Cyber War as a Career Path

Military cyber operations have been normalized to the point that there is now a defined career path for would-be cyber warriors in the U.S. Air Force and a formal curriculum for training them.

The role of a cyber war specialist, which includes defense as well as offense, is “to develop, sustain, and enhance cyberspace capabilities to defend national interests from attack and to create effects in cyberspace to achieve national objectives,” according to a new Air Force training plan that was published this week.

The Air Force training plan outlines the anticipated career progression of its cyber warriors, and describes the tasks that they must master. See Cyber Warfare Operations Career Field Education and Training Plan, CFETP 1B4X1, July 15, 2018.

Offensively, trainees must learn methods such as buffer overflow tactics and techniques, privilege escalation, rootkits, redirection and triggering, tunneling, and so forth. Defensive methods include encryption, secure enclaves, boundary protection, intrusion detection, etc.

A select group of especially competent trainees will be selected “to futher develop their skills in the areas of secure system design, vulnerability analysis, computer network defense (CND), and computer network exploitation (CNE)” in joint programs with the National Security Agency and US Cyber Command.

The programs will enhance students’ technical skills and will help to “bridge gaps between typical Computer Science/Engineering curriculum and those necessary for Computer Network Attack / Exploitation / Defense.”

“Each intern must complete at least one offensive and at least one defensive tour during the program,” the training plan said.

*    *    *

Some other noteworthy new military doctrinal and other publications include the following.

Human Remains Associated with Sunken Military Craft, SecNav Instruction 5360.2, July 11, 2018. Navy policy normally precludes efforts to recover the remains of those lost at sea. “The Department of the Navy (DON) has long recognized the sea as a fit and final resting place for personnel who perish at sea.”

The guided missile destroyer USS John S. McCain is now named for Senator McCain as well as for his father and grandfather. “As a prisoner of war, [Sen.] McCain represented our nation with dignity and returned with honor,” wrote Secretary of the Navy Richard V. Spencer in a July 12 memorandum memorializing the designation.

The production of electric power for military operations is addressed in a new Army manual. “Modern warfare relies on electrically powered systems, making electricity an essential element that supports warfighting functions.” Though nuclear power systems have previously played a role in the Army, there is no mention of nuclear reactors or isotope power in the new publication. See ATP 3-34.45, Electric Power Generation and Distribution, July 6, 2018.

Superiority in Cyberspace Will Remain Elusive

Military planners should not anticipate that the United States will ever dominate cyberspace, the Joint Chiefs of Staff said in a new doctrinal publication. The kind of supremacy that might be achievable in other domains is not a realistic option in cyber operations.

“Permanent global cyberspace superiority is not possible due to the complexity of cyberspace,” the DoD publication said.

In fact, “Even local superiority may be impractical due to the way IT [information technology] is implemented; the fact US and other national governments do not directly control large, privately owned portions of cyberspace; the broad array of state and non-state actors; the low cost of entry; and the rapid and unpredictable proliferation of technology.”

Nevertheless, the military has to make do under all circumstances. “Commanders should be prepared to conduct operations under degraded conditions in cyberspace.”

This sober assessment appeared in a new edition of Joint Publication 3-12, Cyberspace Operations, dated June 8, 2018. (The 100-page document updates and replaces a 70-page version from 2013.)

The updated DoD doctrine presents a cyber concept of operations, describes the organization of cyber forces, outlines areas of responsibility, and defines limits on military action in cyberspace, including legal limits.

“DOD conducts CO [cyberspace operations] consistent with US domestic law, applicable international law, and relevant USG and DOD policies.” So though it may be cumbersome, “It is essential commanders, planners, and operators consult with legal counsel during planning and execution of CO.”

The new cyber doctrine reiterates the importance and the difficulty of properly attributing cyber attacks against the US to their source.

“The ability to hide the sponsor and/or the threat behind a particular malicious effect in cyberspace makes it difficult to determine how, when, and where to respond,” the document said. “The design of the Internet lends itself to anonymity and, combined with applications intended to hide the identity of users, attribution will continue to be a challenge for the foreseeable future.”

The changing role of “information” in warfare was addressed in a predecisional draft Joint Concept for Operating in the Information Environment (Joint Chiefs of Staff, December 2017).

“Integrating physical and informational power across geographic boundaries and in multiple domains could lead to campaigns and operations with enormous complexity,” the document warns. “The fog and friction of war punishes unnecessary complexity.”

Another concern is that a “focus on informational power could be misread by Congress and other resource allocators to suggest there is little need for a well-equipped and technologically-advanced Joint Force capable of traditional power projection and decisive action.”

DoD Seeks New FOIA Exemption for Fourth Time

For the fourth year in a row, the Department of Defense has asked Congress to legislate a new exemption from the Freedom of Information Act in the FY2019 national defense authorization act for certain unclassified military tactics, techniques and procedures.

Previous requests for such an exemption were rebuffed or ignored by Congress.

The Defense Department again justified its request by explaining that a 2011 US Supreme Court decision in Milner v. Department of the Navy had significantly narrowed its authority to withhold such information under FOIA.

“Before that decision, the Department was authorized to withhold sensitive information on critical infrastructure and military tactics, techniques, and procedures from release under FOIA pursuant to Exemption 2,” DoD wrote in a legislative proposal that was transmitted to Congress on March 16 and posted online yesterday by the Pentagon’s Office of General Counsel.

“This proposal similarly would amend section 130e to add protections for military tactics, techniques, and procedures (TTPs), and rules of engagement that, if publicly disclosed, could reasonably be expected to provide an operational military advantage to an adversary.”

In a new justification added this year, DoD further argued that the exemption was needed to protect its cyber activities. “The probability of successful cyber operations would be limited with the public release of cyber-related TTPs. This [FOIA exemption] proposal would add a layer of mission assurance to unclassified cyber operations and enhance the Department of Defense’s ability to project cyber effects while protecting national security resources.”

New FOIA exemptions are often unpopular and are not always routinely approved by Congress, which has repeatedly dismissed this particular proposal.

DoD has circumscribed the proposed exemption in such a way as to limit its likely impact and to make it somewhat more palatable if it were ever adopted. It would not apply to all TTPs, many of which are freely disclosed online. It would require personal, non-delegable certification by the Secretary of Defense that exemption of particular information was justified. And it would include a balancing test requiring consideration of the public interest in disclosure of information proposed for exemption.

But many FOIA advocates said the proposal was nonetheless inappropriate. It “would undermine the FOIA, creating an unnecessary and overbroad secrecy provision at odds with FOIA’s goal of transparency and accountability to the public,” they wrote in a letter objecting to last year’s version of the proposal.

Strategy: Directing the Instruments of National Power

The tools that can be used to assert national power and influence have often been summarized by the acronym DIME — Diplomatic, Informational, Military, and Economic.

But “US policy makers and strategists have long understood that there are many more instruments involved in national security policy development and implementation,” according to a new Joint Chiefs of Staff publication on the formulation of national strategy.

“New acronyms such as MIDFIELD — Military, Informational, Diplomatic, Financial, Intelligence, Economic, Law, and Development — convey a much broader array of options for the strategist and policymaker to use.” See Strategy, Joint Doctrine Note 1-18, April 25, 2018.

The pursuit of strategic goals naturally entails costs and risks, the document said.

“Risks to the strategy are things that could cause it to fail, and they arise particularly from assumptions that prove invalid in whole or in part. Risks from the strategy are additional threats, costs, or otherwise undesired consequences caused by the strategy’s implementation.”

Homeland Defense: An Update

The Joint Chiefs of Staff last week issued updated doctrine on homeland defense, including new guidance on cyberspace operations, unmanned aerial systems, defense support of civil authorities, and even a bit of national security classification policy.

See Joint Publication 3-27, Homeland Defense, April 10, 2018.

Homeland defense (HD) is related to homeland security, but it is a military mission that emphasizes protection of the country from external threats and aggression.

“The purpose of HD is to protect against incursions or attacks on sovereign US territory, the domestic population, and critical infrastructure and key resources as directed,” according to JP 3-27.

Homeland defense may also function domestically, subject to relevant law and policy. “Threats planned, prompted, promoted, caused, or executed by external actors may develop or take place inside the homeland. The reference to external threats does not limit where or how attacks may be planned and executed.”

Effective homeland defense, whether abroad or at home, requires sharing of information with civilian authorities, international partners, and others.

In an odd editorial remark, the new DoD doctrine says that DoD itself keeps too much information behind a classified firewall to the detriment of information sharing.

“DOD’s over-reliance on the classified information system for both classified and unclassified information is a frequent impediment. . .,” the Joint Chiefs said.

“DOD information should be appropriately secured, shared, and made available throughout the information life cycle to appropriate mission partners to the maximum extent allowed by US laws and DOD policy. Critical to transparency of information sharing is the proper classification of intelligence and information,” the document said, implying that such proper classification cannot be taken for granted.

Nuclear Weapons Maintenance as a Career Path

The US Air Force has published new guidance for training military and civilian personnel to maintain nuclear weapons as a career specialty.

See Nuclear Weapons Career Field Education and Training Plan, Department of the Air Force, April 1, 2018.

An Air Force nuclear weapons specialist “inspects, maintains, stores, handles, modifies, repairs, and accounts for nuclear weapons, weapon components, associated equipment, and specialized/general test and handling equipment.” He or she also “installs and removes nuclear warheads, bombs, missiles, and reentry vehicles.”

A successful Air Force career path in the nuclear weapons specialty proceeds from apprentice to journeyman to craftsman to superintendent.

“This plan will enable training today’s workforce for tomorrow’s jobs,” the document states, confidently assuming a future that resembles the present.

Meanwhile, however, the Air Force will also “support the negotiation of, implementation of, and compliance with, international arms control and nonproliferation agreements contemplated or entered into by the United States Government,” according to a newly updated directive.

See Air Force Policy Directive 16-6, International Arms Control and Nonproliferation Agreements and the DoD Foreign Clearance Program, 27 March 2018.

US Air Force Limits Media Access, Interviews

Updated below

The US Air Force is suspending media embeds, base visits and interviews “until further notice” and it “will temporarily limit the number and type of public engagements” by public affairs officers and others while they are retrained to protect sensitive information, according to guidance obtained by Defense News.

“In line with the new National Defense Strategy, the Air Force must hone its culture of engagement to include a heightened focus on practicing sound operational security,” the new guidance memo said.

“As we engage the public, we must avoid giving insights to our adversaries which could erode our military advantage. We must now adapt to the reemergence of great power competition and the reality that our adversaries are learning from what we say in public.”

Notably, the new Air Force guidance does not distinguish between classified and unclassified information. Nor does it define the scope of “sensitive operational information” which must be protected.

The March 1, 2018 memo was reported (and posted) in “Air Force orders freeze on public outreach” by Valerie Insinna, David B. Larter, and Aaron Mehta, Defense News, March 12.

As it happens, a counter-argument in favor of enhanced Air Force release of information was made just last week by Air Force Secretary Heather Wilson.

“The Air Force has an obligation to communicate with the American public, including Airmen and families, and it is in the national interest to communicate with the international public,” the Secretary stated in a March 8 directive.

“Through the responsive release of accurate information and imagery to domestic and international audiences, public affairs puts operational actions in context, informs perceptions about Air Force operations, helps undermine adversarial propaganda efforts and contributes to the achievement of national, strategic and operational objectives.”

“The Air Force shall respond to requests for releasable information and material. To maintain the service’s credibility, commanders shall ensure a timely and responsive flow of such information,” she wrote.

But by the same token, unwarranted delays or interruptions in the public flow of Air Force information threaten to undermine the service’s credibility. See Public Affairs Management, Air Force Policy Directive 35-1, March 8, 2018.

Update: “It’s not a freeze. We continue to do many press engagements daily,” said [Air Force] Brig. Gen. Ed Thomas. We are fully committed — and passionate about — our duty and obligation to communicate to the American people.” See The Air Force’s PR Fiasco: How a plan to tighten security backfired, Washington Examiner, March 14, 2018.

Army Visual Signals

Soldiers need to be able to communicate on a noisy, dangerous battlefield even when conventional means of communication are unavailable.

To help meet that need, the US Army has just updated its compilation of hand and flag signals.

One configuration of flags signifies “Chemical, biological, radiological, and nuclear hazard present”:

 

Or a soldier may need to signal “I do not understand,” as follows:

 

See Visual Signals for Armor Fighting Vehicles (Combined Arms), GTA 17-02-019, US Army, February 2018.

The Expanding Secrecy of the Afghanistan War

Last year, dozens of categories of previously unclassified information about Afghan military forces were designated as classified, making it more difficult to publicly track the progress of the war in Afghanistan.

The categories of now-classified information were tabulated in a memo dated October 31, 2017 that was prepared by the staff of the Special Inspector General for Afghanistan Reconstruction (SIGAR), John Sopko.

In the judgment of the memo authors, “None of the material now classified or otherwise restricted discloses information that could threaten the U.S. or Afghan missions (such as detailed strategy, plans, timelines, or tactics).”

But “All of the [newly withheld] data include key metrics and assessments that are essential to understanding mission success for the reconstruction of Afghanistan’s security institutions and armed forces.”

So what used to be available that is now being withheld?

“It is basically casualty, force strength, equipment, operational readiness, attrition figures, as well as performance assessments,” said Mr. Sopko, the SIGAR.

“Using the new [classification criteria], I would not be able to tell you in a public setting or the American people how their money is being spent,” Mr. Sopko told Congress at a hearing last November.

The SIGAR staff memo tabulating the new classification categories was included as an attachment for the hearing record, which was published last month. See Overview of 16 Years of Involvement in Afghanistan, hearing before the House Government Oversight and Reform Committee, November 1, 2017.

In many cases, the information was classified by NATO or the Pentagon at the request of the Government of Afghanistan.

“Do you think that it is an appropriate justification for DOD to classify previously unclassified information based on a request from the Afghan Government?,” asked Rep. Val Demings (D-FL). “Why or why not?”

“I do not because I believe in transparency,” replied Mr. Sopko, “and I think the loss of transparency is bad not only for us, but it is also bad for the Afghan people.”

“All of this [now classified] material is historical in nature (usually between one and three months old) because of delays incurred by reporting time frames, and thus only provides ‘snapshot’ data points for particular periods of time in the past,” according to the SIGAR staff memo.

“All of the data points [that were] classified or restricted are ‘top-line’ (not unit-level) data. SIGAR currently does not publicly report potentially sensitive, unit-specific data.”

Yesterday at a hearing of the House Armed Services Committee, Rep. Walter Jones (R-NC) asked Secretary of Defense James N. Mattis about the growing restrictions on information about the war in Afghanistan.

“We are now increasing the number of our troops in Afghanistan, and after 16 years, the American people have a right to know of their successes. Some of that, I’m sure it is classified information, which I can understand. But I also know that we’re not getting the kind of information that we need to get to know what successes we’re having. And after 16 years, I do not think we’re having any successes,” Rep. Jones said.

Secretary Mattis said that the latest restriction of unclassified information about the extent of Taliban or government control over Afghanistan that was withheld from the January 2018 SIGAR quarterly report had been “a mistake.” He added, “That information is now available.” But Secretary Mattis did not address the larger pattern of classifying previously unclassified information about Afghan forces that was discussed at the November 2017 hearing.

Army Sketches Future Cyberspace Operations

The U.S. Army this week published an overview of future military cyberspace operations. See The U.S. Army Concept for Cyberspace and Electronic Warfare Operations 2025-2040, TRADOC Pamphlet 525-8-6, 9 January 2018.

The new Army publication is intended to promote development of cyber capabilities, to foster integration with other military functions, to shape recruitment, and to guide technology development and acquisition. It addresses defense against cyber threats as well as offensive cyber activities.

Proliferation of cyber threats is eroding the benefits of US superiority in conventional military power, the document said.

“The Army faces a complex and challenging environment where the expanding distribution of cyberspace and EMS [electromagnetic spectrum] technologies will continue to narrow the combat power advantage that the Army has had over potential adversaries.”

“Adversaries will conduct complex cyberspace attacks integrated with military operations or independent of traditional military operations.”

“Since every device presents a potential vulnerability, this trend represents an exponential growth of targets through which an adversary could access Army operational networks, systems, and information.”

“Conversely, it presents opportunities for the enhanced synchronization of Army technologies and information to exploit adversary dependencies on cyberspace.”

“If deterrence fails, Army forces isolate, overwhelm, and defeat adversaries in cyberspace and the EMS to meet the commander’s objectives.”

“These [Army] capabilities exploit adversary systems to facilitate intelligence collection, target adversary cyberspace and EMS functions, and create first order effects. Cyberspace and EW [electronic warfare] operations also create cascading effects across multiple domains to affect weapons systems, command and control processes, critical infrastructure, and key resources to outmaneuver adversaries physically and cognitively, applying combined arms in and across all domains.”

Military action in cyberspace is an evolving field that may have overtaken existing law or convention.

“Many effects of cyberspace operations require considerable legal and policy review,” the Army document said.