As Fifth Domain recently explored in its two-part series, the U.S. Army is increasingly examining the use of battlefield cyber techniques.
The Army is not alone; cyber has emerged as a war-fighting domain across the Department of Defense, a domain that by many accounts we are not sufficiently prepared to win as a complex web of adversaries ranging from Russia to the Islamic State group now boast electronic warfare (EW) and cyber capabilities that threaten U.S. troops. To ensure an advantage, DoD must overcome key challenges in conducting cyber operations on the battlefield and in tactical settings.
Tactical networks are frequently poorly secured
Current tactical networks leave an electronic footprint that is often easy to discover. Army tactical networks are by nature distributed and the close proximity of adversaries in battlefield environments allows for intercepted communications.
At the same time, the internet of things has expanded the attack surface on and around the battlefield. A 2017 Carnegie Endowment for International Peace Task Force white paper highlighted the fact that U.S. and North Atlantic Treaty Organization allies encounter “offensive [electronic warfare] capabilities preventing acceptably free use of the radio spectrum,” and “forms of electronic and cyberattack, including exploitation of personal data harvested from any connected device brought into an operational area.” Securing tactical networks and the internet of battlefield things (IoBT) is not in anticipation for the future of warfare — this is the present-day reality for U.S. military.
Cybersecurity technologies are too large and expensive to deploy
Tactical networks today lack the mobility and scalability needed in a war-fighter environment and are already size, weight and power consumption (SWaP)-constrained for small teams, vehicles and weapons systems at the tactical edge. Making matters more difficult, the push to deploy even more innovative technologies for C4ISR, EW, IoBT, robotics and machine learning competes for resources with cyber solutions.
Some tactical network programs have fielded limited cyber protection in the form of standard 19-inch rack-mount data center equipment, which is expensive, large, power-hungry and not designed for field use. This has significantly curtailed its deployment and left our tactical networks under-protected.
Limited real-time availability of trained cyber specialists in austere environments
In a battlefield environment, automated detection of potential cyber threats is critical. A response must come in real-time to avoid disastrous consequences. But there are few cybersecurity specialists available in the field to address threats as they come and maintaining multiple systems can be overwhelming for tactical operators.
As the Fifth Domain two-part series pointed out, “despite the fact the military is maturing its cadre of cyber warriors within U.S. Cyber Command, Army leaders say tactical commanders want to control cyber capabilities on the battlefield given the nature of the trajectory of future wars.”
Essential to that objective is how feasible it is to have roving teams of trained cyber specialists available in austere environments, and what alternatives exist to deliver tactical cyber on the battlefield.
Industry must step in with the tools, processes and technologies that ensure mission success for the DoD. These industry solutions should include several capabilities.
Small form factor to expand utilization
Small form-factor (SFF) modular solutions for automated detection and response are necessary to address security gaps in the network while improving operational efficiencies where resources are limited. Such capabilities need to be available at the far edge for small teams, command posts, vehicles and weapon systems.
Always-on cyber at the tactical edge
By fielding SFF systems embedded at each network segment at the network edge, cyber situational awareness and protection can be significantly improved. Network traffic can be captured for real-time, automated analysis and also for later deeper forensic work. In this Concept of Operations (CONOPs), cyber protection works even in disconnected, intermittent and limited connectivity situations.
Additionally, local analysis can reduce pressure on WAN connectivity by storing and analyzing packet data locally — while only forwarding metadata to higher echelons. This achieves better network and cyber situational awareness and enables cyber specialist teams to be alerted to issues quickly and key in to edge cyber solutions that contain complete records of incidents.
Ease-of-use to address the cyber skills shortage
Addressing the lack of trained cyber specialists available to combat threats in real-time on the battlefield is not simply a manpower issue. Technology must play a role; automated detection and validation of alerts assist this endeavor, as well as presenting appropriate responses and resolutions to soldiers. This way, entire units can be equipped with integrated cybersecurity knowledge without undergoing expensive and time-consuming training or having to wait days for a cyber specialist to arrive. This can further take the load off cyber specialists, who can be freed up to focus on the most advanced threats.
More secure classified data over Wi-Fi
The DoD shift from wired to wireless battlefield and in-theater communications has been slowed by the inability of war fighters to securely transmit classified information over wireless networks without specific clearance and expensive crypto hardware. Without the confidence to share classified data securely, war fighters lose situational awareness relative to adversaries who move faster and accept more security risk.
Industry must continue to focus on delivering SFF systems that bring the benefits of classified wireless access to war fighters in the field and that are able to meet NSA Commercial Solutions for Classified program requirements. Enabling war fighters to use commercial smartphones, tablets and laptops to securely access classified information over Wi-Fi and LTE while enhancing situational awareness must be a focus.
The pace of DoD implementation of network-centric war fighting at the edge is only increasing. As the CONOPs relies more on functioning communications systems, it’s paramount that cyber defenses mature and keep pace with the threats to these systems, while accounting for the unique SWaP, mobility and ease-of-use constraints at the network edge. Small form factor, automated, easy-to-use cyber solutions are becoming available to address these requirements, and tactical programs should develop requirements reflecting these advances.
Charlie Kawasaki is the chief technical officer of PacStar.