A Defense Technology Blog
See All Posts
  • Joint Cyber War -- Not Yet
    Posted by David A. Fulghum 5:08 PM on May 11, 2010

    “We want to make sure that cyber is integrated into the operational planning process from the beginning,” says Brig Gen. Charles Shugg, vice commander of the 24th Air Force. “We’ve got to learn how to fight through cyber-attacks.”

    For example the Air Force wants to demonstrate that it can continue flying its Remotely Piloted Aircraft fleet even while assailed by a range of cyber-weaponry.

    “We need mission assurance all the way through the [RPA’s] flight and extending through the supply chain, stateside flight control, satellite communications, the air operations center and distributed ground stations,” Shugg says. “We need to pre-plan alternatives and redundancies so that the warfighter never realizes that there is a cyber-attack going on.”

    The Air Force will have another focus on the integration of cyber- and electronic warfare.

    Getting approval for a tactical cyber-attack “will depend on the type of target, what the effects are and the potential collateral damage,” Shugg says. “Those answers could move decision-making from the tactical to the national level. It’s extremely complex.”

    To keep coalition members abreast of U.S. cyber-activities, 24th AF also is setting up an exchange program with the Royal Air Force and the Royal Australian Air Force. The Army joins in advocating early integrations with allies.

    “[Warfighting] Commanders don’t want to manage five networks,” says Maj. Gen. Steven Smith, the Army’s chief cyber-officer. “They would like to manage one, so that means you have to connect your coalition partners.”

    Moreover, a large bureaucratic obstacle was removed with the May 7, Senate confirmation of the promotion of Keith B. Alexander, director of the National Security Agency since 2005, to the rank of four-star general and to leadership of U.S. Cyber Command. The new command is expected to be operational late this year, possibly in Oct., a year after Alexander was nominated to the new post.

    Delays in confirmation were created by the lack of knowledge among lawmakers about what cyber-warfare is, who approves cyber-attacks, how cyber-weapons are developed and how warfighting fits with civilian cyber-activities like those conducted by the Dept. of Homeland Security.

    Each of the service’s subordinate cyber-commands, such as the Navy’s 10th Fleet and the USAF’s 24th Air Force, have been awaiting this decision – delivered by a voice vote in the Senate May 7th – to formalize their missions and begin an intensive training program to develop and man their computer attack and defense capabilities. Cyber Command will be a component of U.S. Strategic Command at Offutt AFB, Neb., and it will be located with NSA at Fort Meade, Md. NSA will help provide training for the first regularized classes for training cyber-warriors.

    The organizational framework for planning and launching U.S. cyber-attacks and defending military networks now appears to be complete, but many unknowns remain about how attacks will be conducted and who will approve them. It is a murky area that has hindered their operational use of cyber-weapons for 20 years, beginning with planning for the war with Iraq in 1990.

    “Given the title authorities [defining who is and is not a combatant] and [rules about] who can do what to whom, how do you share the [cyber-]picture with the Army, Navy, Air Force and Marine Corps,” says Vice Adm. Bernard McCullough, III, commander of the cyber-war-fighting 10th Fleet. “We have yet to define how we do that in cyber-operations. How do you develop target folders for non-kinetic effects in support of operational planning?”

    Another sticking point is the undefined border between electronic and cyber-warfare.

    “When inside a defined combat theater of operations, if the [electronic or cyber-]effect is generated and the target is confined to that theater, I think we have pretty clear command and control,” McCullough says. “The real issue is if you go outside the theater, who owns the authority, how is it delineated and what is the national policy? That’s being worked at the highest level. A lot of it isn’t understood.”

    U.S. military cyber-forces will be pulled into managing cyber-attack-triggered catastrophes just as they support large-scale natural disasters, predicts former CIA chief James Woolsey.

    “It is not a Defense Dept. obligation to protect the national power grid,” Woolsey says. “The problem is that nobody is responsible, at least nobody that is doing anything effective. We have an infrastructure that is privately owned and resists government regulation even on matters of security and safety. I wager as the vulnerabilities of the grid [to cyber-attack] become more apparent, unless somebody gives responsibility to a new entity, there will be pressure in one way or another for the military to protect the power grid.”

    Tags: ar99, cyberwar, Alexander

  • Recommend
  • Report Abuse

Comments on Blog Post