14 April 2019

Cyber Warfare In The Grey Zone: Wake Up, Washington

By SYDNEY J. FREEDBERG JR.

Chinese military airstrip, built over Fiery Cross Reef in the South China Sea (CSIS image)

WASHINGTON: The entire US government — not just the Pentagon — needs to wake up to the intertwined threats of cyber warfare and political subversion, Army and National Security Agency officials say. It’ll take a major cultural change to get the whole of government to compete effectively in the grey zone between peace and war.

“It’s a mindset thing,” NSA operations director Jon Darby told me. “We need to culturally think that’s a legitimate space to be concerned about from the national security perspective.”

“This is the biggest strategic problem we face,” the Army’s three-star chief futurist, Lt. Gen. Eric Wesley, said at the recent AUSA Globalconference. “What we’re suggesting, is going to require some cultural change.”


It’s deeply rooted in the US “Constitution, policy, law, and culture,” Wesley said, to see war and peace as either/or, with peace the norm and war as the anomaly. (After all the Constitution gives Congress the sole power to “declare War.”) But Russia, China, and other adversaries, he said, see “a continuum of conflict” in which peace is simply war by other means. “They’ve identified our Achilles’ heel,” he said, and learned how to achieve aggressive objectives without moving so blatantly that the US starts shooting.

That’s how Russian special forces, the infamous Little Green Men, took over Crimeawithout a shot. That’s how Russian hackers have attacked Estonia, Georgia, the Ukraine, and America’s own 2016 elections. That’s how China created and fortified artificial island bases in the South China Sea. That’s how Chinese hackers have stolen billions in US trade secrets and may be about to bug 5G networks around the world. And they’re doing all these things without much of an effective US response.

Lt. Gen. Eric Wesley talks to a fellow soldier at the AUSA conference on artificial intelligence.

Americans tend to fixate on the cyber aspects and see these threats as shocking, novel and high-tech. In truth, said Darby, who’s worked at NSA since 1983, our adversaries are just updating an ancient playbook.

“I studied Russia in college. I’m telling you, this is not a new thing,” Darby told a University of Maryland cyber conference last week. “They’ve been doing this for over a hundred years. It’s just the technology: They’re using [new] technology to advance the same approach.”

In China, you can go all the way back to how strategist-sage Sun Tzu put it 2,500 years ago: “To win one hundred victories in one hundred battles is not the acme of skill: To subdue the enemy without fighting is the acme of skill.”

Gen. Joseph Dunford

Dunford: Getting The Pentagon Together

No less a figure than the Chairman of the Joint Chiefs of Staff, Gen. Joseph Dunford, has been quietly struggling to improve the US response in the grey zone.

Russia, China, and Iran combine “economic coercion, political influence, unconventional warfare information ops, cyber ops to advance their interests and they do it in a way that they know we don’t have an effective response,” Dunford said in 2016. “They, unlike us, are able to integrate the full range of capabilities their states possess to advance their interests.”

Graphic courtesy Sen. Dan Sullivan

“Our traditional approach where we are either at peace or at war is insufficient to deal with that dynamic,” Dunford said.

Dunford pushed the Pentagon to beef up its staff for handling transnational threatsthat blur traditional regional boundaries— say, when Russia operates beyond of European Command or China outside the Pacific — and to stop treating peacetime operations as a Phase Zero whose only purpose was to prepare for open war. The Pentagon even transferred some of its funding to the State Department in an effort to strengthen the civilian side of the “whole of government” response after years of cuts.

More recently, the US Army has taken on the problem. The service originally focused its concept for future warfare, then called Multi-Domain Battle, on better coordinating land, sea, air, space, and cyberspace in combat. But as the Army studied the problem, it broadened the concept to Multi-Domain Operations to reflect its increasing focus on competition in the grey zone — the things you do before, or ideally instead of, open war.

Gen. Mark Milley

The Army’s intellectual pointman is Lt. Gen. Wesley, head of the Futures & Concepts Center (formerly ARCIC) at Army Futures Command. But his ultimate boss, and multi-domain ops’ biggest backer, is the Army Chief of Staff, Gen. Mark Milley — who is President Trump’s pick to replace Dunford as Joint Chiefs chairman.

The role of the Joint Chiefs is critical because the Army can’t — and probably shouldn’t — bring all the other services into line on its own, although it is working closely on multi-domain concepts with the Air Force.

“Probably the most pressing challenge we have right now, going forward, is the need for a joint concept,” Wesley said at the AUSA conference. “To some degree, our laws are such that we haven’t necessarily empowered the chairman to drive a joint concept.” The new approach, Wesley said, may require new legal authorities.

Jeffrey Culver, director of the State Department’s Diplomatic Security Service, flies over Baghdad in 2011.

Beyond The Pentagon: The Interagency

NSA ops director Darby declined even to discuss legal authorities, preferring to focus on the fundamental shift in mindset that must come first.

“There’s a role for all parts of government to operate in that space. We need to recognize that’s a space of competition,” he told me. “In terms of authorities, I’m not prepared to answer that at this point. What I can tell you is, we’re constantly looking at how we can be more effective.”

Grant Schneider

Getting the whole of government onboard — at least for the cyber warfare side of the problem — “really was a driving factor for the National Cyber Strategy” published last year, said Grant Schneider, senior director of cybersecurity policy on the National Security Council. The Departments of Defense, Homeland Security, and Justice, plus the intelligence community, “you name it in the government,” they all contributed, he said at the UMD conference. And publication was just the beginning: Recently, he said, “I spent two hours with about 40 people in a room… walking through literally a couple of hundred implementation items.”

It’s an imperfect process, Schneider acknowledged, reliant on consensus, cajoling, and herding of cats. He compared coordinating the interagency process to getting his 16-year-old to cooperate: “It’s more influence than control, absolutely,” he told me .

That’s a stark contrast to the level of coordination available to ruthless dictators. “I think it’s safe to say to say nothing happens, the Russian government doesn’t do anything of significance, without Putin’s awareness and okay,” Darby told me.

But we probably don’t want to defeat authoritarians by becoming them — and we don’t need to. The Russians are skilled, he said, but “they’re not superhuman…. They don’t necessarily have all the answers.”

So, I asked, does that mean they have weaknesses the US can exploit? The NSA ops director politely declined to discuss details.

No comments: