Since U.S. Cyber Command’s elevation to a unified combatant command in 2018, comparisons have been drawn to Special Operations Command (SOCOM).
Modeled on SOCOM, Cyber Command now possesses unique authorities, both for acquisitions and force deployments. SOCOM also provides instructive lessons, however, when conceptualizing how best to train and fight as an integrated force. As Cyber Command celebrates its 10th anniversary and reflects on its path ahead, cyber training should be updated to better reflect the U.S. military’s reorientation towards multidomain operations.
In 2012, Cyber Command announced the creation of its Cyber Mission Forces, tasking those future teams with safeguarding Department of Defense information networks, cyber support of military operations, and buttressing the defense of United States critical infrastructure from adversarial cyber operations.
To rapidly achieve these ends, Cyber Command drew on existing training resources, such as the Navy’s Joint Cyber Analysis Course and the National Security Agency’s National Cryptological School. New training documentation, like the Joint Training and Certification Standards (JCT&CS) and the Cyber Mission Force Training and Readiness Manual were issued to create standardization and evaluation criteria across the cyber force. Operational training events, like Cyber Flag and Cyber Guard, have provided a level of realism in training, helping to certify the readiness force. As a result of these ongoing activities and others, Cyber Command announced just last year that its Cyber Mission Forces had achieved full operational capability. Efforts are now ongoing to build operational readiness. Yet, these efforts, will fall short of the military’s multidomain needs.
Training for Cyber Mission Forces has operated largely independently from training for the conventional force. For instance, the United States has developed realistic, closed network cyber ranges, like the nascent Persistent Cyber Training Environment, to train cyberwarriors in a range of tactics, techniques and procedures for offensive and defensive computer network operations. However, these ranges operate independently of traditional kinetic mission training programs for the conventional war fighter and battle staff. As a result, cyber mission forces are often trained solely to the cyber elements of a campaign at times, ignoring the broader battlefield picture. Similarly, little insight is provided to war fighters and commanders on how the cyber domain may influence their mission in adjacent domains, like land, sea, air or space. This is where SOCOM can provide some useful lessons learned.
Indeed, in the opening days of Operation Enduring Freedom, the integration between special operations forces and conventional forces was lacking. Communications systems were incompatible, deficiencies existed in command and control, and little understanding existed across the force on the tactics, techniques, and procedures of the other. However, by enhancing interoperability, harmonizing operations, and increasing mutual support, special operations forces and general purpose forces proved far more effective — and reliant on fewer resources. These changes flowed largely from investments in combined training and education. SOCOM worked as an active participant, and driver, to help deepen the relationship between the two communities.
CYBERCOM should place a similar emphasis on interoperability today. While joint operations can be challenging, cyber brings additional complexities, such as classification, authorities, differences in terminology, and sequencing and timing. These complexities must be resolved if the military is to fight seamlessly as a multidomain force, particularly in a high-end conflict against a near peer or peer competitor. However, such a goal remains arguably aspirational without realistic cyber-kinetic cross-domain training.
The scientific community has taken some initial steps outside of CYBERCOM to build a training environment for these cyber-kinetic interactions. For instance, initiatives like the Cyber Kinetic Effects Integrator and the Cyber Operational Architecture Training System have demonstrated the plausibility of an integrated training environment that allows cyber operators to work in support of an operational mission through the employment of “cyber fires” or by providing war fighters real-time intelligence. These initiatives should be built on. CYBERCOM should actively support efforts to encourage interoperability between their cyber mission forces and conventional war fighters.
What is needed is a sandbox — a place where war fighters and commanders can experiment and begin to brainstorm solution-sets to these cross-domain challenges. Just as SOCOM innovated when supporting integrated training for special operations forces and conventional war fighters, a similar innovation should take place under the aegis of CYBERCOM today.
To learn more about the ways Cyber Command has evolved over the last decade, download our series of essays that reflect on the origins and future of defend forward and hybrid warfare.
Jennifer McArdle is a non-resident fellow at the Center for Strategic and Budgetary Assessments, where she focuses on cyber operations and military synthetic training. Follow her on Twitter @jlmcardle01.