WASHINGTON — The U.S. Army is maturing concepts and capabilities to conduct cyber operations outside of U.S. Cyber Command.
Over the last few years, the service has tried to build tactical cyber capabilities to fill gaps between what Cyber Command teams already provide and what is needed by commanders on the ground. This has included the creation of formations such as the Intelligence, Information, Cyber, Electronic Warfare and Space (I2CEWS) detachment of the Multi-Domain Task Force, as well as the 915th Cyber Warfare Battalion, which consists of 12 expeditionary cyber teams that will provide on-demand support formations.
In many ways the 915th was created to bridge the gap between the tactical level — essentially corps and below — and the cyber teams at Cyber Command, which are focused on more strategic-level, internet-based target sets. Now Army commanders that request support from the battalion won’t always have to ask the high-demand cyber mission force teams for assistance since they’ll be organic to the Army.
Authorities for cyber operations are still held at the presidential level, though they have been delegated to the defense secretary and Cyber Command. However, officials concede that in the near to mid-term, the authorities could be delegated even further to the operational and tactical levels. Units have been able to skirt these authorities by relying on operations in the electromagnetic spectrum or radio frequency-enabled cyber effects, for which tactical commanders have much more leeway.
What has been less clear during the formation of organic Army cyber forces is who will do what and how they might deconflict activities in the digital domains. In short, the 915th will execute offensive operations while the I2CEWS currently cannot, a spokesperson for Army Cyber Command told C4ISRNET.
“The 915th CWB is the only formation in the Army with the capability to execute offensive cyber operations in support of Army forces at [Army service component commands] and below. The I2CEWS does not have the personnel or infrastructure available to execute these operations,” the spokesperson said. “The 915th CWB and I2CEWS provide the Army with capability and capacity to generate cyberspace and electronic warfare effects through forward presence in a converged force posture.”
The I2CEWS largely will conduct defensive cyber operations for tactical network support and in some cases host nation infrastructure support, if asked.
The I2CEWS is beginning to receive some of the defensive kits provided to Cyber Command’s cyber protection teams. These include deployable defensive cyber systems and tactical defensive cyber infrastructure.
Other capabilities include systems to connect the I2CEWS to regional cyber centers as well as other area defenders, Col. John Transue, Army capabilities manager for cyber, told reporters in September.
The 915th will conduct its offensive operations through radio frequency-enabled cyber effects. One of the best examples of this is what the unit’s predecessor pilot program, Cyber Support to Corps and Below, have done at the National Training Center at Fort Irwin, California.
Army Cyber Command is using a pilot program, Cyber and Electromagnetic Activities Support to Corps and Below, to test the infrastructure changes necessary to insert tactical cyber teams within brigades.
Those forces demonstrated the ability to conduct over-the-air operations targeting Wi-Fi nodes and gain access to closed-circuit television feeds to allow greater intelligence value for commanders planning urban operations.
Additionally, the Army will be exploring how to target tactical networks of adversaries.
“The big idea behind that battalion is it rides multidisciplined cyber, electronic warfare and information operations support to the supported commanders,” Lt. Gen. Stephen Fogarty said during a virtual conference in late September hosted by the Association of Old Crows. “Each one of those expeditionary cyber teams is going to have really full-spectrum cyber capabilities. We can defend with elements of that team, attack from elements of that team, have electronic warfare experts to do both sensing and electronic attack and then the information operations professionals that can help us tie all this together.”
As this formation adds more personnel and units, it will assist cyber and electromagnetic activities sections in planning cyber and electromagnetic spectrum operations for commanders. It will also conduct those operations, though it will largely be reliant on the organic assets of brigades.
The Tactical Cyber Equipment-C4ISR/EW Modular Open Suite of Standards (CMOSS) Chassis is the primary tool available to these forces. It’s a backpack that will plug directly into organic brigade assets and leverage their capabilities. These systems include the Terrestrial Layer System (TLS)-Brigade Combat Team — an integrated signals intelligence, electronic warfare and cyber platform mounted on ground vehicles — and the Multi-Functional Electronic Warfare Air Large — the Army’s first organic brigade electronic attack asset mounted on an MQ-1C Gray Eagle drone capable of radio frequency-enabled cyber effects.
“The capabilities they have what they call the expeditionary cyber chasse, it’s a backpack-capable system that will be going forward. They will also be utilizing some of the EW-type systems from the TLS that is both for EW- or [signals intelligence]-type capabilities and also designed to help provide that RF-enabled cyber effects by utilizing … the CMOSS chasse … where you can put in a card both for signal where you can use it for software-defined radios, for EW-type effects and cyber effects,” Transue said told reporters.
Forces could also plug directly into a system like the TLS with a laptop via a jack in the back, which would be more effective than having the manpack-friendly solution with tactical cyber equipment, Col. Kevin Finch, the project manager for electronic warfare and cyber, said at the virtual conference. He added that there is also the ability to remotely use these systems.
Extra training is required for these cyber- and RF-enabled operations, something personnel in the average brigade wouldn’t go through, which is why these units will need the specially trained and equipped 915th expeditionary cyber teams to augment forces.
If the desired effects can’t be achieved through these capabilities, commanders can still request assistance from the cyber mission force, as there will be a linkage between the 915th and the cyber and electromagnetic activities sections, which officials said provides the best of both worlds.
When it comes to deconflicting offensive actions, a spokesperson from Cyber Command told C4ISRNET, the command actively coordinates operations with cyber components and combatant commands. Others have noted that the type of deconfliction that will occur in this tactical space is likely through a notification that certain operations are to take place in a particular battlespace.