Kill chain
The kill chain is a military decision-making process that helps determine which targets to attack and how to engage them effectively. Originating during World War II, the kill chain has evolved significantly over time, with traditional models like the Four Fs—Find, Fix, Fight, and Finish—being foundational to military strategy. As warfare has increasingly incorporated advanced technology, revisions have emerged to streamline this process, such as the F2T2EA model introduced in the 1990s, which emphasizes rapid tracking and assessment of targets.
The concept has also evolved in the realm of cybersecurity, leading to the development of the Cyber Kill Chain by Lockheed Martin in 2011. This framework outlines a sequence of stages that cyber intruders typically follow, from reconnaissance to gaining control of a target system. As conflicts have expanded into the digital space, the need for efficient and discerning kill chains has grown, promoting discussions on methods to reduce collateral damage and enhance attack precision. Critics continue to explore alternatives and improvements to both military and cyber kill chains to adapt to the complexities of modern warfare.
On this Page
Kill chain
A kill chain refers to a decision-making process used in a military scenario to determine which targets to attack and in what ways. This concept first developed around World War II (1939–1945) and has undergone many revisions since that time. One of the most common traditional kill chains, known as the Four Fs or F4, is “Find, Fix, Fight, and Finish,” referring to enemy targets. In the 2010s and 2020s, with the increasing role of digital technology in warfare, a new take on the kill chain emerged in the so-called Cyber Kill Chain. This system, developed by Lockheed Martin, helps cybersecurity teams identify and assess hackers and other potential cyber intruders.
Background
Warfare is far more than just armed forces using weapons against each other; it also includes millions of decisions about where armed forces should concentrate attacks and when, where, and how these attacks should be launched. Modern weapons have the ability to wreak enormous destruction from great distances, making careful decision-making more important than ever. The decision-making process is often known as the kill chain, referring to a sequence of considerations that can lead to a decision to attack a target.
Military leaders, as well as individual armed forces members, are challenged with gathering and evaluating information about potential targets as quickly as possible to decide what to attack and what to avoid. A correct assessment and decision could mean destroying a high-priority target in a fast and efficient way. However, a slow or poorly made decision could mean wasting ordnance, missing a target, or, worse, endangering friendly forces or noncombatants.
Overview
The kill chain only became a recognized aspect of warfare in the twentieth century with the advent of long-range, powerful weaponry such as missiles and bombers. By the later years of World War II, the US Army had adopted what would become its most well-known traditional kill chain, known as the Four Fs or F4. This referred to finding an enemy target, fixing on its exact location, fighting it by the most appropriate means, and finishing it by destroying or capturing it.
This process could take place on the battlefield, but in large operations, it often occurred among commanders and other officers who had to gather and analyze detailed information while planning major attacks. In large campaigns, the kill chain process might last for days or even weeks. Improving military technology urged the speeding up of this process into hours or even minutes.
Many military members and experts suggested revisions to the traditional kill chain. General John Jumper proposed in the 1990s a new kill chain for the US Air Force known as “F2T2EA.” This stood for “Find, Fix, Track, Target, Engage, and Assess.” It kept most elements of the previous version but added elements such as tracking a target, or observing any movement it makes, and assessing the results of the strike to determine if the mission was completed or if another strike would be advantageous. It also incorporated new technologies and strategies to shorten the duration of the whole process to ten minutes or less. Yet another version, proposed by Major Mike Benitez in 2017, used Five Fs: “Find, Fix, Fire, Finish, Feedback.”
By the late twentieth century, as warfare became increasingly automated and weapons became more deadly, many experts reevaluated existing approaches to the military kill chain. Many critics have stressed the need to make the kill chain proceed faster, gathering and evaluating information and making decisions at a far brisker pace so that military forces are better able to locate high-priority targets and launch pinpoint attacks on them. At the same time, critics have pushed for the kill chain to become more accurate and more discerning. The goal is to reduce the dangers of misguided attacks that risk collateral damage such as the deaths of innocent civilians.
One proposed solution is to greatly expand the breadth of traditional kill chains into “kill webs” that take a more comprehensive approach to assigning targets and strikes. The Adapting Cross-Domain Kill-Webs (ACK) program offers ways for military leaders to launch coordinated attacks on targets using a wide range of military forces, including surface, air, sea, and even cyberspace. By sharing information and supporting one another’s mission goals, these varied forces could theoretically attack targets with much higher efficiency than a single unit or type of force.
In the twenty-first century, with the rapid rise of Internet technology, conflicts expanded greatly into a new, unprecedented, digital battlefield. Military forces, terrorists, and a wide variety of hackers began to develop new ways to intrude on cyber networks, often to steal information, destroy communication lines, or post slanderous material. As Internet technology progressed, so too did hacking abilities and the grave harm that hackers could potentially cause to major segments of the world population.
To counter this ever-increasing threat, many security firms in both military and civilian realms have sought to detect and terminate digital intrusions. One of the most prominent detection systems, known as the Cyber Kill Chain, was developed by Lockheed Martin in 2011 as part of its Intelligence Driven Defense program. The Cyber Kill Chain provides a standardized way to evaluate a cyber intrusion, its techniques, and how far it has advanced toward its goal. Using that system, cybersecurity teams can better understand threats and devise ways to stop them.
The Cyber Kill Chain includes a seven-point sequence that intruders, large and small, typically make when trying to hack into a computer system. It begins with reconnaissance, or typically secretive gathering of exploitable information. The second step is weaponization, or creating a means of exploiting the computer system. Next comes the delivery of that digital weapon, usually hidden within other seemingly innocuous files. After that, the weaponized file exploits a vulnerable aspect of the computer system. In the fifth step, the weaponized file installs malicious code into the target computer. Next, in the C2 or “Command and Control” stage, the malicious code creates a method for outsiders to access and manipulate the targeted system. Finally, in the seventh step, the hackers have control of the system and enact their original goals.
As with the traditional military kill chain, the Cyber Kill Chain has seen its share of criticism. Since it was introduced, many scientists and cybersecurity experts have questioned its efficiency and effectiveness. Some alternate cyber kill chains, such as MITRE ATT&CK, incorporated new perspectives and techniques into identifying and dealing with digital threats, while the Unified Kill Chain has attempted to incorporate successful elements from both platforms.
Bibliography
“ACK: Adapting Cross-Domain Kill-Webs.” Defense Advanced Research Projects Agency, www.darpa.mil/program/adapting-cross-domain-kill-webs. Accessed 13 Dec. 2024.
Alderman, Ray. “Shrinking the Kill Chain.” Military Embedded Systems, 28 June 2017, militaryembedded.com/unmanned/isr/shrinking-the-kill-chain. Accessed 13 Dec. 2024.
Benitez, Mike. “It’s About Time: The Pressing Need to Evolve the Kill Chain.” War on the Rocks, 17 May 2017, warontherocks.com/2017/05/its-about-time-the-pressing-need-to-evolve-the-kill-chain. Accessed 13 Dec. 2024.
Buckbee, Michael. “What is The Cyber Kill Chain and How to Use it Effectively.” Varonis, 2 June 2023, www.varonis.com/blog/cyber-kill-chain. Accessed 13 Dec. 2024.
“The Cyber Kill Chain.” Lockheed Martin, www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html. Accessed 13 Dec. 2024.
Graham, Doug. “Army Developing Faster, Improved Data ‘Kill Chain’ for Lethal and Non-Lethal Fires.” US Army, 9 Jan. 2023, www.army.mil/article/263145/army‗developing‗faster‗improved‗data‗kill‗chain‗for‗lethal‗and‗non‗lethal‗fires. Accessed 13 Dec. 2024.
Lenaerts-Bergmans, Bart. “What is the Cyber Kill Chain? Process & Model.” Crowdstrike, 14 Oct. 2022, www.crowdstrike.com/cybersecurity-101/cyber-kill-chain. Accessed 13 Dec. 2024.
Pols, Paul. "The Unified Kill Chain." 2021, www.unifiedkillchain.com. Accessed 13 Dec. 2024.