In 2018 U.S. Cyber Command was elevated from a subordinate element of U.S. Strategic Command to a full unified combatant command for cyberspace operations.[1] Additionally, the Cyber Mission Forces presented by the services to execute Cyber Command’s mission reached full operational capability.[2] These developments will have serious implications on the way the services’ cyber components, including Fleet Cyber Command, plan and posture for cyberspace operations in 2019. While theses milestones are significant, they alone are insufficient for bringing cyber operations capabilities to the tactical level of warfare.

Most conventional military operators don’t fully understand what cyber entails, and cyber-warfare professionals have not effectively communicated the capabilities they provide. At a basic level, when cyber capabilities are discussed, it is often in terms of tools. However, just as mothballed aircraft carriers without pilots and aircraft are not aviation capabilities, cyber tools are not warfighting capabilities without the people, processes, technology, and training behind them. Moreover, the potential separation of Cyber Command from National Security Agency (NSA) resources offers an opportunity for cyber warfare professionals to divorce themselves from the secret squirrel mindset carried over from the military cyberspace community’s roots in the NSA’s foreign intelligence collection apparatus.[3] By stepping out of the shadows and discussing the hard truths about what can and cannot be achieved in cyberspace, cyber-warfare personnel improve their ability to support tactical operations and improve the force’s ability to respond to threats and opportunities in cyberspace.

What Makes a Cyber Warfighter?

In order to bridge the gap between conventional military and cyber personnel, it must first be recognized that those in the cyber community do not all possess the same specialized skills. Every Marine is a rifleman. Every aviator has a pilot’s license. Every corpsman can check vitals. But not every cyber warfighter can write software or “hack” a system. The difficulty in determining what makes a cyber warfighter reflects the challenge in defining what cyberspace is. Fleet Cyber Command’s mission includes operational authority for networks, cryptologic/signals intelligence, information operations, cyber, electronic warfare, and space capabilities in support of forces afloat and ashore.[4] In order to achieve this, the Fleet Cyber Command enterprise includes cryptologic warfare officers, information professionals, cyber warfare engineers, information system technicians, intelligence specialists, all flavors of cryptologic technicians, not to mention the administrative, logistics, management, and financial personnel required to keep the lights on. All of these personnel are vital to meet the requirements of cyberspace operations, and tactical leaders should understand best practices for employing them. IT personnel are great for setting up networks that have well defined specifications, but few have the expertise to design secure end-to-end architecture. Cryptologic network technicians are well equipped to conduct analysis of network traffic and activity, but not all should be expected to have the in-depth programming knowledge acquired through a four-year degree program.

Cyber Processes

In addition to the “sexy” aspects of cyber like analyzing cyber threats, deconstructing malware, building tool and technique options, and conducting network defense operations, cyberspace operations activities include a large number of specialized but seemingly mundane processes like purchasing government information systems, writing information assurance policy and directives, configuring routers and firewalls, operating and auditing system usage, and updating business software. The process for using the whole of these activities for cyber warfighting can and should be in line with military doctrine familiar to traditional warfighting communities. Instead of looking at how to sprinkle individual cyber components into tactical operations, cyberspace operations should be viewed similarly to the capabilities provided by a Marine Air Ground Task Force—a scalable, self-sustaining, multi-functional force that lives and trains together in order to accomplish specific missions in support of combatant commander requirements.[5]

Cyber Command’s Cyber Combat Mission Force (CCMF) has attempted to take this combined-arms approach through integration of on-net operators with intelligence specialists and operations planners in Cyber Mission and Cyber Support Teams.[6] Gun crews from the Age of Sail offer a model for how to build an agile cyberspace operations team. Just as cannons required gun captains to synchronize the actions of powder handlers, spongemen, loaders, and rammers to be successful, cyberspace capabilities require integrated and routinely drilled actions from all skillsets inherent in cyber professionals. Reviewing the physical laydown of CCMF teams to ensure operations planners, leaders, and both offensive and defensive operators are able to live and train with armament developers, IT infrastructure handlers, and network analysts could yield capabilities more responsive to the constantly evolving tactical battlefield.[7] These multi-functional cyber teams may then leverage their full capability to support information-operations shaping, adversary command-and-control disruption or system degradation, own-force protection and monitoring, and contingency-communications pathway establishment as tactical conditions dictate.

Employing these cyber-warfare processes requires a recognition that using even basic cyberspace capabilities need a deep understanding of the underlying technology. Conventional military technology is designed to be used by the greenest recruit fresh out of A-school. While being able to shoot effectively and accurately requires some amount of training and practice, it does not take more than a few minutes to explain how a trigger works on an M4 rifle. Even more advanced naval weaponry like Tomahawks and Standard Missile-3s don’t require advanced degrees to understand. Additionally, these conventional weapons are target agnostic. With a proper firing solution, they will either impact a target or force the target to take action. This traditional paradigm doesn’t apply to cyberspace.

Outside the Traditional Paradigm

As opposed to a traditional defense acquisition requirement that may define the what, when, and how for the development of a target-agnostic missile that explodes on contact, requirements for cyberspace options must emphasize the who, what, and why. The number of possible hardware, software, and network configurations available globally makes development of target-agnostic options for controlling conflict escalation and shaping the environment across all phases and at all levels of military operations practically impossible, particularly when constrained by rigid when and how requirements.[8] Instead of seeing cyberspace options like Tomahawks that may be launched at any target, cyberspace options may more accurately be seen as custom-built cannons that can only target specific ships. Following each use, they will have to be reloaded with powder and iron shot, if not thrown overboard and replaced entirely. The capability isn’t resident in a tool or technique, but in the knowledge of cyber professionals and the processes they employ to deliver a solution.

As any student of Clausewitz knows, “War is an act of violence to compel our opponent to fulfill our will.”[9] While the military is turning toward cyberspace as a warfighting domain with concerns about threats to critical infrastructure, cyber warfighters must understand that cyberspace operations alone do not possess the capacity for violence necessary to be the ultimate arbiter of war. Therefore, it is necessary for cyber warfighters to collaborate with conventional elements to evaluate and determine what capabilities should be provided to support the close fight.

There are numerous options at varying sophistication levels for conducting cyberspace operations across all levels of military operations. Instead of treating all cyberspace options like weapons of mass destruction, simple techniques like denial-of-service attacks and website defacement for information- operations purposes should be included in military doctrine and planning courses. For cyber capabilities to be an effective deterrent, our adversaries must be aware that the U.S. military is able and prepared to kick in doors and break things in cyberspace. Lessons from recent history should form a basis for applicable training on the options available for cyberspace capabilities that support tactical operations. For example, Russia’s hybrid warfare concept, from its ability to inhibit adversary communications and external media access during the invasion of Georgia in 2008, and the alleged hacking and information operations campaign during the 2016 U.S. presidential election, offers a good primer for all tactical-level leaders as it integrates cyberspace and tactical operations.[10]

Learning through Experimentation

Naval aviation existed for nearly 40 years before the aircraft carrier replaced the battleship as the backbone of the fleet. Many hard lessons were learned through experimentation, accidents, and conflict before the full capability of the aviation community’s manpower, tactics, equipment, and training were realized and formalized in fleet doctrine, leading to victory in World War II. Inter- and intra-service rivalries and misunderstandings impeded conventional naval leaders from accepting that the emergence of airpower heralded a shift in warfighting paradigms. Even Billy Mitchell’s proof-of-concept sinking of surface ships from aerial bombardment during Project B was written off as an unrealistic way to fight naval battles in 1921—21 years before the aerial Battle of Coral Sea in which opposing surface fleets never sighted or fired upon one another. [11] Cyber-mission teams won’t replace carrier strike groups any time soon, but continued honest engagement with stakeholders from across the Navy is necessary to ensure realistic expectations are levied and satisfied for cyber-warfare capabilities. The Navy’s Cyber Forces have a lot of work ahead to mature their personnel, processes, and technologies, but these efforts must be coordinated with, informed by, and ultimately bought into by the other naval warfighting communities. Unlike other conventional naval warfighting capabilities, current Department of Defense policy places the authorities for offensive cyberspace operations at the combatant command level—Cyber Command in support of geographic combatant commanders—or higher.[12] Therefore, it behooves conventional personnel and cyber warfighters to continuously seek out opportunities to engage each other on cyber and tactical operations concepts, including proper avenues for requesting cyberspace capabilities in support of operations. Lessons from the evolution of naval aviation and the rise of Facebook provide simple guidance for how to bring cyber capabilities to the tactical warfighter: communicate, collaborate, experiment, move fast, and break things. [13]

Lieutenant Commander Will Parker is a cryptologic warfare officer currently serving as the Technical Director for Cyberspace Capabilities at Joint Force Headquarters (Cyber), U.S. Fleet Cyber Command. He holds a bachelor’s and master’s in computer science and has completed tours in Afghanistan, the Arabian Gulf, and the Western Pacific.

^[1] U.S. House of Representatives, Armed Services Committee, National Defense Authorization Act for Fiscal Year 2017, H.R. 4909, 114th Congress (2015–2016).

[2] “Cyber Mission Force Achieves Full Operations Capability,” U.S. Cyber Command Press Release, 17 May 2018, https://dod.defense.gov/News/Article/Article/1524747/cyber-mission-force-achieves-full-operational-capability.

[3] Brandon Knapp, “Pentagon Official: Cyber Command and NSA may split infrastructure,” Fifth Domain, 1 November 2018, https://www.fifthdomain.com/smr/cybercon/2018/11/01/pentagon-official-cyber-command-and-nsa-to-split-infrastructure/.

^[4] U.S. Navy, U.S. Fleet Cyber Command Mission Statement, http://www.public.navy.mil/fcc-c10f/Pages/usfleetcybermission.aspx.

[5] U.S. Marine Corps Concepts & Programs, http://www.candp.marines.mil/Organization/MAGTF/Types-of-MAGTFs.

[6] Mark Pomerleau, “CYBERCOM evaluating cyber mission force,” Fifth Domain, 14 December 2016, https://www.fifthdomain.com/home/2016/12/14/cybercom-evaluating-cyber-mission-force/.

[7] Scott Maucione, “Cyber Mission Forces try to manipulate cyber terrain with new policy,” Federal News Radio (Online), 1 June 2017, https://federalnewsradio.com/defense-news/2017/06/cyber-mission-forces-try-to-manipulate-cyber-terrain-with-new-policy/.

[8] The Department of Defense, DOD Cyber Strategy, April 2015, http://archive.defense.gov/home/features/2015/0415_cyber-strategy/final_2015_dod_cyber_strategy_for_web.pdf.

^[9] Carl von Clausewitz, On War, Project Gutenberg – Free Ebooks, 25 February 2006.

^[10] John Markoff, “Before the Gunfire, Cyberattacks,” The New York Times, 12 August 2008; and Michael Riley and Jordan Robertson, “Russian Cyber Hacks on U.S. Electoral System Far Wider Than Previously Known,” Bloomberg, 13 June 2017, https://www.bloomberg.com/news/articles/2017-06-13/russian-breach-of-39-states-threatens-future-u-s-elections.

[11] Kyle Mizokami, “The Crazy Experiment That Proved the Battleship Was Obsolete (And the U.S. Navy Didn’t Listen),” The National Interest, 22 February 2017, http://nationalinterest.org/blog/the-buzz/the-crazy-experiment-proved-the-battleship-was-obsolete-the-19531; and Jason Meyer, “Battle of the Coral Sea: Laying the Foundation for Pacific Dominance,” All Hands Magazine, 5 May 2017, http://www.navy.mil/ah_online/deptStory.asp?issue=3&dep=8&id=100291.

[12] U.S. Cyber Command History, https://www.cybercom.mil/About/History/.

[13] David Kushner, “Facebook Philosophy: Move Fast and Break Things,” 1 June 2011, http://spectrum.ieee.org/at-work/innovation/facebook-philosophy-move-fast-and-break-things.