One day an Army brigade may call for a cyber attack as it does for a precision-guided bomb, according to an official with Army Cyber Command.
The military is figuring out the chain of authorities a commander might use to trigger an offensive attack — a kind of cyber effects request system, according to Col. Thomas Goss, chief of the command’s Strategic Initiatives Group.
Eventually, Goss said, the ability to coordinate cyber operations through a brigade’s intelligence, communications and operations personnel, and higher echelons, will be organic to a brigade.
ARCYBER is working on a basic set of instructions for a brigade or division commander that would outline “certain effects that he would want,” Goss said.
Brigades themselves would not receive any sort of hacker tools. Instead, Goss said, the process would be similar to the chain of authorities used to approve a joint fires strike.
“As you can imagine, with an emerging domain and an emerging operational dynamic, those authorities are not delegated down to the lowest levels,” Goss said. “If you picture the equivalent of joint fires, somehow we have figured out how a division or brigade commander drops a [Joint Direct Attack Munition] where they want it without giving them an airplane.”
Goss declined to give details about specific effects in an unclassified forum.
As the Army works on writing the doctrine, ARCYBER has placed an emphasis on personnel, training and leadership development.
Cyber training is getting a jump-start as the Army includes network warfare scenarios in a growing number of brigade-level and division-level exercises.
To teach soldiers better cybersecurity practices, the Army has fielded an opposition force that models enemy capabilities in combat training at the National Training Center at Fort Irwin, Calif., and at the Joint Readiness Training Center at Fort Polk, La.
The “World Class Cyber OPFOR,” fielded by 1st Information Operations Command, can act out a range of scenarios, from fishing for information on poorly guarded networks to attacking the brigade’s mission command systems.
“What we are looking for is basically to approximate what threat or adversary the OPFOR commander is modeling, so we have tiers of adversary capabilities,” Goss said.
The idea is to expose vulnerabilities and improve the cybersecurity practices of the training unit.
After an exercise, the cyber red team’s commander can describe for the blue force what his objectives were and what he achieved. The brigade is shown what sensitive information it may have left unsecured, how it was discovered and how it was used against the unit.
“That allows my commander not just to have a talk with the OPFOR commander but ask, ‘How did you learn this? How did you get these graphics? Why did this system ... get to slower and slower when the battle went on?’” Goss said. “It also allows him to interact with his staff to say, ‘How can we prevent this from happening again?’”
Goss said after the cyber red team’s inclusion in three cycles at NTC and one at JRTC, commanders have been quick to catch on. Without a good cybersecurity training program and an awareness of their networks, commanders will lose their freedom to operate on the battlefield and fail.
These scenarios are fueling questions at the Tactical Commander’s Development Program at Fort Leavenworth, Kan., which in turn are “energizing” discussions over the evolving “doctrinal toolkit” for cyber, Goss said.
An ongoing capabilities-based assessment for cyber operations, led by Training and Doctrine Command, is incorporating lessons learned from such brigade-level exercises and 20 major exercises in which ARCYBER participates.
Gould is a staff writer for sister publication Army Times.