Battlefield Cyber in the U.S. Army

On February 15, 2017, the United States Army’s official website published a brief piece on integrating cyber capabilities into offensive and defensive battlefield operations.

Official coverage of the U.S. Army’s efforts to capitalise on its newest domain of operations isn’t new. In true army fashion, the article is quite brief but manages to carry a hefty dose of subtext worth taking a deeper look at. Even a small article on these tactical capabilities can shed some light on how the U.S. military views the role of networks in combat — both offensively and defensively.

“We have Army Soldiers who are in the fight and they are engaged [with the Islamic State of Iraq and the Levant]…” — Brig. Gen. J.P. McGee, Army Cyber Command’s deputy commander for operations.

It’s interesting to note just how much of the official United States’ public discussion of its military use of digital attack operations surrounds the ongoing coalition campaign to combat Islamic State forces, primarily in Iraq. Several arguments can be made to account for the trend:

  1. While the U.S. military is active globally, the campaign against the Islamic State represents the most high-intensity concentration of effort in an active combat theatre.
  2. As the U.S. does not form the bulk of the coalition’s combatants in the theatre, it can more easily and more safely rotate experimental units and teams.
  3. As the Islamic State is a usurping presence with minimal outside backing, it must primarily rely on existing infrastructure and jury-rigged solutions.
  4. As the region suffers from poor public telecom infrastructure, equipment may be outdated, insecure and in poor maintenance status.
  5. As the U.S. military and intelligence community has been dominantly active in the region since at least 2003, it enjoys significant familiarity with the electromagnetic spectrum and infrastructure layout of the region.
  6. Much of the intact networking gear captured from retreating Iraqi Army Forces was likely provided by the United States.

The combination of the above parameters means that U.S. offensive network attack teams can operate in relative impunity, while enjoying familiarity with an immeasurably under-equipped and under-supported adversary. As the technical landscape is favourable, it means the U.S. can focus on testing doctrine, tactics, field-readiness and integration with other force elements.

[Brig. Gen. J.P. McGee] said the majority of the effort involves offensive cyberspace effects being delivered from locations in the United States and downrange.

The notion of operations being directly fielded from units operating in the continental U.S. is reasonable for scenarios in which; (a) the target is accessible through the internet or satellite or (b) the target is being operated against by field-deployed assets that relay communication back to the U.S., such as ground teams, drones, aircraft or naval vessels. It’s possible that more highly-specialised and cleared network operators are present in the U.S., and can thereby utilise a wider range of capabilities if needed.

The teams have three main missions: protect networks, particularly the Department of Defense Information Network; defend the U.S. and its national interests against cyberattacks; and provide cyber support to military operations and contingency plans.

This places an understandable focus on the teams as chiefly defensive or supportive, rather than actively achieving operational objectives on their own. Therefore, if deputy SECDEF Robert Works’ April 2016 statement that the U.S. is “…dropping cyber bombs” has any truth to it, the brunt of the effort may be directed by home-based teams.

“Where are the wireless points, cell phone towers? What does that look like? How do you figure out how to gain access to them to be able to deliver effects?” McGee said, detailing the challenges Soldiers will face.
In one example McGee described, a [Cyber Electromagnetic Activities] cell could shut down an enemy’s internet access for a period of time to allow a patrol pass safely through a contested area. The CEMA cell could then turn internet access back on to collect information on enemy activities.

The United States and its NATO allies have wholly adopted “cyber” as a distinct domain of operations. Conversely, many of the actual battlefield units observed effectively merge operations in the electromagnetic (EM) spectrum with those waged against networks and software. The reasoning is intrinsic to the technology; networks are invariably communicated over a medium, be it fibre, copper or radio waves. To borrow from technical parlance, the physical conduit for transmitting the data is the first layer of communication above which we begin to relay actual data — analogue or digital.

Military forces have been conducting large-scale operations in the EM spectrum since at least the Second World War. Simple radar and radio communications were quickly superseded by increasingly complex networks, protocols and methods of secure communication. Consequently, the complexity of attacks had to similarly increase, targeting not just the actual transmission but the content being transmitted and the virtual connections it represented.

“A maneuver commander can look at a team on his staff that can advise him on how to deliver cyber and electromagnetic effects and activities in support of his maneuver plan,” [General McGee] said.

When piecing everything together, viewing battlefield cyber capabilities as a natural evolution of electromagnetic operations makes them far easier to understand. As with EM ops, deployed forces are primarily tasked with preserving friendly assets and readiness, maintaining situational awareness, and generating effects that will deteriorate adversary capabilities to operate. Considering how reliant modern units are on networked equipment, the value of tactical information dominance has increased immensely.

The more networked the adversary, the larger its attack surface. While Islamic State units are relatively undisciplined and expected to offer localised resistance to advancing enemies, large modern military forces are highly dependent on joint operations facilitated by an ever-increasing amount of sensory input and instant communication. So while it may be easier to operationally impact Islamic State networks, it would contribute far less than doing so against a harder target, such as deployed U.S., Russian, or Chinese forces. The lessons learned in Iraq and Syria are invaluable towards integrating these new capabilities, but testing them in a far more contested information battlefield will present many other challenges and opportunities.