Cyber Command Adapts to Understand Cyber Battlespace By Cheryl
Cyber Command Adapts to
Understand Cyber Battlespace
By Cheryl Pellerin, American
Forces Press Service.
Washington D.C. – May 7, 2013 – (AFPS)
– Since the Defense Department officially made cyberspace a new domain of
warfare in 2011, experts in the public and private sectors have been working to
make that inherently collaborative, adaptable environment a suitable place for
military command and control.
U.S. sailors assigned to Navy Cyber Defense Operations Command
In July of that year, the first initiative of the first DOD Strategy for
Operating in Cyberspace called for treating cyberspace as an operational domain
-- no different from air, land, sea or space -- to organize, train and equip so
the department could take full advantage of cyber potential.
Cyberspace is defined as a collection of computer networks that use a variety
of wired and wireless connections, a multitude of protocols, and devices ranging
from supercomputers to laptops to embedded computer systems designed for
specific control functions in larger systems.
At the 4th Annual Cyber Security Conference held here Feb. 22, Air Force Maj.
Gen. Brett T. Williams, director of operations at U.S. Cyber Command, described
how Cybercom is using the Internet and other aspects of the cyber environment to
execute its mission.
“The challenge we have is that the Internet was never designed for military
command and control, … yet we’ve adapted it to do that,” he said. In the process,
the general added, officials have tried to define the Cybercom mission more
clearly over the last few months.
As part of DOD, Williams said, part of Cybercom’s mission is to help in
defending the homeland, especially against cyberattacks and other activities in
cyberspace that could affect national security.
“In that role, like the rest of the Department of Defense, we function as a
supporting command to the national command authority at the Department of
Homeland Security,” he added.
Cybercom’s second responsibility is to secure, operate and defend what is now
defined as the Department of Defense information networks, or DODIN, formerly
called the Global Information Grid, the general said. DODIN is a globally
interconnected end-to-end set of information capabilities for collecting,
processing, storing, disseminating and managing information on demand to
warfighters, policymakers and support personnel.
The third mission area, he said, is to support regional combatant commanders
such as those at U.S. Pacific Command and U.S. Central Command, and functional
combatant commanders such as those at U.S. Transportation Command and U.S.
Quantifying mission requirements is another effort under way at Cybercom, the
What we’re working through right now is taking forces dedicated to the cyber
mission and fundamentally defining a unit of action or unit of employment to do
our mission, then realigning our forces,” Williams said. “You need to be able to
say, ‘What kind of cyber units do I need and how many do I need?’ If you can’t
do that, then you really can’t [plan] and you can’t understand where you’re
For a military force, according to the U.S. Army Combined Arms Center, a line
of operation is a line that defines the orientation of a force in time and space
in relation to the adversary, and links the force with its base of operations
and objectives. Major combat operations typically are designed using lines of
For the cyber domain, Cybercom has three lines of operation -- DOD network
operations, defensive cyber operations and offensive cyber operations.
For network operations “we provision, we operate, we maintain the networks [and]
we do static defense,” Williams said -- things such as firewalls, antivirus
applications and the host-based security system called HBSS, the DOD
off-the-shelf commercial suite of software applications used to monitor, detect
and counter attacks against DOD computer networks and systems.
“No matter how good we get at [defending the network], it’s not going to be
sufficient,” the general said, “because if we harden the network such that
nobody gets in, then we can’t get out, and we lose our ability to do the most
important thing we need to do in cyber, which is, I would argue, to command and
control our forces.”
The second line of operation involves defending cyber operations. What
Cybercom calls DCO has two aspects, Williams said.
First, he explained, people must be able to maneuver in Cybercom’s friendly
networks and hunt for and kill things that get through the static defenses.
Cybercom also needs a “red team” capability to simulate the opposition for
training purposes, and it needs people who can assess the networks for
vulnerabilities and advise the network owners, or commanders, where it makes
sense to take risk based on their operational missions.
“The other part of the DCO is that we need capability to go outside our own
networks” and stop malware and other attacks before they reach the network, the
“Having the capability to operate outside our own networks … subject to all
the laws of war, all the rules of engagement, all [DOD] polices … means being
able to have that spectrum of options [available] for the commanders,” he added.
The third line of operation is offensive cyber operations, or OCO, Williams
said. “That’s the ability to deliver a variety of effects outside our own
networks to satisfy national security requirements,” he explained.
Given these lines of operation, Williams said, commanding and controlling
forces in cyberspace requires technologies with different capabilities than are
fully available today. “What we really need is all the data to understand what
goes on in cyberspace. … Every time something plugs in, it’s got to identify
itself and populate a database with all the knowable parameters,” he said.
The data has to go from unclassified to top secret and be accessible to
anyone with appropriate clearances, he added, and how the data is presented
should be cost-effectively customizable at any level.
“The second thing we need is to be able to move that data around,” Williams
said. “We’ve got to get away from these [tens of thousands] of networks that we
rely on in the department to do what we have to do.”
Some of these critical cyberspace requirements will be met by the Joint
Information Environment, the general said. JIE is a single, joint, secure,
reliable and agile command, control, communications and computing enterprise
information environment to which DOD is transitioning in a first-phase
implementation that spans fiscal years 2013 and 2014.
The JIE will combine DOD’s many networks into a common and shared global
network. It will provide email, Internet access, common software applications
and cloud computing. Main objectives are to increase operational efficiency,
enhance network security and save money by reducing infrastructure and staffing.
According to the Defense Information Systems Agency, the JIE will encompass
all DOD networks and will enhance network security by:
-- Using a single-security architecture;
-- Minimizing network hardware, software and staffing;
-- Giving DOD users access to the network from anywhere in the world;
-- Focusing on protecting data; and
-- Improving DOD’s ability to share information among the services and with
government agencies and industry partners.
Williams said operating in cyberspace also calls for the kind of
mission-critical command-and-control capability provided to air operations by
the Theater Battle Management Core System, a set of software applications that
allows automated management of air battle planning and intelligence operations.
The system operates at the force level and the unit level.
“We need that same type of thing to do our planning for cyberspace,” the general
said, adding that the closest thing he’s seen to a workable system for
cyberspace is called Plan X, an effort announced in May by the Defense Advanced
Research Projects Agency.
Plan X, according to DARPA’s website, will try to create revolutionary
technologies for understanding, planning and managing DOD cyber missions in
real-time, large-scale and dynamic network environments.
More than 350 software engineers, cyber researchers and human-machine interface
experts attended the initial DARPA workshop.
“The program covers largely uncharted territory as we attempt to formalize cyber
mission command and control for the DOD,” DARPA program manager Dan Roelker said
in a recent statement.
Plan X, Williams said, “is being worked by a group of people who in my view
are technology people who have a better understanding of the operational
requirement than most anybody else I’ve seen. They’ve taken it from the
PowerPoint level to some things where you can see how this would work.”
Cybercom needs such a knowledge-management tool, the general said, “that
allows us to plan and execute in an intuitive way and that doesn’t require
everyone who operates in cyber to have a degree in electrical engineering or
computer science. We just can’t train everybody to do that.”