WASHINGTON — The Department of Defense weapon tester wants to improve the way the Pentagon assesses tools and capabilities for offensive cyber operations that disrupt or destroy enemy data systems.
Such operations are growing more important, and testing that involves simulating realistic operations is not routine or rigorous enough to give commanders confidence the capabilities will work as designed, according to the annual report on weapons systems from the Director of Operational Test and Evaluation office.
When DoD builds a new weapon, it conducts tests to ensure it works as intended, in part so commanders know how successful it might be. For example, a commander must take the approximate blast radius of a missile into account when planning an operation to minimize unintended damage around the target.
In cyberspace, testing offensive weapons presents difficulties because artificial network ranges are necessary to avoid damaging real-world systems. These offensive capabilities are often designed to work against hardware or software flaws that adversaries could patch at any moment, meaning for some targets and exploits, time is always fleeting. This differs from the physical world, in which ordinance, for example, can be dropped on an open test range.
“Weapons like JDAMs [Joint Direct Attack Munitions] are an important armament for air operations. How long are those JDAMs good for? Perhaps five, 10 or 15 years, sometimes longer given the adversary,” Gen. Paul Nakasone, commander of Cyber Command, told Joint Force Quarterly in a 2019 interview. “When we buy a capability or tool for cyberspace ... we rarely get a prolonged use we can measure in years. Our capabilities rarely last six months, let alone six years.”
To help improve testing, DOT&E will continue its assessments with service representatives and Cyber Command’s cyber mission force to increase confidence in offensive cyber capabilities and provide information that could enhance future exercises.
The report pointed out these challenges that the DoD needs to overcome include:
- Better access for testers to advanced cyber expertise to help them plan and execute tests on advanced offensive cyber operations technologies.
- Improved access for testers to intelligence on targets and defensive capabilities surrounding them.
- Training and capabilities of red teams to portray near-peer adversaries for targets of interest.
- Test ranges to assess the effectiveness of cyber capabilities delivered by over-the-air transmissions, which are typically Wi-Fi or radio frequency based, as opposed to Internet Protocol or copper/fiberoptic wire based.
The report noted that testers observed demonstrations or performed assessments of seven offensive cyber events in fiscal 2020, including planning for cyber fires during an exercise with Indo-Pacific Command. These capabilities examined ranged in sophistication from tactical devices to defeat terrorists to advanced cyber/electromagnetic spectrum attacks for use against nation-states.
Specific cyber programs
Last year, DOT&E for the first time examined Cyber Command’s template aimed to guide its procurement, dubbed the Joint Cyber Warfighting Architecture.
This year’s report, however, provided slim details on these programs, only offering that the testing office oversaw two of the five aspects of the procurement architecture: Unified Platform and Joint Cyber Command and Control. The Air Force is building both on behalf of Cyber Command for the entire joint cyber force. Unified Platform is designed to integrate and analyze data from offensive and defensive operations with partners. Joint Cyber Command and Control is considered the decision-making platform and aims to provide joint commanders enhanced situational awareness and battle management for cyber forces and missions.
This year’s report also briefly noted that DOT&E’s advanced cyber operations team, which includes cyber experts who are assigned rapidly to assessment teams, supported a cybersecurity assessment of IKE, a planning and execution tool designed to support Cyber Command operations.
The IKE prototype effort, under development by the Air Force and the Strategic Capabilities Office, will allow forces to plan and visualize the cyber environment. It is thought by some to be a precursor to Joint Cyber Command and Control.
Mark Pomerleau is a reporter for C4ISRNET and Fifth Domain.