The Complex

The Army is building cyber into its combat exercises

The Army has started incorporating cyber operations into exercises meant to prepare its heavy forces to fight major wars again after more than a decade of counterinsurgency, a three-star general revealed this week.

Until recently, "we had not thought through the process of how we could use cyber, or the network, from a weapons standpoint," said III Corps Commander, Lt. Gen. Donald Campbell during a speech at the Association of the U.S. Army's annual conference in Washington this week.

To address this, Campbell had representatives from U.S. Army Cyber Command embed with his commanders for the exercise, hosted by III Corps this summer, so that the traditional combat troops could learn how to use cyber in a conflict. (III Corps is a heavy combat formation of the U.S. Army consisting of numerous armor, cavalry and infantry divisions.)

"This was a Caspian Sea scenario against what I would classify as a near-peer adversary," said Campbell. This means that the friendly troops were fighting a nation with an advanced military, like Russia's.

In addition to throwing armor, artillery, and infantry at the enemy to defeat its forces, commanders got accustomed to thinking about how they would use cyber power in the campaign.

"I had to tell the staff, ‘Here's what I want to achieve as an example,' as we got ready to isolate Baku, in really the culminating operation for the exercise. I specifically said I want to target this [enemy] division to do this to it -- not ‘take it down', that's not a doctrinal term -- but to really impact its ability to command and control," said Campbell. "So we put together a [concept of operations] using [U.S. Army Cyber Command's] capabilities, [the Army cyber] team working to us to do that specific mission [taking out the enemy's command and control] and it was very successful."

What does very successful mean? The fake enemy's ability to command his forces and gather intelligence was degraded by about 40 percent because of Army cyber's efforts, according to Campbell.

"When [Army cyber commander Lt. Gen. Rhett Hernandez] talks about the network as a weapons system, in my opinion that was a great example," said Campbell.

He added that his operational planners had to learn how to collaborate with the cyber commanders to use cyber weapons.

"We met daily, in a targeting brief for an hour and there were specific focused targets on what we would do to the network and what we would do to our network," said Campbell. 

Friendly forces even used social media in an attempt to win the local population's support.

"I asked the team to leverage what we could from a social media standpoint . . . to try to get after the populace," said Campbell, who added that this use of social media to influence the outcome of a conflict was "bigger than public affairs."

While the exercise was a start, the Army must make relationships between more traditional units like III Corps and its divisions and cyber forces "habitual," according to Campbell, who noted that several upcoming Army exercises will incorporate cyber.

All of this comes as the Army seeks to develop a new generation of cyber weapons and is working to incorporate offensive cyber fire support into its operations.

In addition to building strong and resilient networks capable of operating while under attack, "we must also be ready when directed to conduct offensive operations to help achieve commanders intents and the objectives that they desire," said Lt. Gen. Hernandez during the same event at which Campbell spoke.

Wikimedia Commons

National Security

Napolitano: U.S. and allies must improve info sharing on cyber threats

As cybersecurity grows in importance, the United States and its allies need to improve information-sharing and collaboration on cyber threats, Homeland Security Secretary Janet Napolitano said today.

While the United States does share information about cyber threats with some allies via existing mechanisms such as the Five Eyes agreement, it does so on an ad hoc basis. There is no specific structure for sharing cyber intelligence despite the fact that cyber threats and attacks crisscross international boundaries, said Napolitano after a speech on cybersecurity at the Center for Strategic and International Studies.

"Cybersecurity, first of all, it is inherently international, it respects no national boundaries," Napolitano said. "Second, there are no international protocols or frameworks on which to hang things. Thirdly, there is a wide disparity in technological capacity among different countries, so it's really an area that requires a lot of work, but the plain fact of the matter is we have to work internationally."

As Killer Apps has reported previously, Pentagon officials have argued that rapid information-sharing between allies is badly needed to defeat cyber attacks since the cyber domain transcends national borders. Hackers in one country going after networks in another can often disguise their attacks to appear as if they are emanating from servers in a third nation. As Napolitano pointed out today, not all countries have the ability to detect cyber threats and attacks quickly. This means that a country whose servers are hijacked may not even know that it is hosting an attack.

"This is one area where there will needs to be a lot of work over the next, I will say months and years, it is not well developed yet," said Napolitano.

In addition to improving information-sharing with its allies, the United States is working to establish international "norms of behavior" in the cyber arena that are based on the law of armed conflict. These norms would define acts of cyber war, espionage, and crime and would establish what constitutes an appropriate response to such acts. However, these efforts are being held up by nations such as Russia and China, Pentagon officials say.

Here's what Eric Rosenbach, deputy assistant secretary of defense for cyber policy, told Killer Apps about the matter last month:

"We look at cyber just like you would look at any other form of warfare or military operations," Rosenbach said. "So the law of armed conflict applies, and within that you can already interpret what would be acceptable in cyberspace. We don't have a lot of case history to back up the customary aspect of it in international law, but we think that the framework is already there."

Russia and China are focused more on controlling citizens' activities on the Internet rather than limiting attacks on nations' critical infrastructure, he said.

"There are other countries, the Chinese and Russians in particular, that don't think the law of armed conflict is the best framework to view these things through and they focus much more heavily on control of information than they do on the security of crucial infrastructure or preventing the destruction of networks."

Rosenbach went on to call this a "nonstarter."

"To say that your model of an international law for cybersecurity is based on controlling media content or what people can say about the government isn't something we're interested in at all," he said. "There are other areas -- in particular, the theft of intellectual property -- because that's a major problem for the United States right now, where there are very different ideas about what's acceptable and what's not."

Wikimedia Commons