Operational Challenges in the Cyber Domain

Operating in a relatively new operations domain, cyber fighters are coping with a wide range of challenges, including lack of training and still-to-be-defined policies, doctrines and authorities.

Speaking at the AFCEA TechNet Asia-Pacific conference in Honolulu, a panel of cyber experts agreed that the authorities to conduct cyber operations—along with policies, doctrine, tactics, techniques and procedures—still need to be defined even as technology advances rapidly. “This is a new domain, so there are not decades of doctrine involved, and we have to merge that with other doctrine and domains,” said Don Murphy, information operations senior civilian, U.S. Pacific Command (PACOM).

Murphy, @PacificCommand , #Cyber is no new, we don't know what the authorities are. That means authorities start at the top.#AFCEATechNet

— George Seffers (@gseffers) November 16, 2016

Murphy asked rhetorically what the military is supposed to do when new capabilities and technologies come along without the policies, doctrines and command and control procedures in place for using them. Integrating new technologies under the circumstances is a complex and confounding challenge, he indicated.

Lt. Col. Mark Esslinger, USAF, PACOM Joint Cyber Center, compared today’s cyber situation with the Army Air Corps after World War II. “From the perspective of doctrine, tactics and techniques, we’re still refining those processes. We need those processes in order to integrate cyber and non-kinetic effects into the joint targeting cycle, which is the way we fight and work,” he said.

LTC Mark Esslinger, USAF, PACOM, in offensive cyber, still refining processes, building the plane while it's flying#AFCEATechNet

— George Seffers (@gseffers) November 16, 2016

He added that integrating and synchronizing cyber effects with effects in other domains—air, land, sea and space—is still a challenge, but that the situation has been improving in the last couple of years. “The cyber mission force is still maturing, and the combatant commands are learning to integrate their capabilities. The cyber community is still refining the [command and control] process. In other words, right now, Adm. Rogers, the commander of Cyber Command, holds all the keys to the kingdom in regards to cyberspace,” Col. Esslinger offered.

Col. Joseph Matos, USMC, Marine Corps Forces, Pacific, questioned whether the authorities—the granting of authority to make operational decisions—will flow down to lower levels, such as individual battalions or even Marine expeditionary units or brigade combat teams. “If so, when is it going to happen, and more importantly, how is it going to happen,” he asked.

Lt. Col. David David, USA, Special Operations Command Pacific, reported that his office is focused primarily on offensive cyber operations and electronic warfare. He explained that any type of operation conducted in a foreign country requires input from a variety of people and organizations, potentially including officials of the foreign country, the U.S. embassy in that country and the State Department. “If you’re thinking of doing anything in somebody else’s country, whether it’s offensive cyber operations or flying a helicopter, there are a lot of things to consider,” Col. David said.

LTC David says reciprocity and public reaction to offensive cyber are concerns#AFCEATechNet

— George Seffers (@gseffers) November 16, 2016

The cyber operators agreed that training in the cyber realm poses a major challenge.

Col. Erik Little, USA, U.S. Army Pacific, said his background is in the space community, although he is now working in the offensive cyber realm. His cyber training, he reported, consists of a 40-hour online course he took on his own initiative and three cyber electives he took while serving at the Army War College. "That’s pretty much the gist of my training with cyber,” Col. Little reported. “In the space community, we really don’t have any formal training program on the cyber side.”

Col. Little, @USARPAC, is no silver bullet in cyber; can expect periods of dominance in different domains at different times#AFCEATechNet

— George Seffers (@gseffers) November 16, 2016

He added that the personnel who work with him are trained in electronic warfare rather than cyber. “We’re pretty well resourced on the defensive side. We’ve got experts who can manage protecting and defending the network,” Col. Little explained. “I have the responsibility of supporting the offensive side of cyber for [U.S. Army Pacific], and you just heard my background in training and education in cyber.”

Col. Matos reported that the Marines have not yet established a comprehensive cyber training program. “There’s really not a good training program that we’ve set up. There are programs dotted throughout the military training,” he said. “We’re still developing how to develop that cyber operator, somebody who can do offense, defense and operations and sync those together and understand what that means.”

Furthermore, cyber folks training with combat arms warfighters often are not effectively integrated into the fight. The cyber team may affect the adversary’s networks, but the operational arms side is mostly concerned that cyber operations might adversely affect their own, Col. Matos indicated, calling it a “fundamental disconnect.”

He pointed out that cyber is not a data issue, and it’s not a combat arms issue. “You see a lot of combat arms—aviators, tankers, artillerymen, infantry guys—taking over cyber effects on the offensive side with no real data background or cyber background,” the colonel said. “And then you’ve got data and cyber guys coming up who don’t really have the kinetic effects background. Somehow, someway, we’ve got to create that one cyber operator who can fight that cyber war the commanders need.”

Col. Esslinger also called for improvements to offensive cyber technologies. “In regard to technologies, offensive cyber effects and capabilities are inherently fragile, and we have a need for resilient, agile and pervasive access to these very hard target networks so that we can have effects at the time and choosing of our senior leaders,” he said. “That requires a great deal of research and development and a great deal of intelligence to support those kinds of capabilities.”

Col. Max Marosko, USAF, Pacific Air Force, stressed the need to provide cyber protection for weapon systems. He cited the F-35 as a perfect example. “It has a lot of cyber touchpoints between the maintenance, between how you order the parts and logistics. We’re dependent upon a lot of that distribution of information through civil networks, so protecting that is going to be a challenge,” he warned.

When a weapon system takes 20 years to develop, cyber protection becomes an even greater concern, Col. Marosko added. “What was in the design to protect that aircraft or portions of that system 20 years ago? That is a challenge for us because there’s probably a lot of vulnerabilities that we haven’t even found yet. There are a whole host of zero days out there I bet, and that’s a concern,” he said.

Col. David added that the cyber community can be inundated with new tools. “There are a ton of new technologies out there. It’s hard to keep up with, hard to sift through it all. We have our day jobs to do, too, so it’s also hard to know where to focus,” he said, stressing the need to avoid duplicative efforts, such as in research and development.

Furthermore, sometimes cyber warriors will try out new technologies without notifying others or seeking permission. “Another challenge is moving out in lock step. Every once in a while we’ll run into people who get their hands on new technologies, and they’re trying them out in the field. They don’t know it’s wrong, and we don’t necessarily know they’re doing it,” Col. David stated.