Navy Seeks Technologies for Cyber Fight
Defeating modern capabilities calls for the best that labs can offer.
Emerging technologies such as artificial intelligence and cognitive computing soon could be setting sail to aid the U.S. Navy in its battle to conquer cyberspace. Such capabilities could hold the key to improving cyber defense, while other approaches are making their way into offensive cyber operations, says the Navy’s top cyber officer.
Some technologies the Navy seeks are dual-use in the sense that they can be employed by defenders as well as attackers. Automation, for example, is being used by nation-states to probe and prey upon large blocks of Internet protocol (IP) space in both the military and commercial realms. Yet defenders also may rely on automation to help detect and respond to cyberthreats early in an attack.
Overall, the Navy faces the same technological challenges confronting the rest of the Defense Department and even the world at large, declares Vice Adm. Mike Gilday, USN, commander, U.S. Fleet Cyber Command/U.S. 10th Fleet. He describes a significant rise in the number of malicious cyber actors, most of whom are criminals empowered by a rapid improvement in capabilities. Some statistics show that a new piece of malware is introduced to the Internet every four seconds, the admiral offers, and the large number of destructive tools available at low or no cost also have better stealth capabilities and lethality. The threat the Navy and the world must tackle has evolved from exploitation and disruption to destruction.
Above all looms the weaponization of data. This already has been demonstrated in commercial cyberspace with the Sony Pictures hacks of late 2014 and the rise of health care ransomware attacks. Most recently, the U.S. presidential election was flavored by hackers traced to Russian intelligence agencies.
Adm. Gilday attributes this proliferation to a lack of agreed-upon international norms of behavior. Earlier this year at the Atlantic Council, the Tallinn Manual 2.0 academic group released a report that applies international law to cyber operations, but it is voluntary and nonbinding. No peaceful norms directly address thresholds for malicious behavior in cyberspace, the admiral declares, so no deterrent exists.
Malicious operators in cyberspace are becoming more brazen and aggressive, he says, citing the Russians as just one example. Comparing their cyber activities to kinetic operations in Crimea and Eastern Ukraine, the admiral contends that they do not seem to care if they are seen or found. Advanced threat actors such as the Russian hacker groups Fancy Bear and Cozy Bear, which the FBI linked to Democratic National Committee election hacks, have been active against industry and pose a threat to the Defense Department.
“That degree of brazen behavior that we’re seeing out there is alarming, and it is all too obvious now on a daily basis,” Adm. Gilday declares. “We ignore what is going on in the commercial world at our peril. It drives a closer relationship between us and industry.”
Increasingly, the Navy must account for these threat conditions in its operations. “It really comes down to being able to rapidly deploy capabilities at the scope and scale that allows us to defend ourselves better against these more elusive and more lethal threats,” the admiral states.
Adversaries are incorporating traditional electronic warfare (EW) threats such as jamming into cyber attacks. Adm. Gilday adds that signals intelligence (SIGINT) also is part of the overlapping effects of EW and cyber attacks. This is another factor changing Navy cyber operations.
“In the future, we can’t just singularly think about how we’re going to fight in cyberspace or how we’re going to fight in the RF [radio frequency] spectrum or how we’re going to collect with SIGINT,” he warrants. “In the end, what we really need to do at both the tactical and operational level is to organize ourselves around these disciplines.”
He continues that the force still is organized in separate disciplines across the command structure. Instead, stovepipes must be broken down to create a cell comprising subject matter experts in communications, cyber, EW and intelligence. This cell would operate across the planning horizon spectrum, he states.
Automation, a tool for attackers, is key to Navy cyber defense. Adm. Gilday says it is required for protection that goes beyond boundary and point defenses. He calls for greatly increased investment in artificial intelligence and cognitive computing. Artificial intelligence should be leveraged to provide a greater understanding of activities deep inside Navy networks. “We need to move beyond touch labor, in terms of being able to respond rapidly to a threat,” the admiral declares. “We have great detection systems that alert us to known or suspected bads, but the challenge is to be able to quickly identify and respond to an intruder deep inside your networks.”
Adm. Gilday notes that the commander of the U.S. Fleet Forces Command, Adm. Philip S. Davidson, USN, is trying to turn the Navy away from its focus on the carrier strike group or the amphibious strike group and back toward the numbered fleet headquarters. Those headquarters also serve as joint force maritime component commanders for their respective combatant commands, and this move would return control to that level. A commander responsible for command and control (C2) of the physical assets in that battlespace also must be responsible for C2 of the electromagnetic spectrum, Adm. Gilday posits.
As with other warfighting activities in a combatant command theater, cyber operations are joint. For offensive cyber, component commanders receive nonkinetic cyber services that are transparent in terms of service origin, the admiral points out. “It’s not who owns the particular [cyber] asset, it’s what we can provide to joint commanders across the spectrum,” he says. Commanders do not request capabilities such as EW from a specific service, opting instead to request effects and let the command assign them from the appropriate source. For defensive cyber, the Navy constantly is moving its cyber protection teams among the other services’ networks, the admiral relates.
The Navy’s partnerships extend outside of the Defense Department. Adm. Gilday describes how foreign countries as well as the U.S. Department of Homeland Security and the FBI are important partners in the service’s cyber operations. The FBI provides vital information on malicious cyber activity in the United States, particularly in places where the military cannot go. This activity can come from an adversary that also is operating in the Navy’s cyber arenas. “Leveraging different authorities of different U.S. government agencies is really central to developing a holistic attack plan, whether offensive or defensive,” the admiral expresses.
One of the Navy’s top concerns is that an adversary would deny the fleet its cyber capabilities in a conflict. The service is working to enable its forces to operate in this kind of denied environment, but Adm. Gilday emphasizes that this does not represent an abandonment of cyber as a key warfighting tool.
“Cyber is absolutely a key enabler, particularly early in a fight when we want to increase the fog and friction of war and place ourselves in a position of advantage against an adversary,” he declares. “Cyber is absolutely, positively part of how we have to fight in the future—and how we have to shape that environment right from the onset.”
The Navy will not be deterred by the potential of denied cyber operations and return to conventional operations, the admiral attests. Cyber must be the first and second lines of defense in a fight, he contends.
And the Navy must ensure that its platforms are positioned properly to enable cyber operations, Adm. Gilday continues. The overlap of the RF spectrum and cyber can take advantage of that access among the networked Navy ships. “Access is our friend, and we need to leverage that with respect to naval platforms. And we need to configure them so they can take full advantage of everything the RF spectrum and cyberspace allow us to exploit,” he states.
Among the Navy’s top cyber priorities is upgrading systems to make them more resilient, Adm. Gilday states. The Navy continually strives to keep pace with—and possibly keep ahead of—cyber attackers. “You can never really be satisfied with the solutions you bring to bear,” he says. “Because these are systems designed and built and fielded by humans, they are reverse-engineered, so it is a constant challenge to make those networks more resilient and to evolve with an evolving threat.”
But employing commercial cyber capabilities can run afoul of military acquisition rules. “One of our challenges in the Defense Department is developing acquisition practices that allow us to take advantage of that technology as it rapidly changes,” the admiral points out.
This challenge must be addressed. Senior leaders must think about cyber’s role “in terms of how we’re going fight in the future,” Adm. Gilday offers. “From how we’re going to design the hardware that we deploy—ships, submarines and aircraft—to how we actually bring those assets to bear in a multidomain fight and how we synergize cyber in everything we do in the kinetic side,” all will be a key consideration for these leaders.
Both the military and industry face similar challenges: developing ever-faster, more agile networks. Often, companies with legacy networks struggle to improve resiliency and reduce vulnerabilities to growing cyber attacks, Adm. Gilday points out. For now, he says dual-use technology can meet Navy cyber requirements effectively.
“If we can get the right mouse trap [from industry] and be able to use it at scale across our vast networks, we will be in a much better place,” he says.