Army's cyber boss envisions incorporating cyber offensive tactics into brigade rotations at combat training centers. (Capt. Michael Thompson / Army)
Ground commanders are already learning how to counter cyber threats in the field, but the Army’s cyber boss wants them to start launching their own attacks.
“The way we’re going to have to do this is stand up the capability and start experimenting with it,” said Lt. Gen. Edward Cardon, commander of Army Cyber Command. “From that we will develop the commander’s guidance for cyber.”
Cardon said the first step in educating and empowering brigade commanders is to incorporate the offensive capabilities as part of combat training center rotations. It could happen as early as next year, he said.
For more than a year, the Army has employed 1st Information Operations Command’s “World-Class Cyber Opposing Force” to play a red team at combat training centers. The opposition throws a wide range of threats at the brigade, including phishing scams that install network-crashing malware.
The red team’s goal is “crushing that unit that’s trying to operate their networks,” said Maj. Gen. George Franz III, commander of the Cyber National Mission Force at U.S. Cyber Command.
Should commanders fail to stop the threat, they might find themselves struggling to work around the absence of a comms network.
If the CTCs adopt offensive cyber training, it could mean the addition of a blue, or friendly, team, Cardon said.
The plans come as the Defense Department is planning to ramp up to 6,000 cyber warriors across the services by 2016, and as the Army rapidly trains its share.
“We have a lot of capabilities coming on line now, and the question is how do we organize these to give options to combatant commanders?” Cardon said.
A brigade combat team has a number of systems already in place to help a commander gain intel in a cyberspace environment. That includes the ability to map adversary networks, identify potential vulnerabilities and perform counter-recon to either confuse or deny hacking attempts.
Cyber attacks can be used for harassment and information operations, or to physically damage key infrastructure, writes Lt. Cmdr. Kallie Fink, a Navy information warfare officer, in the May-June issue of Military Review, an official Army journal.
They can shut down air defense systems and command-and-control nodes, open or close a dam’s floodgates, and destroy or damage industrial machines such as nuclear centrifuges.
An Army cyber official, speaking on condition of anonymity, speculated that ground commanders would be given much more modest capabilities. They could be building, operating and hunting within their networks in CTCs before doing so in the real world.
While technically feasible for a brigade commander to have a cyber soldier hack into, for instance, an enemy communication network and shut it down, it could likely not happen quickly in today’s Army, given the chain of authorities.
Army Cyber officials have acknowledged publicly there would have to be reviews of the legalities, the risks and whether it disrupts the intelligence gathering efforts — all of which would rise to the highest levels of the Defense Department and beyond.
More feasibly, a commander might be given cyber soldiers who could engage in battlefield forensics, mining found thumb drives for intelligence, according to the Army official. They might also have a role infiltrating a local, isolated network that cannot be reached from afar.
Cardon suggested that small cyberteams could be attached to brigades or lower level units. These teams would be “tethered” back to national-level agencies for the sake of obtaining authorization to act.
“That might be the way ahead for tactical cyber,” Cardon said.
The hope is that the experimentation might clear up confusion in the Defense Department about how to wage cyberwarfare at the tactical level.
“When you ask the commander, ‘What exactly do you want done?’ they can’t articulate it, they just want some of that cyber stuff,” Cardon said. “What do you want cyber to do for you?”