Dispatch from DoDIIS 2017:  The Incredible Shrinking Decision Space

Here at the DoDIIS 2017 conference, we’re hearing a lot about the role of cybersecurity in so-called “fifth generation warfare” – a concept with direct relevance to the power of DNS for network security.

Last updated: September 15, 2025

An avatar of the author
BlueCat
BlueCat booth at DoDIIS 2017 with staff discussing DNS-based cybersecurity and federal network defense
Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.

At DoDIIS 2017, speakers examined how fifth generation warfare — where digital and physical battlefields blur and cyber and kinetic attacks are coordinated — threatens military decision space by constraining network availability. The article explains that enterprise DNS, when centrally monitored and managed, is a critical tool for detecting subtle indicators of compromise (beaconing, unusual data transfers, and suspicious queries) and for maintaining network resilience during attacks. By leveraging active DNS-based security, DOD and intelligence IT teams can expand leaders' decision space with a resilient and maneuverable network architecture centered on DNS.

What is fifth generation warfare and how does it relate to DNS-based cybersecurity?

Fifth generation warfare blurs the lines between digital and physical battlefields, combining cyberattacks with kinetic operations to constrain an opponent’s ability to respond. In this environment attackers may infiltrate networks over time and activate capabilities to limit network availability at decisive moments. Centrally monitored and managed DNS is relevant because it sits at the core of network architecture and can surface subtle indicators of compromise—such as beaconing to external IPs, unusual data transfers, and queries for sensitive resources—helping detect and mitigate cyber operations that are part of fifth generation warfare.

How can enterprise DNS help detect an ongoing network breach?

Enterprise DNS can reveal early and subtle signs of a breach by logging and correlating name resolution activity across the network. Indicators include persistent beaconing patterns to external addresses, anomalous or large-scale zone transfers, and queries targeting sensitive segments or services. When DNS is centrally monitored and managed, these patterns become visible to IT security personnel, enabling earlier detection of infiltration that might otherwise ‘simmer in the background’ until called into action, and providing actionable intelligence to contain and investigate malicious activity.

In what ways does DNS contribute to network resilience during coordinated cyber and kinetic attacks?

DNS contributes to resilience by rapidly identifying and isolating the operational impact of cyberattacks from the network core. A resilient DNS architecture allows defenders to annul malicious effects—such as redirecting or blocking harmful name resolutions, preventing exfiltration routes discovered via DNS logs, and restoring critical name services—so that affected systems remain manageable. As Lieutenant General Vincent Stewart described, having a centrally managed, DNS-centered network supports a ‘resilient and maneuverable’ posture that expands the decision space available to military and political leaders during coordinated attacks.

Here at the DoDIIS 2017 conference, we’re hearing a lot about the role of cybersecurity in so-called “fifth generation warfare” – a concept with direct relevance to the power of DNS for network security.

In the fifth generation warfare concept, boundaries between the digital battlefield and the physical battlefield are blurred. Cyberattacks and kinetic attacks happen in tandem, with the goal of taking down critical networks to limit the opposing military’s ability to respond.

Lieutenant General Vincent Stewart, Director of the Defense Intelligence Agency, spoke about how this emerging type of warfare “shrinks the decision space” for any military or political response in the event of an attack.

In the cyber world, this often means constraining the enemy’s network availability when troops on the ground are acting. General Stewart used Russia’s actions in the Crimean peninsula as an example; as the “little green men” came in on the ground, Russia’s cyber warriors were constraining the Ukrainian government’s ability to respond effectively.

This kind of offensive cyber warfare rarely happens all at once.  Infiltrating an opponent’s network often takes place over time, simmering in the background until it is called to action (as it was in Ukraine).

In this environment, enterprise level DNS data is a critical tool for both preventing cyberattacks and establishing resilience when attacks hit.

Sitting at the core of the network’s architecture, a centrally monitored and managed Domain Name System can detect the subtle indications of a breach, “beaconing” pings of outside IP addresses, unusual transfers of data, and searches for sensitive areas of the network – signaling malicious activity. DNS also plays a critical role in network resilience, quickly identifying and annulling the impact of a cyberattack from the network’s core infrastructure.

With in active DNS-based security in place, DOD and intelligence IT security personnel can actively expand the decision space of the political leaders they support. General Stewart’s ideal network – “resilient and maneuverable” – has DNS at its core.

Published on: August 15, 2017

An avatar of the author

BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.

Related content

Close-up of interlocked metal chain links symbolizing connected network objects and relationships in IPAM
Blog

How to map your network with user-defined links in Integrity X

Map your network with user-defined links in Integrity X to define and manage custom relationships, such as dual-stack and NAT environments.

Read more
Flock of geese flying in formation across a blue sky, framed by a pink graphic border, symbolizing coordinated network migrat
Blog

Automate your DDI modernization path by migrating with Micetro

Automate cross-platform DNS and DHCP migration with Micetro to reduce risk, eliminate manual effort, and modernize infrastructure faster.

Read more
Three armored figures walking toward a futuristic Las Vegas skyline with pyramids, glowing orb, and "Welcome to Fabulous Las
Blog

Your journey to intelligent NetOps begins at Cisco Live

Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.

Read more
Stacked colorful wooden directional arrows on a post by a calm seaside with distant hills and blue sky
Blog

Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)

Tired of patching and manually configuring BIND DNS and ISC DHCP? Discover how Micetro MDDS appliances can replace them for modern DDI.

Read more