Offensive cyber still in infancy, says Air Force official

snagfilms-a.akamaihd.nethacker-cyberattacker-a074ab8eb51dd4908ca1ce189e586afef0f18aaf.jpg

Within the multi-domain environment the military is moving toward, the barriers between the domains of warfare should be broken and integrated in a seamless fashion. However, according to an Air Force official, offensive cyber operations from the perceptive of organic service capabilities are still nascent outside of Cyber Command and the National Security Agency.

Offensive cyber operations are wholly Cyber Command’s domain right now, Brig. Gen. Kevin Kennedy, director, Cyberspace Operations and Warfighting Integration, said during an AFCEA DC event Feb. 16. “As we look forward the capability doesn’t exist with the services.”

One of the design constructs in the creation of Cyber Command was that it would act as an integrator and coordinator of cyber activities, namely offensive cyber activities, as to properly deconflict operations and prevent individual services from tripping over each other in cyberspace.

Given the joint nature of cyberspace and the fact that cyber warriors and cyber teams are trained to the same standards, the services are coming to grips with the need for an organic capability within their traditional mission sets.

Last year, Kennedy said, the Air Force came to the conclusion that there is an organic capability it needs to retain, not just with the service cyber protection teams, but some organic capability heavily focused right now on defensive cyber operations.

Air Force CIO Lt. Gen. William Bender has described this organic capability revolving around the Air Force’s five core missions — air and space superiority, intelligence, surveillance, and reconnaissance, rapid global mobility, global strike and command and control. This might involve assurance of aerial refueling, assigning crews to planes, ensuring planes take off on time and they deliver their payload or complete their mission, all of which are dependent on cyber-vulnerable systems.

Kennedy noted that within this organic defensive-focused cyber capability, the Air Force is asking what this means for offensive cyber operations in the future and cyber responsiveness to the c ombined forces air component commander.

From the service’s perspective, Kennedy said the discussions surround how the ground, air, sea and marine components can get an integrated process and what kind of offensive capabilities they need to integrate with Cyber Command or if they even need some kind of organic capability. All the services are starting to look at this, he added.

“We are in the level right now of identifying the gaps in our core missions and the requirements to help achieve our core missions in cyber,” Kennedy told C4ISRNET following the event. “And how do we feed those into Cyber Command and how does the service organize, train and equip those capabilities that don’t exist to better empower Cyber Command or in the future, the teams that Cyber Command owns that are Air Force teams, how do we structure that? So that’s a [concept of operations] but that’s well in the future.”

When asked if an Air Force commander might look to employ an offensive cyber capability to get after a specific task or mission, Kennedy emphasized that the offensive authorities rest with Cyber Command, noting that force is employed through the joint force command and combatant commanders. If an air component commander was looking to have a supporting effort from cyber, they would work through the joint cyber center — which exists at each global combatant command — to get that capability, he continued.

If we’re looking to employ an offensive cyber capability it’s through U.S. Cyber Command,” Kennedy said.

Additionally, there is a focus on outfitting the cyber mission force. Just like providing conventional kinetic military forces with weapons, munitions or vehicles, outfitting cyber forces means fielding the unified platform and figuring out how to establish an infrastructure separate from NSA to conduct missions.

The DoD’s Cyber Strategy, released in 2015, listed under its first strategic goal building the unified platform and developing detailed requirements for integrating disparate cyber platforms along with building an interoperable network of cyber capabilities. “This Unified Platform will enable the CMF to conduct full-spectrum cyberspace operations in support of national requirements,” the strategy says.

Lt. Gen. Edward Cardon, the former commander of Army Cyber Command, told Congress in 2015 the unified platform is essentially “ a network of computers, servers, data storage, and analytic capabilities leveraged to maneuver in and out of red space (adversary assets), and an access capability to enter the desired red space … provide[ing] a suite of capabilities to actively defend our network and to project power in and through cyberspace if called upon to do so.” Cardon also noted that despite the joint nature of cyberspace, the vision for such a platform is that the services’ “capabilities can be integrated into a common framework for Joint [command and control] and execution.”

The development of the unified capability is “crucial”, Kennedy said, adding that “the Air Force is partnering with U.S. Cyber Command to develop the analysis of alternatives on that right now and looking to see how we can do that from the infrastructure to outfit the cyber mission forces.”