Imagine a brigade combat team readying an assault on a small town in Eastern Europe. As part of the planning, cyber and electromagnetic activities (CEMA) staff recommend knocking out Wi-Fi connections in the town to prevent residents and forces from communicating prior to or during the operation.

Today, planners must submit a request for such capabilities through their higher echelons, which slows down the operation.

But the Army is experimenting with how to insert these capabilities at lower levels to accelerate decision-making. The pilot, sponsored by Army Cyber Command, is called CEMA Support to Corps and Below (CSCB). The program, now in its eighth rotation at combat training centers, is testing a concept of expeditionary cyber teams (ECT), an added element that includes new offensive and defensive planners on the brigade staff and offensive operators that will travel with the tactical maneuver forces, typically at the company level.

Traditionally, cyber capabilities across the Department of Defense have resided in remote sanctuaries at the strategic level requiring a high level of authority, meaning any time a brigade commander wants to employ a cyber capability, cyber planners on the brigade staff must request from higher echelons slowing the decision cycle.

The pilot essentially has two goals, said Matt Funk, CSCB exercise planner. The first is to inform Army doctrine for tactical cyber to include recommendations on force structure and necessary infrastructure changes at training centers to better represent cyber capabilities. The second is to improve how these experimental teams operate within a brigade.

Fifth Domain recently visited the National Training Center at Fort Irwin in California to observe the pilot as ECTs were attached to the 3rd Armored Brigade Combat Team, 1st Armored Division.

“We know that the enemies, or potential enemies of the United States, have that [cyber] capability, so we have to defend against it. Not only our networks, but then we also have to be able to exploit that,” Brig. Gen. Jeff Broadwater, commander of Fort Irwin, told Fifth Domain.

“What the brigade is looking at is … are there ways we might be able to exploit an opportunity with cyber while protecting our systems that help us communicate in other areas in order to achieve the effect that we want to.”

The CEMA cell’s job is to provide cyber and electronic warfare options to the commander to get at their objective. Army Cyber is validating how well these cells and planners are integrated with the brigade staff. Is the traditional brigade staff coming to them first, as opposed to the cell having to raise its hand? If so, exercise officials consider that a win.

It’s about providing options — both offensively and defensively — to the commander.

“What these guys bring to the table is extraordinary,” Capt. Daniel Oconer, the brigade’s CEMA officer, said. “If you think about it like a card game, they’re giving me options, they’re giving the brigade commander options to gain that tactical edge against our adversaries.”

Without access to these tactical cyber teams, Oconer explained he would have to understand the intent of the commander, what effect he wants and then submit that in a formal request, letting the higher echelons determine if they can provide that effect.

Currently, both the CEMA planners and the brigade have immediate access to these effects. If, however, a more robust, remote capability is still needed, the CEMA team will make a request to higher echelons.

Funk said throughout the eight rotations of the pilot thus far, the biggest lessons learned is that CEMA, cyber and EW are no different than any of the other intelligence disciplines or capabilities.

“It’s just a matter of working with the staff to get them thinking about CEMA,” he said.

What is an ECT?

Some Defense Department officials have pointed to the parallels between the ECT and the integration of joint terminal attack controllers: highly skilled Air Force personnel that call in airstrikes from the ground. While it took a while for Army units to be comfortable with JTACs, this is now common practice.

Eventually, officials said, ECTs will need to earn trust with the brigade and, in the long run, might be common practice.

“At the end of the day, we’re really here to help train and integrate with the brigade,” Funk said. “If we walk away from here and the bridge feels like they have a better understanding of how to plan for and implement CEMA effects, then we consider that a win.”

At its core, the team consists of the expeditionary portion — offensive cyber operators that generate the effects and maneuver in the field with a company — and offensive and defensive planners that will be embedded with the organic CEMA cell at the brigade staff to help plan the operation and effects.

On the defensive side, the team includes a defensive planner that coordinates with the brigade’s network personnel. It also works with the cyber protection brigade that helps monitor the health of the brigade’s networks that are being strained from constant probing of an opposing force replicating a near-peer threat.

Col. Robert Magee, who leads the 3rd ABCT, told Fifth Domain that even beyond staff level planning, the capabilities the ECTs can bring to bear have to be practiced at home station with the brigade because if the brigade doesn’t see how it works, they won’t get it.

Funk said part of the evaluation is how well the ECTs tactically maneuver with units in the field.

Exercise staff want to make sure they can perform their cyber tasks without being physically seen by the enemy and compromising their position.

What teams can provide for a commander

ECT planners look at infrastructure in the environment prior to an operation to figure out what they can exploit, Funk said.

Are there cybercafes, IP cameras, traffic cameras, security cameras, some type of communications network, Funk asked.

This is not much different than a scout or artillery, Funk said.

“I want access to those teams as a brigade commander. It’s how do we leverage that for all of our operations in the future,” Magee said. “What [the cyber teams are] really doing for me right now is they’re actually hacking some of the systems that are out here and allowing me to get eyes into places I normally wouldn’t be able to get eyes.

“What the cyber team did [is] give me a way to double up on intel platforms in a way that I haven’t been able to do before,” Magee said.

In one training exercise, Magee said he had a pretty good picture of what was inside a town by fusing aerial, ground human and cyber intelligence.

What’s next for the program?

Funk said the current plan is to continue about two rotations of the CSCB pilot per year.

He also explained that, next year, they hope to do a rotation at the Joint Multinational Readiness Center in Germany for the first time, which will involve coalition partners and game out the same integration issues, but now in a coalition environment.

Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.

More In IT and Networks