Jan. 28, 2016

In Cyber, Time is of the Essence

Cyber is becoming increasing driven by automated process while humans are still operating at human speed. In my view, one of the major weaknesses in larger-scale cyber defense planning is the perception there is time to lead a cyber defense during attack. It is likely that a major attack is automated and premeditated. If it is automated, the systems will execute the attacks at computational speed. In that case no political or military leadership would be able to lead an effective defense for one simple reason – it has already happened before they react.

Jan. 23, 2016

Ambiguous Deterrence

The ratification of a pledge for joint defense in case of a major cyber-attack at the 2014 NATO Summit is a major step forward.Under this pledge a significant cyberattack on any NATO nation would be constitutive of anattack on all of them. While it is hoped that the vague framing and uncertain capabilities of each NATO member will facilitate deterrence through ambiguity, it should be noted that deterrence only works when that ambiguity is backed up by a command structure capable of a timely and organized response.

Jan. 19, 2016

People, Preparation, Process: The Three P’s to Integrate Cyber at the Tactical Level

Integration of cyber and electromagnetic activities (CEMA) at the tactical level requires strategic thinking and planning. Current efforts, like Army Cyber’s Cyber Support to Corps and Below, are moving in the right direction but do not necessarily create the critical mass required for lasting effects. This paper seeks to provide a framework based on the people, the preparation, and the process of CEMA to successfully incorporate for tactical operations. Beginning with the people, this paper applies talent management concepts to put the right people with expertise, experience, and networks in the right job to start the conversation. Second, preparing those people and the staffs with whom they work for the integration furthers integration. Leadership must make sure the correct education supplements the experience of cyber planners combined with increased discussion of CEMA in Command and General Staff College is vital to preparing the force for the new domain. Finally, the only way to ensure complete integration is to change staff planning processes. Introducing METT-C2, with the second “C” for cyber, and emphasizing cyber key terrain in Mission Analysis, ritualizes cyber variables at the start of planning and guarantees integration in tactical staffs.

Jan. 14, 2016

Can the Warfare Concept of Maneuver be Usefully Applied in Cyber Operations?

Although the cyber domain has several unique characteristics, the timeless principles of maneuver warfare can still be readily applied as in the conventional domains of land, maritime, air, and space.[1] Maneuver in cyberspace also leverages many of the same techniques, tactics and procedures (TTPs) as the conventional domains, but with some notable difference, herein explored. For the purpose of this article, the intent of maneuver warfare is to ensure the tactical mobility of capable friendly forces and deny it to the adversary in order to place him at a tactical disadvantage. I also stipulate that movement to and within a theater is a given, thereby focusing our analytical effort on cyber maneuver at the tactical within a theater of operations, though crossing domains. Because cyberspace is a man-made domain that is both virtual and physical, the specific TTPs are distinct, yet they can largely exist within established conceptions of maneuver warfare. As cyberspace is physical, logical, and human in nature, it is possible to maneuver to exploit vulnerabilities at each of these levels.

Jan. 12, 2016

No-Hack Pacts – Beijing Assumes a Global Leadership Role

While largely recognized as the most pervasive actor engaged in cyber espionage activity for both intelligence collection and commercial espionage, China has recently entered into several “no cyber-enabled commercial hacking” agreements with major governments, efforts that have culminated in the 2015 “no hack” pledge by representatives of the G20. By demonstrating its willingness to work with other governments on this issue, China is promoting itself as a global leader in cyber security while downplaying its suspected involvement in previous espionage activity.

Jan. 8, 2016

Why Special Operations Forces in US Cyber-Warfare?

Cyber-warfare[1] is human-warfare and SOF must play a role. Even in terms of unclear interaction, such as between the US and China, investing SOF expertise into cyber-organizations helps to fill the gaps of American practice caused by elemental differences in military cultures. Whereas, principled Clausewitzian and Jominian theories inspire idealistic US strategies, China’s Sun Tzu inspired stratagems are as unpredictable and deceptive as human nature itself. Defensively oriented, US military culture favors warfare in terms of absolutes and wrestles with cyber-warfare’s ambiguity as a successful strategic deterrent. Conversely, Chinese military culture embraces and promotes ambiguity and brandishes cyber-warfare as a strategic compellent. While US cyber-warfare practice is objective and technically driven, China’s more subjective “cyber-shi”[2] application is coercive and psychologically driven. Ready to help close cyber-warfare’s clear cultural gap, SOF are experts at exploiting the psychological, cultural, and societal factors that drive human behavior and are masters in unconventional warfare. SOF are purpose-built to provide unique expertise on human nature in conflict and are perfectly-suited to advance US cyber-practice better-adapted to counter adversaries in the “gray zone.”[3] By investing SOF experts into cyber-organizations, the Department of Defense (DoD) generates more asymmetric cyber-warfare options and strengthens the nation by fusing the best of competing historic approaches, in this most modern form of human-warfare.

Jan. 4, 2016

Convergence of Cyberspace Operations and Electronic Warfare Effects

Convergence is the foundry for new possibilities. Convergence of Cyberspace Operations (CO) and Electronic Warfare (EW) effects creates combined effects to achieve both offensive and defensive overmatch. Recently the US Air Force revealed the use of a modified EC-130 Compass Call aircraft to remotely attack enemy networks.1 The 24th Air Force commander, Major General Burke “Ed” Wilson, spoke of this capability enabling the ability to “touch a network that in most cases might be closed.”2 While the need for convergence of cyberspace operations and electronic warfare is recognized within the Department of Defense (DoD), differences between how these two capabilities are trained, resourced, organized and employed combined with the significant functional level differences between the two have hindered efforts to converge their capabilities. A concerted effort must be undertaken at the both the Joint and Service levels to closely integrate CO with EW effects to achieve combined effects, enabling comprehensive shaping of the operational environment. The first step in this effort is for CO and EW professionals to commit themselves to professional self-development in their counterparts’ field.

Dec. 17, 2015

Cyber 76ers: Forging a Force of Cyber Planners

The Army has identified a need to more formally develop “cyber planners” who effectively plan and integrate cyberspace operations within Army and joint operations at all levels of command. The establishment of career field 17 (Cyber) and its alignment with FA 29 (EW) have created conditions to initiate such a program, assess its effectiveness over officer careers, and make continual adjustment as needed. Institutional ownership (Cyber School) of the program will ensure the proven build-assess-build approach to developing cyber planners, but the key is to begin now with general consensus. We summarize the essential context for cyber planning based on an informal survey of subject matter experts across the Army and propose a three-tiered model yielding cyberspace planning expertise at tactical, operational, and strategic levels of command.

Dec. 14, 2015

The Interdependence of Feedback, Stability, and Success in Emerging Professions: A Grounded Theory Study in Support of American Military Cyber Professionals

I.  MotivationAs captured in numerous strategic policy documents and speeches, the need to develop a military cyber profession (MCP) or workforce in America is significant.[1],[2],[3],[4],[5],[6] Unfortunately for the United States military, such development has been hampered by a lack of durable and widely accepted definitions of the MCP, which

Dec. 10, 2015

Mission Command In and Through Cyberspace: A Primer for Army Commanders

Joint force commanders exercise mission command across all domains to include land, air, maritime, space, and cyberspace. According to joint doctrine, mission command involves the conduct of military operations through decentralized execution,[1] and this demands that leaders at all echelons exercise disciplined initiative to accomplish missions.[2] However, in the case of military operations in cyberspace, there are aspects of mission command that are not yet fully developed for the joint force.[3] For instance, the emphasis on delegation and decentralization are not always appropriate for situations involving the employment of national level cyberspace capabilities designed to create effects in support of unified action.[4] Army forces are currently incorporating cyberspace as an “operational domain,”[5] and commanders understand how this effort has direct implications for their exercise of mission command in support of unified land operations.[6] In the absence of an operational example, past and current conditions on cyberspace integration will be discussed along with the mission command principle of creating shared understanding.