Doctrine Cyber & Info

Study Military Affairs, Study War, Study Combat Operations | Grasping the New Changes in Cyberspace Operations

研究军事、研究战争、研究打仗丨把握网络空间作战新变化

PLA Daily (解放军报) 14 May 2026

Summary

A PLA-affiliated article authored by Kong Rui and Jiao Dawei outlines four doctrinal shifts the authors argue are reshaping Chinese cyberspace operations: from isolated virtual confrontation to all-domain integration, from specialized units to systems-integrated force structures, from static defense to AI-enabled dynamic offense-defense, and from single-node strikes to cross-domain enablement of joint operations. The piece is useful as a window into current PLA cyber doctrine, confirming that the Strategic Support Force's (and its successor structures') conceptual framework now explicitly subordinates cyberspace operations to joint operations logic—treating cyber not as a standalone domain but as an enablement layer for kinetic and information operations across all domains. The emphasis on modular, mission-based force grouping and AI-driven automated attack-defense cycles suggests the PLA is actively working to close the gap between doctrinal aspiration and operational capability in networked joint warfare.

Translation

Grasping the New Changes in Cyberspace Operations

■ Kong Rui, Jiao Dawei

Introduction

At present, as the world's new military revolution accelerates, intelligentized (智能化), all-domain (全域化), and systems-based (体系化) technologies are penetrating deeply into every type of battlefield space. As an emerging operational domain, cyberspace is seeing its force structure, confrontation models, and victory mechanisms profoundly reshaped, driving wholly new changes in the ways cyberspace operations are conducted. Against this backdrop, we must proactively explore the inherent laws and evolutionary trends of cyberspace operations, sort out the specific manifestations of new changes, and gain insight into new characteristics, new mechanisms, and new requirements—thereby accelerating the construction of a cyberspace operational capability system better suited to informatized and intelligentized warfare (信息化智能化战争), and laying a solid foundation for winning future wars.

The Operational Space Is Extending from an "Intangible Domain" toward "All-Domain Integration"

Cyberspace has never been an isolated, closed virtual island. It is a composite strategic space that relies deeply on physical infrastructure, is closely linked to every type of operational domain, and runs through both the social operating system and the logic of wartime confrontation. In the traditional conception, people were accustomed to defining it as an intangible domain detached from physical entities, with blurred boundaries and an abstract form. In the field of military confrontation, cyberspace operations were often reduced to competition at the virtual level of code, data, and signals. With the large-scale application of technologies such as the Internet of Things and cloud computing, the degree of integration between cyberspace and the physical domain has deepened further; tens of billions of intelligent terminals are connected to the network, linking every corner of the physical world tightly to cyberspace. Specifically, on one hand, physical infrastructure has become the material carrier of cyberspace—from backbone communication networks to terminal access devices, from industrial control systems to critical information infrastructure, every node in physical space has become an extension of cyberspace, and the boundaries of cyberspace have begun to deeply overlap with the geographic and facility boundaries of the physical domain. On the other hand, the functional boundaries of cyberspace continue to expand outward, covering not only the traditional fields of information transmission and data storage, but extending further into social governance, economic operations, national defense construction, and every other level, making it a foundational space supporting all-domain activities.

Under the deep integration of the "intangible" and the "tangible," the spatial boundaries and confrontation forms of modern operations have been reshaped. The security and stability of cyberspace directly affects the overall operational efficiency of the combat system; any attack on cyberspace may trigger a chain reaction, exerting comprehensive and deep-level effects on combat operations. In informatized and intelligentized warfare, cyberspace becomes an important hub for joint operations—kinetic strikes in the physical domain and intelligence flows in the information domain both require cyberspace to achieve cross-domain linkage. At the same time, cyberspace operations are no longer limited to paralysis and destruction at the digital level; they can directly affect combat effectiveness in the physical domain by attacking relevant nodes, achieving cross-domain lethality of "using the virtual to control the real" (以虚控实). Against this backdrop, we must clearly recognize the all-domain integration trend in cyberspace operations, break out of the traditional conception of "online confrontation," and in operational planning proactively break down the traditional demarcation of operational space boundaries, ensuring that relevant deployments run through the entire operational process and all domains.

Operational Forces Are Evolving from "Specialized Detachments" toward "Systems Integration"

The development and evolution of cyberspace operational forces has always kept pace with the transformation of cyberspace operational forms. In the early period of cyberspace operations, operational forces were composed primarily of detachments with specialized technical capabilities, their missions focused on cyber offense and defense in specific domains, with a relatively singular force composition. As cyberspace operations expanded toward all-domain integration, the traditional specialized detachment model inevitably found itself "stretched thin" (捉襟见肘) when confronting complex confrontation requirements, making systems integration of operational forces an inevitable trend.

From the standpoint of compositional logic, cyberspace operational forces are an integrated system composed of multiple types and multiple domains of forces. The overall composition includes not only traditional specialized cyber offense and defense forces, but also multiple types of forces covering intelligence reconnaissance, command and control, technical support, and protection and sustainment. The various types of forces are no longer independent of one another; instead, through a systems-based organizational architecture, they achieve functional complementarity and coordinated linkage, forming a force chain covering the entire process of cyberspace operations.

From the standpoint of evolutionary trends, the goal of systems integration is to achieve "aggregated effectiveness enhancement" (聚合增效) of operational forces. Under the traditional specialized detachment model, operational effectiveness was limited to technical confrontation in a single domain, making it difficult to meet the complex cyberspace operational requirements of cross-domain, multi-dimensional operations. Under the systems integration model, various types of forces achieve deep fusion through a unified command and control system, enabling the formation of a complete closed loop from situational awareness to offense and defense operations, and realizing coordinated linkage and force multiplication. At the same time, systems integration has also driven the functional expansion of operational forces and innovation in grouping models. Modular, mission-based grouping (模块化、任务式编组) of cyberspace operational forces has taken the stage of war, capable of rapidly integrating various types of forces according to different operational requirements to form targeted operational capabilities. Therefore, to better drive the evolution of operational forces from "specialized detachments" to "systems integration," capability development must break through the traditional cyber offense and defense training framework, placing prominent emphasis on building multiple functional capabilities such as providing intelligence support, command assurance, and cross-domain enablement for joint operations, ensuring that cyberspace operational forces better support all-domain operations and thereby effectively release systems-level effectiveness.

Operational Methods Are Upgrading from "Static Defense" toward "Dynamic Gaming"

The essential nature of cyberspace confrontation is the sustained contest between offense and defense over control and dominance of cyberspace. In the early period of cyberspace operations, constrained by technical levels and operational concepts, operational methods were primarily static defense—for example, resisting external cyberattacks through passive protective measures such as building firewalls, setting access controls, and deploying intrusion detection systems. The practical characteristic of this static defense model is "defense-first, passive response" (以守为主、被动应对), attempting to establish "deep trenches and high ramparts" (深沟高垒) to weaken the effects of attacks. The advantage of this defensive approach lies in its ability to form a stable protective system, but as informatized and intelligentized technologies continue to develop, its limitations have become increasingly apparent: protective measures are relatively fixed and struggle to cope with constantly changing attack methods; the passive defense model keeps the defending side perpetually in a passive position of "responding after the fact" (后发制人), unable to effectively deter the attacker's actions; and static defense struggles to adapt to the complex and ever-changing cyber confrontation environment, making it easy for attackers to breach the protective barrier through multiple rounds of probing and flanking attacks.

As the means of cyberspace confrontation have diversified, the frequency of confrontations has increased, and the intensity of confrontations has grown fiercer, operational methods have gradually upgraded toward dynamic gaming (动态博弈). The dynamic gaming operational method is no longer limited to passive defense; instead, by constructing a dynamically changing protective system and an active counterattack operational model, it combines multiple means including defense and counterattack, detection and deception, concealment and confrontation. On one hand, the defending side can increase the difficulty and cost of attacks by dynamically adjusting protective strategies and updating protective measures, making it difficult for the attacker to discern the true state of the protective system. On the other hand, the defending side can strike the attacker's infrastructure and system nodes through active detection of attack sources, tracking of attack paths, and implementation of countermeasures, achieving "using offense to assist defense, integrating offense and defense" (以攻助防、攻防一体). It is worth noting that the widespread application of artificial intelligence technology has accelerated the upgrade from "static defense" to "dynamic gaming": AI-driven automated attacks can launch multi-dimensional, sustained attacks at speeds far exceeding human capability. This type of confrontation has no clear boundaries of war, yet can continuously consume the adversary's resources, significantly elevating the complexity and intensity of cyberspace operations confrontation. In response, an intelligentized dynamic response system must be built to achieve real-time threat perception, automated analysis, and rapid handling, striving to realize "integrated offense and defense, proactive action" (攻防一体、主动作为) in cyberspace operations.

Operational Effectiveness Is Expanding from "Single-Point Strikes" toward "Cross-Domain Enablement"

The so-called "single-point strike" (单点破袭) refers to paralyzing a target's command and control, critical facility operations, and so forth by attacking specific network nodes or information systems. In the early stages of cyberspace operations, this "single-point strike" model could achieve certain effects in localized confrontations. Since warfare has entered the informatized and intelligentized form, the various operational elements have taken on the characteristics of networked connectivity, and damage to a single node is difficult to produce a systemic impact on the entire combat system. Under these circumstances, the enablement logic of cyberspace operations has gradually expanded toward "cross-domain enablement" (跨域赋能). Specifically, "cross-domain enablement" means treating cyberspace operations as one of the core means of supporting joint operations—through control and dominance of cyberspace, providing multiple types of enablement to operations in each combat domain, including intelligence support, command assurance, fire guidance, and systems disruption (体系破击), thereby extending and radiating cyberspace operational effectiveness into every domain. In this process, cyberspace operations no longer pursue the destructive effect against a single target, but instead focus on enhancing the overall effectiveness of the entire combat system.

At the practical level, "cross-domain enablement" can construct a seamlessly connected cross-domain kill chain. As the information hub connecting all operational domains, cyberspace can break down the information barriers between traditional operational domains, integrating reconnaissance, decision-making, strike, and assessment forces dispersed across different domains into an organic whole, achieving real-time flow of target information, and on this basis achieving unified scheduling and coordinated command of all types of operational forces—thereby "clenching scattered fingers into a fist" (攥指成拳) to deliver precise strikes against key nodes of the adversary's combat system and achieve the strategic objective of systems disruption. At the same time, the "cross-domain enablement" of cyberspace operations can also safeguard the security and stability of one's own information networks through intelligence reconnaissance, situational awareness, and other means, providing reliable information support for joint operations, striving to achieve the ideal effect of "operations in one domain, enablement across all domains" (一域作战、全域赋能).

Original Chinese

把握网络空间作战新变化 ■孔睿焦大伟引言当前，随着世界新军事革命的加速演进，智能化、全域化、体系化技术深度渗透至各类战场空间。网络空间作为新兴作战领域，其相关力量结构、对抗模式、制胜机理等被深刻重塑，推动网络空间作战方式发生全新变化。面对这一背景，我们必须前瞻探索网络空间作战的内在规律与演化趋势，梳理新变化的具体表现，洞察新特点、新机理和新要求，从而加速构建能够更好适应信息化智能化战争的网络空间作战能力体系，为打赢未来战争奠定坚实基础。作战空间从“无形疆域”向“全域融合”延伸网络空间从来不是孤立封闭的虚拟孤岛，而是深度依托实体基础设施、紧密关联各类作战领域，并贯穿社会运行体系与战争对抗逻辑的复合型战略空间。在传统认知中，人们习惯于将其界定为脱离物理实体的、边界模糊且形态抽象的无形疆域。在军事对抗领域，网络空间作战常常被简化为代码、数据、信号等虚拟层面的博弈。随着物联网、云计算等技术的大规模应用，网络空间与物理域的融合程度进一步加深，数以百亿计的智能终端接入网络，使得物理世界的每一个角落都与网络空间紧密相连。具体而言，一方面，物理基础设施成为网络空间的物质载体，从骨干通信网络到终端接入设备，从工业控制系统到关键信息基础设施，实体空间的每一个节点都成为网络空间的延伸，网络空间的边界开始与物理域的地理边界、设施边界深度重合。另一方面，网络空间的作用边界持续向外拓展，不仅覆盖传统的信息传输、数据存储领域，更延伸至社会治理、经济运行、国防建设等各个层面，成为支撑全域活动的基础性空间。在“无形”与“有形”的深度融合下，现代作战的空间边界与对抗形态被重新塑造，网络空间的安全稳定直接关系到作战体系的整体运行效能，任何针对网络空间的攻击都可能引发连锁反应，对作战行动造成全方位、深层次的影响。在信息化智能化战争中，网络空间成为联合作战的重要枢纽，物理域的火力打击、信息域的情报流转，都需要依托网络空间实现跨域联动。同时，网络空间作战不再局限于数字层面的瘫痪与破坏，而是能够通过攻击相关节点，直接影响物理域的作战效能，实现“以虚控实”的跨域杀伤。在此背景下，我们必须清晰认识到网络空间作战的全域融合趋势，跳出“线上对抗”的传统认知，在作战筹划上主动打破传统作战空间的界限划分，确保相关部署贯穿于作战全流程、各领域。作战力量从“专业分队”向“体系集成”演进网络空间作战力量的发展演进，始终与网络空间作战形态的变革相适应。在网络空间作战初期，作战力量主要由具备专业技术能力的分队组成，其任务聚焦于特定领域的网络攻防行动，力量构成相对单一。随着网络空间作战向全域融合拓展，传统的专业分队模式在应对复杂对抗需求时难免“捉襟见肘”，作战力量的体系集成成为必然趋势。从构成逻辑来看，网络空间作战力量是由多类型、多领域力量组成的集成体系。其整体构成不仅包括传统的网络攻防专业力量，还涵盖了情报侦察、指挥控制、技术支撑、防护保障等多类力量。各类力量之间不再是相互独立的个体，而是通过体系化的组织架构实现功能互补、协同联动，形成覆盖网络空间作战全流程的力量链条。从演进趋势来看，体系集成的目标是实现作战力量的“聚合增效”。在传统专业分队模式下，作战效能局限于单一领域的技术对抗，难以应对跨域、多维的复杂网络空间作战需求。而在体系集成模式下，各类力量通过统一的指挥控制体系实现深度融合，能够形成从态势感知到攻防行动的完整闭环，实现力量的协同联动与效能倍增。同时，体系集成也推动了作战力量的功能拓展与编组模式革新。网络空间作战力量的模块化、任务式编组登上战争“舞台”，其能够根据不同作战需求快速整合各类力量，形成有针对性的作战能力。因此，更好推动作战力量从“专业分队”向“体系集成”演进，在相关能力建设上必须突破传统网络攻防训练框架，把为联合作战提供情报支撑、指挥保障、跨域赋能等多类功能建设置于突出位置，确保网络空间作战力量更好支撑全域作战，进而有效释放体系效能。作战方式从“静态防御”向“动态博弈”升级网络空间的对抗本质，是攻防双方围绕网络空间控制权、主导权的持续博弈。在网络空间作战初期，受技术水平与作战理念的限制，作战方式以静态防御为主，例如，通过构建防火墙、设置访问控制、部署入侵检测系统等被动防护手段抵御外部网络攻击。这种静态防御模式的实践特征是“以守为主、被动应对”，试图建立“深沟高垒”削弱攻击行为的效果。这一防御手段的优势在于能够形成稳定的防护体系，但随着信息化、智能化技术的不断发展，其局限性也愈加凸显：防护措施相对固定，难以应对不断变化的攻击手段；被动防御的模式使得防御方始终处于“后发制人”的被动地位，无法有效遏制攻击方的行动；静态防御难以适应复杂多变的网络对抗环境，容易被攻击方通过多轮试探、迂回攻击等突破防护屏障。随着网络空间对抗手段的多样化、对抗次数的频繁化、对抗强度的激烈化，作战方式逐渐向动态博弈升级。动态博弈的作战方式不再局限于被动防御，而是通过构建动态变化的防护体系与主动反击的作战模式，将防御与反击、探测与诱骗、伪装与对抗等多种手段相结合。一方面，防御方可以通过动态调整防护策略、更新防护手段等，增加攻击方的攻击难度与成本，使其难以摸清防护体系的真实状态。另一方面，防御方通过主动探测攻击源头、追踪攻击路径、实施反制行动等，对攻击方的基础设施与体系节点进行打击，实现“以攻助防、攻防一体”。值得注意的是，人工智能技术的广泛应用加速了作战方式从“静态防御”向“动态博弈”的升级进程：AI驱动的自动化攻击能够以远超人类的速度发起多维度、持续性攻击。这种对抗没有明确的战争界限，却能持续消耗对方资源，使得网络空间作战的对抗复杂性、激烈性显著提升。对此，必须构建智能化的动态响应体系，实现威胁的实时感知、自动分析与快速处置，力求实现网络空间作战的“攻防一体、主动作为”。作战效能从“单点破袭”向“跨域赋能”拓展所谓“单点破袭”，即通过攻击特定的网络节点、信息系统，来瘫痪目标的指挥控制、关键设施运行等。在网络空间作战的早期阶段，这种“单点破袭”模式能够在局部对抗中取得一定效果。战争形态进入信息化、智能化以来，各类作战要素呈现出网状连接特点，单一节点的毁伤难以对整个作战体系产生系统性影响。在这种情况下，网络空间作战的赋能逻辑逐渐向“跨域赋能”拓展。具体而言，“跨域赋能”就是将网络空间作战作为支撑联合作战的核心手段之一，通过对网络空间的控制与主导，为各作战域的行动提供情报支撑、指挥保障、火力引导、体系破击等多类赋能，实现网络空间作战效能向各领域的延伸与辐射。在这个过程中，网络空间作战不再追求单一目标的破坏效果，而是聚焦于提升整个作战体系的整体效能。在实践层面，“跨域赋能”可以构建无缝衔接的跨域杀伤链。网络空间作为连接各作战域的信息枢纽，能够打破传统作战域之间的信息壁垒，将分散在不同域的侦察、决策、打击、评估力量整合为一个有机整体，实现目标信息的实时流转，并在此基础上实现各类作战力量的统一调度与协同指挥，进而“攥指成拳”，对敌方作战体系的关键节点实施精准打击，实现体系破击的战略目标。同时，网络空间作战的“跨域赋能”还能够通过情报侦察、态势感知等手段保障己方信息网络的安全稳定，为联合作战提供可靠的信息支撑，力求实现“一域作战、全域赋能”的理想效果。