Cyber Command Adapts to Understand Cyber Battlespace
Since the Defense Department officially made cyberspace a new domain of warfare in 2011, experts in the public and private sectors have been working to make that inherently collaborative, adaptable environment a suitable place for military command and control.
In July of that year, the first initiative of the first DOD Strategy for Operating in Cyberspace called for treating cyberspace as an operational domain — no different from air, land, sea or space — to organize, train and equip so the department could take full advantage of cyber potential.
Cyberspace is defined as a collection of computer networks that use a variety of wired and wireless connections, a multitude of protocols, and devices ranging from supercomputers to laptops to embedded computer systems designed for specific control functions in larger systems.
At the 4th Annual Cyber Security Conference held here Feb. 22, Air Force Maj. Gen. Brett T. Williams, director of operations at U.S. Cyber Command, described how Cybercom is using the Internet and other aspects of the cyber environment to execute its mission.
“The challenge we have is that the Internet was never designed for military command and control, … yet we’ve adapted it to do that,” he said.
In the process, the general added, officials have tried to define the Cybercom mission more clearly over the last few months.
As part of DOD, Williams said, part of Cybercom’s mission is to help in defending the homeland, especially against cyberattacks and other activities in cyberspace that could affect national security.
“In that role, like the rest of the Department of Defense, we function as a supporting command to the national command authority at the Department of Homeland Security,” he added.
Cybercom’s second responsibility is to secure, operate and defend what is now defined as the Department of Defense information networks, or DODIN, formerly called the Global Information Grid, the general said. DODIN is a globally interconnected end-to-end set of information capabilities for collecting, processing, storing, disseminating and managing information on demand to warfighters, policymakers and support personnel.
The third mission area, he said, is to support regional combatant commanders such as those at U.S. Pacific Command and U.S. Central Command, and functional combatant commanders such as those at U.S. Transportation Command and U.S. Strategic Command.
Quantifying mission requirements is another effort under way at Cybercom, the general said.
“What we’re working through right now is taking forces dedicated to the cyber mission and fundamentally defining a unit of action or unit of employment to do our mission, then realigning our forces,” Williams said. “You need to be able to say, ‘What kind of cyber units do I need and how many do I need?’ If you can’t do that, then you really can’t [plan] and you can’t understand where you’re taking risk.”
For a military force, according to the U.S. Army Combined Arms Center, a line of operation is a line that defines the orientation of a force in time and space in relation to the adversary, and links the force with its base of operations and objectives. Major combat operations typically are designed using lines of operation.
For the cyber domain, Cybercom has three lines of operation — DOD network operations, defensive cyber operations and offensive cyber operations.
For network operations “we provision, we operate, we maintain the networks [and] we do static defense,” Williams said — things such as firewalls, antivirus applications and the host-based security system called HBSS, the DOD off-the-shelf commercial suite of software applications used to monitor, detect and counter attacks against DOD computer networks and systems.
“No matter how good we get at [defending the network], it’s not going to be sufficient,” the general said, “because if we harden the network such that nobody gets in, then we can’t get out, and we lose our ability to do the most important thing we need to do in cyber, which is, I would argue, to command and control our forces.”
The second line of operation involves defending cyber operations. What Cybercom calls DCO has two aspects, Williams said.
First, he explained, people must be able to maneuver in Cybercom’s friendly networks and hunt for and kill things that get through the static defenses. Cybercom also needs a “red team” capability to simulate the opposition for training purposes, and it needs people who can assess the networks for vulnerabilities and advise the network owners, or commanders, where it makes sense to take risk based on their operational missions.
“The other part of the DCO is that we need capability to go outside our own networks” and stop malware and other attacks before they reach the network, the general said.
“Having the capability to operate outside our own networks … subject to all the laws of war, all the rules of engagement, all [DOD] polices … means being able to have that spectrum of options [available] for the commanders,” he added.
The third line of operation is offensive cyber operations, or OCO, Williams said. “That’s the ability to deliver a variety of effects outside our own networks to satisfy national security requirements,” he explained.
Given these lines of operation, Williams said, commanding and controlling forces in cyberspace requires technologies with different capabilities than are fully available today.
“What we really need is all the data to understand what goes on in cyberspace. … Every time something plugs in, it’s got to identify itself and populate a database with all the knowable parameters,” he said.
The data has to go from unclassified to top secret and be accessible to anyone with appropriate clearances, he added, and how the data is presented should be cost-effectively customizable at any level.
“The second thing we need is to be able to move that data around,” Williams said. “We’ve got to get away from these [tens of thousands] of networks that we rely on in the department to do what we have to do.”
Some of these critical cyberspace requirements will be met by the Joint Information Environment, the general said. JIE is a single, joint, secure, reliable and agile command, control, communications and computing enterprise information environment to which DOD is transitioning in a first-phase implementation that spans fiscal years 2013 and 2014.
The JIE will combine DOD’s many networks into a common and shared global network. It will provide email, Internet access, common software applications and cloud computing. Main objectives are to increase operational efficiency, enhance network security and save money by reducing infrastructure and staffing.
According to the Defense Information Systems Agency, the JIE will encompass all DOD networks and will enhance network security by:
— Using a single-security architecture;
— Minimizing network hardware, software and staffing;
— Giving DOD users access to the network from anywhere in the world;
— Focusing on protecting data; and
— Improving DOD’s ability to share information among the services and with government agencies and industry partners.
Williams said operating in cyberspace also calls for the kind of mission-critical command-and-control capability provided to air operations by the Theater Battle Management Core System, a set of software applications that allows automated management of air battle planning and intelligence operations. The system operates at the force level and the unit level.
“We need that same type of thing to do our planning for cyberspace,” the general said, adding that the closest thing he’s seen to a workable system for cyberspace is called Plan X, an effort announced in May by the Defense Advanced Research Projects Agency.
Plan X, according to DARPA’s website, will try to create revolutionary technologies for understanding, planning and managing DOD cyber missions in real-time, large-scale and dynamic network environments.
More than 350 software engineers, cyber researchers and human-machine interface experts attended the initial DARPA workshop.
“The program covers largely uncharted territory as we attempt to formalize cyber mission command and control for the DOD,” DARPA program manager Dan Roelker said in a recent statement.
Plan X, Williams said, “is being worked by a group of people who in my view are technology people who have a better understanding of the operational requirement than most anybody else I’ve seen. They’ve taken it from the PowerPoint level to some things where you can see how this would work.”
Cybercom needs such a knowledge-management tool, the general said, “that allows us to plan and execute in an intuitive way and that doesn’t require everyone who operates in cyber to have a degree in electrical engineering or computer science. We just can’t train everybody to do that.”