The Cyber Defense Review

People, Preparation, Process: The Three P’s to Integrate Cyber at the Tactical Level

By MAJ Charlie Lewis | January 19, 2016

Integration of cyber and electromagnetic activities (CEMA) at the tactical level requires strategic thinking and planning. Current efforts, like Army Cyber’s Cyber Support to Corps and Below, are moving in the right direction but do not necessarily create the critical mass required for lasting effects. This paper seeks to provide a framework based on the people, the preparation, and the process of CEMA to successfully incorporate for tactical operations. Beginning with the people, this paper applies talent management concepts to put the right people with expertise, experience, and networks in the right job to start the conversation. Second, preparing those people and the staffs with whom they work for the integration furthers integration. Leadership must make sure the correct education supplements the experience of cyber planners combined with increased discussion of CEMA in Command and General Staff College is vital to preparing the force for the new domain. Finally, the only way to ensure complete integration is to change staff planning processes. Introducing METT-C2, with the second “C” for cyber, and emphasizing cyber key terrain in Mission Analysis, ritualizes cyber variables at the start of planning and guarantees integration in tactical staffs.

“It’s not cyber for the sake of cyber, but cyber integrated into other means” said LTG Edward Cardon, Commander of Army Cyber, at the 2015 Association of United States Army annual meeting when discussing the impact of cyberspace in every component of society.[1] As the Army built its Cyber Mission and Cyber Protection teams for the Cyber Mission Force (CMF), maneuver commanders started to signal a demand for cyber support at Corps and Below. This desire led to the launch of a pilot program at Combat Training Centers to incorporate offensive and defensive cyber operations with the support of both the 780th Military Intelligence Brigade and the Cyber Protection Brigade.[2] Supply of cyber at the tactical level, however, struggles to meet demand as the program grows. Finding ways to integrate cyber into tactical forces and create the critical mass for continued cyber effects requires finding the right people, preparing them, and then creating the processes upon which they rely. This paper addresses the three P’s of integration – people, preparation, process – and provides recommendations on increased integration of cyberspace and electromagnetic activities (CEMA) at the tactical level.

People

First, integration must occur by placing expert and experienced cyber operators into tactical units. This step requires an emphasis on talent management or the “systematic planning for the right number and type of people to meet the Army’s needs at all levels and at all times.”[3] To guide its talent management, the Army follows five guiding principles. For the cyber integration at the tactical level, the Army must ensure a “job-person fit” by optimizing talent placed by “knowledge, skills, and behaviors required by the organization.” Moreover, putting the right person in the right job and right team combined with agile organizations creates proper fit.[4]

For a tactical unit requiring a cyber operator (both 17 and 29 series), talent management means determining the proper skillset from within the force, providing additional training, and then assignment within an organization early in their training cycle. Placement matters – especially for the first few operators at the tactical level. Failure to put the right people in the right job will hinder integration. The right person, according to Mr. Todd Boudreau, Deputy Commandant, U.S. Army Cyber School, must have experience within the CMF and in operational planning. They must know the capabilities of systems, have operated on those systems, and understand how to apply capabilities to enable maneuver.[5] Placing brand new Cyber and Electronic Warfare Officers (EWOs) in tactical positions without the requisite experience and knowledge will leave them impotent and integration a failure.

Moreover, experienced cyber operators come with a network with whom they can communicate and rely upon for additional support.[6] The people integrating cyber must possess social capital – or “social networks, norms of reciprocity, mutual assistance, and trustworthiness.”[7] In other words, relationships have value and a cyber operator at the tactical edge must possess this capital to succeed because it improves the “efficiency of society by facilitating coordinated actions.”[8] Coordinating with the CMF – aka “reachback” – provides knowledge of capabilities and effects provided. In addition, creating networks within the maneuver community helps tailor capabilities towards desired objectives based on conversations and intent vice limited communication through bureaucratic approval processes. Combining the network with expertise provides tactical units enhances the cyber operator’s capabilities at the tactical level.

Preparation

Second, integration requires preparation at both the individual and collective level. Even the most qualified person for a position may lack a skillset required for operations. In addition, with changes in technology, continued education must occur through self-development and other training opportunities, even at the tactical level.

Individually, training CEMA matters. Immediately upon selection, Cyber branch or the unit must provide the proper training. Sending 17-series service members to the EWO course provides background knowledge in that expertise, furthering the tactical application of electronic attack, electronic protect, and electronic support. If the officer is an EWO, additional cyber training, like Joint Advanced Cyber Warfare Course (JACWC) or Joint Network Attack Course (JNAC) ensures technical education on cyber capabilities.[9]  Beyond the skills of the individual, the cyber operator must understand how to plan at the tactical level. A “Tier 1 Planner” requires the training mentioned previously, as well as Command and General Staff College (CGSC) completion for planning education and the Joint Enabling Capabilities Command Planners Course for JTF headquarters operations.[10]

A prepared cyber planner cannot leverage their full capability without other branch officers understanding CEMA. All officers must practice the integration of CEMA effects in their professional military education common core curriculum. Current instruction, consisting of a separate two-hour block, lacks the appropriate integration. Furthermore, increased electives still provide only a small pool of “cyber educated” officers entering staffs each year.[11] Instead, all common core must integrate cyberspace and electronic warfare into the requirements for completion of each step of planning. A Small Group Leader must require CEMA effects in planning, just as they do fires.  Just asking for CEMA in each phase of planning will shift the culture in both the courses and on staffs.

Outside of individual training, units must train on the integration of CEMA. From incorporating requirements with unit warfighters and Mission Command Training Program visits through training rotations at Combat Training Centers, the more elements prepare in training, the more likely CEMA will see increased integration throughout the force. In addition, the Army Leader’s Cyberspace Operations Course (ALCOC), taught through the U.S. Army Cyber School, provides a weeklong collective training event for key members of the CEMA staff – Cyber, S3, S2, S6, IO, Fires, and Space – that combines education of CEMA with a planning exercise based on future unit missions.[12] Rehearsals are always a key component of preparing to conduct operations at any level. Tactical units practice how they fight, from instruction through CTC rotations. Without practicing CEMA, integration will never be complete.

Process

Process enhances progress. While people and preparation are the first two steps to integrate CEMA into tactical military force operations, the third – process – is the most important. Changing the behavior of staffs and organizations through ritualization of CEMA planning at all levels of command completes integration. Failure to change behavior, even with prepared people in the right positions, will stunt CEMA integration.[13]

Military staffs operate in a distinct fashion through the military decision making process (MDMP). Embedded throughout doctrine, this seven-step routine ensures staffs conduct thorough analysis of the operational environment, along with developing multiple courses of action.[14] Incorporating CEMA as part of MDMP – and not as something distinct and separate – increases  successful integration at the tactical level.

The first place to add to the ritual is in understanding the characteristics of the area of operations through mission variables, or METT-TC or Mission, Enemy, Terrain and weather, Troops and support available, Time available, and Civil Considerations. Commanders and their staffs use these variables for increased situational understanding while planning.[15] The problem, however, is while these variables refine knowledge of the operational environment, they neglect to discuss cyberspace and electronic warfare considerations directly even when PMESII-PT, the operational variable framework upon which staffs derive METT-TC, does.[16] Unfortunately, leaving that variable out of METT-TC stops the CEMA conversation completing the first step of MDMP. To change the routine, the Army must add another “C”, making it METT-TC2, with cyber as a distinct mission variable.[17] Evaluating cyberspace through its three layers in METT-TC2 – the Physical Network Layer, the Logical Network Layer, and the Cyber-Persona Layer – and incorporating cyber key terrain maintains the importance of CEMA and adds additional variables of understanding for the commander.[18] By changing the process at the start of MDMP, the cyber variable, both distinct and as part of the other components of METT-TC2, ensures integration.

Beyond variables, products within the process matter. CEMA, as a vital piece of the planning process, must provide additional inputs, including cyber key terrain as part of the intelligence preparation of the battlefield. Cyber key terrain applies the same frameworks as physical terrain and understanding it is to know “those features that provide tactical advantage to someone attacking or defending a network.”[19] Knowing cyber key terrain not only enables offensive maneuver also provides additional disruption to the enemy’s intrusion kill chain in cyberspace by limiting at least one step in the payload delivery. Mapping and defending your own network strengthens the defense of a unit’s lines of communication and thus limits the delivery of any cyber weapon, even if the threat is persistent.[20] Adding cyberspace and electronic warfare inputs to each step of the deliberate planning process and including them as a new mission variable starts the process of changing behavior within staffs.

Conclusion:

To meet the needs of the tactical force and integrate cyber-electromagnetic operations across all levels of command, three large steps must occur. Adhering to the Army’s talent management program and selecting those with the right knowledge, skills, and background to serve in tactical formations comes first. Having the right people is only part of the battle – preparing those individuals, along with others on the staff, allows for a knowledgeable workforce. To leave a lasting impression, processes must change behavior. Standardization of METT-TC2 and cyber key terrain, along with increased expectation of CEMA effects throughout the steps of MDMP makes cyber an expected part of planning, fully integrating it.

References

[1] Milord, Mike. “Forum addresses Army cyber progress, convergence.” Army.mil. Accessed on November 23, 2015 from http://www.army.mil/article/157613/Forum_addresses_Army_cyber_progress__convergence/?from=RSS.

[2] Freedberg, Sydney J. “Army Puts ‘Cyber Soldiers’ In the Mud.” Breaking Defense. Accessed on November 23, 2015 from http://breakingdefense.com/2015/11/army-puts-cyber-soldiers-in-the-mud/.

[3] Office of Economic and Manpower Analysis. “Purpose.” U.S. Army Talent Management. Accessed November 23, 2015 from https://talent.army.mil/.

[4] U.S. Army Combined Arms Center. “ Talent Management Concept of Operations for Force 2025 and Beyond.” (U.S. Army, Fort Leavenworth, KS: September 2015), 14.

[5] Boudreau, Todd. Discussion with the author. November 20, 2015.

[6] Boudreau.

[7] Putnam, Robert D. and Lewis M. Feldstein, Better Together: Restoring the American Community (New York: Simon and Schuster, 2003), 2.

[8] Putnam, Robert D., Making Democracy Work: Civic Traditions in Modern Italy (Princeton: Princeton University Press, 1993), 167.

[9] Boudreau.

[10] Tate, Ryan and Charlie Lewis. “Cyber 76ers: Forging a Force of Cyber Planners.” Cyber Defense Review. Accessed from Cyber 76ers: Forging a Force of Cyber Planners

[11] Croom, Benjamin (CGSC Instructor). Discussion with the author. October 29, 2015.

[12] The author is the ALCOC course manager.

[13] Elrod, Hal and Jordan Harbinger. Art of Charm: Bonus: Beyond the Bestseller. Podcast audio. Art of Charm. MP3. Accessed November 23, 2015 from iTunes Podcast.

[14] Headquarters, Department of the Army. “ADRP 5-0: The Operations Process.” Washington D.C., May 2012. 1-7, 1-9, and 2-12.

[15] “ADRP 5-0”, 1-8-1-9.

[16] Ibid, pg 1-7, 1-8.

[17] Montgomery, Brian. Discussion with the author. October 29, 2015. The author had a discussion with MAJ Montgomery at Fort Leavenworth where MAJ Montgomery stated the need to add this to their planning process while at CGSC.

[18] “Joint Publication 3-12(R): Cyberspace Operations.” Department of Defense. Washington D.C.: 2013, I-3.

[19] Raymond, David, Conti, Gregory, Cross, Tom, and Michael Nowatkowski. “Key Terrain in Cyberspace: Seeking the High Ground.” 6th International Conference on Cyber Conflict, ed P. Brangetto, M. Maybaum, J. Stinissen, 2014, 295, 297.

[20] Hutchins, Eric M., Cloppert, Michael J., and Rohan M. Amin. “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains.” Lockheed Martin Corporation, 4.



US Army Comments Policy
If you wish to comment, use the text box below. Army reserves the right to modify this policy at any time.

This is a moderated forum. That means all comments will be reviewed before posting. In addition, we expect that participants will treat each other, as well as our agency and our employees, with respect. We will not post comments that contain abusive or vulgar language, spam, hate speech, personal attacks, violate EEO policy, are offensive to other or similar content. We will not post comments that are spam, are clearly "off topic", promote services or products, infringe copyright protected material, or contain any links that don't contribute to the discussion. Comments that make unsupported accusations will also not be posted. The Army and the Army alone will make a determination as to which comments will be posted. Any references to commercial entities, products, services, or other non-governmental organizations or individuals that remain on the site are provided solely for the information of individuals using this page. These references are not intended to reflect the opinion of the Army, DoD, the United States, or its officers or employees concerning the significance, priority, or importance to be given the referenced entity, product, service, or organization. Such references are not an official or personal endorsement of any product, person, or service, and may not be quoted or reproduced for the purpose of stating or implying Army endorsement or approval of any product, person, or service.

Any comments that report criminal activity including: suicidal behaviour or sexual assault will be reported to appropriate authorities including OSI. This forum is not:

  • This forum is not to be used to report criminal activity. If you have information for law enforcement, please contact OSI or your local police agency.
  • Do not submit unsolicited proposals, or other business ideas or inquiries to this forum. This site is not to be used for contracting or commercial business.
  • This forum may not be used for the submission of any claim, demand, informal or formal complaint, or any other form of legal and/or administrative notice or process, or for the exhaustion of any legal and/or administrative remedy.

Army does not guarantee or warrant that any information posted by individuals on this forum is correct, and disclaims any liability for any loss or damage resulting from reliance on any such information. Army may not be able to verify, does not warrant or guarantee, and assumes no liability for anything posted on this website by any other person. Army does not endorse, support or otherwise promote any private or commercial entity or the information, products or services contained on those websites that may be reached through links on our website.

Members of the media are asked to send questions to the public affairs through their normal channels and to refrain from submitting questions here as comments. Reporter questions will not be posted. We recognize that the Web is a 24/7 medium, and your comments are welcome at any time. However, given the need to manage federal resources, moderating and posting of comments will occur during regular business hours Monday through Friday. Comments submitted after hours or on weekends will be read and posted as early as possible; in most cases, this means the next business day.

For the benefit of robust discussion, we ask that comments remain "on-topic." This means that comments will be posted only as it relates to the topic that is being discussed within the blog post. The views expressed on the site by non-federal commentators do not necessarily reflect the official views of the Army or the Federal Government.

To protect your own privacy and the privacy of others, please do not include personally identifiable information, such as name, Social Security number, DoD ID number, OSI Case number, phone numbers or email addresses in the body of your comment. If you do voluntarily include personally identifiable information in your comment, such as your name, that comment may or may not be posted on the page. If your comment is posted, your name will not be redacted or removed. In no circumstances will comments be posted that contain Social Security numbers, DoD ID numbers, OSI case numbers, addresses, email address or phone numbers. The default for the posting of comments is "anonymous", but if you opt not to, any information, including your login name, may be displayed on our site.

Thank you for taking the time to read this comment policy. We encourage your participation in our discussion and look forward to an active exchange of ideas.