Pages

11 January 2018

Expanding the Menu: The Case for CYBERSOC

by Benjamin Brown

Introduction

The United States military should develop cyber special operations capabilities to expand the menu of policy options for addressing threats to U.S. interests and national security. As the roles of the cyber domain in modern conflict expands, new possibilities emerge for special operations to accomplish strategic objectives by employing cyber functions. The creation of Cyber Special Operations Forces (Cyber SOF) within the United States Special Operations Command (SOCOM) would empower the U.S. military to exploit cyber-enabled special operations. Cyber SOF will best enhance U.S. special operations capabilities by taking shape as a sub-unified command within SOCOM. This Cyber Special Operations Command (CYBERSOC) would position Cyber SOF to play supporting or leading roles as a key component of integrated special operations campaigns.


The U.S. Military Needs Cyber SOF

Advances in the cyber domain are adding a new dimension to the realm of special operations, and creating new applications and avenues for surgical strike and special warfare activities. For example, distributed denial-of-service (DDOS) cyberattacks could disrupt adversaries’ command and control (C2) functions to prepare for the insertion of SOF teams.[i] Cyber functions could enhance the planning, preparation, and execution of hostage rescue operations by SOF units.[ii] Cyberspace initiatives could form the backbone of cloud-based unconventional warfare (UW), utilizing social media platforms to drive recruitment and social mobilization at lower cost and physical risk to SOF.[iii] Exploiting the emerging possibilities for cyber-enabled special operations will provide the U.S. with a wider set of options for pursuing strategic objectives. Already, the U.S. military’s Joint Task Force Ares, which works to disrupt Islamic State (ISIS) computer networks that enable recruitment and communication, has shown the force-multiplying impact of pairing traditional military operations with cyber operations.[iv]

However, if the U.S. military ignores the new cyber dimension of special operations and fails to develop relevant capabilities, the nation may suffer a diminished ability to shape and operate within the increasingly cyber-influenced conflict environments of the future. As U.S. special operations practitioner and theorist Colonel Patrick Duggan states, U.S. special operations “must be amplified by cyber so that we can evolve our strengths into new strategic instruments to protect and project our national interests.”[v] SOCOM commander General Raymond A. Thomas III agrees that the U.S. military must embrace cyber capabilities as “an essential weapon” in its arsenal.[vi]

The U.S.’ rivals and adversaries have recognized the importance of cyber-enabled special operations. Russian Chief of General Staff Valery Gerasimov has written that modern geopolitical events like the Arab Spring have demonstrated “the use of technologies for influencing state structures and the population with the help of information networks.”[vii] Accordingly, U.S. adversaries have developed and deployed innovative cyber capabilities to pursue their strategic objectives. Russia has integrated cyber measures into special operations campaigns that pursue disruptive foreign policy aims while undermining targets’ abilities to respond. Online disinformation campaigns and cyberattacks against government networks, communications systems, and logistical infrastructure were major elements of Russia’s UW campaign to nurture separatist groups in eastern Ukraine.[viii] Iran has reportedly deployed cyber experts from its special operations Quds Force to help Syria’s Assad regime counter social media initiatives by the Syrian opposition.[ix] This assistance represents a cyber line of effort within a broader Iranian foreign internal defense (FID) campaign to defeat Syrian rebel forces.

Non-state actors have also proven adept at exploiting the cyber domain. As early as 2004, Al Qaeda strategist Abu Musab Al-Suri identified use of online platforms as a key tactic for recruitment, training, and publicity operations in conducting international jihad.[x] Since then, many terrorist groups – particularly ISIS – have exploited social media platforms to radicalize individuals overseas, recruit fighters, raise funds, and encourage terrorist attacks in areas where physical access is limited or risky.[xi] In 2014, ISIS even created its own social media app, which allowed users to access exclusive ISIS content and was able to make users’ Twitter profiles retweet jihadist posts automatically – all while collecting personal data on users and revenues from advertising.[xii] By contrast, the U.S. military has not sufficiently invested specialized cyber capabilities into its special operations practice. There has been some integration of cyber functions in U.S. special operations, such as enabling the rapid processing of intelligence key to F3EAD.[xiii] However, no cyber element dedicated to conducting special operations activities exists.[xiv] Consequently, there are worries that the U.S. is falling behind in the exploitation of the cyber domain and ceding a strategic advantage in special operations to its adversaries.[xv]

Creating Cyber SOF – forces that specialize in conducting special operations activities in the cyber domain – could provide the capabilities necessary to extend U.S. special operations into the cyber domain. To expand policy options meaningfully, Cyber SOF’s organizational design must fulfill several criteria. Cyber SOF must be able to conduct both surgical strike and special warfare missions across SOCOM’s ten special operations core activities.[xvi] This ability will require both adept technical proficiencies and non-cyber proficiencies such as foreign language skills and regional expertise. Cyber SOF must be able to support the missions of non-cyber SOF and to spearhead their own missions, with cyber as the primary line of effort. Cyber SOF will need to earn cultural acceptance in SOCOM so that cyber capabilities gain recognition as powerful tools for integrated special operations campaigns. U.S. special operations capabilities will not expand if the cyber domain remains an afterthought to kinetic special operations missions. Lastly, Cyber SOF need flexibility to grow in scale and skill, to account for the dynamism of the cyber domain. The better that organizational design supports these needs, the more Cyber SOF will enhance and expand U.S. policy options.

Put Cyber SOF in SOCOM

The first consideration of organizational design is where to put Cyber SOF. Placement will shape Cyber SOF’s actual capabilities by influencing the types of missions that the force conducts, the resources that it receives, and the culture and bureaucratic priorities under which it operates. Because Cyber SOF sits at the nexus of cyber and special operations, the two most appropriate candidates are CYBERCOM and SOCOM. One argument holds that CYBERCOM is the natural home for any cyber capabilities.[xvii]Frank Cilluffo and Sharon Cardash of George Washington University argue that CYBERCOM-based Cyber SOF, modeled on SOCOM’s Joint Special Operations Command (JSOC), would “deconflict and harmonize everything from collection efforts to target selection, then marshal and mobilize the capabilities to enact the chosen outcomes,” allowing the U.S. military “to act more decisively in the cyber domain while avoiding counterproductive moves.”[xviii] Putting Cyber SOF in CYBERCOM could help ensure coordination of the U.S. military’s cyber activities. Moreover, CYBERCOM offers existing cyber expertise that would facilitate the creation and training of Cyber SOF.

However, the U.S. military should not decide Cyber SOF placement solely on the basis that cyber belongs to CYBERCOM. Admiral Mike Rogers, commander of CYBERCOM and director of the NSA, has noted that “no single entity has all the necessary insight, authorities, capabilities, or resources to protect and defend US and allied interests in cyberspace.”[xix] Indeed, U.S. military cyberspace doctrine recognizes the need for distinct SOCOM cyber capabilities, stating that “advancements in IT continue to develop rapidly, which in turn requires the Services and USSOCOM to develop, field, and sustain cyberspace capabilities adaptable to the rapid changing [operational environment].”[xx] Cyber is too broad, ubiquitous and dynamic in contemporary conflict environments to delegate cyber equities dogmatically. Instead, Cyber SOF placement should reflect the optimal arrangement for enhancing U.S. special operations capabilities and policy options.

On that basis, CYBERCOM is not the appropriate place for Cyber SOF. Cyber SOF’s purpose is to fill a special operations capability gap, and CYBERCOM is not a conducive setting to cultivate special operations capabilities. By the U.S. military’s definition, special operations “are often conducted in hostile, denied, or politically and/or diplomatically sensitive environments,” and are characterized by “time-sensitivity, clandestine or covert nature, low visibility, work with or through indigenous forces, greater requirements for regional orientation and cultural expertise, and a higher degree of risk.”[xxi]To fill the gap, Cyber SOF must take a distinct SOF approach, engaging in cyber functions as means towards ends focusing on political environments and human factors to achieve objectives beyond the cyber domain.

By contrast, CYBERCOM’s priority is conducting cyber functions to achieve objectives in the cyber domain. CYBERCOM’s three focus areas – defending Department of Defense Information Networks (DODIN), providing support to combatant commanders, and strengthening the U.S.’ ability to withstand and respond to cyberattacks – emphasize cyber superiority as ends.[xxii] CYBERCOM’s resource allocation is telling: only 27 teams of CYBERCOM’s 133 Cyber Mission Force teams will specialize in supporting the U.S. military’s Geographic Combatant Commands (GCCs), while 68 teams will specialize in protecting DODIN.[xxiii] This emphasis on cybersecurity and network protection raises questions about whether CYBERCOM could provide SOCOM with sufficiently comprehensive support.[xxiv] In fact, CYBERCOM is already attempting to host cyber capabilities to support special operations, but at a level too limited to meet future cyberspace needs. CYBERCOM has tasked the Marine Corps component of the Joint Force Headquarters Cyber (JFHQ-C) to support SOCOM.[xxv] But the Marine Corps contributes only 13 of CYBERCOM’s 133 teams, and of these nine will specialize in DODIN protection or shielding the nation from cyberattacks.[xxvi] That leaves only four teams to provide operational or planning support for all of SOCOM – not enough to meet rising cyber capability needs and extend U.S. special operations into the cyber domain.

Additionally, putting Cyber SOF in CYBERCOM would impose organizational boundaries inhibiting coordination between cyber and non-cyber SOF. There are already concerns that the U.S. military’s cyber capabilities may be too isolated within CYBERCOM, forgoing potential benefits from the integration of cyber and non-cyber capabilities for such missions as electronic warfare operations.[xxvii] CYBERCOM retains operational control of the Cyber Mission Force teams that it provides to support the GCCs, rather than delegating command authority.[xxviii] Consequently CYBERCOM can reassign and move GCC-supporting cyber teams as it chooses. Under such a model, CYBERCOM might periodically reassign Cyber SOF elements that it provided to support SOCOM, preventing the development of key skills such as regional expertise, or deep working relationships with other SOF. The very creation of SOCOM drew from the lesson that disparate command structures hinder coordination and integrated operations.[xxix] After the disastrous failure of Operation Eagle Claw in 1980, the Holloway Commission pinpointed non-integrated training, muddled C2 hierarchies, and deficient interoperability as key reasons for the operation’s failure.[xxx] Creating a firm organizational boundary between cyber- and non-cyber special operations capabilities risks recreating similar dynamics.

The best place for Cyber SOF is within SOCOM, whose specialization in the human realm will enhance Cyber SOF’s ability to conduct cyber-enabled special operations and pursue strategic objectives. Col. Duggan explains that the cyber domain “is not simply a technical abstraction, but represents a virtual vehicle for tapping into the human passions that drive behavior and action.”[xxxi] He notes that instilling Cyber SOF with a special operations approach is important because “successfully navigating our hyper-connected world means better understanding its cultural landscape, and requires blending emerging cyber-technology with unconventional approaches.”[xxxii] SOCOM will imbue Cyber SOF with SOF’s unique expertise in “exploiting the psychological, cultural, and societal factors that drive human behavior.”[xxxiii] Drawing from the SOF community’s skillset will better Cyber SOF to expand U.S. policy options.

Putting Cyber SOF in SOCOM would not only enhance special operations practice in the present, but help extend U.S. special operations into the future. Cyber SOF force planning would become part of SOCOM’s overall force planning process, allowing SOCOM to integrate cyber into coordinated plans for future special operations capabilities. By contrast, placing Cyber SOF in CYBERCOM would keep cyber and non-cyber SOF force planning separate, raising the possibility that Cyber SOF capabilities would mismatching SOCOM’s needs. Moreover, SOCOM will likely need to cultivate cyber capabilities across non-cyber SOF components, as cyberspace increasingly influences the human environments in which SOF operate. Col. Duggan writes that “in the not too distant future, every Special Operations Forces practitioner will be required to understand the basics of cyberspace, computers, and coding; not because they’re expected to be programmers, but because they’ll need those skills to conduct special operations in an era vastly more interconnected than now.” Cyber proficiencies will be easier to cultivate across SOCOM if an organic cyber element already exists.

Structuring Cyber SOF: Create a CYBERSOC

The second design decision is how Cyber SOF should take shape within SOCOM. The need to develop cyber capabilities covering all special operations core activities and global regions suggests four options. First, SOCOM could delegate Cyber SOF creation to each of its component commands. Second, SOCOM could reflag and repurpose an existing SOF unit to conduct cyber-enabled special operations. Third, SOCOM could create Cyber SOF as an entirely new unit, within one of the component commands. Fourth, and the optimal solution, is for SOCOM to create a new sub-unified command drawing from each service to conduct special operations activities in the cyber domain.

SOCOM could delegate the creation of Cyber SOF to its component commands. USASOC, NAVSPECWARCOM, AFSOC, MARSOC, and JSOC would each create the cyber capabilities that they require, as they see fit. Each component command could craft cyber capabilities tailored to their anticipated needs and according to their available resources. One popular proposal is to create hybrid SOF teams that integrate traditional or kinetic tactical capabilities with cyber expertise within the existing SOF unit structure.[xxxiv] The problem with this hybrid model is that cross-training, to achieve proficiency in both traditional and cyber tactics, precludes deep specialization in one of the fields. An operator who learns how to code or manipulate social media has less time to train marksmanship or survival skills – and vice versa. The hybrid model is worth exploration, but SOCOM first needs Cyber SOF who are truly masters of craft in cyber surgical strike and special warfare activities.

Decentralizing and delegating Cyber SOF across SOCOM would also be inefficient. The U.S. Army has experimented with embedding cyber teams into conventional combat units during exercises. The Army ultimately returned the cyber teams to their centralized home unit, after finding that establishing the training centers and other infrastructure to relocate these cyber teams permanently was cost prohibitive.[xxxv] Existing SOF, who are trained and equipped by the service component commands and then placed under the operational control of joint TSOCs, reflect a delegation approach to forcebuilding. However, delineations between SOCOM’s component commands typically correlate to distinct SOF functions. For example, Army Special Forces focus on land-based unconventional warfare, while Navy SEALs focus on surgical strike missions that involve a maritime element. SOF elements do overlap in skills and missions – consider SEAL missions in landlocked Afghanistan and inland Iraq – but they largely cultivate distinct yet complementary proficiencies within SOCOM.[xxxvi]

By contrast, the capabilities of Cyber SOF elements created by SOCOM’s component commands would probably be more alike than different. Dividing Cyber SOF along component command lines therefore risks generating inefficient redundancy and stunting the scope of cyber special operations capabilities. Additionally, the delegation approach could see the component commands produce Cyber SOF that meet their separate needs, but are poorly suited to operate jointly and fail to provide GCC TSOC commanders with comprehensive sets of cyber capabilities. For Cyber SOF to exploit cyber-enabled special operations to the greatest effect, they need a more centralized and consolidated structure in SOCOM.

SOCOM could also create Cyber SOF by reflagging an existing SOF unit. Major Jason Tebedo suggests that reflagging “would be the quickest method” to build cyber special operations capacity within SOCOM, and would prevent the need to expand SOCOM within an atmosphere of “DOD imposed fiscal restraints and future budget uncertainty.”[xxxvii] Cyber SOF could hit the ground running by leveraging the reflagged unit’s allocated budget, foreign language skills, regional expertise, and other relevant resources or proficiencies. Reflagging should occur at the brigade or group level to ensure that Cyber SOF can integrate into every TSOC and engage in all ten special operations core activities. Reflagging should not select an Army Special Forces Group, Air Force Special Operations Wing, or other such specialized units that serve functions unrelated to cyber and are difficult to replace.

With these parameters, USASOC’s 95th Civil Affairs Brigade or the 4th or 8th Military Information Support Operations (MISO) Groups are the best candidates for reflagging. Indeed, Major Tebedo suggests reflagging the 95th Civil Affairs Brigade, reasoning that the unit “does not possess any technical or non-replicable skills,” and “does not have a large stockpile of mission specific equipment.”[xxxviii]However, reflagging the 95th Civil Affairs Brigade or either MISO groups imposes a damaging loss of capabilities on SOCOM, particularly as “conflicts over the last two decades have led to an increased demand” for Civil Affairs Operations and MISO.[xxxix] These three units have no redundant counterparts to replace their functions: the 95th Civil Affairs Brigade is the only active duty Civil Affairs Brigade, and each MISO group supports different GCCs. As a result, reflagging the 95th Civil Affairs Brigade, the 4th MISO group, or the 8th MISO group would degrade SOCOM’s ability to achieve strategic objectives and shrink the menu of options available to policymakers. Several SOF officers argued that such was the effect when the Army deactivated the 85th Civil Affairs Brigade in 2016.[xl] Losing key special operations capabilities via reflagging defeats the very purpose of creating Cyber SOF. Cyber SOF cannot enhance U.S. policy options if their creation only shifts the gap in SOCOM capabilities from cyber to Civil Affairs or MISO. Consequently, reflagging is a flawed option for creating Cyber SOF.

A third option is to create a Cyber SOF from scratch within one of SOCOM’s component commands. A single, new unit at the brigade- or group-level would consolidate cyber capabilities without sacrificing existing SOF capabilities, and provide sufficient scale to engage in all ten special operations core activities while supporting all GCC TSOCs. USASOC may be the most appropriate candidate for the Cyber SOF unit, given the overlap in proficiencies and information-intensive functions for Civil Affairs Operations or MISO and cyber-enabled special operations. One key challenge is that the new unit approach monopolizes cyber capabilities to one component command, but these capabilities will be in increasing demand across SOCOM. To meet the cyberspace needs of other SOF elements, Cyber SOF could draw inspiration from AFSOC by embedding operators across organizational lines.[xli] For example, a USASOC Cyber SOF operational team could embed with an AFSOC Special Operations Squadron to conduct cyberattacks against anti-air batteries.

However, such arrangements may not be sustainable to provide cyber support on a sufficient scale for future conflict. Even if it is an exaggeration to predict that “every USSOF mission” will require cyber support in the future, the need for cyber capabilities across SOCOM may reach a scale that one component command alone cannot fulfill.[xlii] Cyber SOF will need to grow to address increasing cyber capability needs from multiple component commands, while the costs of growth would fall squarely on a single component command. The responsibilities and costs for developing a joint capability should fall to a joint set of stakeholders.

The optimal solution, offering the best prospects to exploit the full potential of cyber-enabled special operations, is for SOCOM to establish a new, cyber-focused, sub-unified command: CYBERSOC. This CYBERSOC would serve as a single authority to plan and build Cyber SOF on a sufficient scale for global operations across all special operations core activities, while preventing excessive redundancy. As immediately subordinate to SOCOM, CYBERSOC would enjoy greater organizational stature to advocate for cyber as useful line of effort in special operations campaigns. As a sub-unified command, CYBERSOC would draw jointly from the Army, Navy, Air Force, and Marine Corps, giving each access to and a stake in Cyber SOF. Overall, CYBERSOC would enrich the set of options available to U.S. policymakers. Col. Duggan argues that a CYBERSOC could “enrich perspectives during the development of national strategies, by injecting unconventional insights and asymmetric options throughout the development process.”[xliii]

Internally, CYBERSOC would comprise planning and operational elements. Like SOCOM’s existing component commands, CYBERSOC would possess a staff element responsible for planning, force-building, and other functions to create and sustain cyber capabilities. To operationalize these capabilities, CYBERSOC should create one unit for each of the six GCCs, to lead or support special operations within their respective GCC’s TSOC. These operational units should mimic CYBERCOM’s team-based Cyber Mission Force model, which offers functionally specialized capabilities at the tactical level while cumulatively providing a broad spectrum of capabilities at the operational and strategic levels.[xliv]

CYBERSOC’s mission teams would specialize in either surgical strike or special warfare, with both team types at the disposal of TSOC commanders. Surgical strike teams would comprise specialists second-to-none in their mastery of cyber-craft: experts in network systems and computer science, specializing in highly technical functions within denied or sensitive cyber environments. These teams would perform more direct and often unilateral cyber special operations, such as crippling adversaries’ C2 systems or launching cyberattacks to disable target defense installations or infrastructural facilities. Special warfare teams would cultivate technical expertise as well, but also place emphasis on regional background and lingual skills corresponding to their TSOC. These teams would conduct indirect, less-technical activities in cyberspace, such as social media initiatives or cyber capacity-building, and often do so in cooperation with partner governments or groups. Together, these two types of teams would enable CYBERSOC to inject broad new capabilities into U.S. special operations practice.

Creating Cyber SOF Won’t Be Easy

Creating and designing Cyber SOF, particularly as a CYBERSOC, will be challenging. SOCOM has the necessary authorities: military doctrine allows combatant commands to establish new sub-unified commands when authorized by the Secretary of Defense, and Major Force Program 11 (MFP-11) funding empowers SOCOM to reallocate funding for such purposes.[xlv] But beyond authorization, CYBERSOC will require time, effort, and resources. Initially, SOCOM would need to reallocate funding to establish CYBERSOC, reducing the resources available to other component commands. Difficult and contentious choices about where SOCOM can afford trim funds would follow. Later, SOCOM would have to advocate for budget increases to expand CYBERSOC and meet rising cyber capability needs. Within a political climate of strong debate over defense spending levels, this will not be an easy task.

Other challenges require effective solutions to achieve a CYBERSOC that expand the menu of policy options. One is cultivating excellent leadership. Cyber SOF commanders must perform what author and former Green Beret Colonel Brian Petit (Ret.) calls Operational Art: understanding what cyber capabilities can accomplish, and thinking innovatively about how these capabilities can contribute to special operation campaigns for strategic effect.[xlvi] Another challenge is talent acquisition, as Cyber SOF will require specialists whose mastery of cyber-craft parallels existing SOF’s mastery of specialized tactics, methods, and equipment in their respective domains. Innovative recruitment and training pipelines will be necessary to attract and prepare these cyber operators. Often, top-notch cyber expertise exists in the private or academic sectors, so CYBERSOC should find ways to engage with tech companies and universities.

Building relationships with other elements of SOCOM and the U.S. military will help CYBERSOC to achieve its full potential. Partnering with CYBERCOM and harnessing its expertise is important, reflecting a cyber domain extension to the SOF truth that most special operations require non-SOF assistance.[xlvii] Additionally, CYBERSOC’s special warfare teams will overlap in function with USASOC’s Civil Affairs and MISO elements. CYBERSOC should develop relationships with the 95th Civil Affairs Brigade and 4th and 8th MISO groups that extend beyond ad-hoc cooperation within TSOCs. Lastly, the creation of Cyber SOF will likely generate enormous cultural friction in SOCOM, as computer whizzes join a community of elite special operators. The gradual thaw of SOF attitudes towards MARSOC offers hope that Cyber SOF could gradually gain acceptance, esteem, and fuller utilization in SOCOM.[xlviii] Ultimately, CYBERSOC will need to prove that its capabilities can make unique and valuable contributions to U.S. special operations practice.

Conclusion

The time for creating Cyber SOF is now. A CYBERSOC within SOCOM will best extend U.S. special operations into the cyber domain – but regardless, the U.S. military needs dedicated and specialized capabilities if it is to capitalize on the emerging cyber dimension of special operations. Cyber SOF are worth the effort and resources their creation will require, because they put a broader, more robust set of options at the disposal of commanders and policymakers. Without Cyber SOF, the U.S. will see its adversaries employ creative cyber-enabled activities to pursue objectives against U.S. interests. With Cyber SOF, the U.S. will be better prepared for the conflicts of the future.

No comments:

Post a Comment