The Complex

Army and Marines creating systems for cyber fire support

The Army and Marine Corps are developing procedures that allow front-line troops to request offensive cyber support the same way they currently request artillery and air support.

For its part, the Army  has fielded the Cyber Effects Request Format, or CERF, a system tht allows combatant commands to request cyber operations from U.S. Cyber Command.

"It's an Air Force model that we deliberately seized on about 19 months ago, a close air support model, to develop a process and procedures by which tactical and operational commanders can leverage these fires in support of their operations," said Lt. Col. Jason Bender, chief of fires for Army Cyber Command on August 15. ("Fires" is the military term for discharging weapons. So no, Bender isn't in charge of burning things for Army Cyber.)

Requests for cyber fire support will go up through the same chain of command as air or artillery support and will end at cyber operators providing the solutions, according to Bender.

Right now, the CERF allows combatant commanders and operational commanders to request cyber support for their missions. However, the Army would like to expand this so that smaller, tactical level units fighting on the ground can request cyber fire support.

"Just about all the services would like to be able to [provide cyber fire support to tactical level troops], the question right now is, what is a cyber tactical fire," said Bender during a Sept. 7 interview. "Most of the fires that we're doing are at the operational or strategic level of war." Since cyber operations don't have physical boundaries, limiting the effects of cyber fires "to a small tactical area is pretty difficult right now."

However, one of the biggest challenges with providing cyber fire support is making sure that planners throughout the military understand what cyber tools are available to them, how to use those tools, as well as possible unintended effects of a cyber strike (similar to the way military planners must work to avoid civilian casualties from airstrikes).

"It's really no different than most of the operations that we're doing in the way we plan and consider them," said Bender.

"With conventional weapons, it's very easy to say ‘I've got a bridge and I want to deny road traffic or deny a line of communication.' As a weaponeer, I can go look at that bridge, and I've got all these weapons that are available to me and all I've got to do is put six JDAMs [GPS-guided bombs] across the bridge or hit the pylons in a certain way and I'm going to drop the bridge and I'm going to deny that line of communication, that road going across the bridge," said Bender. "That's not always so easy in cyberspace."

Commanders, versed in traditional military weaponry and the effects of those weapons, must know what exactly they want to do from a cyber perspective and understand all the collateral effects of their actions and how they interplay between the cyber and physical domains, according to Bender.

"Consider an unclassified network inside of a ground force headquarters, and we have the ability to infiltrate that network and disrupt their communications on it or do [misleading] message delivery. If we destroy that headquarters building, we also destroy our [cyber] characteristics of the target, so that target ceases to exist in cyberspace," potentially undermining a cyber mission, said Bender.

At the same time, cyber planners must be aware of the needs of ground troops when planning cyber operations, Bender told Killer Apps in a follow-up interview.

To this end, the Army is working to view targets through a holistic lens that takes into account what impact kinetic operations will have on cyber operations and vice versa. Why bomb an enemy into submission when you can simply confuse him into ineptitude for a fraction of the cost?

"Cyber capabilities and effects are instantaneous," said Lt. Gen. Rhett Hernandez, commander of Army Cyber Command on Aug. 16. "However, cyber planning and targeting are resource intensive, our planners and analysts continue to integrate cyber targeting with [military] objectives, the joint fires process, and lethal and non-lethal effects."

In, English, that means that the Army's cyber planners are working to make sure everyone understands how long it can take to plan a cyber mission and how cyber weapons work. Doing so will ensure that commanders know what type of cyber weapons are available to them and how to use them.

Meanwhile, the Marine Corps is also hustling to equip expeditionary fighting groups known as Marine Air Ground Task Forces (MAGTFs) with cyber weaponry to take into battle alongside their rifles, artillery, tanks, helicopters and airplanes.

"The future environment . . . leads us not only to focus on [cyber] vulnerabilities [and opportunities] at the strategic levels, but to create options for the most forward, tactical commanders to use cyber as an important weapon within their quiver," the Marines' top cyber warrior, Lt. Gen. Richard Mills, said on Aug. 15.

"That MAGTF commander at the front end of the spear will have organic, offensive [cyber] capabilities, they will be augmented by fires from [Marine Corps Cyber Command] and from U.S. Cyber Command and, perhaps ultimately, from NSA," added Mills, referring to the National Security Agency, considered one of the most potent cyber fighting organizations in the world.

Mills admitted that his forces used offensive cyber operations to "great impact" in Afghanistan when he commanded all Marines there in 2010.

"I was able to get inside [enemy networks], and affect his command and control and, in fact, defend myself against his almost constant incursions to get inside my [cyber] wire to effect my operations," Mills said on Aug. 15.  

U.S. Air Force

National Security

Is the 'holy grail' of cyber security within reach?

Attribution, the ability to quickly identify the source of a cyber attack has long been touted as "the holy grail" of cyber security -- an elusive code that once cracked, will make fighting back against such attacks far easier -- may finally be coming within reach of Defense Department cyber warriors.

"That's an area that the department in particular, but I think the country in general, has made a lot of progress," Eric Rosenbach, deputy assistant secretary of defense for cyber policy told Killer Apps in an exclusive interview on Sept. 4. "Conventional wisdom in cyber security nowadays is, ‘attribution is impossible and that's one of the reasons that you're more likely to have big attacks is because the perpetrator believes they can get away with it and you'll never figure out who it is.' That's one of the major advantages some people see in cyber if you're a rogue actor or a bad nation state."

However, in recent years, "we've made a lot of progress on attribution and that's something that is very helpful because we have a much clearer idea of who is attacking us in certain spaces and what to look for," said Rosenbach.

"It's definitely not perfect and it's definitely not a silver bullet, but it's an area that we're making progress in," he added.

Rosenbach wouldn't discuss what specifically has increased DoD's ability to identify attackers in time to respond, only saying that the Pentagon's progress on attribution is due to an improvement in malware forensic skills and intelligence abilities.

Jim Lewis, director of the technology and public policy program at the Center for Strategic and International Studies, says that the Pentagon is much better at tracing cyber attacks than it was only five years ago, when it could only trace a third of cyber attacks quickly.

"The numbers are open to debate but five years ago, DoD told me they could succeed [at tracing an attack] in one out of three cases, in really short order," Lewis told Killer Apps. "About a year ago, Cyber Command told me that they had significantly improved that batting average."

Like Rosenbach, Lewis wouldn't discuss the specifics of how the United States has improved its ability to detect the source of cyber attacks. All he would say is, "If you know who your opponent is, there are things you can do to make it easier to figure out when they're responsible, figuring out when it's the Chinese might not be as hard as when it's a random attack out of the blue; its hard but the difficulty is going down."

"Unless people put more resources into covering their tracks, attribution will be a declining problem, it's going to be harder to hide in the future," added Lewis. Of course, there's the rub. This is cyber, where technology evolves in weeks and days; people are constantly pouring energy and resources into covering their online tracks.

U.S. Air Force