USAF Cyber Command (catch all)

[William F. Owen]

Quote:

Originally Posted by BobKing

William - I understand your objection. That was a direct quote from the source article referenced. That subject of "[adjective] Warfare" and "[adjective] War" is central to ongoing discussions here at Small Wars Journal and our own CAC blogs at Fort Leavenworth.

...and I have been part of that discussion for the last 18 months. My views are pretty well known. War is war. It does not change. If no one dies, or no one is killing, it simply isn't warfare. Technologies and societies evolve, but war stays fundamentally unchanged.

Attacking a military network is an EW skills sub-set. My guess is the same for a civilian one. This is fairly well trodden since 1999.

Quote:

This is where I vehemently disagree with you. First, they would not be in "your army" - they would be in some new organization, something completely unlike anything that currently exists.

Why? They would be EW operators. They would be part of an existing force, and they would have to conform to military discipline, and standards of behaviour.

Quote:

Second, I know many people that are healthy - perhaps even "fit" - but that would never succeed in our current military due to their natural body composition. I utterly reject the "they have to look like me" mentality embraced by promotion and selection boards.

I am not looking to exclude skilled folks on the grounds of body type, but having trained recruits I can tell you that there are few fit folk who cannot get fitter. I am far more concerned about the mental attitude, which produces someone who wants to "fight," virtually or not, but lacks the discipline to get in shape to sustain his mental acuity. Doing 27 hours shifts at a desk, in an OPS room requires you to be physically fit.

Quote:

I'm not suggesting changing the mold. I'm suggesting creating an entirely new one, with a new purpose and with a broader net.

Again, why? It's already being done by Military EW and NSA/GCHQ/CANAUSUS, for the all the "civilian" entities. Why do we want yet another entity that brings nothing new to the party?

[BobKing]

LTC Conti (Ph.D. Computer Science, U.S. Military Academy) provided the link to his new article (January 2009) after I emailed him regarding this blog post.

For anyone interested in this subject, his Is it Time for a Cyberwarfare Branch of Military? is in the "must read" category.

Army, Navy, Air Force, and Cyber—Is it Time for a Cyberwarfare Branch of Military?
LTC Gregory Conti and COL John “Buck” Surdu
IAnewsletter Vol 12 No 1 Spring 2009

Excerpts:

"The cultures of today’s military services are fundamentally incompatible with the culture required to conduct cyberwarfare."

"To understand the culture clash evident in today’s existing militaries, it is useful to examine what these services hold dear—skills such as marksmanship, physical strength, and the ability to jump out of airplanes and lead combat units under enemy fire. Accolades are heaped upon those who excel in these areas. Unfortunately, these skills are irrelevant in cyberwarfare."

"Ultimately, the role of fighting and winning in cyberspace is a military mission, which demands a military organization—one that can recruit, train, and retain highly qualified cyberwarfare combatants."

[Ken White]

Quote:

Originally Posted by BobKing

"Ultimately, the role of fighting and winning in cyberspace is a military mission, which demands a military organization—one that can recruit, train, and retain highly qualified cyberwarfare combatants."

In fact, I'm pretty sure it's wrong on several levels.

I also submit that if we elect that route, it will adversely affect both the Armed Forces and our ability to rapidly react to and block or defeat cyber threats or, conversely, to pose a cyber threat to others.

Have you talked to and observed your DCSIM folks lately...

[selil]

You are going to have a hard sell to a HIC military basically a LIC problem when you add an entire new terrain. I can give you a 100 kinetic effects via cyber delivery using primarily the principles of small wars. They will be ignored. The HIC world will simply not accept the parasitic losses on their c2 structures. I value the commentary of Col. Gentile highly as his arguments against COIN are the foil of cyber too.

[BobKing]

Quote:

Originally Posted by Ken White

Have you talked to and observed your DCSIM folks lately...

Ken - By DCSIM, I presume you are referring to Fort Leavenworth's DOIM?

Quote:

I also submit that if we elect that route, it will adversely affect both the Armed Forces and our ability to rapidly react to and block or defeat cyber threats or, conversely, to pose a cyber threat to others.

Why? I don't understand. All of the functions currently performed would still be accomplished, but with "slices" or support teams from the core cyber service.

[Ken White]

Quote:

Originally Posted by BobKing

Ken - By DCSIM, I presume you are referring to Fort Leavenworth's DOIM?

Those folks have a different drummer. That's not an insult, just a simple statement of fact. Ponder that for a second and hold the thought.

Quote:

Why? I don't understand. All of the functions currently performed would still be accomplished, but with "slices" or support teams from the core cyber service.

I Have watched the armed forces add a number of ancillary functions over a good many years. Most of those functions, if they have a political element have been detrimental to the services. Each of those functions that entailed an erosion of focus by the services invariably ended up adversely affecting competence at core missions.

Thus I think that the loose attitude required for cyber efforts would adversely affect those military folks who came in contact with it -- innovation and initiative are desired traits in Soldiers and such but an excess is not going to fly (It really should but it won't). Selil's comment above is also appropriate.

The flip side of that is the far worse fact that the services would constrain the cyber hunters who need a license to prowl and no time constraints.

An old Cav Colonel was heard to say about reconnaissance "we don't have the patience to snoop; so we just go out looking for trouble..." I don't agree with him; patience can be taught -- the problem is not that the units don't have the patience, it is that some Commanders and a great many staff persons don't have the patience to wait for a good job and rush things. That wouldn't work in the cyber space battles...

I believe the services should be able to protect their own cyber resources and should be able to attack potential and actual opponents military cyber efforts. Any attacks on the civilian political or infrastructure and thus economic cyber activities of an actual opponent should be by a civilian organ under tight political control. Doing cyber battle comes under the heading of the old 'Be careful what you wish for; you may get it' rubric.

[Surferbeetle]

Quote:

Originally Posted by Ken White

I believe the services should be able to protect their own cyber resources and should be able to attack potential and actual opponents military cyber efforts. Any attacks on the civilian political or infrastructure and thus economic cyber activities of an actual opponent should be by a civilian organ under tight political control. Doing cyber battle comes under the heading of the old 'Be careful what you wish for; you may get it' rubric.

How does one successfully compartmentalize and contain these things? Mutation/innovation rates are very high and last weeks fence may not be good enough for this week. Here's a biology example from Wired

Quote:

At the time, hypothesize scientists, the pinnacle of life was the RNA replicon: a chunk of ribonucleic acid that didn't copy itself by making proteins, as DNA does, but instead pulled them from the primordial ooze.

Whether hammerhead viroids are descended from replicons isn't known. But in a study published Thursday in Science, University of Valencia plant biologists led by Rafael Sanjuan say the viroids at least resemble that long-lost link in the evolutionary chian.

Their traits could explain how RNA learned to make proteins — the next critical step towards self-assembling DNA and the complex life that flowed from it. And no other hammerhead viroid trait is more remarkable than its mutation rate.

"It's extremely high," said Irene Chen, a Harvard University systems biologist who studies the evolution of molecules. Chen was not involved in the study . "It's right at the Eigen error threshold" — the mutation rate at which replication becomes intrinsically self-destructive because every copy is so error-ridden.

[Ken White]

As for 'containing' the armed forces by restricting them to military targets, that's easy in principle and difficult in practice. The solution is to define the principle and stick to it with full acknowledgment that there will be occasions when the civilian agency will want the service effort directed to an economic or infrastructure target that the services have morphed into access and there will be occasions when the services need the civilian agency to do something specific to a military target. That's called cooperation so it seems to me that cooperation can contain compartmentalization and compartmentalization will entail cooperation to effect containment of the other folks efforts. Or something like that.

The issue is that just as attacking the opponents population centers with iron bombs by an Air Force is no longer acceptable, cyber disruption of the civil side of things with the massive potential for physical civilian harm by a military force should not be acceptable.

Hybrid warfare will, regrettably, make likely that lack of acceptability a moot point and it may become a necessity even if undesirable but just as Britain's WW II SOE LINK used a mix of civilian and military assets to do a mix of civil and military tasks under firm civilian control, so the US Cyber Operations Executive should be under firm civilian control. That means non-DoD. Lest the bureaucracy stifle it...

[William F. Owen]

Quote:

Originally Posted by BobKing

"The cultures of today’s military services are fundamentally incompatible with the culture required to conduct cyberwarfare."

History would say otherwise, especially when it comes to the history of EV commencing in 1904, with the Japanese.

Quote:

"To understand the culture clash evident in today’s existing militaries, it is useful to examine what these services hold dear—skills such as marksmanship, physical strength, and the ability to jump out of airplanes and lead combat units under enemy fire. Accolades are heaped upon those who excel in these areas. Unfortunately, these skills are irrelevant in cyberwarfare."

Actually not true. How does military intelligence function then? How does the EW world function? The military has tons of skills relevant to so called "cyber."

Quote:

"Ultimately, the role of fighting and winning in cyberspace is a military mission, which demands a military organization—one that can recruit, train, and retain highly qualified cyberwarfare combatants."

No one in cyber warfare is a combatant. They are an operator. I agree it's a military mission, with military organisation (and discipline and dress standards), but the organisations to do this already exist.

If there is any evidence to the contrary, I'm all ears!

[Entropy]

I agree with Wilf on all this, except that I think EW will eventually become a subdiscipline of so-called "cyber" operations and not the other way around.

What is the compelling reason/need for a new military service? I don't see one. I could see an argument for, perhaps, a new agency and, in fact, that's a debate that's taking place now. But a military service? Doesn't make any sense to me.

[Steve Blair]

Quote:

Originally Posted by Van

This being said, space is an operational environment waiting for its Billy Mitchell. And this bears considerable thought. Had that insubordinate, and arrogant fighter jock not made his case, the air force probably would have split off eight to ten years later and along TAC/SAC lines (with transport being divided similarly) rather than taking all armed fixed wing and almost all transport.

Mitchell was actually a bomber guy if memory serves...

I agree with Entropy and Van on this...cyber doesn't need a new "service," it needs someone to focus an existing agency (and NSA is a good fit) on the situation and develop it properly. NSA is already a hybrid of sorts, with lots of military folks working with civilians, so no need to reinvent a wheel. I don't happen to think cyber command is a good fit for the AF. They have enough issues in their core competencies without adding a new one.

[Ron Humphrey]

Quote:

Originally Posted by Steve Blair

Mitchell was actually a bomber guy if memory serves...

I agree with Entropy and Van on this...cyber doesn't need a new "service," it needs someone to focus an existing agency (and NSA is a good fit) on the situation and develop it properly. NSA is already a hybrid of sorts, with lots of military folks working with civilians, so no need to reinvent a wheel. I don't happen to think cyber command is a good fit for the AF. They have enough issues in their core competencies without adding a new one.

especially this


[QUOTE](and NSA is a good fit) on the situation and develop it properly. NSA is already a hybrid of sorts[/QUOTE]

[selil]

In my opinion with a civilian head of the NSA (I know generals get posted there), and another directorate the NSA with appropriate scoped civilian (non-contractor), military, corporate, and law enforcement support might be able to stand up in this arena. I personally believe in inherent governmental activities and don't support contractors/mercenaries as war fighters regardless of the history. I worry that the NSA signal gathering intelligence activity would be decimated by taking on an offensive role unless those two missions had procedural barriers between them.

Though Mr. Owen blithely enacts his own sig quote by tossing cyber out the window it is regardless of his opinion a multi-faceted, cross-domain, deeply entrenched part of the modern world, capable of real world kinetic effects. I imagine that the analogy of our current position in cyber is some dark ages king sitting tidy in his besieged castle watching the building of all those new trebuchets wondering what all the hullabaloo is about. The evidence is all around you of the possibilities you just have to understand the context of that evidence.

Many fine scholars of cyber have failed to understand the nature of warfare in cyber space. I had it pointed out to me today that most don't understand the technology under-pinnings well enough to grasp the principles. Sort of like the marksman who can't clean his own rifle, or perhaps worse. I don't really have a dog in this fight though. The longer the military doesn't understand the more relevant my dissertation when completed.

[William F. Owen]

Quote:

Originally Posted by selil

Though Mr. Owen blithely enacts his own sig quote by tossing cyber out the window it is regardless of his opinion a multi-faceted, cross-domain, deeply entrenched part of the modern world, capable of real world kinetic effects.

Not quite sure what your implied gripe here is. I (Mr Owen) recognise "cyber" as important, in the same way I recognise EW as important. - and EW has a proven track record.

Now considering that networks are either transmitted in the electromagnetic spectrum or via physical links, then they use identical methods to those which the 100-year-old field of EW is well versed.

If you are talking about passive radar air defence networks being run off WIMAX linked Lap top computers, there is an obvious and real operational connection, which the EW community, with which I talk recognise, and are cognoscente of. So no big leap there.

Logically "Cyber" - silly word, - is merely an evolution of EW, in the same way that SIGINT evolved from COMINT, in the 1940s. Radar didn't change the EW game that much. It just gave them more to play with and I see "Cyber" as no different.

[Van]

Playing the Devil's advocate here, wouldn't it make more sense to suck up "Cyber", EW, the NSA, DISA, and the rest of the DoD Comm infrastructure into a Communication Command, after the model of Joint TRANSCOM? At the end of the day cyber, voice, video, crypto, EW, etc are all about ones and zeros moving over RF (or legacy analog stuff readily interpreted by computers). They are part of our infrastructure, they are a target of the enemy's infrastructure, and similar and closely related skill sets are needed to maintain, protect, and attack them.

The downside of any centralization like this is that the users usually get screwed. You end up with engineers and (worse) managers of engineers "deciding" what users "really" need (what they decide users really need is what the engineer likes, even if it takes an engineering degree to use, or you get what gets the manager promoted whether or not it works). You get illusory economies by reducing support to the users. And the big organization s-l-o-w-s d-o-w-n as layers are added and fiefdoms develop.

Just what DoD needs. Another four star command.

Quote:

Originally Posted by Steve Blair
Mitchell was actually a bomber guy if memory serves...

I was hasty, the characterization of Mitchell as a fighter jock comes from two sources; his book "Winged Defense", where Mitchell goes on at length about the roles of interceptors and the need for fighters; and the way fighter jocks idolize the insubordinate son-of-a-biscuit.

[Entropy]

Van,

For an example of that, just look at the NRO. It started off great, but now it's a bureaucratic behemoth with all the downsides.

[BobKing]

Quote:

Originally Posted by Van

Playing the Devil's advocate here, wouldn't it make more sense to suck up Cyber, EW, the NSA, DISA, and the rest of the DoD Comm infrastructure into a Communication Command, after the model of Joint TRANSCOM?

Van, calling your devil's advocate position and raising you another: Why not?

Given all of the problems we've had over the years with communications between the services, perhaps it would also be beneficial to have a single set of communications personnel.

But you do raise a valid question. Looking for redundancies and suggesting mergers can be a slippery slope.

My suggestion is not that this is the right thing to do, merely that it should be analyzed. That analysis would answer questions like:

How many people in each service are performing space & cyberspace functions?

What are the redundant functions across the services and could they be consolidated or merged?

Consider the various commands, organizations and agencies listed below. I'm sure this is not an all inclusive list. All of this was found open source, with the search conducted from a non dot-mil domain. Feel free to add any that I missed. (Thanks in advance; I'll list you in the credits if I ever do a dissertation on this subject.)

Does anyone else see a lot of overlap?

Air Force Space Command

Deliver space and missile capabilities to America and its warfighting commands.

Taking the above mission statement literally, why would any other service need space commands?

Army Space and Missile Defense Command (SMDC)

SMDC/ARSTRAT conducts space and missile defense operations and provides planning, integration, control and coordination of Army forces and capabilities in support of US Strategic Command missions; serves as the Army specified proponent for space, high altitude, and ground-based midcourse defense; serves as the Army operational integrator for global missile defense; and conducts mission-related research and development in support of Army Title 10 responsibilities.

Navy Space and Naval Warfare Systems Command (SPAWAR)

Deliver FORCEnet by inventing, acquiring, developing, delivering and supporting integrated and interoperable C4ISR, Business IT and Space Capabilities in the interest of national defense.

Naval Network Warfare Command (NETWARCOM)

Deliver integrated cyber mission capabilities in Information Operations, Intelligence, Network Operations and Space that enable warfighters across the full range of military operations. Provide highly trained forces, interoperable and well maintained equipment, and clear processes and governance.

Naval Network Warfare Command (NETWARCOM) - Space

Commander, Naval Network Warfare Command (COMNAVNETWARCOM) has multiple duties as the Naval operational agent for Space: the Navy Functional Component for Space to US Strategic Command (USSTRATCOM); the Navy Space Type Commander (TYCOM) responsible for manning, training and equipping the fleet for space; the Navy Space Cadre Functional Authority responsible for developing, training, and tracking a cadre of Navy personnel with an expertise in space systems; and the Naval Space Campaign lead for US Fleet Forces Command (USFFC). NETWARCOM also supports a Space Watch Cell which maintains and disseminates space situational awareness and produces a space effects package for fleet users.

Naval Network Warfare Command (NETWARCOM) - Information Operations

NETWARCOM is responsible and accountable for coordination and direction on all matters for Information Operations (IO) and Signals Intelligence (SIGINT) to include Electronic Warfare (EW), Psychological Operations (PSYOP), Military Deception (MILDEC), Operations Security (OPSEC), and Computer Network Operations (CNO).

Naval Network Warfare Command (NETWARCOM) - Networks

NETWARCOM provides operational and technical direction of the Navy's Network Operations in support of Joint Forces and Service mission requirements, assesses Fleet Command and Control, Communications, Computers, Combat Systems and Intelligence, (C4I) readiness and system availability and direct follow-on action to resolve capability shortfalls. NETWARCOM coordinates with internal and external sources for delivery of C4I products and reachback services that support globally deployed Naval forces.

Navy Cyber Defense Operations Command (subordinate to NETWARCOM)

To coordinate, monitor, and oversee the defense of Navy computer networks and systems, including telecommunications and to be responsible for accomplishing Computer Network Defense (CND) missions as assigned by Commander, Naval Network Warfare Command and Commander, Joint Task Force - Global Network Operations (JTF-GNO).

U.S. Army Signal Center

The United States Army Signal Center of Excellence provides world class Soldiers and Leaders; trains, educates, and develops adaptive IT professionals; and plans, synchronizes, experiments, and implements Future Network capabilities.

Army 1st Information Operations Command (Land)

1st Information Operations Command (Land) deploys information operations support teams in order to provide IO planning support and vulnerability assessments in support of military forces and provides an IO reach-back capability to operational and tactical IO staffs as directed.

Army Network Warfare Battalion (July 2008)

This battalion formalizes and centralizes the Army's mission to provide rapid, increasing support to forces worldwide and will lead the Army in providing a larger and more robust network warfare capability.
REF: Army activates network warfare unit

Army Communications-Electronics Research, Development and Engineering Center

To develop and integrate Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR) technologies that enable information dominance and decisive lethality for the networked Warfighter.

Marine Corps Information Operation Center (MCIOC)

Set to stand-up in 2009 on Marine Corps Base Quantico, the MCIOC mission will be to provide the MAGTF a full spectrum and readily accessible Marine Corps IO resources. [...] The MCIOC will support the MAGTF staff by providing tactically focused, deployable, IO support teams who will assist in IO tactics development as well as formulating requirements including research and development priorities
REF: Corps to establish the Marine Corps Information Operation Center

Almost forgot the Coast Guard. They have the Coast Guard Telecommunications and Information Systems Command.

Defense Information Systems Agency

The Defense Information Systems Agency is a combat support agency responsible for planning, engineering, acquiring, fielding, and supporting global net-centric solutions to serve the needs of the President, Vice President, the Secretary of Defense, and other DoD Components, under all conditions of peace and war.

Global Cyberspace Integration Center (Air Force)

The Global Cyberspace Integration Center teams with major commands, joint and coalition partners, national agencies, industry and academia to develop, integrate and standardize air, space, and cyberspace components. The GCIC manages Command & Control and cyber innovation, experimentation, and transition efforts including Joint Expeditionary Force Experiment. The GCIC plans, programs, and guides enterprise-level capability-based planning, requirements, architectures, and integration of Air Force warfighting networks, combat support and C2 systems

National Security Agency

The NSA/CSS core missions are to protect U.S. national security systems and to produce foreign signals intelligence information.

The Information Assurance mission confronts the formidable challenge of preventing foreign adversaries from gaining access to sensitive or classified national security information. The Signals Intelligence mission collects, processes, and disseminates intelligence information from foreign signals for intelligence and counterintelligence purposes and to support military operations. This Agency also enables Network Warfare operations to defeat terrorists and their organizations at home and abroad, consistent with U.S. laws and the protection of privacy and civil liberties.

The above list does not include other service specific related areas, such as educational institutions.

Just one example:
Air Force Institute of Technology, Center for Cyberspace Research

Develop Air Force and DoD leaders in cyber operations expert in the use of doctrine, techniques, and technologies that ensure dominance and superiority in cyberspace

Given the items above, could it just be in the realm of the possible that we have too much overlap in this area across all of the services?

[wm]

Quote:

Originally Posted by BobKing

My suggestion is not that this is the right thing to do, merely that it should be analyzed. That analysis would answer questions like:

How many people in each service are performing space & cyberspace functions?

What are the redundant functions across the services and could they be consolidated or merged?

Consider the various commands, organizations and agencies listed below. I'm sure this is not an all inclusive list. All of this was found open source, with the search conducted from a non dot-mil domain. Feel free to add any that I missed. (Thanks in advance; I'll list you in the credits if I ever do a dissertation on this subject.)
(SNIP)
Given the items above, could it just be in the realm of the possible that we have too much overlap in this area across all of the services?

I hate to say it, but if you want to get rid of many of these organizations then you also need to get rid of the multi-service approach the US takes to defense. As long as one has more than one uniformed service, and as long as one has more than one civilian agency overseeing various aspects of what might be defense/homeland security. then one will have a proliferation of intervening command and control elements for each of those entities when they get rolled up under a "combined" leadership. When one works in matrix organizations, one still has parent organizations that are responsible for dealing with all the other stuff/functions that the matrix organization has no time, interest or capability to consider and oversee.

BTW, the provided list was really a bad oversimplification (and deceiving in that the NAVNETWAR entries are really just sub-elements of the bigger command I believe), and out of date to boot.
For what it's worth, we could develop a similar list for just about any function performed across the defense spectrum--from designing, acquiring and operating indirect fire systems to water transportation to chem-bio defense to building construction. C2 (Command and Control) systems or ISR systems happen to be my two personal favorites though.

[BobKing]

Quote:

Originally Posted by wm

BTW, the provided list was really a bad oversimplification (and deceiving in that the NAVNETWAR entries are really just sub-elements of the bigger command I believe), and out of date to boot.

Deceiving? I included the (NETWARCOM) moniker after each so that it was clear they were part of that larger organization. Originally I was not going to list them separately, but decided to as it better showed the overlapping mission statements.

As far as being out of date, with the exception of the two items referenced from new stories (links provided), all of the information came from publicly accessible official websites. Could you be more specific about which ones were out of date?

[BobKing]

A recent SAMS monograph was brought to my attention this morning.

In National Department of Space (22 May 2008) (PDF, 767 KB), Lt Col Kristine M. Shaffer (USAF) looks specifically at the consolidation of space functions into a core department. In her paper she recommends:

If the nation is serious about space, it should consider making a “drastic” change or transformation of the current space program. The current status quo program with multiple organizations with multiple missions without a single focus and a single “belly button” is hindering and strangling America’s space direction, domination and development. The organizations will merely look on space as an auxiliary and not as a principal business.

Shaffer's monograph includes an extensive bibliography of books, published articles, internet sources and other monographs on this same subject.

Source:

National Department of Space
Lt Col Kristine M. Shaffer (USAF)
Command and General Staff College (CGSC), School of Advanced Military Studies (SAMS) Monograph