Defending Networks Emerges As Top Battlefield Priority
Soldiers at the Cyber Operations Center at Fort Gordon, Georgia, monitor for potential network attacks.The first target Russia or China will go after in a shooting war may not be an F-35, an air base, or even an aircraft carrier. These peer competitors will probably attempt to take down the U.S. military’s communications enterprise first.
And if they don’t succeed on the first day, they will attempt to do so again, again and again, senior defense leaders recently said.
“Our adversaries will intentionally and frequently try to take down our network as an asymmetric means to get after our combat power. They are going to do it,” said William T. Lasher, deputy chief of staff, G-6, at U.S. Army Forces Command headquarters.
“We are watching them do it in other areas, so we know this is coming,” he said at the Milcom conference in Baltimore, Maryland.
Army Chief of Staff Gen. Mark A. Milley in October introduced the multi-domain battlefield concept, where he said ground forces of the future would have to be prepared to fight in the air, at sea and cyberspace.
Maj. Gen. John B. Morrison, commanding general of Fort Gordon, Georgia, and the U.S. Army cyber center of excellence, said the latter will be a challenge.
“We will be operating against a near peer in a congested and contested environment. … Quite frankly, we have seen some of these near peers bringing integrated capabilities to the battlefield and having tremendous operational effects,” he said.
Milley’s vision “flips how the Army operates in the future on its head,” said Morrison. It recognizes that cyberspace is an operational domain that the Army needs to maneuver in, he added.
To that end, the Army is bringing its cyber, electronic warfare and signals capabilities under one command, a Cyber Directorate located at the Pentagon, he said. While that is the beginning of a doctrinal and organizational construct, there is a lot of work to do on the technical side, where systems created separately in silos means that integration has a long way to go.
“The technologies we deployed with to Iraq in 2003, 2004 and 2005 are nothing like what we have today,” Morrison said. One of the major differences is that strategic and tactical communications networks are now blended. There has been progress protecting the network on the higher end, but not so much on the tactical side, he said.
For example, the creation of joint regional security stacks has taken the number of security enclaves from about 1,000 down to the 20s, he said. That reduces the portals and avenues of attack for adversaries on the Non-classified Internet Protocol Router Network, better known as the NIPRnet, and about the same number on secure networks, he said.
The Army in a joint program with the Air Force and the Defense Information Systems Agency is coming up with acquisition paradigms where cybersecurity is “baked in” to new applications instead of being something tacked on. It also trains enlisted personnel to take the place of contractors to install security updates, which make the process more agile.
The Army is building a more modernized, capable and secure network that three years ago existed only on PowerPoint but now has 300,000 users, he said.
But operations are driving the Army to more distributed mission commands. That means the network is proliferating on the battlefield down to tactical units. “The days of a strategic network and a tactical network are long gone. Operations have blown right by that construct,” he said.
“That paradigm needs to get pushed into the tactical space because everything that we are doing is end to end,” Morrison said.
The Army recognizes that the network is the foundation for all cyberspace operations and electronic warfare operations and that it needs to integrate those operations from a doctrine perspective and a requirements perspective, he said.
“What we cannot have are siloed capabilities being built and then we turn around and force the integration back onto our operational units,” he said.
“In many respects that’s where we are at. We are trying to bolt together siloed requirements into an integrated capability. We need to bring that together on the front end,” he added.
On the technical side, “We should not have a network box sitting right beside a cybersecrity box sitting right beside an EW box. They should all operate off this foundational integrated network baseline and then we can apply the right capabilities at the right time,” Morrison said.
Lasher is a proponent of network maneuverability and flexibility, which will keep adversaries guessing on how to attack in cyberspace.
“We have got to take a look at our current architecture — at least the way we have implemented our tactical systems — and ask ourselves, ‘Are we ready?’” Lasher said.
The U.S. military has gotten into some bad habits over the past 15 years of war. Being placed in forward operating bases where personnel assume that they can use fixed infrastructure, or they can set up a satellite link that will support them for an indefinite period, may not be the scenario in this new kind of warfare.
“We have got to start thinking how to maneuver against an agile enemy who we know is going to come after our networks … to get after our combat power,” he said.
In the Cold War era, signals personnel came in every morning and dialed in a new radio frequency based on instructions. Had the enemy discovered the frequency the previous day, they wouldn’t know where it was the next day, he noted.
“What if we did that with IP space? You may have mapped my network yesterday, but now the entire space has changed. In fact with software defined networking, not only did we change the IP space, but we essentially changed the architecture of where the tiers are, what the router and switch configurations look like,” Lasher said.
Army personnel will have to do this in a manner that doesn’t “confuse ourselves to death,” he added. “That is probably the bigger challenge.”
Communications backbones on which the networks are carried must also be nimble, Lasher said.
“We need to be maneuverable in spectrum” and bandwidth, he said. When U.S. forces go overseas into a sovereign nation, they have completely different regulations for spectrum. U.S. systems must be able to adapt.
There must be an automated means of prioritizing and allocating bandwidth to traffic, which is difficult to do today, Lasher said.
“We essentially plug in a router and whoever puts demands on a router, whether they are important or not, takes the bandwidth,” he said.
A soldier in his tent could be watching YouTube or ESPN and might be taking up the bandwidth when it’s critical to receive a full-motion video feed from somewhere else, he noted. “Tools are needed to allow us to guard bandwidth for particular users or prioritize bandwidth when it comes time to maneuver the network toward the commander’s priorities on the battlefield,” he said.
There also must be redundant transport systems for delivering the network. Along with taking advantage of whatever local infrastructure might be available, the military needs the ability to quickly change its links to space-based communications systems, if needed, he said.
“We have got to able to have redundant satellite connectivity,” he said. If one satellite system is under attack, commanders should be able to quickly change to another.
“The days of us plugging in on one constellation and not being maneuverable off that constellation I suspect are numbered,” Lasher said.
Retired Maj. Gen. Earl D. Matthews, former director of cyberspace operations and chief information security officer in the office of the secretary of the Air Force, asked, “Do we have any weapons today that are not cyber related?”
The only one he could find was the 7.62 mm rifle. “Everything else is dependent on cyber. If someone can prove me different, I would like to know,” said Matthews, who is now vice president of enterprise security solutions at Hewlett Packard.
“Everything will be integrated into a grid and that grid is going to be impacted by performance,” he said.
“We have got to move way left in order for us to win this game in the next conflict. Control and denial of the electromagnetic spectrum is going to be the key to victory,” he said.
Complexity is the friend of the adversary, he noted. Networks have been put together over the course of 20 to 25 years in a stovepiped fashion, and then were integrated, he noted.
Reducing complexity will help protect the network, he asserted.
“Moving to the cloud provides us with some less complexity if we don’t have all these legacy systems,” he said.
“The cloud is the next great do-over for this domain,” he said. “If we move to the cloud — and we treat it with a sense of urgency — which we are not … we will put ourselves in a better posture,” Matthews said.
Lasher said there are problems industry can help solve by driving in automation and simplicity.
The Army needs to do more with fewer soldiers especially within the signal and cyber domains. It needs to be as small, efficient and agile as it can. Remote operations should also be encouraged so they don’t have to always be in any particular spot, Lasher said.
Vendors need to hide complexity from the warfighters.
“Their primary focus needs to be prosecuting the war. Finding an enemy. Defeating an adversary,” Lasher said. They can’t be buried in instructions to tell them how to operate “a box,” and not focused on the fight, he added.
Rick Skinner, director of global strategy and mission solutions at Northrop Grumman Aerospace Systems, said given the right personnel and some internal development funds, industry is adept at coming up with solutions to some of these hard problems. They could be solved in as little as 18 months of work. The problem is that the military takes three years at the beginning of the process to come up with requirements, then takes another three years afterwards for test and evaluation.
“You take something that takes two years and you bookend it with six years, you are back to where you started from,” he said.
“We need a rapid security office to complement our rapid capabilities office,” he suggested.
Topics: Cyber, Cybersecurity, Infotech