Military still working out ‘effectiveness’ of cyber tools Despite being declared a domain of warfare six years ago, there are still growing pains and concepts of operation to be worked through in cyberspace — one being the effectiveness of employing a non-kinetic tool — such as cyber or electronic warfare — versus a kinetic weapon. “When a 2,000-pound bomb lands on your command post, you know,” Brig. Gen. Dennis Crall, chief information officer and director of C4 for the Marines Corps, said Feb. 22 at the AFCEA West conference in San Diego. These kinetic tools and weapons are normally verifiable in their effects, whereas its more difficult to pinpoint the effectiveness of a cyber operation that blocks or redirects, such as an influence or deception operation, he said. Under the guise of the evolving and shifting nature of information warfare or information operations, Crall said these associated tools and effects can undergo all the planning in the world, but at the end of the day, it’s going to be about “measure of performance and measure of effectiveness.” “If you haven’t built that into the front end, you’ll have no way to make a determination of what you’ve done,” he said. “We owe it to those who pass the laws and who hold us accountable that we have [a] good system in place and we are patient to see those results.” The effects of kinetic weapons such as missiles and bombs are well-determined today, down to the blast radius. This is still difficult to assess in cyberspace. If “you’re going out for an impact, you’re going to do something — what is the effect?” Vice Adm. Marshall Lytle, director of C4/cyber and CIO on the Joint Staff, asked rhetorically about cyber operations at the same panel. “Sure you’re going for a first-order effect, but there are second-, third- and fourth-order effects depending on how you execute that cyberspace operation,” he said. He added that commanders and planners must also begin to wrap in other agencies and countries that might be involved or effected in the operation, and then work through any conflicts. “We’re trying to develop that to be more agile in cyberspace,” he said, conceding the military currently does not have all the right authorities and processes to operate in cyberspace. “Typically, we fight in declared hostility areas that are geographically defined. Within that come certain authorities, and those are managed very tightly in the U.S. government,” Vice Adm. Michael Gilday, commander of Fleet Cyber Command/10th Fleet, said a day earlier at the same conference. “I think we need to be really cautious about tipping too much in the offensive side in those areas. It needs to be well thought out in terms of the second- and third-order effects for those activities — not just as a military but as a country.” Crall sang a similar tune, telling conference attendees that the rules for cyberspace don’t exactly fit with the traditional areas of hostilities. Cyber is a solid test case to show how capabilities differ, he said, adding that when a mission is authorized, cyber is not always a good fit; in some cases, his team hamstrings abilities. The rules must change for the military to get after some of these problem, he said.