Tag Archives: Cyber

Cyber’s impact on military strategy

By STAFF SGT. MATHEW TINSLEY
782nd Military Intelligence Battalion

Within America’s military “cyber” has held status as a powerful buzzword for many years. At all levels of military planning and operations, leaders of units have tried to get a piece of the cyber pie and integrate its concepts into their operations. One of the central questions that has persisted around cyber is how and to what extent will cyber conflict require a reconsideration of strategy. The military exists largely in two broad areas: the strategic level of long-term and large-scale planning, and the tactical level of smaller-scale, short-term operations. Cyber will undoubtedly have an effect on both of these operational domains.

When examining both domains, cyber’s effect on strategy can be examined from a short-term and long-term perspective. The military’s strategic level deals with long-term plans crafted at high levels of leadership. Strategic plans tend to address questions dealing with conducting entire war campaigns. From this perspective, in the short term, new cyber capabilities will require little reconsideration of the basic strategies the military employs. The Department of Defense’s mission is overall national defense, primarily from foreign adversaries. That has not and will not change. Even in the 2015 release of the DOD’s cyber strategy, Defense Secretary Ash Carter compared challenges posed by cyber to old Cold War challenges. The reason for this is that, initially, new technology is viewed from the perspective of what is familiar to the user. The military as a whole simply took cyber and used it to optimize its existing strategies and methods. Cyber has been used in new avenues of foreign intelligence, it gives commanders new ways to view battlefields and it has been integrated into weapons systems. But the base strategies the military employs have yet to really change. The most notable short-term change comes from the military’s job to defend the United States. In the past, attacks on U.S. soil and U.S. infrastructure the military needed to respond to were few and far between, with 9/11 and Pearl Harbor being prominent instances. But with the ever-increasing worldwide connectivity in the digital age, American infrastructure, government and industry are constantly open to attack from foreign entities and governments. The result is that for some military components, actively defending the United States is a full-time job.

Long-term changes, on the other hand, have the possibility of prompting a massive change to military strategy. The world has already seen hints of possible cyber strategy for the future. Between 2011 and 2013, Iran initiated cyber attacks on U.S. infrastructure, including banks, dams and educational institutions. Although the attacks were minimized, they showed the potential for damage to the nation. One bank, Zions Bancoporation, lost more than $400,000 while its website was down for only two hours. If larger institutions or a large number of financial institutions were targeted for long periods of time, the financial damage could be upward of millions or billions of dollars. Iran targeted infrastructure that could cause physical damage as well. The Bowman Avenue Dam in New York was breached by Iran hackers to the point where they could have controlled sluice gates that hold back water. Luckily, the controls had been manually disconnected for maintenance around the same time, which prevented the Iranian hackers from actually having control over the dam. More devastating cyber attacks were seen in 2008 during the Russo-Georgian War. Russian cyber attacks were coordinated with the Russian invasion of Georgia. As the Russians advanced into the country and fighting ramped up, so did the cyber campaign. Given that it was 2008 and Georgia had a relatively basic technology infrastructure, the Russian attacks were mainly designed to cause confusion during their ground campaign. But given the current situation in the Ukraine, the Russo-Georgian War seems to provide warnings when examined in hindsight. The question for the future is how advanced and efficient these techniques can become. Will we see the capability to shut down entire power grids, communication structures, water systems or dams? If so, and if we do not maintain the ability to defend them, the devastation from such cyber attacks could start and end wars before any ground troops are deployed or kinetic weapons are fired. At the very least, cyber capabilities will become more integrated into strategic plans as the world continues to become more reliant on technology and digital communications.

The tactical side of the equation is relatively stable. In the short term, the strategies employed by ground troops in their operations will remain the same, while new cyber-based capabilities are employed to support those operations. One of the most visible integrations we see today is the ability to quickly and accurately locate targets. Especially given the often chaotic state of urban warfare — where a mix of friendly, hostile and neutral elements are all intermixed — the ability to quickly and accurately characterize all three groups is vital. In reality, the military has been integrating these capabilities into ground operations for a while, but incorporating them into the everyday unit on a large scale is the new challenge. In October of 2015, the Army tested these capabilities on a large scale with a cyber validation exercise that occurred at Joint Base Lewis-McChord, Washington. The 780th Military Intelligence Brigade provided cyber capability support to the 2-2 Infantry Division and the 201st Expeditionary Military Intelligence Brigade. Traditional military units were able to provide adequate support and protection to the cyber elements that aided in target identification and verification. This type of cyber support is used in many other instances, such as drone targeting, and has been used not only for identification of high-value targets but has also aided in identifying and tracking hostages. None of these ideas or strategies are really new, but cyber is accomplishing them in new ways and, at times, accomplishes them more accurately, making ground troops’ job easier and safer.

Long-term changes are dependent on the type of technological changes that occur in the future. The drone program has become one of the most visible — and for some, the most concerning — use of modern technology in military operations. Currently, the drones are just planes with no physical cockpit, and the actual act of targeting and firing upon targets is controlled by humans. But many are already talking about the possibility of letting drones be fully controlled by computers. These drones would draw on intelligence sources, verify targets, make decisions about risk and decide whether to fire, all without a human’s direct input. These weapons are actually pretty easy to make and have been made already. The questions about implementing these into normal everyday operations come down more to ethics than capability. Should computers be deciding who dies? Are computer databases of laws and treaties good enough for a computer to cross-reference and then decide if international law can be breached? Who is accountable if the computer makes a mistake? At this point, the consensus is that this is a terrible idea. An open letter was presented at the opening of the International Joint Conference on Artificial Intelligence in 2015 warning of the dangers of weapons under the control of artificial intelligence. This letter was endorsed by the likes of Elon Musk, Stephen Hawking, Steve Wozniak, and more than 40 robotics researchers from around the world.  Even the DOD decided to address this topic years ago with DOD Directive 3000.09, which stipulates that all weapons systems must be designed to have “appropriate levels of human judgment over the use of force.” From this, it seems that in the future, cyber will not replace or eliminate the need for human ground troops. How extensively cyber gets integrated with tactical operations has yet to be seen.

Cyber, like all new forms of technology, has affected all aspects of our lives, and the military is not immune from its influence. Computer technology has been integrated into the lives of everyone from the commander in chief all the way down to the enlisted Soldier on a patrol. How far this integration goes in the future is really up to the imagination of technology inventors and innovators. For now, cyber seeks to make the lives of Soldiers easier, more efficient and safer.

U.S. Army Pvt. Christian Garcia, a radar operator (foreground), and Spc. James Craig (background), a Field Artillery surveyor, both from the Field Artillery Squadron, 2nd Cavalry Regiment, stationed out of Vilseck, Germany, weave cords through the camouflage net in order to keep their radar and area of operation concealed during Saber Strike 16 at Tapa Training Area, Estonia, June 19, 2016. (U.S. Army photo by Staff Sgt. Steven M. Colvin)
U.S. Army Pvt. Christian Garcia, a radar operator (foreground), and Spc. James Craig (background), a Field Artillery surveyor, both from the Field Artillery Squadron, 2nd Cavalry Regiment, stationed out of Vilseck, Germany, weave cords through the camouflage net in order to keep their radar and area of operation concealed during Saber Strike 16 at Tapa Training Area, Estonia, June 19, 2016. (U.S. Army photo by Staff Sgt. Steven M. Colvin)

From weapons systems to squad leaders, cyber NCOs protect all that’s connected

By MICHAEL L. LEWIS
NCO Journal

In an age where everything is now networked — including weapons systems, squad leaders and desktop computers — the protection of that network and everything connected to it has become a life-or-death mission for the Army. As the Army establishes the organizational structure, educational institutions and doctrine for its cyber force, the way that force fights is changing with astonishing speed, and NCOs are integral to making sure the Army keeps up, said Command Sgt. Maj. Rodney Harris, the senior enlisted advisor of the Army’s cyber force headquarters, U.S. Army Cyber Command.

“We have one of the Army’s most dynamic missions,” Harris said. “We operate in a unique, challenging domain that is changing daily with capable adversaries who are actively engaged in trying to do our Army and our nation harm. … We’re actively engaged with an adversarial force across multiple nation-states. We have cyber criminals, ‘hacktivists,’ terrorist organizations all together affecting what we’re doing in cyberspace, and they’re actively targeting and actively working in and on our networks with the purpose of doing us harm.”

Staff Sgt. Crystal Johnson, then an intelligence analyst NCO with the Cyber Mission Unit, 7th Signal Command (Theater), at Fort Gordon, Ga., watches for attacks on the Army’s networks in the CMU’s Cyber Operations Center last July. (Photo by Michael L. Lewis)
Staff Sgt. Lauren Johnson, then an intelligence analyst NCO with the Cyber Mission Unit, 7th Signal Command (Theater), at Fort Gordon, Ga., watches for attacks on the Army’s networks in the CMU’s Cyber Operations Center last July. (Photo by Michael L. Lewis)

And because just about everything in the Army today is connected — providing a level of communication, command and control that was unthinkable a few decades ago — just about everything in the Army today is vulnerable, Harris said.

“In the last 10 years, we’ve gone from a network that allows us to all communicate on a level plane to, now, our weapons systems are all enabled by that network,” he said. “I’m talking about the GMLRS (Guided Multiple Launch Rocket System), our unmanned aerial vehicles, our attack helicopters — I could go on and on and on. If you look at the Network Integration Exercise’s Capability Set 14.2 that’s being tested out at Fort Bliss (Texas) right now, every squad leader is connected to the Internet. So in our world — in the cyber domain — every connection between one individual or one device and the network is an avenue of approach where our cyber operators as well as our adversaries maneuver.”

 

The cyber organization

To fight and win in this new domain, U.S. Cyber Command, or CYBERCOM, was established in 2009 to unify the U.S. military’s cyber operations and network defenses. Army Cyber Command, or ARCYBER, was created in 2010 at Fort Belvoir, Va., to be the Army’s component of CYBERCOM. But because CYBERCOM’s commander is also the director of the National Security Agency, and ARCYBER’s operational units are co-located with the NSA’s highly secret facilities across the country, confusion abounds as to what ARCYBER’s cyber operators actually do and don’t do, Harris said.

“Because the commander of U.S. Cyber Command is also the director of the NSA, people think we do the same thing. Well that’s not true,” Harris said. “The reason why that commander has to be the same person is because the backbone, the communication infrastructure, that we work on is the same that the NSA works on. But we have two dynamically different missions. The NSA’s job is to collect intelligence to support the active defense of the nation. Our job is, first and foremost, to defend all Army networks. Aside from that, we also support combatant commands and their efforts in cyberspace.”

To that end, the Army operates 41 of CYBERCOM’s 133 military cyber teams — 20 Cyber Protection Teams with defensive capabilities and 21 Cyber Combat Mission Teams and Cyber National Mission Teams with offensive capabilities. They are stationed at joint force headquarters that are co-located with NSA facilities throughout the country: the Navy-run facility is at NSA-Hawaii in Honolulu, the Air Force’s is at NSA-Texas in San Antonio, the Marine Corps’ is at NSA’s headquarters at Fort Meade, Md., and the Army’s will be with NSA-Georgia at Fort Gordon.

Fort Gordon will soon become the home of ARCYBER’s headquarters and the newly formed Cyber Center of Excellence, a U.S. Army Training and Doctrine Command institution that will write doctrine regarding cyber warfare as well as consolidate the myriad Army, NSA and industry-standard courses that cyber operators must take to be technically and tactically proficient in their field. Someday, cyber will become its own branch, Harris said. But for now, cyber operators come from the Military Intelligence Corps, which focuses on offensive capabilities, and the Signal Corps, which focuses on defensive operations.

 

On the cyber front lines

A mix of signal and MI Soldiers is what now forms the Cyber Mission Unit at Fort Gordon, a brigade-level headquarters under the 7th Signal Command (Theater) that controls the Army’s cyber teams across the country.

“You can’t have one without the other,” said Command Sgt. Maj. Patrick Brooks, the command sergeant major of the 7th SC(T). “Signal cannot do MI’s job and MI cannot do signal’s job. But if you combine a group of individuals who specialize in cyber — signal with the defense and MI with the offense — that’s your cyber Soldier, that’s your cyber warrior.”

The CMU’s Cyber Operations Center at Fort Gordon is home to signal and military intelligence NCOs who watch for and respond to network attacks from adversaries as varied as nation-states, terrorists and "hacktivists." (The center was sanitized of classified information for this photo.) (Photo by Michael L. Lewis)
The CMU’s Cyber Operations Center at Fort Gordon is home to signal and military intelligence NCOs who watch for and respond to network attacks from adversaries as varied as nation-states, terrorists and “hacktivists.” (The center was sanitized of classified information for this photo.) (Photo by Michael L. Lewis)

Those cyber operators are already engaging with adversaries on a daily basis, Brooks said.

“The CMU is such a unique unit, they’re on the front lines without needing to deploy,” he said. “The rifleman forward downrange is making a difference. But a cyber warrior is also making a difference behind that computer. Because that may be our next war; the next war may be cyber.”

Though the exact work cyber operators do is classified, it’s mostly NCOs who are doing it, Harris said.

“We say all the time how important the NCO Corps is, and we say all the time that we are the ‘backbone of the Army.’ But in Army Cyber, our NCOs are the technical experts,” Harris said. “For the level of education and the level of skill that we need in a standard on-net operator, it takes about three years before we can let them work unsupervised one day.”

Even then, however, the battlescape changes almost constantly, Harris said.

“Code changes daily,” he said. “Our adversaries change their code and the way they employ malware daily. And the malware we’re talking about is not the malware we traditionally think of — stealing our credit card numbers or somehow making our computer not work. The malware that our adversaries are employing against us are tools designed to monitor, retrieve and extract information, like the information we may have that pertains to operations or organizational structures. If we’re not careful, the malware that’s being employed by our adversaries can give any secrets that we have away.”

 

Finding (and keeping) cyber operators

The Cyber Mission Unit has been recruiting cyber-minded NCOs for more than a year to join the Army’s elite cyber teams. Some will attend the new 25D cyber network defender course, which had its first graduation in December, and reclass into that military occupational specialty. Others will remain in signal or MI MOSs, depending on their mission sets. But no matter the MOS, the personnel doing the majority of the work on cyber teams are NCOs, explained Master Sgt. Moises Robles, the CMU’s recruiter.

“NCOs are key. They are the ones actually doing the mission,” Robles said. “We have officers and civilians, but the officers are managing. The NCOs are the hands-on force that actually gets the mission accomplished.”

And it’s not just signal and MI NCOs who will excel in cyber units, he said.

“We’ve had NCOs go through the selection process who didn’t necessarily have all the [information technology] experience that you would look for,” Robles said. “But they had that aptitude and that motivation to learn. When we put them through the training, they performed extremely well. Those are the individuals who we’re looking for.”

“We’re looking for attitude and aptitude; those are two of our big words,” Brooks said. “We’re looking for go-getters, self-starters and motivators. We don’t want people to come here thinking that this is a 9-to-5 job. This is serious. This is for the Department of Defense, for the [combatant command] commanders and the nation. These are serious threats. It’s not to be taken lightly.”

For those NCOs who do rise to the challenge, complete the lengthy training process and become successful cyber operators, the challenge is to then keep them as NCOs, Harris said. Once trained, cyber NCOs’ education and skills are on par with those of their non-military counterparts in the business world who make three times as much.

“Our challenge is to find those technical operators who have that cognitive capacity to learn the skills that we’re giving them and, at the same time, have the institutional drive to want to be a professional noncommissioned officer,” Harris said. “Those people are so unique and are so few, we’re going to have to think how to manage them differently. Outside industry is after those same people, and they’re not asking them to be professional noncommissioned officers; they’re just asking them to be really technically savvy operators in order to defend their networks.”

Brooks agreed.

“We don’t want folks to come in thinking, ‘Okay, I’ll come in, get all this training and these certifications, and I’ll go off and get my big job in the sky.’ No, we want folks who are going to hang around and stay in the Army. And it’s our mission, once we get these quality individuals we have, to keep them — keep them trained, keep them motivated.”

DOD at work on new cyber strategy, senior military advisor says

From American Forces Press Service:

The Defense Department released its first strategy for operating in cyberspace two years ago this month, and officials are at work on the next version, the senior military advisor for cyber to the undersecretary of defense for policy said in Baltimore last week.

Army Maj. Gen. John A. Davis spoke to a lunch audience at the Armed Forces Communications and Electronics Association International Cyber Symposium, noting that two years might equal 20 in the domain that accommodates distanceless travel.

“Senior leaders in the department and beyond the department understand that cyber is a problem [and] cyber is important. They’ve made cyber a priority, and there is a sense of urgency,” the general said.

Read more →

Hagel eliminates Distinguished Warfare Medal

From Army News Service:

Sgt. Brian Randolph of the 346th Military Police Company at Fort Riley, Kan., demonstrates to a soldier of the 317th Military Police Battalion how he operates a Raven B unmanned aerial vehicle in flight July 25, 2012. While service members who operate and support remotely piloted aircraft or operate in cyberspace are a critical part of the military's mission, Department of Defense officials have decided to eliminate the Distinguished Warfare Medal intended to honor them.
Sgt. Brian Randolph of the 346th Military Police Company at Fort Riley, Kan., demonstrates to a soldier of the 317th Military Police Battalion how he operates a Raven B unmanned aerial vehicle in flight July 25, 2012. While service members who operate and support remotely piloted aircraft or operate in cyberspace are a critical part of the military’s mission, Department of Defense officials have decided to eliminate the Distinguished Warfare Medal intended to honor them.

Defense Secretary Chuck Hagel has eliminated the Distinguished Warfare Medal, DOD officials announced April 15.

Instead, the military will recognize service members who directly affect combat operations without being present through distinguishing devices that will be affixed to already existing awards.

Soon after being sworn in as defense secretary Feb. 27, 2013, Hagel asked Gen. Martin E. Dempsey, the chairman of the Joint Chiefs of Staff, to lead a review of the medal.

“The Joint Chiefs of Staff, with the concurrence of the service secretaries, have recommended the creation of a new distinguishing device that can be affixed to existing medals to recognize the extraordinary actions of this small number of men and women,” Hagel said in a written release.

Read more…