Taking Cyber War to The Front Lines

The U.S. Army aims to move sophisticated offensive and defensive cyber operations out of a headquarters environment to the front lines as it prepares its mission force to adapt to and prevail in the critical cyber warfighting domain.

Tasked with a missive from the service’s former chief of staff, the U.S. Army Cyber Command (ARCYBER) a few years ago began to probe the idea of taking cyberspace operations to the lowest possible echelon and incorporating converged capabilities to support units operating at the tactical edge. Last year, the Army launched its Cyber Support to Corps and Below (CSCB) pilot, testing the concept of embedding cyber teams at lower echelons. The exercises yielded successful results, officials say.

The CSCB program combines expeditionary cyber and electromagnetic activities teams, embedding a souped-up capability with training brigades to provide tactical combat forces with elements of cyber, electronic warfare (EW), information operations, intelligence, surveillance and reconnaissance (ISR) and network operations. During a series of recent training exercises, the CSCB teams contributed unprecedented expertise, fortifying cyberspace operations at the heart of combat hot spots rather than directing missions from a headquarters miles from the battlefield, says Lt. Col. Jonathan Burnett, USA, chief of ARCYBER’s CSCB pilot program. He incorporates cyber elements into the large-scale training that the Army’s maneuver combat units conduct at both home-station and combat training centers.

The augmented defensive and offensive capabilities provide an added bonus by design: They protect what is theirs while going after enemy networks, Col. Burnett allows. “It’s important to understand that our adversaries use the information environment for mission command, fires and ISR, both with irregular forces as well as with conventional forces,” he says.

The cyber teams “integrate early and integrate often as a theme, recognizing the importance of … integrating within all aspects of collective training,” the colonel explains. Although the cyber teams are not permanently attached to the maneuver units, they are integrated into the pre-deployment planning process much earlier than before and train with leaders throughout the preparation cycle. “It’s important to understand that throughout the entire integration with brigade combat teams, we want to ensure that we are integrated fully … and are not an additional or secondary enabler on the side,” he adds. “The intent is that it is an additional tool the brigade commander can use to execute his scheme of maneuver, and we did that by tying directly into the fire cell and integrating within the operations cell.”

The pilot program should net detailed deployment recommendations for leaders, from the number and makeup of cyber units to the equipment they will need for combat missions.

Until the launch of the CSCB pilot, some commanders of maneuver units were unaware of the breadth of cyber capabilities available to them, admits Maj. Steven Chadwick, USA, operations officer for the 1st Armored Brigade Combat Team (ABCT), 1st Infantry Division (ID). “As far as our integration with Army Cyber, it has been an incredibly positive situation and helps us out tremendously,” Maj. Chadwick says. He conducted planning and integrated the cyber weapons team into the 1st ABCT staff, specifically the brigade’s cyber electromagnetic activities (CEMA) cell, for the Fort Irwin, California, Leader Training Program. “We were able to integrate teams, both offensive and defensive cyber teams, into our staff, and we were able to integrate them with existing capabilities, such as EW, information collection assets [and] ISR, to some pretty great effects … that facilitated our targeting process and denied communications to the enemy.”

The CSCB was part of spring’s Operation Danger Focus, a combined-arms, live-fire exercise at Fort Riley, Kansas, that pitted the 1st ABCT against a virtual enemy. The goal of the exercise was to certify that companies and battalions were prepared for their July rotation to Fort Irwin’s National Training Center. The maneuver units in the live-fire exercise saw how the integrated cyber teams enhanced their effectiveness like never before, Maj. Chadwick says. “Our own systems have become increasingly networked—computers, [Global Positioning System] capabilities—so being able to protect those systems and learning how to do that at the National Training Center will be of a premium,” he says.

The CSCB program also serves to identify potential security gaps within a brigade’s network that an enemy might target, Col. Burnett attests. “For the first time, we’re going to be able to deliver an effect against the [opposition force] and provide a more robust defense of the network, above and beyond just our regular information assurance protocols,” he says. The cyber teams can maneuver to the front lines or join a company’s advance guard at an observation post, toting equipment the colonel describes as “manportable solutions” that could be used to shut down an adversary’s communication network.

The rotation this summer at Fort Irwin included a 15-person modular team that united defensive and offensive cyber, EW and information operations to give the brigade commander presence and advantage in the information environment. The Army still is deciding what the ultimate structure would look like.

In addition to the 1st ABCT, several Army units—the 3rd Brigade, 25th ID, 1st Brigade Combat Team (BCT), 82nd Airborne Division and 2nd BCT, 2nd ID—are among the first to embed the CSCB teams in critical training exercises. The teams trained in a simulated urban environment that mirrored the likely conditions and terrains of future wars. They created realistic cyber environments, replicating real-world network providers, complete with social media platforms, wireless access points and servers throughout sophisticated military operations. The intent of the exercises “was to build out what we [determine] is gray space, replicating the entire social media structure of a small nation-state, at the National Training Center,” Col. Burnett explains. In cyberspace, gray space designates civilian Internet, social media and cellphone networks, for example, while red represents an adversary’s information network and blue a friendly military network. In land warfare, gray denotes civilian-occupied neutral territory such as cities, markets or highways, while red is enemy territory and blue depicts friendly bases. 

The CSCB pilot has progressively enhanced training development, officials say. The program is designed to explore new approaches to integrating cyber, with each training rotation building on the successes of the last. Some key topics covered in training include:

• May 2015, 3rd BCT, 25th ID: Defending the Department of Defense Information Network (DODIN) and building offensive cyber operations capability.

• June 2015, 75th Ranger Regiment: Employing commercial off-the-shelf technology to enhance network maneuvers.

• November 2015, 1st BCT, 82nd Airborne Division: Defending against aggressive cyber attacks and strengthening cyber staffing procedures.

• January, 2nd BCT, 2nd ID: Building an enduring cyber environment at the National Training Center and advancing defensive and offensive cyber operations at a brigade level, with targeting, fires and support to intelligence gathering, as well as disruption of adversary command and control networks.

• August, 1st ABCT, 1st ID: Adding a modular expeditionary cyber team and integrating information operations and EW alongside defensive and offensive cyber capabilities.

The CSCB-fused cyber operations teams defend in-house networks while disrupting enemy mission command and communications. They might disable a virtual enemy’s social media networks used for disseminating propaganda, for example. “At the same time, we continue to build on defensive mechanisms to ensure the brigade’s network that we’re defending against the cyber [opposition force] successfully,” Col. Burnett explains.

Additional CSCB pilot efforts include further incorporation of cyber operations into the Army’s Network Integration Evaluation (NIE) and Warfighter Assessment programs, a series of soldier-led evaluations designed to integrate and rapidly advance tactical communications networks, Col. Burnett says. The pilot efforts have roughly defined the size of cyber teams. As it stands, cyber teams embedded with deployed small brigade units will number two to three soldiers, while the overall cyber attachment to a 4,000-person brigade will number 40 to 50 cyber warriors.

Those numbers could fluctuate based on combat missions. “It’s important to understand the force structure that we’re building is something that is not doctrinal,” Col. Burnett declares. “We are using this as a conduit to inform. The enabler that we would put together would be in the form of a direct support capability to the brigade combat team … based on the operational need.”

Leaders are working to publish a manual of key takeaways from recent exercises through the Center for Army Lessons Learned. They plan to document useful observations, insights and tactics, techniques and procedures. “Hopefully, that will help division and brigade commanders and staff to understand better how to integrate CEMA holistically into their planning process,” Maj. Chadwick says. “It’s a new capability that opens up a lot of possibilities for us on both the offensive and defensive of side of the house. We have been pretty impressed with the capability and the quality of people who have been coming to help us out as a team.”