Cyber war is coming to the street fight. Just weeks ago, when the Army’s 1/1 Armored Brigade conducted both live and virtual wargames against a simulated enemy, the old-school treadheads had a revolutionary new ally: offensive cyber teams, with two to three specialists from Army Cyber Command (ARCYBER).
Capabilities once restricted to national missions and strategic intelligence are now being attached to individual companies of 80-120 soldiers. In exercises, offensive teams moved up within eyeshot of the front line to attack enemy communications while the 1/1 soldiers fought the physical battle.
Details get classified quickly, but in one exercise, a cyber team joined the advance guard of its attached company in an observation post. From there, using equipment described only as “man-portable solutions,” the cyber specialists shut down the communications of an “enemy” command-and-control cell. That kept the bad guys in the dark while the main body of the company moved up and breached physical obstacles barring the path of its attack.
All told, 40-45 cyber soldiers will be attached to the 1st Armored Brigade (which has about 4,000 troops) for the climactic wargame this July and August, said Lt. Col. Jonathan Burnett, ARCYBER’s lead officer for “Cyber Support to Corps and Below” (CSCB). The makeup and organization of the tactical cyber force is still provisional and experimental, Burnett emphasized, but it will consist of
- a “defensive support team” of four or five soldiers to help protect the brigade network;
- four Cyber/Electro-Magnetic Activity (CEMA) “weapons teams” of two or three soldiers each for offensive operations;
- an Electronic Warfare (EW) element of two soldiers with unspecified “dismountable (i.e. portable) capability,” since tactical networks are almost always wireless and thus subject to radio-based detection, eavesdropping, jamming, and even hacking;
- additional specialists, such as an Information Operations planner, embedded in the brigade staff.
Maj. Steven Chadwick, 1/1’s operations officer, told reporters yesterday that these cyber teams were intimately integrated with the brigade’s operations. Having trained together on and off since February, the cyber specialists would join up with individual companies 24 hours ahead of a scheduled exercise to plan the specific operation.
It’s a breakthrough just to get cyber and combat troops communicating. One old-school general publicly likened cyber experts’ jargon-laded discourse to “dolphin speak.” More junior officers are likely to have grown up with the Internet in a way generals have not, but there’s still a cultural chasm to cross between grunts and geeks.
“The cyber team had to be able to convey his or her capabilities to that company commander,” said Maj. Chadwick. “This is the first time they’re integrating the cyber element at a tactical level, (and they) did a great job of providing that initial capabilities brief.”
The climax of the brigade’s cyber experiment comes in late July, when the unit and its cyber specialists deploy to the legendary National Training Center at Fort Irwin, Calif. NTC hosts the nation’s most intense training for armored unit. Light infantry holds its equivalent exercises at the Joint Readiness Training Center in Fort Polk, La. In the Cold War, NTC challenged arriving units with a simulated Soviet tank force. In recent years, it added guerrillas acting as the enemy’s advance force, simulating Russian-style “hybrid” tactics as used against Ukraine. Now, it’s adding cyber.
“This is a huge infrastructure improvement to the training center,” said Burnett. The Army upgraded the existing networks linking urban training sites at both NTC and JRTC to create a replica, in miniature, of “the social media environment of a small nation-state.” Commanders must cope not just with the technical complexities of accessing, exploiting, or disrupting networks, but also with the second- and third-order effects on the local civilian population.
Nation-state militaries generally bring their own networks, but irregular forces like guerrillas, terrorists, and militia fighters generally use the same infrastructure as the civilian population. If the US shuts it all down indiscriminately, it may lose local support. So a major part of the training is about waging the counter-propaganda war on social media.
The Army has built up this cyber training infrastructure since 2014, when ARCYBER launched its Cyber Support to Corps & Below pilot program. The initial exercises were with light forces at JRTC. The first was in May 2015, when the 3rd Brigade of the 25th Infantry exercised with both offensive and defensive cyber capabilities. In June, the famed Ranger Regiment did an exercise “focused on the rapid fielding of tactically deployable kit, focused on ISR (intelligence, surveillance, reconnaissance) and targeting,” said Burnett. In November, the 1st Infantry Brigade of the 82nd Airborne did a “defensive-focused effort… against an aggressive cyber attack,” he said.
This year’s exercises involve mechanized forces at the NTC. 2/2 Stryker — a medium brigade of the Army’s eight-wheel-drive armored vehicles — conducted a NTC wargame in January. July and August will be the turn of 1/1 Armored, a heavy brigade of tracked vehicles. ARCYER expects to embed cyber forces in two Combat Training Center exercises a year, plus one Army technology assessment exercise, either an Army Warfighting Assessment (AWA) or a Network Integration Evaluation (NIE).
To date, the cyber teams have joined the combat brigades for specific training events, but then return to their home bases. Many of the Army’s “enablers” are centralized this way, since it’s expensive to set up the highly technical training facilities they require at more than one location. But the service is exploring a wide range of potential organizations and technologies. The one certainty, said Lt. Col. Burnett, is wherever Army soldiers go in the future, they will be surrounded by the invisible battlefield of cyberspace.