Tag Archives: cyber

Cyber War, Future War

21st Century Maritime Operations Under Cyber-Electromagnetic Opposition The Finale

1 Comment

The following article is part of our cross-posting partnership with Information Dissemination’s Jon Solomon.  It is republished here with the author’s permission.  You can read it in its original form here.

Read part one, part two, and part three of the series.

By Jon Solomon

Candidate Principle #6: Technical Degradation is Temporary, Psychological Effects can be Enduring

It must be appreciated that the greatest damage caused by an adversary’s successful cyber-electromagnetic attack may not be in how it degrades a system or network’s performance, opens the door to kinetic attacks against a force, or even tricks commanders into making operationally or tactically-sub-optimal decisions. All of these are generally temporary effects and can be recoverable with flexible plans, resiliency-embracing doctrine, and crafty tactics. Rather, as renowned naval analyst Norman Friedman has hypothesized, it could very well be the shattering of commanders’ and operators’ trust in their systems and networks that is most destructive. If personnel are not conditioned to anticipate their systems’ and networks’ disruption in combat, an attack’s lasting effect may be a morale-corroding fatalism. Likewise, if they are deceived just once by a manipulated situational picture, and even then not necessarily in a majorly harmful way, they may still hesitate to take needed actions in subsequent engagements out of fear of deception even when none is present. Either of these consequences could result in ceding the tactical if not operational initiative. In a short conflict, this might be catastrophic. Doctrinal collapse might also result, which would be especially debilitating if force structure is designed so tightly around a given doctrine that it severely limits options for creating or adapting operating concepts on the fly.[i]

Interestingly, similar effects might conceivably occur even when a system’s or network’s electronic protection and information assurance measures cause a cyber-electromagnetic attack to only achieve a relatively minor degree of immediate ‘damage.’ In fact, near-continuous cyber-electromagnetic harassment in the form of noise jamming, incessant yet readily parried cyber penetration attempts, situational picture-manipulation attacks that the target’s operators can quickly discover and reverse, intermittent system crashes or network connectivity interruptions that are quickly recovered from, or even severe disruptions of non-critical systems and network services may wear a force’s commanders and crews down mentally even if their critical systems and networks remain fully capable. A clever adversary might actually find this psychological degradation more exploitable (and more likely to be available for use at any given time) than technical degradation. Indeed, cyber-electromagnetic warfare’s psychological applications may well be where it finds its greatest utility.

Assessing the Implications

As the Chief of Naval Operations and others have asserted, the cyber and electromagnetic domains have become equally important to the physical domains in waging modern war.[ii] The cyber-electromagnetic fight will extend throughout all phases of major future conflicts, may begin well before open hostilities break out as an adversary attempts to ‘prepare’ the battle space, and accordingly may be particularly pivotal during a war’s opening phase. Indeed, high-impact anti-network operations with major maritime strategic implications date back as far as the opening moments of the First World War. Just as a belligerent might not be able to win a war with naval dominance alone but could easily lose without it, so it will be for cyber-electromagnetic dominance. It follows that a naval force’s ability to operate within a contested maritime zone will be highly questionable if it cannot effectively suppress or exploit the adversary’s force-level networks while simultaneously parrying the adversary’s own cyber-electromagnetic attacks. This will even extend to operations featuring stealth platforms, as such assets have long needed direct EW support to achieve maximal effectiveness.[iv] Should the U.S. Navy under-appreciate a potential adversary’s integration of cyber-electromagnetic warfare within combined arms doctrine, in a future conflict it would risk facing attrition rates on par with what it endured in the Solomon Islands from summer 1942 through summer 1943—something that its contemporary force structure simply could not endure.[v]

Assuming the candidate principles we have outlined are validated, they will influence future maritime warfare in at least five general ways. First, they will confirm leading tactical theorist Wayne Hughes’s hypothesis from over a decade ago that the next major maritime fight will be defined by the belligerents’ struggle for scouting superiority.[vi] This will represent a drastic change from the U.S. Navy’s post-Second World War combat experiences, in which the absence of threats to its sea control allowed it to focus on maximizing the efficiency and persistence of power projection ashore. Regardless of whether a tactical action pits two naval battleforces against each other, or one against a land-based force, the victor will likely be the side that is able to achieve high-confidence classification, identification, and targeting against his opponent’s forces first, thereby enabling effective attack.[vii] Cyber-electromagnetic discipline and capabilities will clearly be central to the success of the scouting/anti-scouting phases of any future operation.

Second, the above signifies that a force will need to extend its effective scouting and anti-scouting reach beyond that of its opponent. This is not achieved solely by covering a given area with more sensors than the opponent, or deploying scouts at greater ranges than the opponent. Rather, as suggested earlier, a sensor network’s effectiveness is equally a function of its architecture. This means the availability of difficult-to-intercept communications pathways and backup communications infrastructure will be just as important as raw coverage volume, lest key sensors be cut off from the network or the situational picture they feed be decisively manipulated. This also means the network must employ multiple sensor types. For surveillance, this translates into multi-phenomenology sensors positioned (or covering areas) as far as possible forward within the battle space, with some using sensing methodologies and platform characteristics that allow them to avoid (or at least delay) counter-detection. For reconnaissance, this requires sensors capable of penetrating the opponent’s force to support the confident confirmation of a given contact’s classification and identity. The U.S. Navy simply cannot afford to waste precious inventories of advanced weapons by falling for deception in a future battle. In this light, the Navy’s proposed Unmanned Carrier Launched Airborne Surveillance and Strike (UCLASS) system could be a critical enabler for effectively employing the proposed Long Range Anti-Ship Missile (LRASM), beyond visual range anti-air missiles, and similar network-enhanced standoff-range maritime weapons. It should not be overlooked that UCLASS, a scouting and attack asset that will be organic to the battleforce, can be designed to support expanded operations on interior lines of networking.

Third, if there is to be a reasonable chance that any degradation will be graceful, cyber-electromagnetic resilience must become a defining attribute of systems’ and networks’ designs. Strong electronic protection and information assurance features are certainly vital, with the latter applying just as much to ‘engineering plant’ systems as to the warfare systems they support. Nevertheless, as no system or network can ever be unexploitable, those central to a force’s tactical capabilities must contain additional design features that allow for quick restoration, graceful degradation, or capability expansion when subjected to withering cyber-electromagnetic attacks. Systems’ avoidance of network-dependency will also help greatly to this end.

Fourth, operations within opposed cyber-electromagnetic environments will demand C2 decentralization, as a higher echelon’s ability to assert direct, secure control over subordinate units under such circumstances will be dubious. Even if possible, this kind of close control will almost certainly be inadvisable if only for force concealment and counter-exploitation considerations. Instead, maritime forces will need to re-embrace ‘command-by-negation’ doctrine, or rather the broad empowerment of lower-level commanders to exercise initiative in accordance with their higher commander’s pre-disseminated intentions, if they are to fight effectively. Relatedly, aggressive experimentation will be needed to find the proper balance between operating on interior and exterior lines of networking when inside a contested zone—and will probably reveal that the bias should be towards the former.

Lastly, forces capable of operating under command-by-negation and in opposed cyber-electromagnetic environments are not developed overnight. Frequent and intensive training under realistic combat conditions will be needed if the requisite force-wide skills are to be developed.[viii] In particular, much as we have traditionally done to cultivate physical damage control readiness, commanders and crews on the deck plates must be regularly conditioned to expect, recognize, and fight-through cyber-electromagnetic attacks. A force’s cyber-electromagnetic resilience will depend in no small way upon its personnel’s technical, tactical, and psychological preparation for operating with critical systems and networks degraded if not compromised, and with situational pictures that have been manipulated. Likewise, a force’s ability to successfully deceive the adversary—not to mention successfully employ countermeasures against the adversary’s weapons—will depend upon the cyber-electromagnetic tactical skills the force’s personnel cultivate through routinized peacetime training. Emission control discipline, decoy placement relative to defended assets, precision evasive maneuvers, precision timing and sequencing of tactics, and the like require frequent practice if commanders and crews are to gain and then maintain just the minimum proficiencies needed to survive in modern maritime battle. The Navy’s next Strategy for Achieving Information Dominance needs to make it clear that cyber-electromagnetic competence must not be isolated to its Information Dominance Corps, and instead must be ingrained within the total force.

While cyber-electromagnetic risks hardly invalidate the use of advanced sensor and networking technologies, they do caution us not to take for granted that our systems and networks will be secure, functional, and reliable when needed. Our doctrine, contingency operational plans, and tactics must be structured around the assumption each of our warfare systems contain exploitable cyber-electromagnetic vulnerabilities that may prevent us from using them to their fullest—or at all—when most needed. We must not allow ourselves to build and field a force that can only fight effectively when its systems and networks are unhindered and uncompromised.

Jon Solomon is a Senior Systems and Technology Analyst at Systems Planning and Analysis, Inc. in Alexandria, VA. He can be reached at jfsolo107@gmail.com. The views expressed herein are solely those of the author and are presented in his personal capacity on his own initiative. They do not reflect the official positions of Systems Planning and Analysis, Inc. and to the author’s knowledge do not reflect the policies or positions of the U.S. Department of Defense, any U.S. armed service, or any other U.S. Government agency. These views have not been coordinated with, and are not offered in the interest of, Systems Planning and Analysis, Inc. or any of its customers.

[i] Norman Friedman. “Trust but Verify.” Naval Institute Proceedings 134, No. 11 (November 2008), 90-91.

[ii] ADM Jonathan Greenert, USN. “Imminent Domain.” Naval Institute Proceedings 138, No. 12 (December 2012), 17.

[iii] LCDR James T. Westwood, USN. “Electronic Warfare and Signals Intelligence at the Outset of World War I.” U.S. National Security Agency, undated, accessed 1/31/14, http://www.nsa.gov/public_info/_files/cryptologic_spectrum/electronic_warfare.pdf

[iv] See 1. ADM Jonathan Greenert, USN. “Payloads Over Platforms: Charting a New Course.” Naval Institute Proceedings 138, No. 7 (July 2012), 18-19; 2. Gordon and Trainor, 213-215, 217; 3. Arend G. Westra. “Radar Versus Stealth: Passive Radar and the Future of U.S. Military Power.” Joint Forces Quarterly 55 (October 2009), 136-143.

[v] Thomas G. Mahnken. “China’s Anti-Access Strategy in Historical and Theoretical Perspective.” Journal of Strategic Studies 34, No. 3 (June 2011), 310.

[vi] CAPT Wayne Hughes, Jr, USN (Ret). Fleet Tactics and Coastal Combat, 2nd Ed. (Annapolis, MD: Naval Institute Press, 2000), 201-202, 210-212.

[vii] Ibid, 40-44.

[viii] Solomon, “Maritime Deception and Concealment,” 104-106.

Cyber War, Future Tech, Future War

21st Century Maritime Operations Under Cyber-Electromagnetic Opposition Part Three

1 Comment

The following article is part of our cross-posting series with Information Dissemination’s Jon Solomon.  It is republished here with the author’s permission.  You can read it in its original form here.

Read part one and part two of the series.

By Jon Solomon

Candidate Principle #4: A Network’s Operational Geometry Impacts its Defensibility

Networked warfare is popularly viewed as a fight within cyberspace’s ever-shifting topology. Networks, however, often must use transmission mechanisms beyond physical cables. For field-deployed military forces in particular, data packets must be broadcast as electromagnetic signals through the atmosphere and outer space, or as acoustic signals underwater, in order to connect with a network’s infrastructure. Whereas a belligerent might not be able to directly access or strike this infrastructure for a variety of reasons, intercepting and exploiting a signal as it traverses above or below water is an entirely different matter. The geometry of a transmitted signal’s propagation paths therefore is a critical factor in assessing a network’s defensibility.

The Jominian terms interior and exterior lines of operations respectively refer to whether a force occupies positions within a ‘circle’ such that its combat actions radiate outwards towards the adversary’s forces, or whether it is positioned outside the ‘circle’ such that its actions converge inwards towards the adversary.[i] Although these terms have traditionally applied solely within the physical domains of war, with some license they are also applicable to cyber-electromagnetic warfare. A force might be said to be operating on interior lines of networking if the platforms, remote sensors, data processing services, launched weapons, and communications relay assets comprising its battle networks are positioned solely within the force’s immediate operating area.
Interior+Lines+of+networking

While this area may extend from the seabed to earth orbit, and could easily have a surface footprint measuring in the hundreds of thousands of square miles, it would nonetheless be relatively localized within the scheme of the overall combat zone. If the force employs robustly-layered physical defenses, and especially if its networking lines through the air or water feature highly-directional line-of-sight communications systems where possible or LPI transmission techniques where appropriate, the adversary’s task of positioning assets such that they can reliably discover let alone exploit the force’s electromagnetic or acoustic communications pathways becomes quite difficult. The ideal force operating on interior lines of networking avoids use of space-based data relay assets with predictable orbits and instead relies primarily upon agile, unpredictably-located airborne relays.[ii] CEC and tactical C2 systems whose participants exclusively lie within a maneuvering force’s immediate operating area are examples of tools that enable interior lines of networking.

Conversely, a force might be said to be operating on exterior lines of networking if key resources comprising its battle networks are positioned well beyond its immediate operating area.

Ext+Lines+of+Networking-1

This can vastly simplify an adversary’s task of positioning cyber-electromagnetic exploitation assets. For example, the lines of communication linking a field-deployed force with distant entities often rely upon fixed or predictably-positioned relay assets with extremely wide surface footprints. Similarly, those that connect the force with rear-echelon entities generally require connections to fixed-location networking infrastructure on land or under the sea. Theater-level C2 systems, national or theater-level sensor systems, intelligence ‘reachback’ support systems, remotely-located data fusion systems, and rear echelon logistical services that directly tap into field-deployed assets’ systems in order to provide remote-monitoring/troubleshooting support are examples of resources available to a force operating on exterior lines of networking.

Clearly, no force can fully foreswear operating on exterior lines of networking in favor of operating solely on interior lines.[iii] A force’s tasks combined with its minimum needs for external support preclude this; some tactical-level tasks such as theater ballistic missile defense depend upon direct inputs from national/theater-level sensors and C2 systems. A force operating on interior lines of networking may also have less ‘battle information’ available to it, not to mention fewer processing resources available for digesting this information, than a force operating on exterior lines of networking.

Nevertheless, any added capabilities provided by operating on exterior lines of networking must be traded off against the increased cyber-electromagnetic risks inherent in doing so. There consequently must be an extremely compelling justification for each individual connection between a force and external resources, especially if a proposed connection touches critical combat system or ‘engineering plant’ systems. Any connections authorized with external resources must be subjected to a continuous, disciplined cyber-electromagnetic risk management process that dictates the allowable circumstances for the connection’s use and the methods that must be implemented to protect against its exploitation. This is not merely a concern about fending off ‘live penetration’ of a network, as an ill-considered connection might alternatively be used as a channel for routing a ‘kill signal’ to a preinstalled ‘logic bomb’ residing deep within some critical system, or for malware to automatically and covertly exfiltrate data to an adversary’s intelligence collectors. An external connection does not even need to be between a critical and a non-critical system to be dangerous; operational security depends greatly upon preventing sensitive information that contains or implies a unit or force’s geolocation, scheme of maneuver, and combat readiness from leaking out via networked logistical support services. Most notably, it must be understood that exterior lines of networking are more likely than interior lines to be disrupted or compromised when most needed while a force is operating under cyber-electromagnetic opposition. The timing and duration of a force’s use of exterior lines of networking accordingly should be strictly minimized, and it might often be more advantageous to pass up the capabilities provided by external connectivity in favor of increasing a force’s chances at avoiding detection or cyber-electromagnetic exploitation.

Candidate Principle #5: Network Degradation in Combat, While Certain, Can be Managed

The four previous candidate principles’ chief significance is that no network, and few sensor or communications systems, will be able to sustain peak operability within an opposed cyber-electromagnetic environment. Impacts may be lessened by employing network-enhanced vice network-dependent system architectures, carefully weighing a force’s connections with (or dependencies upon) external entities, and implementation of doctrinal, tactical, and technical cyber-electromagnetic counter-countermeasures. Network and system degradation will nonetheless be a reality, and there is no analytical justification for assuming peacetime degrees of situational awareness accuracy or force control surety will last long beyond a war’s outbreak.

There is a big difference, though, between degrading and destroying a network. The beauty of a decently-architected network is that lopping off certain key nodes may severely degrade its capabilities, but as long as some nodes survive—and especially if they can combine their individual capabilities constructively via surviving communications pathways as well as backup or ‘workaround’ processes—the network will retain some non-dismissible degree of functionality. Take Iraq’s nationwide integrated air defense system during the first Gulf War, for example. Although its C2 nodes absorbed devastating attacks, it was able to sustain some localized effectiveness in a few areas of the country up through the war’s end. What’s more, U.S. forces could never completely sever this network’s communications pathways; in some cases the Iraqis succeeded in reconstituting damaged nodes.[iv] Similarly, U.S. Department of Defense force interoperability assessments overseen by the Director of Operational Test and Evaluation during Fiscal Year 2013 indicated that operators were frequently able to develop ‘workarounds’ when their information systems and networks experienced disruptions, and that mission accomplishment ultimately did not suffer as a result. A price was paid, though, in “increased operator workloads, increased errors, and slowed mission performance.”[v]

This illustrates the idea that a system or network can degrade gracefully; that is, retain residual capabilities ‘good enough,’ if only under narrow conditions, to significantly affect an opponent’s operations and tactics. Certain hardware and software design attributes including architectural redundancy, physical and virtual partitioning of critical from non-critical functions (with far stricter scrutiny over supply chains and components performed for the former), and implementation of hardened and aggressively tested ‘safe modes’ systems can fail into to restore a minimum set of critical functions support graceful degradation. The same is true with inclusion of ‘war reserve’ functionality in systems, use of a constantly-shifting network topology, availability of ‘out-of-band’ pathways for communicating mission-critical data, and incorporation of robust jamming identification and suppression/cancellation capabilities. All of these system and network design features can help a force can fight-through cyber-electromagnetic attack. Personnel training (and standards enforcement) with respect to basic cyber-electromagnetic hygiene will also figure immensely in this regard. Rigorous training aimed at developing crews’ abilities to quickly recognize, evaluate, and then recover from attacks (including suspected network-exploitations by adversary intelligence collectors) will accordingly be vital. All the same, graceful degradation is not an absolute good, as an opponent will assuredly exploit the resultant ‘spottier’ situational awareness or C2 regardless of whether it is protracted or brief.

In the series finale, we assess the psychological effects of cyber-electromagnetic attacks and then conclude with a look at the candidate principles’ implications for maritime warfare.

Jon Solomon is a Senior Systems and Technology Analyst at Systems Planning and Analysis, Inc. in Alexandria, VA. He can be reached at jfsolo107@gmail.com. The views expressed herein are solely those of the author and are presented in his personal capacity on his own initiative. They do not reflect the official positions of Systems Planning and Analysis, Inc. and to the author’s knowledge do not reflect the policies or positions of the U.S. Department of Defense, any U.S. armed service, or any other U.S. Government agency. These views have not been coordinated with, and are not offered in the interest of, Systems Planning and Analysis, Inc. or any of its customers.

[i] “Joint Publication 5-0: Joint Operational Planning.” (Washington, D.C.: Joint Chiefs of Staff, 2011), III-27.

[ii] For an excellent technical discussion on the trade-offs between electronic protection/communications security on one side and data throughput/system expense on the other, see Cote, 31, 58-59. For a good technical summary of highly-directional line-of sight radio frequency communications systems, see Tom Schlosser. “Technical Report 1719: Potential for Navy Use of Microwave and Millimeter Line-of-Sight Communications.” (San Diego: Naval Command, Control and Ocean Surveillance Center, RDT&E Division, September 1996), accessed 10/15/14, www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA318338

[iii] Note the discussion on this issue in “Joint Operational Access Concept, Version 1.0.” (Washington, D.C.: Joint Chiefs of Staff, 17 January 2012), 36-37.

[iv] Michael R. Gordon and LGEN Bernard E. Trainor, USMC (Ret). The Generals’ War: The Inside Story of the Conflict in the Gulf. (Boston: Back Bay Books, 1995), 256–57.

[v] “FY13 Annual Report: Information Assurance (IA) and Interoperability (IOP),” 330, 332-333.

[vi] See 1. Jonathan F. Solomon. “Cyberdeterrence between Nation-States: Plausible Strategy or a Pipe Dream?” Strategic Studies Quarterly 5, No. 1 (Spring 2011), Part II (online version): 21-22, accessed 12/13/13, http://www.au.af.mil/au/ssq/2011/spring/solomon.pdf; 2. “FY12 Annual Report: Information Assurance (IA) and Interoperability (IOP),” 307-311; 3. “FY13 Annual Report: Information Assurance (IA) and Interoperability (IOP),” 330, 332-334.

Cyber War, Future Tech, Strategic Outlook

21st Century Maritime Operations Under Cyber-Electromagnetic Opposition Part One

Leave a comment

The following article is part of our cross-posting partnership with Information Dissemination’s Jon Solomon.  It is republished here with the author’s permission.  You can read it in its original form here.

By Jon Solomon

Future high-end maritime warfare tends to be described as the use of distributed, networked maritime sensors that ‘seamlessly’ cue the tactical actions of dispersed forces armed with standoff-range guided weapons. Most commentary regarding these ‘sensor-to-shooter’ networks has been based around their hypothesized performances under ‘perfect’ conditions: sensors that see all within their predicted fields of view, processors that unfailingly discriminate and classify targets correctly, communications pathways that reliably and securely transmit data between network nodes, and situational pictures that assuredly portray ground truth to combat decision-makers. While it is not unreasonable to start with such an idealized view in order to grasp these networks’ potential, it is misguided to end analysis there. Regrettably, it is not unusual to come across predictions implying that these networks will provide their operators with an unshakable and nearly-omniscient degree of situational awareness, or that the more tightly-networked a force becomes the more likely the geographic area it covers will become a graveyard for the enemy.

Although we implicitly understand networked maritime warfare relies upon the electromagnetic spectrum and cyberspace, for some reason we tend to overlook the fact that these partially-overlapping domains will be fiercely contested in any major conflict. It follows that we tend not to consider the effects of an adversary’s cyber warfare and Electronic Warfare (EW) when assessing proposed operating concepts and force networking architectures. Part of this stems from the fact that U.S. Navy forces engaged in actual combat over the past seventy years seldom faced severe EW opposition, and have never faced equivalent cyber attacks. Even so, as recently as the 1980s, the Navy’s forward deployed forces routinely operated within intensive EW environments. Though certain specific skill sets and capabilities were highly compartmentalized due to classification considerations, Cold War-era regular Navy units and battle groups were trained not only to fight-through an adversary’s electronic attacks but also to wield intricate EW methods of their own for deception and concealment.[i] The Navy’s EW (and now cyber warfare) prowess lives on within its nascent Information Dominance Corps, but this is not the same as having a broad majority of the overall force equipped and conditioned to operate in heavily contested cyber-electromagnetic warfare environments.

Any theory of how force networking should influence naval procurement, force structure, or doctrine is dangerously incomplete if it inadequately addresses the challenges posed by cyber-electromagnetic opposition. Accordingly, we need to understand whether cyber-electromagnetic warfare principles exist that can guide our debates about future maritime operating concepts. 

This week I’ll be proposing several candidate principles that seem logical based on modern naval warfare systems’ and networks’ general characteristics. The resulting list should hardly be considered comprehensive, and is solely intended to stimulate debate. Needless to say, these candidates (and any others) will need to be subjected to rigorous testing within war games, campaign analyses, fleet exercises, and real world operations if they are to be validated as principles.

Candidate Principle #1: All Systems and Networks are Inherently Exploitable

It is a fact of nature, not to mention engineering, that notwithstanding their security features all complex systems (and especially the ‘systems of systems’ that constitute networks) inherently possess exploitable design vulnerabilities.[ii] Many vulnerabilities are relatively easy to identify and exploit, which conversely increases the chances a defender will uncover and then effectively mitigate them before an attacker can make best use of them. Others are buried deep within a system, which therefore makes them difficult for an adversary to discover let alone directly access. Still others, though perhaps more readily discernable, are only exploitable under very narrow circumstances or if significant resources are committed. It is entirely possible that notwithstanding its inherent vulnerabilities, a given system might survive an entire protracted conflict without being seriously exploited by an adversary. To confidently assume this ideal outcome would in fact occur, though, amounts to a high-stakes gamble at best and technologically unjustified hubris at worst. Instead, system architects and operators must assume that with enough time, an adversary will not only uncover a usable vulnerability but also develop a viable means of exploiting it if the anticipated spoils merit the requisite investments.

A handful of subtle design shortcomings may be enough to enable the blinding, distraction, or deception of a sensor system; disruption or penetration of network infrastructure systems; or manipulation of a Command and Control (C2) system’s situational picture. Systems can also be sabotaged, with ‘insider threats’ such as components received from compromised supply chains—not to mention actions by malevolent personnel—arguably being just as effective as remotely-launched attacks. For example, a successful inside-the-lifelines attack against the industrial controls of a shipboard auxiliary system might have the indirect effect of crippling any warfare systems that rely upon the former’s services. Cyber-electromagnetic indiscipline within one’s own forces might even be viewed as a particularly damaging, though not deliberately malicious, form of insider threat in which the inadequate ‘hygiene’ or ill-considered tactics of a single operator or maintainer can eviscerate an entire system’s or network’s security architecture.[iii]

Moreover, networking can allow an adversary to use their exploitation of a single, easily-overlooked system as a gateway for directly attacking important systems elsewhere, thereby negating the latter’s robust outward-facing cyber-electromagnetic defenses. Any proposed network connection into a system must be cynically viewed as a potential doorway for attack, even if its exploitation would seem to be incredibly difficult or costly to achieve.

This hardly means system developers must build a ‘brick wall’ behind every known vulnerability, if that were even feasible. Instead, a continuous process of searching for and examining potential vulnerabilities and exploits is necessary so that risks can be recognized and mitigation measures prioritized.[v] Operators, however, cannot take solace if told that the risks associated with every ‘critical’ vulnerability known at a given moment have been satisfactorily mitigated. There is simply no way to guarantee that undiscovered critical vulnerabilities do not exist, that all known ‘non-critical’ vulnerabilities’ characteristics are fully understood, that the mitigations are indeed sufficient, or that the remedies themselves do not spawn new vulnerabilities.

The next post in the series will investigate the fallacy of judging a force network’s combat viability by merely counting its number of nodes. We will also examine the challenges in classifying and identifying potential targets, and what that means for the employment of standoff-range weapons. Read Part Two here.

Jon Solomon is a Senior Systems and Technology Analyst at Systems Planning and Analysis, Inc. in Alexandria, VA. He can be reached at jfsolo107@gmail.com. The views expressed herein are solely those of the author and are presented in his personal capacity on his own initiative. They do not reflect the official positions of Systems Planning and Analysis, Inc. and to the author’s knowledge do not reflect the policies or positions of the U.S. Department of Defense, any U.S. armed service, or any other U.S. Government agency. These views have not been coordinated with, and are not offered in the interest of, Systems Planning and Analysis, Inc. or any of its customers.

[i] Jonathan F. Solomon. “Defending the Fleet from China’s Anti-Ship Ballistic Missile: Naval Deception’s Roles in Sea-Based Missile Defense.” (master’s thesis, Georgetown University, 2011), 58-62.

[ii] Bruce Schneier. Secrets and Lies: Digital Security in a Networked World. (Indianapolis, IN: Wiley Publishing, 2004), 5-8.

[iii] For elaboration on the currently observed breadth and impacts of insufficient cyber discipline and hygiene, see 1. “FY12 Annual Report: Information Assurance (IA) and Interoperability (IOP).” (Washington, D.C.: Office of the Director, Operational Test and Evaluation (DOT&E), December 2012), 307-309; 2. “FY13 Annual Report: Information Assurance (IA) and Interoperability (IOP).” (Washington, D.C.: Office of the Director, Operational Test and Evaluation (DOT&E), January 2014), 330, 332-334.

[iv] For an excellent discussion of this and other vulnerability-related considerations from U.S. Navy senior leaders’ perspective, see Sydney J. Freedberg Jr. “Navy Battles Cyber Threats: Thumb Drives, Wireless Hacking, & China.” Breaking Defense, 04 April 2013, accessed 1/7/14, http://breakingdefense.com/2013/04/navy-cyber-threats-thumb-drives-wireless-hacking-china/

[v] Schneier, 288-303.

Capability Analysis, Cyber War

Towards A National Cyber Force “Department of the Air Force – US Cyber Corps”

2 Comments

By Don Donegan

The US needs a Cyber Corps as a new Service to successfully meet challenges in the cyber domain, but almost as importantly, to harvest military talent in an innovative manner. And we have a blueprint in front of us.

[otw_shortcode_button href=”https://cimsec.org/buying-cimsec-war-bonds/18115″ size=”medium” icon_position=”right” shape=”round” color_class=”otw-blue”]Donate to CIMSEC![/otw_shortcode_button]

The emergence and evolution of “cyberspace” as a warfare domain on par with the air, land, maritime, and space domains presents one of today’s fundamental military challenges – although cyberspace is somewhat awkwardly qualified as being “within the information environment.”[1] A new “front” in the cyberspace operations discussion continues to emerge as defense experts call for a separate cyber force, an idea raised notably by retired Admiral James Stavridis as one of his “heretical propositions on US defense policy[2]” and in recent Congressional testimony. With its own domain, acknowledged adversaries, and a continually increasing impact on warfighting, cyberspace should be the principal operating domain for a separate branch of the US Armed Forces, the US Cyber Corps (USCC).

To maximize the effectiveness of cyberspace operations (to include cyberspace attack and cyberspace counter-attack)[3], a service branch dedicated to and centered upon offensive cyberspace operations would lay the foundation to ensure warfighting success. The obvious historical analogy for the establishment of USCC is the evolution of the US Air Force (USAF), from its beginnings within the US Army to its designation as a service within its own department, including sharing responsibilities in the air domain with the other services. Post-World War II US military operations are difficult to re-imagine without the contributions of a military service primarily focused on the air domain – even if a separate air service seemed incomprehensible to military officers a century ago. However, USCC could have another historical precedent:  the Navy-Marine Corps relationship as two services within a single Department. Considering the evolution and broad nature of the cyberspace domain, the Department of the Air Force makes sense as the logical “umbrella” for both the USAF and USCC.

Based on USAF responsibilities in three domains (air, space, and cyberspace) and its core mission of global strike, creating the USCC under the auspice of the Department of the Air Force is a bold and innovative yet natural evolution for the Department. Separating the cyberspace mission from the air and space missions creates an opportunity to fully focus on the unique challenges in cyberspace operations. Placing USCC within the Department of the Air Force capitalizes on USCC-USAF linkages and allows them to share key resources. The Navy-Marine Corps dynamic within the Department of the Navy provides an initial blueprint for the expanded Department of the Air Force.

The principal advantages of establishing USCC as a Service within the Department of the Air Force include:

  • Fully dedicating a Service’s resources to the cyberspace domain, with a particular emphasis on cyberspace operations as a global strike capability.
  • Leveraging existing support and relationships with its sister Service in order to maintain existing USAF capabilities and control costs. In addition, the Departments of the Army and Navy would cede some cyberspace responsibilities and associated funding to USCC, offsetting some costs.
  • Providing a principal Defense Department entity for cyberspace operations to execute and coordinate at the same level as the other Services, particularly with regard to POTUS/SECDEF tasking as well as Defense Support to Civil Authorities (DSCA).
  • Developing the roles, responsibilities, and authorities required for cyberspace operations, particularly offensive cyberspace operations, in the manner today’s Services do for the other domains.
  • Creating a new paradigm for accessing, training, educating, retaining, and advancing the talent pool for cyberspace operations.

The new paradigm in personnel management presents perhaps the strongest argument for establishing USCC: providing this new service the latitude to recruit personnel using non-traditional methods and criteria, and then to develop them professionally to be, first and foremost, “cyber operators.” Specific opportunities include:

  • Capturing talent across the age spectrum by attracting and inducting experienced personnel, not just the 18-25 year old cohort, into the service.
  • Opening the aperture to include professionals who do not match the typical profile for recruits or officer candidates, including those who may not be world-wide deployable – since USCC would not deploy as other Services do.
  • Allowing US Air Force Academy graduates to select USAF or USCC as a service assignment and incorporating cyberspace in the Air University curriculum.
  • Inducting cyberspace/information professionals who have specialized and excelled in those areas within their own Service (inter-service transfers).
  • Growing true cyberspace professionals who compete for advancement, and thus leadership positions, on a level playing field with peers whose main focus is also the cyberspace domain.

As an alternative to establishing the US Cyber Corps, US Cyber Command (USCYBERCOM) could become more like US Special Operations Command (USSOCOM), employing SOCOM’s unique model of Title X responsibilities and authorities mixed with service-supported personnel and acquisition systems.[4] Like SOCOM, CYBERCOM would exercise worldwide responsibilities, plan and execute its special mission sets in coordination with geographic Combatant Commands, and maintain strong roots in each of the Services. However, this enabling option would miss the key opportunity presented in the US Cyber Corps proposal; namely, recruiting, educating, training, and retaining skilled personnel outside the traditional military accession and promotion systems.

150125-N-PK678-032 PENSACOLA, Fla. (Jan. 25, 2014) Information Systems Technician 1st Class Kyle Gosser, an instructor at the Center for Information Dominance Unit Corry Station, mentors a local high school student participating in the inaugural Cyberthon competition at the National Flight Academy at Naval Air Station Pensacola during the weekend of Jan. 23-25. The Cyberthon competition tests student teams on their abilities to use the computer skills they learned in their classrooms to defend and defeat cyber attacks on websites. (U.S. Navy photo by Ed Barker/Released)
PENSACOLA, Fla. (Jan. 25, 2014) Information Systems Technician 1st Class Kyle Gosser, an instructor at the Center for Information Dominance Unit Corry Station, mentors a local high school student participating in the inaugural Cyberthon competition at the National Flight Academy at Naval Air Station Pensacola during the weekend of Jan. 23-25. The Cyberthon competition tests student teams on their abilities to use the computer skills they learned in their classrooms to defend and defeat cyber attacks on websites. (U.S. Navy photo by Ed Barker/Released)

A principal argument against US Cyber Corps is that today’s fiscal environment cannot support additional costs in terms of “bureaucracy.” However, some savings and efficiencies can be certainly be realized by other services divesting some cyberspace responsibilities. Additionally, USCC would need far fewer bases, much less equipment and logistics support, and fewer personnel that its sister services. Training, education, personnel support, and infrastructure can be shared with other services, with much of the support coming from within the Department of the Air Force.

Returning to the historical analogy, the political and fiscal circumstances following World War II also presented a less than ideal time to create a new Armed Service. However, with opportunities and threats in the air domain, the National Security Act of 1947 created the US Air Force – a controversial step at the time that seems inevitable in retrospect. Today’s fiscal circumstances and operational threats echo those post-World War II concerns. Perhaps in 50 years the choice to dedicate a service to the cyberspace domain will also appear to have been self-evident.  

In conclusion, despite the importance of cyberspace operations as an operational enabler within and across the other domains, each service correctly focuses its acquisition and professional development efforts on winning the fight in its principal domain. A critical first step towards fully exploiting the potential of cyberspace operations is creating the foundation for a Service to “own” cyberspace as a warfighting domain. The formation of USCC would provide a unique approach, especially with respect to developing a professional cyberwarfare community, to enable the global, continuous reach of cyberspace operations.

Captain Donegan is a career surface warfare officer. A native of Hagerstown, MD, he graduated with merit from the United States Naval Academy in 1992 with a Bachelor of Science in History. He is also a graduate of both the American Military University with a Master of Arts in Military Studies (Naval Warfare) and the Naval War College. The views above are the author’s and do not represent those of the US Navy or the US Department of Defense.

[otw_shortcode_button href=”https://cimsec.org/buying-cimsec-war-bonds/18115″ size=”medium” icon_position=”right” shape=”round” color_class=”otw-blue”]Donate to CIMSEC![/otw_shortcode_button]

[1] JP 1-02, page 64.

[2] “Incoming: A Handful of Heretical Thoughts,” Adm. James Stavridis, USN (Ret.), Signal Magazine, 01 Dec 2015.

[3] Delineation of offensive and defensive cyberspace operations is a fuller topic. This article focuses on the need to establish the foundations for offensive cyberspace operations by creating USCC. Each Service retains responsibilities for cyberspace defense of its systems and platforms (analogous to force protection requirements).

[4] USCYBERCOM is a sub-unified command subordinate to U. S. Strategic Command (USSTRATCOM). Service elements include: Army Cyber Command (ARCYBER); Air Forces Cyber (AFCYBER); Fleet Cyber Command (FLTCYBERCOM); and Marine Forces Cyber Command (MARFORCYBER). Source: US Cyber Command Fact Sheet (Aug 2013),