The Army has discovered that one of the keys to success in cyber operations is to embed tool developers and coders alongside operators.
The military has long relied upon contractor support for coding and software development. However, in an operational environment that can change in milliseconds, forces need coders that can adjust to these changes in real time.
“When we built the mission force initially, it was this idea that we would pool the developers at a very central location. If you’re on a team, you conduct an operation, you would send a problem up, they would work it and they would send it down,” Lt. Gen. Stephen Fogarty, commander of Army Cyber Command, said Sept. 4 at the Billington cybersecurity conference in Washington. “In practice, that just doesn’t work.”
Now, these coders, who are uniformed and civilian, will help build operational infrastructure, tools and applications, Fogarty said.
Fogarty added that the Army has created a specific work role, or MOS in military speak, for tool developers.
Officials at the Army’s cyber school at Fort Gordon told Fifth Domain during a February visit that this new role was created from scratch. They said no other service has developed a programmer specialization at a comparable level.
The Navy has cyber warfare engineers that perform coding as part of their mission for the cyber mission force, however, that group is a self-selecting organization that pulls from outside the military as sort of a direct commissioning type program.
Army Cyber Command oversees cyber operations in Central Command, Africa Command and Northern Command on behalf of U.S. Cyber Command overseeing teams across the joint force in those regions. Similarly, Army teams also perform operations across the globe under the command of the Navy and Air Force.
Fogarty said that the service still needs members of industry to provide coding support, but the “flash to bang” wasn’t as tight as they needed from an operational perspective. Forces may need a certain exploit or adjust to a change the enemy made to its network immediately and can’t wait to send it out for development.
As a result, embedding these developers with the operators allows the Army, in particular, to expedite the development cycle.
“What we found, at least in the Army, is putting the developers as integral members of the team … because they see the problem and they understand the sense of urgency for a particular problem, they can develop a solution,” Fogarty said. “In a couple of operations that we’ve conducted over the last 45 days, we’ve watched a developer come into a problem, break it down very, very rapidly, develop a script, fix the tool, modify a tool … within an instant … [hours] not days or weeks, we’re able to create that solution.”
Gen. Paul Nakasone, now the commander of Cyber Command, has long maintained that the military has 50x performers, meaning they’re 50 times better than their peers.
Despite that, the military has long sought a strong cadre of coders, often times, falling short of what it needed, and having to rely upon others. Fogarty acknowledged in August 2018 that the Army recognized it needed more tool developers.
Fogarty explained that the Army has created a development environment where they can mock up targets and test their tools.
“I have a very high level of confidence and a very realistic rendition of an actual target that we’re going to operate against,” he said. “I can throw that tool or that exploit, I can determine what utility of that capability is and then generally go to Gen. Nakasone with very high confidence that the capability will work.”
Other Army officials have described a similar development laboratory as a “big win” for the service.
“We’re giving them a laboratory environment where they can build their own tools. That is huge because nobody can make them faster than them and then the fact that they are co-located with the operation guys makes that spin a lot faster,” Col. Kevin Finch, program manager for electronic warfare and cyber within Program Executive Office Intelligence, Electronic Warfare and Sensors, said in August.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.