Monday, June 20, 2016

Education for Action: Operationalizing Cyberspace at USNA - Captain David Bondura's Article from SHIPMATE Magazine

Published on June 24, 2016

Much has yet to be discovered and learned in the cyber warfighting domain; however, one simple equation has emerged over recent years --- a hacker plus an internet-connected device plus malware now equals a potential cyber weapon that can be used for disruption, destruction, or intimidation.  The hacker can work for either a nation state or a rogue actor; the internet connected device can be a laptop or mobile phone; and the malware is relatively easy to purchase or obtain.

Since 2009, the U.S. Naval Academy has led efforts to develop and commission Naval Officers with the skills and knowledge required to more effectively operate in the cyber warfighting domain.  To date, these efforts have been significant in promoting and fostering an “Education for Action” mindset, recognizing that in the cyber domain, every Midshipman is operational and fully immersed in a Department of Navy network the day they are issued a USNA intranet account.

There can be little doubt that the Department of Navy’s cyber challenges reach across all naval communities (i.e. air, surface, subsurface, special warfare, medical, and human resources).  The challenges traverse all naval networks to include but not limited to C4I, Hull, Mechanical & Engineering, Platform Information Technology, Navigation, Weapons, Research & Engineering as well as education.

In preparing Midshipmen for these cyber challenges, four foundational principles are routinely presented in their curriculum to “operationalize cyberspace.”

I.  The network is a warfighting platform. Operational commanders depend on networks for Command and Control (C2), battlespace awareness, and integrated fires in many phases of conflict and for daily operations. Therefore, and as with any essential warfighting platform, the network must be made available, defended from intrusion or attack; and, when necessary deliver warfighting effects to achieve operational missions. 

Assured C2, reduction of attack surface, and enhanced defense in depth operations are well-understood, critical success factors for carrier strike group operations.  These factors are now also core to the day-to-day conduct of successful Navy network operations in the presence of adversaries, natural emergencies, equipment failures, and human error.

Operational Framework:  Operation ROLLING TIDE (August, 2013 – February, 2014):  Within the Department of Defense, Navy was targeted by a cyber adversary who engaged in a focused and sustained campaign against the Navy Marine Corps Intranet (NMCI).  In network size, NMCI is second only to the internet itself, with more than 770k users and over 120M browser transactions per day.  As the unclassified lifeline network of the Navy, NMCI supports a mix of Navy business, logistics, administrative, and readiness processes necessary to sustain combat operations.

In response to the NMCI intrusion, Commander, Tenth Fleet successfully planned and executed Operation Rolling Tide to counter adversary cyber activity and regain C2 and integrity of the network.   As noted by Secretary of the Navy, Ray Mabus, ROLLING TIDE represented the largest and most sophisticated network maneuver in USN history. 

The success of ROLLING TIDE required extensive coordination with all USN Echelon II commands and a wide array of joint cyber partners to ensure mission impacts were minimized, while network security was enhanced.  As the Navy’s first named cyber operation, ROLLING TIDE represents the new cyber norm in which the Navy must be prepared to simultaneously institute network strategies as well as lead and conduct cyber operations across multiple levels. 

 As a classroom case study, ROLLING TIDE provides multiple lessons-learned on network defense strategies, improved command and control, risk mitigation processes, and most importantly, the “fight-through” mentality required to operate and maneuver a network in the face of a cyber, advanced persistent threat.

II.  Foster a Cyber Warrior Ethos: Warfighting in the Cyber domain requires the ability to maneuver, operate, and defend Navy networks in real-time.  In the traditional warfighting domains, few military members are issued weapons, and even fewer are authorized to load ammo; however, in the cyber warfighting domain, almost every member is given a keyboard.  It is essential to foster a warrior ethos with that keyboard to ensure Midshipmen understand that the keyboard is more than just the interface to “surfing the net” or doing late-night research; the keyboard needs to be recognized as the interface to executing and enabling operations in and from the cyber domain.

The Navy’s cyber warrior must break down the perception that cyber operators are “techies” or “service providers.”  Cyber Warriors must be educated and trained in Navy’s traditional warfighting ethos, planning tools, and mission accountability to ensure they can operate as a unified maneuvering force that can function under the same planning principles and synchronized operational orders as recognized by other warfighting commanders.

Operational Framework:  U.S. Counter-Terrorism (CT) Operations.  Across this enduring mission set, a unique perspective emerges, that helps shape a warrior ethos that is operationally relevant in cyber warfighting on both the offensive and defensive front. 

CT operations include the policy, strategy, tactics, and techniques to combat terrorism often employing direct-action efforts to seize, capture, or destroy a target.  These operations usually require full sharing of all-source intelligence to enable and ensure the speed, agility and precision required to execute the mission and return safely.

As can be seen on a daily basis, cyber warriors must also be trained and skilled to employ varying levels of direct-action efforts to seize, capture, or destroy targets.  These cyber direct-action efforts must also be supported by the rapid dissemination of all-source intelligence to enable the speed, precision, and agility required to enable or support both defensive and offensive operations.
Whether it is the eradication of adversary activity on a Navy network, enabling drone-strikes against high-profile targets, or as part of the recently announced (April, 2016) U.S. cyber offensive against the Islamic state, cyber operators are fully engaged in direct-action efforts to seize, capture, or destroy targets.

In today’s conflicts, the reality is that cyber now plays a part in operational planning and execution that five to 10 years ago was not conceivable.  Cultivating a cyber warrior ethos in our Midshipmen will be critical in guiding all Navy warfare communities through the cyber challenges and opportunities that are now conceivable in their lines of effort and lines of operation.

III.  Cybertight Integrity:   All sailors understand the threatening urgencies associated with a hull breach and the loss of watertight integrity.  Similarly, a network breach and the loss of cybertight integrity must also engender a similar sense of threatening urgency.   Just as Midshipmen are introduced to watertight integrity principles, they are now introduced to key cybertight integrity principles such as resiliency, redundancy, diversity, and trust management required to assure the data, the network, and the mission. Cybertight integrity must become to a network what watertight integrity is to a vessel.

Much like material conditions of readiness, compartmentation, and qualified damage control teams are critical components of a ship’s watertight integrity, they must also become critical components of a network’s cybertight integrity.  A steady and stable network must have a material condition of readiness program that accounts for and inspects firewalls, boundary control points, intrusion detection systems, detection software etc.  Network compartmentation must allow for the rapid isolation of compromised links and nodes so as not to effect the whole network, and a qualified network damage control team must be identified with roles and responsibilities clearly defined. 
Operational Framework:  Loss of USS Thresher (April 10, 1963):  On April 9, 1963, Thresher departed the Portsmouth Naval Shipyard  with 112 crew members and 17 technical observers for deep diving exercises in an area approximately 200 miles East of Cape Cod, MA.  At 0917 on 10 April, Thresher reported “exceeding test depth” and at 0918, Thresher’s escort ship (Skylark) detected a high-energy, low-frequency noise with the characteristics of an implosion.  The Thresher sunk in approximately 8,400 feet of water.

Investigative findings identified that Thresher suffered from a watertight integrity problem that started with a ruptured pipe in the engine room causing flooding and loss of the engine control switchboard.  Per investigative conclusions, deficiencies in design, fabrication practices, quality assurance, and operational procedures resulted in the Thresher crew being unable to secure the flooding, blow the ballast tanks, or drive to the surface.

In response to the Thresher findings, the Navy created the SUBSAFE program that is purposefully designed to ensure maximum reasonable assurance of watertight integrity and recovery capability of a submarine.   SUBSAFE mandates a culture of safety with a set of well-understood and non-negotiable requirements across the design team, the engineering team and the crew. 

 As part of the enduring Thresher legacy, SUBSAFE served as a model for the Navy’s recently implemented CYBERSAFE program.  CYBERSAFE is designed to ensure maximum reasonable assurance of survivability of critical Navy networks and control systems necessary for mission success.  CYBERSAFE’s mission will ensure compliance with policy, establish strategic vision, and synchronize Navy’s cyber approach to inform, align, evaluate, and prioritize requirements for all platforms and networks.

IV.  Cyber will be a Campaign Conflict: Cyberspace as a domain is still relatively new and yet it is completely pervasive.  Computers and telecommunications have been integral in the conduct of warfare from their inception; however, with the emergence of cyber technologies and weapons, joint and USN tactics, techniques and procedures must be developed and learned in order to fight successfully within cyberspace in the virtual domain as well as from cyberspace in the physical domain.

As in any campaign and/or operation, Commanders use the principles of war --- mass, objective, surprise, simplicity, security, maneuver, unity of command, economy of force, and offensive to form and select courses of action and concepts of operation.  In the cyber domain and across these principles, the adversary tends to hold unique and distinct advantages that must be accounted for --- these advantages are quite similar to those seen over the past decade in Iraqi and Afghanistan combat operations when specifically analyzing U.S. physical security and force protection requirements.

 Operational Framework:  Forward Operating Bases (FOBs):  For more than a decade and in support of Operations IRAQI FREEDOM and ENDURING FREEDOM, FOBs have become the mainstay of US presence in Iraq and Afghanistan. FOBs, such as Danger and Falcon in Iraq and Gardez and Salerno in Afghanistan, provide vivid learning examples of a contested environment that is under constant adversary surveillance,  where the threat of harm is real, and the adversary holds a number of principal of war  advantages to include surprise, maneuver, simplicity etc. 

 FOB operations, much like defensive cyber operations, require a secure perimeter, controlled entry points, guarded access lists, intrusion detection systems, hardened defenses, personnel and services accountability, ready response teams, and most importantly, a warrior-like passion to protect each other and get the mission done.

FOBs remain an integral component in the continued Iraqi and Afghanistan campaigns, and the FOB operational framework and mindset provides a real-world example of the framework and mindset required to be successful in the cyber campaign conflict.
Closing:   On 27 May, 2016, 1,000 Midshipmen graduated from the Academy with a solid educational foundation in cyber as well as 27 Midshipmen who received the first Bachelor of Science Degree in Cyber Operations.  This plankowner crew of 27 represents the Navy’s commitment to enhancing cyber readiness across the Fleet as well as the Naval Academy’s role in preparing graduate-leaders with deep foundational cyber knowledge and skills.  The Academy's “education for action – operationalizing cyberspace ” program recognizes that in moving forward, we must learn from the past, understand the present, and prepare for a complex and challenging future in the cyber warfighting domain --- and it will start with one Midshipman at a time.

1.  U.S. Fleet Cyber Command / TENTH Fleet Stratrgic Plan (2015 – 2020)
2.  SUBSAFE – USS Thresher (SSN 593) Lessons:  Learned Available at:
3.  Task Force Cyber Awakening EXCOM (14 August 2015)
4. Thresher Base:  Available at:
5.  War in Cyberspace (A Theory of War in the Cyber Domain): Available at:
6.  ADM Rogers' remarks during the Cyber Lecture series at USNA

 (Note:  The above post was first-published in the May/June 2016 issue of SHIPMATE.)

No comments: