Tag Archives: cyber

Why It Is Time For a U.S. Cyber Force

By Dave Schroeder and Travis Howard

The proposal to create a U.S. Space Force has cyber professionals wondering about the government’s national security priorities. While spaceborne threats are very real — some of which cannot be suitably described in a public forum — the threats posed in cyberspace have been all too real for over a decade, and include everything from nuisance hacks by nation-states, to the weaponization of social media, to establishing beachheads on our nation’s electric grid, or the internet routers in your own home.

Since 2009, incremental improvements have been made to the nation’s ability to operate in cyberspace during this period. The establishment of U.S. Cyber Command (USCYBERCOM) — first subordinate to U.S. Strategic Command, and then elevated to a Unified Combatant Command (UCC) — and the formation of the 133 teams that comprise the Cyber Mission Force (CMF) are chief amongst them.

Yet despite all of the money and attention that has been thrown at the “cyber problem” and for all of the increased authorities and appropriations from Congress, the nation’s offensive and defensive cyber capabilities suffer from inefficiency and a lack of a unified approach, slow to non-existent progress in even the most basic of cybersecurity efforts, and a short leash that is inconsistent with the agility of actors and adversaries in cyberspace. Our adversaries continue to attack our diplomatic, information, military, economic, and political systems at speeds never before seen.

The discourse surrounding the formation of a dedicated service for space defense has captured the American imagination, and for good reason. Since World War II, America has shown her ingenuity and innovation, and the success of the U.S. Air Force provides a historical model for how a combat-ready, specialized fighting force can be built around a new warfighting domain. However, a force structure has already taken shape within the U.S. military that would logically translate to its own service, and the operational culture it would both allow and cultivate would greatly enhance the effectiveness of national security.

It is past time to form the U.S. Cyber Force (USCF) as a separate branch of the United States Armed Forces.

America’s Position in Cyberspace is Challenged Daily — but it can be Strengthened

It’s no surprise that a wider breadth of adversaries can do more harm to American interests through cyberspace than through space, and for far less cost. In the aftermath of the 2008 Russo-Georgian War — the cyber “ghosts” of which are still alive and well in 2018 — Bill Woodcock, the research director of the Packet Clearing House observed, “You could fund an entire cyberwarfare campaign for the cost of replacing a tank tread, so you would be foolish not to.”

Deterring and responding to Russian hybrid warfare in cyberspace, countering Chinese cyber theft of U.S. intellectual property, shutting down state and non-state actor attacks, defending American critical infrastructure — including the very machinations of our democracy, such as voting and political discourse and even cyber defense of U.S. space assets are just some of the heavy-lift missions that would occupy a U.S. Cyber Force.

Admiral (retired) Jim Stavridis recently described four ways for the U.S. and allied nations to counter challenges like the weaponization of social media and multifaceted information warfare campaigns on Western democracy: public-private cooperation, better technical defenses, publicly revealing the nature of the attacks (attribution), and debunking information attacks as they happen. A dedicated U.S. Cyber Force, with the proper ways and means to do so, could accomplish all of these things, and be a major stakeholder from day one.

Admiral (ret.) Mike Rogers, former Director, National Security Agency (NSA)/Chief, Central Security Service (CSS) and Commander, USCYBERCOM, in his 2017 testimony before the Senate Armed Services Committee, cautioned against prematurely severing the coupling of cyber operations and intelligence that has been the hallmark of any success the U.S. has thus far enjoyed in cyberspace. General Paul Nakasone, the current DIRNSA/CHCSS and Commander, USCYBERCOM, made the same recommendation in August 2018. Despite increased resourcing of USCYBERCOM by both Congress and the Executive Branch, operational authorities in cyberspace are hamstrung by concerns about blending Title 10 military operations with Title 50 intelligence activities, along with negative public perception of the NSA. The relationship between USCYBERCOM and NSA requires a complicated (and classified) explanation, but blending cyber operations with rapid, fused intelligence is vital, and go hand-in-hand — to separate them completely would be to take the leash that already exists around USCYBERCOM’s neck and tie their hands with it as well. Offensive and defensive operations in cyberspace are two sides of the same coin — and intelligence is the alloy between them. Standing up a U.S. Cyber Force would also enable a deliberate re-imagining of this unique symbiosis, and a chance to — very carefully — lay out lines of authority, accountability, and oversight, to both prevent overreach and justifiably earn public trust.

The above challenges could be addressed in part by refining the existing structures and processes, but the real sticking point in USCYBERCOM’s sustainment of fully operational cyber forces lies in how we build forces ready to be employed. Force generation of the CMF through the various armed services’ manning, training, and equipping (MT&E) their own cyber warriors is an inefficient and weak model to sustain a combat ready force in this highly-specialized and fast-moving mission area.

Cyber resources play second-fiddle to service-specific domain resourcing; for example, the Department of the Navy has an existential imperative to resource the maritime domain such as shipbuilding and warplanes, especially during a time of great power competition. The cyber mission is secondary at best, and that’s not the Navy’s fault. It just simply isn’t what the Navy is built or tasked to do. This same reality exists for our other military services. Cyber will always be synergistic and a force multiplier within and across all domains, necessitating the need for the services to retain their existing internal cyber operations efforts, but feeding the joint CMF is ultimately unsustainable: the CMF must sustain itself.

The Cyber Force is Already Taking Shape

USCYBERCOM, NSA, the 133 teams comprising Cyber Mission Force — are approaching full operational capability in 2019 — and the operational and strategic doctrine they have collectively developed can now more easily transition to a separate service construct that more fully realizes their potential within the joint force. There is a strong correlation here with how the U.S. Army Air Force became the U.S. Air Force, with strong support in Congress and the approval of President Truman. The DoD has begun revising civilian leadership and building upon cyber subject matter expertise, as well, with the creation of the Principal Cyber Advisor (PCA) to the Secretary of Defense — a position that Congress not only agreed with but strengthened in the Fiscal Year 2017 National Defense Authorization Act. Such a position, and his or her staff, could transition to a Secretary of the Cyber Force.

The footprint would be small, and room in Washington would need to be carved out for it, but the beginnings are already there. Cyber “culture” — recruiting, retention, and operations — as well as service authorities (blending Title 10 and Title 50 smartly, not the blurry “Title 60” joked about in Beltway intelligence circles) would all benefit from the Cyber Force becoming its own service branch.

Perhaps one of the greatest benefits of a separate cyber branch of the armed forces is the disruptive innovation that would be allowed to flourish beyond the DoD’s traditional model of incremental improvement and glacial acquisition. The cyber domain, in particular, requires constant reinvention of techniques, tools, and skillsets to stay at the cutting edge. In the early 2000s, operating in a cyber-secure environment was thought to mean a restrictive firewall policy coupled with client-based anti-virus software. In 2018, we are developing human-machine teaming techniques that blend automation and smart notifications to fight and learn at machine speed. Likewise, the traditional acquisition cycle of military equipment, often taking 4-6 years before prototyping, just doesn’t fit in the cyber domain.

In short, the “cyber culture” is an incubator for innovation and disruptive thinking, and there are professionals chomping at the bit for the chance to be a part of a team that comes up with new ideas to break norms. A dedicated acquisition agency for cyber would be an incubator for baked-in cybersecurity controls and techniques across the entire DoD acquisition community. The Defense Innovation Unit (DIU) — recently shedding its Experimental “x” — is proving that something as simple as colocation with innovation hubs like California’s Silicon Valley and Austin, Texas, and a willingness to openly engage these partners, can deliver innovative outcomes on cyber acquisition and much more. Similarly, the Cyber Force must be free to exist where cyber innovation lives and thrives. 

Creating the USCF has other benefits that would be felt throughout the military. The Army, Navy, Marines, and Air Force, relieved of the burden of feeding the offensive and national CMF and paying their share of the joint-force cyber bill, can better focus on their core warfighting domains. This doesn’t absolve them of the need for cybersecurity at all levels of acquisition, but a USCF can be an even greater advocate and force-multiplier for DoD cybersecurity efforts. Services can and should retain their service-specific Cyber Protection Teams (CPTs), which could be manned, trained, equipped, and tactically assigned to their service but also maintain ties into the USCF for operations, intelligence, and reachback. Smart policies and a unity of effort can pay big dividends here, as the services would naturally look to such an organization as the resident experts.

Extreme Challenges with Existing Forces

Much has been made of the extensive difficulties faced by our military services for the recruiting and retention of cyber expertise in uniform. Brig. Gen. Joseph McGee, Deputy Commanding General (Operations), Army Cyber Command (ARCYBER), described an example in which a talented cyber prospect “realized he’d make about the same as a first lieutenant as he would in a part-time job at Dell.” Examples like this are repeated over and over from entry-level to senior positions, and everything in between, on issues from pay to culture. In the military, being a cyber expert is like being a fish out of water.

The service cyber and personnel chiefs have made a clear case before the Armed Services Committees of both houses of Congress for the urgent need for flexibility on issues such as rank and career path for cyber experts specifically. Cyber needs were repeatedly cited as the rationale for the need for changes to restrictive military personnel laws. Many of these items were indeed addressed in the Fiscal Year 2019 (FY19) National Defense Authorization Act (NDAA), with provisions which may now be implemented by each service in what is hailed as the biggest overhaul to the military personnel system in decades:

  • Allow O-2 to O-6 to serve up to 40 years without promotions, or continue service members in these grades if not selected for promotion at a statutory board
  • Ability for service members to not be considered at promotion boards “with service secretary approval” — for instance, to stay in “hands on keyboard” roles
  • No need to meet 20 years creditable service by age 62 for new accessions (no need for age limit or age waiver above 42 years old for direct commissions)
  • Direct commissions or temporary promotion up to O-6 for critical cyber skills

But even these provisions do not go far enough, and the services are not obligated to implement them. When the challenges of pay, accessions at higher rank, physical fitness, or military standards in other areas come up, invariably some common questions are raised.

A common question is why don’t we focus on using civilians or contractors? In the case of naval officers, why don’t we make them Staff Corps (instead of Restricted Line), like doctors and lawyers who perform specialized functions but need “rank for pay” and/or “rank for status?” What about enlisted specialists versus commissioned officers?

The answer to the first question is easy in that we do use civilians and contractors across the military, extensively. The reason this is a problem is that we also need the expertise in uniform, for the same legal and authorities reasons we don’t use civilians or contractors to drive ships, lead troops, launch missiles, fly planes, and conduct raids.

As for making them Staff Corps officers or equivalent in the other services, the Navy, for instance, has been talking about going the other direction: making officers in the Navy Information Warfare community designators (18XX) unrestricted line, instead of restricted line, like their warfare counterparts, or doing away with the unrestricted line vs. restricted line distinction altogether. This is a matter of protracted debate, but the reality is that some activities, like offensive cyberspace operations (OCO) and electronic attack (EA), are already considered forms of fires under Title 10 right now — thus requiring the requisite presence of commissioned officers responsible and accountable for the employment of these capabilities. The employment of OCO creates military effects for the commander, and may someday be not just a supporting effort, or even a main effort, but the only effort, in a military operation.  

Under the Navy’s Information Warfare Commander Afloat Concept, for the first time the Information Warfare Commander of a Carrier Strike Group, the Navy’s chief mechanism for projecting power, can be a 18XX Officer instead of a URL Officer. If anything, we’re shifting more toward URL, or “URL-like”, and the reality of the information realm as a warfighting domain is only becoming more true as time goes on, if not already true as it stands today.

So what about our enlisted members? They’re doing the work. Right now. And the brightest among them are often leaving for greener pastures. But still for reasons of authorities, we still need commissioned officers who are themselves cyber leaders, subject matter experts, and practitioners.

None of this is to say that direct commissioning of individuals with no prior service as officers up to O-6 is the only solution, or that it would not create new problems as it solves others. But these problems and all of the concerns about culture shock and discord in the ranks can also be solved with a distinct U.S. Cyber Force which accesses, promotes, and creates career paths for its officers as needed to carry out its missions, using the full scope of flexibility and personnel authority now granted in the FY19 NDAA.

Another major challenge is the lack of utilization of our reserve components. Many members of our reserve force have multiple graduate degrees and 10-15 years or more of experience, usually in management and leadership roles, in information technology and cybersecurity. We have individuals in GS/GG-14/15 or equivalent contractor and other positions, who are doing this work, every day, across the Department of Defense (DOD), the Intelligence Community (IC), academia, and industry.

Yet reservists are currently accessed at O-1 (O-2 under a new ARCYBER program), need to spend 3-5 years in training before they are even qualified to mobilize, or for the active components to use in virtually any operational or active duty capacity. And that’s after doing usually a year or more of non-mobilization active duty, for which nearly all employers don’t give differential pay because of existing employment policies, including in federal GS/GG positions.

We have very limited mechanisms and funding sources to even put reservists on active duty at NSA or USCYBERCOM, where our service cyber leadership repeatedly states we need people the most. And in the rare instances we manage to put people on some type of active duty in a cyber role in their area of expertise, it often is not a “mobilization” under the law — which means a person is now an O-2 or O-3, and with that “level” of perceived authority and experience to those around them. And they often just left their civilian job where they are recognized as a leader and expert — and easily make $200k a year.

National Security Operations Center (NSOC) c. 1985 — National Cryptologic Museum

Most people appreciate that you can’t just magically appear as an O-6, and have the same depth, breadth, and subtlety of experience and knowledge as a O-6 with 25 years in uniform. Yet these O-6s, as well as general and flag officers, routinely retire and assume senior leadership positions in all manner of public and private civilian organizations where “they don’t know the culture” — because they’re leaders.

So while a person off the street doesn’t have the same level of understanding of the military culture, it’s incorrect to say they can’t innovate and lead on cyber matters — to include in uniform as a commissioned officer. We’re not so special to imply that you can’t lead people and do the critical work of our nation, in uniform, unless you’ve “put in your time” in a rigid career path. It’s time to change our thinking, and to establish a military service to support the realities of that shift.

Recommendations

The call for a dedicated cyber branch of the U.S. Armed Forces is not new. Admiral (ret.) Jim Stavridis and Mr. David Weinstein argued for it quite passionately in 2014, calling on national leaders to embrace cyber innovation and imploring us to “not wait 20 years to realize it.” Great strides have been made in the four years since that argument was made, and we are closer than ever to realizing this vision. It will take a focused effort by Congress and the president to make this happen, as it did with the U.S. Army Air Forces becoming the U.S. Air Force in 1947. A tall order, perhaps, in today’s political environment, but not impossible, especially given the desire to compromise on issues of national defense and when both Republicans and Democrats alike are seeking wins in this column.

To summarize: the threat is eating our lunch, USCYBERCOM and the CMF are nearly ready to transition to their own service branch, and the benefits of doing so are numerous:

  • Sensible use of resources spent on cyberspace operations
  • An incubator of disruptive and rapid innovation in the cyber domain
  • Improved oversight and accountability by policy and under U.S. Code
  • More efficient and sustainable force generation and talent retention
  • Better alignment of service-specific core competencies across all warfighting domains
  • Synergy with a unified space commander (such as cyber protection of satellite constellations)

The United States House of Representatives recently ordered the Government Accountability Office (GAO) to begin an assessment on DoD cyberspace operations as part of the FY19 NDAA. This study, due to Congress in 2019, should prove enlightening and may become a foundational effort that could be built upon to explore the feasibility of establishing the U.S. Cyber Force as a new branch of the Armed Forces. Congress could order this as soon as FY21, with the Cyber Force fully established by the mid-2020s (blazingly fast by federal government standards, but no faster than the proposed Space Force).

Conclusion

The President has also now relaxed rules around offensive cyberspace operations, perceiving the urgent need to respond more quickly to cyber threats and cyber warfare directed at the United States. We have a great stepping stone in USCYBERCOM, but with no plans to take it to the next step, even a dedicated combatant commander for the cyber domain will face challenges with the above issues for the duration of its lifespan. Similar to how we are just becoming aware of space as a distinct warfighting domain, cyber has already been a warfighting domain since the beginning of the 21st century. The time for a U.S. Cyber Force is now. The threat in cyberspace, and our underwhelming response to it thus far, cannot wait.

Travis Howard is an active duty Navy Information Professional Officer. He holds advanced degrees and certifications in cybersecurity policy and business administration, and has over 18 years of enlisted and commissioned experience in surface and information warfare, information systems, and cybersecurity. Connect with him on LinkedIn.

Dave Schroeder served as a Navy Cryptologic Warfare Officer and Navy Space Cadre, and is Program Manager for IWCsync. He serves as a senior strategist and cyber subject matter expert at the University of Wisconsin–Madison. He holds master’s degrees in cybersecurity policy and information warfare, and is a graduate of the Naval War College and Naval Postgraduate School. Find him on Twitter or LinkedIn.

The views expressed here are solely those of the author and do not necessarily reflect those of the Department of the Navy, Department of Defense, the United States Government, or the University of Wisconsin–Madison.

Featured Image:  National Security Operations Center floor at the National Security Agency in 2012 (Wikimedia Commons)

Three Hard Questions for U.S. Maritime Strategy in a Digital Age

By Frank T. Goertner

From the White House to the Pentagon, the message is clear. The world of 21st Century great power competition has arrived, and it is distinctly different from the one today’s U.S. national security enterprise was designed to confront. Now is the time for every agency, department, and service in the executive branch to ask itself hard questions and consider decisive change.

Nowhere is the imperative for introspection more acute than in the U.S. Navy, Marine Corps, Coast Guard, and Merchant Marine. They are the sea services responsible for sustaining American sea power; their forces the guarantors of maritime superiority for a maritime nation. Moreover, their leaders are the custodians of the national assets most threatened by the rise of China and Russia as new global rivals in the maritime domain.

With this in mind, it is time to consider whether the emergent norms of this new era of great power competition also warrant a campaign to rethink the functions and missions of these sea services. Is now the time for a new maritime strategy for the United States?

The answer is yes. Three hard questions point to why.

What Will We Do if the Lights Go Out?

The sea services have always been on the nation’s first line of defense against threats to national interests and on the first line of response to disasters at home and abroad. Traditionally this has taken the form of sustaining and guarding physical sea lines of communication (SLOCs) that connect the United States to other maritime nations, while exercising readiness to project military power or render disaster response to physical crises around the globe. 

The current maritime strategy of the United States bins these roles into five enduring functions – deterrence, sea control, power projection, maritime security, all domain access – and promotes seven naval missions – defend the homeland, deter conflict, respond to crises, defeat aggression, protect the maritime commons, strengthen partnership, and provide humanitarian assistance/disaster response. Anyone capable of tracking their way through these lists as they read the document is then offered a tour of U.S. maritime capabilities as they relate to each of these functions and roles. En route, they will find sound justification for everything the sea services are doing today. What they will not find is precise direction on how they should change to confront the future of maritime competition. 

This is a problem. China and Russia are both developing capabilities that could fundamentally change the character of contests at and from the sea.  They are investing in unprecedented capacity for new means of physical and digital coercion. Russia brands it Information Confrontation. For China, it is Low Intensity Coercion and Intelligentized Warfare. Each involves developing sophisticated offensive cyber doctrine, investments in high-end electromagnetic pulse weaponry, and capabilities to disrupt critical communications architecture around and beneath the sea. In early phases of escalation or conflict, it is fully plausible either rival could disrupt civil communications, impair digital infrastructure, and impede electrical services across large swaths of the United States. 

The implications for the future sea services are profound. Each must prepare to defend against digital coercion by maritime rivals and to protect new digital SLOCs for future maritime operations. What are the means by which the sea services could align with other national instruments of power to deter such coercion in peace and in war, and what could each sea service offer the nation in the worst-case that deterrence fails? Could the Navy and Merchant Marine deliver power-generating capacity and internet services from the sea? Could the Coast Guard help reestablish communications between coastal U.S. hubs? Could the Marine Corps help rebuild and defend critical digital nodes and infrastructure? Who would repair the undersea cables and defend them against further attack? In sum, the sea services need a strategy that evolves beyond today’s functions and missions, and toward defining future means to protect America against 21st Century coercion and be ready to respond if the lights go out.  

What if the Oceans Turn Transparent?

One of the tenets of naval strategy has always been the vastness of the world’s oceans. There has traditionally been so much water, with so much activity occurring within and around it, that it was inconceivable any nation could capture and make sense of it all. Any ship at sea was not just the proverbial needle in a haystack. It was a moving needle among hay that was tossing, turning, and even inhabited.

The best navies in history have applied this tenet to their advantage. They developed navigational and communications techniques to maintain the edge over rivals in knowing where their ships were among others in the haystack, along with the fastest ships to traverse the open ocean swiftly or furtively. Maintaining that part has always been hard, demanding continual progress in command, control, and communications technology in platforms built to leverage every boundary of physics they could challenge. On the other hand, hiding has historically been easy. It has been a matter of either knowing where to hide in the ocean’s multi-layered domain or reducing physical signature enough to look like other needles or hay in the stack.   

For the first time in history, there is evidence that this may all be about to change. With the emergence of a globalized sensor-based economy, the world is on track to host more than 50 billion “smart” devices and one trillion digitally connected sensors by the early 2020s. Of course those won’t all be sensing the maritime domain, but many will be. 

They will be mass-manufactured in a host of sizes and configurations and employed on long-endurance drones on and above the ocean’s surface, in nano- and micro-satellites in space, or scattered along the coasts and sea-bed. They will be employed in abundance on military, commercial, and possibly even biological platforms; collecting, deciphering, and transmitting the data of the seas.

For the aggregators of this data, virtually everything in the haystack could be visible – critical portions of the oceans will be effectively transparent. Yet that is only half the problem. Development and operationalization of Artificial Intelligence (AI) and autonomous systems, alongside advances in quantum computing and radar, offer the promise of harnessing machine processors to discern patterns in the data such that nearly every needle can be found, or at least rendered probabilistically present, with greater accuracy than humans have ever achieved. 

The impact on the future sea services will be immense. Postures of passive defense will no longer be enough to protect their assets at sea. Is the United States ready for a fight in which the competition for sensor saturation and AI dominance is a core determinate of victory at and from the sea? Are the sea services prepared for an operating environment in which maneuver among rival maritime forces becomes an active game of confounding the predictive analytics of rivals and finding novel ways to hide in the clutter of the oceans’ dynamics? And perhaps of greatest concern, what if the transparency extends below the sea surface and the Navy’s undersea contribution to the U.S. nuclear triad is someday laid bare? Is it worth a strategic hedge such as diversifying employment of strategic weapons and high-yield tactical missiles onto surface combatants, carrier-launched aircraft, or in extremis even container vessels of the Merchant Marine? In sum, the sea services need a strategy that addresses holistically how to sustain American sea power if the oceans turn transparent.     

How can We Mobilize a Digital Maritime Nation?

Since the War of Independence, America’s leaders have recognized that they are responsible for a maritime nation. Yet how to convey that in policy has not always been self-evident. During the inter-war years of the 1930s, as now, the U.S. Government witnessed an escalation of competition among maritime rivals on a scale that had never been seen before, enabled by technology that was fundamentally changing the character of contests between them. National leaders at the time knew the United States had an edge in industrial production and innovation, but they did not know how to mobilize it for a global fight.

In response, the President and Congress passed the Merchant Marine Act of 1936, establishing a Maritime Commission. It was a federal body directed and authorized to chart the mobilization of an American maritime nation for the level of global competition and contest it saw on the horizon. By the 1940s, when those contests turned to war, the nation had at least thought through what was needed in the months and years ahead.      

America remains a maritime nation but is now a digitally interdependent maritime nation in a digital age. This is something new. Wall Street and the solvency of the Federal Reserve are nearly as reliant on foreign digital market transactions as they are on U.S. investments.  The nation’s most powerful and valuable firms are corporations with legal, digital, and human elements that span the world. And U.S. universities – the engine of digital and industrial ingenuity – are digitized global enterprises unto themselves.       

The significance for the sea services is dramatic. They need to think through how to secure America’s national innovation complex and defend its intellectual edge in a world of commoditized data and information. They merit collective contingencies to mobilize the industrial giants of the Fourth Industrial Revolution for sea power competition on behalf of America and our Allies. What will be the legal and financial terms under which the services of Amazon, Microsoft, Google, Apple, Space-X and others are commissioned should today’s contests turn to war? Is it time to reconsider standards and terms of selective service for the Digital Age? Do the sea services need new authorities to explore, resource, and test innovative concepts for burden sharing in the event of mobilization? In sum, there should be a strategy to articulate a national vision and lay the foundation for mobilizing a digitized America for the digitized contests on the horizon.

Time for Answers

These are the first of many questions the U.S. sea services should be asking, but the questions are just the start.  Collectively, the services need answers, and they need them fast in order to beat emergent maritime rivals to the future. Equally important, these answers must align across national maritime authorities – public and private, agencies and services, U.S. and Allied – to ensure they all get there together.

In short, they need a new U.S. maritime strategy for a digital age.

Frank Goertner is a Commander in the U.S. Navy. His most recent assignment was as a Strategic Planner for Future Fleet Design and Architecture in the Office of the Chief of Naval Operations, Future Strategy Branch. The views and opinions expressed are the author’s alone and do not represent the official position of the U.S. Navy, U.S. Department of Defense, or U.S. Government.

Featured Image: NATIONAL HARBOR, Md. (April 3, 2017) Vice Chief of Naval Operations (VCNO) Adm. William Moran, left, speaks at the 2017 Sea, Air and Space Exposition. Moran was joined by a panel including Assistant Commandant of the U.S. Marine Corps Gen. Glenn Walters, Vice Commandant of the U.S. Coast Guard Adm. Charles Michel, and Joel Szabat, executive director of Maritime Transportation, to discuss a “Sea Services Update” regarding today’s maritime environment. (U.S. Navy photo by Mass Communication Specialist 2nd Class Danian Douglas/Released)

The Navy Needs to Do More Than Rebuild for the Future, It needs to Reinvent Itself

It is time for a Navy-wide campaign to rethink force strategy, design, and culture for competition in a digitized world.

By Frank T. Goertner

When paradigms change, the world itself changes with them.1

— Thomas Kuhn

Return to great power competition; revisionist powers; renewed capabilities; rebuild our military: such phrases feature prominently in recent U.S. national security guidance. They convey an imperative to look to the past as the nation prepares for a potentially volatile future. For American navalists in particular, they offer nostalgic optimism. Three times in the 20th Century, the Navy confronted rivals to U.S. sea power and prevailed. As the world returns to similar heights of geo-strategic rivalry, it is tempting for Navy leaders to approach the future via plans to rebuild past success. With concerted effort, the Service can revise known strategies, renew forgone capacity, and return to prior postures for the contests ahead. This approach would appear logical. It would also be a mistake. 

The world and its competitive landscape are changing in profound ways. The advance and proliferation of digital technologies among interdependent societies has established digitized information as a new global commodity of unprecedented strategic value. This development is upending competitive norms across and within human enterprises around the world and inspiring new paradigms that will reshape future contests between them. We see this in markets and geopolitics alike.    

For the Navy, one such enterprise, this implies that the approaches most pertinent to its future may not be behind it, but around it. This is not to say history is irrelevant. But alongside its lesson, Navy leaders should account for how commercial peers and maritime rivals are preparing their own enterprises for the contests ahead. As important, they should do so free of any assumptions that could self-constrain the Navy’s ambitions for its future within paradigms of its past.

A glance around at the Navy’s peers and rivals suggests that an approach to rebuild for the future is not enough.  Navy leaders should promote new competitive paradigms to fully leverage digitized information and harness its strategic value. They need a campaign to rethink force strategy, design, and culture for the contests ahead. In sum, the Navy needs to reinvent itself as a digitized enterprise for the digitized world.

The Market and Its New Norms

“Data [is] to this century what oil was to the last one. . . It changes the rules for markets and it demands new approaches.”2

-The Economist

Information has always been a source of competitive advantage in the market, but digitized information in a globalized and digitized economy is something new. It is a global commodity that can assume unprecedented levels of strategic value. In industries around the world, control of digitized information has become as – sometimes more – determinative of competitive outcomes than ownership of physical space or manipulation of material goods. 

It is a phenomenon that Chris Anderson of WIRED magazine terms 21st Century Free,3 and Andrew McAfee and Erik Brynjolfsson of MIT call the new economics of free, perfect, and instant.4 Digitized information, for decades one of many resources used by firms to enable operating efficiencies or assist in corporate planning, is emerging in the 21st Century as a driver of new competitive norms. It can be accessed and transmitted at unparalleled scale, scope, and speed. With near-zero marginal costs to produce, it can grant firms extraordinary levels of efficiency as they shift from material to digital infrastructure. It can assume considerable monetary value and hold that value across traditional industry and national boundaries. It can be harnessed for innovation and expansion into new, often unexpected, sectors. In short, a firm that can effectively amass, manipulate, and control digitized information can achieve unprecedented levels of command over what Michael Porter of Harvard refers to as a new competitive landscape of smart, connected products.5

To account for these new norms, firms in an array of industries are promoting new competitive paradigms. They are migrating from 20th Century corporate thinking based in competition for profits within material manufacturing or services toward new thinking that prioritizes competition for access, manipulation, and control of digitized information alongside – often in place of – traditional sources of profit. Some go so far as to completely invert previous paradigms. Firms that once saw digitized resources as means to achieve ends within a competition for physical resources now see physical resources as means to achieve ends within the competition for digitized information.6

Commercial Peers and Their Race to Reinvent

“If you won’t or can’t embrace powerful trends quickly… you’re probably fighting the future. Embrace them and you have a tailwind.”7

– Jeff Bezos

The challenge is that paradigms don’t change easily.  Moreover, if they don’t change fast enough, a firm risks obscuring its vision for the future within lenses ground in the past. Therefore, executives of the most successful firms are promoting their new paradigms with campaigns to rethink corporate strategy, design, and culture for the market’s new norms. In effect, they are reinventing their firms as digitized enterprises for a digitized world.8 What does this entail?

First, it takes executive commitment to reshape strategic perspectives to account for the new competitive norms of a digitized market.9 From the top down, executives and their strategic planners must embrace the fact that digitized information is no longer merely a means to enhance value of current service or production techniques. As a strategic commodity, it can often be the source of new value and innovation.10

Second, it takes a disciplined effort to redesign platforms and operations, not only within existing functions, but also into new frontier functions that command of digitized information can make accessible.11 One approach that has gained prominence is the digital platform approach; focusing design efforts on platforms that integrate digital and material resources, re-aligning current operations and investments to support those platforms, and posturing both to outperform competing platforms by beating competitors to market to learn early and learn fast from the environment.12 This is often complimented by a digital journey approach to iterative platform re-design; mapping theoretical customer journeys across each platform of a firm in order to identify both efficiencies to improve value and options to open new competitive fronts along the way.13

Third, it takes planning to evolve a digital culture or digital DNA14 of the workforce to ensure they build human-machine teams to engage in a digitized world. This includes experimenting with organizational balance between minds and machines15 as well as talent management models to develop leaders to translate digitized information into human action – leaders Robert Reich of Harvard calls symbolic analysts.16

For an idea of how this looks in practice, Marriott is a firm driving to reinvent. For five decades through the 1990s, Marriott was a leading owner of lodging and dining facilities. As of last year, it owned just 22 hotels worldwide; yet still claimed control of “more than 6,000 properties in 122 countries and territories.”17 In the two decades between, Marriott executives promoted a new competitive paradigm that prioritized digitized information as a global commodity and strategic priority on par with – sometimes superior to – material sources of value. As evidence of how comprehensive this paradigm shift has been, Marriott’s 2016 acquisition of Starwood Hotels was the biggest deal in hospitality history. Yet consider what aspect of the deal Marriott flagged to investors in its annual report: “With the acquisition, Marriott now has the most powerful frequent traveler programs in the lodging industry.”18 For Marriott, the deal’s value derived at least as much from the digitized information gained as in material resources. Since the deal, Marriott’s focus has been to harness the strategic value of that commodity. They use a platform approach to integrate material and digital resources across reservation, financial, and management systems. Executives are envisioning Marriott customers as digital immigrants, with planners evaluating each immigrant’s digital journey, “from searching for a hotel room . . . through and then after the stay.”19 And Marriott personnel are retooling practices to align human talents and machine tasks across the merged digitized enterprise.  

General Electric (GE) and Boeing offer additional examples somewhat closer to the Navy. GE is racing to preserve its claim as the last original American industrial firm in the DOW by reinventing itself around its digital platform – PREDIX. Boeing, for its part, now refers to “data as fuel,” and is proactively exploring how to design future systems, platforms, and workforces around its own digital platform – Analytx.20 Both, like Marriott, are racing to reinvent themselves as digitized enterprises for the digitized contests they see ahead.

The Maritime Operating Environment and Its New Norms

“A war of ideas can no more be won without books than a naval war can be won without ships. Books, like ships, have the toughest armor, the longest cruising range, and mount the most powerful guns.”21

-President Franklin D. Roosevelt

As in business, information has always been an integral part of military competition. The quote above from one of the 20th Century’s great navalists highlights this poignantly. Yet reread it substituting FDR’s books with today’s equivalent, digitized information, and the quote rises to a whole new meaning.

In the 21st Century, digitized information has emerged as a global commodity of unprecedented strategic value in the competition for sea power among maritime nations. With maritime communication, transportation, and national service networks reliant on digital infrastructure, the information they carry has immense geo-political value. Employment of digitized information in automated battle management systems, operational analytics, and cyber operations could drive down marginal costs and augment cumulative effects of military operations at exponential rates. Finally, networked digitized information offers the prospect of widely disbursed forces operating with nearly free, perfect and instant command, control, and communications (C3) with coherency and precision.

As a result, a fight for sea power in an operating environment where digitized information is a global commodity is not just a faster fight or more multi-faceted fight. It is a completely different kind of fight. The contest for Volume, Velocity, Veracity, and Value of Information becomes paramount – so much so that the strategic ends in future digitized conflicts may no longer be control or destruction of physical combat forces and facilities, but rather control of digital devices, connections, networks, and perceptions of those engaged in the contest.22 Marine Lt. Gen. Vincent Stewart, recent Director of the Defense Intelligence Agency, calls it 5th Generation Warfare and the Cognitive Battle.23 Dr. William Roper, recent Director of DoD’s Strategic Capabilities Office, envisions it as digital blitzkrieg in which “whoever collects the most data on Day One just might win the war before a single shot is fired.”24 

In sum, digitized information in the 21st Century maritime operating environment is more than an operational enabler; it is a strategic resource that can be as – perhaps more – decisive to victory as the physical control of territory or the kinetic lethality of material weapons. These are the new norms of the digitized maritime operating environment, and navies around the world are taking note.

Maritime Rivals and Their Race to Reinvent

“Be extremely subtle, even to the point of formlessness. Be extremely mysterious, even to the point of soundlessness. Thereby you can be the director of the opponent’s fate.”25

-Sun Tzu

It is hard to imagine a better resource than digitized information for a modern military in pursuit of Sun Tzu’s timeless ambitions. This is not lost on 21st Century rivals for U.S. sea power. Both Russian and Chinese military leaders are promoting new paradigms that effectively invert past thinking on military competition, migrating away from 20th Century doctrine focused on a digitally-enabled fight for control of the territory and infrastructure that have historically defined victory. Rather, they are strategizing for a materially-enabled fight to control the digitized information that could define victory in a future fight. In effect, like their commercial peers, each is racing to reinvent themselves as digitized enterprises for the digitized contests they see ahead. What does this entail?

First, Russian and Chinese leaders appear committed to reshape strategic perspectives to account for the new norms of a digitized operating environment. In both practice26 and in doctrine,27 Moscow has elevated manipulation and control of digitized information to an unprecedented level of prominence in their strategic planning. Information Confrontation is the Russian’s name for their new approach. Surpassing traditional information warfare, its ambition is to align missions and operations across digitized diplomatic, economic, military, political, cultural, and social enterprises such that national influence can be targeted with new levels of efficiency and precision, plus in new unprecedented ways.28 Similarly, China is advancing its sea power with a new approach the Department of Defense terms Low Intensity Coercion.29 Through precisely coordinated diplomatic, economic, and military ventures; they seek to integrate digitized and material resources under centralized command and control in what Admiral James Stavridis has called “a kind of hybrid war at sea.”30 Further, like Russia, their ambition is unconstrained by 20th Century concepts. In the words of Elsa Kania of the Center for New American Security, Beijing’s ultimate aim is to “fundamentally change the character of warfare” and thus seize “the ‘commanding heights’ of future military competition.”31

Second, both rivals are intent to redesign platforms and operations and evolve a digital culture to account for their new strategic perspectives and make best use of digitized information as a strategic resource. Russia’s hybrid social media tactics in Ukraine,32 emphasis on offensive cyber,33 development of deep-sea capabilities to hold sea-bed communications cables at risk,34 and alleged GPS-spoofing in the Black Sea35 offer a sense how they are retooling Russian forces, to include the Russian Navy, for the new norms of the digitized operating environment. Similarly, Beijing’s investments in unmanned air, surface, and undersea vehicles; advanced cooperative maritime surveillance and targeting systems; electromagnetic pulse weapons; and quantum technology offer an idea of how they too are retooling their military for digitized maritime contests.36 It also appears Russia and China have started to align toward a digital platform approach in designing for force-wide employment of Artificial Intelligence (AI). Russian President Vladimir Putin recently asserted that the nation and military that leads in AI will rule the world.37 The Chinese military sees it as their “trump card”  in leading progress from today’s ‘informatized’ ways of warfare to future ‘intelligentized’ warfare,” and Beijing has set a goal for China to be the premier global innovation center in AI by 2030.38 Both nations are aggressively investing in force-wide AI applications that range from surveillance and decision aids to fully automated lethal systems. Fully realized, a Russian or Chinese Navy redesigned around a force-wide AI digital platform could credibly overmatch rivals in employment of digitized information for unmanned systems; intelligence fusion, processing, and analysis; operational training, war-gaming and simulation; information warfare; and support to both strategic and tactical command and control. Perhaps of greatest concern, though, is that both appear intent on being first to learn early and learn fast in the operating environment.39 

The U.S. Navy’s Choice: Rebuild or Reinvent 

“The future cannot be predicted, but futures can be invented.”40

-Denis Gabor

With peers and rivals racing to define their futures, the U.S. Navy is presented with a choice for its own — rebuild or reinvent?

Some will read this as a retread of the classic force planning calculus of capacity versus capability, and they will claim it’s nothing new. Others will say that it is a false choice, with the decision already made to do both.  The Service has committed to grow its force structure, reconsider its force posture, and upgrade its systems and personnel. Either argument misses the point. Before the Navy strikes for new capacity, new capabilities, or both, Navy leaders must decide what kind of enterprise the Navy will be for the contests they see ahead. Even if the targets for capacity and capability are clear, what is not is the lens through which the Navy will sight them. And that lens matters immensely. It will shape the assumptions from which its leaders depart, the questions its planners ask in charting the course, and the criteria for prioritizing decisions along the way.

A choice to rebuild is a choice to retain current paradigms or adapt incrementally from those of the past. It is a choice to keep strategic focus on a fight for control of territory and infrastructure, knowing that rivals have shifted their focus to a fight prioritizing control of digitized information as much – or more – than the physical geography it passes through. It is a choice to grow the force within current fleet structure, expand concepts rooted in current functions and missions, innovate within current program and budgetary decision processes, and adjust current personnel models – all of which were designed for contests in a pre-digital world. Ultimately, it is a choice to return to the type of force that America knows how to build and how to fight.

How would a rebuilt Navy look? It would be a Navy of digitally augmented Carrier Strike Groups and Air Wings to sustain manned power projection missions, digitally enhanced submarines to sustain predominately nuclear deterrence missions, digitally assisted surface action groups to re-attain capacity for sustained geo-spatial sea control, and maritime security missions with more and better data but still processed through human constraints on how to use it. It would be a Fleet with new digital resources, but still postured to defend and secure maritime infrastructure, trade routes, and allies prioritized within a pre-digital terrain where maneuver and coercion played by different rules. Finally, it would be a workforce of Sailors and civilians enabled by digitized resources such as AI and robotics to execute today’s requirements, but not necessarily teamed with them to define and explore new frontiers – frontiers such as fully or semi-autonomous long-endurance strike groups, offensive sea-based cyber operations, or non-nuclear deterrence forces for digitized coercion. 

A rebuilt Navy is fine if the fight the Navy sees ahead is the fight it sees behind. The challenge is that the Navy’s peers and rivals, embracing new paradigms, are assuring that won’t be the case. The rebuilt Navy may be suited for the fight the U.S. wants to fight, but how well can it secure victory in a materially-enabled fight for digitized information? As important, how well does it deny rivals their access to this new strategic commodity?

In the end, a rebuilt Navy in contest with reinvented navies could be precisely the right Navy for precisely the wrong fight. If Russia and China are right, and victory in a digitized world rests as much – or more – on command of digitized information as it does material resources, then this approach cedes strategic aperture to rivals choosing to reinvent instead of rebuild. Even if hypothetical, this is a mistake the U.S. Navy cannot afford.                 

The Navy Should Aim to Reinvent – Here’s How

“For 240 years, the U.S. Navy has been a cornerstone of American security and prosperity.  To continue to meet this obligation, we must adapt to the emerging security environment.”41

-Admiral John Richardson, CNO

The U.S. Navy should set its sights beyond rebuilding and aim to reinvent itself as a digitized enterprise for a digitized world. Fortunately if it does, there are initiatives already underway that move in the right direction.

The quote above shows Navy leadership has a healthy appreciation for the need to not just grow, but to change along the way. They also acknowledge the imperative to leverage digitized information as it does. Over the past decade, the Navy has developed an Information Warfare Community, stood up Fleet Cyber Command, established a Digital Warfare Office, and founded a Center for Cyber Studies at the U.S. Naval Academy. It has established Navy Information Forces, created a Navy Information Warfighting Development Center, and issued a Strategy for Data and Analytics Optimization. Alongside these, the Service has promoted a series of strategic plans and roadmaps for science and technology as well as directives and initiatives to promote a data savvy workforce. Moreover, there is a growing voice that further efforts are warranted to ensure these efforts deliver faster – even “exponential” operational effects.42

However, the Service has yet to progress from individual calls to action and policy initiatives toward driving the type of holistic campaign it will need to truly reinvent itself. The Navy’s functions and missions remain defined by a maritime strategy rooted in paradigms and assumptions of the 20th Century. Its program management, budgetary decision processes, and doctrine development remain confined within an organizational construct of “N-codes” largely static for the past two decades. Finally, the majority of its people – both civilian and military – continue to be led, organized and trained with personnel models and mindsets built for pre-digital contests between pre-digital navies.  

To reinvent, the Navy must move beyond piecemeal programs and calls for change. The Service needs a campaign to holistically rethink force strategy, design, and culture for competition in a digitized world; a roadmap to guide every N-code, every program, and every fleet through a decisive and conclusive migration to a new paradigm. Judging from peers and rivals around it, three lines of effort would offer a solid start:    

(1) Reshape strategic perspectives with a new maritime strategy for the digitized world. 

Navy leadership should promote efforts to aggressively rethink 20th Century paradigms of sea power. This should start with a new maritime strategy focused on defining new national-level ends and means for maritime contests in which digitized information is a global and strategic commodity. A component of this should be an analysis of how sea power itself may be changing, addressing hard questions head-on about the evolving nature and character of the Navy’s traditional functions. What is the nature of deterrence in a digitized and automated multi-rival competition? How do definitions of power projection shift with new options for digitized escalation that precede the traditional material kill-chain? How does the Navy balance spatial, temporal, and cross-spectral dynamics of sea control in a digitized fight? What types of maritime security regimes should the United States promote in a digitized maritime domain populated with ever-growing numbers of both humans and machines? Should the Sea Services pursue a U.S. version of interagency Information Confrontation or Low-Intensity Coercion? Most importantly, the strategy should not evade a blunt assessment on which of today’s naval missions will endure, which could become superfluous, and what new potentially unprecedented missions our Navy and Sea Services will need in order to fight and win as a digitized enterprise in a digitized world.

(2) Redesign the Fleet around platforms and journeys of a digitized fight

Navy force strategists and planners should be encouraged to re-envision Fleet missions, structure, and posture as operational components of a digitized Fleet. This implies moving past benchmarking approaches toward digital solutions as either an enabler or alternative to existing programs. Instead, the Navy needs to think of the future Fleet as a system of digital platforms for the future and experiment with ways to fight that system in new missions and innovative ways. It should then align and prioritize its investments and analytic processes to optimize the digitized missions – or journeys – of its future forces and Sailors on those platforms. This should prompt Navy force planners to invert traditional planning inquiries and collaborate toward optimizing both digital and material solutions between, and not just within, their programs. For example, instead of asking, “how can the Navy employ AI to improve program ‘X’?”  They should ask, “how can the Fleet as a system of digital platforms leverage AI to counter the Russian undersea cable threat or Chinese drone swarming?” Then, in building architectures for these solutions, they should think through the journey of each applicable weapon or payload along the kill chain, each Sailor or system along the deployment cycle, and each ally or partner that could interphase for the mission. A key part of this should also be experimentation on precise levels of velocity and veracity of information that commanders will need to conduct future Fleet missions, whether they be at the strategic, operational, or tactical level of maritime contest. Existing Navy initiatives to build a Fleet Tactical Grid and define a Future Fleet Design and Architecture for 2045 are notable steps in the right direction. But they need to be linked to a broader effort for Service-wide reform of operational doctrine, programs, and structures for the digitized contests ahead. 

(3) Evolve a digital culture of human-machine teams, and equip them to lead the digitized Service. 

Navy personnel, both military and civilian, should be cultured to embrace the digitized force they will comprise – a force for which command and employment of digitized resources is more than just a means to win the fight at and from the sea; it might well be what the fight is all about. This means accepting that the optimal mix and dispersion of human and machine tasks within a digitized architecture may change dramatically from traditional models. How will the Navy recruit, train, distribute, evaluate, and ultimately co-evolve a workforce of human-machine teams? How will it tailor access and use of digital information for digitized operations? How will it grow and retain a cadre of symbolic analysts and innovators to drive it through the exponential change it seeks? And can they make use of digitized solutions to improve and accelerate learning and thinking along the way? In short, reinvention into a digitized force cannot give short shrift to the need to invest deliberately in tomorrow’s Navy Sailors, civilians, and the machines with which they will fight. 

For a Navy steeped in traditions, reinvention will not be easy. Even more challenging, it must beat two maritime rivals in a race to the future. It will therefore need to be deliberate, it will need to be fast, and it will need to be decisive. That calls for Navy leaders to launch a holistic campaign to guide the Service to the future it seeks to invent for itself and for its nation, without a moment to lose.    

Frank Goertner is a U.S. Navy Commander serving as a Strategic Planner in the Office of the Chief of Naval Operations, Future Strategy Branch. The views and opinions expressed are the author’s alone and do not represent the official position of the U.S. Navy, U.S. Department of Defense, or U.S. Government.

[1] Thomas Kuhn, The Structure of Scientific Revolutions: 50th Anniversary Edition (The University of Chicago Press, Chicago) 2012, 111.

[2] “Fuel of the Future:  Data is giving rise to a new economy,” The Economist, 6 May 2017

[3] Chris Anderson, Free: How Today’s Smartest Businesses Profit by Giving Something for Nothing (New York: Hachette Books, 2015), 12-13.

[4] Andre McAfee and Erik Brynjolfsson, Machine Platform Crowd: Harnessing Our Digital Future (W.W. Norton & Company, New York, 2017), 137.

[5] Michael E. Porter and James E. Heppelmann, “How Smart, Connected Products are Transforming Competition,” Harvard Business Review, November 2014

[6] Jacques Bughin, Laura LaBerge, and Anette Mellbye, “The Case for Digital Reinvention,” McKinsey Quarterly, February 2017.

[7] Jeff Bezos, “2016 Letter to Shareholders,” Amazon.com, 12 April 2017.

[8] Jacques Bughin, Laura LaBerge, and Anette Mellbye, “The Case for Digital Reinvention,” McKinsey Quarterly, February 2017.

[9] Thomas M. Siebel, “Why Digital Transformation is Now on the CEO’s Shoulders,” McKinsey Quarterly, December 2017.

[10] Jaques Bughin Nicholas Van Zeebroeck, “Six Digital Strategies, and Why Some Work Better than Others,” Harvard Business Review (online), July 31, 2017.

[11] Gerald C. Kane, Doug Palmer, Anh Nguyen Phillips, David Kiron, and Natasha Buckley, “Achieving Digital Maturity,” MIT Sloan Management Review, Summer 2017.

[12] McAfee and Brynjolfsson, Machine Platform Crowd, 166.

[13] Andrew Bollard, Elixabete Larrea, Alex Singla, and Rohit Sood, “The Next-generation Operating Model for the Digital World,” Digital McKinsey (online), March 2017.  

[14] “Building Your Digitial DNA: Lessons from Digitial Leaders” Deloitte MCS Limited, https://www2.deloitte.com/mk/en/pages/technology/articles/building-your-digital-dna.html.

[15] McAfee and Brynjolfsson, Machine Platform Crowd, 32-85.

[16] Robert Reich, The Work of Nations: Preparing Ourselves for 21st-Century Capitalism (Alfred A. Knopf, New York) 1991.

[17] “Marriott International, Inc. 2016 Annual Report,” Marriott International 2016.

[18] IBID

[19] Peter High, “Marriott’s Digital Chief On The Advantages Of The Digital Immigrants.”  Forbes (online) 15 May, 2017

[20] Ted Colbert and “Data as jet fuel: An interview with Boeing’s CIO” McKinsey Quarterly, January 2018.

[21] Franklin Roosevelt, “Letter to W. W. Norton, Chairman of the Council on Books In Wartime”, December 1942

[22] Linton Wells, “Prepared for the Battle but Not the War,” U.S. Naval Institute Proceedings Magazine. 143/11 Nov 2017.

[23] Kimberly Underwood, “Cognitive Warfare Will Be Deciding Factor in Battle.” The Cyber Edge (online), 15 August 2017

[24] Patrick Tucker, “The Next Big War Will Turn on AI, Says The Pentagon’s Secret-Weapons Czar.” DEFENSE ONE (online), 28 March 17.

[25] Sun Tzu, The Art of War, Translated by Thomas Cleary (Shambala, Boston, 2003), 108.

[26] Jim Rutenberg, “RT, Sputnik and Russia’s New Theory of War.

How the Kremlin built one of the most powerful information weapons of the 21st century — and why it may be impossible to stop.” The New York Times Magazine, Sep 13, 2017.

[27] “Russia Military Power: Building a Military to Support Great Power Aspirations.” Defense Intelligence Agency, 2017 www.dia.mil/Military-Power-Publications


[28] IBID

[29] “Annual Report to Congress: Military and Security Developments Involving the People’s Republic of China 2017.” Office of the Secretary of Defense, May 2017, 12.

[30] James Stavridis, “Growing Threats to the U.S. at Sea:  With Russia and China Expanding Their Naval Capabilities, What Can the U.S. Do to Prepare?” THE WALL STREET JOURNAL, June 2, 2017

[31] Elsa B. Kania, “Battlefield Singularity: Artificial Intelligence, Military Revolution, and China’s Future Military Power.” Center for New American Security, Nov 2017, 4-5

[32] Russia Military Power: Building a Military to Support Great Power Aspirations.” Defense Intelligence Agency, 2017

[33] IBID

[34] Rishi Sunak, “Undersea Cables: Indispensable, Insecure.” Policy Exchange, 2017.

[35] Elizabeth Wise, “Mysterious GPS glitch telling ships they’re parked at airport may be anti-drone measure.” USATODAY, Sept. 26, 2017

[36] Ronald O’Rourke, “China Naval Modernization: Implications for U.S. Navy Capabilities—Background and Issues for Congress.” Congressional Research Service, December 2017.

[37] “Putin: Leader in artificial intelligence will rule world.” AP News (online) 1 Sep 2017

[38] Kania “Battlefield Singularity: Artificial Intelligence, Military Revolution, and China’s Future Military Power,” 4-5

[39] Tom O’Connor, “U.S. Is Losing To Russia And China In War For Artificial Intelligence, Report Says,” NEWSWEEK (Online), 29 Nov, 2017.

[40] Dennis Gabor, Inventing the Future. (Alfred A Knopf, New York), 1963, 207.

[41] John Richardson, “Design for Maintaining Maritime Superiority,” U.S. Navy (online) , Jan 2016 www.navy.mil/cno/docs/cno_stg.pdf

[42] John Richardson, “The Future Navy,” Navy.mil (online), 17 May 2017.

Featured Image: United States Navy sailors monitoring radar and other instruments aboard the guided-missile cruiser Chancellorsville in the South China Sea. (Bryan Denton for The New York Times)

Cyberphysical Forensics: Lessons from the USS John S. McCain Collision

By Zachary Staples and Maura Sullivan

The 2017 back-to-back collisions of two Navy destroyers led to much speculation about the role of cyberphysical interference in the disasters. As the senior officer representing the U.S. Navy engineering community during the USS McCain cyber assessment, it is clear that we do not yet have the basic tools to definitively answer the question, “were we hacked or did we break it?”

Cyberphysical systems are the backbone of the global infrastructure we rely on for transportation, power, and clean water, and are growing at an exponential rate. The deep integration of physical and software components is not without risks and most industries are technically and organizationally unprepared to conduct forensic examinations. The ability to trust cyberphysical systems is dependent on our ability to definitively identify and remedy cyber interference, which is dependent on our understanding of how data flows impact the physical world.

There are broad lessons from the USS McCain cyber assessment that highlight the type of forensics needed to build and sustain cyberphysical infrastructure around the globe. In order to prevent and respond to future cyberphysical events, whether malicious or accidental, the Navy and organizations dependent on cyberphysical systems must establish post-event procedures for cyber forensic investigations, develop trusted images, and integrate threat intelligence with engineering teams.

Post-event Procedures

Post-incident shipboard forensic examination is a unique activity that is separate and distinct from cybersecurity evaluations or responses to network intrusion or malware. Typically, when cybersecurity operations centers observe malicious communications or indications of compromise within their operating network, they have a clear map of the network and key pieces of information, such as an initiating IP address or malware signatures, from which to begin the forensic mission. They start by identifying and classifying malware on the offending endpoint and can take immediate actions to observe the adversary in their system and identify what is being targeted, while simultaneously acting to clean and quarantine the network.

In stark contrast, post-incident cyberphysical assessment requires an undirected baseline on a variety of media, including hard drives from voyage management systems, machinery control stations, and IT network endpoints. Greatly complicating post-incident response is the fact that many segments of the network will likely be shut off by design or physically destroyed by the casualty itself. The task of cyber forensic teams is essentially the equivalent of trying to determine why a building collapsed without blueprints, physical access to the structure, or any data on what happened immediately prior to the collapse.

The technical understanding and research required to define standard operating procedures for shipboard cyber forensic investigations do not currently exist. While the task of developing a comprehensive approach to shipboard cyber forensics is daunting, the military has experience developing specialty training paradigms, such as submarine navigation and tactical aviation. Hunting a cyber adversary in industrial control systems is a complex task requiring unique operational and tactical expertise. An achievable near-term milestone would be to create procedures for an attack surface assessment for a routine pre-planned mission, which could provide a test-bed for developing more comprehensive procedures, as well as a better understanding of capabilities and gaps.

Trusted Images

All ships operate three main networks: the voyage network that supports the safe navigation of the vessel, the engineering network that controls propulsion along with material handling and auxiliary systems, and the administrative network that supports business operations and crew welfare needs. U.S. Navy vessels also have a combat systems network. The interconnectedness of operational and information technology networks means that traditional information technology tools and perimeter-based security solutions are inadequate for cyberphysical systems. For example, the addition of even simple PKI security can overwhelm the processing power of installed cyberphysical processors and cause a system crash instead of preventing unauthorized access. Additionally, in order for systems like GPS to function, the system must allow access to all properly formatted traffic, rendering perimeter defense insufficient. Security for complex cyberphysical systems requires capturing data flows and developing contextually aware algorithms to understand the dynamics during shipboard operations.

To generate network situational awareness sophisticated enough to do cyber forensics, the team will need to search for electronic anomalies across a wide range of interconnected systems. A key component of anomaly detection is the availability of normal baseline operating data, or trusted images, that can be used for comparison. These critical datasets of trusted images do not currently exist. Trusted images must be generated to include a catalog of datasets of network traffic, disk images, embedded firmware, and in-memory processes.

1. Network Traffic: A common attack vector is to find a computer that has communications access over an unauthenticated network, which issues commands to another system connected to the network (i.e. malware in a water purification system issuing rudder commands). Cyberphysical forensics require network traffic analysis tools to accurately identify known hosts on the network and highlight anomalous traffic. If the trusted images repository contained traffic signatures for every authorized talker on the network, it would allow forensic teams to efficiently identify unauthorized hosts issuing malicious commands.

2. Disk Images: Every console on the ship has a disk that contains its operating system and key programs. These disks must be compared against trusted images to determine if the software loaded onto the hard drives contains malicious code that was not deployed with the original systems.

3. Embedded Firmware: Many local control units contain permanent software programmed into read-only memory that acts as the device’s complete software system, performing the full complement of control functions. These devices are typically part of larger mechanical systems and manufactured for specific real-time computing requirements with limited security controls. Firmware hacks give attackers control of systems that persist through updates. Forensic teams will need data about the firmware in the trusted image repository for comparison.

4. In-memory Processes: Finally, advanced malware can load itself into the memory of a computer and erase the artifacts of its existence from a drive. Identifying and isolating malware of this nature will require in-memory tools, training, and trusted images.

In addition to the known trusted images, future forensic analysis would benefit from representative datasets for malicious behavior. Similar to acoustic intelligence databases that allow the classification of adversary submarines, a database of malicious cyber patterns would allow categorization of anomalies that do not match the trusted images. This is a substantial task that will require constant updating as configurations change. However, there are near-term milestones, such as the development of shipboard network monitoring tools and the generation of reference datasets that would substantively improve shipboard cybersecurity.

Organizational Integration

As future shipboard assessment teams work to confirm or refute the presence of cyber interference, they will need the assistance of a cyber intel support team to validate assumptions about their findings aboard the vessel. The basic flow established in the USS McCain investigation was to look at the physical systems involved in causing the collision (i.e. propulsion, steering) and then begin looking for cyberattack vectors to those systems.

Ruling out cyber interference requires evidence of absence, which can be uniquely challenging. In order to refute a particular attack vector, coordination with a cyber intel support detachment is essential to understanding the range of possible cyberattack scenarios for a particular physical effect. For example, advanced cyber effects could be delivered over a radiofrequency pathway. Therefore, cyber investigators will need to understand the electromagnetic environment the ship is operating within, as recorded in national systems, and give access to analysts capable of identifying anomalies in the signal pathway.

Shipboard assessment and cyber intel support teams each have specific sets of expertise necessary to understand the full suite of cyberattack vectors and their potential impacts on shipboard systems. Cyberattack tactics are constantly changing and the highest levels of technical expertise and security clearance are required to keep abreast of the potential methods to penetrate networks and attack industrial control systems. Cyber intel teams will never have the engineering expertise to understand the full range of potential physical impacts on shipboard systems. As was demonstrated with Stuxnet and the attack on the Ukrainian power grid, the most successful cyberphysical attacks exploit the organizational gap between engineering and cyber teams.

Organizational constructs for cyberphysical systems will never be straightforward because cyber risk cuts horizontally across engineering systems and traditional intelligence activities. Organizational integration between the cyber and engineering communities must be practiced and continually refined in order to prevent and respond to cyberphysical interference. A near-term milestone would be to execute joint training exercises between the cyber intel and engineering communities in order to promote cross-disciplinary understanding and begin to build out the template for future organizational integration.

Conclusion

Network connectivity in industrial control systems has revolutionized the way humans interact with physical systems and ushered in a new era of capabilities from energy generation to manufacturing to warfighting. These advancements are not without risks, and to avoid cyberphysical catastrophe, the development of tools to ensure resilience, security, and safety must keep pace. Shipboard forensics provide a prime example of the current gaps in our ability to understand, monitor, and protect cyberphysical systems. The lessons learned from the forensic examination of the USS McCain can provide the foundation for the procedures, data, and organizational constructs required to create modern tools to monitor and protect cyberphysical systems.

Zac Staples had a 22-year career in the United States Navy as a surface warfare officer specializing in electronic warfare. His final tour was as the Director of the Center for Cyber Warfare at the Naval Postgraduate School, where he led inter-disciplinary research and development teams exploring cyber capability development. Zac holds a B.S. in engineering from the U.S. Naval Academy, a Masters in National Security Affairs from the Naval Postgraduate School, and is a distinguished graduate of the Naval War College.

Maura Sullivan specializes in systemic risks and data-driven emerging technologies. Maura was the Chief of Strategy and Innovation at the U.S. Department of the Navy, where she developed and implemented the strategic roadmap for emerging cyberphysical technologies. Previously, Maura led a start-up within the global catastrophe risk company, RMS, developing software and consulting solutions for managing systemic risks for financial and insurance markets. She was a White House Fellow, has a Ph.D. in epidemiology from Emory University and a B.S and M.S. in earth systems from Stanford University.

Zachary Staples (USN, Retired) and Maura Sullivan, PhD are the co-founders of Fathom5, a maritime cybersecurity company.

Featured Image: Operations Specialist 3rd Class Daniel Godwin, from Milton, Fla., stands watch in the Combat Information Center aboard the aircraft carrier USS Enterprise (CVN 65). (U.S. Navy photo)