Published on June 24, 2016
Much has yet to be discovered and learned in the cyber
warfighting domain; however, one simple equation has emerged over recent years
--- a hacker plus an internet-connected device plus malware now equals a
potential cyber weapon that can be used for disruption, destruction, or
intimidation. The hacker can work for either a nation state or a rogue actor;
the internet connected device can be a laptop or mobile phone; and the malware
is relatively easy to purchase or obtain.
Since 2009, the U.S. Naval Academy has led efforts to
develop and commission Naval Officers with the skills and knowledge required to
more effectively operate in the cyber warfighting domain. To date, these
efforts have been significant in promoting and fostering an “Education for
Action” mindset, recognizing that in the cyber domain, every Midshipman is
operational and fully immersed in a Department of Navy network the day they are
issued a USNA intranet account.
There can be little doubt that the Department of Navy’s
cyber challenges reach across all naval communities (i.e. air, surface,
subsurface, special warfare, medical, and human resources). The
challenges traverse all naval networks to include but not limited to C4I, Hull,
Mechanical & Engineering, Platform Information Technology, Navigation,
Weapons, Research & Engineering as well as education.
In preparing Midshipmen for these cyber challenges, four
foundational principles are routinely presented in their curriculum to “operationalize
cyberspace.”
I. The network is a warfighting platform. Operational
commanders depend on networks for Command and Control (C2), battlespace
awareness, and integrated fires in many phases of conflict and for daily
operations. Therefore, and as with any essential warfighting platform, the
network must be made available, defended from intrusion or attack; and, when
necessary deliver warfighting effects to achieve operational missions.
Assured C2, reduction of attack surface, and enhanced
defense in depth operations are well-understood, critical success factors for
carrier strike group operations. These factors are now also core to the
day-to-day conduct of successful Navy network operations in the presence of
adversaries, natural emergencies, equipment failures, and human error.
Operational Framework: Operation ROLLING
TIDE (August, 2013 – February, 2014): Within the Department of
Defense, Navy was targeted by a cyber adversary who engaged in a focused and
sustained campaign against the Navy Marine Corps Intranet (NMCI). In
network size, NMCI is second only to the internet itself, with more than 770k
users and over 120M browser transactions per day. As the unclassified
lifeline network of the Navy, NMCI supports a mix of Navy business, logistics,
administrative, and readiness processes necessary to sustain combat operations.
In response to the NMCI intrusion, Commander, Tenth Fleet
successfully planned and executed Operation Rolling Tide to
counter adversary cyber activity and regain C2 and integrity of the
network. As noted by Secretary of the Navy, Ray Mabus, ROLLING
TIDE represented the largest and most sophisticated network maneuver
in USN history.
The success of ROLLING TIDE required
extensive coordination with all USN Echelon II commands and a wide array of
joint cyber partners to ensure mission impacts were minimized, while network
security was enhanced. As the Navy’s first named cyber operation, ROLLING
TIDE represents the new cyber norm in which the Navy must be prepared
to simultaneously institute network strategies as well as lead and conduct
cyber operations across multiple levels.
As a classroom case study, ROLLING TIDE provides
multiple lessons-learned on network defense strategies, improved command and
control, risk mitigation processes, and most importantly, the “fight-through”
mentality required to operate and maneuver a network in the face of a cyber,
advanced persistent threat.
II. Foster a Cyber Warrior Ethos: Warfighting in the
Cyber domain requires the ability to maneuver, operate, and defend Navy
networks in real-time. In the traditional warfighting domains, few
military members are issued weapons, and even fewer are authorized to load
ammo; however, in the cyber warfighting domain, almost every member is given a
keyboard. It is essential to foster a warrior ethos with that keyboard to
ensure Midshipmen understand that the keyboard is more than just the interface
to “surfing the net” or doing late-night research; the keyboard needs to be
recognized as the interface to executing and enabling operations in and from
the cyber domain.
The Navy’s cyber warrior must break down the perception that
cyber operators are “techies” or “service providers.” Cyber Warriors must
be educated and trained in Navy’s traditional warfighting ethos, planning
tools, and mission accountability to ensure they can operate as a unified
maneuvering force that can function under the same planning principles and
synchronized operational orders as recognized by other warfighting commanders.
Operational Framework: U.S. Counter-Terrorism
(CT) Operations. Across this enduring mission set, a unique perspective
emerges, that helps shape a warrior ethos that is operationally relevant in
cyber warfighting on both the offensive and defensive front.
CT operations include the policy, strategy, tactics, and
techniques to combat terrorism often employing direct-action efforts to seize,
capture, or destroy a target. These operations usually require full
sharing of all-source intelligence to enable and ensure the speed, agility and
precision required to execute the mission and return safely.
As can be seen on a daily basis, cyber warriors must also be
trained and skilled to employ varying levels of direct-action efforts to seize,
capture, or destroy targets. These cyber direct-action efforts must also
be supported by the rapid dissemination of all-source intelligence to enable
the speed, precision, and agility required to enable or support both defensive
and offensive operations.
Whether it is the eradication of adversary activity on a
Navy network, enabling drone-strikes against high-profile targets, or as part
of the recently announced (April, 2016) U.S. cyber offensive against the
Islamic state, cyber operators are fully engaged in direct-action efforts to
seize, capture, or destroy targets.
In today’s conflicts, the reality is that cyber now plays a
part in operational planning and execution that five to 10 years ago was not
conceivable. Cultivating a cyber warrior ethos in our Midshipmen will be
critical in guiding all Navy warfare communities through the cyber challenges
and opportunities that are now conceivable in their lines of effort and lines
of operation.
III. Cybertight Integrity: All sailors
understand the threatening urgencies associated with a hull breach and the loss
of watertight integrity. Similarly, a network breach and the loss of
cybertight integrity must also engender a similar sense of threatening
urgency. Just as Midshipmen are introduced to watertight integrity
principles, they are now introduced to key cybertight integrity principles such
as resiliency, redundancy, diversity, and trust management required to assure
the data, the network, and the mission. Cybertight integrity must become
to a network what watertight integrity is to a vessel.
Much like material conditions of readiness,
compartmentation, and qualified damage control teams are critical components of
a ship’s watertight integrity, they must also become critical components of a
network’s cybertight integrity. A steady and stable network must have a
material condition of readiness program that accounts for and inspects
firewalls, boundary control points, intrusion detection systems, detection
software etc. Network compartmentation must allow for the rapid isolation
of compromised links and nodes so as not to effect the whole network, and a qualified
network damage control team must be identified with roles and responsibilities
clearly defined.
Operational Framework: Loss of USS Thresher (April
10, 1963): On April 9, 1963, Thresher departed the Portsmouth Naval
Shipyard with 112 crew members and 17 technical observers for deep diving
exercises in an area approximately 200 miles East of Cape Cod, MA. At
0917 on 10 April, Thresher reported “exceeding test depth” and at 0918,
Thresher’s escort ship (Skylark) detected a high-energy, low-frequency noise
with the characteristics of an implosion. The Thresher sunk in
approximately 8,400 feet of water.
Investigative findings identified that Thresher suffered
from a watertight integrity problem that started with a ruptured pipe in the
engine room causing flooding and loss of the engine control switchboard.
Per investigative conclusions, deficiencies in design, fabrication practices,
quality assurance, and operational procedures resulted in the Thresher crew
being unable to secure the flooding, blow the ballast tanks, or drive to the
surface.
In response to the Thresher findings, the Navy created
the SUBSAFE program that is purposefully designed to ensure
maximum reasonable assurance of watertight integrity and recovery capability of
a submarine. SUBSAFE mandates a culture of safety with a set of
well-understood and non-negotiable requirements across the design team, the
engineering team and the crew.
As part of the enduring Thresher legacy, SUBSAFE
served as a model for the Navy’s recently implemented CYBERSAFE program.
CYBERSAFE is designed to ensure maximum reasonable assurance of survivability
of critical Navy networks and control systems necessary for mission
success. CYBERSAFE’s mission will ensure compliance with policy, establish
strategic vision, and synchronize Navy’s cyber approach to inform, align,
evaluate, and prioritize requirements for all platforms and networks.
IV. Cyber will be a Campaign Conflict: Cyberspace as a
domain is still relatively new and yet it is completely pervasive.
Computers and telecommunications have been integral in the conduct of warfare
from their inception; however, with the emergence of cyber technologies and
weapons, joint and USN tactics, techniques and procedures must be developed and
learned in order to fight successfully within cyberspace in the virtual domain
as well as from cyberspace in the physical domain.
As in any campaign and/or operation, Commanders use
the principles of war --- mass, objective, surprise, simplicity, security,
maneuver, unity of command, economy of force, and offensive to form and select
courses of action and concepts of operation. In the cyber domain and
across these principles, the adversary tends to hold unique and distinct
advantages that must be accounted for --- these advantages are quite similar to
those seen over the past decade in Iraqi and Afghanistan combat operations when
specifically analyzing U.S. physical security and force protection
requirements.
Operational Framework: Forward
Operating Bases (FOBs): For more than a decade and in support of
Operations IRAQI FREEDOM and ENDURING FREEDOM, FOBs have become the mainstay of
US presence in Iraq and Afghanistan. FOBs, such as Danger and Falcon in Iraq
and Gardez and Salerno in Afghanistan, provide vivid learning examples of a
contested environment that is under constant adversary surveillance,
where the threat of harm is real, and the adversary holds a number of principal
of war advantages to include surprise, maneuver, simplicity etc.
FOB operations, much like defensive cyber operations,
require a secure perimeter, controlled entry points, guarded access lists,
intrusion detection systems, hardened defenses, personnel and services
accountability, ready response teams, and most importantly, a warrior-like
passion to protect each other and get the mission done.
FOBs remain an integral component in the continued
Iraqi and Afghanistan campaigns, and the FOB operational framework and mindset
provides a real-world example of the framework and mindset required to be
successful in the cyber campaign conflict.
Closing: On 27 May, 2016, 1,000 Midshipmen graduated
from the Academy with a solid educational foundation in cyber as well as 27
Midshipmen who received the first Bachelor of Science Degree in Cyber
Operations. This plankowner crew of 27 represents the Navy’s commitment
to enhancing cyber readiness across the Fleet as well as the Naval Academy’s
role in preparing graduate-leaders with deep foundational cyber knowledge and
skills. The Academy's “education for action – operationalizing
cyberspace ” program recognizes that in moving forward, we must learn
from the past, understand the present, and prepare for a complex and
challenging future in the cyber warfighting domain --- and it will start with one
Midshipman at a time.
Resources:
1. U.S. Fleet Cyber Command / TENTH Fleet Stratrgic
Plan (2015 – 2020)
2. SUBSAFE – USS Thresher (SSN 593) Lessons:
Learned Available at:
nsc.nasa.gov/SFCS/SystemFailureCaseStudyFile/Download/407
3. Task Force Cyber Awakening EXCOM (14 August 2015)
4. Thresher Base: Available at: http://www.thresherbase.org/the-tragedy.html
5. War in Cyberspace (A Theory of War in the Cyber
Domain): Available at: https://cyberbelli.com/
6. ADM Rogers' remarks during the Cyber Lecture series
at USNA
(Note: The above post was first-published in the
May/June 2016 issue of SHIPMATE.)
No comments:
Post a Comment