The Department of Defense (DOD) defines cyberspace as a global domain within the information environment consisting of the interdependent network of information technology infrastructures and resident data, including the internet, telecommunications networks, computer systems, and embedded processors and controllers. The DOD Information Network (DODIN) is a global infrastructure carrying DOD, national security, and related intelligence community information and intelligence.
Cyberspace operations are composed of the military, intelligence, and ordinary business operations of the DOD in and through cyberspace. Military cyberspace operations use cyberspace capabilities to create effects that support operations across the physical domains and cyberspace. Cyberspace operations differ from information operations (IO), which are specifically concerned with the use of information-related capabilities during military operations to affect the decision making of adversaries while protecting our own. IO may use cyberspace as a medium, but it may also employ capabilities from the physical domains.
Cyberspace operations are categorized into the following:
- Offensive Cyberspace Operations, intended to project power by the application of force in and through cyberspace. These operations are authorized like operations in the physical domains.
- Defensive Cyberspace Operations, to defend DOD or other friendly cyberspace. These are both passive and active defense operations and are conducted inside and outside of DODIN.
- DODIN Operations, to design, build, configure, secure, operate, maintain, and sustain DOD communications systems and networks across the entire DODIN.
In September 2018, the White House released a national cyber strategy consisting of four pillars: (1) protecting the American people, homeland, and way of life by safeguarding networks systems, functions and data; (2) promoting prosperity by nurturing a secure, thriving digital economy and fostering strong domestic innovation; (3) preserving peace and security by strengthening the ability of the United States, its partners, and allies to deter and punish those who use cyber maliciously; and (4) advancing influence to extend the key tenets of an open, interoperable, reliable, and secure internet.
Following these pillars, DOD released its own cyber strategy outlining five lines of effort: (1) build a more lethal force; (2) compete and deter in cyberspace; (3) strengthen alliances and attract new partnerships; (4) reform the department; and (5) cultivate talent. Three operational concepts identified in the DOD Cyber Strategy are to conduct cyberspace operations to collect intelligence and prepare military cyber capabilities to be used in the event of crisis or conflict, and to defend forward to disrupt or halt malicious cyber activity at its source,
including activity that falls below the level of armed conflict. Defending forward may involve a more aggressive active defense, meaning activities designed to disrupt an adversary’s network when hostile activity is suspected.
United States Cyber Command
In response to the growing cyber threat, in 2009 the Secretary of Defense directed the establishment of a new military command devoted to cyber activities. USCYBERCOM’s stated mission is to “to direct, synchronize, and coordinate cyberspace planning and operations to defend and advance national interests in collaboration with domestic and international partners.” Elevated to a unified combatant command in May 2018, USCYBERCOM is commanded by a four-star general, who is also the director of the National Security Agency and chief of the Central Security Service. The commander manages day-to-day global cyberspace operations and leads defense and protection of DODIN. Each of the military services provides support to USCYBERCOM.
Specifically, today’s Cyber Command consists of four service components — Air Force, Army, Navy, and Marine Corps — that are all trained to a common standard but equipped with different sets of hardware and software.The goal is to give the different armed services and intelligence agencies — a common, compatible set of tools so they can act in cyberspace as a coordinated military unit.
Cyber Mission Force
DOD began to build a Cyber Mission Force (CMF) in 2012 to carry out DOD’s cyber missions. The CMF consists of 133 teams that are organized to meet DOD’s three cyber missions. Specifically, Cyber Mission Force teams support these mission sets though their respective assignments:
- Cyber National Mission Teams defend the nation by seeing adversary activity, blocking attacks, and maneuvering in cyberspace to defeat them.
- Cyber Combat Mission Teams conduct military cyber operations in support of combatant commands.
- Cyber Protection Teams defend the DOD information networks, protect priority missions, and prepare cyber forces for combat.
- Cyber Support Teams provide analytic and planning support to National Mission and Combat Mission teams.
CMF teams reached full operational capacity at over 6,200 individuals in May 2018. Organizationally, the Cyber Mission Force is an entity of the United States Cyber Command.
Offensive Cyberspace Operations (OCO)
US had first time revealed that it has employed Offensive Cyberspace Operations (OCO) against ISIS. It said it has devised a new strategy to defeat ISIS, and also started cyber warfare campaign against ISIS. US was first in world to have publically declare that it is carrying cyber war against ISIS that involves dropping “cyber bombs”-the term coined by Ash carter- to disrupt its communications and other infrastructure. The cyber warfare campaign was carried out by military’s seven-year-old U.S. Cyber Command through full range of cyber warfare methods.
“We are dropping cyber bombs. We have never done that before,” Deputy Secretary of Defence Robert Work said. The US cyber-attacks, which Carter said complemented familiar methods of signal jamming over radio frequencies, seek to instill a loss of confidence in the security and efficacy of internal Isis communications.
Offensive Cyberspace Operations (OCO) capability development
The USAF Offensive Cyberspace Operations (OCO) program rapidly develops operations-ready cyberspace superiority capabilities from laboratory, industry, and academia via studies, rapid prototyping, technology demonstrations, and other Research, Development, Testing and Evaluation (RDT&E) efforts.
Planned areas of development, prototyping, and technology demonstration will be used to provide warfighters access, platforms, and tools. This includes infrastructure such as mission planning, intelligence, and Command and Control/Situational Awareness (C2SA) and tools needed to attack enemy networks, telephony, Integrated Air Defense Systems (IADS), electronic warfare operations and Command and Control systems.
These advancements will be used to develop and deliver cutting-edge technologies to the warfighter. This capability area leverages cyber technology investments by the Defense Advanced Research Projects Agency (DARPA), the National Security Agency (NSA), Air Force Research Labs (AFRL), and DOD national laboratories, and other sources. Cybersecurity for the Air Force is no longer mostly restricted to IT but now also focuses on large platforms and networked weapons systems, said Peter Kim, the Air Force’s Chief Information Security Officer.
Cyber Command and Control Mission System
Raytheon will build the Air Force’s newest Cyber Command and Control Mission System (C3MS) operating location — at San Antonio’s Lackland Air Force Base — after winning an $8.5 million contract this week. Lackland is home to the 24th Air Force, the organization tasked with operating and defending the Air Force’s networks. It’s currently commanded by Maj. Gen. Christopher Weggem
The C3MS system is designed, by the military’s description, to extend the U.S. Air Force’s “global reach, power and vigilance” into the cyber domain by providing permanent operational support to combatant commanders around the world. In addition to securing Air Force networks and information processing systems, C3MS includes offensive cyberspace operations, expansive real-world and cyber domain surveillance capabilities and close coordination with other key cyber domain commands including the United States Cyber Command.
Using its ‘agile-earned value’ approach and model-based systems engineering, the company will help troops to quickly respond to emerging requirements and facilitate shorter development times.
Joint cyber operations platform: Unified Platform
The DoD’s Cyber Strategy, released in 2015, listed under its first strategic goal building the unified platform and developing detailed requirements for integrating disparate cyber platforms along with building an interoperable network of cyber capabilities. “This Unified Platform will enable the CMF to conduct full-spectrum cyberspace operations in support of national requirements,” the strategy says.
Unified Platform is a cyber weapons system designed to support all defensive and offensive cyber operations, as well as cyber intelligence, surveillance and reconnaissance for the US Cyber Command’s Cyber Mission Force. The USAF, which is the acquisition authority of the programme, aims to provide advanced technology to the operational community at the speed of mission need.
In particular, Unified Platform will let the newly independent Cyber Command to conduct military operations in cyberspace without depending on National Security Agency infrastructure, as it has done since its creation, and without interfering with NSA’s intelligence collection.
The Unified Platform involves activities that involve prototyping, testing, and integrating cyber capabilities to craft effective cyber weapons. It will help deliver working hardware and software to enable cyber forces to conduct real-world operations. The Unified Platform project will create a prototype of a service-oriented architecture that connects users on a military network to enable access to different applications written to a common standard to enable rapid software and hardware development and upgrades. It also will prototype software applications for cyber warriors to use, evaluate, and improve. The Unified Platform will enable U.S. cyber warriors and their applications to be interoperable and interconnected; secure, operate, and defend the U.S. Department of Defense (DOD) Information Network (DODIN); provide cyber information in real time; and attain freedom of action in cyberspace while denying same to adversaries.
It’s a unifying platform in a lot of ways because it brings to bear a lot of data and it helps commanders…make decisions,” Edwin Wilson , veteran cyber warrior — a retired Air Force two-star turned principal assistant secretary for cyber policy told reporters. Unified Platform will pull together information from disparate systems into a single, standardized view of the virtual battlefield that shows their commanders not only the threats, but also the status of their own disparate forces — “the readiness and the capabilities that we have both on deck for offensive or for defensive operations,” he said — and command-and-control mechanisms to employ those capabilities.
Lt. Gen. Edward Cardon, the former commander of Army Cyber Command, told Congress in 2015 the unified platform is essentially ” a network of computers, servers, data storage, and analytic capabilities leveraged to maneuver in and out of red space (adversary assets), and an access capability to enter the desired red space … provide[ing] a suite of capabilities to actively defend our network and to project power in and through cyberspace if called upon to do so.” Cardon also noted that despite the joint nature of cyberspace, the vision for such a platform is that the services’ “capabilities can be integrated into a common framework for Joint [command and control] and execution.”
Officials of the Air Force Life Cycle Management Center at Joint Base San Antonio, Texas, announced a $54.6 million three-year contract in Oct 2018, to the Northrop Grumman Technology Services segment in Herndon, Va., for the Unified Platform Systems Coordinator project. This contract to Northrop Grumman is part of a potential $217 million five-year U.S. military cyber warfare effort. The goal of Unified Platform is to develop a common tool set to enable U.S. cyber warriors to act as a coordinated military unit in offensive and defensive cyber warfare operations.
Northrop Grumman has received a contract from the US Air Force (USAF) to provide Cyber Enterprise Services (CES) on US Cyber Command’s Unified Platform cyber weapons system. Under the CES contract, Northrop Grumman is required to identify, develop and implement cyber capabilities on Unified Platform. The contract work will enable the efficiency and effectiveness of cyber missions.
Cyber Mission Platform
The platforms capability area includes Cyber Mission Platform (CMP) and provides the hardware/software host for offensive cyber operations, i.e., architecture that enables mission planning, generation, syncronization, de-confliction, execution, and assessment by integrating Offensive Cyber Production Line (OCPL) developed capabilities into a common framework.
This capability area also facilitates key upgrades and modifications to the Network Attack System (NAS). The CMP effort will
standardize current and future cyberspace operations capabilities by designing and delivering a common user interface and
reusable, modular components.
The Air Force Life Cycle Management Center’s (AFLCMC) Cryptologic and Cyber Systems Division has contracted Northrop Grumman to continue the development and deployment of the US Air Force’s Cyber Mission Platform (CMP). CMP is a comprehensive cyberspace operations system that provides the hardware/software host for offensive cyber operations. As part of a $37m three-year task order, the $9.4m contract has a one-year base period of performance.
Northrop Grumman Mission Systems cyber and intelligence mission solutions division vice-president and general manager Linnie Haynesworth said: “We are honoured to support the airforce in fielding this critical warfighting platform. “CMP enables rapid integration of cyberspace capabilities, enhancing how warfighters can respond to the dynamic and evolving mission environment. “Our agile approach will greatly increase the airforce’s ability to ensure a strong deterrent force in the face of an ever-changing cyber threat.”
Air Force Launches Second Cyber Weapons Platform In Bid To Bolster Pentagon’s Defensive Capabilities.
The U.S. Air Force is pressing ahead with its cyberweapons platforms, having announced in recent days the launch of its Cyberspace Vulnerability Assessment/Hunter system, which the service says is now fully operational. Making the system fully operational means that CVA/H “is fully capable to serve as the premier enclave defense platform for prioritized traffic in the Air Force Information Network (AFIN). The CVA/H weapon system enables execution of vulnerability assessments, adversary threat detection and compliance evaluations” the service said in a press release.
“This achievement underscores our commitment to the US Cyber Command Cyber Protection Team mission and to the defense of prioritized cyberspace terrain in the Air Force portion of the Department of Defense Information Network (DODIN). CVA/H defends the Air Force’s ability to fly, fight and win in air, space and cyberspace,” said Brigadier General Stephen Whiting, AFSPC Director of Integrated Air, Space, Cyberspace and ISR Operations, who signed the Full Operational Capability [FOC] declaration.
The Air Force said that the CVA/H weapon system consists of four primary components: the Mobile Interceptor Platform, the Deployable Interceptor Platform, the Garrison Interceptor Platform, and the Information Operations Platform-Fly Away Kit.
US Airforce demonstrates integrated EW and Cyber Capabilities
In 2014, the 90th Information Operations Squadron at JBSA-Lackland delivered effects from a cyberspace capability through an airborne platform. “We are always looking to innovate and to find how we can better engage in future fights,” said Lt. Col. David Stone, 90th IOS commander. “Ultimately, it provides a chance to replace kinetic munitions with cyber payloads. We are finding ways that cyber capabilities can hit targets that are operationally relevant to combatant commanders.”
During the demonstration, cyberspace operators at JBSA-Lackland employed a cyber payload from their cyber platform through an airborne Compass Call flying from Davis-Monthan. Electronic warfare and cyberspace operators on the aircraft ensured that payload struck its target on the range in California.
Carter noted that the new cyber capabilities go beyond jamming used in traditional electronic warfare, Fierce Government IT reported. The overarching goal is to disrupt the Islamic State, sometimes with the goal of pushing the terrorist group to other forms of communication that are more easily monitored.