Army Embeds Cyber Forces in Combat Training Drills (UPDATED)
As part of their routine combat training, Army brigades will be more rigorously challenged to fight enemies in cyberspace.
This new twist in combat training is part of a broader strategy to bolster Army skills at defending networks and to elevate the importance of cyber operations in war fighting, said Ronald W. Pontius, deputy to the commanding general of U.S. Army Cyber Command.
“We are working on truly integrating cyber operations into unified land operations,” Pontius told National Defense in a recent interview. The plan is to experiment with several brigades, study the results of the training and figure out how cyber warfare fits in the big picture of combat operations.
The 3rd Brigade Combat Team, 25th Infantry Division, was the first to try the experiment during its recent training rotation in Fort Polk, Louisiana. During drills at the Joint Readiness Training Center, the brigade deployed with its standard network defense capability, which Cyber Command supplemented with additional expertise. “We were trying to figure out how to bring defensive and offensive cyber operations, and how the brigade can think through how to integrate that into maneuver operations,” said Pontius. “This was the first of a series of experiments.”
There is growing pressure on the Army to beef up its cyber skills and prepare for the possibility that its weapon systems — many of which are digital devices connected to networks — could be hacked.
The trials will continue in the fall when another brigade goes through the JTRC, and next year as part of other Army fighting experiments, Pontius said. The mandate from the Army’s senior leadership is that “cyberspace operations are another warfare domain that needs to be fully integrated into land operations,” he said. “That’s part of what we’re working on. Experiments are important. We need to learn and grow from this.”
The Army will take the next year or two to study the results of the training and decide what, if anything, should change in the organization of combat units. “We’ll figure out what our future formations should be. What capabilities should be at brigade, division, corps levels, or what should be augmented,” said Pontius. The goal is to train field commanders to plan for operations in cyberspace like they plan physical security tactics. “We have a long way to go to work through what that means, train and educate our leaders, but that’s where we are heading.” The Army generally understands the importance of information systems and data. The question now is “Do we need to do better to protect it and how do we integrate that into operations? That’s part of the experiments.”
There will be two brigades in the Army entirely focused on cyber warfare: the 780th Military Intelligence Brigade based at Fort Meade, Maryland, and the Cyber Protection Brigade at Fort Gordon, Georgia.
Army Cyber Command, headquartered at Fort Belvoir, Virginia, has about 500 people, and is scheduled to relocate to Fort Gordon. The bulk of the Army’s cyber workforce of 19,000 — a mix of military, government civilians and staff contractors — resides at the Army Network Enterprise Technology Command at Fort Huachuca, Arizona.
“We are growing,” Pontius said. “We are in the third of a four-year growth plan that will be completed by the end of fiscal year 2016.” Both cyber brigades will have about 1,900 active-duty soldiers, and will be augmented by platoon-size teams from the National Guard and Army Reserve.
Army Cyber Command also will be overseeing a massive network consolidation effort that would bring the Army, National Guard, Reserves, Corps of Engineers and research labs into the same network environment. “We’re on a journey on that, it will evolve over the next couple of years,” said Pontius.
At the same time, the Army will transition to a defense-wide network that the Pentagon will create in order to better protect military systems from intrusions. “That’s the path DoD is on,” said Pontius. The overarching concept is called “joint integrated environment.”
The Defense Information Systems Agency is leading a program to deploy “joint regional security stacks.” These are suites of equipment that perform firewall functions, intrusion detection and other network security functions. Under this approach, cybersecurity is centralized into regional architectures instead of locally distributed architectures at each military base, post, camp, or station. The Army and Air Force have funded DISA to transition their networks to the new structure.
“The Army is in tremendous need of modernizing our network,” Pontius said. “Our modernization will be part of the modernization of the joint network,” he added. “When we move to the joint regional security stacks and a new joint architecture we will reduce the ‘attack surface’” on which intruders can operate. “That puts us on a more defensible basis.”
The shift to the joint regional security stacks will take about two to three years, Pontius said. “The model we have now, with all the different networks, is unaffordable. And we can’t defend it.”
CORRECTION: An earlier version of this post had the wrong location for the Army Network Enterprise Technology Command.