Army Cyber Command/2nd ARMY
Second to None!
Fires & Targeting in Cyberspace LTC Jason M. Bender Chief of Fires 16 August 2012
“Transforming Cyberspace While at War… Can’t Afford Not To!” Overall Classification of this Brief: UNCLASSIFIED/APPROVED FOR PUBLIC RELEASE
“Second to None!”
Army Cyber Command/2nd ARMY
Cyberspace Domain
CYBERSPACE: A global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers (JP 1-02). Characteristics: • Manmade domain…ever changing • Physical, functional, cognitive, logical/virtual and social • Programming code and protocols define rules of the domain • Environment and TTPs evolve at speed of code • Constant presence – Phase 0 on-going • Unlimited, instantaneous (operational) reach
Success in this domain means being smarter, more creative, faster, and stealthier than your opponent “Second to None!”
Army Cyber Command/2nd ARMY
ARCYBER Mission
MISSION: ARCYBER/2nd Army plans, coordinates, integrates, synchronizes, directs, and conducts network operations and defense of all Army networks; when directed, conducts cyberspace operations in support of full spectrum operations to ensure U.S./Allied freedom of action in cyberspace, and to deny the same to our adversaries. • Serve as Cyber Proponent • Conduct Information Operations
Cyberspace Opns – The employment of cyber capabilities where the primary purpose is to achieve objectives in and through cyberspace.
Build + Operate + Defend + Exploit + Attack “Second to None!”
Army Cyber Command/2nd ARMY
Layers of Cyberspace
-TRADOC 525-7-8 “Second to None!”
Army Cyber Command/2nd ARMY
Operating Environment
• Despite being a man-made domain, Cyberspace Domain is operational and interdependent w/ traditional war fighting domains (air, land, sea, space).
• Can not treat cyberspace as distinct (unique) – it is part of the operating environment and needs to be accounted for during IPB/JIPOE. • Many times emerging threats in cyberspace are undetected – either not looking for them or don’t know what to look for.
• Operational variables (PMESII-PT) and mission variables all affected by cyberspace or vice-versa. • Requires early consideration of cyberspace by planners in terms of friendly and adversary avenues of approach as well as operational approaches in conjunction with land operations.
Part of the Operating Environment – Special but Not Unique “Second to None!”
Army Cyber Command/2nd ARMY
2007: Syria – Israel • September 2007 – Israeli Air Force attacks suspected nuclear facility under construction in Syria. • First large-scale example of convergence of cyber and electromagnetic means – believed that Israelis used EW to deliver a cyber attack capability to the Syrian radar which executed the code on receipt. • Prior to attack, Syrian IADS along ingress/egress routes paralyzed, allowing IAF planes to fly undetected by radar into Syria and attack the site unimpeded. • Overall result was disruption of Syrian IADS by cyber attack that enabled kinetic strike of nuclear site. “Second to None!”
2008: Georgia – Russia
Army Cyber Command/2nd ARMY •
August 2008 – Russian troops cross into South Ossetia w/ stated intent to defend their “Russian compatriots”.
•
Combined Arms assault was led (enabled) by a multi-faceted cyber attack against Georgian gov’t and military infrastructure and defacement of web sites
•
Distributed denial of service (DDoS) attacks combined with EW jamming disrupted and denied comms simultaneous to an integrated propaganda (MISO and MILDEC) campaign
•
Overall result can be considered a hybrid combined arms operation (air, land, cyber). “Second to None!”
Army Cyber Command/2nd ARMY
Cyber Support C2 Model COMBAT SUPPORT AGENCIES
DIA, NSA, NGA, etc.
COCOM / JTF JOC JFE
GLOBAL
JCC
THEATER NETOPS CTR
STRATCOM
DISA
CSE CYBERCOM ExCSE JOC
C/JFLCC
ExCSE
C/JFACC
ExCSE
C/JFMCC
ExCSE
C/JFSOC
ExCSE
ARCYBER
MARFOR CYBER
FLTCYBER
AFCYBER
XXX
CEM XX
SVC NOSC
CEM
SERVICES
X
CEM
CSE provides functional & technical expertise while providing reachback to USCYBERCOM and Service Cyber Components. ExCSE supports contingencies.
COCOM DIRECT SUPPORT OPCON CYBER EFFECTS REQUEST COORDINATION SUPPORTING
“Second to None!”
Army Cyber Command/2nd ARMY
JCC and CSE Tasks
COCOM/JTF Joint Cyber Center (JCC) • Serve as the CCDR’s staff component for cyber planning & oversight • Coordinate and synchronize cyberspace ops with other operations
• Communicate CCMD requirements to USCYBERCOM • Leverage theater cyberspace forces and CSE to obtain cyberspace effects • Provide Common Operational Picture • Plan network mission assurance and critical cyberspace infrastructure protection • With CCMD J2/JIOC, conduct cyber threat analysis Cyber Support Element (CSE) and Expeditionary CSE (during contingency) • Provide expertise, reachback, communicate requirements, keep CCMD informed • Conduct OCO, DCO, and DGO ISO maneuver unit objectives
Provide Cyber Support for Cyber Operations to Commanders “Second to None!”
Army Cyber Command/2nd ARMY
CYBER-ELECTROMAGNETIC ELEMENT RECOMMENDATION(S) 1 x O-6 Electronic Warfare Officer (EWO) 1 x O-5 EWO 1 x O-4 EWO 1 x CW-4 EW Warrant Officer (WO) 1 x E-9 EW NCO 2 x E-5/6/7 Current Operations 1 x O-4 Signal Officer 1 x O-4 Military Intelligence (MI) Officer
XXX
XX
1 x O-5 EWO 1 x CW-4 EWO 1 x E-8 EW NCO 2 x E-5/6/7 Current Operations 1 x O-4 Signal Officer 1 x O-4 MI Officer
Integrating Cells Current Operations
Future Operations
Operational Integration, Electronic Warfare (29 Series)
Mission Command
X
Plans
Fires
1 x O-3/4 EWO 1/2 x CW-2/3 EW WO 1 x E-7/8 EW NCO 1 x E-5/6 Current Operations 1 x O-3 Signal Officer 1 x O-3 MI Officer
II 1/2 x E-5/6/7 EW NCO
Maneuver
Cyber Warfare, Intelligence (35 Series)
Cyber NetOps (25 Series)
Intelligence
Doctrinal Composition of EW Element (EW Proponent) Discussion between EW/Cyber Proponents & MI/SIG CoEs Observed Current Operations Need Sustainment
Protection
“Second to None!”
Army Cyber Command/2nd ARMY
Cyber Planning Considerations (1 of 3)
• Cyberspace reaches across geographic and geopolitical boundaries, and is tightly integrated into the operation of critical infrastructures and the conduct of commerce, governance, and national security. • Cyberspace operations are interdependent with the physical domains (i.e., air, land, maritime, and space) electromagnetic spectrum, and should be integrated with other military operations. • Cyber fires can be used as a force multiplier or an enabler across the spectrum of operations. • Cyber fires must be included as early in the planning process as possible, including predeployment training and preparations.
“Second to None!”
Army Cyber Command/2nd ARMY
Cyber Planning Considerations (2 of 3)
Constants • Linked to Commander’s desired end-state and objectives — integrate cyber fires with Joint Fires Process • Target system analysis is essential (objectives-based vs. access-based) • Maximum flexibility and agility to keep up with the dynamic environment Considerations • Target system analysis / OPE dependent on assets and authorities • Target characterization and access — Open vs. Closed Networks • Rapid Capability Development — weaponeered before target list nomination • Deliberate vs. Dynamic targeting capability • Modeling, simulation, and BDA required Capabilities and effects are nearly instantaneous…. Cyber planning is resource and time intensive “Second to None!”
Army Cyber Command/2nd ARMY
Cyber Planning Considerations
• Effects can be described in terms of deceive, degrade, deny, destroy, and disrupt. • Determining a specific desired effect is the most important element in requesting cyber fires on a nominated target. • Planners and end users should focus on effects, not the offensive cyberspace operations means to create these effects.
• Effects should support one or more objectives and do not suggest ways or means.
(3 of 3) • DECEIVE. Mislead the enemy by manipulation, distortion, or falsification of evidence to induce the enemy to react in a manner prejudicial to the enemy's interests. • DEGRADE. Temporarily reduce the effectiveness or efficiency of adversary command and control systems and information collection efforts or means. • DENY. Hinder or prevent the enemy from using terrain, [cyber-]space, personnel, supplies, or facilities. • DESTROY. To damage a [computer] system so badly that it cannot perform any function or be restored to a usable condition without being entirely rebuilt. • DISRUPT. Break and/or interrupt the flow of information between specified or selected entities in cyberspace.
“Second to None!”
Army Cyber Command/2nd ARMY
Target Characteristics
• Targets in cyberspace still have physical, functional and cognitive characteristics (FM 3-60 / JP 3-60) • Have to also consider the logical characteristics – websites, virtual networks, etc. • Logical characteristics are similar to grid coordinates – IP and URL addresses, etc. – unique to the target and tie content or function to the physical domains (e.g., servers, routers)
• Also need to consider the social characteristics – corresponds w/ cyberpersonas and links closely to target’s cognitive characteristics • Important to distinguish between state and non-state targets – different target systems, different perspectives Complete and holistic understanding of a target… have to avoid target development that overlooks any one characteristic “Second to None!”
Target Systems
Army Cyber Command/2nd ARMY Nation-State Target Systems (14) Command, Control, Communications, Computer, Intelligence
Air Forces and Aircrafts
Space Forces
Petroleum Industry
Weapons of Mass Destruction
Integrated Air Defense Forces
Ballistic Missile Forces
Industry
Counterterrorism
2 categories of target systems: Nation-State and Non-State
Ground Forces and Facilities
Non-State Target Systems (9) Leadership
Safe Havens
Finances
Communication
Movement
Intelligence
Weapons
Personnel
Ideology
Naval Forces and Ports
Electric Power
Transportation and Lines of Communications
Counterdrug
- JP 3-60, Appdx H
- JP 3-26, Chapter V
Target significance may be due to its own characteristics – real importance lies in relationship to other targets within an operational system.
“Second to None!”
Army Cyber Command/2nd ARMY
Cyber Effects Request Format (CERF)
• Contained in the new JFIRES MTTP (FM 309.32) Appendix L to be published in FY12. • JFIRES Appendix L designed as guide for tactical and operational-level planners. • Requests are tied to CDR’s OBJs.
FINAL COORD. DRAFT
• Supports Deliberate TGTs, increasing ability to support Dynamic TGTs. • Tactical/operational requests forwarded thru Fires channels to JTF or component Expeditionary Cyber Support Element (ExCSE).
TO BE PUBLISHED FY12
• Expectation management – undeveloped TGTs may need long lead time to develop access and pair with capability. • Available on ALSA’s SIPRNET website.
WILL BE CLASSIFIED
“Second to None!”
Army Cyber Command/2nd ARMY
Leader Development
• Challenges of cyber at operational and tactical echelons a function of organizational (unit) vs. institutional (Army and branches) understanding. Lack of general-purpose cyber training at officer and NCO PME vs. specific MOS-related training w/in SC/MI branches. Cyber/Electromagnetic Activities (CEMA) as staff task under Mission Command warfighting function (WFF) in new ADRP 6-0 • Unit training managers often unaware of cyber-related PME or that nonMI/non-SC personnel (e.g., G5/G35 planners, targeters, etc.) can attend PME normally considered only for ‘cyber-related’ MOSs. Basic Computer Network Operations Planners Course (BCNOPC) Cyber 200/300 (USAF) Joint Advanced Cyber Warfare Course (JACWC) Joint Cyberspace Operations Planners Course MTT • Knowledge of processes/procedures not well-disseminated. • Lack of codified doctrine – still being developed. “Second to None!”
Army Cyber Command/2nd ARMY
Summary
• Embrace cyberspace as an operational domain • Planning for cyber fires follows same doctrinal fires & targeting processes • Effects linked to Commander’s Objectives & Endstate • Target System Analysis is critical to accurate cyber fires • Target Characteristics – physical, functional, cognitive, logical,
and social • Leader Development, Training, & Education (LDT&E) • People are the centerpiece, not technology
Bringing Cyber Fires to the Fight – Prevent, Shape, Win “Second to None!”
Army Cyber Command/2nd ARMY
Questions
“Transforming Cyberspace While at War… Can’t Afford Not To!” “Second to None!”
