“You know, we say that ‘flat is the new growth’ in DoD,” Vice-Chairman of the Joint Chiefs of Staff, Adm. James “Sandy” Winnefeld, said at yesterday’s Bloomberg conference. “[Even] special operations forces” — where the Army contributes most of the personnel — “are sort of flat right now.” In fact, Winnefeld said, “cyber’s about the only area where we’re actually, no kidding, growing in terms of people and capacity.” And that’s a rising tide the Army means to catch.
“We’ve been tasked to build 41 [cyber] teams,” said Lt. Gen. Edward Cardon, chief of Army Cyber Command (ARCYBER), at last week’s Association of the US Army conference. That’s 30 percent of the 133 such teams — 6,000 military and civilian personnel — planned across the entire Defense Department. It’s a good sign for the Army that DoD is sticking to its traditional budget division into equal thirds among the Army, the Air Force, and the Navy Department, which includes the Marines. (Rep. Randy Forbes, among others, has called for this long-standing division to be shattered to bolster the Air Force and Navy to cope with their enormous spatial commitments to the Pacific and Middle East.)
That Army cyber contingent is ramping up rapidly, Cardon said: “In September we had two teams; today we have five; end of next month we’ll have nine. In January of next year we’ll have 24.”
“There’s a huge role” for the Army National Guard, Cardon added. “They’re bringing one cyber protection team online, they’re going to grow 10.” That’s good news for the Guard, which just weeks ago wasn’t sure the 10 cyber teams would make it into the 2015 budget, and it’s helpful for the regular Army leadership as well, which badly needs a bone to throw the citizen-soldiers amidst increasing brutal budget fights.
“We absolutely have to have the National Guard and Army Reserve in this,” said Cardon. “The one challenge we’ve had,” he acknowledged, was getting Guard and Reserve personnel scarce training slots in the military’s high-end cyber training schools, which also serve the Air Force, Navy, and Marines. Said Cardon, “the competition over these seats is fierce.”
But besides that note of caution, the Army seems remarkably optimistic about its role in cyber. “The military defines cyber as a domain,” Cardon said, alongside the land, air, sea, and space. “The difference with cyber is cyber is manmade” — and humans live on land. “It has a huge human dimension and huge land dimension, so the Army is uniquely postured” to conduct cyber warfare, he said. Of course the Air Force and the Navy might disagree.
The Army’s Cyber Strategy: Play Hurt, Go Hunting, & Keep Clausewitz
What struck me most about the Army leaders speaking at AUSA was how confident they seemed to be about cyber, compared to their angst and gloom in other areas. “We got this,” the brass seemed to be saying. The powerful personnel bureaucracy has created a new “cyber network defender” Military Occupational Specialty, MOS 25D. The service is also studying the creation of an entire cyber branch co-equal with artillery, armor, infantry, and all the other established arms; Cardon expects an announcement “in the next couple of months.”
Meanwhile, the Training and Doctrine Command (TRADOC) published a new field manual for cyber just this month and is turning the signals corps “schoolhouse” at Fort Gordon into a Cyber Center of Excellence. (It’s signals personnel that run the Army’s networks). Those are both crucial steps for a service with a quasi-religious devotion to doctrine.
“We are working hard to get the doctrine in place because the doctrine’s going to drive everything else: organization, training, leader development, materiel,” said Maj. Gen. LaWarren Patterson, the veteran signaler who commands Fort Gordon. And while schools for branches besides signals don’t have mandatory courses in cyberwarfare yet, he said, cyber concerns are increasingly woven into their wargames.
The Army’s getting better at practice, not just at theory, Patterson emphasized. “We’ve come a long way in the last three or four years as far as understanding our capabilities, our strengths and weaknesses, understanding our adversaries, so I was very encouraged and very happy to hear Gen. Cardon speak with such confidence,” Patterson told me in a sidebar conversation at the conference. “It’s light-years from where it was.”
Listening to Cardon, Patterson, and others, you can extract three core principles of the Army’s evolving approach to cyber:
Play hurt. Traditional cybersecurity relies on firewalls, passwords, and filters to keep the enemy out of your networks. But as the Stuxnet attack on the Iranian reactor program shows, even having a physical “air gap,” i.e. a closed network with no connection to the Internet, can no longer guarantee the bad guys won’t get in. An Army brigade’s command-and-control network isn’t linked to the civilian Internet either, but in recent exercises at the National Training Center in California, TRADOC Maj. Gen. Thomas James said at the AUSA conference, “the world-class cyber OPFOR [opposing force] can pull a brigade combat team to its knees in minutes.”
The military can no longer afford to simply shut down a network if they suspect the enemy has gained access and might steal vital data, said Cardon, because we depend on our digital links too much. That means, he said, “we have to build systems that can operate while compromised. That’s the bottom line.”
Go hunting. If you can’t always keep intruders out, you have to find them and throw them out. “That’s your ability to hunt inside the network,” Cardon said. “You identify a threat and then once you’ve identified it, you can find it.”
That’s the mission of the 133 cyber protection teams being stood up across DoD. That’s the “who,” but the “how” is still a work in progress, said Col. Maureen O’Connor, one of Cardon’s ARCYBER aides. But once we do figure out active defense, “those very same skill sets are very applicable to the other side,” she said: “When we do get the authorities to do a purely offensive act …we will have the tools and capabilities to do that.” In other words, once the Defense Department gets those 6,000 cyber-defenders trained and equipped, they’ll be able to switch over to offensive cyberwarfare whenever the White House allows.
Keep Clausewitz. Cyberspace is new, but war is eternal, and Army leaders believe the classical principles and lessons of history apply. “There is so much goodness out there that we don’t want to throw away,” Patterson told me, “so it’s not cleaning off the white board.”
There’s key terrain in cyber just as in land warfare, Cardon told the conference. Intangible data still has to pass through the physical cables, switches, and routers — some of them on the sea floor or in space, but most on land — whose connections and chokepoints give a definite shape to the seemingly endless fluidity of cyberspace.
“We need reconnaissance, maneuver, protection, fires, targeting,” Cardon said. “The entire doctrine we have for land operations can be applied to cyberspace — the entire doctrine.”
That said, Patterson told me, when it comes to cyber-specific field manuals, “it’s probably going to be a doctrine that changes faster than most.”