Wargamers are beginning to study options for how to cope with a catastrophic loss of cyberspace capabilities. Mark this as the ultimate sign of the extent to which cyber power has become critical to US military operations.
The military for some time now has carried out what it calls “day without space” wargames, testing how to get by without space support. The examination of operations without cyberspace will attempt to pinpoint vulnerabilities and suggest new courses of action. This is intended to strengthen USAF’s cyber tactics and capabilities.
“I think that a day without cyber brings you back to about World War I days,” said Lt. Gen. William T. Lord, Air Force chief of warfighting information.
The biggest threat would be a downgraded ability to communicate. That would not be the only problem, though. Taken to the extreme, the loss of the cyber domain means a real change to the American way of war. Without cyber, synergies achieved through information flow evaporate. The US would “need a larger force,” one “more independently operated,” suggested Lord.
An absence of cyberspace dominance would throw airmen back to forms of communication abandoned long ago. Airmen today prefer to communicate through secure Internet-based chat rooms, and yet they still train to use radios. The Air Force stopped teaching Morse code about 10 years ago, noted Lord, but one of the few things that would function after an electromagnetic pulse attack would be HF radio. The Air Force has gotten rid of most of that capability, but not all of it.
More likely are scenarios where major disruptions occur. For example, undersea fiber-optic lines carry significant amounts of information. When a cable is cut by accident, airmen overseas lose cyber capabilities.
“Those cables get [snagged] by commercial vessels’ anchors in the Mediterranean, and that can have combat effects if you are pumping information back to the AOR on that fiber-optic cable,” said Lord.
The year 2010 marked a milestone for cyberspace operations. In January, 24th Air Force, USAF’s cyberspace combat unit, reached initial operational capability. Now, 24th Air Force can step in and use its growing global situation awareness to help reroute traffic when there are disruptions. Diversifying the network helps make sure US forces can continue a mission.
The stand-up of 24th Air Force put in place an entity to watch the Air Force’s global network picture and to provide situation awareness to end users around the world.
Air and space operations centers already have cyber cells and personnel monitoring the networks they rely on. Twenty-fourth Air Force is gradually extending the mission to provide better global cyber situational awareness.
Two years ago, every Air Force major command ran its own network, and these “had not been developed in a homogenous manner,” said Lord, who also serves as USAF’s chief information officer. “Now, the rest of the Air Force is taking operational direction on the network” from the commander of 24th Air Force.
A big operational debate concerns Niprnet (for “Nonsecure Internet Protocol Router Network”) and Siprnet (for “Secret Internet Protocol Router Network”). The issue is what, exactly, should be placed in the easily accessible Niprnet, and what should move to the security of the Siprnet.
“Siprnet is an almost closed activity,” said Lord. “It’s hard to get in there unless you are inside the network to start with.” He added, “That’s not true with the soft, chewy outside of the Niprnet.”
The Niprnet, of course, reflects more of the philosophy of the World Wide Web. For airmen, their Niprnet connections host collaborative tools, voice over Internet protocol, video, and other applications used all the time, which has made the Niprnet a potent tactical resource. “More and more, we’re having trouble separating ourselves from Niprnet because we put a lot of mission data on it,” said Lord.
“Because there are so many connections to the Niprnet, it’s the principal target today,” he said.
Network slowdowns and breaches have created concerns. “We find a lot of our mission data is now migrating off Niprnet onto the Siprnet because of the protection,” said Lord.
Cyberspace operations will have to bridge the tension between ease of use on Niprnet and the greater protection of the Siprnet. While Lord hopes to see a balance preserved, his preference is clear. “There’s still too much on the Niprnet.” He would “rather see us move more mission data to Siprnet than put money in expanding the size of Niprnet.”
Twenty-fourth Air Force is slated to become the Air Force component of US Cyber Command, a subunified, four-star command that will report to US Strategic Command and will be collocated with the National Security Agency at Ft. Meade, Md.
The big question for military cyberspace is when CYBERCOM will officially stand up. Secretary of Defense Robert M. Gates announced plans for the new command in June 2009. He later nominated Army Lt. Gen. Keith B. Alexander for promotion to take over the command. Late summer 2009 saw a flurry of activity in preparation for an autumn stand-up, but that was delayed.
Deputy Secretary of Defense William J. Lynn III confirmed in January 2010 that CYBERCOM would still go forward to merge leadership of NSA and Cyber Command “into one dual-hatted position.”
According to Lynn, CYBERCOM will:
When activated, CYBERCOM will have three service components, including 24th Air Force, the Navy’s new US Fleet Cyber Command-10th Fleet, and the Army’s Network Enterprise Technology Command.
With the organizational reshuffling complete, attention is shifting to how to enhance and mature capabilities for cyber operations. “We’re relatively mature in the terrestrial, and pretty mature in the space network,” said Lord. “But I think where we have the most work to do is in the airborne networks.”
For airmen, the ability to form a cyberspace net among airborne platforms offers some of the highest payoffs—and the biggest challenges in evolving USAF cyber operations.
TSgt. Alejandro Castillo (l) and A1C Chris Tamblyn, both with the 25th Air Support Operation Squadron, undergo field training to become joint terminal attack controllers. JTACs rely on cyberspace for connectivity and accurate data
“For us to do our core role of control of the air, we need the ability to operate in cyberspace,” said Col. David T. Fahrenkrug, a cyber expert and F-15 pilot who runs the Chief of Staff’s Strategic Studies Group at the Pentagon. It’s a given that Air Force operators will experience some degree of cyberspace intrusion.
“Any network I now have is going to get attacked or denied,” said Fahrenkrug.
A rule of thumb is the more users and information drawn into the net, the more potential for enemies to work their way in. Most vulnerable are networks that can’t be locked down. Officials maintain that classified networks such as Siprnet and JWICS (the Joint Worldwide Intelligence Communications System) are rarely if ever breached from the outside because they are guarded under strong encryption keys.
The question is how and when intrusions will impact tactical operations like those on the airborne network. Enemy activity could take many forms. Brute force jamming is one. Injecting false information by capitalizing on digital radio frequency memory techniques is another.
“Maybe you don’t have to go after a high-end platform; you just have to go after the connectivity of the high-end platform to negate its value,” said Lord. In his view, “this focus on cyber in the Air Force has always been about paying more attention” to vulnerabilities like those the airborne networks could experience.
Senior Air Force leaders meeting with Navy and Marine Corps counterparts to discuss air-sea battle concepts have found themselves focusing on network protection. Yet all agree that defense alone is not enough.
“A fortress mentality will not work in cyber,” said Lynn. “Cyberwar is much more like maneuver warfare,” he added, where “new technologies [will] help us find and neutralize intrusions.”
Fortunately, airmen can draw on long experience in coping with a denied battlespace environment. Green Flag exercises enhanced electronic jamming and force aircrews to find ways to get the job done anyway. “As an air-to-air guy, I had to go into an environment where my radio was jammed, my radar was jammed, and I still have to operate with my wingman to go find the target,” said Fahrenkrug. “That’s an early example of going in a denied cyberspace environment,” he added. Just as airmen developed tactics for dealing with denial of sensors and communications, they are now learning ways to fight through disruptions in the cyberspace domain.
Lord explained that the key criterion is mission execution.
“We’re ensuring mission success in this case by making sure there’s a network available that has as few enemies inside it as possible,” he said. “We know that people will be after those networks in two ways. One is to preclude the use of them,” Lord said.
In that instance, Lord said, “a lot of high-speed automatic rerouting has to occur,” as aircraft move across different parts of the network.
The second form of attack is manipulating data. In this case, connections continue, but data are no longer authentic due to enemy action. As Lord described it, intruders changing data “is quite frankly, more frightening to me, because you make incorrect decisions based on information that has been changed.” Maneuvering among frequencies and duplicating sets of information may help ensure authenticity.
The airborne network consists of platforms from tankers to Predators that share common data links. Crews use them to route information. Of course, aircraft have had communications links in the form of various radios for decades, and more recently, data links such as Link 16 have provided secure, automated data exchange.
What’s different with expanding cyberspace operations is that far more users access the airborne network and, increasingly, talk through IP-routed addresses—and do they talk. Chat has become the coin of the realm for executing airborne operations. It’s normal practice for an airman in a command center to split his or her screen to follow several chat rooms at once. Each chat room is dedicated, for example, to a single asset such as a Reaper or other ISR platform as it flies its mission. Ground and naval forces mix in, too.
A key airborne example of cyberspace at the extreme tactical level comes from the E-8 Joint Surveillance Target Attack Radar System. Airmen monitor radios, but much has shifted to chat, which links them to joint terminal attack controllers on the ground, other aircraft, and the air and space operations center. Links to intelligence processing facilities back in the United States give airmen access to “high side” intelligence resources, too.
SrA. Jared Johns, a Joint STARS crew member with the 116th Air Control Wing at Robins AFB, Ga., said, “If you miss a radio call, you have to say, ‘Can you say that again?’ ” With chat, the information is written down, so a glance back at the screen solves the problem. “It’s all logged with time stamps, so everyone knows when that was posted,” he concluded.
Lord confirmed that chat is “an essential combat leverage.” The widebody air control platforms such as Joint STARS, tankers, and bombers boast a tremendous advantage because the big aircraft have the space, power, and crew to be major network nodes.
Challenges increase at what Lord termed the “outer edges” of the network: aircraft like fighters or Reaper, which are constrained by power and by antenna size. The same restrictions apply to handheld devices for the dismounted soldier and JTACs.
“What we try to do is not pump huge amounts of data but cache things,” so that data can be processed at terrestrial centers.
There’s art to the process, too. Coding and compression techniques help minimize the amount of data which must transit the network. “You don’t update everything; you just update the piece of the picture that changed. You don’t send the entire picture again,” Lord explained.
The Leading-Edge Challenge
Design of the edge devices in airborne platforms matters, too. “We want them to be smaller, have less power, we want them to have smaller antennae,” said Lord, and “you want them to radiate less [radio frequency] energy, etc.” These procedures reduce the electronic footprint and make for a smaller target for enemies to find, jam, or manipulate.
Protection can also be built in. Link 16, the secure communications link, utilizes small terminals installed in everything from fighters to Navy ships.
Protecting the functionality of those links is part of the leading-edge challenge for Air Force cyber operations. Internet protocol-enabling allows access to the network. “As we IP-enable weapons and aircraft,” all of a sudden they are IPs that are flying together and connecting at high speed and then departing,” said Lord. The question then becomes, “How do you offload data? How do you make a network that’s traveling at 1,000, 2,000, or in some cases, 6,000 miles an hour?” asked Lord.
The heightened visibility of the airborne network has bumped up the importance of cyberspace operations across the Air Force. According to Lord, recognizing the cyberspace network as a critical utility represents a culture shift for the Air Force. “We have for a long time, in my personal opinion, just assumed that connectivity was ubiquitous and it would always be there,” he observed.
In fact, the links may be more vulnerable to intrusion and interference than the platforms.
Of course, not all airborne platforms are equal in their data links or capacity. Airborne gateways are essential to speed and connectivity. An example in operation now is the BACN, or Battlefield Airborne Communications Node, which relies on a handful of high-altitude aircraft such as Bombardier business jet aircraft and RQ-4 Global Hawks to set up an IP-based gateway compatible with longer ranges and multiple users.
Future communications and data links will use more advanced techniques to carry the data on different waveforms with better tactical and cyber properties. Users want more capacity from the future airborne cyberspace networks; they also need secure connections and verifiable authenticity of data.
And the advanced techniques may appear on a suite of legacy and next generation platforms. “What type of platform do you put that network into? Is it an airship type or does it have to be a supersonic, stealth-type platform?” asked Fahrenkrug. The answers are still to be determined.
Operational demands are changing the career paths for cyber warriors, too. Plans call for the first undergraduate cyber operations course at Keesler AFB, Miss., to enroll officers in mid-2010. The course will expand from a basic five-week overview to a full 29 weeks.
Students will be drawn from communications, intelligence, space, and some engineering disciplines.
Graduates will flow into one of two specialty tracks: cyber operations and cyber support. The support activities are to “establish, operate, and maintain” the cyber domain. “Defend, exploit, and attack” fill out the other track.
Officers will move back and forth during their career progression, said Lt. Gen. William T. Lord, chief of warfighting information. An assignment in one helps to inform an assignment in the other area.
“Based on a footprint of about 3,000 officers, we think about 150 of them will fall into the initial bailiwick of exploit and attack,” with the preponderance in support skills.
That handful of cyber operators will have heavy responsibility for assuring cross-domain dominance—and for enabling airpower to operate at full potential.
Daily Report: Read the day's top news on the US Air Force, airpower, and national security issues.
Daily Report: Read the day's top news on the US Air Force, airpower, and national security issues.
Daily Report: Read the days top news on the US Air Force, airpower, and national security issues.
Tweets by @AirForceMag