability gaps and/or overlaps to occur. This paper presents a novel functional analysis for cyberspace operations. The analysis separates the functions associated to defending one's own networks and systems (traditional Communication and Information Systems [CIS] security and cyber defense) from those related to cyber missions planning, Command and Control (C2), generation of cyber Situational Awareness (SA) (including cyber INTEL) and the delivery of cyber effects. The proposed functional analysis is organization/mission/capability and intent agnostic, as well as technology/solution independent. It is, therefore, applicable to the activities of a large scale cyber command, an individual hacker, and the full spectrum of actors between those two.
