The U.S. Army and the Future of U.S. Cyberwarfare

U.S. Army Rangers from 3rd Battalion, 75th Ranger Regiment, set up a mobile tactical operations center during a multilateral airborne operation at Tyndall Air Force Base, Florida, March 3, 2014.

Source: U.S. Army photo by Staff Sgt. Teddy Wade (Released)

The views expressed in this article are those of the author’s and do not necessarily reflect the official policy or position of the United States Department of the Army, Department of Defense, or Government.

Written by Paul Lushenko

Edited by Denny Singh

Introduction

In 2015, the U.S. Department of Defense (DOD) published its first cyber strategy. Adopted four years after DOD declared cyberspace as an operational domain, this strategy represented a milestone in America’s recognition of the U.S. military’s dependence on digital networks for its expeditionary operations across the globe. In 2018, DOD released an updated cyber strategy to better posture the U.S. military to compete within an increasingly contested cyberspace environment. The revised strategy further coordinated policy and resources to strengthen the U.S. military’s ability to execute timely and effective cyber operations; defend U.S. critical infrastructure from malicious cyber activities; secure the U.S. military’s digital networks, which serves seven million users; and expand the U.S. military’s cooperation with other agencies and departments, industry partners, and allies. To help achieve these objectives, the strategy included a “defend forward” approach that requires the U.S. military “to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict.”^[1] The activities of America’s near-peer competitors in cyberspace, particularly China and Russia, compels the U.S. military to conduct operations in this gray zone between peace and war. Indeed, General Paul Nakasone, “dual-hatted” as the commander of both the U.S. Cyber Command (USCYBERCOM) and National Security Agency (NSA), recently acknowledged that the U.S. is in “daily competition” with these and other states.^[2]

Since 2015, Congress has broadened its oversight of the military’s expanding cyber capabilities, which is reflected by increasingly prescriptive legislation, including the 2020 National Defense Authorization Act. This law now requires Congressional notice within fifteen days following the President’s delegation of authority to the Secretary of Defense to conduct a cyber operation that could risk wider escalation into general hostilities with a targeted adversary.^[3] Independent audits of USCYBERCOM by the Government Accountability Office also demonstrate heightened scrutiny of America’s ability to wage cyber warfare that has been compounded by China and Russia’s intrusions of U.S. networks. Chinese hackers are suspected of having exploited a vulnerability in the SolarWinds Orion network monitoring software to breach the cyber defenses of U.S. agencies and departments last year, including the National Finance Center and Department of Agriculture. Beyond their meddling in the 2016 presidential election, U.S. officials also recently confirmed that Russia’s Foreign Intelligence Service – likely through what is now referred to as the “Cozy Bear” hacker group – breached the networks of the Departments of Defense, Homeland Security, and State in early December 2020.^[4]

Despite greater oversight and accountability of the military’s ability to maneuver in cyberspace, there is surprisingly little understanding among security analysts of how U.S. defense leaders have operationalized cyberwarfare. While other experts have attempted to fill this gap, their analyses have largely investigated policies, authorities, and decision-making within USCYBERCOM’s headquarters without conveying important contributions made by the individual services.^[5] It can be argued, for example, that U.S. Army Cyber Command (ARCYBER) constitutes the backbone of America’s Cyber Mission Force. While this force draws on personnel, resources, and capability from all the services, such as the 16th Air Force, ARCYBER provides access to adversarial networks across the continuum of competition and conflict that is decisive to America’s positional advantage in cyberspace. While USCYBERCOM’s increasingly assertive “defend forward” approach presupposes a misattributed infrastructure and software tools to exploit network vulnerabilities, it is dependent on access that typically only ground combat forces can provide, especially during active hostilities, to an adversary’s physical and logical networks. The importance of close access operations was a key lesson from Joint Task Force ARES’, which destroyed the Islamic State’s media operations in November 2016 during Operation Glowing Symphony.^[6] Army cyber soldiers were again deployed to Europe in 2018 to “hunt and attack” malign cyber actors attempting to disrupt America’s democratic processes. According to Nakasone, “an Army team … was able to get on the net and provide effects in support of the defense of our midterm elections.”^[7] Army cyber soldiers deployed once more to Europe in 2020 to help safeguard the presidential election.^[8]

These and other examples pose a critical question to understanding the scope and scale of America’s cyberspace capabilities. In what ways has ARCYBER contributed to the development of U.S. cyberwarfare? Although cyber forces existed informally within the Army before 2010, this year was a critical juncture for Army senior leaders as they formally established ARCYBER. Since then, ARCYBER has developed entirely new organizations across all – tactical, operational, and strategic – echelons. It has also developed new training and doctrine, as well as accelerated the acquisition of next-generation enabling technologies, some of which I have participated in developing, testing, and fielding. This progress, however, has been offset by unrealistic accessions and recruitment goals, training shortfalls, and ambitious capabilities development and testing timelines. While ARCYBER continues to make important organizational, training, and equipping gains, these advancements have sometimes outmatched the organization’s ability to fully realize cyberwarfare goals that are integral to America’s ability to deter and respond to provocations in cyberspace in concert with other services and combat support agencies.

Organization, Training, and Equipping Initiatives

Since 2010, ARCYBER has made sweeping organizational, training, and equipping changes that are integral to deter and impose costs on U.S. adversaries in cyberspace.

First, ARCYBER has established new organizations within both the generating and operating forces to train soldiers, deploy them, and enable cyber operations in peace, competition, and conflict. On the one hand, ARCYBER recently consolidated its command and staff sections at a new facility in Fort Gordan, Georgia to better coordinate and synchronize doctrine development, training, and operations. Previously, ARCYBER had been scattered across 11 installations within the U.S. The move co-locates the ARCYBER headquarters with the Army Cyber Center of Excellence, which is responsible for training new soldiers, as well as the NSA’s facility, which allows ARCYBER to conduct defensive and offensive cyber operations in support of USCYBERCOM.^[9]

On the other hand, ARCYBER has established new organizations that enhance its responsiveness to collection requirements and operational taskings imposed by USCYBERCOM. Tactically, the Army Cyber Center of Excellence started graduating Electronic Warfare Platoon Leaders last year that will lead companies designed to apply cyber effects in support of battalions and brigades confronting adversaries prior to and during hostilities.^[10] Operationally, ARCYBER activated the 780th Military Intelligence Brigade in 2011 to benchmark its contribution of cyber effects across the Army and joint force.^[11] Similarly, ARCYBER activated a new battalion in 2018, the 915th Cyber Warfare Battalion, to deploy Expeditionary Cyber Teams to enable cyber planning and operations at the brigade, division, corps, and combatant command levels. Strategically, ARCYBER is contributing planners and commanders to the Army’s new Multi-Domain Task Force that is chartered to penetrate the “anti-access/area-denial” defenses of near-peer competitors in Asia and Europe.^[12]

Second, ARCYBER has developed new training and doctrine to better enable USCYBERCOM’s “defend forward” approach. In terms of doctrine, ARCYBER has proposed “command-centric network operations.” This is designed to better streamline resources and authorities within a single operational commander. This emerging approach is important because it meets a Cyberspace Solarium Commission recommendation to consolidate existing but fragmented U.S. Code Title 10 authorities in support of cyber operations that constitute a traditional military activity as defined by Section 1632 of the 2019 National Defense Authorization Act.^[13] As far as training is concerned, ARCYBER shepherded the development of a new cyber branch in 2014 that Army leaders expect to adopt a warfighting culture similar to the infantry and other combat branches. Additionally, ARCYBER sponsors the Army Cyber Institute at West Point, New York that was established in 2012 to “develop intellectual capital and impactful partnerships that enable the nation to outmaneuver our adversaries in cyberspace.”^[14] In addition to training cadets that attend the United States Military Academy, the institute also publishes the Cyber Defense Review that constitutes a key nexus point between training and doctrine development given that it addresses thorny legal, moral, ethical, and operational topics germane to USCYBERCOM’s expanding use of cyberwarfare.^[15]

These organizations and training and doctrinal advancements further support the Cyber Mission Force, of which ARCYBER provides 41 of the 133 Cyber Mission Teams drawn from across all services.^[16] They are undergirded by ARCYBER’s aggressive acquisition of next-generation capabilities, which is a third key advancement. Tactically and in concert with the Army’s Senior Intelligence Officer at the Pentagon, ARCYBER has sponsored the development of the Terrestrial Layer System. This is the Army’s first integrated Cyber, Electronic Warfare, and Signals Intelligence (SIGINT) capability, mounted on a wheeled combat vehicle called a Stryker, that is designed to conduct cyber operations in support of primarily brigades.^[17] The system has three options to detect and respond to an adversary’s digital communications: “keep listening and try to decrypt it (SIGINT), try to connect to the enemy wireless network and hack into it (cyber), or transmit a jamming signal to disrupt the enemy’s communications (electronic warfare).”^[18]

At the operational and strategic levels, which roughly correspond to the division and Army component of combatant commands such as Central Command that manages operations in the Middle East, ARCYBER has sponsored an enhanced version of the Terrestrial Layer System that can apply effects at greater ranges. It has also developed the Multi-Function Electronic Warfare Air Large. The Multi-Function Electronic Warfare Air Large is the Army’s first airborne electronic warfare jamming capability that is retrofitted on a General Atomics MQ-1C Gray Eagle (unmanned aerial vehicle or drone) and designed to enable the Multi-Domain Task Force in Asia and Europe.^[19]

Key Challenges

Notwithstanding these contributions, which are decisive to America’s “defend forward” approach to cyberwarfare, challenges remain. Organizationally, a recent Government Accountability Office report found that the pace of emerging units has outstripped ARCYBER’s ability to fully staff them with trained personnel, creating operational risks for both the Army and joint force. The 915th Cyber Warfare Battalion was staffed at only 20 percent in 2019, and the rigorous training of its two Expeditionary Cyber Teams suggests that the organization is likely still understaffed. More problematic, the report found that “the Army did not assess the staffing, equipping, and training risks before activating one unit [the 915th], and only conducted an initial risk assessment before activating a second unit,” which represents its contribution to the Multi-Domain Task Force.^[20] Finally, the degree to which ARCYBER has operationalized the intent for its soldiers and officers to integrate cyber with other maneuver operations, such as surveillance and reconnaissance, is unclear. To further enable the integration of cyber with other maneuver operations, Army senior leaders recently authorized the development of more specialized cyber organizations within the Army’s Special Operations Forces. The Army’s premier light infantry force, the 75th Ranger Regiment, recently built a new Military Intelligence Battalion with a cyber company to help build a doctrinal template to integrate cyber operations into large-scale combat operations against near-peer competitors.^[21]

A cryptologic linguist from the Cyber Electromagnetic Activities Company assigned to the 75th Ranger Regiment Military Intelligence Battalion analyzes the electromagnetic spectrum during a multilateral training exercise. (Courtesy of the U.S. Army)

A cryptologic linguist from the Cyber Electromagnetic Activities Company assigned to the 75th Ranger Regiment Military Intelligence Battalion analyzes the electromagnetic spectrum during a multilateral training exercise. (Courtesy of the U.S. Army)

Similarly, ARCYBER continues to determine how it can better recruit and train soldiers given the steep competition for their skillsets among service-based industries and commanders’ demand for their talents on the battlefield. Sergeant Major Samuel Crislip, who serves as the Senior Enlisted Advisor for the Army Cyber Institute, argued that ARCYBER is struggling to recruit men and women to serve in the Army’s new cyber branch because of antiquated and impersonal recruiting techniques that fail to capture their imaginations. Rather than brick and mortar recruiting centers, Crislip recommended ARCYBER to use social media and role-playing opportunities like an online version of the backyard game “capture-the-flag.” In this variant, a player finds more hidden messages in digital files than others to win.^[22] Although ARCYBER has recruited more than 330 cyber officers since 2015 and plans to train 200 a year at the Army Cyber Center of Excellence, Nakasone recently informed Congress that more are needed to keep pace with emerging threats in cyberspace that China and Russia’s recent actions seem to justify.^[23]

Assuming Congress authorizes more personnel, and ARCYBER can maintain its breakneck pace of training, the quality of training is an open question. The Government Accountability Office found that ARCYBER’s training of new soldiers has lagged behind organizational, doctrinal, and equipping initiatives. In particular, ARCYBER does “not have the time frames for required validation of foundational courses to CYBERCOM standards.”^[24] Whereas ARCYBER’s new “command-centric network operations” approach is designed to resolve the challenges of drawing on authorities, expertise, and capabilities across multiple agencies and departments, this will not make a difference without a trained and ready force to operationalize the doctrine. In recognition of this vulnerability, ARCYBER has developed and is iteratively updating the “Persistent Cyber Training Environment.” This is a virtual platform to train and certify cyber soldiers against clear standards that will prepare them to deploy in support of Army and USCYBERCOM requirements.^[25] To further train and validate cyber soldiers in support of the Cyber Mission Force, ARCYBER is also integrating its expeditionary formations into the combat training of infantry units at large-scale training centers.^[26]

Such tensions between organization, recruitment, training, and doctrine developments are further compounded by the delayed development, testing, procurement, and fielding of next-generation cyber technologies including the Terrestrial Layer System and Multi-Function Electronic Warfare Air Large. Others have reported on the challenges of operationalizing both platforms in contested environments characterized by poor connectivity to data servers and the lack of reporting standards across multiple classified and unclassified networks. Less understood is the laborious acquisition process that has caused delays in outfitting the myriad organizations that ARCYBER is developing. The Government Accountability Office notes that ARCYBER did not adequately assess the risk of activating units at a rapid pace and now confronts an equipping challenge. Aside from understaffing, many units are activated without equipment to train and deploy soldiers. This desynchronization threatens operational readiness. Consequently, ARCYBER’s planners have adopted a workaround solution that consists of something called “prototype” equipment that mimics the intended capability.^[27] Given the potential drawbacks of this interim solution, it may be the case that equipping challenges represent the critical limiting factor for ARCYBER’s ability to conduct a broader set of cyber missions on behalf of USCYBERCOM.

Recommendations

Since 2010, ARCYBER has made tremendous progress in building a cyber capability to enable U.S. operations in cyberspace. It had no other choice. There are no existing measures of performance and effectiveness to guide a military’s adoption of a cyber warfare profile. Despite or because ARCYBER arguably benchmark’s USCYBERCOM’s “defend forward” approach, especially given that Army cyber soldiers provide critical access to competitors’ networks prior to, in the ramp-up toward, and during conflict in non-permissive environments, it confronts several organization, training, and equipping challenges. To help resolve these, ARCYBER should consider three recommendations.

First, ARCYBER must prioritize the development of units, whether the 915th Cyber Warfare Battalion or Multi-Domain Task Force, that best enable the Army and joint force to maintain overmatch of near-peer threats in Asia and Europe. Second, ARCYBER should also align the development of the Terrestrial Layer System, Multi-Function Electronic Warfare Air Large, and other capabilities against these priority units. While the same goes for personnel, the added challenges here are recruitment and training. Therefore, in terms of the third recommendation, ARCYBER should adopt the more personal recruiting approach suggested by Crislip. Beyond this, ARCYBER should tap into Reserve Officers’ Training Corps programs and veterans’ organizations at America’s top universities and colleges to better compete for talent. For instance, the Cornell University Undergraduate Veterans Association can serve as a bridge for ARCYBER to explain its mission and career opportunities to students at Cornell.^[28] This will capitalize on their research at the Ann S. Bowers College of Computer and Information Science to support America’s security and prosperity. Further, ARCYBER should take advantage of the Army’s expanding partnerships with academic institutions to inspire and prepare the next generation of cyber soldiers and officers. Better advertising scholarships available to offset the rising tuition costs for undergraduate students committed to joining the Army following graduation is a good starting place. Chief among these scholarships are the Cyber Corps Scholarship for Service Program, DOD Cyber Scholarship Program, and Science, Mathematics, and Research for Transformation Program.

Paul Lushenko is a U.S. Army Major and Ph.D. student in International Relations at Cornell University, where he serves as a General Andrew Jackson Goodpaster Scholar. He is also a Council on Foreign Relations Term Member and co-editor of Drones and Global Order: The implications of remote warfare for international society (forthcoming). He would like to thank Amelia Arsenault, Dr. Erica Borghard, Dr. Shawn Lonergan for their helpful comments on an earlier draft of this article.

1. . U.S. Department of Defense, “Summary: Department of Defense Cyber Strategy 2018,” September 18, 2018, https://media.defense.gov/2018/Sep/18/2002041658/-1/-1/1/CYBER_STRATEG Y_SUMMARY_FINAL.PDF. ↑
2. . Quoted in Yasmin Tadjdeh, “Algorithmic Warfare: Army Consolidating Cyber Operations Forces,” August 25, 2020, https://www.nationaldefensemagazine.org/articles/ 2020/8/25/army-consolidating-cyber-operations-forces. ↑
3. . Robert Chesney, “The Domestic Legal Framework for US Military Cyber Operations,” Hoover Institute Aegis Series Paper No. 2003, July 29, 2020, https://www.hoover.org/rese arch/domestic-legal-framework-us-military-cyber-operations. ↑
4. . David Sanger, “Russian Hackers Broke Into Federal Agencies, U.S. Officials Suspect,” The New York Times, December 12, 2020, https://www.nytimes.com/2020/12/13/us/politics/russian-hackers-us-government-treasur y-commerce.html. ↑
5. . Erica D. Borghard and Shawn W. Lonergan, “To Defense Forward, the U.S. Must Strengthen the Cyber Mission Force,” Lawfare, March 13, 2020, https://www.lawfareblog. com/defend-forward-us-must-strengthen-cyber-mission-force. ↑
6. . Garrett M. Graff, “The Man Who Speaks Softly-and Commands a Big Cyber Army,” Wired, October 13, 2020, https://www.wired.com/story/general-paul-nakasone-cyber-co mmand-nsa/. ↑
7. . Gary Sherftick, “Cyber teams deploying to safeguard national security,” U.S. Army, September 19, 2019, https://www.army.mil/article/227274/cyber_teams_deploying_to_s afeguard_national_security. ↑
8. . Julian Barnes, “U.S. Cyber Command Expands Operations to Hunt Hackers From Russia, Iran and China,” The New York Times, November 2, 2020, https://www.nytimes.com/2020/11/02/us/politics/cyber-command-hackers-russia.html. ↑
9. . Tadjdeh, “Algorithmic Warfare: Army Consolidating Cyber Operations Forces.” ↑
10. . Kimberly Underwood, “The Army Evolves Its Formations for Cyber and Electronic Warfare,” Signal Magazine, October 21, 2020, https://www.afcea.org/content/army-evol ves-its-formations-cyber-and-electronic-warfare. ↑
11. . “780th Military Intelligence Brigade,” https://www.inscom.army.mil/MSC/780MIB/ind ex.html. ↑
12. . Kyle Rempfer, “New Army cyber warfare unit seriously undermanned, GAO says,” Army Times, August 16, 2019, https://www.armytimes.com/news/your-army/2019/08/16/ new-army-cyber-warfare-units-seriously-undermanned-gao-says/. ↑
13. . Tadjdeh, “Algorithmic Warfare: Army Consolidating Cyber Operations Forces”; Borghard and Lonergan, “To Defense Forward, the U.S. Must Strengthen the Cyber Mission Force.” ↑
14. . “Army Cyber Institute,” https://cyber.army.mil/. ↑
15. . “The Cyber Defense Review,” https://cyberdefensereview.army.mil/. ↑
16. . “Fact Sheet: U.S. Army Cyber Command,” U.S Army Cyber Command, February 7, 2020, https://www.arcyber.army.mil/Portals/34/Fact%20Sheets/ARCYBER%20fact %20sheet%20-%20Cyber%20Mission%20Force%20(7Feb2020).pdf?ver=2020-02-10-121111-443. ↑
17. . Paul Lushenko and Nick Bono, “Modernizing Army Intelligence For Multidomain Operations,” Army Magazine 69, no. 11 (November, 2019): 30-34. ↑
18. . Sydney J. Freedberg Jr., “Boeing & Lockheed Vie for Cyber/EW/SIGINT System, TLS,” Breaking Defense, August 17, 2020, https://breakingdefense.com/2020/08/boeing-lockheed-vie-for-revolutionary-ew-sigint-system-tls/; Mark Pomerleau, “Army shares details on new electronic warfare units,” C4ISRNET, December 31, 2020, https://www.c4isrnet.com/electronic-warfare/2021/01/01/army-shares-details-on-new-ele ctronic-warfare-units/. ↑
19. . Pomerleau, “Army shares details on new electronic warfare units.” ↑
20. . “Army Is Preparing for Cyber and Electronic Warfare Threats, but Needs to Fully Assess the Staffing, Equipping, and Training of New Organizations,” United States Government Accountability Office, August 2019, https://www.gao.gov/assets/710/700940 .pdf. ↑
21. . Paul Lushenko, “The 75th Ranger Regiment Military Intelligence Battalion: Modernizing for Multi-Domain Battle,” Military Review 98, no. 4 (July-August, 2018): 6-18. ↑
22. . Samuel Crislip, “Capturing the Flags and Recruiting Future Cyber Soldiers,” War on the Rocks, August 28, 2020, https://warontherocks.com/2020/08/capturing-flags-and-recruiting-future-cyber-soldiers/. ↑
23. . Lauren C. Williams, “GAO: Cyber Mission Force teams need more training,” FCW, March 7, 2019, “https://fcw.com/articles/2019/03/07/cyber-command-training-gao.aspx”; Sherftick, “Cyber teams deploying to safeguard national security.” ↑
24. . Williams, “GAO: Cyber Mission Force teams need more training”; “Army Is Preparing for Cyber and Electronic Warfare Threats, but Needs to Fully Assess the Staffing, Equipping, and Training of New Organizations.” ↑
25. . Mark Pomerleau, “What happened at the military’s biggest cyber exercise to date,” Fifth Domain, July 24, 2019, https://www.fifthdomain.com/dod/2019/07/24/what-happened-at-the-militarys-biggest-cyber-training-exercise-to-date/. ↑
26. . “The Army’s Only Cyber Warfare Battalion Confirms Training Program,” U.S. Army Cyber Command, October 21, 2020, https://www.doncio.navy.mil/chips/ArticleDetails.as px?ID=14009. ↑
27. . Pomerleau, “Army shares details on new electronic warfare units”; Kyle Rempfer, “New Army cyber warfare unit seriously undermanned, GAO says;” “Army Is Preparing for Cyber and Electronic Warfare Threats, but Needs to Fully Assess the Staffing, Equipping, and Training of New Organizations.” ↑
28. . “Veterans at Cornell,” https://admissions.cornell.edu/learn/veterans-cornell. ↑

Paul Lushenko

Major Paul Andrew Lushenko is an Intelligence Officer in the U.S. Army, Council on Foreign Relations Term Member, PhD Student at Cornell University, and adjunct research lecturer for the Australian Graduate School of Policing and Security located at Charles Sturt University in Canberra, Australia. He is also the co-editor of a forthcoming book with Routledge entitled, Drones and Global Order: The implications of remote warfare on international society.

View all posts