1 June 2017

*** Evolution Of U.S. Cyber Operations And Information Warfare


National Security Situation: Evolving role of cyber operations and information warfare in military operational planning.

Background: Information Warfare (IW) has increasingly gained prominence throughout defense circles, with both allied and adversarial militaries reforming and reorganizing IW doctrine across their force structures. Although not doctrinally defined by the U.S. Department of Defense (DoD), IW has been embraced with varying degrees by the individual branches of the U.S. armed forces[1]. For the purposes of this paper, the definition of IW is: the means of creating non-kinetic effects in the battlespace that disrupt, degrade, corrupt, or influence the ability of adversaries or potential adversaries to conduct military operations while protecting our own.

Significance: IW has been embraced by U.S. near-peer adversaries as a means of asymmetrically attacking U.S. military superiority. Russian Defense Minister Sergei Shoigu recently acknowledged the existence of “information warfare troops,” who conduct military exercises and real-world operations in Ukraine demonstrating the fusion of intelligence, offensive cyber operations, and information operations (IO)[2]. The People’s Republic of China has also reorganized its armed forces to operationalize IW, with the newly created People’s Liberation Army Strategic Support Force drawing from existing units to combine intelligence, cyber electronic warfare (EW), IO and space forces into a single command[3].

Modern militaries increasingly depend on sophisticated systems for command and control (C2), communications and intelligence. Information-related vulnerabilities have the potential for creating non-kinetic operational effects, often as effective as kinetic fires options. According to U.S. Army Major General Stephen Fogarty, “Russian activities in Ukraine…really are a case study for the potential for CEMA, cyber-electromagnetic activities…It’s not just cyber, it’s not just electronic warfare, it’s not just intelligence, but it’s really effective integration of all these capabilities with kinetic measures to actually create the effect that their commanders [want] to achieve[4].” Without matching the efforts of adversaries to operationalize IW, U.S. military operations risk vulnerability to enemy IW operations.

Option #1: United States Cyber Command (USCYBERCOM) will oversee Military Department efforts to man, train, and equip IW and IW-related forces to be used to execute military operations under Combatant Command (CCMD) authority. Additionally, USCYBERCOM will synchronize IW planning and coordinate IW operations across the CCMDs, as well as execute some IW operations under its own authority.

Risk: USCYBERCOM, under United States Strategic Command (USSTRATCOM) as a sub-unified command, and being still relatively new, has limited experience coordinating intelligence, EW, space and IO capabilities within coherent IW operations. USSTRATCOM is tasked with responsibility for DoD-wide space operations, and the Geographic Combatant Commands (GCCs) are tasked with intelligence, EW, and IO operational responsibility[5][6][7].” Until USCYBERCOM gains experience supporting GCCs with full-spectrum IW operations, previously GCC-controlled IO and EW operations will operate at elevated risk relative to similar support provided by USSTRATCOM.

Gain: USCYBERCOM overseeing Military Department efforts to man, train, and equip IW and IW-related forces will ensure that all elements of successful non-kinetic military effects are ready to be imposed on the battlefield. Operational control of IW forces will remain with the GCC, but USCYBERCOM will organize, develop, and plan support during crisis and war. Much like United States Special Operations Command’s (USSOCOM) creation as a unified command consolidated core special operations activities, and tasked USSOCOM to organize, train, and equip special operations forces, fully optimized USCYBERCOM would do the same for IW-related forces.

This option is a similar construct to the Theater Special Operations Commands (TSOCs) which ensure GCCs are fully supported during execution of operational plans. Similar to TSOCs, Theater Cyber Commands could be established to integrate with GCCs and support both contingency planning and operations, replacing the current Joint Cyber Centers (JCCs) that coordinate current cyber forces controlled by USCYBERCOM and its service components[8].

Streamlined C2 and co-location of IW and IW-related forces would have a force multiplying effect when executing non-kinetic effects during peacetime, crisis and conflict. Instead of cyber, intelligence, EW, IO, and space forces separately planning and coordinating their stove-piped capabilities, they would plan and operate as an integrated unit.

Option #2: Task GCCs with operational responsibility over aligned cyber forces, and integrate them with current IW-related planning and operations.

Risk: GCCs lack the institutional cyber-related knowledge and expertise that USCYBERCOM maintains, largely gained by Commander, USCYBERCOM traditionally being dual-hatted as Director of the National Security Agency (NSA). While it is plausible that in the future USCYBERCOM could develop equivalent cyber-related tools and expertise of NSA, it is much less likely that GCC responsibility for cyber forces could sustain this relationship with NSA and other Non-Defense Federal Departments and Agencies (NDFDA) that conduct cyber operations.

Gain: GCCs are responsible for theater operational and contingency planning, and would be best suited for tailoring IW-related effects to military plans. During all phases of military operations, the GCC would C2 IW operations, leveraging the full spectrum of IW to both prepare the operational environment and execute operations in conflict. While the GCCs would be supported by USSTRATCOM/USCYBERCOM, in addition to the NDFDAs, formally assigning Cyber Mission Teams (CMTs) as the Joint Force Cyber Component (JFCC) to the GCC would enable the Commander influence the to manning, training, and equipping of forces relevant to the threats posed by their unique theater.

GCCs are already responsible for theater intelligence collection and IO, and removing administrative barriers to integrating cyber-related effects would improve the IW capabilities in theater. Although CMTs currently support GCCs and their theater campaign and operational plans, targeting effects are coordinated instead of tasked[9]. Integration of the CMTs as a fully operational JFCC would more efficiently synchronize non-kinetic effects throughout the targeting cycle.

Other Comments: The current disjointed nature of DoD IW planning and operations prevents the full impact of non-kinetic effects to be realized. While cyber, intelligence, EW, IO, and space operations are carried out by well-trained and equipped forces, these planning efforts remain stove-piped within their respective forces. Until these operations are fully integrated, IW will remain a strength for adversaries who have organized their forces to exploit this military asymmetry.

Recommendation: None.

Endnotes:

[1] Richard Mosier, “NAVY INFORMATION WARFARE — WHAT IS IT?,” Center for International Maritime Security, September 13, 2016. http://cimsec.org/navy-information-warfare/27542

[2] Vladimir Isachenkov, “Russia military acknowledges new branch: info warfare troops,” The Associated Press, February 22, 2017. http://bigstory.ap.org/article/8b7532462dd0495d9f756c9ae7d2ff3c/russian-military-continues-massive-upgrade

[3] John Costello, “The Strategic Support Force: China’s Information Warfare Service,” The Jamestown Foundation, February 8, 2016. https://jamestown.org/program/the-strategic-support-force-chinas-information-warfare-service/#.V6AOI5MrKRv

[4] Keir Giles, “The Next Phase of Russian Information Warfare,” The NATO STRATCOM Center of Excellence, accessed April 20, 2017. http://www.stratcomcoe.org/next-phase-russian-information-warfare-keir-giles

[5] U.S. Joint Chiefs of Staff, “Joint Publication 2-0: Joint Intelligence”, October 22, 2013, Chapter III: Intelligence Organizations and Responsibilities, III-7-10.

[6] U.S. Joint Chiefs of Staff, “Joint Publication 3-13: Information Operations”, November 20, 2014, Chapter III: Authorities, Responsibilities, and Legal Considerations, III-2; Chapter IV: Integrating Information-Related Capabilities into the Joint Operations Planning Process, IV-1-5.

[7] U.S. Joint Chiefs of Staff, “Joint Publication 3-12 (R): Cyberspace Operations”, February 5, 2013, Chapter III: Authorities, Roles, and Responsibilities, III-4-7.

[8] Ibid.

[9] U.S. Cyber Command News Release, “All Cyber Mission Force Teams Achieve Initial Operating Capability,” U.S. Department of Defense, October 24, 2016. https://www.defense.gov/News/Article/Article/984663/all-cyber-mission-force-teams-achieve-initial-operating-capability/

No comments: