When American soldiers train for a cyberattack on the battlefield, they often use note cards.
Although the U.S. military prides itself on being the best trained fighting force in the world, some national security experts are concerned the rudimentary training methods to simulate a cyberattack show the United States is not prepared for future battles.
“Cyber injects are often done via white carding, which is the literal use of a note card intended to represent cyber friction,” wrote Jennifer McArdle, a non-resident fellow at the Center for Strategic and Budgetary Assessments, in a new paper. The document, titled “Victory over and across domains: Training for tomorrow’s battlefield," was released Jan. 25.
Pentagon officials, who have quietly monitored Russia’s use of hybrid warfare in eastern Ukraine, envision a future fighting environment where traditional land battles are combined with cyberattacks and jammed radio frequencies. But McArdle identified gaps in how the American military trains for this future combined warfare.
“Training today is not providing warfighters the kind of experience they need to fight in a complex battle space,” McArdle told Fifth Domain.
First, traditional warfighters do not experience the effect of a cyber attack in live training. McArdle said that cyber and traditional fighting training environments are separated, rather than integrated.
Second, traditional soldiers rarely train together with cyber-specific troops rather than working together.
For McArdle, the twin deficiencies mean that American military troops may be unprepared for new tactics of battle.
“A common mantra within the U.S. military has been to ‘train as you fight,’” McArdle wrote. “Yet, live training fails to replicate with fidelity the type of cyber and informationized operations that warfighters will experience in a contested and complex battlespace.”
“We don’t have an environment where cyber warriors can train alongside non-cyber fighters. This must be done in a synthetic environment, but that is not available today,” McArdle told Fifth Domain.
One reason for the training gap is because live training of a cyberattack can have “cascading effects” and cause lasting damage, McArdle said. It is considered a non-starter. Another is that different services have different training philosophies. McArdle gave the example of how the Air Force trains its members with a “platforms” based approach, like an F-35 simulator, while the Army has a “mission” focused training ideology.
But perhaps the most significant reason is that knowledge of what may happen to soldiers' equipment during a cyberattack is a closely held secret. Because of classification issues, those who understand how electronic warfare might interrupt a soldiers' gear may not be able to explain it in an unclassified setting to those creating a simulation. The dispersed knowledge makes it difficult to create a realistic training environment.
But McArdle’s research says it is possible to create a realistic simulation for these hybrid environments using unclassified information.
Near-peer adversaries, such as China, Russia, Iran and North Korea “do publish some strategic or doctrinal documents that provide some indication of how they may employ cyber capabilities in a conflict,” McArdle wrote. “These capabilities should help to inform assessments of the blended strategies, combining kinetic and non-kinetic attacks, that adversaries may adopt in the event of conflict.”
In addition to the Pentagon, NATO forces are also researching how to simulate cyberattacks on the battlefield.
“We need to start linking the cyber and non-cyber environments together if we want to be effective.”
Justin Lynch is the Associate Editor at Fifth Domain. He has written for the New Yorker, the Associated Press, Foreign Policy, the Atlantic, and others. Follow him on Twitter @just1nlynch.