Advanced battlefield cyber capabilities were once only reserved for the most highly trained and secretive forces, but now these tools and concepts are emerging from the shadows where they originated.

In the not too distant future, brigades could have their own “cyber bullets” that could be used without going through lengthy approval processes or require support from remote cyber operators.

Leidos is working to make this capability a realty.

During a demo at the AUSA Global Force Symposium in Huntsville, Alabama March 27, Leidos unveiled how local forces can use advanced capabilities through a jamming pod mounted to a large MQ-1C Gray Eagle drone. This would allow forces to mine IP addresses, intercept communications and even manipulate enemy messages.

The pod can conduct a scan of all local assess points allowing operators to identify what’s in the area and attempt to get inside networks that might be of interest. Using what’s called a brute force attack, U.S. forces can gain the passwords of networks to get inside. Once inside, the brigade can see all devices and data in the network.

The demonstration showed how, once inside the network, messages from one enemy to the other can be intercepted and even manipulated. For example, one enemy message sought to coordinate a meet up point. While the U.S. operator allowed the initial messages to flow unaltered back and forth, eventually, they began to change the location and time, which resulted in sending forces to the wrong location.

This capability is similar to those used both during the Iraq War and signals intelligence pods that are currently mounted on large drone platforms and which could intercept voice calls from cell phones below.

During the Iraq War, National Security Agency hackers would infiltrate the cellphones and electronic devices of insurgents to provide their location to pilots above for more precise targeting, according to Shane Harris, author of the book ”@War.” Hackers would also go one step further, sending fake messages to insurgents through hacked devices posing as trusted sources that told fighters to meet at a certain location, which would then be targeted by U.S. military aircraft.

Special operations forces also used their cyber skills in infiltrating internet cafes known to be frequented by insurgents during the Iraq War and uploading software that could either recognize keystrokes or covertly activate a webcam, allowing soldiers to positively identify a target, Sean Naylor wrote in his book “Relentless Strike: The Secret History of Joint Special Operations Command.”

The big differences between those operations then and now, according to Adam Hinsdale, project director with Leidos, is on the signals intelligence side. Rather than voice driven, this tool is now data driven targeting Wi-Fi networks and the devices that connect to them. Second, the difference was who was conducting those operations during the Iraq War. While then it was often highly secretive agencies, the goal now is to provide this capability organic to a brigade commander.

What was needed during the Iraq War to execute those capabilities was pretty robust reach back, Hinsdale said. Also, the ability to do that from a long loiter platform, such as a Gray Eagle, around a cyber café for 30 hours without anybody knowing, was not done, he added.

One operational vignette Hinsdale described was that after a team has been collecting Wi-Fi networks and IP addresses for 24 hours from a loitering drone, those addresses could be fed into the Army’s intelligence network – Distributed Common Ground System-Army – which can then identify certain IPs or networks that are a priority.


While this type of capability is ahead of current authorities, Hinsdale said Leidos is providing input to the Army’s pilot program to figure out what types of tactical cyber capabilities should exist at what echelons and the authorities they might need to execute them.

Moreover, officials have noted that depending on the types of “cyber” attacks or effects they want to achieve, they may not need new authorities as tactical commanders have full control over electronic warfare capabilities and so-called over the air attacks. This is different from the remote, strategic level cyber attacks that require cross-globe effects through fiber that might transit several third party or neutral countries.

The convergence of EW and cyber at the tactical edge might provide greater flexibility in this vein for tactical commanders. As such, the capability Leidos demonstrated is an objective requirement for the Army’s multi-function EW Air Large program, which will provide brigade combat team commanders organic offensive electronic attack and support capabilities.

Himsdale said Leidos is pursuing the Army’s MFEW Air Large contract as a way to provide this cyber attack capability to brigade commanders. The Army plans to award the contract for MFEW Air Large later this year.

The Army, according to fiscal 2019 budget request, plans to spend $39.8 million on MFEW Air next year.

Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.

More In Global Force Symposium