February 1, 2016 — Part of the dialog and debate about cyber security and warfare concerns the question about whether cyber exploits become obsolete in the course of their first use. While the question centers on whether vulnerabilities can be patched immediately following their initial identification, the issue also carries implications regarding the iterative improvement of technologies. Actual battle experience, the presence of functional feedback loops, and dedication to improvement pave the way for iterative advances to keep pace ahead of changing challenges and environments. It is this iterative cycle that sometimes leads to rapid cumulative advances and effectively “revolutionary” effects, and this is actually part of a pattern that can be identified through historical study. In this case study, the revolutions of the chambers in Samuel Colt’s progressively improving firearms of the 1830s and 1840s provide a window on the connection between iteration and revolution, a question that deserves continued attention and consideration when turning to security and warfare in the digital realm. MORE
|
January 28, 2016 — Adversarial countries’ cybercrime and state sponsored cyber operations could easily be the same coin – just different views. The reason is very simple. Cyber criminals are specialists in luring people to disclose their secrets and open doors to user accounts to allow the perpetrator to use the access for their purposes. If a country adversarial to the US house cyber-criminal activity that targets the US -meanwhile the country itself pursued innovative ways to gather intelligence about the US it is likely that someone sees an opportunity. MORE
|
January 28, 2016 — Cyber is becoming increasing driven by automated process while humans are still operating at human speed. In my view, one of the major weaknesses in larger-scale cyber defense planning is the perception there is time to lead a cyber defense during attack. It is likely that a major attack is automated and premeditated. If it is automated, the systems will execute the attacks at computational speed. In that case no political or military leadership would be able to lead an effective defense for one simple reason – it has already happened before they react. MORE
|
January 23, 2016 — The ratification of a pledge for joint defense in case of a major cyber-attack at the 2014 NATO Summit is a major step forward.Under this pledge a significant cyberattack on any NATO nation would be constitutive of anattack on all of them. While it is hoped that the vague framing and uncertain capabilities of each NATO member will facilitate deterrence through ambiguity, it should be noted that deterrence only works when that ambiguity is backed up by a command structure capable of a timely and organized response. MORE
|
January 19, 2016 — Integration of cyber and electromagnetic activities (CEMA) at the tactical level requires strategic thinking and planning. Current efforts, like Army Cyber’s Cyber Support to Corps and Below, are moving in the right direction but do not necessarily create the critical mass required for lasting effects. This paper seeks to provide a framework based on the people, the preparation, and the process of CEMA to successfully incorporate for tactical operations. Beginning with the people, this paper applies talent management concepts to put the right people with expertise, experience, and networks in the right job to start the conversation. Second, preparing those people and the staffs with whom they work for the integration furthers integration. Leadership must make sure the correct education supplements the experience of cyber planners combined with increased discussion of CEMA in Command and General Staff College is vital to preparing the force for the new domain. Finally, the only way to ensure complete integration is to change staff planning processes. Introducing METT-C2, with the second “C” for cyber, and emphasizing cyber key terrain in Mission Analysis, ritualizes cyber variables at the start of planning and guarantees integration in tactical staffs. MORE
|
January 14, 2016 — Although the cyber domain has several unique characteristics, the timeless principles of maneuver warfare can still be readily applied as in the conventional domains of land, maritime, air, and space.[1] Maneuver in cyberspace also leverages many of the same techniques, tactics and procedures (TTPs) as the conventional domains, but with some notable difference, herein explored. For the purpose of this article, the intent of maneuver warfare is to ensure the tactical mobility of capable friendly forces and deny it to the adversary in order to place him at a tactical disadvantage. I also stipulate that movement to and within a theater is a given, thereby focusing our analytical effort on cyber maneuver at the tactical within a theater of operations, though crossing domains. Because cyberspace is a man-made domain that is both virtual and physical, the specific TTPs are distinct, yet they can largely exist within established conceptions of maneuver warfare. As cyberspace is physical, logical, and human in nature, it is possible to maneuver to exploit vulnerabilities at each of these levels. MORE
|
January 12, 2016 — While largely recognized as the most pervasive actor engaged in cyber espionage activity for both intelligence collection and commercial espionage, China has recently entered into several “no cyber-enabled commercial hacking” agreements with major governments, efforts that have culminated in the 2015 “no hack” pledge by representatives of the G20. By demonstrating its willingness to work with other governments on this issue, China is promoting itself as a global leader in cyber security while downplaying its suspected involvement in previous espionage activity. MORE
|
January 8, 2016 — Cyber-warfare[1] is human-warfare and SOF must play a role. Even in terms of unclear interaction, such as between the US and China, investing SOF expertise into cyber-organizations helps to fill the gaps of American practice caused by elemental differences in military cultures. Whereas, principled Clausewitzian and Jominian theories inspire idealistic US strategies, China’s Sun Tzu inspired stratagems are as unpredictable and deceptive as human nature itself. Defensively oriented, US military culture favors warfare in terms of absolutes and wrestles with cyber-warfare’s ambiguity as a successful strategic deterrent. Conversely, Chinese military culture embraces and promotes ambiguity and brandishes cyber-warfare as a strategic compellent. While US cyber-warfare practice is objective and technically driven, China’s more subjective “cyber-shi”[2] application is coercive and psychologically driven. Ready to help close cyber-warfare’s clear cultural gap, SOF are experts at exploiting the psychological, cultural, and societal factors that drive human behavior and are masters in unconventional warfare. SOF are purpose-built to provide unique expertise on human nature in conflict and are perfectly-suited to advance US cyber-practice better-adapted to counter adversaries in the “gray zone.”[3] By investing SOF experts into cyber-organizations, the Department of Defense (DoD) generates more asymmetric cyber-warfare options and strengthens the nation by fusing the best of competing historic approaches, in this most modern form of human-warfare. MORE
|
January 4, 2016 — Convergence is the foundry for new possibilities. Convergence of Cyberspace Operations (CO) and Electronic Warfare (EW) effects creates combined effects to achieve both offensive and defensive overmatch. Recently the US Air Force revealed the use of a modified EC-130 Compass Call aircraft to remotely attack enemy networks.1 The 24th Air Force commander, Major General Burke “Ed” Wilson, spoke of this capability enabling the ability to “touch a network that in most cases might be closed.”2 While the need for convergence of cyberspace operations and electronic warfare is recognized within the Department of Defense (DoD), differences between how these two capabilities are trained, resourced, organized and employed combined with the significant functional level differences between the two have hindered efforts to converge their capabilities. A concerted effort must be undertaken at the both the Joint and Service levels to closely integrate CO with EW effects to achieve combined effects, enabling comprehensive shaping of the operational environment. The first step in this effort is for CO and EW professionals to commit themselves to professional self-development in their counterparts’ field. MORE
|
December 17, 2015 — The Army has identified a need to more formally develop “cyber planners” who effectively plan and integrate cyberspace operations within Army and joint operations at all levels of command. The establishment of career field 17 (Cyber) and its alignment with FA 29 (EW) have created conditions to initiate such a program, assess its effectiveness over officer careers, and make continual adjustment as needed. Institutional ownership (Cyber School) of the program will ensure the proven build-assess-build approach to developing cyber planners, but the key is to begin now with general consensus. We summarize the essential context for cyber planning based on an informal survey of subject matter experts across the Army and propose a three-tiered model yielding cyberspace planning expertise at tactical, operational, and strategic levels of command. MORE
|