17 November 2015

Army Puts ‘Cyber Soldiers’ In The Mud

November 13, 2015

A soldier from the Army’s offensive cyber brigade during an exercise at Fort Lewis

ARLINGTON: Pop culture pictures hackers in clean, air-conditioned rooms, working global network magic from a desk. For the Army, though, that’s not enough. If American troops are to prevail against inventive foes in high-tech, close-quarters fights, the hacker elite have to get their boots muddy with the regular grunts. So now the Army’s sending cyber soldiers to its Combat Training Center wargames to figure out how.

“There’s this idea that we could always do it remotely, from protected space. Well, we recognized, no, that’s not true,” Lt. Gen. Ed Cardon, head of Army Cyber Command, told reporters recently. For cyber soldiers to support frontline units effectively, he said, “you’re going to have to have some number — small, but some number — of them forward.”

Putting cyber soldiers in the trenches isn’t simple. To start with, they have to be physically fit and qualified on a range of weapons — not exactly the stereotypical computer geek. They need computer and communications gear light and rugged enough to take into the field, and vehicles to carry it. They also need to communicate clearly with combat arms soldiers, a cultural chasm one general compared to understanding “dolphin speak.”

To work out all the myriad implications for training, tactics, manning, and equipment, the Army has begun embedding cyber teams in combat brigades conducting wargames (“rotations”) at the CTCs, considered the pinnacle of realistic field training. “We’re actually doing this now for every rotation,” said Cardon.

Most of the teams so far have been defensive cyber operators, trained to protect a brigade’s network against hostile hackers. But on two occasions, they’ve been contingents from the elite 780th Military Intelligence Brigade, the service’s offensive cyber unit. The brigade’s based at Fort Meade, Maryland, headquarters of NSA and Cyber Command, which focus onstrategic cyber, but it has sent tactical teams to join light infantry and Ranger units in exercises.

In the wargames, the four-person detachments from the 780th were able to monitor and even block “enemy” communications, including over social media, said the brigade’s commander, Col. William Hartman. Speaking at the same Association of the US Army conference as Cardon, Hartman was cagey with details, but he did divulge that the Offensive Cyberspace Operations (OCO) teams not only stopped the opposing force from “obtain[ing] certain content,” they were in some cases able to prevent (simulated) “lethal” attacks.”

The teams learned plenty of painful but necessary lessons, too. “We needed better cyber kit,” said Hartman. Selling cyber to a muddy-boots ground commander is hard enough, he said, and it’s even more difficult to get his buy-in “when you need to get four people to lift your kit and put it in back of a Humvee.” To compound the problem, no one initially gave the cyber team their own Humvee, so they had to beg and borrow one.

“We built a device that could do everything. It had little servers in there,” Cardon said. It was also too big and too delicate, requiring the team to halt to set it up — something the hard-marching infantry had no patience for. “We realized we don’t need something that advanced, [so] we’ve already lightened it significantly.”

As the pilot program processes, Col. Hartmann said, the 780th is deploying not only the smaller kit — including open source and off-the-shelf systems — but a larger team to share the workload. In future, the additional personnel may include not just offensive cyber operators but cyber intelligence specialists to help map the enemy network and find weak points.

Learning such lessons, said Cardon, is “exactly why we did the pilot.”

The Army’s learned valuable lessons from embedding defensive cyber teams in wargames as well, Cardon said. The Combat Training Centers have had “cyber opposing forces” (OPFORs) for some time now, and they’ve often been played havoc with the visiting units’ networks. But the brigades haven’t had the specialists or the systems to defend themselves. They weren’t connected to the larger Defense Department network and its defenses, as they would be in a real operation, and they didn’t have cyber specialists on their own staff to conduct their own defense.

“We had a cyber opposing force, [but] there was no defensive cyberspace capability for the brigade. All they had was their traditional signals personnel,” Cardon said. “Now the Army decided to put in some cyber defenders, but those are just starting to be introduced into the force.”

For a brigade of the 82nd Airborne currently at the Joint Readiness Training Center (JRTC) on Fort Polk, La., Cardon said, “we gave them…a very small defensive team, two people, [but] two of the right kind of people makes a big difference.”

Finding extra manpower in a shrinking Army isn’t easy, however. The service has already linked cyber doctrine and training to that for traditional electronic warfare, since the twooverlap: Most battlefield networks rely on wireless transmissions that can be detected, jammed, or spoofed as well as hacked. It’s considering giving the existing brigade Electronic Warfare Officers (EWOs) oversight of cyber as well.

“At the JRTC yesterday,” the linchpin of the 82nd Airborne’s cyber and electronic warfare efforts “was the EWO,” said Maj. Gen. Stephen Fogarty, commander of the Army’s cyber school. “He really understood….how important it was to pull everybody together,” Fogarty told the AUSA conference. “He really understood how to synchronize effects on the battlefield. He really almost acted as a translator for some of the other capabilities,” bridging the culture gap between technical specialists and combat commanders.

Is that electronic warfare officer a model for the whole Army, though, or an exceptional one-off case? That’s the kind of question Fogarty, Cardon, and other Army leaders are wrestling with, and not just in the cyber corps.

“What does this mean for the structure of the army?” Cardon asked. “We need cyber organizations to support the Army, [but] at what level? What’s the equipment that they need? Are we going to do this in a centralized fashion or a decentralized fashion?”

“We don’t really know the answers to these questions,” Cardon said frankly, “[so] we’re running these pilots to inform the larger Army.”

No comments: