28 March 2017

Army Central can’t 'look the other way' from network vulnerabilities

By: Mark Pomerleau

The Army is working cyber into everything under its purview. U.S. Army Central decided to go one step further than the Army’s Cyberspace Strategy for Unified Land Operations 2025 in creating its own cyberspace strategy. The move is aimed at helping the organic ARCENT workforce understand cyberspace and cyber operations to better position the agency to aid cyber warriors and succeed in missions.

Lt. Col. Dwyke Bidjou, ARCENT’s deputy chief of information operations and one of the main officials behind the strategy’s development, spoke to C4ISRNET reporter Mark Pomerleau about the strategy, which is still classified.

C4ISRNET: Can you provide an overview of the strategy? Is it more along the lines of cybersecurity or war fighting?

Lt. Col. Dwyke Bidjou: This strategy encompasses all three mission sets of cyberspace operations: offensive, defensive and [Department of Defense Information Network] operations. The intent was to make sure the ARCENT staff had our commander’s vision and understanding and priorities for execution of cyberspace operations, hitting on all three mission sets.

As you know, cyber is the hot buzzword, and our intent was to make sure that our staff was educated and informed on their specific requirements across the staff — so not just G-2, G-3 or G-6 — but the whole of staff of execution of cyberspace operations.

C4ISRNET: Can you provide details on the strategy’s origins?

Bidjou: The strategy is directly nested with the Army cyberspace strategy for 2025. As the title indicates, there are significant gaps in 2017/2018 versus 2025. Our intent was to build a strategy that immediately addresses operational challenges but also helps inform the Army.

The five lines of effort are prioritized:

One, build an ARCENT cyberspace workforce. We can’t execute a strategy without the manpower. How do we build that workforce? What we’ve done is take a look at our currently assigned ARCENT soldiers, which have experience in the cyberspace domain.

The [established provisional cyber branch stood up in 2014] was at that point before the current cyberspace branch was created. It was a method the [Headquarters, Department of the Army] used to identify cyber personnel with experience in the cyberspace domain. Currently, we have soldiers assigned at ARCENT with cyber experience, and we wanted to use that as a bridging strategy until we have formally trained 17 series cyber soldiers assigned to ARCENT.

Our second line of effort was [conducting] cyberspace operations. So what specifically does that mean? Within our internal ARCENT cyberspace operational planning team (OPT), we decided that we’re not going to use the term "cyberspace operations" unless we were addressing all three mission sets. Identifying them all so that we currently do not have manpower or resources aligned across all three of those mission sets, we decided the intent was to ensure the ARCENT staff understood what those requirements were. So we continue to lean forward in working with U.S. Central Command, HQDA, Cyber [Center of Excellence], and [Training and Doctrine Command] to refine what the [Army Service Component Command’s] requirements are in cyberspace operations.

Those have been loosely defined at this point at TRADOC and are being sent to theater. Theater requires an ASCC; here we’re talking about partnerships, logistical support, engagements, mission command. All those details are essential for execution for cyberspace operations. Our intent was to ensure the strategy spoke to those.

The third line of effort was identification and development of cyberspace capabilities. If we say that we’re conducting cyberspace operations without manpower, without tool development, without identification of what our tool kits currently possess and should have, the staff needs to do that.

So we identified that the staff needs to engage and understand what those requirements are holistically, not just as an intel or operations component. One of our primary focus areas would be engagements with our regional partners. The partnership needs to be resourced, prioritized and synchronized across the staff. That would be just one staff section’s primary focus.

The fourth was investment in our facilities, systems and infrastructure. There are cyberspace vulnerabilities that are, unfortunately, impacting operations on a regular basis. Some of these have been legacy problems, which have not been understood across the staff. As we look at facilities, how do we bring our engineer cell and educate them on vulnerabilities, which may exist within our SCADA or heating, ventilation and air-conditioning systems, our power networks? How do we ensure that those vulnerabilities are addressed, the ARCENT mission is executable and how are our soldiers protected against those current threats?

The last and final of our lines of effort is developing partnerships. In essence, we cannot conduct operations of any type without coordination and support from our regional partners. Cyberspace should not be any different from a traditional lethal operation. ... We developed a contact list, and we had discussions with our regional partners on what are the primary focus areas, what are their concerns regarding cyberspace, and candidly there needs to be some discussion on intel sharing.

You may or may not know: Topics for engagement with our regional partners are deconflicted at [the Office of the Secretary of Defense]. The method with which we would engage our partners would be deconflicting through the CENTCOM joint cyber center. Going to them, confirming these are the targeted engagements that we’re looking at, these are topics that we intend to reach with our partners and confirming they have deconflicted them, not just at a CENTCOM level but OSD policy.

C4ISRNET: From a cyberspace perspective, what are some of the unique problem sets and challenges within both the CENTCOM area of responsibility and also the ARCENT mission space that this cybersecurity strategy and mission addresses?

Bidjou: I’ll start by hitting upon one of the key challenges. It’s debatable whether or not CENTCOM is the most engaged geographic command. [Pacific Command] may say otherwise, but when you look at operations over the past 15, 17 years at this point, it would be CENTCOM.

The staff needs to understand and embrace the operational tempo associated with real-world missions regarding deconfliction against the resource and requirements of cyberspace operations as a directive, captured with joint requirements and real missions.

So we can’t continue to look the other way and see headlines occur daily regarding network vulnerabilities and incidents, which have impacted our operations, and say that’s the G-6’s problem.

I’ll also say the workforce development and educate-the-force piece are two legacy and enduring problems that really cannot be overcome overnight.

C4ISRNET: So this is focused on the ARCENT staff/workforce as a whole, not necessarily the Army cyber service component of U.S. Army Cyber Command? 

Bidjou: I would actually say it’s both. The development of the ARCENT staff’s understanding of what cyberspace operations requires is essential to the execution of the strategy.

Regarding the [cyber mission teams, cyber protection teams, national mission teams], I think the staff needs to understand what they do. As we’re taking a look at our exercises, as an example, the staff needs to understand what capacities are organic and how to request capabilities needed. In the event we were to identify a cyberspace vulnerability the staff needs to know where to reach out to to request or who to reach out to request those capabilities and what can they do regarding that vulnerability. This needs to be common understanding across the staff.

C4ISRNET: Do you see lack of education right now being a big problem or something that really needs to be addressed in this space? 

Bidjou: One-hundred percent.

No comments: