The Quest for an Operational Cyber Edge
Soldiers do amazing things with cyber and electronic warfare technology prototypes.
U.S. Army officials expect that by this fall, they will have formal approval of a rapid prototyping process for acquiring cyber and electronic warfare prototypes assessed during the just-completed Cyber Quest 2017 exercise at Fort Gordon, Georgia.
Army officials describe Cyber Quest as an annual cyber and electronic warfare exploration and collaboration event hosted by the Cyber Center of Excellence. This is the second year for the event.
It is the Army’s initial investment to help Training and Doctrine Command (TRADOC) capability managers in the definition of requirements, validation of concepts and identification of quick turnaround acquisition opportunities. The intent is to provide industry, academia and Army technology developers the opportunity to demonstrate innovative solutions to current cyberspace operational challenges while integrating the capabilities within Army systems. Solution providers who participate receive feedback to better provide future capabilities.
Army officials do not yet know how rapidly they will be able to field technologies that performed well during the exercise. But they know it needs to be pretty quick. “One of the things the Army is going to have to start working our way through ... is that in this world where things change so fast, the traditional acquisition model will not work,” declared Maj. Gen. John B. Morrison Jr., commanding general of the Army’s Cyber Center of Excellence and Fort Gordon, during a June 28 teleconference with journalists. “We are working through several processes within the Army that will allow us to rapidly spin capabilities ... into the force on a much shorter timeline.”
The service should have that timeline nailed down later this year, he added. “We expect resolution on exactly how that process is going to work with formal approval sometime in the summer or early fall,” he said. “We know that if we develop requirements today and seven years from now we’re trying to field a capability in the cyber domain, it simply will not work. We’re behind before we even start.”
This year’s event, the second so far, involved 40 systems, including some provided by Army researchers, program managers or program executive officers. The service’s Communications-Electronics Research, Development and Engineering Center, for example, offered three electronic warfare systems, and the Program Executive Officer Soldier brought some new capabilities for Nett Warrior.
The event included radios capable of acting as battlefield sensors to collect data. Additionally, it involved tactical radios that, among other things, are capable of near-silent operation; have direction-finding capabilities; and can prevent enemy electronic warfare systems from detecting or disrupting friendly force communications.
Army officials also evaluated a variety of defensive cyber tools, including technology for monitoring and analyzing so-called patterns of life on the network. Patterns of life are routine behaviors on the network, including how much data a particular user views in a day, or who that person emails regularly. If the user suddenly does something unexpected, such as emailing a larger-than-usual attachment to a previously unknown recipient, the system sets off alarms bells, drawing attention to the anomaly.
Patterns of life data also can be used at the network level, according to Col. Steven Rehn, TRADOC capabilities manager for cyber. For example, if a server that normally only talks to other servers suddenly begins connecting with a router, “It could be ... an adversary in the network trying to do a lateral movement,” Col. Rehn explained.
Automation and data analysis also were important capabilities assessed during the exercise. Gen. Morrison described the big data issue as “a wicked tough challenge” because “the amounts of data flowing off of any network or inside the electromagnetic spectrum on any given day is a whole bunch.”
The commander also indicated that artificial intelligence and machine-to-machine learning will become increasingly important in the future. “I do think advances in artificial intelligence are going to allow us to react much, much quicker to things happening inside cyberspace. We’ve got to figure out how to leverage that,” he stated.
He also noted the importance of integration. “The network, cyber, electronic warfare and information operations are all integrated. They’ve all got to be underpinned with the right intelligence analytics.”
The officials underscored the need for creativity in the cyber and electronic warfare realms. Innovation from industry and other providers “helps us get a sense for what we can do ... so that, quite frankly, we are able to defeat any adversary out there,” Gen. Morrison offered.
At its core, Cyber Quest is essentially about gaining an advantage in the digital world. “These are things that will be utilized to defend our networks and provide an operational edge for us to not only detect new attacks against our networks but also to remediate those attacks in a rather rapid fashion,” said Lt. Col. Stephen Roberts, cyber branch chief at the Cyber Center of Excellence Cyber Battle Lab. “Today, it may take hours or days to detect or engage some of these issues to gain a tactical edge. We’re trying to get that down to minutes.”
In addition to helping get prototypes to the field faster, the exercise will help inform requirements, doctrine and operational concepts for future cyber and electronic warfare operations. “That is absolutely key in a space that is ever changing. It never ever stops. Cyberspace today is not going to be what cyberspace is tomorrow,” Gen. Morrison said.
The general also emphasized assessing electronic warfare systems, which were only simulated for last year’s event. “That is absolutely critical because I would submit to you that the United States Army is behind many of our near-peer or even peer competitors,” he stated.
The officials highlighted the importance of allowing soldiers to use and assess the prototypical systems and provide feedback to improve the technology. Col. Roberts reported that by combining some of the capabilities offered, soldiers were able to reduce the cyber threat detection and mitigation process from hours or days down to less than an hour and 20 minutes.
Gen. Morrison echoed that sentiment, touting soldier innovation. “I’m always amazed by the ingenuity of soldiers once you put a capability into their hands. You think it’s going to be operated one way, and they turn around and put it into operation...in a completely different way,” he said. “It is amazing what happens when you give our young troops capability. They will take it and put it to the absolute best use.”