Cyber steps up its role on the battlefield

Infantrymen stand by ready to assist during Afghan

 Cpl. Mark Rood, a cyber network operator with Headquarters and Service Company, 1st Battalion, 7th Marines, maintains network connectivity during a mission in Afghanistan in June. Marine officials are elevating the profile of cyber specialists in tactical operations. (Cpl. Joseph Scanlan/Marine Corps)

By James K. Sanborn
Staff writer

MARINE CORPS BASE QUANTICO, VA. — A platoon of Marines are on a pre-dawn Osprey raid to snatch a high-value target. But, as the crew chief leans out of the side hatch, he sees blazing lights in the town ahead. They will be illuminated for small-arms fire as they approach their landing zone.

Suddenly, with the stroke of a key, the town goes dark. A cyber warfare specialist in the combat operations center has hacked into the town’s power grid disabling it long enough for the unit to get in, grab their target, and get out under the cover of darkness. It’s a scenario that could play out on the battlefield of the near future.

“The Marine Corps wants to create cyber effects locally, rather than having to call Fort Meade to turn off a piece of a city’s lights,” said Trey Herr, a research fellow at The George Washington University’s cyber Security and Policy Research Institute. He’s referring, of course, to the military post in Maryland that houses U.S. Cyber Command and the National Security Agency. “In electronic warfare, you don’t have to call home to put a [EA-6B] Growler in the sky.”

Currently, to employ a cyber attack, a tactical unit would have to run things up to the highest levels, Herr said. CYBERCOM, would decide whether to support and could send something back to the unit.

But, a recently published document for commanders gives cyber Marines an increased profile in the critical planning stages of Marine Air Ground Task Force operations and with that could give them more latitude to prosecute operations locally. For ground pounders in harm’s way, that means an umbrella of security that keeps their comms safe and creates chaos among the enemy.

Tactical cyber operations

The “MAGTF Cyberspace and Electronic Warfare Coordination Cell Concept,” announced in Marine Administrative Message 362/14, puts cyberspace advisers on par with those who advise commanding officers on air- and ground-combat elements during tactical operations. Cyber is a domain as much as land, sea, air and space, say officials responsible for developing new cyber requirements and doctrine.

Precise details of how the service does and will employ cyber in tactical operations remains to be seen. But, as the Corps becomes ever more reliant on active networks for real-time intelligence, surveillance and reconnaissance, much of those efforts will focus on keeping those networks safe and secure. The MARADMIN, in effect, opens the door to making cyber an organic arm of future operations much like air or artillery support.

As Lt. Gen. Richard P. Mills, then the deputy commandant for Combat Development and Integration, said somewhat prophetically at a conference two years ago: “That MAGTF commander at the front end of the spear will have organic, offensive [cyber] capabilities. They will be augmented by fires from [Marine Corps Cyber Command] and from U.S. Cyber Command and, perhaps ultimately, from NSA.”

Cyber officials, intelligence Marines and cyber warfare experts hesitate to reveal current offensive capabilities due to operational security, preferring instead to focus their talk in defensive terms, on making networks more “resilient.” Certainly network resiliency is as important as effects on target, especially as the Corps extracts itself from Afghanistan and as emerging state and non-state actors demonstrate an expert grasp of the cyber domain. So the Marine Corps is taking significant strides to push cyber Marines further down the organizational structure and further forward on the battlefield where they can actively support tactical operations.

The Marines in that Osprey raid will likely have computer tablets hooked up to the plane’s in-flight Wi-Fi, which in turn will provide them with real-time video feeds from F-35s or drones holding high above the target. While the technology enriches Marines, it is also rife with opportunities for opposing forces to hack into any number of things, from the F-35s’ software to the info contained on the commanding lieutenant’s tablet. The increases the need for cyber Marines — guardian angels of the digital world.

Educating commanders

For commanders to exploit cyber capabilities on the battlefield, they must first comprehend them.

“If we are truly going to focus on cyber, we must start organizing tactical-level folks so they understand the cyber threat,” said Col. Gregory T. Breazile, the director of the Command and Control/cyber & Electronic Warfare Integration Division at Combat Development and Integration Command here.

Like most people, the majority of commanders are laymen when it comes to cyber capabilities. An officer from the infantry community, for example, who has never flown an aircraft still has a solid comprehension of how air supports an assault.When it comes to cyber, CD&I officials want to boost Marines’ understanding to something like that of close-air support.

“It is changing the culture, so that [cyber] is part of the equation going in — not an afterthought,” Breazile said.

Reorganizing operations staffs so that cyber specialists are readily available subject matter experts — able to chime in or be called on throughout the planning process — will help leverage cyber capabilities, whether to protect networks and communications, or attack the enemy’s.

“You want someone with a good understanding of your cyber capabilities set so they are integrated into the same plan as support for fires like artillery,” Herr said. “You want cyber effects as part of your overall force projection operations.”

At the strategic level, cyber warfare focuses on protecting national security by first recognizing and then blocking attacks on U.S. networks, preventing espionage and the theft of sensitive information and conversely sabotaging and penetrating enemy networks. But, much as a commander can call for an artillery strike, cyber can play an immediate and tangible role on the modern battlefield.

Cyber operators can paralyze enemy communications, cut cell networks, corrupt computer systems with malicious code, or even shape the battlefield by attacking networked infrastructure, Herr said.

A second important goal of the Marine Corps’ new MAGTF Cyberspace and Electronic Warfare Coordination Cell Concept document is to encourage closer cooperation between the cyber and electronic warfare communities during tactical operations. That is important because they are, in a way, a continuum of the same mission, said Breazile.

“Cyberspace and electronic warfare are dependent on the electromagnetic spectrum,” he said. “We should call it the electromagnetic domain instead of the cyber domain.”

From a tactical standpoint, bringing the two communities closer together will allow for greater effect on target, Herr said. Networks are hardwired. The electromagnetic spectrum — EW’s specialty — is wireless. On the battlefield, cyber attacks on enemy systems will often have to be delivered wirelessly. So, cyber Marines can design the attack, but EW Marines can help deliver it, Herr said.

For that to work, commanders who have relied on the EW community for years, must understand and give equal credence to the cyber community.

Offense vs. defense

The vast majority of a cyber Marine’s role in tactical operations will likely be preserving friendly networks used to send classified materials and communicate, while attempting to disrupt the enemies’. Offensive operations are still reserved for the most capable operators, under the most necessary circumstances.

Shutting down a city’s power grid isn’t an absurd idea, but one risk in deploying a cyber attack is that the enemy takes steps to protect against it in the future, said Martin C. Libicki, a senior management scientist at the RAND Corp. and professor in cyber warfare at the U.S. Naval Academy.

Once attackers make themselves known, the ones playing defense develop a software patch. So it’s kind of like a missile that can only be fired once, or like engineering new blueprints for a bomb every time you drop one.

Commanders in charge of such assets will want to be highly selective about when and where they employ an exploit for real-world effect, he said. Plus, an exploited network potentially provides continued intelligence, as long as the targets haven’t yet figured out they’ve been hacked. The sensitive and delicate nature of cyber operations are reasons why authority for offensive cyber operations remain at high-level organizations like CYBERCOM, even if it’s a group of special operator’s on the ground a world away who need assistance.

It does however make sense to give combatant commanders, even Marine Expeditionary Unit commanders and commanders of MAGTFs of any size, a full education on the threats facing the Corps, as well as the techniques and capabilities at its disposal.

“There seems to be a tendency now, however, to get it down to at least the combatant-commander level because you will have better integration,” Libicki said.

But he said it so far is unrealistic and impractical below that level — at the company, platoon or squad, for example. Not so for defensive cyber operations.

“Defense is inherently local because it is a subset of system administration. It is about who is connected to you, what patch update you have, trouble tickets on your network, things that need to be fixed, and problems on the local network that indicate a cyber attack,” Libicki said.

Additionally, it isn’t all together clear how effective a cyber attack would be on enemy at the tactical rather than strategic level. Many of our current foes are not as reliant on computers to pursue operations.

“Their weapons have very few sensors and are for the most part not digital — unless someone is working on a way to network AK-47s,” he said.

Educating the force

But despite uncertainties about the future role of cyber operations on the battlefield, the idea for the new concept of operations outlined in the MAGTF Cyberspace and Electronic Warfare Coordination Cell Concept came directly from commanders in the fleet. Whether cyber specialists are working in a defensive capacity, or advising commanders how higher organizations can support them, the new concept helps ensure those considerations are taken into account early on.

“I think people didn’t know what they didn’t know. They all realize there is a threat, but they don’t know what it is or what to do about it,” Breazile said. “The demand signal came from commanders saying, ‘we need to make sure we have the expertise.’ ”

Breazile and his staff are also working to develop a cyber warfare doctrine and incorporate cyber warfare into more professional military education courses, even for junior Marines like captains and potentially corporals.

Not every Marine will be made a hacker in the same way not every Marine is a pilot. But, the idea is to provide the fleet with a baseline understanding of cyber capabilities and how they can be leveraged. It becomes increasingly important as technology continues to advance. Today, anything with a microchip is vulnerable, Breazile said. He said a logistics Marine, for example, may not often think about cyber. But a cyber attack on the computers he uses to track and deliver goods could have a serious effect on his ability to execute his mission and support forces in the fight.

Herr cites The Basic School, which all officers complete, as an example. There, officers are inculcated with the “every Marine a rifleman” philosophy, but also taught about capabilities for supporting fires and how non-infantry units can support their fight. Incorporating more cyber lessons into PME would similarly help officers and NCOs understand other facets of their battle space, Herr said.