U.S. Army Prepares to Fight in the New Domain
As the service metamorphoses, CERDEC ramps up cyber capabilities.
The U.S. Army’s Communications-Electronics Research, Development and Engineering Center, known as CERDEC, is gearing up to face increasing asymmetrical threats in cyberspace. The center looks to improve cyber operations, information warfare, electronic countermeasures and information security, among other areas. Its efforts are prompted as the military finds itself fighting or preparing to fight more and more in cyberspace, in conjunction with the traditional domains of sea, air, land and space.
Meanwhile, the Army is going through its biggest changes in 40 years, military leaders say. The service is revamping its procurement processes, and after years of drawdowns, targeting recruitment growth. In addition, last fall, Army Undersecretary Ryan McCarthy and Chief of Staff Gen. Mark Milley, USA, identified six modernization priorities: long-range precision fires; next-generation combat vehicles; future vertical lift platforms; a modern Army computer network; air and missile defense capabilities; and improved soldier lethality. Although the service has been continually enhancing its readiness capabilities, past small incremental advances are not as dramatic a shift as the modernization efforts will be.
“When was the last time we added a new domain on the battlefield?” asks Col. Bryan Stephens, USA, director, Cyber Focal, Army System of Systems Engineering and Integration. “I like this perspective because it really is the reality. Commanders and soldiers on the ground are now understanding how to use and fight in that new domain.”
Col. Stephens admits that equipping and staffing the cyber domain has been a challenge for the Army. “But what is heartening to me is, when I have talked to commanders in the field, they really understand that domain. So I think we just need to equip them,” he says.
The colonel shared his perspective at the AFCEA Aberdeen Chapter’s recent third annual C4ISR Cyber Panel. He chaired a panel that also included Giorgio Bertoli, senior scientific technology manager for CERDEC’s Intelligence and Information Warfare Directorate (I2WD); Portia Crowe, chief, cyber engineering, Program Executive Office Command, Control, Communications-Tactical (PEO C3T); and Mike Monteleone, CERDEC’s chief of cybersecurity and information assurance .
The Army is in the process of evaluating all major weapon systems for any cyber-related vulnerabilities and must finish by the end of next year, as dictated by the National Defense Authorization Act for fiscal year 2016, Col. Stephens reports. The service, which started with the most difficult evaluations first, is responsible for examining the cyber posture of 24 major weapon systems. It is taking a “systems of systems” perspective, he says. “The Army’s approach has never been about a weapon system.”
The service also is taking a close look at cyber vulnerabilities in supply chain management and urging industry to do the same with its product offerings. “Cybersecurity is impacting all facets, from chip production to physical interdiction of products to software code injection to weaknesses in knowledge,” Col. Stephens says.
Another big piece of the puzzle the Army wants to solve is cyber and electromagnetic activities (CEMA) situational awareness. This priority reaches across many different departments. And the service is trying to move quickly to field capabilities relating to both offensive and defensive activities, which directly support the battlefield’s technical, maneuver and fire commanders.
In particular, the Army is attempting to gain an understanding of blue-, red- and gray-zone capabilities during multidomain battle with different forces and services. The gray zone, conflict just short of formal war, is proving to be the most difficult. “The gray space—we don’t know it—and it is a big gap for us,” Bertoli admits. “That is clearly one of the biggest continuing gaps that we have to deal with, especially when you are talking about near-peer and highly contested, highly urbanized environments.”
On the “blue side of the house,” Bertoli says, the Army certainly has a lot of sensors already deployed in its networks. “Is that enough? I don’t know, but it is more than what we know what to do with,” he says. On the red side, the sensors the Army does have—whether they are what Bertoli calls “early extensive signals intelligence systems” or even some of the electronic warfare systems in development—are all focused on the red threat and how to detect it. “We don’t have anything yet that is truly focused on getting a picture of the gray environment,” he says.
Monteleone concurs with Bertoli’s assessment of the Army’s gray-space capabilities. “The thing is, the blue space is hard to figure out by itself, just as the red space is hard to figure out, and so the gray space will be a tough one for a while,” he says. “But as we put more sensors and more capabilities out and leverage the data that is out there already, since we have never really pulled it all together and made sense of it, you are going to start building pictures that commanders and staff have never seen before. Which means that there will be more and more informed decisions or recommendations coming to that commander.”
CERDEC is working to develop red, blue and gray concepts to assist the Army Cyber Command’s CEMA Support to Corps and Below initiative, along with recent Cyber Blitz and Cyber Quest events and cross-functional team rotations, Monteleone says. Meanwhile, CERDEC’s Science and Technology (S&T) portfolio will focus more on the “gray and red picture, as opposed to the blue,” Bertoli says. Specifically, S&T is “looking at how a core division brigade battalion commander gains the intelligence needed and information and situational understanding of what is in the gray zone around them, and how do they visualize that, and how that impacts the mission and tactical operations,” he continues. “There are still lots and lots of open questions there, all the way fundamentally from ‘Do I have the right sensors?’ to ‘Do I have them in the right places?’ to ‘How does all this data get back to someplace where I can do something with it, and how do I fuse it all together?’”
S&T research on these questions includes examining computer architecture, which could mean developing standards at the hardware layer or middleware that allow software to be written once it can port onto any single digital signal processor (DSP) or field-programmable gate array (FPGA), Bertoli says. Any hardware or software solution should not have to mean buying all new hardware platforms or systems, he stresses.
“Traditionally, in a normal war, you don’t need that much, right? You’d need a map and some elevation data and soil sample stuff,” Bertoli says. “In cyber, it’s a whole different picture.”
Researchers are trying to identify the key elements of cyber terrain and then equate them to hilltops and valleys and chokepoints. “But how to do that is still a big open question,” he says, leading researchers to consider “anything that we have out there on the battlefield that has a radio and an antenna that could also be used as a potential sensor for at least the gray environment to get some situational awareness.” Bertoli also notes that scientists are leveraging programs that are pushing the envelope, such as the Defense Advanced Research Agency’s (DARPA’s) RadioMap.
In the meantime, the PEO C3T is considering how the Army can fuse data from the blue, red and gray zones so that it becomes useful information. “What analytics are actually out there that we can use that do not come with heavy infrastructure, that can be easy for a soldier to maintain or operate, and that will give us a trusted picture of what that domain looks like?” Crowe asks. “Because we are not just looking for data—heck, we have data. We have so much data, we do not know what to do with it. What we are looking for is how do you bring those few things that we really need to create a cyber picture together so that it creates information that we can understand how that’s going to impact the mission.”
In other research areas, the Army is looking into incorporating technologies that are autonomously controlled; information trust; and deterrence and decoys. These will be three major S&T thrusts for defensive cyber in the next two fiscal years and beyond, according to Monteleone.
“Protecting autonomy is one of our key tenets,” he says. “The bottom line is, I don’t care how well we train cyber soldiers and cyber civilians—things are moving faster than human speed. We have to continually think about machine speed.”
This may be a challenge culturally, Monteleone admits, “because people still like to put their hands on the knobs and push the buttons.” But to confront risks, the Army will have to start showing that artificial intelligence, machine learning and other technologies can solve problems and act in lieu of a human. “It is the only way we are going to keep pace with the threats,” he warns.
In addition, the Army is working on how to trust information in an exposed environment. Warfighters need to know that when they send a critical coordinate across operations, the information gets to the other side without being interrupted or damaged over potentially compromised or untrusted networks, Monteleone says. “We are going to roll into countries, and we may lease networks or borrow their networks for a period of time, or we may be operating on our networks in areas where the transport and the systems themselves might not be fully trusted,” he acknowledges. “So we are focusing on information trust and how we protect the providence of that information.”
For this, S&T is examining technologies that focus on message integrity, blockchain and homomorphic encryption. “You can use blockchain technologies for other things than for cryptocurrencies [such as bitcoin],” Monteleone notes.
Work on deterrence and decoys will find ways to autonomously put what appears to be genuine activities on the network, he adds. “Based on network conditions and the threat environment, we need the ability to put realistic traffic, applications and user interactions on the network so that if an adversary gets on there, it looks and smells like just like the real thing,” Monteleone says. The Army continually wants to raise the adversary’s cost of attack, he notes. “We believe that is going to be integral to the future network. And I am talking about way beyond advanced honeypot techniques.”
Additionally, Bertoli says, S&T is charged with identifying future threats. “What we like to do is focus on things that aren’t on anyone’s threat list today, but likely will be three to five years from now,” he explains. “We have, of course, our own opinions, but there is a bit of guesswork here as to what the next big threat will be and how some of these technologies that are being developed could be used by our adversaries, potentially in unintended ways. We need to get ahead of the threat cycle before it becomes an immediate need, so we are always eager to speak to industry to find out what their thoughts are on what those things could be.”