CONOPS For NetOps

10 August 2005
Joint Concept of Operations for
Global Information Grid NetOps
i
UNCLASSIFIED
ii
UNCLASSIFIED
Executive Summary
Introduction
The Unified Command Plan (UCP) assigns the missions of Information Operations (IO) and
Global Command, Control, Communications, Computers, Intelligence, Surveillance, and
Reconnaissance (C4ISR) to Commander, US Strategic Command (CDRUSSTRATCOM).
Included in these missions is the responsibility to operate and defend the Global Information
Grid (GIG). NetOps is the operational construct that the CDRUSSTRATCOM will use to operate
and defend the GIG. The goal of NetOps is to provide assured and timely net-centric services
across strategic, operational and tactical boundaries in support of DOD’s full spectrum of war
fighting, intelligence and business missions. The desired effects of NetOps are: assured system
and network availability, assured information protection and assured information delivery. This
Concept of Operations (CONOPS) provides a high level description of the key attributes of
NetOps: Essential Tasks, Command and Control Operating Principles, Command and Control
Structure and Relationships, and the Collaborative Command and Control Process.
NetOps Essential Tasks – NetOps is an integrated approach to accomplishing the three

interdependent tasks necessary to operate the GIG — GIG Enterprise Management (GEM), GIG
Network Defense (GND) and Information Dissemination Management / Content Staging
(IDM/CS). NetOps is not simply GEM and GND and IDM/CS tacked together. Rather, it is the
methodical integration of individual capabilities and the resultant synergy.
NetOps Command and Control Operating Principles – Starting in the late 1990’s, the DoD
began evaluating the benefits that Information Age technology can bring to military operations.
The vast improvements in information sharing realized by applying Information Age technology
to military Command and Control (C2) significantly improve our agility and speed of command.
These ideas evolved into the concept of Net-Centric Operations and Warfare (NCOW). NetOps
is a net-centric operation, and faces the same set of C2 challenges as any other Joint Force
Operation. As a critical enabling capability to achieving net-centricity, NetOps must adopt
Information Age C2 structures and processes. For DoD to achieve net-centricity, the GIG must
be operated net-centrically. The NetOps Community of Interest (COI) must lead the way in
adopting collaborative C2. The NetOps COI must be able to operate and defend the GIG in a
net-centric manner, in order for the DoD to realize the benefits of NCOW.
NetOps Command and Control Structure and Relationships – The NetOps COI is the term
used to describe the collaborative group of organizations responsible for operating and defending
the GIG. The NetOps COI must exchange relevant information in pursuit of their shared
objective and mission to operate and defend the GIG. Under the authority vested in the
Commander, USSTRATCOM, the NetOps COI consists of organizations from the Office of the
Secretary of Defense, Joint Chiefs of Staff, Combatant Commands, Military Services, Defense
Agencies, Other US Government Agencies, Intelligence Community, coalition partners and Non-
Government Organizations (NGO) that must interact to accomplish NetOps in support of the
DoD mission. This CONOPS applies to the entire NetOps COI and will govern their operational
iii
UNCLASSIFIED
conduct. It will be used to develop deliberate plans, support crisis action planning, and orders
production. Non-DoD organizations connecting to the GIG will comply with this CONOPS.
Collaborative NetOps Command and Control Process – C2 is the ability to recognize what
needs to be done in a situation and to ensure that effective actions are taken to achieve the
desired effect with minimum adverse impact. At its core, C2 is about decision-making and the
individuals who make decisions. NetOps C2 must be a joint decision-making process that is
dynamic, decentralized, distributed, and highly adaptive. Enabled by a robust, secure, integrated
network, and through the employment of Collaborative Information Environments (CIEs), the
NetOps COI will possess a seamless C2 capability. Supported by skilled personnel trained in
joint NetOps and standardized NetOps Tactics, Techniques, and Procedures (TTPs), the NetOps
COI will be able to create desired GIG effects at the right time and place to accomplish the
mission.
iv
UNCLASSIFIED
Table of Contents
Executive Summary ..................................................................................................................... iii
Table of Contents .......................................................................................................................... v
List of Figures............................................................................................................................. viii
1 NetOps.................................................................................................................................... 1
1.1 Overview......................................................................................................................... 1
1.2 Mission............................................................................................................................ 2
1.3 Effects ............................................................................................................................. 2
2 NetOps Essential Tasks ........................................................................................................ 5

2.1 Overview......................................................................................................................... 5
2.2 GIG Enterprise Management .......................................................................................... 5
2.2.1 Information Technology Services........................................................................... 5
2.2.2 Critical Capabilities ................................................................................................ 6
2.2.3 Effects Enablers ...................................................................................................... 6
2.3 GIG Network Defense .................................................................................................... 7
2.3.1 Fundamental Attributes........................................................................................... 7
2.3.3 Effects Enablers ...................................................................................................... 8
2.4 Information Dissemination Management / Content Staging .......................................... 9
2.4.1 Core Services .......................................................................................................... 9
2.4.3 Effects Enablers .................................................................................................... 10
3 NetOps Command and Control Operating Principles .................................................... 11

3.1 Overview....................................................................................................................... 11
3.2 Net-Centric Operation and Defense of the GIG ........................................................... 12
3.2.1 Self-Synchronization of NetOps ........................................................................... 12
3.3 C2 and NetOps Decision Making ................................................................................. 13
3.3.1 Theater & Global NetOps Events ......................................................................... 13
3.3.1.1 Theater NetOps Events ..................................................................................... 14
3.3.1.2 Global NetOps Events...................................................................................... 14
3.3.2 Principles of NetOps Command and Control ....................................................... 14
4 NetOps C2 Structure & Relationships.............................................................................. 16

v
UNCLASSIFIED
4.1 NetOps Community of Interest..................................................................................... 16
4.2 Organizational Roles and Capabilities.......................................................................... 16
4.2.1 Commander, US Strategic Command................................................................... 16
4.2.1.1 Commander, Joint Functional Component Command for Network Warfare... 17
4.2.1.2 Commander, Joint Task Force-Global Network Operations ............................ 18
4.2.1.2.1 Global NetOps Center ..................................................................................... 19
4.2.1.2.2 JTF-GNO Operational Forces and Service Components .................................... 21
4.2.1.2.2.1 Commander, Global NetOps Support Center ...................................... 21
4.2.1.2.2.2 Commander, Theater NetOps Center................................................... 22
4.2.1.2.2.3 Commander, GIG Infrastructure Services Management Center.......... 23
4.2.1.2.3 JTF-GNO Service Component Commands ....................................................... 25
4.2.1.2.3.1 Service Global Network Operations and Security Centers and
Computer Emergency / Incident Response Teams ................................................... 25
4.2.2 Combatant Commands.......................................................................................... 27
4.2.2.1 Geographic Combatant Commands .................................................................. 27
4.2.2.1.1 Theater NetOps Control Center........................................................................ 27
4.2.2.1.2 Service Theater Network Operations and Security Centers ................................ 28
4.2.2.1.2.1 United States Army.............................................................................. 30
4.2.2.1.2.2 United States Navy .............................................................................. 32
4.2.2.1.2.3 United Sates Marine Corps .................................................................. 33
4.2.2.1.2.4 United States Air Force........................................................................ 34
4.2.2.2 Functional Combatant Commands.................................................................... 35
4.2.2.2.1 Global NetOps Control Center ......................................................................... 35
4.2.2.3 Sub-Unified....................................................................................................... 35
4.2.2.3.1 Sub-Unified NetOps Control Center ................................................................. 35
4.2.2.4 Joint Task Force................................................................................................ 36
4.2.2.4.1 Joint NetOps Control Center ............................................................................ 36
4.2.3 Defense Agencies.................................................................................................. 36
4.2.3.1 DoD Agency Theater Network Operations and Security Centers .................... 36
4.2.3.2 DoD Agency Global Network Operations and Security Center ....................... 37
4.2.3.2.1 Defense Information Systems Agency .............................................................. 38
4.2.4 Interagency............................................................................................................ 38
4.2.4.1 Director of National Intelligence ...................................................................... 39
4.2.4.1.1 Intelligence Community Incident Response Center ........................................... 39
4.2.4.1.2 National Security Agency................................................................................ 39
4.2.4.1.3 The Defense Intelligence Agency..................................................................... 40
4.2.4.2 National Communications System.................................................................... 41
4.3 NetOps C2 Structure ..................................................................................................... 41
4.3.1 Global NetOps C2................................................................................................. 41
4.3.2 Theater NetOps C2 ............................................................................................... 43
5 Collaborative NetOps C2 Process...................................................................................... 44

5.1 Overview....................................................................................................................... 44
5.2 NetOps C2 Process ....................................................................................................... 45
5.2.1 The Basic NetOps C2 Process and Its Component Functions .............................. 45
vi
UNCLASSIFIED
5.2.1.1 Monitor and collect data on the situation.......................................................... 46
5.2.1.2 Develop an understanding of the situation........................................................ 46
5.2.1.3 Develop a course(s) of action and select one & Develop a plan to execute the
selected course of action ................................................................................................... 47
5.2.1.4 Execute the plan, to include providing direction and leadership to subordinates. 47
5.2.1.5 Monitor execution of the plan and adapt as necessary ..................................... 48
5.3 Collaboration................................................................................................................. 48
5.3.1 Collaborative C2 Functions .................................................................................. 48
5.4 Linking the Basic and Collaborative NetOps C2 Processes ......................................... 50
5.5 NetOps Shared Situational Awareness ......................................................................... 51
5.5.1 Overview............................................................................................................... 51
5.5.2 NetOps Situational Awareness Capability............................................................ 51
5.5.3 NetOps Situational Awareness Content................................................................ 53
5.5.4 NetOps Situational Awareness Responsibilities................................................... 53
5.5.4.1 Combatant Commander Responsibilities.......................................................... 54
5.5.4.2 Component, Service, Agency, Sub-Unified, and JTF Responsibilities ............ 54
Appendix A: References........................................................................................................ 55
Appendix B: Glossary ........................................................................................................... 58
Appendix C: Acronyms ......................................................................................................... 63
vii
UNCLASSIFIED
List of Figures
Figure 1: NetOps Essential Tasks and Effects............................................................................... 3

Figure 2: USSTRATCOM Operational C2 Structure.................................................................. 17
Figure 3: JTF-GNO Staff Organization ....................................................................................... 19
Figure 4: JTF-GNO Operational Forces ...................................................................................... 21
Figure 5: JTF-GNO Service Components.................................................................................... 25
Figure 6: US Army NetOps Forces.............................................................................................. 31
Figure 7: US Navy NetOps Forces .............................................................................................. 32
Figure 8: US Marine Corps NetOps Forces................................................................................. 33
Figure 9: US Air Force NetOps Forces........................................................................................ 34
Figure 10: Global NetOps C2 ...................................................................................................... 42
Figure 11: Theater NetOps C2..................................................................................................... 43
Figure 12: The Basic C2 Functions and Process ......................................................................... 46
Figure 13: Collaborative C2 Process ........................................................................................... 50
Figure 14: Linking the Basic and Collaborative C2 Processes.................................................... 51
Figure 15: GIG SA Reporting Flow............................................................................................. 52
viii
UNCLASSIFIED
1 NetOps
“We must change the paradigm in which we talk and think about the network; we must ‘fight’
rather than ‘manage’ the network and operators must see themselves as engaged at all times,
ensuring the health and operation of this critical weapons system.”
~ Secretary of Defense Donald Rumsfeld
1.1 Overview
NetOps is defined as the operational construct consisting of the essential tasks, Situational
Awareness (SA), and C2 that CDRUSSTRATCOM will use to operate and defend the GIG.
This document explains how NetOps is essential for enabling net-centric operations. NetOps
operators are responsible for performing the functions to sustain the operational readiness of the
GIG. NetOps operators are defined as those people that are performing and managing NetOps
functions as discussed in this document. As a result of this CONOPS, these operators will be
better able to:
• Monitor the performance and capabilities of the GIG.

• Optimize the GIG.
• Manage risk of service disruption.
• Collaborate worldwide.
• Defend the GIG.
• Provide SA of the GIG.
The following terms are used throughout this CONOPS and require a universal understanding.
• Global Information Grid. The GIG and its assets are defined in Department of Defense
(DoD) Directive 8100.1, as follows:
Globally interconnected, end-to-end set of information capabilities, associated processes,
and personnel for collecting, processing, storing, disseminating, and managing
information on demand to warfighters, policy makers, and support personnel. The GIG
includes all owned and leased communications and computing systems and services,
software (including applications), data security services, and other associated services
necessary to achieve Information Superiority. It also includes National Security Systems
(NSS) as defined in section 5142 of the Clinger-Cohen Act of 1996. The GIG supports
all DoD, National Security, and related Intelligence Community (IC) missions and
functions (strategic, operational, tactical, and business) in war and in peace. The GIG
provides capabilities from all operating locations (bases, posts, camps, stations, facilities,
mobile platforms, and deployed sites). The GIG provides interfaces to coalition, allied,
and non-DoD users and systems.
The GIG includes any system, equipment, software, or service that meets one or more of
the following criteria:
♦ Transmits information to, receives information from, routes information among, or
interchanges information among other equipment, software, and services.
1
UNCLASSIFIED
♦ Provides retention, organization, visualization, information assurance, or disposition
of data, information, and/or knowledge received from or transmitted to other
equipment, software, and services.
♦ Processes data or information for use by other equipment, software, and services.
• Net-Centric Services. Net-centric services will provide DoD organizations access to
reliable, decision-quality information through net-based services infrastructure and
applications to bridge a real-time or near-real-time COI. The services will empower the edge
user to pull information from any available source, with minimal latency, to support the
mission. Its capabilities will allow GIG users to task, post, process, use, store, manage and
protect information resources on demand for warriors, policy makers and support personnel.
1.2 Mission
The NetOps mission is to operate and defend the GIG. Unlike many missions that are deemed
successful at a defined completion date, the NetOps mission is perpetual, requiring continual
support to be successful. NetOps will provide assured net-centric services in support of DoD’s
full spectrum of war fighting, intelligence, and business missions throughout the GIG,
seamlessly, end-to-end.
An objective of net-centric services is to quickly get information to decision-makers, with

adequate context, to make better decisions affecting the mission and to project their decisions
forward to their forces for action. If the decision maker is not getting the needed net-centric
services, the GIG NetOps community must collaboratively determine who must take action and
how information flow can be optimized. This requires NetOps personnel to have a shared SA as
well as the technologies, procedures, and collaborative organizational structures to rapidly assess
and respond to system and network degradations, outages, or changes in operational priorities.
All functions required to most effectively support GIG operations will be holistically managed.
The effectiveness of NetOps will be measured in terms of availability and reliability of net-
centric services, across all domains, in adherence to agreed-upon service levels and policies. The
method for service assurance in a net-centric collaborative environment is to establish
operational thresholds, compliance monitoring, and a clear understanding of the capabilities
between enterprise service/resource providers and consumers through Service Level Agreements
(SLAs). Proper instrumentation of the GIG will enable monitoring of adherence to these SLAs,
as well as enable timely decision-making, service prioritization, resource allocation, root cause,
and mission impact assessment. Subsequent TTPs and SLAs will be formalized with appropriate
implementation policies to enforce compliance.
1.3 Effects
An effect is a result or impact created by the application of military or other power.1 The desired
effects of NetOps are Assured System and Network Availability, Assured Information
Protection, and Assured Information Delivery. These effects are all required to achieve and
sustain assurance of the NetOps mission. Adhering to the NetOps mission and performing the
1
Smith, Edward A. Effects Based Operations: Applying Network Centric Warfare in Peace, Crisis, and War.
Washington, DC; DoD Command and Control Research Program. P.111, 2003.
2
UNCLASSIFIED
three NetOps essential tasks (GEM2, GND3, and IDM/CS) in a standard discipline will provide
the war fighter with the desired NetOps effects. The three NetOps essential tasks are discussed
further in chapter two. Integration of the NetOps essential tasks must be performed at the
strategic, operational, and tactical levels and across all DoD war fighting, intelligence, and
business domains for the effects to be successful.
Figure 1: NetOps Essential Tasks and Effects

Figure 1, titled NetOps Essential Tasks and Effects, was developed to establish a common
understanding of the technical composition that must be considered to provide and sustain the
effects of NetOps. The center of the diagram illustrates the three NetOps essential tasks, their
relationships, and the desired effects once they are transformed into a tightly integrated NetOps
capability.
The three desired effects are further discussed below.
• Assured System and Network Availability. Provide visibility and control over the system
and network resources. Resources are effectively managed and problems are anticipated and
mitigated. Proactive actions are taken to ensure the uninterrupted availability and protection
of the system and network resources. This includes providing for graceful degradation, self-
healing, fail over, diversity, and elimination of critical failure points.
2
Note: The concept of GIG NetOps has evolved since its last iteration. The naming convention GIG Enterprise
Management (GEM) has replaced what was previously known as Enterprise Services Management/Network
Management (ESM/NM) in an effort to more clearly define the parts that make up this NetOps essential task
3
Note: For the purpose of this CONOPS and to convey the global dimension of STRATCOM’s mission to defend
the GIG, the term GIG Network Defense (GND) is used in this document to encompass Information Assurance (IA),
Computer Network Defense (CND), Critical Infrastructure Protection (CIP) and other GIG defense tasks in an effort
to more clearly define the scope of this NetOps essential task. This is not intended to replace the terms of IA and
CND.
3
UNCLASSIFIED
• Assured Information Protection. Provide protection for the information passing over
networks from the time it is stored and catalogued until it is distributed to the users, operators
and decision makers.
• Assured Information Delivery. Provide information to users, operators, and decision
makers in a timely manner. The networks are continuously monitored to ensure the
information is transferred with the correct response time, throughput, availability, and
performance that meet user needs.
4
UNCLASSIFIED
2 NetOps Essential Tasks
“All operations, while regional in execution, have global
consequence and therefore require a global perspective.”
~ Gen J.E. Cartwright, CDRUSSTRATCOM
2.1 Overview
NetOps integrates three interdependent tasks - GEM, GND, and IDM/CS. NetOps is not simply
GEM and GND and IDM/CS tacked together. Rather, it is the methodical integration of each
task’s individual capabilities and the resultant synergy. The three NetOps essential tasks are
discussed in the following sections.
2.2 GIG Enterprise Management

GEM is defined as the technology, processes, and policy necessary to effectively operate the
systems and networks that comprise the GIG. This essential task merges Information
Technology (IT) services with the NetOps critical capabilities.
2.2.1 Information Technology Services

There are five major IT services within GEM. They manage the GIG services and technologies
to ensure the effective and efficient operations, performance, availability, and security of GIG
information systems, elements of systems, and services. These services must be employed at the
strategic, operational, and tactical levels across all DoD warfighting, intelligence, and business
domains.
• Enterprise Services Management. Provides the services for end-user applications, web-
based services, remote hosted applications, discovery, storage, operating systems and other
IT components of applications.
• Systems Management. Provides the day-to-day management of computer-based
information systems, elements of systems, and services to include software applications,
operating systems, databases, and hosts of the end-users. System management comprises all
the measures necessary to ensure the effective and efficient operations of GIG information
systems, elements of systems, and services.
• Network Management. Provides the services of a networked system with the desired level
of quality and guaranteed availability. Networks included within GEM are located on all
three means of communication (terrestrial, airborne, or Satellite Communications
(SATCOM)) and they include: switched networks, data networks, Video Teleconferencing
(VTC) networks, SATCOM networks, and wireless networks.
• Satellite Communications Management. SATCOM management is the day-to-day
operational management of all apportioned and non-apportioned SATCOM resources, to
include appropriate support when disruption of service occurs; provides global SATCOM
system status; maintaining global SA to include each Combatant Command’s (COCOM’s)
current and planned operations as well as Space, Control, and Terminal Segment asset and
operational configuration management; radio frequency interference resolution management;
satellite anomaly resolution and management; and SATCOM interference to the GIG.
5
• Electromagnetic Spectrum Management. Spectrum planning and management involves
the efficient employment of the electromagnetic spectrum including: international planning;
frequency allocation; coordination with civilian and other government departments, agencies,
military services and components, and allies; frequency assignment, allotment, and approval;
protection; frequency deconfliction; interference resolution; and coordination with electronic
warfare activities. Spectrum management ensures that the Combatant Commanders and
subordinate Commanders have cognizance of all spectrum management decisions that impact
accomplishment of their missions.
2.2.2 Critical Capabilities

GEM involves the following NetOps critical capabilities to support the IT services previously
discussed. These capabilities for GEM must be employed along with the IT services at the
strategic, operational, and tactical levels across all DoD war fighting, intelligence, and business
domains.
• FCAPS. Fault, Configuration, Accounting, Performance, and Security (FCAPS) are required
for computing hosts, software applications and connected transmission systems, both wired
and wireless, that carry voice, video, data, and imagery.
• Visibility. Visibility involves knowing the status of the networks and systems that comprise
the GIG.
• Monitoring and Analysis. Monitoring and analysis involves receiving and viewing relevant
fault and performance data to determine the impact on current operations and provide trend
analysis.
• Planning. Planning occurs in establishing the computer and communications configurations
for an operation: allocating circuits, calculating loads, ensuring spectrum non-interference,
and establishing applications to be used in the operation. Contingency planning including
backup resources and restoration resources is a critical aspect of GEM planning.
• Coordinating and Responding. Receives, compiles, and disseminates fault and
performance data for systems and networks to create a common network picture and
coordinates response to major network outages that could have an operational impact.
• Management and Administration. Management and administration includes establishing
restoration priorities for assigned systems and networks, and developing and overseeing
implementation of policies, procedures, and special instructions to subordinate network
control centers. It involves planning, coordinating, and approvals for frequency allotments
and assignments, SATCOM access, Request for Service (RFS) release, Telecommunication
Service Request (TSR), tactical Telecommunication Service Order (TSO) preparation and
release, and Communications System tasking.
• Control. Control involves the ability to perform FCAPS management over all assigned
systems and networks.
2.2.3 Effects Enablers

This essential task enables Assured System and Network Availability and Assured Information
Delivery as indicated in Figure 1. The effects of this essential task are achieved by:
6
• Configuring and allocating GIG system and network resources.
• Ensuring effective, efficient and timely processing, connectivity, routing, and information
flow.
• Accounting for resource usage.
• Maintaining robust GIG capabilities in the face of component or system failure and/or attack.
• Rapid, flexible deployment of networked resources.
• Planning for increased network utilization.
2.3 GIG Network Defense

To convey the global dimension of STRATCOM’s mission to defend the GIG, the term GND is
used in this document to encompass USSTRATCOM’s operational responsibilities for
Information Assurance (IA), Computer Network Defense (CND), Critical Infrastructure
Protection (CIP) and other GIG defense tasks in an effort to more clearly define the scope of this
NetOps essential task. This is not intended to replace the terms of IA and CND. Additionally,
GIG constituent systems that meet the definition of a NSS must follow the appropriate IA
guidelines and policies for NSS. Other GIG systems not designated NSS must be provided
adequate IA so as not to jeopardize the security of GIG NSS systems.
2.3.1 Fundamental Attributes

There are five major fundamental attributes within GND. These fundamental attributes help to
protect friendly information and information systems while denying adversaries access to the
same information and information systems.
• Protection. Prior actions taken to counter vulnerabilities in GIG information transport,

processing, storage, service providers, and operational uses. Protection activities include
Emission Security (EMSEC), Communications Security (COMSEC), Computer Security
(COMPUSEC), Information Security (INFOSEC), and CIP incorporating physical
protection, access control, cryptography, network guards, and firewall systems.
• Monitoring. The monitoring of information systems to sense and assess abnormalities, the
use of anomaly and intrusion detection systems.
• Detection. Timely detection, identification, and location of abnormalities—to include attack,
damage, or unauthorized modification—is key to initiating system response and restoration
actions.
• Analyzing. Assess pertinent information to determine indications and warnings, SA,
evaluate system status, identify root cause, define Courses of Action (COA), prioritize
response and recovery actions, and conduct necessary reconfiguration of GIG assets as
needed.
• Responding. Directed actions taken to mitigate the operational impact of an attack, damage,
or other incapacitation of an information system. Response also includes “restoration”-- the
prioritized return of essential information systems, elements of systems, or services to pre-
event capability. Computer Network Defense Response Actions (CND RA) include
defensive and restoration actions. Response Actions (RAs) are deliberate, authorized
defensive measures or activities that protect and defend DoD computer systems and networks
under attack or targeted for attack or exploitation by adversary computer systems/networks.
7
RAs expand DoD’s layered defense-in-depth capabilities and increase DoD’s ability to
withstand adversary attacks or exploitations. Objectives for using CND RAs include:
Strengthening DoD’s defensive posture and operational readiness.
Halting or minimizing attack and exploitation effects or damage.
Supporting rapid, complete attack or exploitation characterization.

GND involves the following NetOps critical capabilities to support the fundamental attributes
previously discussed. These capabilities for GND must be employed along with the fundamental
attributes at the strategic, operational, and tactical levels across all DoD war fighting,
intelligence, and business domains.
• Visibility. Visibility involves knowing the status of the security of the GIG to include the
configuration of each device and current threats to the GIG.
• Monitoring and Analysis. Monitoring and analysis involves receiving and viewing all
GND events and incidents to determine the impact on current operations and provide trend
analysis.
• Planning. Planning occurs in establishing defense-in-depth configurations, assigning
monitoring responsibilities, anticipating contingency operations for a given set of cyber
attacks/failures and coordinating NetOps Priority Information Requirements (PIR) with
COCOM PIRs.
• Coordinating and Responding. Receives, compiles, and disseminates GND events and
incidents to create a common GND picture and coordinates and directs response to major
GND events and incidents that could have an operational impact.
• Management and Administration. Management and administration involves collecting and
consolidating intrusion detection reports and data, assessing the compiled data, and reporting
the results to the appropriate command authorities. Management involves coordinating the
efforts of subordinate network control and operations centers to detect, isolate, and contain
GND events and incidents. Management establishes policies and procedures to govern GND
Rules of Engagement (ROE) for subordinate centers. It also maintains and oversees
implementation of network defense initiatives and compliance with Information Assurance
Vulnerability Alerts (IAVA) procedures.
• Control. Control involves the ability to maintain and direct automated intrusion detection
systems and devices. It also involves the implementation of IAVA on systems.

This essential task enables Assured Information Protection and Assured System and Network
Availability as indicated in Figure 1. The effects of this essential task are achieved by:
• Instituting agile capabilities to resist adversarial attacks, through recognition of such attacks
as they are initiated or are progressing.
• Efficient and effective RAs to counter the attack, and, safely and securely recover from such
attacks.
8
• Reconstituting capabilities from reserve or reallocated assets when original capabilities are
destroyed.
• Maintaining correlation activities between user elements to ascertain hostile GND events
from other system outages or degradations.
2.4 Information Dissemination Management / Content Staging4

IDM/CS is defined as the technology, processes, and policy necessary to provide awareness of
relevant, accurate information; automated access to newly discovered or recurring information;
and timely, efficient and assured delivery of information in a usable format. As IDM/CS
becomes more mature, the complete complement of its services will be available for use by all
authorized DoD GIG users as a net-centric service. This essential task merges core services with
the NetOps critical capabilities.
2.4.1 Core Services

The core services necessary to implement Information Dissemination Management / Content
Staging are Content Discovery, Content Delivery, and Content Storage. These core services are
envisioned to be enterprise wide services used by the entire DoD to ensure our information is
available to all authorized users. The GIG Enterprise Service effort and the Net-Centric
Enterprise Services program will deliver these core services.
• Content Discovery. Content Discovery provides the ability to quickly search for
information throughout the GIG. Using any web browser, whether on a desktop computer or
wireless device, operational staffs can search across multiple sources from one place, vice
making several attempts. Once the product is located, the access service permits the users to
pull in the needed product.
• Content Delivery. Information that is received in the Area of Responsibility (AOR) by the
Information Manager (IM) is delivered using the IDM/CS delivery service. Content Delivery
provides the user the capability to replicate files and directives, publish, and subscribe to
information based on roles and responsibilities, and provide assured, timely transport of the
information, to include notification of when the information was read by a distant user. Items
are delivered across multiple, heterogeneous communication systems with delivery and read
receipt notifications, providing assured delivery of information products.
• Content Storage. Content Storage provides physical and virtual places to host data on the
network with varying degrees of persistence. These information storage capabilities will be
located throughout the GIG.

IDM/CS involves the following NetOps critical capabilities to support the core services
previously discussed. These capabilities for IDM/CS must be employed along with the core
4
This section discusses the concept of Information Dissemination management / Content Staging. This is not
synonymous with the DISA Content Staging system currently being fielded. While DISA’s Content Staging system
is an implementation of the concept of Content Staging, this concept is much broader than capabilities of the current
system.
9
services at the strategic, operational, and tactical levels across all DoD war fighting, intelligence,
and business domains.
• Visibility. Visibility involves knowing the status of the information flowing across the GIG
and of those systems used to store, catalog, discover and transport information.
• Monitoring and Analysis. Monitoring and analysis involves viewing information flows and
access, determining impact to network capacity, and ensuring that user profiles are being
satisfied with a reasonable quality of service.
• Planning. Planning occurs in establishing prioritized information requirements, sources
responsible for providing that information, and staging of information content throughout the
GIG in support of a given operation. Contingency planning for disseminating information is
a critical aspect of IDM/CS operational planning.
• Coordinating and Responding. Tracks and maintains knowledge of the various requests
and user profiles for information; coordinates changes in the operating parameters of GIG
assets; identifies new products; reviews and validates user-profile database; and develops
joint policies and procedures governing information. The GIG Integrated Architecture will
enable user data pulls, which will minimize the need for central coordination and
administration.
• Management and Administration. Management and administration includes establishing
the priorities for information gathering and reporting through the Commander's critical
information requirements; emerging intelligence from the Commander’s operations area,
emerging operational information, and public affairs guidance; developing policy and
procedures to govern information flow; directing subordinate forces to develop mission
information exchange requirements and user profiles; and incorporating expected
information requirements into communications capacity planning.
• Control. Control involves developing mission information exchange requirements,
developing user profiles, and updating and customizing standing user profiles.

This essential task enables Assured Information Delivery and Assured Information Protection as
indicated in Figure 1. The effects of this essential task are achieved by:
• Permitting commanders to adjust information delivery methods and priorities for enhanced
SA.
• Allowing information producers to advertise, publish and distribute information to the war
fighter.
• Enabling users to define and set information needs (profiles) to facilitate timely and efficient
information delivery and/or search information databases to retrieve desired products as
required.
• Improving bandwidth utilization.
• Enhancing all aspects of the GIG transport capabilities.
10
3 NetOps Command and Control Operating Principles
“The Department is transitioning to a global force management process. This will allow us to
source our force needs from a global, rather than regional, perspective and to surge capabilities
when needed into crisis theaters from disparate locations worldwide. Our global presence will
be managed dynamically, ensuring that our joint capabilities are employed to the greatest effect.
Under this concept, Combatant Commanders no longer “own” forces in their theaters. Forces
are allocated to them as needed-sourced from anywhere in the world. This allows for greater
flexibility to meet rapidly changing operational circumstances.”
~ The National Defense Strategy, March 2005
3.1 Overview
Most existing C2 philosophy, doctrine, and practices were developed and perfected during the
Industrial Age.5 Industrial Age C2 emphasizes highly centralized planning and uses a linear and
sequential process in planning and executing military operations. The underlying principles of
Industrial Age C2 resulted in military organizations whose:
• Hierarchy with numerous layers of command affected the commander’s ability to react to
changing operational situations.
• Information flow process depended upon the organizational hierarchy, which led to stove-
piped systems and approaches to information management.
• Minimal sharing of information with other organizations prevented them from taking full
advantage of all the available information.
The result is a Joint C2 system that lacks agility and is largely inadequate to deal with the
challenges of the future operating environment. Sharing information, SA, and understanding of
the operating environment is slow and difficult. It employs command by direction or command
by plan methodologies that lack sufficient responsiveness to deal with the complexities and
uncertainties of the future operating environment.6
Starting in the late 1990’s, the DoD began evaluating the benefits that Information Age
technology can bring to military operations. The vast improvements in information sharing
realized by applying Information Age technology to military C2 will significantly improve our
agility and speed of command. These ideas evolved into the concept of NCOW. Initially
defined as Network Centric Warfare, the concept evolved to include the Business and
Intelligence operations of DoD and is now NCOW. NCOW is “… the best term developed to
date to describe the way we will organize and fight in the Information Age.”7
5
Toffler, Alvin. War and Anti-War. Boston, MA: Warner Books. 1993.
6
Joint Command and Control Functional Concept, February 2004, pp. 9-10.
7
Alberts, Garstka and Stein. Network Centric Warfare: Developing and Leveraging Information Superiority. 2nd
Edition (Revised). 1999, p. 2.
11
NCOW is the application of Information Age technology to military C2 resulting in an
information superiority-enabled concept of operations that generates increased combat power by
networking sensors, decision makers and shooters to achieve shared awareness, increased speed
of command, higher tempo of operations, greater lethality, increased survivability, and a degree
of self-synchronization. In essence, NCOW translates information superiority into combat power
by effectively linking knowledgeable entities in the battlespace.8
NCOW represents a powerful set of war fighting concepts and associated military capabilities
that allow warfighters to take full advantage of all available information and bring all available
assets to bear in a rapid and flexible manner.
The tenets of NCOW that dramatically increase mission effectiveness9 are:

• A robustly networked force improves information sharing.
• Information sharing enhances the quality of information and shared SA.
• Shared SA enables collaboration and self-synchronization, and enhances sustainability and
speed of command.
3.2 Net-Centric Operation and Defense of the GIG

NetOps, as a net-centric operation, faces the same set of C2 challenges as any other Joint Force
Operation. As a critical enabling capability to achieving net-centricity, NetOps must adopt
Information Age C2 structures and processes. For DoD to achieve net-centricity, the GIG must
be operated net-centrically. The NetOps COI (discussed further in section 4.1) must lead the
way in adopting collaborative C2. The NetOps COI must be able to operate and defend the GIG
in a net-centric manner, in order for the DoD to realize the benefits of NCOW.
3.2.1 Self-Synchronization of NetOps

Key to the NCOW concept is the objective of conducting self-synchronizing operations. Self-
synchronized operations are the collaborative and decentralized initiation and execution of
actions by elements of a joint force in support of the desired end state. Also defined as the
interaction between two or more entities to operate in the absence of hierarchical mechanisms for
Joint C2, self-synchronized operations are a mechanism for communicating the ongoing
dynamics of the operational situation and triggering the desired value-added interaction.
The requirements for achieving self-synchronization are:
• A clear and consistent understanding of command intent.

• High quality information and shared SA.
• Competence at all levels of the force.
• Trust in the information, subordinates, superiors, peers, and equipment.
8
Alberts, Garstka and Stein. Network Centric Warfare: Developing and Leveraging Information Superiority. 2nd
Edition (Revised). 1999.
9
Ibid, pp. i.
12
The command function is not absent in self-synchronized forces; however, it does depend on
achieving congruent command intent, shared SA, authoritative resource allocation, and
appropriate ROE, as well as similar measures that guide but do not dictate details to
subordinates. Moreover, the tenets of NCOW do not assume that self-synchronization is the only
way Information Age forces will operate. They argue only that they will be capable of such
operations and that those operations will be more effective (greater likelihood of mission
accomplishment) and efficient (few forces able to do more). Unless the conditions necessary for
self-synchronized operations are met, there is no assumption that it should be employed.
The objective of NetOps C2 activities is self-synchronized operation and defense of the GIG. It
is impossible to effectively operate and defend the GIG from one centralized headquarters.
Effective operation and defense of the GIG requires competent NetOps Operators at all levels
that understand the Commander’s intent for the GIG and have SA about the GIG. Achieving this
objective will:
• Increase the opportunity for lower-level NetOps organizations to operate nearly

autonomously and to re-task themselves through exploitation of shared awareness and the
commander’s intent.
• Increase the value of subordinate initiative to produce a meaningful increase in GIG
performance and responsiveness.
• Assist in the execution of the “commander’s intent for the GIG.”
• Exploit the advantages of a highly trained, professional NetOps workforce.
• Rapidly adapt when important developments occur in the GIG.
3.3 C2 and NetOps Decision Making

The NetOps COI will organize itself and conduct its operations on the basis of the following
principles and command relationships. Both are derived from joint war fighting doctrine and
guided by the joint operating concepts. USSTRATCOM, in conjunction with other COCOMs,
will later establish procedures that provide specifics associated with supported relationships
within the NetOps C2 structure.
3.3.1 Theater & Global NetOps Events

A NetOps event is a collective term for all NetOps activities that have the potential to impact the
operational readiness of the GIG. To effectively operate the GIG as a global enterprise while
realizing the Geographic Combatant Command (GCC) requirements to direct GIG operations in
their theaters, CDRUSSTRATCOM developed an event based C2 structure. C2 of GIG
operations will be based on the situation at the time. The two possible circumstances that
determine the C2 of NetOps are known as Theater NetOps Events and Global NetOps Events.
The preponderance of NetOps Events are Theater NetOps Events and are under the control of the
GCC and its Service Components. Global NetOps Events occur less frequently but when they do
occur, USSTRATCOM will direct the global response. USSTRATCOM, in conjunction with
other COCOMs, will establish tactics, techniques and procedures for executing the supported
relationships within the NetOps C2 structure.
13
3.3.1.1 Theater NetOps Events
Theater NetOps Events are those NetOps activities occurring within a theater that have the
potential to impact the operations in the theater.
The GCC is the supported commander for Theater NetOps Events. USSTRATCOM and Joint
Task Force – Global Network Operations (JTF-GNO) provide support to the GCC for Theater
NetOps Events. JTF-GNO Service Component Commands provide support for Theater NetOps
Events through the Theater Service Component Command if established. Functional Combatant
Commands (FCCs) are the supporting commands for NetOps activities that affect or have the
potential to affect the GCC’s area of operations or mission. Non-DoD activities may also
provide support per intra-governmental agreements.
3.3.1.2 Global NetOps Events

Global NetOps Events are those activities that have the potential to impact the operational
readiness of the GIG and require a coordinated response amongst affected Combatant
Commanders, Military Services, Defense Agencies and other members of the NetOps COI.
CDRUSSTRATCOM is the supported commander for Global NetOps Events and will issue
orders and direction through JTF-GNO to the Combatant Commands, Services, Agencies
(CC/S/As) and other members of the NetOps COI. GCCs are responsible for leading the Theater
response to Global NetOps Events within their theater in accordance with USSTRATCOM &
JTF-GNO direction. JTF-GNO Service Component Commands will support the execution of
Global NetOps. FCCs are the supported commands where NetOps activities affect or have the
potential to affect execution of their assigned missions.
3.3.2 Principles of NetOps Command and Control

These guiding principles apply to all levels of NetOps execution.
• The objective of NetOps C2 activities is Self-synchronized operation of the GIG.

• NetOps activities will be executed at the lowest level of command possible.
• DoD NetOps direction will be executed through the Unified Command chain of command
using supporting/supported command relationships.
• The supported commander has the authority to take whatever NetOps action is deemed
necessary to support the mission and has final decision responsibility.
• All Commanders must continually consider the possible global impact of their actions.
• Commanders must be fully aware of GIG resource allocations to DoD missions.
• If a NetOps action has potential global impact, the supported commander must initiate
collaboration with the NetOps COI.
• In time critical situations, such as immediate Computer Network Defense (CND) actions to
defend the GIG within an AOR, action may be initiated prior to collaborating or
collaboration may be abbreviated. Collaboration must then follow in order to mitigate or
remediate global affects, if any.
14
• NetOps activities affecting Sensitive Compartmented Information (SCI) networks will be
executed in accordance with joint procedures defined by the Secretary of Defense (SECDEF)
and the Director of National Intelligence (DNI) or their designees.10
• Non-DoD NetOps activities will be executed per memorandum of agreement with the DoD.
10
Secretary of Defense Memorandum, “Assignment and Delegation of Authority to Director, Defense Information
Systems Agency (DISA), 18 Jun 2004.
15
4 NetOps C2 Structure & Relationships
“The GIG will help enable Network Centric Warfare by improving information sharing among
all elements of a Joint Force, and with allied and coalition partners.”
~ Network Centric Warfare, DoD Report to Congress, 27 July 2001
4.1 NetOps Community of Interest

The NetOps COI is the term used to describe the collaborative group of organizations
responsible for operating and defending the GIG. The NetOps COI must exchange relevant
information in pursuit of their shared objective and mission to operate and defend the GIG.
Under the authority vested in the Commander, USSTRATCOM, the NetOps COI consists of
organizations from the Office of the Secretary of Defense, Joint Chiefs of Staff, Combatant
Commands, Military Services, Defense Agencies, Other US Government Agencies, IC, coalition
partners and NGO that must interact to accomplish NetOps in support of the DoD mission.
The NetOps COI is divided into two general components: DoD and non-DoD. Within the DoD,
the NetOps COI includes the Military Departments, all Combatant Commands, Services,
Defense Agencies and Field Activities. Outside the DoD, the NetOps COI includes allies,
coalition partners, other US Government Agencies, state and local governments, commercial and
NGO, multinational partners, and regional and international organizations. The NetOps COI is
linked together by its need to exchange information in pursuit of common mission
accomplishment, shared SA and understanding, planning and decision-making, and who
therefore must have a common vocabulary for the information they exchange.11 As described in
DoD Net-Centric Data Strategy, the NetOps COI can be considered a ubiquitous institutional
COI that supports the formation of warfighting, intelligence, and business institutional and
expedient COIs.12
This CONOPS applies to the entire NetOps COI and will govern their operational conduct. It
will be used to develop deliberate plans, support crisis action planning, and orders production.
Non-DoD organizations connecting to the GIG will comply with this CONOPS.
It is also applicable to Program Managers (PM) and Program Management Offices (PMO),
responsible for net-centric programs supporting both the NetOps COI and NCOW as a whole.
4.2 Organizational Roles and Capabilities

4.2.1 Commander, US Strategic Command
In addition to other missions, the UCP 2004, dated March 2005, assigns CDRUSSTRATCOM as
the Combatant Commander for IO and Global C4ISR. CDRUSSTRATCOM has determined
11
Ibid, p. 4.
12
Ibid, pp. 4-7. Communities of interest are also described as permanent and temporary, as well as formal and
informal, in the Net-Centric Environment Joint Functional Concept, Version 9.5, 30 Dec 2004, pp. 16-17. See
further discussion of Communities of interest in DoD CIO IM Directorate’s “Communities of Interest in the Net-
Centric DoD FAQs,” 19 May 04, v1.0.
16
that this mission includes directing Global NetOps operations; advocating the NetOps
requirements for all COCOMs; and planning and developing national requirements.
In order to operationalize missions assigned to USSTRATCOM, the commander delegated

operational and tactical level planning, force execution, and day-to-day management of forces to
Joint Functional Component Commands (JFCC) (Figure 2). These JFCCs will conduct
operations for USSTRATCOM while the Headquarters focuses on strategic-level integration and
advocacy of its assigned missions.13 At the request of CDRUSSTRATCOM, the SECDEF
assigned the Director, DISA as the Deputy Commander for Global Network Operations and
Defense, with authorities and responsibilities for Global Network Operations and Defense and as
the Commander of JTF-GNO.
Figure 2: USSTRATCOM Operational C2 Structure

NetOps is conducted by JTF-GNO, unless otherwise directed by CDRUSSTRATCOM. Such
operations include apprising CDRUSSTRATCOM on NetOps matters impacting the GIG’s
integrity and support of DoD missions. CDRUSSTRATCOM manages the apportionment and
allocation of GIG system and network resources. Competing resource requirements that cannot
be resolved will be forwarded through CDRUSSTRATCOM, to the CJCS for adjudication.
CDRUSSTRATCOM identifies and advocates for COCOM NetOps requirements through the
Planning, Programming, Budgeting, and Execution System (PPBES) process.
4.2.1.1 Commander, Joint Functional Component Command for Network Warfare

Joint Functional Component Command for Network Warfare (JFCC-NW) is responsible for
planning, integrating and coordinating computer network warfare capabilities and integrating
with all necessary computer network defense and exploitation capabilities. Network warfare is
13
Commander, US Strategic Command Memorandum “Establishment of Joint functional Component Command for
Network Warfare”, 20 January 2005.
17
defined as the employment of Computer Network Operations (CNO) with the intent of denying
adversaries the effective use of their computers, information systems, and networks, while
ensuring the effective use of our own computers, information systems, and networks. This
includes development of information / intelligence support and information assurance
requirements for supporting network warfare, the integration of Computer Network Attack
(CNA) and Computer Network Exploitation (CNE) capabilities and direct coordination with
JTF-GNO.14
4.2.1.2 Commander, Joint Task Force-Global Network Operations

JTF-GNO directs the operation and defense of the GIG to assure timely and secure net-centric
capabilities across strategic, operational, and tactical boundaries in support of DoD's full
spectrum of warfighting, intelligence, and business domains.
The Commander, JTF-GNO (Cdr, JTF-GNO) will exercise Operational Control (OPCON) of the
GIG for Global NetOps issues. Under the authority of CDRUSSTRATCOM, JTF-GNO issues
the orders and directives necessary to maintain the assured service of the GIG, ensuring that the
President, SECDEF, CC/S/As can accomplish their missions. The CC/S/As execute JTF-GNO’s
directives within their respective areas and report compliance.
To achieve this mission, CDRUSSTRATCOM assigned these tasks to the Cdr, JTF-GNO:
1. Direct Operations and Defense of the GIG.

2. Maintain GIG availability and integrity; ensure efficient traffic management.
3. Establish and oversee SA of the GIG readiness and defensive posture.
4. Assist CDRUSSTRATCOM in developing tools, monitoring threats, verifying policy
compliance, and controlling network access for consistent Information Assurance
Vulnerability Management.
5. Direct and oversee network defense and information services.
6. Assist in establishing and maintaining standards for network, component, and defensive
requirements.
7. Conduct network defense planning, preparation, and operations employment for normal
operations and for crisis and deliberate planning. When directed, support deliberate and
crisis action planning requested by other COCOMs.
8. Develop, coordinate, integrate, direct and oversee specific network defense COA in
support of GIG network operations and defense. Coordinate with CDRUSSTRATCOM
for approval authority on Tier 2.1 CND RAs.
9. Support USSTRATCOM participation in exercises and experiments involving GIG
network management and defense.
10. Provide intelligence requirements in support of network defense.
11. Provide assessments and recommendations to USSTRATCOM for WATCHCON
changes dictated in network threat warning.
12. Provide recommendations to USSTRATCOM for Information Operations Condition
(INFOCON) changes.
14
Commander, US Strategic Command Memorandum “Establishment of Joint functional Component Command for
Network Warfare”, 20 January 2005. Pending SECDEF approval.
18
13. Direct and oversee the establishment and maintenance of standards for technical testing,
evaluation, and measures of effectiveness of network operations and defense capabilities.
14. Direct and oversee establishing procedures to provide Department measures of
effectiveness and battle damage assessment during and following network defense
operations.
15. Assist in formulating guidance for training network operations and defense forces.
16. Assist in developing and promulgating joint TTPs for network operations and defense
activities.
17. Identify desired characteristics and capabilities for network operations and defense.
The JTF-GNO staff assists the Cdr, JTF-GNO in executing the NetOps mission. (Figure 3)
Figure 3: JTF-GNO Staff Organization
4.2.1.2.1 Global NetOps Center

The Global NetOps Center (GNC) is the JTF-GNO Command Center responsible for executing
the daily operation and defense of the GIG. The GNC directs, manages, controls, monitors, and
reports on essential elements and applications of the GIG in order to ensure its availability to
support the needs of the President, SECDEF, CC/S/As, warfighting, business, and intelligence
domains.
The GNC provides the overall management, control and technical direction for GIG NetOps and
oversees a collaborative coordination process involving all CC/S/As. The responsibilities of the
GNC include:
• Direct the operation and defense of the GIG.

• Collaborate with the NetOps COI to ensure effective operation and defense of the GIG.
• Advise JTF-GNO and CDRUSSTRATCOM on matters regarding the allocation and
adjudication of GIG resources.
19
• Advise JTF-GNO and CDRUSSTRATCOM of any matters impacting the GIG’s integrity
and/or NetOps issues affecting DoD missions.
• In coordination with CC/S/A, establish and maintain the technical and operational standards
by which the GIG SA will be generated across the GIG.
• Perform global incident/intrusion monitoring and detection, strategic vulnerability analysis,
computer forensics, and responses to GND-related activity. Direct COA and coordinate the
CND incident RAs across DoD to defend networks under attack.
• Determine COA and direct restoral of GIG capabilities and services when required.
• Maintain GIG SA in support of each COCOM’s current and near term operations as well as
deliberate plans.
• Maintain visibility, to include security monitoring of the GIG, through an integrated GIG SA
view. This is achieved through the integration of Theater NetOps Center (TNC) and
Service/Agency collected and shared GIG SA data. This shared SA view includes wireless,
terrestrial, and space based systems; enterprise services; and both the logical and physical
infrastructure views of the network.
• Identify, localize, and resolve GIG security anomalies that affect the GIG’s ability to support
senior military leadership at the national level, JS, and supported COCOMs.
• Coordinate GND support to the COCOMs.
• Coordinate with and receive support from the DoD Law Enforcement and Counter-
Intelligence (LE&CI) Center.
• Manage electromagnetic spectrum interference resolution, satellite anomaly resolution, and
global SATCOM systems.
• The GNC establishes procedures facilitating the ability of adjacent commanders who share a
common GIG boundary to:
Consider the impact of one’s own actions or inactions on adjacent commanders and
related business and intelligence communities.
Provide access to timely information among adjacent commanders regarding others’
intentions and actions, as well as those of non-military agencies or the enemy, which may
influence adjacent activity.
Support adjacent commanders, as required, by establishing a common aim and
monitoring the unfolding situation.
Coordinate the support provided and received.
20
4.2.1.2.2 JTF-GNO Operational Forces and Service Components
In order to effectively conduct Global NetOps, JTF-GNO was given OPCON over Defense
Information System Agency (DISA) NetOps organizations and Service Components.
Figure 4: JTF-GNO Operational Forces
4.2.1.2.2.1 Commander, Global NetOps Support Center

The Global NetOps Support Center (GNSC) provides the day-to-day technical operation, control
and management of the portions of the GIG that support Global Operations but are not assigned
to a COCOM. The GNSC conducts GIG backbone NetOps, Standard Tactical Entry Point
(STEP) mission support, Teleport, provisioning of provided services, network engineering,
circuit implementation, and inter-theater connectivity among USNORTHCOM, USPACOM,
USEUCOM, USSOUTHCOM, and USCENTCOM areas of responsibility. The GNSC provides
general support to the GCCs and TNCs. The GNSC provides direct support to the FCCs.
The GNSC provides full-time (24-hour/7-day), near real-time, correlated visibility, monitoring,
coordination, control, and management support of the global backbone portions of the GIG. The
Commander of the GNSC develops, monitors, and maintains a GIG SA view for the global
backbone.
To carry out its mission, the GNSC will:
• Operate and maintain the backbone services of the GIG.

• Issue technical directives to ensure compliance with JTF-GNO direction.
• Provide SA information of GIG backbone services.
21
• Monitor and collect performance data continuously for those information resources deemed
important by JTF-GNO.
• Provide system and network status (fault and performance) information as part of the SA
view.
• Assist in determining the technical and operational mission impacts caused by degradations,
outages, and GND events.
• Perform incident/intrusion monitoring and detection, strategic vulnerability analysis,
• Determine COA and direct restoral of capabilities and services when required.
• Maintain SA in support of each FCC's current and near term operations as well as deliberate
plans, as required.
• Maintain security monitoring through an integrated GIG backbone SA view.
• Until the USSOUTHCOM TNC is established, the GNSC will provide direct support to the
USSOUTHCOM TNCC.
4.2.1.2.2.2 Commander, Theater NetOps Center

The Commander of each TNC is responsible for the effective operation and defense of the GIG
within the theater and for providing support to the GCC. The TNC develops, monitors and
maintains a GIG SA view for the theater. The theater GIG SA view is aggregated and segmented
based on requirements provided by the Theater NetOps Control Center (TNCC). It will include
pertinent theater, operational, and tactical-level system and network, GND, and IDM/CS status.
To carry out its mission, the TNC will:
• Operate and maintain the backbone services of the GIG assets located in their theater.
• Issue technical directives to Service Theater Network Operations and Security Centers
(STNOSCs)/Agency Theater Network Operations and Security Centers (ATNOSCs) to
ensure compliance with TNCC and / or JTF-GNO direction.
• Receive SA information in order to monitor all Theater, Service and/or Service Component,
and Agency systems and networks designated as mission critical.
• Support the CC/S/A by creating, disseminating, and making available the NetOps SA views
for the Theater, Service and/or Service Component, and Agency. This is accomplished by
integrating NetOps event and status information received from those elements within the
TNC AOR that have NetOps reporting requirements. This shared SA view includes wireless,
terrestrial, space-based systems, and enterprise services.
• Coordinate with the TNCC regarding reporting requirements (input data) and view
specifications for NetOps SA.
• Monitor and collect performance data continuously for those information resources deemed
important by the COCOM’s TNCC or Global NetOps Control Center (GNCC).
• Provide system and network status (fault and performance) information as part of the SA
view.
22
• Provide the TNCC or GNCC with information security products and services to include the
monitoring and reporting of intrusions, physical threats and analysis and correlation of
intrusion incidents with Components, Sub-Unified Commands and Joint Task Forces.
• Determine COA and direct restoral of capabilities and services when required.
• Maintain SA in support of each COCOM's current and near term operations as well as
deliberate plans, as required.
• Maintain security monitoring through an integrated GIG SA theater view. This is achieved
through integration of TNC and Service/Agency collected and shared GIG SA data. This
shared SA view includes wireless, terrestrial, space-based systems and enterprise services.
• Identify and resolve computer security anomalies that affect the GIG assets located in their
theater.
• Coordinate theater GND support as directed by the TNCC.
• Coordinate with and receive support from LE&CI.
• Manage theater electromagnetic spectrum interference resolution, satellite anomaly
resolution, and SATCOM systems.
4.2.1.2.2.3 Commander, GIG Infrastructure Services Management Center

The GIG Infrastructure Services Management Center (GISMC) is the primary DoD enterprise
level applications services NetOps center that supports the GNC, GNSC and TNCs with
applications layer FCAPS, visibility, monitoring, analysis, planning, management and control.
The center facilitates the net-centric transformation of DoD-level enterprise services by
optimizing the consolidation and integrated NetOps of the existing and emerging applications
networks and services. The applications services infrastructure that the GISMC is responsible for
will include DoD’s Active Directory, IDM/CS, computing services, GIG DMZ services, NCES,
multinational information sharing, and other new and legacy global application services. The
GISMC will provide the day-to-day technical operation, control and management of the GIG’s
infrastructure services that are Global network enablers. It will serve as the NetOps focal point
for all critical GIG infrastructure services. The GISMC is under the operational control of JTF-
GNO, providing general support to the NetOps COI.
The GISMC will facilitate the sharing of enterprise level infrastructure technical and related
information across NetOps COIs, thus providing Combatant Commanders, Services, and TNCs
SA of infrastructure services outside their span of control, but critical to their mission. Where the
GNSC provides day-to-day overall technical NetOps of the GIG backbone, the GISMC will
provide applications layer focused day-to-day technical operations, control, and management of
the GIG’s enterprise-level application-based infrastructure services. The GISMC and the GNSC
will coordinate related technical operations, control, and management issues to ensure that GIG
NetOps tasks are integrated as shown in Figure 4.
23
The GISMC will execute the FCAPS functions IAW JTF-GNO policies as supported by current
NetOps tools and processes to ensure consistency. The day-to-day administration will consist of
a combination of GISMC based NetOps Support Teams and linked-in Enterprise Services
Management Centers. This combination will track, manage, and report status of their assigned
infrastructure services. The GISMC will evolve over time as the GIG evolves into a more Net-
centric architecture with robust COCOM support capabilities at TNCs.
The GISMC will provide full-time (24-hour/7-day), near real-time, correlated visibility,
monitoring, coordination, control, and management support of the global infrastructure
application services on the GIG. The GISMC will develop, monitor and maintain a GIG SA
view of the global infrastructure services to ensure timely and efficient delivery of global
information across the GIG.
To carry out its mission, the GISMC will:
• Collaborate with the NetOps COI to ensure effective operation and defense of GIG
infrastructure application services.
• Work closely with the GNSC to correlate related degradations, outages and GND events to
identify and resolve root causes.
• Issue technical directives to ensure compliance with JTF-GNO direction.
• Provide SA information of infrastructure application services.
• Monitor and collect performance data continuously for those information infrastructure
services deemed important by JTF-GNO.
• Provide system and service status (availability, fault, and performance) information as part of
the SA view.
computer forensics, and responses to GND-related activity. Direct courses of action and
coordinate the GND incident response actions across DoD to defend infrastructure services
under attack.
• Determine courses of action and direct restoral of capabilities and services when required.
• Maintain SA in support of each COCOM’s current and near term operations as well as
deliberate plans, as required.
• Maintain security monitoring through an integrated GIG infrastructure services SA view.
24
4.2.1.2.3 JTF-GNO Service Component Commands
The JTF-GNO Service Component Commanders are the Commander, US Army Space and
Missile Defense Command (USA SMDC), the US Air Force Commander for USAF NetOps
(USAF NetOps / CC), Commander, US Navy Network Warfare Command (USN
NETWARCOM) and Commander, US Marine Corps Network Operations and Security
Command (MCNOSC). Each of these Service Component Commanders exercises OPCON over
their SGNOSC (Figure 5).
Figure 5: JTF-GNO Service Components
4.2.1.2.3.1 Service Global Network Operations and Security Centers and Computer Emergency /
Incident Response Teams15
The Service Global Network Operations and Security Centers (SGNOSCs) and Computer
Emergency / Incident Response Teams (CERT / CIRT) serve as a part of the Service Component
to JTF-GNO. The SGNOSC and CERT / CIRT mission is to provide the Service-specific
NetOps reporting and SA for the Service’s portions of the GIG. The SGNOSC and CERT /
CIRT provides worldwide operational and technical support to the Service’s portions of the GIG
across the strategic, operational, and tactical levels leveraging collaboration of the STNOSCs if
established. The Service CERT / CIRT is responsible for executing GND and ensuring the
Service’s portions of the GIG are secure.
15
It is the intent of the NetOps Concept that the distinction between NOSCs and CERTs be eliminated and that all
NetOps functions be performed in integrated Network Operations and Security Centers (NOSCs). However, this
idea has not been universally adopted by all Services and the Joint Chiefs of Staff have directed different command
relationships between JTF-GNO and the SGNOCs and CERTs / CIRTs. Therefore, the CONOPS must retain the
distinction between NOSCs and CERTs / CIRTs.
25
CDRUSSTRATCOM exercises OPCON of Service Global Network Operations and Security
Centers (SGNOSCs) through the JTF-GNO Component commands. In response to network
events or activities, as determined by CDRUSSTRATCOM or Cdr, JTF-GNO, Service Chiefs or
Secretaries shall instantaneously attach Service CERT / CIRT to Commander, JTF-GNO who
will exercise Tactical Control (TACON) upon contact with service CERT / CIRT until such time
that the responses to the events or activities are declared complete by Cdr, JTF-GNO. Upon
completion, Service Secretaries will resume control of the CERT / CIRT. In this context,
TACON includes the authority for Cdr, JTF-GNO to direct network reconfiguration and
defensive actions across the GIG. Cdr, JTF-GNO has the authority to task the Service CERT /
CIRT directly, without being required to access the CERT / CIRT through the USSTRATCOM
assigned NetOps Service Component. Cdr, JTF-GNO will establish procedures with service
CERT / CIRT command elements to coordinate and deconflict low density/high utilization
CERT/CIRT resources.16
The SGNOSC and CERT / CIRT roles and responsibilities include:
• Provide Service-specific NetOps support to CDRUSSTRATCOM, JTF-GNO and other

COCOMs.
• Provide direct support to GCCs for theater issues when a Service elects not to establish a
STNOSC in a GCC’s AOR.
• Ensure implementation of approved DoD/Service policies and procedures for NetOps.
• Provide near-real time global SA of Service network and system issues to JTF-GNO and
Service leadership.
• Coordinate problem resolution actions within the Service that effect operations in two or
more theaters.
• Coordinate, execute and/or direct support troubleshooting and restoral actions for Service
enterprise, business functions (Personnel, Logistics, Finance etc.) and Title 10
responsibilities in collaboration with JTF-GNO, TNCC/GNCC and STNOSCs.
• Implement JTF-GNO directed policy and operational measures to ensure near real time,
worldwide defense for the Service’s portion of the GIG.
• Report status of Service worldwide terrestrial, space and wireless transmission systems and
enterprise services and facilities to JTF-GNO and Service leadership.
• Maintain Direct Liaison Authority (DIRLAUTH) with other SGNOSCs and AGNOSCs.
• Establish, in coordination with USSTRATCOM, procedures for dissemination of advisories,
alerts, and warning notices, including those originating outside the Service and DoD.
• Ensure Service-wide compliance with issued IAVAs and INFOCON changes.
• Coordinate with Service IC to refine Priority Information Requirements in support of GND
operations.
• Through NetOps TTP ensure the effective operation, management, and protection of the
Service portions of the GIG in support of net-centric warfare.
• Provide STNOSC support to GCCs if STNOCS have not been established.
16
Joint Chiefs of Staff Standing CND EXORD, 19 May 2005.
26
4.2.2 Combatant Commands
4.2.2.1 Geographic Combatant Commands
The GCC exercises OPCON over the GIG assets in their theater and Component NetOps forces
and exercises TACON over the TNC for Theater NetOps matters. To accomplish this, all GCCs
established a TNCC through which they will maintain SA and exercise OPCON and/or TACON
of their apportioned, allocated, or assigned network assets. GCCs have the authority to direct
efforts and actions that affect the portions of the GIG in their AORs.
4.2.2.1.1 Theater NetOps Control Center

The primary mission of the TNCC is to lead, prioritize, and direct Theater GIG assets and
resources to ensure they are optimized to support the GCC’s assigned missions and operations,
and to advise the COCOM of the ability of the GIG to support current and future operations. In
performing its mission, the TNCC exercises OPCON over all Theater systems and networks
operated by forces assigned to the COCOM. The TNCC also exercises TACON over the TNC
for Theater NetOps issues. The specific roles of the TNCC include monitoring of the GIG assets
in their theater, determining operational impact of major degradations and outages, leading and
directing responses to degradations and outages that affect joint operations, and directing GIG
actions in support of changing operational priorities. The TNCC also responds to JTF-GNO
direction when required to correct or mitigate a Global NetOps issue.
The TNCC, in advising the COCOM of the GIG’s ability to support assigned missions and
operations, must remain cognizant of all current, future or contemplated operations involving the
GIG. This requires continual contact and coordination with the COCOM’s Joint Operations
Center. Serving as an operational extension to the COCOM’s command center, the TNCC
provides GIG SA and operational impact assessments to the Commander and the Joint
Operations Center.
The TNCC uses the GIG SA view provided by their TNC, component NetOps organizations, and
theater Joint NetOps Control Centers (JNCCs) to maintain SA over the portion of the GIG
necessary for the success of their COCOM’s assigned missions. Although the NetOps SA
software application will be a part of an enterprise-wide software capability, the input data
requirements and output products (picture/view, reports, etc.) will be user customizable, based on
built-in options, to meet the needs of each COCOM. The TNCC is responsible for coordinating
the definition and development of the content and scope of the GIG SA information/view for the
theater, based on DoD parameters to assure complete integration. This will be based on the
Commander’s guidance and requirements submitted by subordinate commands. The
specifications will be submitted to the TNC, which is responsible for producing and
disseminating the GIG SA view. Some level of minimum SA “view” shall be defined to ensure
that all NetOps facilities provide a consistent set of information and to make it easier to integrate
and roll-up SA views generated by different theaters or organizations.
The TNCCs direct and prioritize required operational actions through their supporting TNC and
assigned NetOps forces. System and network management activities, in response to NetOps
decisions made by the TNCC, are accomplished through the COCOM’s TACON authority over
the TNC and through OPCON over forces assigned to the COCOM. By translating the
27
COCOM’s guidance into information priorities, engaging in NetOps planning, assessing theater-
wide network resource readiness, and coordinating network defense, the TNCC provides the
expertise to advise senior leadership and provide recommendations on COA concerning NetOps
issues having an operational impact on mission accomplishment.
To carry out its mission, the TNCC will:
• Establish uniform 24x7 visibility into the status of the GIG SA view from/to TNC and
assigned NetOps organizations.
• Establish and retain visibility of system and network outages and customer service shortfalls.
Receive, consolidate, and analyze all available reports from the Components, Agencies,
JTFs, and deployed units.
• Direct reporting of NetOps events, conduct analysis of the impact of such events on the
operational mission, develop alternate COA, and advise the Commander and other senior
decision makers on the status of GIG degradations, outages, GND events, and areas requiring
improvement.
• Prioritize the installation and restoration of system and network services for the TNC and
subordinate organizations in the form of a Critical Customer (i.e., decision-maker) listing.
• Direct, coordinate, and integrate RAs to computer network attacks and significant intrusions
affecting the COCOM’s portion of the GIG.
• Direct the theater’s response to JTF-GNO directives for correcting or mitigating Global
NetOps issues.
• Coordinate with JTF-GNO to de-conflict the COCOM’s Theater NetOps priorities with the
Global NetOps priorities of JTF-GNO and USSTRATCOM.
• Deconflict issues between the TNC and STNOSC/ATNOSC.
4.2.2.1.2 Service Theater Network Operations and Security Centers

Service Components supporting a GCC may establish STNOSCs based on the size and topology
of their NetOps responsibilities to provide and manage systems and network services. The
STNOSC will serve as a single point of contact for their theater elements for systems and
network services; GEM, GND & IDM/CS capabilities; and operational reporting. The STNOSC
provides GIG SA information to the TNC and the TNCC. In the absence of a STNOSC, the
SGNOSC will perform the function of the STNOSC. To facilitate end-to-end management, and
maintain the accuracy of the GIG SA information/view, each STNOSC will:
• Exercise routine, day-to-day management, control, and defense of system and network
services provided as part of the GIG.
• Comply with GIG SA (visibility and status) reporting requirements for their portion of the
GIG as determined by the COCOM.
• Provide GIG SA information specifically from the TNC Points of Presence (POP) to the
Component’s deployed forces.
28
• Provide the TNCC / GNCC and TNC current (near real-time) SA of systems and networks
under their control and within their portion of the GIG for retrieval and use by other NetOps
centers IAW this CONOPS.
• Assist the TNC and the TNCC / GNCC in tracking the status of NetOps events and
determining the technical and operational mission impacts caused by NetOps events.
• Respond to a variety of threats using a range of response measures to preclude, or detect, and
counter, any threat.
• Exercise TACON over the system and network resources of their subordinate NOSCs,
Network Service Centers (NSCs), and Systems Administrators.
The concept of an STNOSC does not imply that each Service must create a physical STNOSC in
each theater. Each Service has implemented this concept of a STNOSC in a different way. The
following paragraphs describe each Service’s method of supporting Theater NetOps.
29
4.2.2.1.2.1 United States Army
The Army, through SMDC (Space Missile Defense Command) / ARSTRAT, the Army Service
Component Command to STRATCOM, and with support from Intelligence and Security
Command (INSCOM), directed NETCOM/9th ASC (Network Enterprise Technology
Command/9th Army Signal Command) to operate, manage, and defend the network at the
enterprise level infrastructure. Army NetOps applies ‘centralized management, decentralized
execution’ through a tiered NetOps force structure supporting seven Army Service Component
Commands: ARSTRAT, USARPAC, USAREUR, USARSO, USARCENT, EUSA and
ARNORTH.
The Army’s three tiered NetOps operational structure consists of: the Army Network Operations
and Security Center (ANOSC); Theater Network Operations and Security Center (TNOSC); and
the Regional Network Operations and Security Center (RNOSC). The ANOSC is integrated
with the 1st Information Operations Command (1st IO CMD - LAND) Army Computer
Emergency Response Team (ACERT) to create a consolidated NetOps Center called
ANOSC/ACERT Tactical Operations Center (A2TOC), and each TNOSC is integrated with a
Regional Computer Emergency Response Team (RCERT). This alignment of organizations has
provided a critical synergism of effectiveness and efficiency to receive, distribute, and analyze
information in order to integrate, synchronize, and coordinate CNO. For purposes of this
CONOPS, only the top two tiers of the Army NetOps structure are presented. In this CONOPS
the ANOSC is referred to as the SGNOSC and the TNOSC is referred to as the STNOSC.
Serving as the single Army service NetOps authority, the ANOSC directs, operates, manages,
and defends the Army’s portion of the GIG network infrastructure at the enterprise level. The
ANOSC provides worldwide operational and technical support to the LandWarNet across the
tactical and strategic levels. It provides to decision makers a comprehensive, integrated, near
real-time, situational awareness, operational reporting capability and SA; operationally integrates
GEM, GND, and IDM/CS technologies and procedures. The ANOSC interfaces with JTF-GNO
through an OPCON relationship, other service NOSC’s through a Supporting relationship, and
with all Army TNOSC’s through a technical control (TECHCON) relationship.
The Army TNOSC assists the ANOSC in managing the service’s portion of the GIG network
and acts a single point of contact for Army network services, operational status, and anomalies in
the theater and to other Services operating in the theater. The TNOSC is the single point of
contact that provides visibility and status information to the ANOSC, Component Command
TNCC, and the JTF-GNO’s TNC on NetOps issues/events for the Army’s portion of the GIG
network.
30
Figure 6: US Army NetOps Forces
31
4.2.2.1.2.2 United States Navy
The US Navy is transforming their Naval Telecommunications Master Station (NTCMS)
construct to support the STNOSC concept. NETWARCOM will create two RNOSCs that will
provide STNOSC support to the GCCs. The RNOSC-East will support USEUCOM,
USSOUTHCOM and USNORTHCOM. The RNOSC-West will support USPACOM and
USCENTCOM. The STNOSC provides direct support to the GCC’s TNCC, TNC, and Navy
Forces (NAVFOR) for theater NetOps issues and events.
Figure 7: US Navy NetOps Forces
32
4.2.2.1.2.3 United Sates Marine Corps
Service Theater Network Operations and Security Center services for Marine Corps components
are provided virtually/remotely by the Marine Corps Network Operations and Security
Command (MCNOSC) from Quantico, Virginia. The MCNOSC, as the Marine Corps’
SGNOSC, is currently assigned OPCON as a component to the JTF-GNO. Therefore, it will not
be assigned OPCON to the Service components of the GCCs. Rather, the MCNOSC provides
direct support to the GCC’s TNCC, TNC and Marine Forces (MARFOR) for theater NetOps
issues and events. The MCNOSC in its entirety is potentially available to fulfill its direct support
responsibilities. However, the MCNOSC Command Center is the point of entry to the
MCNOSC for theater NetOps requirements and requests for support. The Command Center will
allocate available internal resources and coordinate delivery of MCNOSC direct support.
Figure 8: US Marine Corps NetOps Forces
33
4.2.2.1.2.4 United States Air Force
The USAF designed their Network Operations and Security Center (NOSC) construct around
their Major Commands (MAJCOMS). This construct puts an Air Force STNOSC in each
deployed theater as part of the Theater Air Force. In CONUS, there are several MAJCOM
NOSCs, all reporting to the USAF NOSC at Barksdale Air Force Base. However, the critical
MAJCOM NOSC in CONUS is the Air Combat Command NOSC supporting US Northern
Command.
Figure 9: US Air Force NetOps Forces
34
4.2.2.2 Functional Combatant Commands
FCCs have a global mission, often providing support to the GCCs, and, as such, have a global
requirement for NetOps support. Some FCCs operate their own specific functional global
networks (e.g., SCAMPI, Joint National Training Capability, Global Transportation Network,
Ballistic Missile Defense). As such, the FCCs will receive direct support from the GNSC and
general support from USSTRATCOM, JTF-GNO, and all TNCs. FCCs will exercise OPCON
over their portions of the GIG through their GNCC, which will coordinate the FCC’s NetOps
requirements with the GNSC and the TNCCs.
4.2.2.2.1 Global NetOps Control Center

The primary mission of a GNCC is to advise the FCC and ensure the portion of the GIG
resources supporting that Commander’s assigned missions and operations are optimized. To be
effective, each GNCC must remain cognizant of all current, future, or contemplated operations in
which their portions of the GIG will play a role.
The GNCCs monitor the COCOM’s GIG assets, determine operational impact of major
degradations and outages, and coordinate responses to degradations and outages that affect joint
operations. Each GNCC will coordinate with the GNC and supporting TNC any mission or
operational impacts that are associated with system/network anomalies or resource limitations.
Additionally, the GNCC has DIRLAUTH with the TNCCs. This authorization gives the GNCCs
and TNCCs the ability to directly coordinate scheduled changes in the GIG or troubleshoot
outages. The GNCC collaborates with the NetOps COI to ensure effective operation and defense
of the GIG.
4.2.2.3 Sub-Unified
COCOMs may organize a Sub-Unified Command and assign tailored forces from among the
four Service components and Special Operations Forces (SOF) to the Sub-Unified Commander.
The COCOM assigns the Sub-Unified Commander OPCON of designated forces.
Sub-Unified Commands may establish Sub-Unified NetOps Control Centers (XNCCs) with
responsibilities and relationships similar to a STNOSC. The Sub-Unified Command’s NOSC
will serve as a single point of contact for their subordinate elements for systems, network
services, and reporting.
4.2.2.3.1 Sub-Unified NetOps Control Center

XNCCs will provide GIG visibility and status information to the GCC’s TNCC and TNC to
facilitate end-to-end management and maintain accuracy of the NetOps SA view.
XNCCs will:
• Exercise routine, day-to-day management and control of those system and network services
provided as part of the GIG.
• Comply with GIG SA (visibility and status) reporting requirements for that portion of the
35
• Provide the GCC’s TNCC and TNC current (near real-time) SA of systems and networks
under their control and within their portion of the GIG.
• Provide the TNCC with mission impact assessments of system and network events.
4.2.2.4 Joint Task Force
The JTF Commander shall exercise OPCON of the joint force systems and networks through a
JNCC as detailed in Chairman, Joint Chiefs of Staff Manual (CJCSM) 6231.01 and CJCSM
6231.07.
CJCSM 6231.07 details the responsibilities of the JTF Commander and the JNCC with respect to
NetOps. This CONOPS may duplicate portions of CJCSM 6231.07, in the interest of
completeness.
4.2.2.4.1 Joint NetOps Control Center

The JNCC manages the tactical communications of the joint force, serving as the NOSC for the
deployed portion of the GIG supporting a JTF. It exercises staff supervision over C4 NSCs
belonging to deployed components and subordinate commands.
The JNCC provides the GCC’s TNCC and TNC with:
• Deployed network SA information.

• Mission impact assessments of system and network events.
• GIG requirements beyond the JTF’s current assets or authority.
• Collaboratation with the NetOps COI to ensure effective operation and defense of the GIG.
4.2.3 Defense Agencies

The Defense Agencies provide, operate, and maintain a large portion of the equipment,
personnel, and other resources that make up the GIG. Execution of these functions requires the
Agencies to be actively engaged in NetOps of the GIG. To execute these functions, most
Agencies have established NOSCs which maintain SA of their portions of the GIG. In this
CONOPS these organizations are called Agency Global NOSCs (AGNOSC). These AGNOSCs
serve as a central point of contact for matters concerning the resources they provide to the GIG.
DoD Agencies will align their AGNOSCs to provide USSTRATCOM visibility and insight of
their GIG status and will follow the orders and directives issued by JTF-GNO. Agencies will
maintain a global perspective of their GIG assets and provide Agency specific support to the
Global NetOps mission. This Global SA is necessary for the Agency to properly provide the
equipment, personnel, and other resources they contribute to the GIG.
4.2.3.1 DoD Agency Theater Network Operations and Security Centers

DoD Agencies supporting a COCOM may establish ATNOSCs based on the size and topology
of their NetOps responsibilities to provide and manage systems and network services. The
ATNOSC will serve as a single point of contact for their theater elements for systems and
network services, NetOps capabilities, and operational reporting. The ATNOSC will provide
GIG SA information to the TNC and the TNCC. To facilitate end-to-end management and
maintain the accuracy of the GIG SA information/view, each ATNOSC will:
36
• Exercise routine, day-to-day management, control, and defense of system and network
services provided as part of the GIG.
• Comply with GIG SA (visibility and status) reporting requirements for their portion of the
• Provide GIG SA information specifically from the TNC POPs to the Component’s deployed
forces.
• Provide the TNCC / GNCC and TNC current (near real-time) SA of systems and networks
under their control and within their portion of the GIG for retrieval and use by other NetOps
centers IAW this CONOPS.
• Assist the TNC and the TNCC / GNCC in tracking the status of NetOps events and
determining the technical and operational mission impacts caused by NetOps events.
• Respond to a variety of threats using a range of response measures to preclude, detect, or
counter any threat.
• Exercise TACON over the system and network resources of their assigned NOSCs, NSCs,
and Systems Administrators.
4.2.3.2 DoD Agency Global Network Operations and Security Center

The DoD Agencies that are not part of the IC operate enterprise-wide systems as part of the GIG.
These systems provide critical support to the DoD, COCOMs, and Military Services.
Maintaining SA of these systems is key to operating and securing the GIG.
Non-IC DoD Agencies will designate an Agency Global Network Operations and Security
Center (AGNOSC) or other agency organization to execute global network operations and
defense actions for their agency, under the direction of CDRUSSTRATCOM.
Responsibilities of DoD AGNOSCs include:
• Ensure implementation of approved DoD policies and procedures for NetOps.

• Provide near-real time global SA of Agency networks and systems to JTF-GNO.
• Coordinate, execute and/or direct support troubleshooting and restoral actions for Agency
networks and systems.
• Implement policy and operational measures to ensure near real time, worldwide defense for
the agency’s portion of the GIG.
• Report status of Agency worldwide terrestrial, space and wireless transmission systems,
enterprise services, and facilities.
• Maintain DIRLAUTH with other SGNOSCs and AGNOSCs.
• Establish, in coordination with USSTRATCOM, procedures for disseminating GND and
related advisories, alerts, and warning notices.
• Monitor Agency compliance with issued IAVAs and INFOCON changes.
37
4.2.3.2.1 Defense Information Systems Agency
DISA performs significant NetOps support functions. Under the direction of
CDRUSSTRATCOM, DISA manages operational control over information services, IT
environments, and computing processing centers for all DoD Components. DISA will:
• Ensure visibility of the GIG DISN, DISA computing services, and DISA applications to
provide status and performance and infrastructure data for the NetOps SA view.
• Establish, develop, and implement the NetOps SA technical backbone under the guidance of
CDRUSSTRATCOM.
• Coordinate with the Heads of the DoD Components to establish NetOps in their GIG
architectures and IT standards.
• Act as the DoD single point of contact for the GIG and DoD IT standards development
(including information processing and information transfer).
• Collect, evaluate, and share NetOps-relevant, GIG metrics and performance measurements
following the guidance of CDRUSSTRATCOM.
• Exercise operational authority for NetOps in support of USSTRATCOM operations.
• Manage and monitor NetOps operational control of the IT environment and computing
processing centers following the guidance of CDRUSSTRATCOM.
• Staff and train TNC personnel to operate TNC facilities in accordance with USSTRATCOM
policy and directives.
• Support CDRUSSTRATCOM, identification and tracking of activities that affect security
and performance to include real-time alerts and warnings for anomalies and real-time
response to detected attack activities.
4.2.4 Interagency
One of the key elements in future NCOW is integrating U.S. military relationships with
interagency, coalition, multinational, and NGO actors over the course of an operation.
USNORTHCOM has a large, new role involving multinational, NGO, interagency, and
intergovernmental partnerships and relationships. This integration will require cooperation,
coordination, and synchronization among the U.S. military components and their partners. As
their interactions will be dictated by a combination of policy and capability, they may have both
significant positive and negative impacts on the agility of the organizations and processes
supporting C2 and the behavior of the mission network overall.17
Joint C2 will need to provide a mechanism for organizations, regardless of location, level, or
function, to rapidly integrate physically or virtually. To do this, joint teams that regularly train
together and have a foundation of common TTPs must be created. C2 processes will need to be
developed that allow for multiple players, distributed globally, to form communities of interest
as necessary, and to manipulate information based on their individual and collective
requirements.
17
Joint Command and Control Functional Concept, February 2004, p. 32.
38
The NetOps COI must be able to rapidly link the GIG to other organizations as required to share
information. We must develop NetOps TTPs that allow commanders to connect the GIG to other
organization’s networks in an interoperable yet secure manner. The NetOps COI must be
prepared to work with the following types of organizations:
• Non-DoD USG Organizations

• Intergovernmental Organizations
• Nongovernmental Organizations
• Multinational Military Commands (Alliances and Coalitions)
• State and Local Governments
• Commercial and Research Communities
4.2.4.1 Director of National Intelligence

The DNI, through the Intelligence Community-Chief Information Officer (IC-CIO), will develop
joint procedures with the DoD CIO for NetOps and status information sharing of the IC
Networks.18 The IC-CIO oversees the Intelligence Community-Incident Response Center (IC-
IRC). The IC-IRC is the IC’s single focal point for IC network incident reporting and
management and represents the IC in the NetOps COI.
4.2.4.1.1 Intelligence Community Incident Response Center

JTF-GNO will collaborate with the IC-IRC, a key interagency organization. The IC-IRC is the
IC’s single focal point for IC network incident reporting and management. As per the SECDEF
Memorandum, June 18, 2004, activities involving IC networks, specifically SCI networks, will
be coordinated in accordance with joint procedures approved by the SECDEF and the DNI. Due
to the close inter-dependencies that DoD and IC components have on each other’s networks, it is
essential that reporting procedures be in place to ensure rapid coordination and defense of DoD
and IC networks.
4.2.4.1.2 National Security Agency

NSA performs significant NetOps support functions. NSA provides IA products, solutions, and
services, as well as the operational attack sensing and warning (AS&W) mission NSA executes
in support of defending the GIG. NSA will:
• Serve as the National Manager responsible to the Secretary of Defense for the security of
telecommunications and information systems that are defined as NSS per 44 U.S.C.
• As National Manager, operate and maintain the National Security Incident Response Center
that serves as the coordination point for all National Security Incidents.
• Responsible for Communications Security (COMSEC), specifically, IA in general and CND
in accordance with NSD–42, DoDD C-5200.5, 8500.1 and 8530.
• Ensure availability of IA products and technology.
18
39
• Continual monitoring of DoD and its contractor’s telecommunications and developing all-
source assessments of adversarial threat.
• Establish business processes for identifying and acquiring approved IA technology.
• Review the budgets, and resource allocation for IA activities of the DoD.
• Conduct research and development activities to generate IA techniques and solutions.
• Develop the IA technical framework.
• Plan and manage the DoD PKI.
• Provide layered protection for DoD cryptologic SCI systems.
• Certify and Support CND Services for Special Enclaves.
• Coordinate the design development and maintenance of Special Enclave information systems
and databases.
• Provide network AS&W support to DoD component.
• Provide tailored, all-source, current and long-term analysis addressing the threat of intrusions
into the GIG.
• Collaborate with the NetOps COI in the effective operation and defense of the GIG.
• Provide network AS&W support to JTF-GNO and USSTRATCOM.
• Develop architectural standards, policy, and information systems security engineering (ISSE)
guidance, IA products, Defensive Information Operations (DIO) services, and key
management products and services.
• Provide GIG SA of the NSA/CSS secure communications network and external GIG
connectivity points to IC-IRC.
• Provide analytical and operational support for any CND RA being evaluated.
• Develop the Information Assurance components of the GIG architecture at the direction of
ASD-NII.
• Provide Signals Intelligence relevant to Indications and Warning on Foreign Threats to the
GIG and on capabilities and intentions of potential adversaries.
4.2.4.1.3 The Defense Intelligence Agency

The Defense Intelligence Agency (DIA) performs significant NetOps functions. DIA will:
• Be responsible for developing, implementing, and managing the configuration of

information, data, and communications standards for intelligence systems, in coordination
with the Joint Staff, Services, other agencies, and OSD.
• Establish defense-wide intelligence priorities for attaining interoperability between tactical,
theater, and national intelligence related systems and between intelligence related systems
and tactical, theater, and national elements of the GIG.
• Exercise operational management of JWICS via the JWICS Network Operations Center.
• Provide required reports to the IC IRC as defined in paragraph 4.2.4.1.1.
• Provide GIG situational awareness of the JWICS and external GIG connectivity points to
JTF-GNO.
40
• Assign IP addresses for DoD SCI users. DIA shall coordinate IP address assignments with
DISA to preclude establishing duplicate IP addresses.
4.2.4.2 National Communications System

The National Communications System (NCS) coordinates National Security/Emergency
Preparedness communications for the Federal Government as well as the Communication
Emergency Support Function under the National Response Plan. The National Coordinating
Center (NCC) within the NCS serves as the Information Sharing and Analysis Center (ISAC) for
the telecommunications industry. As such, the NCS/NCC functions as an important link for the
JTF-GNO and USNORTHCOM with the telecommunications industry. This link can be
exploited to assist in commercial circuit restoration. Additionally, the NCS provides the JTF-
GNO access to all Federal Government Priority communications systems including the
Government Emergency Telecommunications Service (GETS), the Wireless Priority System
(WPS) and the Telecommunications Service Priority (TSP) system. The NCS, as the lead for the
National CIP Telecommunications Sector, can also assist on critical infrastructure analysis of the
commercial telecommunications assets upon which the DoD depends.
4.3 NetOps C2 Structure

4.3.1 Global NetOps C2
Figure 10 graphically portrays the C2 relationships for Global NetOps. CDRUSSTRATCOM is
the Supported Commander for Global NetOps. The other COCOMs are Supporting
Commanders to USSTRATCOM for Global NetOps. This relationship gives
CDRUSSTRATCOM the authority to direct the CC/S/As to take action to ensure the availability
and integrity of the GIG. While this Supported relationship gives CDRUSSTRATCOM global
authority, it does not take away the COCOM’s authority over their assigned NetOps forces. For
Global NetOps issues, USSTRATCOM will issue orders and alerts through JTF-GNO to the
CC/S/A. COCOMs will direct compliance with these directives using their inherent authority
over their AOR. This construct will allow USSTRATCOM to exercise its global authority while
strengthening the responsibilities of the other COCOMs. The TNCs fall under the OPCON of
JTF-GNO for Global NetOps issues. This will allow the JTF-GNO to immediately direct action
by the TNCs when necessary to protect the GIG. JTF-GNO will ensure that the Combatant
Commanders are informed about all Global NetOps issues. However, on occasions when
immediate responses are necessary, the Combatant Commanders will be notified concurrently as
the response actions are being made. This OPCON relationship gives JTF-GNO the authority to
issue immediate directives when necessary. However, the TNCs will provide direct support to
the TNCCs and general support to the GNCCs in executing JTF-GNO Global NetOps directives.
JTF-GNO will exercise OPCON of Service NetOps units, to include NOSCs and CERTs, as
assigned by CDRUSSTRATCOM. Defense agencies will follow the NetOps orders and
directives issued by USSTRATCOM and JTF-GNO. Service and Agency Systems Management
Centers (SMC) and Central Design Authorities (CDA) are in general support of JTF-GNO
ensuring that the systems they operate or provide as parts of the GIG are compliant with JTF-
GNO guidance.
41
Figure 10: Global NetOps C2
42
4.3.2 Theater NetOps C2
Figure 11 graphically portrays the C2 relationships for Theater NetOps. GCCs are the Supported
Commander for Theater NetOps. GCCs have the authority to direct efforts and actions that
affect the portions of the GIG in their AORs. The GCC exercises OPCON of all assigned
NetOps forces and GIG assets in their theater. The USSTRATCOM TNC is under the TACON
of the GCC for Theater NetOps issues. The GCC TNCC is responsible for the operation of the
GIG assets in their theater and issues directives to the TNC and Component NetOps
organizations to ensure that the GIG assets in their theater supports the theater mission.
USSTRATCOM and JTF-GNO are in support of the GCC and ensure that the GIG is capable of
supporting the GCC’s requirements. When there are conflicts or resource contention between
COCOMs’ requirements, JTF-GNO will de-conflict resource requirements. Competing resource
requirements that cannot be resolved will be forwarded through CDRUSSTRATCOM to the
CJCS for adjudication. The Services and Agencies may establish theater-level NOSCs or provide
24x7 theater level responsiveness to GCC direction, requests for information, and SA. Either the
global or theater NOSC will provide theater GIG visibility to the TNC and other DoD
Component NOSCs as required. This Service/Agency NOSC will also serve as a central point of
contact for operational matters and emergency provisioning for a supported COCOM. This will
enable improved GIG SA at all levels of the command structure and facilitate end-to-end GIG
management.
Figure 11: Theater NetOps C2
43
5 Collaborative NetOps C2 Process
“The source of flexibility is the synergy of the core competencies of the individual Services,
integrated into the joint team.”
~ Joint Vision 2020
5.1 Overview
C2 is the ability to recognize what needs to be done in a situation and to ensure that effective
actions are taken to achieve the desired effect with minimum adverse impact. At its core, C2 is
about decision-making and the individuals who make decisions. NetOps C2 must be a joint
decision-making process that is dynamic, decentralized, distributed, and highly adaptive.
Enabled by a robust, secure, integrated network, and through the employment of CIEs, the
NetOps COI will possess a seamless C2 capability. Supported by skilled personnel trained in
joint NetOps and standardized NetOps TTPs, the NetOps COI will be able to create desired GIG
effects at the right time and place to accomplish the mission.
As discussed in the Joint Command and Control Functional Concept, the Joint C2 process is
envisioned as the way that net-centric forces will execute C2. The Joint C2 approach applies to
all echelons of command, across all military functions, and encompasses the full range of
military operations. It consists of a combination of both the basic C2 and the collaborative C2
processes. The basic C2 process is the systematic and continuous process that commanders
perform in order to recognize what needs to be done and to ensure appropriate actions are taken.
Collaboration is defined as joint problem solving for the purpose of achieving shared
understanding, making a decision, or creating a product. In the context of Joint C2, collaboration
is enabled by the CIE and is used to coordinate, accelerate, and ground in an expanded
information resource base, the development of decisions and actions across multiple basic C2
process loops.
As a net-centric operation, the Joint C2 and Net-Centric Environment Joint Functional Concepts
as well as joint doctrine19guide the design of the NetOps C2 process that is described in this
CONOPS. The NetOps C2 process will allow the NetOps COI, an extremely diverse and
dispersed community, to interact with directness, informality, and flexibility typical of small
cohesive teams. It will allow the NetOps COI to rapidly adjust its C2 system to the situation at
hand rather than rely on “one size fits all” procedures. And it will allow the NetOps COI to
exploit the benefits of decentralization – initiative, adaptability, and tempo – without sacrificing
coordination and unity of command.
As the COCOM responsible for Global NetOps, CDRUSSTRATCOM influences NetOps

outcomes by:
• Defining the commander’s intent

• Designating the priority effort(s)
19
JP 0-2 Unified Action Armed Forces, 10 Jul 2001, pp. III-14 thru III-17.
44
• Prioritizing and allocating resources
• Assessing risks
• Deciding when and how to make adjustments
• Committing reserves
• Staying attuned to the needs of the NetOps COI
Within CDRUSSTRATCOM’s intent, commanders at all levels make similar NetOps decisions
to ensure that the GIG supports their mission requirements.
5.2 NetOps C2 Process

NetOps C2 processes will be performed collaboratively to improve the speed and quality of the
individual decisions and allow for the rapid and continuous synchronization of multiple decisions
to achieve unity of effort for the GIG. Commanders will rapidly tailor their C2 capabilities to
any situation and will be able to exploit the benefits of decentralization—initiative, adaptability,
and tempo—and achieve flexible synchronization of NetOps without sacrificing unity of
command. This will be achieved through a CIE that enables cohesive teams, regardless of
location, to develop a shared understanding of the commander’s intent and the status of the GIG,
thereby enabling superior NetOps decision-making.
5.2.1 The Basic NetOps C2 Process and Its Component Functions

The basic NetOps C2 process is the systematic execution of the functions that an individual
commander is required to perform in order to recognize what needs to be done and to ensure that
the GIG operates effectively. Each commander, regardless of echelon or function, performs the
same basic NetOps C2 process20 (see Figure 13).
The basic C2 functions are listed below.
• Monitor and collect data on the GIG.

• Develop an understanding of the status of the GIG.
• Develop a course(s) of action and select one.
• Develop a plan to execute the selected course of action.
• Execute the plan, to include providing direction and leadership to subordinates.
• Monitor execution of the plan and adapt as necessary.
20
Boyd, John, COL (ret). Patterns of Conflict. Briefing on competitive organizations; December 1986. The Observe-
Orient-Decide-Act model of C2 (OODA Loop) captures the continuous and cyclical nature of C2 and illustrates the
basic process. Though Boyd’s model is intended to deal with decision making by individuals and groups, it is only
being referenced here to the decision making by individuals.
45
Develop and Develop a
Select a Plan
Course of
Action
Develop an
Execute
Understanding
the Plan
Of the Situation
Monitor
Execution and
Monitor and Adapt as
Collect Data Necessary
Figure 12: The Basic C2 Functions and Process
5.2.1.1 Monitor and collect data on the situation

The ultimate objective of this step in the NetOps C2 process is to discover unresolved NetOps
Events and the detrimental effect they have on the network. These events could be anything from
a very short network outage that corrects itself to a large catastrophic outage. Events range in
severity from small probes of our networks to full scale network attacks. Detecting a NetOps
Event is often done using automated monitoring systems. But network users or administrators
noticing unusual behavior of the network also detect NetOps Events.
Knowing that networks are experiencing unresolved NetOps Events, requires alert system
administrators and network managers with properly configured network monitoring and intrusion
detection software. This is in many respects the most important aspect of Network Operations
because “you don’t know what you don’t know.” The majority of the effort of organizations that
monitor the networks is spent looking for unresolved NetOps Events. This phase of the NetOps
C2 Process requires great diligence and attention to detail. If network-monitoring personnel do
not pay close attention to their monitoring systems and user complaints, NetOps Events can go
unnoticed and can significantly degrade the performance of the GIG.
5.2.1.2 Develop an understanding of the situation

Once a NetOps Event is identified, the next step is to determine the nature, extent, severity, and
impact for the purpose of characterizing, informing, and responding. In general, the objective of
this step is to answer the following questions.
• What is the nature of the NetOps Event?

• What is the impact to the GIG?
• Who or what is causing the problem and why?
46
• What is the impact on current and planned operations?
Of these four questions, determining the Operational Impact is by far the most important. For
example, a large, technically complex, network outage that has no Operational Impact is much
less significant than a small, simple outage that has a significant Operational Impact.
Determining the Operational Impact of a NetOps Event is the critical result of this stage of the
C2 Process, requiring knowledge of the networks and systems associated and the users affected.
Additionally, determining the Operational Impact must not preclude timely notification of a
NetOps Event.
When a NetOps Event has been identified and an initial assessment is complete, the identifying
organization is responsible for expeditiously informing higher, lower and lateral organizations.
Some NetOps Events are so critical that they require real-time information required to alert,
mitigate or respond to the potential damage caused. Other NetOps Events are less critical and
can be reported using less timely means. It is imperative that network operators are aware of the
reporting requirements and methods for each type of NetOps Event and rapidly inform the
higher, lower and lateral organizations. Also of key importance here, is informing the affected
organization(s) as soon as possible.
5.2.1.3 Develop a course(s) of action and select one & Develop a plan to execute the selected
course of action
Once the commander gains an understanding of the NetOps Event, the commander decides on a
course of action. Deciding on a course of action in structured or analytic decision-making
consists of developing several alternatives, assessing the alternatives and then selecting the best
one. 21 In the case of well-understood or rapidly unfolding situations, the decision is made
quickly, with little consideration of developing or assessing alternative courses, in a more
intuitive decision-making style.
These two steps of the NetOps C2 Process are often conducted simultaneously and consist of
developing response options and COA, as well as coordination of those decisions to halt and/or
mitigate the effects of the NetOps Event on the GIG.
The objective of this phase is to determine those actions that will defeat intrusions and/or
mitigate the effects. This phase includes:
• Identification of response options.

• Development of COA based on one or more response options.
• Coordination with the GNC, TNC, TNCC/GNCC, NOSC and other organizations.
5.2.1.4 Execute the plan, to include providing direction and leadership to subordinates
Once the decision is made, the commander puts the decision into action or instructs others to act
in support of the chosen course of action and exercises leadership to motivate others in executing
the decision. This step includes:
21
A course of action may seek to manipulate the adversary’s level of uncertainty and understanding of the operating
environment.
47
• Issuing appropriate orders and direction to the NetOps COI.
• Execution of the selected COA.
5.2.1.5 Monitor execution of the plan and adapt as necessary
Monitoring the execution of the plan allows the commander to observe the results of the
decisions and to adapt as the process starts again.
As this Operational Process is cyclical, it may often take several iterations of the cycle to fully
resolve the NetOps Event. For significant NetOps Events, this continuous cycle could span days
or weeks until the event is resolved.
This process is very generic, but it outlines the general technique for responding to any type of
NetOps Event. However, each NetOps Event will be different and will require attentive
personnel in each NetOps organization that can quickly recognize the unique characteristics of
each event.
5.3 Collaboration
Collaboration is joint problem solving for the purpose of achieving shared understanding,
making a decision or creating a product. It allows experts to integrate their perspectives to better
interpret situations and problems, identify candidate actions, formulate evaluation criteria, and
decide what to do. In the context of NetOps C2, collaboration is used to coordinate the
development of decisions and actions across multiple basic NetOps C2 process loops.
Commanders need to be able to share their observations, understanding, decisions and actions
regarding a situation with other commanders. Collaborating allows commanders to get better
GIG SA, a deeper understanding of the GIG environment, to better comprehend how their
decisions will effect the GIG environment and to coordinate their limited resources with others to
achieve maximum effect in the pursuit of mission success. Collaboration is enabled through a
CIE.
5.3.1 Collaborative C2 Functions

The collaborative C2 functions tie together the basic C2 process loops across echelons and
functions through collaboration. The collaborative C2 functions give the C2 system its agility
and give the commander flexibility in choosing a command methodology.22 They support the
basic C2 functions by providing the commander with access to the observations, understandings,
decisions, and actions of other friendly force commanders. They help a large dispersed group
that is governed by explicit rules and procedures to behave more like a small close group whose
relationships are implicit and informal. The collaborative C2 functions allow teams, such as the
NetOps COI, to be formed quickly from across the echelons and functions to work on specific
issues. They support the decentralization of C2, which increases the initiative, adaptability and
22
Three command methodologies are postulated in Thomas J. Czerwinski, “Command and Control at the
Crossroads,” Parameters, Autumn, 1996, pp. 121-132. The three principle methodologies are command by direction,
command by plan and command by influence. They prescribe an increasing level of decentralization in the
command structure with command by direction having the most centralized structure and command by influence
having the most decentralized.
48
tempo of operations without losing synchronization with other friendly forces. The collaborative
C2 functions enable the commander to maintain unity of effort and unity of command. They
include:
• Networking: Networking is the connecting together of all the decision-makers across

echelons and functions. Networking is enabled by a communications and data infrastructure
employing a robust set of standards that facilitate the exchange of information. It also
facilitates the interaction across echelons and functions.
• Interacting: Interacting is the social part of networking and is the heart of collaboration.
Interacting is facilitated by the development of cohesive teams using collaborative
information tools to exchange information across a network that spans echelons and
functions. Interacting supports the development of trust and the art of command.
• Sharing information: Sharing information makes information available and accessible to
commanders. It assures that all commanders are operating from the same baseline of
information.23 Sharing information improves the quality of awareness and understanding.
• Sharing awareness: Sharing awareness is sharing an initial understanding of the operational
environment such as the current status of the GIG and the current operational impact
assessment. Sharing awareness improves commanders’ understanding because each of them
is working from the same basic information about the GIG.
• Sharing understanding (including sharing commander’s intent): Sharing understanding is a
deeper understanding of the GIG framed by the experience and intuition of commanders
across echelons and functions. Sharing understanding allows subordinate decision-makers to
understand how higher echelons are viewing the overall situation and that allows the
subordinates to make better decisions and to better coordinate their actions with others.
Sharing understanding and the commander’s intent allows subordinate commanders to
undertake initiative that is in line with the higher echelons view of the situation. Sharing
understanding allows NetOps C2 to be more decentralized and more responsive to small but
important changes in the operational environment. It improves the overall speed and quality
of decisions.
• Deciding: Decisions made in a collaborative environment are those made by multiple
decision-makers working together. This is not decision by committee; it does not require a
consensus. It gives each commander an understanding of the decisions being made by others
in pursuit of the mission goals. By making decisions based on the explicit decisions of others,
commanders can make more effective use of their forces because there is less likelihood of
their working at cross purposes.
• Synchronizing: Synchronizing arranges NetOps actions in time, space, and purpose to
produce maximum GIG effectiveness. It brings the actions of the NetOps COI as a whole
into line with the commander’s intent in order to accomplish the NetOps objectives.
Synchronizing allows the commander to make maximum use of the limited resources
available by coordinating their timing and actions. It helps commanders build and maintain
unity of effort across operations that have a diverse set of actors with a range of capabilities.
23
Overall access will be guided by established information security policies.
49
Sharing Deciding
Understanding
Interacting
Sharing Synchronizing
Awareness
Sharing
Information
Networking
Info Sources Forces

Operating Environment
Collaborative C2 Process Chain
Figure 13: Collaborative C2 Process

Each of the collaborative NetOps C2 functions builds on the volume and quality of interaction
among commanders moving through their basic C2 process loop. Commanders who interact
frequently and meaningfully throughout the basic C2 process loops are able to make consistently
better decisions than those who interact less frequently. The collaborative C2 process chain in
Figure 14 shows the value added relationship among the collaborative C2 functions.
5.4 Linking the Basic and Collaborative NetOps C2 Processes

The collaborative NetOps C2 process improves the execution of the basic NetOps C2 process,
both in terms of quality and speed, by providing the individual commander with access to the
information and understandings of other commanders involved with the same mission. By
sharing information, SA and understanding, individual commanders are able to improve their
ability to monitor and collect data on the GIG because they have access to the collection
capabilities of other units. The individual commander is able to develop a more thorough
understanding of the situation by being able to tap into the experience and perspectives of other
individual commanders. COA, the selection of a course of action and the development of plans
to execute the course of action can be developed and executed with the collective knowledge of
the decisions and plans of others. This allows commanders to choose among command by
direction, plan or influence. All commanders, with an understanding of the assumptions and
information available, can monitor the execution of the plan when the course of action was
developed and selected. This allows them to better adapt their future decisions to the dynamics of
the NetOps environment. Figure 14 depicts the relationship between the basic and collaborative
C2 processes. Networking, sharing information and interacting are in the center of the diagram
because they are the respective technical, organizational and cognitive (social) functions that
provide the interconnection between sharing awareness, sharing understanding, deciding, and
synchronizing.
50
Figure 14: Linking the Basic and Collaborative C2 Processes
5.5 NetOps Shared Situational Awareness

5.5.1 Overview
Because of the increasing diversity and scope of organizations and forces involved in NetOps,
the interactions between them become more complicated, requiring new and more capable
collaborative efforts. It is within this area that individuals develop SA and share this awareness
with other entities to produce a shared awareness. This leads to improved understanding at the
individual level and to improved shared understanding. This process enables the creation of
faster, higher quality decisions both individually and collaboratively, as the situation requires.24
5.5.2 NetOps Situational Awareness Capability

An essential enabling capability of NetOps is achieving shared SA of GIG system, network,
information availability, and identification of resources use. The primary purpose is to enhance
knowledge of the GIG to improve the quality and timeliness of collaborative decision-making
regarding the employment, protection and defense of the GIG. To be useful, much of this GIG
SA must be available and shared in near real-time by the relevant decision-makers. This will be
accomplished in phases through initiatives like establishing reporting criteria, consolidation of
reporting mechanisms, providing operational impact assessments, and integrating manual/semi-
automated mechanisms with real-time network and system reporting solutions.
This shared GIG SA will be derived from common reporting procedures and requirements using
enterprise-wide management tools. These tools will collect (or receive), analyze and fuse GEM,
GND and IDM/CS data in near real-time to produce user-defined views of the mission critical
24
Net-Centric Environment Joint Functional Concept, Version 0.9, 8 November 2004, p. 21.
51
GIG information of concern to a commander or NetOps center. The GIG SA capability will
display system, network and information resources, showing their operational status and linkages
to other resources. GIG SA reporting standards will be established and employed to facilitate the
timely sharing of data and consistency of data meaning across the GIG. The specific GIG SA
reporting standards, including timelines and content, will be coordinated with all CC/S/A prior to
implementation. Data collection and dissemination will be automated as much as possible to
reduce human workload and meet reporting timelines.
Network sensors will provide unprocessed data to enterprise data storage, referenced via the
meta-data catalogue, to support SA of the enterprise to those organizations conducting NetOps at
the global, theater, and enclave levels. This aligns with OSD(NII) meta-data strategies and the
net-centric concepts of using raw data into a storage process that is referenced (searched) via that
meta-data tagging. NetOps Centers (e.g. JTF-GNO, TNCCs) establish their access profiles and
gain the sensor data according to that access profile.
SINGLE INTEGRATED NETWORK

SITUATIONAL AWARENESS VIEW
FILTERED & FUSED,

OVERLAYS
Fault Management
- Alarm Surveillance - Fault Correction
- Fault Localization - Test Management
- Trouble Administration
System and Network

NAVFOR Performance Management MARFOR
- Traffic Measurement - Mean Delay Time
- Probability of Congestion - Quality of Service
ARFOR - Response Time - Probability of Delay

TNC/GNC
- Throughput - Availability
IA Event Management
AFFOR - Event Type - Affected Systems
IC
- Source of Attack - Corrective Action
Coalition
Figure 15: GIG SA Reporting Flow
CC/S/A, JTFs, and NetOps Centers will use the GIG SA capability to rapidly provide
information on systems and networks to military leadership at all levels, as well as other
supporting commands and agencies. CC/S/A, JTF and NetOps Centers will collaboratively use
the information from the GIG SA capability to rapidly make decisions on operating the GIG. A
key tool for commanders in planning and executing joint operations, the GIG SA capability
enhances the flow of information between the senior military leadership, JS, and Commanders
by supplementing and amplifying Situation Reports (SITREP), Operations Reports (OPREP),
Communications Spot Reports (COMSPOT), Communications Status (COMSTAT) reports,
IAVAs, and network trouble ticketing systems. It will present a “fused” picture of GEM, GND,
and IDM/CS postures, including the “health and status” of the GIG, to allow key decision
makers to better understand their system configurations and their information sharing capabilities
52
in relationship to operational needs at the strategic, operational, and tactical levels. The GIG SA
capability will extend from the NMCC to deployed forces supporting a Joint, Combined, or
Single-Service task force. It will extend through the DoD operational construct to include
information on system and network services at base/post/camp/station and mobile platforms.
This will include visibility of IC and outsourced systems and networks provided by contractors,
such as the Navy/Marine Corps Intranet (NMCI).
The sharing of GIG SA between DoD and the IC was directed in the SECDEF June 18, 2004
memorandum25. This can only be accomplished through a collaborative effort amongst the
CC/S/A, JTFs, and the IC to collect and share information regarding the health and status of their
portions of the GIG.
5.5.3 NetOps Situational Awareness Content

GIG SA is the integrated capability to receive, correlate, and display a functional or Theater-
level view of systems and networks (voice, video and data). As depicted in Figure 15, it will
reflect status, performance, and IA data. The GIG SA capability will include overlays and
projections (i.e., location of friendly, hostile, and neutral units, assets, and reference points). At
a minimum, it will include system and network fault and performance status as well as
significant information assurance reports such as, network intrusions or attacks. Appropriate
IDM/CS information will be added as this capability is developed. Integrated into the GIG SA
will be the ability to accurately assess the operational impact with NetOps events.
The GIG SA capability will graphically display GIG system and network services, key nodes and
links/circuits, and, health and status information. By integrating the GEM, GND, and IDM/CS
status information, network operators will have a single source for displaying and analyzing
network congestion, outages, GND probes, attacks or defensive posture, system information
including software applications, as well as information accessibility. It will provide the
capability to filter, tailor, and present relevant views of GIG operations at any level of command.
Content will be easily and quickly altered to reflect changing interests and adapted to changing
operational requirements.
Integrated into the GIG SA will be the ability to quickly and accurately assess the operational
impact with NetOps events. The GIG SA capability will display a view of which GIG resources
are supporting which mission allowing a quick determination of the operational impact of any
GIG disruption.
5.5.4 NetOps Situational Awareness Responsibilities

GIG SA and capability restoration will require proactive management by the operational staffs
and will require the same approach as is now required by normal high-level and detailed network
planning. As a start, through a collaborative effort between the CC/S/A, JTFs, and NetOps
Centers, listings of mission critical system and network services/resources/assets, and critical
customers (decision-makers) will be established, and restoration priorities will be applied to all
25
53
items listed. A collaborative effort must also identify the concept for knowing when resources
are actively being used or plan to be used by a COCOM.
At a minimum, for all GIG system and network services/resources/assets, this requires an
accurate inventory; FCAPS status information; data/information exchange requirements;
information assurance conditions (including standardized alert thresholds); and appropriate
IDM/CS information. The GIG SA software capability will be the instrument that commanders
employ to this end.
Responsibilities for building and maintaining GIG SA are described in the following sections.
5.5.4.1 Combatant Commander Responsibilities

The COCOMs, through the supporting role of the TNC and GNSC, exercise operational control
over their portions of the GIG SA information resources (data stores, databases, graphical views,
etc.). The COCOM establishes priorities for information collection, filtering, display,
dissemination, etc. Consistent with these priorities, the COCOM will follow ASD(NII) guidance
regarding the release of GIG SA information to supporting, multinational forces, as well as non-
DoD activities. Subordinate and supporting commands (Service Component, Functional
Component, Sub-Unified, and JTF) will provide fault, GND event, and performance data on all
systems and networks within their commands. On behalf of the COCOM, the TNC and GNSC
will consolidate and correlate this data to generate a single integrated GIG SA picture/view that
will be available to all organizations via the Secret Internet Protocol Router Network (SIPRNet).
5.5.4.2 Component, Service, Agency, Sub-Unified, and JTF Responsibilities

Component, JTF, Sub-Unified, Service, and Agency NOSCs will be responsible for assimilating
and integrating NetOps SA data of their respective areas of responsibility. Each NOSC will
install, maintain, and operate network management and intrusion detection software and populate
a local database to build a near real-time view of their domain. Firewall configurations will be
maintained to ensure the integrity of the network while enabling essential GIG SA information
exchange. Each local configuration database will provide an input to the next echelon (e.g., base
region theater global). Defense in depth activities and installations will follow the
prescribed configuration. Virtual views of the entire enterprise can be created at any level:
theater, region, base, etc. For example, a theater GIG SA view will be generated through an
aggregation of Component level system and network status and performance databases. This
may be augmented by incorporating GIG SA for other parts of the GIG of interest to that
commander. For example, a commander may need to monitor GIG resources supporting
intelligence or logistics reach back capabilities supporting his command.
Services and Agencies will instrument their portions of the GIG in order to establish and
maintain SA. For example, the Navy has expressed concerns with furthering the development of
Sensor Strategy, Indications and Warnings (I&W), and Daily and Real Time Readiness
Assessments in order to better provide SA. Service and Agencies will provide SA of their
portions of the GIG to the TNCs, the GNC, JTF-GNO, USSTRATCOM and their Service /
Agency leadership. This SA will include a tailored view of their systems and networks.
54
Appendix A: References
1. Alberts, Gartska and Stein, Network Centric Warfare: Developing and Leveraging
Information Superiority. 2nd Edition (Revised), located at
http://www.dodccrp.org/publications/pdf/Alberts_NCW.pdf
2. CJCSI 6215.03 GIG Network Operations (in draft)
3. Commander, US Strategic Command Memorandum “Establishment of Joint Functional

Component Command for Network Warfare”, 20 January 2005.
4. Concept Lexicon, 27 October 2004, located at

http://www.dtic.mil/jointvision/ideas_concepts/lexicon_full.doc
5. Department of Defense Transformation Planning Guidance, April 2003.
6. DoD Net-Centric Data Strategy, 9 May 2003, located at

http://www.netcentricfcb.org/AdditionalReferences/Net-Centric-Data-Strategy-2003-05-
092.pdf
7. DoDD 2000.12 DoD Antiterrorism (AT) Program , 18 Aug 2003, located at

http://www.dtic.mil/whs/directives/corres/html/200012.htm
8. Interagency Management of Complex Crisis Operations Handbook, Jan 2003, located at

http://www.ndu.edu/ITEA/storage/518/ITEA_Handbook_2003.pdf
9. Joint Chiefs of Staff Standing CND EXORD, 19 May 2005.
10. Joint Command and Control Functional Concept, Version 1.0, December 2003, located at
http://www.dtic.mil/jointvision/jroc_c2_jfc.doc
11. Joint C4 Campaign Plan, September 2004, located at

http://www.dtic.mil/jcs/j6/c4campaignplan/Joint_C4_Campaign_Plan.pdf
55
12. Joint Operations Concepts, November 2003, located at
http://www.dtic.mil/jointvision/secdef_approved_jopsc.doc
13. Joint Staff J-7, “An Evolving Joint Perspective: US Joint Warfare and Crisis Resolution
in the 21st Century,” 28 Jan 2003, located at
http://www.dtic.mil/jointvision/jwcr_screen.pdf
14. JP 0-2 Unified Action Armed Forces (UNAAF), 10 Jul 2001, located at
http://www.dtic.mil/doctrine/jel/new_pubs/jp0_2.pdf
15. JP 1-02 Department of Defense Dictionary of Military and Associated Terms, 7 Oct
2004, located at http://www.dtic.mil/doctrine/jel/DoDdict/index.html
16. JP 3-0 Doctrine for Joint Operations, 10 Sep 2001, located at

17. JP 3-08 Interagency Coordination During Joint Operations, Volumes I and II, 9 Oct 1996,
located at http://www.dtic.mil/doctrine/jel/new_pubs/jp3_08v1.pdf and
http://www.dtic.mil/doctrine/jel/new_pubs/jp3_08v2.pdf
18. JP 3-13 Joint Doctrine for Information Operations, 9 Oct 1998, located at
19. JP 6-0 Doctrine for Communications System Support to Joint Operations, 14 Feb 2005
(Final Coordination (2)), located at
http://www.dtic.mil/doctrine/jel/ddrraafftt_pubs/6_0fc.pdf
20. Net-Centric Environment Joint Functional Concept, Version 0.9, 8 November 2004,
located at http://www.netcentricfcb.org/FrontPage/NetCentricJFCV09.doc
21. Perrow, Charles, “Normal Accidents: Living with High Risk Technologies,” Basic
Books, NY, 1984.
22. Quadrennial Defense Review Report, 30 September 2001.
56
23. Secretary of Defense Memorandum, “Assignment and Delegation of Authority to
Director, Defense Information Systems Agency (DISA),” 18 Jun 2004.
24. Toffler, Alvin. War and Anti-War. Boston, MA: Warner Books. 1993.
25. Unified Command Plan 2004, March 2005.
26. United States Department of Defense, Computer Network Defense Strategy for Defense
in Depth, 28 September 2004.
27. U.S. Army NETCOM, “U.S. Army NetOps Architecture”, December 2004.
28. US Joint Forces Command, “The Joint Operational Environment: Into the Future, Mar
2004.
57
Appendix B: Glossary
This Glossary is intentionally limited to those terms having very significant impact on the
content of the base document. For the balance of terms used this document the reader is directed
to Joint Publication 1-02, “DoD Dictionary of Military and Associated Terms.” The contents of
JP 1-02 can be found on the Internet at http://www.dtic.mil/doctrine/jel/doddict/.
Collaboration: Collaboration is joint problem solving for the purpose of achieving shared
understanding, making a decision or creating a product. It allows experts to integrate their
perspectives to better interpret situations and problems, identify candidate actions, formulate
evaluation criteria, and decide what to do. In the context of NetOps C2, collaboration is used to
coordinate the development of decisions and actions across multiple basic NetOps C2 process
loops.
Command Authorities: The DoD has three forms of operational command authority. These
are Combatant Command (COCOM), Operational Control (OPCON), and Tactical Control
(TACON). Each of these authorities is defined below.
Combatant Command (command authority): COCOM is nontransferable command authority

established by title 10 (“Armed Forces”), United States Code, section 164, exercised only by
Commanders of unified combatant commands unless otherwise directed by the President or the
SECDEF. COCOM cannot be delegated and is the authority of the combatant commander to
perform those functions of command over assigned forces involving organizing and employing
commands and forces, assigning tasks, designating objectives and giving authoritative direction
over all aspects of military operations, joint training, and logistics necessary to accomplish the
missions assigned to the command. COCOM (command authority) should be executed through
the Commanders of subordinate organizations. Normally this authority is exercised through
subordinate Joint Force Commanders and Service and/or functional component Commanders.
COCOM (command authority) provides full authority to organize and employ commands and
forces, as the combatant commander considers necessary to accomplish assigned missions.
Operational control is inherent in COCOM (command authority).26
Information Dissemination Management / Content Staging: The technology, processes, and

policy necessary to provide awareness of relevant, accurate information; automated access to
newly discovered or recurring information; and timely, efficient and assured delivery of
information in a usable format.
Direct Liaison Authorized: DIRLAUTH is the authority granted by a commander (any level)
to a subordinate to directly consult or coordinate an action with a command or agency within or
outside of the granting command. DIRLAUTH is the key enabler to overcome cultural and
political barriers regarding information sharing. DIRLAUTH will authorize the continuous
electronic near real time exchange of critical NetOps configuration and status information that
will result in situational awareness and stimulate the NetCOP.
26
Joint Pub 1-02, Unified Action Armed Forces (UNAAF)
58
Effect: A result or impact created by the application of military or other power.
Forces: Organizations, which operate and maintain the global information grid.
Global Information Grid: The Global Information Grid and its assets are defined in DoD
Directive 8100.1, as follows:
• Globally interconnected, end-to-end set of information capabilities, associated processes, and
personnel for collecting, processing, storing, disseminating, and managing information on
demand to warfighters, policy makers, and support personnel. The GIG includes all owned
and leased communications and computing systems and services, software (including
applications), data security services, and other associated services necessary to achieve
Information Superiority. It also includes NSSs as defined in section 5124 of the Clinger-
Cohen Act of 1996. The GIG supports all DoD, National Security, and related Intelligence
Community (IC) missions and functions (strategic, operational, tactical, and business) in war
and in peace. The GIG provides capabilities from all operating locations (bases, posts,
camps, stations, facilities, mobile platforms, and deployed sites). The GIG provides
interfaces to coalition, allied, and non-DoD users and systems.
• The GIG includes any system, equipment, software, or service that meets one or more of the
following criteria:
Transmits information to, receive information from, routes information among, or
interchanges information among other equipment, software, and services.
Provides retention, organization, visualization, information assurance, or disposition of
data, information, and/or knowledge received from or transmitted to other equipment,
software, and services.
Processes data or information for use by other equipment, software, and services.
Non-GIG IT – Stand-alone, self-contained, or embedded IT that is not or will not be connected to
the enterprise network.
GIG Enterprise Management: The technology, processes, and policy necessary to effectively
operate the systems and networks that comprise the GIG.
GIG Network Defense: The technology, processes, and policy necessary to provide end-to-end
protection to ensure data quality, protection against unauthorized access and inadvertent damage
or modification, and CIP.
Global NetOps Center: The JTF-GNO Command Center responsible for executing the daily
operation and defense of the GIG. The GNC directs, manages, controls, monitors, and reports on
essential elements and applications of the GIG in order to ensure its availability to support the
needs of the President, SecDef, Combatant Commanders, Services, Agencies, business and
intelligence domains.
Global NetOps Control Center: The GNCC monitors the Combatant Commander’s GIG
assets, determines operational impact of major degradations and outages, and coordinates
responses to degradations and outages that affect joint operations. Each GNCC will coordinate
with the GNC and supporting TNC any mission or operational impacts that are associated with
59
system/network anomalies or resource limitations. The primary mission of a GNCC is to advise
the FCC and ensure the portion of the GIG resources supporting that Commander’s assigned
missions and operations are optimized.
Global NetOps Event: Those activities that require a coordinated response amongst affected
Combatant Commanders, Military Services, Defense Agencies and other members of the NetOps
COI.
Information superiority: Information Superiority is the capability to collect, process, and

disseminate an uninterrupted flow of information while exploiting or denying an adversary’s
ability to do the same. (JP1-02) Information superiority is achieved in a non-combat situation or
one in which there are no clearly defined adversaries when friendly forces have the information
necessary to achieve operational objectives.
Net-Centricity: Net-centricity is “the realization of a robust, globally networked environment

(interconnecting infrastructure, systems, processes, and people) within which data is shared
seamlessly and in a timely manner among users, applications, and platforms. By securely
interconnecting people and systems, independent of time or location, net-centricity enables
substantially improved military situational awareness and significantly shortened decision
making cycles. Users are empowered to better protect assets; more effectively exploit
information; more efficiently use resources; and unify our forces by supporting extended,
collaborative communities to focus on the mission.”
Net-Centric Operations and Warfare: NCOW is the application of net-centricity to the

activities of the DoD, both day-to-day business and warfighting. NCOW describes how DoD
will conduct business operations, warfare, and enterprise management in the future. It is based
on the information technology concept of an assured, dynamic, and shared information
environment that provides access to trusted information for all users based on need, independent
of time and place.
Net-Centric Services: Net-centric services will provide DoD organizations ubiquitous access to
reliable, decision-quality information through net-based services infrastructure and applications
to bridge a real-time or near-real-time community of interest (COI). The services will empower
the edge user to pull information from any available source, with minimal latency, to support the
mission. Its capabilities will allow GIG users to task, post, process, use, store, manage and
protect information resources on demand for warriors, policy makers and support personnel.
NetOps: NetOps is defined as the operational construct consisting of the essential tasks,
situational awareness, and command and control that Commander, US Strategic Command will
use to operate and defend the Global Information Grid. NetOps will provide assured net-centric
services in support of DoD’s full spectrum of war fighting, intelligence, and business missions
throughout the GIG, seamlessly, end-to-end.
NetOps Community of Interest: The term used to describe the collaborative group of
organizations responsible for operating and defending the GIG.
60
NetOps Event: A NetOps event is a collective term for all NetOps activities that have the
potential to impact the operational readiness of the GIG.
Network Operation and Security Center: A NOSC maintains constant vigilance over system
and network operations and defense in support of the user by exercising day-to-day management,
control, and security of those system and network services. It also maintains the situational
awareness for their portion of the GIG.
Operational Control: OPCON is transferable command authority that may be exercised by

Commanders at any echelon at or below the level of combatant command. Operational Control
is inherent in COCOM (command authority) Operational control may be delegated and is the
authority to perform those functions of command over subordinate forces involved in organizing
and employing commands and forces, assigning tasks, designating objectives, and giving
authoritative direction necessary to accomplish the mission. OPCON includes authoritative
direction over all aspects of military operations and joint training necessary to accomplish
missions assigned to the command. OPCON should be exercised through the Commanders of
subordinate organizations. Normally this authority is exercised through subordinate Joint Force
Commanders and Service and/or functional component Commanders. OPCON normally
provides full authority to organize commands and forces and to employ those forces, as the
Commander in OPCON considers necessary to accomplish assigned missions. OPCON does
not, in and of itself, include authoritative direction for logistics or matters of administration,
discipline, internal organization, or unit training.27
Situational Awareness: The application of Information Age technology to military C2 resulting

in an information superiority-enabled concept of operations that generates increased combat
power by networking sensors, decision makers and shooters to achieve shared awareness,
increased speed of command, higher tempo of operations, greater lethality, increased
survivability, and a degree of self-synchronization. In essence, NCOW translates information
superiority into combat power by effectively linking knowledgeable entities in the battlespace.
Tactical Control: TACON is the command authority over assigned or attached forces or
commands, or military capability or forces made available for tasking, that is limited to the
detailed and, usually, local direction and control of movements or maneuver as necessary to
accomplish missions or tasks assigned. TACON is inherent in OPCON. TACON may be
delegated to, and exercised at any level at or below the level of combatant command.
Theater NetOps Center: A center that is responsible for the effective operation and defense of
the GIG within the theater and for providing support to the GCC. The TNC develops, monitors,
and maintains a GIG SA view for the theater.
Theater NetOps Control Center: The primary mission of the TNCC is to lead, prioritize, and
direct s Theater’s GIG assets and resources to ensure they are optimized to support the GCC’s
assigned missions and operations, and to advise the Combatant Commander of the ability of the
GIG to support current and future operations.
27
Joint Pub 1-02, Unified Action Armed Forces (UNAAF)
61
Theater NetOps Event: Theater NetOps Events are those NetOps activities conducted by the
GCCs within their theater to ensure the GIG supports operations in the theater.
62
Appendix C: Acronyms
This List of Acronyms is provided for the convenience of the reader and is intended to reflect
those acronyms used in the base document. As this document evolves and changes every effort
will be made to keep it current and consistent. However, if an error or inconsistency is found,
the reader is directed to Joint Publication 1-02, “DoD Dictionary of Military and Associated
Terms.” The Joint Acronyms and Abbreviations portion of JP 1-02 can be found on the Internet
at http://www.dtic.mil/doctrine/jel/doddict/acronym_index.html.
ACERT Army Computer Emergency Response Team

AGNOSC Agency Global Network Operations and Security Center
AOR Area of Responsibility
ANOSC Army Network Operations and Security Center
ARSTRAT Army Service Component Command to STRATCOM
AS&W Attack Sensing and Warning
ASD(HD) Assistant Secretary of Defense for Homeland Defense
ASC Army Signal Command
ASD(NII) Assistant Secretary of Defense for Networks and Information Integration
AT&L Acquisition Technology and Logistics
ATNOSC Agency Theater Network Operations and Security Center
A2TOC ANOSC/ACERT Tactical Operations Center
C4ISR Command, Control, Communications, Computers, Intelligence, Surveillance, and
Reconnaissance
CC/S/A Combatant Commands, Services, and Agencies
CDA Central Design Authorities
Cdr, JTF-GNO Commander, Joint Task Force-Global Network Operations
CDRUSSTRATCOM Commander, US Strategic Command
CIE Collaborative Information Environments
CIO Chief Information Officer
CJCS Chairman, Joint Chiefs of Staff
CJCSI Chairman, Joint Chiefs of Staff Instruction
CJCSM Chairman, Joint Chiefs of Staff Manual
CNA Computer Network Attack
CND Computer Network Defense
CND RA Computer Network Defense Response Actions
CNE Computer Network Exploitation
CNO Computer Network Operations
COA Course of Action
COCOM Combatant Command
COE Common Operating Environment
COI Community of Interest
COMPUSEC Computer security
COMSEC Communications security
COMSPOT Communications Spot Reports
COMSTAT Communications Status
CONOPS Concept of Operations
CONUS Continental United States
COTS Commercial-Off-the-Shelf
DHS Department of Homeland Security
DIO Defensive Information Operations
DIRLAUTH Direct Liaison Authority
DISA Defense Information Systems Agency
DISN Defense Information Systems Network
DISR DoD IT Standards Registry
63
DNI Director of National Intelligence
EMSEC Emission security
FCAPS Fault, Configuration, Accounting, Performance, And Security
FCC Functional Combatant Command
GCC Geographic Combatant Command
GEM GIG Enterprise Management
GETS Government Emergency Telecommunications Service
GIG Global Information Grid
GISMC Global Infrastructure Enterprise Services Center
GNC Global NetOps Center
GNCC Global NetOps Control Center
GND GIG Network Defense
GNSC Global NetOps Support Center
GOTS Government-Off-the-Shelf
IA Information Assurance
IAVA Information Assurance Vulnerability Alert
IC Intelligence Community
IC-CIO Intelligence Community-Chief Information Officer
IC-IRC Intelligence Community Incident Response Center
IDM/CS Information Dissemination Management / Content Staging
IM Information Manager
INFOCON Information Operations Condition
INFOSEC Information security
INSCOM Intelligence and Security Command
IO Information Operations
ISAC Information Sharing and Analysis Center
ISSE Information Systems Security Engineering
IT Information Technology
I&W Indications and Warnings
JCIDS Joint Capabilities Integration and Development System
JFCC Joint Functional Component Command
JFCC-NW Joint Functional Component Command for Network Warfare
JNCC Joint NetOps Control Center
JS Joint Staff
JTF Joint Task Force
JTF-GNO Joint Task Force-Global Network Operations
LE&CI Law Enforcement and Counter-Intelligence
MAJCOMS Major Commands
MARFOR Marine Forces
MCNOSC Marine Corps Network Operations and Security Command
METL Mission Essential Task List
NAVFOR Navy Forces
NCC National Coordinating Center
NCES Net-Centric Enterprise Services
NCOW Net-Centric Operations and Warfare
NCOW-RM Net-Centric Operations and Warfare-Reference Model
NCS National Communications System
NETCOM Network Enterprise Technology Command
NGO Non-Government Organizations
NMCC National Military Command Center
NMCI Navy/Marine Corps Intranet
NOSC Network Operations and Security Center
NSA National Security Agency
NSC Network Service Centers
NSS National Security Systems
NTCMS Naval Telecommunications Master Station
64
OPCON Operational control
OPREP Operations Reports
PIR Priority Information Requirements
PM Program Managers
PMO Program Management Office
POP Points of presence
PPBES Planning, Programming, Budgeting, and Execution System
RA Response Action
RFS Request for service
RNOSC Regional Network Operations and Security Center
ROE Rules of Engagement
SA Situational Awareness
SATCOM Satellite Communications
SCI Sensitive Compartmented Information
SECDEF Secretary of Defense
SIPRNet Secret Internet Protocol Router Network
SITREP Situational Report
SGNOSC Service Global Network Operations and Security Center
SLA Service Level Agreement
SMC Systems Management Centers
SMDC Space Missile Defense Command
SOF Special Operations Forces
STNOSC Service Theater Network Operations and Security Center
STEP Standard Tactical Entry Point
TACON Tactical Control
TNC Theater NetOps Centers
TNCC Theater NetOps Control Center
TNOSC Theater Network Operations and Security Center
TSO Telecommunication Service Order
TSP Telecommunications Service Priority
TSR Telecommunication Service Requests
TTP Tactics, Techniques, and Procedures
UCP Unified Command Plan
USA SMDC US Army Space and Missile Defense Command
USD(I) Under Secretary of Defense for Intelligence
USN US Navy Network Warfare Command
NETWARCOM
VTC Video teleconferencing
WPS Wireless Priority System
XNCC Sub-Unified NetOps Control Center
65

CONOPS For NetOps

Uploaded by

Copyright:

Available Formats

CONOPS For NetOps

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CONOPS For NetOps

Uploaded by

Copyright:

Available Formats

10 August 2005

Joint Concept of Operations for

Global Information Grid NetOps

NetOps Essential Tasks – NetOps is an integrated approach to accomplishing the three

Executive Summary ..................................................................................................................... iii

Table of Contents .......................................................................................................................... v

List of Figures............................................................................................................................. viii

2 NetOps Essential Tasks ........................................................................................................ 5

3 NetOps Command and Control Operating Principles .................................................... 11

4 NetOps C2 Structure & Relationships.............................................................................. 16

5 Collaborative NetOps C2 Process...................................................................................... 44

Appendix B: Glossary ........................................................................................................... 58

Appendix C: Acronyms ......................................................................................................... 63

Figure 1: NetOps Essential Tasks and Effects............................................................................... 3

• Monitor the performance and capabilities of the GIG.

An objective of net-centric services is to quickly get information to decision-makers, with

Figure 1: NetOps Essential Tasks and Effects

The three desired effects are further discussed below.

2.2 GIG Enterprise Management

2.2.1 Information Technology Services

2.2.2 Critical Capabilities

2.2.3 Effects Enablers

2.3 GIG Network Defense

2.3.1 Fundamental Attributes

• Protection. Prior actions taken to counter vulnerabilities in GIG information transport,

2.3.2 Critical Capabilities

2.3.3 Effects Enablers

2.4 Information Dissemination Management / Content Staging4

2.4.1 Core Services

2.4.2 Critical Capabilities

2.4.3 Effects Enablers

The tenets of NCOW that dramatically increase mission effectiveness9 are:

3.2 Net-Centric Operation and Defense of the GIG

3.2.1 Self-Synchronization of NetOps

The requirements for achieving self-synchronization are:

• A clear and consistent understanding of command intent.

• Increase the opportunity for lower-level NetOps organizations to operate nearly

3.3 C2 and NetOps Decision Making

3.3.1 Theater & Global NetOps Events

3.3.1.2 Global NetOps Events

3.3.2 Principles of NetOps Command and Control

• The objective of NetOps C2 activities is Self-synchronized operation of the GIG.

4.1 NetOps Community of Interest

4.2 Organizational Roles and Capabilities

In order to operationalize missions assigned to USSTRATCOM, the commander delegated

Figure 2: USSTRATCOM Operational C2 Structure

4.2.1.1 Commander, Joint Functional Component Command for Network Warfare

4.2.1.2 Commander, Joint Task Force-Global Network Operations

1. Direct Operations and Defense of the GIG.

Figure 3: JTF-GNO Staff Organization

4.2.1.2.1 Global NetOps Center

• Direct the operation and defense of the GIG.

Figure 4: JTF-GNO Operational Forces

4.2.1.2.2.1 Commander, Global NetOps Support Center

To carry out its mission, the GNSC will:

• Operate and maintain the backbone services of the GIG.

4.2.1.2.2.2 Commander, Theater NetOps Center

To carry out its mission, the TNC will:

4.2.1.2.2.3 Commander, GIG Infrastructure Services Management Center