Organizations like U.S. Cyber Command are working to integrate cyber teams into theaterwide campaign plans to be used by joint force commanders as they see fit. The most public of these efforts is currently in the Middle East in the fight against the Islamic State group.
“We are working diligently to better integrate cyberspace operations into our campaign plans as well as maturing CENTCOM’s use of the cyberspace domain,” Gen. Joseph Votel, commander of U.S. Central Command, said in a keynote address on Wednesday, Sept. 13, at the Billington CyberSecurity Summit in Washington. “Historically, cyberspace operations have been stovepiped and executed independently. As the domain has matured, we have started integrating cyber operations into all of our planning efforts.”
The U.S. has been public about its offensive cyber campaign against ISIS for the last few years, even going so far as to say the military is dropping “cyber bombs” on the militant group.
[Defensive cyber teams take on more missions under new model]
[What defense leaders (are now willing to) tell us about offensive cyber ops]
Votel described a recent successful operation against ISIS, though was scant on details given the sensitivities involved. Votel said the operation involved coordination with special ops as well as air, information and cyber ops.
“With this operation, while highly successful, we had a limited duration impact before our adversaries were able to reestablish their virtual presence,” he said, adding that just as in the kinetic battlefield, ISIS remains highly adaptive in their cyber capabilities. “This model for success is being replicated for planning in future operations and what we use to maintain pressure on enemy networks, be they located in Iraq or Syria or on servers thought the world. And with time and effort, we hope to expand the duration of impacts on our adversaries capabilities.”
Cyber Command provides cyber teams of all stripes ― offensive, defensive and intelligence-based ― to combatant commands. These cyber teams through Joint Force Headquarters-Cyber are integrated into operations with traditional forces, which simply provides another tool in the toolkit.
“Just like air, land, sea and maritime power projections, what we’re working with the combatant commands to do is project power in, from and through cyber, integrate it in their battle plans so it’s timing and tempo is set by the commanders in the field based on the scheme of maneuver that they have on the ground,” Maj. Gen. Christopher Weggeman, commander of 24th Air Force/Air Forces Cyber, said in a recent interview.
“What can cyber do? How does cyber become the artillery shell? How does cyber become the bomb? How does cyber make electronic warfare more effective? Whenever they have a target or a targeting problem, they’ll put it up for all the components to look at. If they say they need to take out an integrated air-defense system, whether they’re using F-16s or suppression of enemy air defense, now they have us. They’ll say: ‘Gen. Weggeman, what can you offer and what capabilities do you have?’ We would say: ’We have X, Y or Z,’ ” he continued.
[Air Force cyber boss sets early deadline for full operational capability]
The process for joint targeting is the same in cyber as in any other domain, he added.
“I think from the [combatant commands], what I hear is they are not seeing something that helps them in their campaign, and because of that they’re a little bit distrustful of their being able to depend on what they ask for,” said Bill Leigher, director of government cyber solutions at Raytheon. “The bigger issue is having capabilities that combatant commanders understand, understand where they fit into their campaigns and why they need the legal definition of a weapon, and how are you going to treat them like so.
“I think any time that we introduce a new capability into a [combatant commander’s] kit bag, we’re going to find both from the perspective that a new [tactic, technique and procedure] needs to be developed, the whole family of joint task force commanders who may have access to either enjoin those effects or delivering those effects, and it will be a maturity, an evolutionary thing as this mature[s],” Leigher continued.
“I try to do this with all the combatant commands, sit down face-to-face: ‘Where are we? Are we meeting your requirements?’ ” CYBERCOM Commander Adm. Michael Rogers told Congress earlier this year. “Cyber Command, in many ways, what we do functions to support others. We exist to enable and support the success of others.
“I always tell our team that much of our success will be defined by others, not by us. That’s the way it should be.”
Votel noted that one of the things he’s learned over his career is that leaders must be comfortable with those down the chain of command that have more expertise than those at the top with tools and capabilities.
“Certainly if you’re coming to me to look for the expertise of how we actually do this and how we actually apply the tools, I think we have to rely on our people to do that, and that’s where the expertise lies,” Votel said. “The role of the leaders in this is making sure that we ensure that it is integrated with the other domains, which we are operating, be it air, maritime or on the ground, and that we are pursuing the right authorities to allow our experts to bring these capabilities to bear.”
Authorities
On the authorities front, Votel expressed some certainty regarding how cyber effects are governed. Through Presidential Policy Directive 20, cyber effects are governed through the White House to be delegated by the secretary of defense. These effects are integrated through Cyber Command.
[Authorities Complicate Use of Cyber Capabilities]
At the strategic level, he said, this arrangement makes sense and is actually helpful as global cyberspace operation are synchronized to better support geographic combatant commanders.
“At the operational level, however, the level at which cyberspace operations are integrated with conventional and special operations forces, this can make approval so cumbersome that these capabilities are narrowly irrelevant,” Votel added.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.