A $200 million budget increase wouldn’t have seemed like much in the thousands of Defense Department line items a few years back. But with long-term cuts totaling $487 billion over the next 10 years, the denizens of cybersecurity would gladly count their blessings with $3.4 billion to spend in fiscal 2013. They are living in a world of fiscal fact, not science fiction.
The capabilities of cyber are fast approaching what until recently seemed possible only in a sci-fi thriller. Cyber technology “will become both a standalone warfighting instrument with global reach, and it will also be a ubiquitous enabler of the joint force,” Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, said at a recent Joint Warfighting Conference in Virginia Beach, Va. “It will be both part of the 20 percent [of the military complex] that's new and part of what allows the other 80 percent of the force to be used differently."
The possibilities and the vulnerabilities of cyberwarfare repeatedly came to the surface during the three-day military conference.
Marine Corps Lt. Gen. George Flynn, director of force development on the Joint Staff, sized up the drawbacks of the high-tech battlefield. “The first risk would be if we don’t have the ability to communicate amongst ourselves” after the network fails in a cyberattack, he said. “The second risk is if our partners are not able to join the network. Another risk is that our pursuit of advanced technology proves to be unaffordable.”
Take the F-35 Joint Strike Fighter for example, priced at more than $200 million per aircraft. “We built the F-35 with absolutely no protection for it from a cyber standpoint,” said retired Marine Corps Gen. James Cartwright, former vice chairman of the Joint Chiefs of Staff. Even if cyber defenses were built into the aircraft over the course of its 30 years in the inventory, someone, somewhere would be able to break its code. “Every aperture out there is a target,” he said.
According to Royal Navy Vice Adm. C.A. Johnstone-Burt, chief of staff for NATO’s Allied Command Transformation, future warfare will involve more partners -- not fewer -- including nongovernmental organizations. Keeping those partners technologically in step, especially the military, will be increasingly important.
But marching together in the same direction is difficult, even within the U.S. military. The services’ “silos of excellence,” as Army cybersecurity director Maj. Gen Steven Smith put it, prevent everyone from viewing the battle space in the same way with the same understanding.
Army Maj. Gen. Mark Bowman, director of command, control, communications and computers on the Joint Staff, acknowledged the challenge. “We are pushing for all the services working together [with] shared infrastructure and shared situational awareness and a single security architecture,” he said. It starts with enterprise email, Bowman explained, a seemingly small step aimed at building a joint information environment, a huge leap.
But what happens when the network and Global Positioning System tools are taken out by jamming or some other form of attack? The risks run high in what Dempsey called the degraded environments of military wargaming. “GPS is terrific when it’s working,” he said. “But if it gets jammed, we have to be ready to continue the mission.” That means training officers and enlisted members what to do in those circumstances.
“We do not fully understand the power of the network” in military operations or installing it in the curriculum of the services’ training base,” said Lt. Gen. Keith Walker, deputy commanding general at the Army’s Training and Doctrine Command. Top brass at the conference compared the challenge of educating today’s officers in cyberwarfare to educating yesterday’s officers to deploy air power effectively. “We have to put some brainpower to it,” said Air Force Maj. Gen. Thomas Andersen, director of the Curtis E. LeMay Center for Doctrine Development and Education, adding that the key is determining “what we can control and what we can’t control.”
Preparing for cyberwarfare and thinking through the second and third order of effects “is as much a matter of leadership and training as it is engineering,” Dempsey said, noting that such knowledge is crucial for commanders at the brigade level. Cyber rules of engagement were last updated in 2005.
Cybersecurity is larger than the military. It includes figuring out what kind of cyber capability is needed to defend the nation’s financial institutions, law enforcement, homeland security, electric grid and other utilities. “We’ve got to develop capabilities now and work out the authorization policy later,” said Lt. Gen. Richard Mills, the Marine Corps’ deputy commandant for combat development and integration, noting that cyber should be considered a weapon inside the command-and-control system.
Flynn agreed, saying cyber is a new domain in warfare, which makes the homeland a part of the battle space. “Space and cyber now join sea, air and land as contested space,” he said.
One small budget boost for cyberwarfare; one giant challenge for reinventing the rules of engagement.
John Grady, retired director of communications for the Association of the United States Army, writes about defense and national security.