Pages

26 October 2016

People, Preparation, Process: The Three P’s to Integrate Cyber at the Tactical Level

Jan 19, 2016

Integration of cyber and electromagnetic activities (CEMA) at the tactical level requires strategic thinking and planning. Current efforts, like Army Cyber’s Cyber Support to Corps and Below, are moving in the right direction but do not necessarily create the critical mass required for lasting effects. This paper seeks to provide a framework based on the people, the preparation, and the process of CEMA to successfully incorporate for tactical operations. Beginning with the people, this paper applies talent management concepts to put the right people with expertise, experience, and networks in the right job to start the conversation. Second, preparing those people and the staffs with whom they work for the integration furthers integration. Leadership must make sure the correct education supplements the experience of cyber planners combined with increased discussion of CEMA in Command and General Staff College is vital to preparing the force for the new domain. Finally, the only way to ensure complete integration is to change staff planning processes. Introducing METT-C2, with the second “C” for cyber, and emphasizing cyber key terrain in Mission Analysis, ritualizes cyber variables at the start of planning and guarantees integration in tactical staffs.

“It’s not cyber for the sake of cyber, but cyber integrated into other means” said LTG Edward Cardon, Commander of Army Cyber, at the 2015 Association of United States Army annual meeting when discussing the impact of cyberspace in every component of society.[1] As the Army built its Cyber Mission and Cyber Protection teams for the Cyber Mission Force (CMF), maneuver commanders started to signal a demand for cyber support at Corps and Below. This desire led to the launch of a pilot program at Combat Training Centers to incorporate offensive and defensive cyber operations with the support of both the 780th Military Intelligence Brigade and the Cyber Protection Brigade.[2] Supply of cyber at the tactical level, however, struggles to meet demand as the program grows. Finding ways to integrate cyber into tactical forces and create the critical mass for continued cyber effects requires finding the right people, preparing them, and then creating the processes upon which they rely. This paper addresses the three P’s of integration – people, preparation, process – and provides recommendations on increased integration of cyberspace and electromagnetic activities (CEMA) at the tactical level.

People

First, integration must occur by placing expert and experienced cyber operators into tactical units. This step requires an emphasis on talent management or the “systematic planning for the right number and type of people to meet the Army’s needs at all levels and at all times.”[3] To guide its talent management, the Army follows five guiding principles. For the cyber integration at the tactical level, the Army must ensure a “job-person fit” by optimizing talent placed by “knowledge, skills, and behaviors required by the organization.” Moreover, putting the right person in the right job and right team combined with agile organizations creates proper fit.[4]

For a tactical unit requiring a cyber operator (both 17 and 29 series), talent management means determining the proper skillset from within the force, providing additional training, and then assignment within an organization early in their training cycle. Placement matters – especially for the first few operators at the tactical level. Failure to put the right people in the right job will hinder integration. The right person, according to Mr. Todd Boudreau, Deputy Commandant, U.S. Army Cyber School, must have experience within the CMF and in operational planning. They must know the capabilities of systems, have operated on those systems, and understand how to apply capabilities to enable maneuver.[5] Placing brand new Cyber and Electronic Warfare Officers (EWOs) in tactical positions without the requisite experience and knowledge will leave them impotent and integration a failure.

Moreover, experienced cyber operators come with a network with whom they can communicate and rely upon for additional support.[6] The people integrating cyber must possess social capital – or “social networks, norms of reciprocity, mutual assistance, and trustworthiness.”[7] In other words, relationships have value and a cyber operator at the tactical edge must possess this capital to succeed because it improves the “efficiency of society by facilitating coordinated actions.”[8] Coordinating with the CMF – aka “reachback” – provides knowledge of capabilities and effects provided. In addition, creating networks within the maneuver community helps tailor capabilities towards desired objectives based on conversations and intent vice limited communication through bureaucratic approval processes. Combining the network with expertise provides tactical units enhances the cyber operator’s capabilities at the tactical level.

Preparation

Second, integration requires preparation at both the individual and collective level. Even the most qualified person for a position may lack a skillset required for operations. In addition, with changes in technology, continued education must occur through self-development and other training opportunities, even at the tactical level.

Individually, training CEMA matters. Immediately upon selection, Cyber branch or the unit must provide the proper training. Sending 17-series service members to the EWO course provides background knowledge in that expertise, furthering the tactical application of electronic attack, electronic protect, and electronic support. If the officer is an EWO, additional cyber training, like Joint Advanced Cyber Warfare Course (JACWC) or Joint Network Attack Course (JNAC) ensures technical education on cyber capabilities.[9] Beyond the skills of the individual, the cyber operator must understand how to plan at the tactical level. A “Tier 1 Planner” requires the training mentioned previously, as well as Command and General Staff College (CGSC) completion for planning education and the Joint Enabling Capabilities Command Planners Course for JTF headquarters operations.[10]

A prepared cyber planner cannot leverage their full capability without other branch officers understanding CEMA. All officers must practice the integration of CEMA effects in their professional military education common core curriculum. Current instruction, consisting of a separate two-hour block, lacks the appropriate integration. Furthermore, increased electives still provide only a small pool of “cyber educated” officers entering staffs each year.[11] Instead, all common core must integrate cyberspace and electronic warfare into the requirements for completion of each step of planning. A Small Group Leader must require CEMA effects in planning, just as they do fires. Just asking for CEMA in each phase of planning will shift the culture in both the courses and on staffs.

Outside of individual training, units must train on the integration of CEMA. From incorporating requirements with unit warfighters and Mission Command Training Program visits through training rotations at Combat Training Centers, the more elements prepare in training, the more likely CEMA will see increased integration throughout the force. In addition, the Army Leader’s Cyberspace Operations Course (ALCOC), taught through the U.S. Army Cyber School, provides a weeklong collective training event for key members of the CEMA staff – Cyber, S3, S2, S6, IO, Fires, and Space – that combines education of CEMA with a planning exercise based on future unit missions.[12] Rehearsals are always a key component of preparing to conduct operations at any level. Tactical units practice how they fight, from instruction through CTC rotations. Without practicing CEMA, integration will never be complete.

Process

Process enhances progress. While people and preparation are the first two steps to integrate CEMA into tactical military force operations, the third – process – is the most important. Changing the behavior of staffs and organizations through ritualization of CEMA planning at all levels of command completes integration. Failure to change behavior, even with prepared people in the right positions, will stunt CEMA integration.[13]

Military staffs operate in a distinct fashion through the military decision making process (MDMP). Embedded throughout doctrine, this seven-step routine ensures staffs conduct thorough analysis of the operational environment, along with developing multiple courses of action.[14] Incorporating CEMA as part of MDMP – and not as something distinct and separate – increases successful integration at the tactical level.

The first place to add to the ritual is in understanding the characteristics of the area of operations through mission variables, or METT-TC or Mission, Enemy, Terrain and weather, Troops and support available, Time available, and Civil Considerations. Commanders and their staffs use these variables for increased situational understanding while planning.[15] The problem, however, is while these variables refine knowledge of the operational environment, they neglect to discuss cyberspace and electronic warfare considerations directly even when PMESII-PT, the operational variable framework upon which staffs derive METT-TC, does.[16] Unfortunately, leaving that variable out of METT-TC stops the CEMA conversation completing the first step of MDMP. To change the routine, the Army must add another “C”, making it METT-TC2, with cyber as a distinct mission variable.[17] Evaluating cyberspace through its three layers in METT-TC2 – the Physical Network Layer, the Logical Network Layer, and the Cyber-Persona Layer – and incorporating cyber key terrain maintains the importance of CEMA and adds additional variables of understanding for the commander.[18] By changing the process at the start of MDMP, the cyber variable, both distinct and as part of the other components of METT-TC2, ensures integration.

Beyond variables, products within the process matter. CEMA, as a vital piece of the planning process, must provide additional inputs, including cyber key terrain as part of the intelligence preparation of the battlefield. Cyber key terrain applies the same frameworks as physical terrain and understanding it is to know “those features that provide tactical advantage to someone attacking or defending a network.”[19] Knowing cyber key terrain not only enables offensive maneuver also provides additional disruption to the enemy’s intrusion kill chain in cyberspace by limiting at least one step in the payload delivery. Mapping and defending your own network strengthens the defense of a unit’s lines of communication and thus limits the delivery of any cyber weapon, even if the threat is persistent.[20] Adding cyberspace and electronic warfare inputs to each step of the deliberate planning process and including them as a new mission variable starts the process of changing behavior within staffs.

Conclusion:

To meet the needs of the tactical force and integrate cyber-electromagnetic operations across all levels of command, three large steps must occur. Adhering to the Army’s talent management program and selecting those with the right knowledge, skills, and background to serve in tactical formations comes first. Having the right people is only part of the battle – preparing those individuals, along with others on the staff, allows for a knowledgeable workforce. To leave a lasting impression, processes must change behavior. Standardization of METT-TC2 and cyber key terrain, along with increased expectation of CEMA effects throughout the steps of MDMP makes cyber an expected part of planning, fully integrating it.
About the author

MAJ Charlie Lewis is a 2004 graduate from the United States Military Academy. Commissioned in the Field Artillery, he served in numerous positions with the 101st Airborne Division in Iraq. After graduating from the Harvard Kennedy School of Government in 2012, MAJ Lewis taught in the Department of Social Sciences at USMA, serving as Department Executive Officer his last year. In May 2015, he became a Cyber Operations Officer and is currently the Chief of the Cyber Leader College at Fort Gordon.

[1] Milord, Mike. “Forum addresses Army cyber progress, convergence.” Army.mil. Accessed on November 23, 2015 from http://www.army.mil/article/157613/Forum_addresses_Army_cyber_progress__convergence/?from=RSS.

[2] Freedberg, Sydney J. “Army Puts ‘Cyber Soldiers’ In the Mud.” Breaking Defense. Accessed on November 23, 2015 from http://breakingdefense.com/2015/11/army-puts-cyber-soldiers-in-the-mud/.

[3] Office of Economic and Manpower Analysis. “Purpose.” U.S. Army Talent Management. Accessed November 23, 2015 from https://talent.army.mil/.

[4] U.S. Army Combined Arms Center. “ Talent Management Concept of Operations for Force 2025 and Beyond.” (U.S. Army, Fort Leavenworth, KS: September 2015), 14.

[5] Boudreau, Todd. Discussion with the author. November 20, 2015.

[6] Boudreau.

[7] Putnam, Robert D. and Lewis M. Feldstein, Better Together: Restoring the American Community (New York: Simon and Schuster, 2003), 2.

[8] Putnam, Robert D., Making Democracy Work: Civic Traditions in Modern Italy (Princeton: Princeton University Press, 1993), 167.

[9] Boudreau.

[10] Tate, Ryan and Charlie Lewis. “Cyber 76ers: Forging a Force of Cyber Planners.” Cyber Defense Review. Accessed from http://www.cyberdefensereview.org/2015/12/17/cyber-76ers/..

[11] Croom, Benjamin (CGSC Instructor). Discussion with the author. October 29, 2015.

[12] The author is the ALCOC course manager.

[13] Elrod, Hal and Jordan Harbinger. Art of Charm: Bonus: Beyond the Bestseller. Podcast audio. Art of Charm. MP3. Accessed November 23, 2015 from iTunes Podcast.

[14] Headquarters, Department of the Army. “ADRP 5-0: The Operations Process.” Washington D.C., May 2012. 1-7, 1-9, and 2-12.

[15] “ADRP 5-0”, 1-8-1-9.

[16] Ibid, pg 1-7, 1-8.

[17] Montgomery, Brian. Discussion with the author. October 29, 2015. The author had a discussion with MAJ Montgomery at Fort Leavenworth where MAJ Montgomery stated the need to add this to their planning process while at CGSC.

[18] “Joint Publication 3-12(R): Cyberspace Operations.” Department of Defense. Washington D.C.: 2013, I-3.

[19] Raymond, David, Conti, Gregory, Cross, Tom, and Michael Nowatkowski. “Key Terrain in Cyberspace: Seeking the High Ground.” 6th International Conference on Cyber Conflict, ed P. Brangetto, M. Maybaum, J. Stinissen, 2014, 295, 297.

[20] Hutchins, Eric M., Cloppert, Michael J., and Rohan M. Amin. “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains.” Lockheed Martin Corporation, 4.

No comments:

Post a Comment