NATO ministers have designated cyber as an official operational domain of warfare, along with air, sea, and land. Cyber warfare has developed into a more sophisticated type of combat between countries, where you can destroy communications infrastructure, said Marc Rogers, Head of Security for DefCon, adding that ordinary people become pawns in these games. Many governments are building a cyberwarfare capability: among the most advanced countries are the US, Russia, China, Iran and South Korea. US and other coutries including U.K., China, Russia, Israel and others are setting up Unified cyber commands for more effective and coordinated efforts for conducting cyberspace operations, both offensive and defensive. The offensive operations are seen as deterrent to adversaries.
U.S. Cyber Command is composed of several service components, units from military services who will provide Joint services to Cyber Command. The USCYBERCOM conducts and synchronizes activities to: secure, operate, and defend the DODIN; attain freedom of action in cyberspace while denying same to adversaries; and, when directed, conduct full spectrum cyberspace operations in order to deter or defeat strategic threats to U.S. interests and infrastructure, ensure DoD mission assurance, and achieve Joint Force Commander objectives.
The cyber domain command and control is also susceptible to cyber attacks and cyber warfare campaigns. “The No. 1 priority is resilient, survivable, reliable command and control,” said Gen. Robert Neller, commandant of the Marine CorpsNeller. “We’ve got to be able to protect our networks and deny our adversary theirs. If we can’t do that, we’re in another space and I think that’s going to be a challenge because of the capability sets our peer adversaries are developing.” Neller said he was particularly worried the Marine Corps would not be able to best take advantage of the F-35 and its multitude of sensors because of command-and-control systems.
Cyber Command and Control
Just as in kinetic warfare , cyber warfare must deploy our resources using the strategy and tactics of warfare. Employing cyber warfare strategy and tactics requires a cyber warfare command and control system. The DoD Dictionary of Military and Associated Terms defines Command and Control (C2) as “the exercise of authority and direction by a properly designated commander over assigned and attached forces in the accomplishment of the mission…” As important as organizational models are for command and control, C2 systems are used for more than just providing an organizational structure for communicating in a formal way within the organization. For instance, C2 systems are used for developing strategy, executing tactics, maintaining a common operational picture, developing courses of action, and maintaining intelligence information.
As with other operational domains i.e. Air Operations, Ground Operation, etc Integrating Cyber Warfare as an operational domain into the broader C2 functional domain shall include elements of Doctrine, Organization, Training, Materiel, Leadership and Education, Personnel and Facilities (DOTMLPF).
Doctrine shall addresses the much needed Tactics, Techniques and Procedures (TTPs) for operating in a cyber realm. Organization defines the organizational structures needed to successfully implement a cyber warfare organization. The Materiel describes a reference model / implementation pattern for implementing cyber command and control systems. Facilities illustrate the types of facilities (i.e. Network Operation Centers, Security Operation Centers, and Cyber Space Operation Centers) and the processes for federating across agency / organizational boundaries.
Cyber battles usually take place in the seconds to minutes range whereas kinetic warfare battles occur in the hours to days range, therefore cyber command and control organizational model should be able to provide command and control effectively for cyber warfare.
USAF Cyber Command and Control Mission System (C3MS) weapon system
The U.S. Air Force has mastered the ability to apply global reach, power and vigilance across the domains of air and space. The AF applies these same precepts in the cyberspace domain as part of its mission to fly, fight, and win in air, space and cyberspace. The Cyber Command and Control Mission System (C3MS) weapon system enables this mission by synchronizing other AF cyber weapon systems to produce operational level effects in support of Combatant Commanders worldwide.
C3MS provides operational level Command and Control (C2) and Situational Awareness (SA) of AF cyberspace forces, networks and mission systems. C3MS enables the 24th Air Force Commander (24 AF/CC), Commander, AFCYBER (CDR AFCYBER), and Commander, Joint Force Headquarters – Cyber (JFHQ-C) AFCYBER to develop and disseminate cyber strategies and plans, then execute and assess these plans in support of AF and Joint warfighters.
The C3MS weapon system is the single AF weapon system providing overarching 24/7/365 situational awareness, management and control of the AF portion of the cyberspace domain. It ensures unfettered access, mission assurance, and joint warfighter use of networks and information processing systems to accomplish worldwide operations.
The weapon system has five major sub components:
– Situational Awareness: produces a common operational picture by fusing data from various sensors, databases, weapon systems and other sources to gain and maintain awareness of friendly, neutral and threat activities that impact joint forces and the Air Force.
– Intelligence, Surveillance and Reconnaissance (ISR) products: enables the integration of cyberspace indications and warning, analysis and other actionable intelligence products into overall SA, planning and execution.
– Planning: leverages SA to develop long and short-term plans, tailored strategy, courses of action, and shape execution of Offensive Cyberspace Operations (OCO), Defensive Cyberspace Operations (DCO) and DoD Information Network Operations (DoDIN Ops).
– Execution: ability to leverage plans to generate and track various cyberspace tasking orders to employ assigned and attached forces in support of OCO, DCO, and DoDIN Ops.
– Integration with other C2 nodes: provides ability to integrate Air Force-generated cyber effects with AOCs, USCYBERCOM and other C2 nodes.
US Air Force’s Cyber Mission Platform (CMP)
The Air Force Life Cycle Management Center’s (AFLCMC) Cryptologic and Cyber Systems Division has contracted Northrop Grumman to continue the development and deployment of the US Air Force’s Cyber Mission Platform (CMP). CMP is a comprehensive cyberspace operations system that provides the hardware/software host for offensive cyber operations. As part of a $37m three-year task order, the $9.4m contract has a one-year base period of performance.
The system allows operational level 24/7, year round control of the Air Force’s presence and activities in cyberspace by providing Command and Control (C2) and situational awareness capabilities for Air Force cyberspace forces, networks, and mission systems. “CMP enables rapid integration of cyberspace capabilities, enhancing how warfighters can respond to the dynamic and evolving mission environment. “Our agile approach will greatly increase the airforce’s ability to ensure a strong deterrent force in the face of an ever-changing cyber threat.”
DoD explores technology solutions for cyber command and control
Artificial intelligence (AI), automation, and the cloud, have the potential to support command and control (C2) in the cyberspace domain government and industry leaders said during a panel discussion at the annual Armed Forces Communications and Electronics Association’s Defensive Cyberspace Operations Symposium, May 2018 in Baltimore.
“Our cyber environment is contested,” said panel moderator, Greg Duchak, deputy assistant secretary of defense for command and control, communications, cyber, and business systems. “Our ability to command and control our forces and work with others in this contested cyber environment will make the difference between mission success and failure.”
Rounding out the panel were Misty Blowers, cyber research leader at Air Force Research Laboratory, Rome Labs; Terry Carpenter, services development executive at the Defense Information Systems Agency; Army Col. Paul Craft, director of operations for the Joint Force Headquarters – DoD Information Network; and Dan Prieto, strategic executive at Google Cloud. Duchak said there are no one-size-fits-all solutions to approaching C2 in defensive cyber operations (DCO), but there are critical, interrelated challenges that must be addressed.
“We need to design approaches to C2 that work well for DCO,” he said. “We need to know ourselves and to know our adversary. This means we need solid situational awareness (SA). We (also) need to focus on making mission C2 more agile so it can adapt to circumstances even in a cyber degraded environment, and we need to understand the link between DCO and our ability to exercise mission C2 in all domains.”
Speed is essential
Craft and Prieto described the similarities and differences between the cyber domain and the other warfighting domains. “The major difference between cyber and land, air, sea, and space is that the cyber domain is a man-made domain and it can be changed,” said Craft. Because the cyber domain can be changed, maintaining SA and C2 of the terrain and what an adversary might be doing is exceptionally challenging, he said.
The speed at which adversaries are able to adapt is much greater in the cyber domain than in physical domains, Prieto said. “Adversaries can easily modify malware in under 24 to 36 hours,” Prieto said. Craft agreed: Speed is key to C2 in DCO. Events occur in cyberspace in seconds, he said. The amount of data that can be taken is dependent on how fast data can be removed, moved, or modified within the network before cyber defenders can react.
“The speed at which we can operate the network, the speed at which we can change or maintain the network, the speed at which we can secure and actively defend the network – and therefore make decisions at speed – will require some sort of artificial intelligence so that the computer provides options for when we have to have a DoD level, or even commercial, decision made,” Craft said.
“Looking for needles in haystacks”
Carpenter, who is responsible for delivering integrated enterprise services and data systems to the warfighter, said a large amount of data is constantly being acquired, and DOD requires different and novel ways to make the data consumable and usable by the warfighters.
“When you talk about petabytes of data and the analysis that has to go on, we have to provide tools that are just as responsive,” he said. “But there is a lot of challenge and risk in the way we build those applications for the C2 functions. We have to think about how to provide better tools to the user community.” Prieto reflected on the paradox of maintaining C2 with the exceptionally large volume of data that saturates DOD’s systems. “On the one hand, you are flooded with data, you are slow to knowledge – because of the overwhelming amount of data,” he said. “You are looking for needles in haystacks.”
Technology to support cyber C2
Carpenter said he wants to help the operator gain situational awareness (SA) faster, and automation, AI, and cloud are important elements to get to the desired end state. “How can I help the operator to discover faster? We want to improve the speed with which the operators can discover things. So they don’t have this huge lag time in trying to sort through the big data,” Carpenter said. Carpenter also emphasized the need to look for ways to streamline the development and adoption process for C2 tools.
“There is an appetite I have never seen before, for trying new things, to automate, to make it more predictable and to leverage things like artificial intelligence and machine learning,” he said. Blowers agreed AI will be an essential weapon in the cyber fight. “Because of the advancements are adversaries are making in this (AI) arena, it is imperative we also develop cyber autonomous capabilities so that we can be sure to be competitive in a future conflict,” she said.
The panel explored how cloud adoption might help with the path to improve C2 in DCO. “When you think about cloud, the opportunity is to move to a more modern, secure, consistent, scalable environment, without having to make all the upfront investments yourself,” Prieto said. “That is what is on offer from cloud service providers.”
“Cloud needs to be an agonistic underpinning on everything we do,” Carpenter said. “More importantly, though, I listen to the warfighter, I listen to the folks trying to deal with this new domain.” Duchak agreed that the goal of moving to the cloud must be connected to the warfighting functions. “Cloud is more than just efficiencies; it’s about improving operations,” he said.
A joint effort
Craft said the solution to the C2 for DCO question will only come through teamwork. “Teamwork includes working with our industry partners, working with academia, working with other agencies and combat commands and services,” he said. Although the path forward still has many unknowns, Craft said the desired goal for C2 in DCO is a secure network. “In the end we will have a secure network, we will know where all the data is, and we will know that it is secure and actively defended,” he said.