The Cyber Defense Review

Cyber 76ers: Forging a Force of Cyber Planners

By MAJ Charlie Lewis, MAJ Ryan Tate | December 17, 2015

The Army has identified a need to more formally develop “cyber planners” who effectively plan and integrate cyberspace operations within Army and joint operations at all levels of command. The establishment of career field 17 (Cyber) and its alignment with FA 29 (EW) have created conditions to initiate such a program, assess its effectiveness over officer careers, and make continual adjustment as needed. Institutional ownership (Cyber School) of the program will ensure the proven build-assess-build approach to developing cyber planners, but the key is to begin now with general consensus. We summarize the essential context for cyber planning based on an informal survey of subject matter experts across the Army and propose a three-tiered model yielding cyberspace planning expertise at tactical, operational, and strategic levels of command.

Planning according to Infantry in Battle is the “effective coordination of the means at hand for the accomplishment of some desired end.”[1] Written under the direction of then Colonel George C. Marshall, Infantry in Battle sought to close the gap between theoretical expertise and the actual application of those ideas in combat.[2] General Marshall observed how the increased pace of combat required leaders to be agile in their planned use of capabilities to meet their ends. Rather than reacting, planning keeps leaders “ahead of events instead of letting them drag [the leader] along in their wake.”[3] Just as when Marshall’s Army encountered technological advancements like the tank and an escalation of operations in the air domain during the interwar period, the Army today faces a similar challenge as its operations increasingly rely upon and take place within the cyberspace domain.

To get ahead of “the wake” in the cyber domain, General Raymond T. Odierno expressed a need to develop cyber operations planners at the CSA Quarterly Cyber Update in September 2014. Initial suggestions for “cyber planner” development combined existing Army professional military education, developing courses at the Naval Post Graduate School, increasing opportunities for advanced civil schooling, and the latest cyber training to tailor a deliberate experience for tactical and strategic levels. The concept envisioned a highly competitive cyber

“…the Army must begin as soon as possible with a reasonable way forward and then systematically assess and improve this strategy with every cohort.

planner program for lieutenants through lieutenant colonels serving at various levels of command.[4] No matter the specifics of the program, it must produce cyber planners that know how to plan and effectively integrate Department of Defense (DoD) Information Network (DODIN) Operations, Defensive Cyberspace Operations (DCO), and Offensive Cyberspace Operations (OCO) in support of Army and Combatant commanders operating at the tactical, operational, and strategic levels.

We cannot wait for the perfect plan.  To learn what is truly the right blend of experience, training, and education to develop a capable “cyber planner,” the Army must begin as soon as possible with a reasonable way forward and then systematically assess and improve this strategy with every cohort. This paper seeks to summarize the most relevant context on cyber planners based on the consensus of a recent, informal survey of subject matter experts (see list at the end) and offer actionable recommendations to initiate the Army’s institutional development of cyber planners at various levels of command and responsibility, ultimately resulting in a core of Cyber Strategists, aka “Cyber 76ers”.

Cyber Operations Planner Context

Development of a cyber planner must reflect the broader expectations of cyber planning. First, cyberspace planning primarily requires a solid foundation in operations planning. Cyberspace presents new capabilities, effects, and planning products, but not necessarily new planning processes. Cyber planners assist the holistic approach to coordinate, integrate, and synchronize all warfighting functions through both cyberspace and the electromagnetic spectrum.[5] Leveraging joint cyberspace capabilities through the Joint Operations Planning Process (JOPP), cyber planners focus commanders and staffs on cyberspace effects. Moreover, cyberspace operations are rarely conducted in isolation. Integration of all functions and staff sections is still vital – especially in the challenging handover between J3 and J5. These planners will generate a long-term (J5) cyber support plan to operations plans, write corresponding tasks and coordinating instructions to a supporting Cyber Mission Force (CMF) team, and develop cyber response options to ongoing J3 requirements (i.e. “fight tonight” options). Ultimately, cyber planners will discuss operations and plan at all levels. Success as a cyber planner requires more from an officer than a depth of knowledge in cyberspace operations – he or she must know and understand how to plan.

Second, cyber planners must understand what is achievable with cyberspace operations.  Cyber planners will apply fundamental science, principles, and practices of cyberspace operations, current cyberspace capabilities and limitations, and cyberspace strategy, law, authorities, and policy to operations.  U.S. Cyber Command (USCYBERCOM) and National Security Agency (NSA) training courses assist CMF and non-CMF planners in understanding operations in and through cyberspace, but cyber planners require a more fundamental understanding of the science and theory behind cyberspace operations through additional education.  While overlap clearly exists between education and training, graduate institutions are ideally suited for the study of cyberspace operations history.  There is relatively limited (compared with most warfighting functions) cyberspace operations history to study.  DoD graduate institutions, like the Naval Postgraduate School (NPS) or Air Force Institute of Technology (AFIT) are renowned for effectively formalizing and institutionalizing historical lessons from recent operations.

Third, a key requirement for planners is the higher learning and reasoning proven to be developed through graduate education. Graduate degrees provide the ability to blend technical training, military history and planning, and even professional military education requirements into a single program. Graduate level institutional ownership of such as tailored program would maximize deliberate cultivation (and identification) of the essential attributes of the cyber planner. Further, graduate degrees in fields related to cyber security, policy, or strategy provide instant credibility and a common language with joint, interagency, intergovernmental, and multinational partners (cyberspace partners frequently have a high percentage of PhDs in their workforce). DoD graduate institution history departments are uniquely postured to capture and assess recent and ongoing cyberspace operations at classified levels. The study of cyberspace operations is essential for understanding the realm of the possible and for the same reason the profession of arms studies military history. While graduate degrees provide recruiting and retention incentives and complement operational experience, raduate education may not be worthwhile in all cases. Instead, the Army must tailor cyber planner development for its needs at various commands.

Finally, designing a program to create the ideal planner for all commands is both challenging and unnecessary. Building an officer capable of planning the full spectrum requires an officer of significant experience, training, and education across a diverse skillset. Pure cyber officers may not have a sufficient experience base in core Army operations, specializing instead in a technical field. Further, sustaining cyber future operations (FUOPS) planners, who work cradle to grave planning initiatives, requires a high volume of personnel. It will be necessary to develop multiple paths matching specific planning backgrounds with certain types of assignments – all subject to available experience and talent pools. In many cases, deliberate experience (or career) management rather than formal training or education will be more effective in tailoring cyber planners to their future assignments and roles.

A Plan for Cyber Planners

“…cyberspace operations [planning] facets: (1) fundamental science, principles, and practices of DODIN operations, DCO, and OCO, (2) current cyberspace capabilities and limitations, and (3) cyberspace strategy, law, authorities, and policy.”

With this context in mind, the Army must establish a system of selective graduate or professional military education programs combined with cyber career development actions to provide a steady pool of cyber planners in three tiers.  The three tier concept excludes technical planners on Cyber Mission Force (CMF) teams, which would fall into a distinct fourth tier with development largely subject to USCYBERCOM and NSA work role training (and further refinement within the Army).  Each of the three tiers provides an increasing level of planning capability to support commanders at tactical, operational, and strategic levels.  More importantly, every level builds upon three cyberspace operations facets: (1) fundamental science, principles, and practices of DODIN operations, DCO, and OCO, (2) current cyberspace capabilities and limitations, and (3) cyberspace strategy, law, authorities, and policy.

Tier 1 cyber planners (CEMA Chief) will serve as cyberspace operations experts at tactical commands (i.e., Brigades and Divisions) and will likely lead the Cyber Electromagnetic Activities (CEMA) element. FA29 (Electronic Warfare) and post-CMF 17 qualified junior field grade officers will serve in the capacity of senior cyberspace operations (inclusive of EW) planner at Brigade through Corps levels. The capability of Tier 1 planning relies on tactical operations experience and CGSC completion, including the Advanced Operations Course, while cyber (inclusive of EW) training and CMF experience provide a cyberspace operations base.  Company grade 29 and 17 qualified officers assigned to the CEMA element will serve as Deputy Chief, but may first attend the Joint Enabling Capabilities Command Planners Course (JECCPC)[6] or similar block of instruction if pre-CGSC. Tier 1 planners will provide many candidates for Tier 2 cyber planning.

Tier 2 cyber planners (Cyber Plans Officer) will serve at Corps, Army Service Component Commands, and Joint Cyber Centers as expert planners capable of fully leveraging cyberspace capabilities at operational levels. Selected officers will complete a graduate degree program at NPS, AFIT, or a top tier civilian institution. Considering the MS in Cyber Systems and Operations at NPS as a model, the graduate education will broaden a planner’s understanding of cyberspace operations, policy, and strategy. [7] Individuals will select electives within the program to incorporate additional planning or technical courses as complements their experiences. Close coordination with NSA, USCYBERCOM, U.S. Army Cyber (ARCYBER), and similar organizations will be essential to obtain and analyze the right problem set for classes and assignments, including a classified thesis on recent cyberspace operations which will also inform commanders and planners in the future. Non 17-qualified officers may also attend CMF or Cyber School training as recommended by the Office, Chief of Cyber to ensure an adequate depth in cyberspace operations. [8]

Tier 3 cyber planners (Cyber Strategists aka “Cyber 76ers”) are experienced cyber planners capable of developing cyberspace strategy and policy who excelled as Tier 2 cyber planners or in other operational or strategic assignments. Affectionately known as a “Cyber 76er” for their role as a strategist (59) plus a cyber officer (17), a Cyber Strategist will serve in Combatant Command HQ, HQ Department of the Army, Joint Staffs, NSA, or in the Office of the Secretary of Defense.  For further development and depending on their future assignment, these officers will follow a path similar to FA59 Strategist officers and complete either the Advanced Military Studies Program (AMSP)[9] (i.e. “SAMS grads” or joint equivalent) or the Basic Strategic Art Program (BSAP) [10] (i.e. FA59/Strategist course) or Advanced Strategic Leadership Studies Program (ASLSP).[11] Others may seek opportunities to complete a PhD to further their education and commitment to serving as a Cyber Strategist.  Cyber Strategists will have experience at ARCYBER, Defense Information Systems Agency (DISA), NSA, USCYBERCOM, and similar appropriate organizations to provide context on DODIN operations, DCO, and OCO in addition to CO training (as Tier 2 planners or as recommended by the Chief of Cyber). Realizing a deliberate pool of tier 3 cyber planners will require significant investment (experience management, graduate school, training) with returns maturing possibly in as long as 15 years. We cannot wait for the perfect solution, but we have fortunately discovered that there are many already capable.

Conclusion    

Staying out of “the wake” of the velocity and increased pace of activities occurring in the cyber domain requires doing more than reacting to our adversary’s actions. The Army must develop expert cyber planners trained in both cyberspace operations and operational planning. Creating great cyber planners will not happen overnight, but must begin soonest to facilitate the build-assess-build model that will yield the right balance of formal development with experience management. Building the expertise requires finding the right officers from the operational force and providing them the education and training needed to communicate cyber means to accomplish their commander’s end. Through a tiered experience system, combined with education and talent management, the Army can create a critical mass of cyber planners as it prepares for future threats across full spectrum operations.

Additional Resources:

Professional military education and Army and Joint planning programs (not discussed above):

  • Army War College Defense Strategy Course is a four-month nonresident course that awards the Strategic Education 6Z ASI and improves student understanding about the role of the Department of Defense in the development of National Security Strategy. https://dde.carlisle.army.mil/dsc.htm
  • HQDA Harvard Strategist Program is a one year ACS assignment to purse a master’s degree in Public Administration at Harvard University. https://www.hrc.army.mil/officer/broadening%20opportunies%20program%20catalog
    • Joint Advanced Warfighting School (JAWS) is an 11-month, single phase (JPME I & II) senior-level school focused on educating expert joint campaign planners. http://jfsc.ndu.edu/Academics/JointAdvancedWarfightingSchool(JAWS).aspx
    • College of Naval Command and Staff Maritime Advanced Warfighting School (MAWS). A 13-month operational planning course for officers with subsequent assignment to the numbered fleets, Navy components, U.S. combatant commands, and analogous operational warfighting staffs.  https://www.usnwc.edu/Departments—Colleges/Maws.aspx
    • Air Force School of Advanced Air and Space Studies (SAASS). Produce strategists through advanced education in the art and science of air, space, and cyberspace power to defend the United States and protect its interests. http://www.au.af.mil/au/saass/

Recommended cyber and cyber planning training courses (not discussed above):

  • Army Leader’s Cyberspace Operations Course (ALCOC). A 40 hour course that collectively trains a CEMA staff on the integration of Cyberspace and Electronic Warfare Operations into a Commander’s plan. The course combines education on both Cyberspace and Electronic Warfare planning considerations along with training on the Cyberspace and Electronic Warfare inputs to the planning process at a tactical level (Corps, Division, Brigade).
  • Army Cyber Operations Planners Course (ACOPC) or Joint Cyber Operations Planners Course (JCOPC). Two-week course that prepares graduates to integrate, synchronize, and coordinate the employment of Cyberspace Intelligence, Surveillance and Reconnaissance, Cyberspace Attack, Cyberspace Operational Preparation of the Environment; and Cyberspace Defense Activities into cyberspace concepts of support for military operations. ACOPC graduates (soon for all ranks) earn ASI N9.
  • Other (short) planning courses recommended for certain planning positions or needs are the STO Planners Course is for J5/J3/J2 STO planners, the Joint IO Planners Course for J3 planners, Introduction to Cyber threat Analysis (DIA JMITC) for J5/J3/J2 planners, and the Joint Operational Fires and Effects Course (JOFEC).

Other graduate programs considered:

  • Air Force Institute of Technology (AFIT) provides a MS in Cyber Operations (requires a related undergraduate degree) encompassing multiple scientific disciplines required to ensure the security of critical infrastructures such as: computer and network defense, attack and exploitation cryptography, computer forensic, systems security engineering and operations, application software security, threat and vulnerability assessments/analyses, and managerial aspects. The Office of the Chief of Signal utilizes this program for AERS billets in the Cyber Protection Brigade; those officers report it prepares them well for their assignments. http://www.afit.edu/ENG/programs.cfm?p=4&a=pd
  • Marine Corps School of Advanced Warfighting (SAW). Graduate-level professional military education for field grade officers at the operational level of war using historical and contemporary issues as a framework. Graduates receive a Master of Operational Studies (MOS) degree.​ https://www.mcu.usmc.mil/saw/SitePages/Home.aspx
  • National Defense University iCollege Cyber Leadership Program. Develops skills and leadership attributes to be an effective strategic leader in the cyberspace domain. Enhances an understanding of how to best integrate cyberspace with the other elements of national power. http://icollege.ndu.edu/Academics/GraduatePrograms/CyberLeadershipProgram.aspx
  • UMUC Master of Science in Cybersecurity Policy. Provides practitioners with the framework and knowledge to protect an organization’s cyber assets. Students learn about technical tools and organizational practices such as training, access control, evidence collection, and disaster recovery and business continuity planning. University of Maryland has an established role in providing some NSA and USCYBERCOM training, such as in conducting RIOT training for Interactive Operators (IONs) and maintaining dual enrollment for the Joint Cyber Analysis Course (JCAC). http://www.umuc.edu/academic-programs/masters-degrees/cybersecurity.cfm

Developmental internship programs:

  • Junior Officer Cryptologic Career Program (JOCCP): three year assignment to NSA, Fort Meade consisting of six-month operational tours in up to six agency work centers and 1,000 hours of formal instruction at the National Cryptologic School.
  • Army Intel Development Program (AIDP) – Cyber: two-year Army Cyber track at Ft. Meade and assignment to leadership positions to gain SIGINT/Cyber “enterprise” and shape Cyber Operations.
  • DOD Information Assurance Program (IASP): serves as a multifaceted program institutionalized within DOD to bring in and retain a corps of highly skilled information assurance/technology professionals to accommodate the diverse war fighting and unique mission requirements, while providing incentives to strengthen IA/IT research and education in critical areas of interest to the Army and DOD. Service members attend school full time to earn a graduate level degree. The master’s and doctoral degree programs are available through the Air Force Institute of Technology; National Defense University, and the Naval Postgraduate School.
  • Training with Industry (TWI) program is a work-experience program to provide an extensive exposure to managerial techniques and industrial procedures within corporate America to competitively selected officers and non-commissioned officers.

 

The authors would like to thank the following individuals for their support and input to the paper:

  • GEN David Perkins, TRADOC
  • LTG Edward Cardon, ARCYBER
  • COL(P) Jennifer Buckner, Army Cyber Commandant
  • COL Gregory Conti, Director, Army Cyber Institute
  • COL Martha VanDriel FA59, HQDA G3/5/7 (Air-Sea Battle Office)
  • LTC Scott Presseur, JFHQ-Cyber, USCENTCOM Cyber Support Element experience
  • LTC Paul Zeps, DJIMO Instructor at CGSC and author of cyber elective
  • LTC Anthony Quinn, USA JFK Special Warfare Center and School
  • Todd Boudreau, Army Cyber School
  • Cyber Support Element, FLKS (Mack Martin, Vic Delacruz, and team)
  • CW4 Paul Gross, Army Cyber School
  • MAJ Joe Billingsley, Strategist, NPS doctoral student
  • MAJ Justine Krumm, JFHQ-Cyber, SAMS graduate
  • CPT PD Kuettner, Asymmetric Warfare Group

[1] “Infantry in Battle,” The Infantry Journal, Incorporated, 2nd Edition (1939), http://www.cgsc.edu/carl/download/csipubs/InfantryinBattle.pdf, 138.

[2] “Infantry in Battle,” I-II.

[3] “Infantry in Battle,” 151.

[4] Gregory Stokes, “CSA Quarterly Update Meeting Summary”, (Department of the Army, Washington D.C., 2014), 8.

[5] ADP 6-0, ADRP 6-0, FM 6-0, FM 7-15, FM 3-38, FM 6-02, FM 7-15, and ATP 3-09.32

[6] Joint Enabling Capabilities Command Planners Course (JECCPC) is a two-week course which familiarizes JECC personnel with the Joint Operation Planning Process and prepares them for JTF headquarters operations.

[7] Naval Postgraduate School (NPS) offers a MS in Cyber Systems and Operations (for diverse backgrounds) that provides a deep understanding of the national and military application of integrated lines of operation including the global information grid, defensive and offensive cyber operations, and the required intelligence operations underpinning these. Students learn how to seize and sustain an information advantage through all stages of operations.  It includes Naval War College JPME courses and grants CGSC credit. http://www.nps.edu/Academics/Schools/GSOIS/Departments/CAG/Education/degrees.html

[8] Minimum of (1) Joint Advanced Cyber Warfare Course (JACWC), a 4-week orientation to USCYBERCOM, Intelligence Community, global cryptologic platform, USG cyber community, allies, and major partners conducting cyberspace operations, and (2) Joint Network Attack Course (JNAC), a 4-week course on effectively planning OCO missions, covering appropriate authorities, Battle Damage Assessment, Review Approval Process, and the deconfliction, legal, targeting, weaponization, and execution processes, or USCYBERCOM mission commander/planner course (currently in development).

[9] Advanced Military Studies Program (AMSP) is an 11-month post-CGSC graduate education program of the School of Advanced Military Studies (SAMS) that develops effective planners who help senior leaders understand the operational environment and then visualize and describe viable solutions to operational problems.  http://usacac.army.mil/organizations/lde/cgsc/sams

[10] Basic Strategic Art Program (BSAP) is a 14-week program at the Army War College designed to educate Army majors designated Functional Area 59 (Strategist) in the fundamentals of strategy. It introduces the officers to the unique skills, knowledge, and attributes needed as a foundation for their progressive development as Army strategists. http://www.csl.army.mil/SLET/SDD/default.aspx

[11] Advanced Strategic Leadership Studies Program (ASLSP) is a 24-month SAMS course developing theater level senior leaders and general staff officers for positions including strategic thinkers and planners at CCMDs, JTF, and other four star headquarters.  It includes 9 weeks TDY with fieldwork conducted at defense organizations and military headquarters in various foreign nations as well as visiting all COCOM HQ throughout the globe.  Graduates receive a Masters in Theater Strategy thru CGSC.   http://usacac.army.mil/organizations/lde/cgsc/sams



US Army Comments Policy
If you wish to comment, use the text box below. Army reserves the right to modify this policy at any time.

This is a moderated forum. That means all comments will be reviewed before posting. In addition, we expect that participants will treat each other, as well as our agency and our employees, with respect. We will not post comments that contain abusive or vulgar language, spam, hate speech, personal attacks, violate EEO policy, are offensive to other or similar content. We will not post comments that are spam, are clearly "off topic", promote services or products, infringe copyright protected material, or contain any links that don't contribute to the discussion. Comments that make unsupported accusations will also not be posted. The Army and the Army alone will make a determination as to which comments will be posted. Any references to commercial entities, products, services, or other non-governmental organizations or individuals that remain on the site are provided solely for the information of individuals using this page. These references are not intended to reflect the opinion of the Army, DoD, the United States, or its officers or employees concerning the significance, priority, or importance to be given the referenced entity, product, service, or organization. Such references are not an official or personal endorsement of any product, person, or service, and may not be quoted or reproduced for the purpose of stating or implying Army endorsement or approval of any product, person, or service.

Any comments that report criminal activity including: suicidal behaviour or sexual assault will be reported to appropriate authorities including OSI. This forum is not:

  • This forum is not to be used to report criminal activity. If you have information for law enforcement, please contact OSI or your local police agency.
  • Do not submit unsolicited proposals, or other business ideas or inquiries to this forum. This site is not to be used for contracting or commercial business.
  • This forum may not be used for the submission of any claim, demand, informal or formal complaint, or any other form of legal and/or administrative notice or process, or for the exhaustion of any legal and/or administrative remedy.

Army does not guarantee or warrant that any information posted by individuals on this forum is correct, and disclaims any liability for any loss or damage resulting from reliance on any such information. Army may not be able to verify, does not warrant or guarantee, and assumes no liability for anything posted on this website by any other person. Army does not endorse, support or otherwise promote any private or commercial entity or the information, products or services contained on those websites that may be reached through links on our website.

Members of the media are asked to send questions to the public affairs through their normal channels and to refrain from submitting questions here as comments. Reporter questions will not be posted. We recognize that the Web is a 24/7 medium, and your comments are welcome at any time. However, given the need to manage federal resources, moderating and posting of comments will occur during regular business hours Monday through Friday. Comments submitted after hours or on weekends will be read and posted as early as possible; in most cases, this means the next business day.

For the benefit of robust discussion, we ask that comments remain "on-topic." This means that comments will be posted only as it relates to the topic that is being discussed within the blog post. The views expressed on the site by non-federal commentators do not necessarily reflect the official views of the Army or the Federal Government.

To protect your own privacy and the privacy of others, please do not include personally identifiable information, such as name, Social Security number, DoD ID number, OSI Case number, phone numbers or email addresses in the body of your comment. If you do voluntarily include personally identifiable information in your comment, such as your name, that comment may or may not be posted on the page. If your comment is posted, your name will not be redacted or removed. In no circumstances will comments be posted that contain Social Security numbers, DoD ID numbers, OSI case numbers, addresses, email address or phone numbers. The default for the posting of comments is "anonymous", but if you opt not to, any information, including your login name, may be displayed on our site.

Thank you for taking the time to read this comment policy. We encourage your participation in our discussion and look forward to an active exchange of ideas.