The Army is increasingly dependent on the service-wide communications network that provides units and commanders at all levels the information needed to perform its various missions, but the complex network is vulnerable to cyber-attack and commanders have little understanding of how to defend it or retaliate against an enemy’s opposing systems, service officials said Nov. 10.
“We must drive convergence,” Maj. Gen. Stephen Fogarty said at a forum on Army cyber capabilities hosted by the Association of the U.S. Army outside Washington, D.C. “When we talk about the network, there is no the network. There are multiple networks and this causes significant challenges. The way we operate today is unsustainable and, frankly, is indefensible.”
At the brigade combat team (BCT) level, the Army struggles with basic cybersecurity of its networks, Fogarty said. Enabling offensive and defensive cyber capabilities down to the tactical unit level will require institutional changes throughout the entire service and a consolidation of disparate networks that have been fielded piecemeal to various geographical commands and units.
“When you have a system of systems infrastructure, you are only as strong as your weakest link,” said Jeffrey Snyder, vice president of cyber programs for Raytheon [RTN]. “Many of the individual systems are designed and produced by different companies and/or different countries, all of which may have different standards of how to secure that system.
Maj. Gen. Charles Flynn, commander of the 25th Infantry Division, said combatant commanders like himself are largely unaware of the tactical cyber capabilities that are available to them. Teams of cyber soldiers need to deploy and embed with brigade combat teams and combatant commands, he said.
“We need them in the warfighting formations and you need to send your very best people,” Flynn said. “They need to be reliable and credible upon arrival. They need to describe to the commanders what they offer…If you don’t send your very best people out there to talk to division, corps and theater commanders, it will set back your efforts more than you can ever imagine.”
Cyber units must convince battlefield commanders that the capabilities they offer are as valuable as artillery to modern maneuver warfare, Flynn said. Failing that, fielded cyber personnel and capabilities likely will be banished to “the Island of Misfit Toys” where other novel but poorly understood platforms and policies are kept “off to the side,” he said.
In a world that is increasingly connected to networks and the Internet of things, nearly every electronic device or system is a potential target of a disruptive cyber-attack, said J.D. McCreary, chief of disruptive technology programs at the Georgia Tech Research Institute.
“Commanders need to think about deploying forces into a local technology environment,” he said. “There are an infinite number of targets.”
Gaining access to a specific car’s Bluetooth communication network could in turn provide access to the phone and cellular network of the high-value target that owns the car, McCreary said.
Army units on the front line must take responsibility for the service’s offensive and defensive capabilities because agencies like U.S. Cyber Command and the National Security Agency are unable to provide tactical-level operations. Only a cyber unit on the ground could hack into a drawbridge operating system and lift it remotely to cover an Army unit’s retreat in real time, McCreary offered as an example.
The Army’s dependence on networks that provide battlefield awareness and communications is increasingly rapidly and likely will not decrease, Flynn said. The policies and authorities that would allow combatant commanders like Flynn to counter cyber threats in the field are not evolving in step with those threats, he added. Neither are soldiers’ skills being honed to detect and counter cyber threats to battlefield networks.
“Commanders’ awareness in broad terms, remains…lacking,” Flynn said.
Fogarty said the Army needs improvements in cyber situational awareness, defensive operational capabilities, a unified cyber platform, offensive electronic attack capabilities and “seamless” collaboration among units at all echelons, he said. Fogarty called for investment in an Army cyber campus, where its efforts in that domain can be developed, honed and fielded.
“The facilities down at Fort Gordon outside the operational facilities, are not up to the task. The Army is going to have to make a significant investment, including in establishing persistent training environments for cyber soldiers, Fogarty said. “We have to be able to put our soldiers on cyber ranges just like we can take them to the marksmanship range and we’ve got to be able to do that down at every installation.”