Updated Oct. 7 with a comment from the Navy.
Within Cyber Command’s Cyber Mission Force — established in 2012 to include 133 teams in varying roles that reached initial operational capability at the end of September 2016 and will reach full operational capability in 2018 — there are the service cyber components. They work to defend service-specific networks and missions as opposed to the joint cyber effort. Within this construct, the services have begun to integrate their cyber warriors with traditional military units as cyber now touches most everything.
For example, Air Force Chief Information Officer Lt. Gen. William Bender has described the need for an "organic cyber capability" for the Air Force separate from the joint CYBERCOM mission.
“There’s a clear recognition that our service needs an organic cyber capability to get after much of what Cyber Command … just doesn’t have the bandwidth to do or simply not in their charter, and it’s critical [to the] Air Force,” he said at a Defense Writers Group breakfast in July.
This organic capability, he said, revolves around the Air Force’s five core missions — air and space superiority; intelligence, surveillance and reconnaissance; rapid global mobility; global strike; and command and control — and focuses on mission-specific tasks in the air domain. While CYBERCOM is concerned with big problems and high-end warfare, such as protecting missile defense systems and air defense systems and assuring the nuclear enterprise and space enterprise, the Air Force needs organic capabilities to complete daily missions, he said.
Organic capabilities specific to the Air Force, he said, involve assurance of aerial refueling, assigning crews to planes, and ensuring planes take off on time and complete their mission. All these tasks, Bender said, are dependent on cyber-vulnerable systems.
In this vein, the Air Force has created a director of cyber forces, or DIRCYBERFOR, with 39 billets across all air operations centers with the intention of integrating cyber into the theater of the service's multi-domain operations, officials from the 24th Air Force, or Air Forces Cyber, told C4ISRNET.
The DIRCYBERFOR operating concept synopsis, they said, defines a need for a cyber representative to the commander of Air Force Forces to facilitate and integrate cyber operations with air and space operations.
Within the 39 billets, there is one billet for each component-numbered Air Force or major commands that needs a billet with a heavier concentration focused on three air operations centers – 603rd, 609th and 613th – which serve as these concepts that are tested in
16-1, a recurring exercise that “provides doctrinally correct air, space, and cyberspace crisis action planning.”
Officials also provided a list of roles and responsibilities for DIRCYBERFOR, which include:
- Principal adviser for cyber lines of effort such as Department of Defense Information Network operations, defensive cyberspace operations and offensive cyberspace operations
- Advocate to external entities for cyberspace support
- Integrate/synchronize cyber authorities/activities
DIRCYBERFOR is not, however, responsible for traditional C2 communication functions, such as networks, data links, equipment and frequency managemen.
The Army, in addition to establishing a brand-new cyber branch, has instituted an initiative called Cyber Support to Corps and Below, which is described as the integration of cyber effects to the tactical edge to support real-world missions and unified land operations.
“We’re working through how do we really integrate cyberspace operations into unified land operations. You don’t do cyber unto do cyber, it’s about how do you achieve operational effects,” said Ronald Pontius, deputy to the commanding general at Army Cyber Command.
Within this initiative, there are a series of experiments “to determine what recommendations should there be [in terms of] DOTMLPF [doctrine, organization, training, materiel, leadership, personnel, facilities and policy] should there be force-structure changes in brigade combat team or at the division or corps level,” Pontius continued.
As part of this effort, the Army has run several training exercises with the most recent occurring over the summer at Fort Irwin in California. During this exercise, the 1st Infantry Division's 1st Armored Brigade Combat Team was the fifth brigade to integrate cyber effects under this pilot program, the Army
. Expeditionary cyber teams embedded with the brigade and helped commanders maneuver in the “information environment,” the Army said, leveraging defensive cyber operations, offensive cyber operations, electronic warfare and information operations.
During these exercises, cyber teams conducted reconnaissance of the operational information environment to better understand adversarial activity, sending their collection to an analytical cell for a team to develop insights and actionable intelligence.
In terms of offensive and defensive capabilities generating capabilities, battalions moving through a city can employ a cyber team to disrupt enemy networks on the offensive side while defensive teams defend critical systems such as servers, routers, transmitters or targeting systems from cyberattacks.
The Marine Corps has been undertaking similar lines of effort in adjusting from the post 9/11 environment of counterterrorism and counterinsurgency to fighting across multiple physical and virtual domains of warfare. Personnel with I Marine Expeditionary Force conducted its Large Scale Exercise 2016 also in California over the summer across several locations to hone cyber capabilities with the overall purpose to “practice the deployment of a fighting force of more than 50,000 military personnel to a partner nation and incorporate both live-fire and simulated combat scenarios against a near-peer enemy force,”
the Marines said
“What we are working on in the joint force across the national-defense establishment is finding our way into this new domain of warfare that we call the cyber domain,” said Maj. Gen. David Coffman, deputy commanding general of I MEF. “The ones and zeroes in the computers can go around the world, up into space, etc. This is a problem we are attacking in this exercise.”
“The scenario gives us the opportunity to exercise against a force with advanced cyber capabilities,” said Capt. Curtis Miller, cyber network operations planner with I MEF. “What that means to me is we have to stand up a defensive posture to enable the operators to fight through and accomplish the objective.”
A Marine Corps spokeswoman told C4ISRNET via email that the Marines integrate cyber capabilities within traditional forces by training Marines organic to the Marine Expeditionary Forces, adding that Marine Forces Cyber Command (MARFORCYBER) has taught, advised and helped train operating forces to ensure commanders have the knowledge and tools to leverage cyber capabilities and gain advantages over adversaries.
The spokeswoman also said MARFORCYBER conducts cyber readiness visits to various commands throughout the Marine Corps to “identify cyber key terrain, assess readiness and culture, and bolster our defenses” with a focus on “increase[ing] knowledge and institutionaliz[ing] cyber across the entire Marine Corps and to ensure our MEFs are trained and capable of utilizing cyber capabilities with assets and Marines organic to their units.”
“It is critical our use of cyber provides and preserves warfighting capability and adds value to the Marine Air-Ground Task Force (MAGTF). Cyber is a warfighting domain and it must be considered part of the single battle to Fight, and ultimately win, in future operations,” the spokeswoman added.
The Navy, for its efforts, ingrates its sailors from Fleet Cyber Command/10th Fleet Task Force 1030 with traditional Navy units to both train and assess unit-level cybersecurity readiness, a Fleet Cyber spokesman told C4ISRNET. Blue teams from Task Force 1030 also provide tailored cybersecurity training to deploying ships' onboard IT specialists the spokesman added, which covers cybersecurity best practices, network hardening and threat response.
Shipboard personnel are also exposed to red teams that support integrated assessments during the Optimized Fleet Response Plan with threat emulation and cyber simulation, the spokesman continued.
"The Navy continues to operate our network as a warfighting platform," the spokesman wrote in an email. "We recognize that our operational commanders rely on our networks for command and control, battlespace awareness and integrated fires in all phases of conflict, as well as daily operations."
Sailors also receive training in a real-time network environment at their Suffolk, Virginia, facility conducted by Task Force 1020, or Navy Cyber Defense Operations Command. These sailors will then provide local network defense to include detection and mitigation of threats and vulnerabilities with carrier and expeditionary strike groups.