US Army cybersecurity personnel
ARLINGTON: “We needed to learn to speak infantry,” said Col. William Hartman, commander of the Army’s first offensive cyber operations brigade. That’s not easy. When one of Hartman’s teams joined a brigade of the 25th Infantry Division for an exercise this spring, the colonel recounted, the 25th’s commanding general told Hartman that his cyber operators talked in unintelligible “dolphin speak.”
“This was the first time we’d attempted to integrate at that level, and while we provided some very technically smart folks, they weren’t able to communicate with the brigade commander and staff,” Hartman said. A subsequent exercise with the Ranger Regiment went better, and Hartman has high hopes for a third outing in January with a Stryker brigade.
Still, there’s a long, long way to go. Historically, experts in cyber — especially in offensive cyber — lived deep inside the strategic intelligence community. Now, with networks vital — and vulnerable — right up to the front line, cyber operators need to integrate themselves into tactical combat units. But there’s a cultural chasm to cross.
“We need to get the cyber teams and LNOs [liaison officers] out to the divisions the corps, the ASCCs, into the theater armies, and they need to get out there yesterday, they’re not coming fast enough,” said Maj. Gen. Charles Flynn, commander of the 25th Infantry Division. Flynn’s the man who once described the cyber gurus’ talk as “dolphin speak.” It’s not enough to get cyber personnel in place, he emphasized: “They have to be able to describe what they offer to the commanders otherwise they’re going to be put off in what I would call the island of misfit toys.”
“We as technologists have to provide commanders with the right insights… so the commander can make an effective decision,” said Col. Paul Stanton, director of the Capabilities Development Group at US Cyber Command. “As we heard General Flynn….say, we’re not doing that well enough right now.”
Across the Army, “we’ve got to get the different tribes to work together much more effectively,” said Maj. Gen. Stephen Fogarty, head of the Army’s newly created Cyber Center at Fort Gordon. Cyber is too important to leave to the cyber geeks. “This is commander’s business, ultimately,” he said. “He’s the one responsible for integrating all these capabilities.”
Flynn, Fogarty, Hartman, and Stanton spoke this morning at an Association of the US Army conference. They were hardly alone in advocating for a closer integration of cyber with operations in the physical world, or in lamenting the cultural obstacles to that integration.
The cultural challenge is arguably as large as any technological shortfall. In some cases, culture gaps even cause technological gaps because people don’t invest resources in what they don’t understand.
“Some of this came out of Title 50 [of the US Code, which governs intelligence collection]. Cyber was a spooky world, it was persistent surveillance, ‘we don’t want to tell anybody we can do these things,'” said J.D. McCreary, a retired Navy electronic warfare officer now with Georgia Tech. “So Title 10 [military operations] guys went, ‘well, I’ll never be allowed to use these things, so why should I invest in it?”
“We’ve got to get Title 10 people thinking , ‘this is my environment, these are my capabilities,'” McCreary continued. Cyber experts must start “educating commanders on the art of the possible so they can drive requirements,” he said. “There aren’t enough requirements out there, because people don’t know what to ask for and they don’t believe they’ll ever get to use it.”
The first step out of the shadows of Title 50 (intelligence) into Title 10 (defense) was the creation of US Cyber Command in 2009, after a 2008 virus infection of classified systems. The next leap forward, still underway, is the creation of a 6,200-strong Cyber National Mission Force. The new corps is drawn from the four armed services to serve under Cyber Command, which to date has relied on the National Security Agency for much of its capability. Indeed, the commander of CYBERCOM is and has always been also the head of NSA.
“We have a unique partnership with the Title 50 community, particularly NSA,” said Air Force Lt. Gen. James McLaughlin, deputy commander of Cyber Command. ” It will be something that will be there forever.”
“That being said,” McLaughlin told the AUSA conference, “this [new] force is not built to do Title 50 intelligence community work. That’s not why we exist. We exist to execute Title 10, combatant command, warfighting operations….We actually have to have a different set of tools, a different set of authorities.”
“We need as a nation the capability to counter a cyber force against us. because I think that’s the first thing you’re going to see in a conflict,” Gen. Keith Alexander, the retired head of CYBERCOM and NSA, told me after his remarks to the AUSA conference. Technology and threats have changed dramatically, he said, from the time when computer networks were simply a source of intelligence information — the proper province of the NSA, whose origins are in the codebreakers of World War II. Today, cyber can wreak physical destruction.
“It’s like the recon/counter-recon fight,” Alexander told the AUSA conference, using military jargon for the initial clash of reconnaissance units that can leave one side stripped of its scouts and fighting blind. “It’s not the only fight: It’s the first fight. What’ll happen is if we win that, we’ll [still] be in the second fight. What we can’t afford to do is have our nation crippled in the cyber fight” so it’s fighting blind in the clashes that follow, he said. “In fact, China’s already put out a strategy like that.”
China’s not the only country to worry about. “Russian activities in Ukraine… really are a case study in the potential for [what Army doctrine calls] CEMA, cyber-electromagnetic activities,” said Maj. Gen. Fogarty. “It’s not just cyber, it’s not just electronic warfare, it’s not just intelligence, but it’s really effective integration of all these capabilities with kinetic measures” — that is, bullets and bombs, drones and tanks — “to actually create the effect that their commanders [want] to achieve.”
When the Russians went into Ukraine, said the Army Cyber Command chief, Lt. Gen. Edward Cardon, “they basically shut down all the military systems, and the [Ukrainian] soldiers used their cellphones, and they got [located] and destroyed.” The Russians are making heavy use of drones to spot for massed artillery barrages, he went on, but “the drone isn’t just flying around. The drone is being vectored based on intelligence” — for example, from electronic warfare units detecting Ukrainian cellphone transmissions — “[and] when it shows up… you’re going to get an artillery strike in about ten minutes.”
That Russian-style integration of cyber/electronic warfare, drones, and old-fashioned high explosive is frankly impressive. It’s also something US troops don’t want to be on the receiving end of, ever. The only way to ensure we aren’t is to get better at integrating cyber into traditional operations ourselves.
Enterprise-wide training: the Army’s $3.5B program for multi-service combat readiness
The competition for Warfighter Training and Readiness Solutions will bring together training networks, combat training centers and live ranges across the DoD enterprise.
Army eyes TBI monitoring, wearable tech for soldiers in high-risk billets
“We are also looking at what additional personal protective equipment we can provide to our folks, especially instructors and others who are routinely exposed to blast pressure,” said Army Secretary Christine Wormuth.
