Each of the services, in one way or another, has been developing forces and capabilities to conduct tactically focused, on-the-ground cyber and electronic warfare effects, known as radio frequency-enabled cyber.

Increasingly, there are targets that either aren’t reachable through traditional IP-based networks or remote access might not be possible, which is primarily what Cyber Command does. As the Department of Defense has matured its cyber policies, doctrine and capabilities, the reins have begun to loosen on authorities allowing these on-the-ground forces more latitude, mostly through the electromagnetic spectrum, to perform these actions. Certain factions have sought to use more proximal effects conducted through radio frequency, which require fewer levels of approval to conduct operations at the very tactical level.

Those RF-enabled capabilities, as has been envisioned for some time, could provide the proximal access to the remote operators at Cybercom and be passed off to them.

The command’s new acquisition executive, Khoi Nguyen – who’s been on the job for eight months – has begun thinking more and more about how to leverage these tactical capabilities. He most recently came from the Marine Corps, which has been developing capabilities and concepts for tactical forces that, in some cases, could be the proximal access for Cybercom some have envisioned.

“We’re looking, from a thinking perspective, if every RF sensor is a potential platform for us to deliver cyber effects through? Then from a Cyber Command perspective, how do we ensure that or how do we assist that,” Nguyen, who is also the director of the cyber acquisition and technology directorate (J9) at Cybercom, said during remarks at the AFCEA Northern Virginia chapter’s annual Army IT Day conference Jan. 11. “We’re working closely with both the Army and the Marine Corps and understanding what the way ahead from an RF-enabled cyber prospective or EW implementation and that ensuring that whatever they’re implementing, we can leverage.”

Nguyen confessed that he’s not quite sure how to fully enable this yet, acknowledging this is all very nascent from a Cybercom perspective.

“It’s going to be a balance where I think we need to be able to operate the platform forward with operators in the rear and then some set of cyber operators either trained by us [Cybercom] or certified by us that are assigned to the Army and in the Marine Corps that are forward and then are able to deliver bullets or payloads that we have certified as allowed to be delivered. But that’s a really nascent piece and we really need to work that out,” he noted.

DOD’s updated cyber doctrine, published in December 2022, recognized so-called expeditionary cyber operations for the first time. These are cyber operations that require the deployment of cyber forces within physical spaces.

However, officials in the past have discussed that there is still a potential authorities issue that must be worked through between tactical forces and those from Cybercom.

In a pre-hearing questionnaire for his confirmation to lead Cybercom, Lt. Gen. Timothy Haugh pledged to work closely with the services as they’re building out so-called tactical or expeditionary cyber forces. The Senate approved Haugh as commander in December, but it is unclear when he will officially take over the command.  

Nguyen outlined a potential vision or architecture for how Cybercom could take advantage of the placement and access of forces in the field.

“An area that I’m thinking that we should do as Cyber Command is maybe do the cyber effects against specific targets or against exquisite targets, leveraging off funding and leveraging authority to get the target device and then doing the onboard analysis and everything else and then delivering the effect or delivering data payloads,” he said. “Then ensuring that it can be hosted within an Army device or a Marine Corps RF device and this way, now, I don’t have to add Cybercom’s equipment to the services, but rather, leverage existing service RF-enabled devices and throw our effects through it. Then, of course, there’s also the local operations, where do we need to have cyber operators forward or can we reach back through to where we are at and conduct it from Cyber Command back here and so on.”

This is the type of work they’ve been looking at with the services, Nguyen said, assisting with their equipment and what they need to do the mission and possibly pass off access.

Nguyen said Cybercom is looking to take advantage of open architecture capabilities the Army and Marine Corps have adopted. This includes the Command, Control, Communications, Computers, Cyber, Intelligence, Surveillance, Reconnaissance (C5ISR)/Electronic Warfare Modular Open Suite of Standards, or CMOSS. CMOSS allows for capabilities to be inserted, updated and swapped on hardware platforms — harnessing the modern abilities of software.

“The Army is doing that, Marine Corps [Marine Air Ground Task Force Electronic Warfare Ground Family of Systems] is doing that, Cyber Command we’re going to go with that way too, just from an awareness way ahead. Cyber Command, we’re way, way nascent on this all,” he said. “I just want to communicate that we are supporting CMOSS, that both the Army and the Marine Corps are using.”

The post US Cyber Command looking at how to utilize tactical on-the-ground systems appeared first on DefenseScoop.

“Expeditionary cyber forces have already demonstrated potential to extend the reach of cyber enabling activities and close the gaps that limit cyber forces’ ability to access important tactical targets in forward locations,” Lt. Gen. Timothy Haugh wrote to senators in a questionnaire as part of his nomination process.

For the first time, the Department of Defense recognized and defined cyber operations conducted in physical or tactical spaces, called expeditionary cyber operations, in formal doctrine as an update to its cyberspace doctrine in December 2022.

That recognition was significant given authorities to conduct cyber operations were held at the highest levels of government for many years due to fears that operations could have unintended consequences or spread into networks beyond the intended target.

Cybercom owns the offensive cyber capabilities within DOD, and the services conduct offensive cyber ops through Cybercom and the cyber mission forces that each service provides to the command from remote locations, mostly focused on IP-based networks.

However, increasingly, there are targets that either aren’t reachable through IP networks or remote access might not be possible. And as DOD has matured its cyber policies, doctrine and capabilities, the reins have begun to loosen up.

Certain factions have sought to use more proximal effects conducted through radio-frequency, which require fewer levels of approval to conduct operations at the very tactical level.  

Several of the services have begun investing in capabilities and forces for their own offensive cyber. However, that is mostly in the blended electronic warfare or radio frequency-enabled sphere at the tactical level.

While individual services have begun developing and even deploying such forces, all cyber ops must still be connected through Cybercom.

“If confirmed, I will work with the Services to ensure any tactical forces will meet USCYBERCOM training standards, follow Department deconfliction policies, and when leveraging USCYBERCOM authorities, ensure interoperability with Joint Cyber Warfighting Architecture,” Haugh wrote.

The Joint Cyber Warfighting Architecture was designed in 2019 to get a better handle on the capabilities, platforms and programs Cybercom was designing and set priorities for the Department of Defense as well as industry partners that would be building them. They include systems for collecting data, conducting offensive cyber operations, and commanding and controlling cyber forces, among others.

With the advent of these more proximal or tactical forces being built, it is understood that they could provide access to networks for higher-end cyber operators in Cybercom through their close proximity to harder targets as opposed to accessing them fully remotely.

Haugh noted that if confirmed, he’ll work with the services as well as the geographic combatant commands as the department continues to satisfy a provision in last year’s annual defense policy bill to develop integrated non-kinetic forces and capabilities.

That provision directed the Pentagon to develop a strategy for converged cyber and electronic warfare conducted by deployed military and intelligence assets, specifically for service-retained assets, which refers to non-Cybercom elements.

The issues Haugh plans to examine include training, standards, interoperability, and authorities to implement the requirements under the provision.

Haugh wrote to senators that the military must continue to seek new capabilities to exploit adversary systems.

“In my opinion, developing new and novel capabilities and approaches to deliver non-kinetic effects will benefit the Combatant Commands and the Services,” he wrote. “The unique value of the cyber domain is that it crosses, supports, and enhances every warfighting domain by ensuring the secure operation of the Department’s decision-making systems, disrupting malicious cyber actors’ capabilities and ecosystems before they can threaten our networks and platforms, and, when called upon, deliver non-kinetic effects to enable Joint Force Commanders to achieve early initiative during contingencies.”

From a defensive standpoint, he recognized these same threats to U.S. systems, vowing to improve defenses.

“The nature of modern network-centric warfighting is such that nearly every piece of electronic equipment represents a potential cyber-attack surface, to include tactical military systems,” he said. “USCYBERCOM capabilities are always evolving to take advantage of cutting-edge technology, research, and development. Just as we continually improve our own defenses against novel cyber threats, so do our adversaries; if confirmed, it is my intent for the Command to seek new and innovative means, methods, and doctrine to achieve our mission and provide a comprehensive suite of non-kinetic effects when called upon to do so.”

It is unclear when Haugh will be confirmed due to the blanket hold on senior military nominations placed by Sen. Tommy Tuberville, R-Ala., to protest DOD’s abortion policy.

The post Cybercom nominee plans to work with services on ‘expeditionary’ cyber forces appeared first on DefenseScoop.

A revised version of Joint Publication 3-12 Cyberspace Operations — published in December 2022 and while unclassified, is only available to those with DoD common access cards, according to a Joint Staff spokesperson — officially provides a definition for “expeditionary cyberspace operations,” which are “[c]yberspace operations that require the deployment of cyberspace forces within the physical domains.”

DefenseScoop has seen a copy of the updated publication.

The last version was published in 2018 and was publicly available. The Joint Staff spokesman noted that five years has been the norm for updates.

The definition, recognition and discussion of such operations are indicative of not only the maturity of cyberspace and associated operations, but the need for more tactical capabilities to get at targets that the current cyber force might not be able to access.

U.S. Cyber Command owns the offensive cyber capabilities within DOD, and the services conduct offensive cyber ops through Cybercom and the cyber mission forces that each service provides to the command. Authorities to launch cyber effects have traditionally been held at the highest levels of government. In recent years, those authorities have been streamlined and delegated. However, most cyber operations are still conducted from remote locations by the cyber mission force (CMF) and primarily focused on IP-based networks.

Many of the services have begun investing in capabilities and forces for their own offensive cyber, however, that is mostly in the blended electronic warfare or radio frequency-enabled sphere at the tactical level.

The updated doctrine recognizes that these capabilities, which will still have to be coordinated centrally, could provide access to targets that remote operators might not be able to get for a variety of reasons.

“Developing access to targets in or through cyberspace follows a process that can often take significant time. In some cases, remote access is not possible or preferable, and close proximity may be required, using expeditionary [cyber operations],” the joint publication states. “Such operations are key to addressing the challenge of closed networks and other systems that are virtually isolated. Expeditionary CO are often more regionally and tactically focused and can include units of the CMF or special operations forces … If direct access to the target is unavailable or undesired, sometimes a similar or partial effect can be created by indirect access using a related target that has higher-order effects on the desired target.”

It also notes that these effects and operations should be coordinated with the intelligence community to deconflict intelligence gain/loss.

Moreover, the updated doctrine recognizes the complexity of cyberspace and how in-demand cyber capabilities might be. Thus, global cyber support might need to “reach-forward” to support multiple combatant commands simultaneously.

“Allowing them to support [combatant commands] in this way permits faster adaptation to rapidly changing needs and allows threats that initially manifest only in one [area of responsibility] to be mitigated globally in near real time. Likewise, while synchronizing CO missions related to achieving [combatant commander] objectives, some cyberspace capabilities that support this activity may need to be forward-deployed; used in multiple AORs simultaneously; or, for speed in time-critical situations, made available via reachback,” it states. “This might involve augmentation or deployment of cyberspace capabilities to forces already forward or require expeditionary CO by deployment of a fully equipped team of personnel and capabilities.”

When it comes to internalizing the new doctrine, the Air Force sees this as additional access points for operations.

“How do we leverage folks that are and forces that are at the tactical edge for access? That’s primarily how I think about the expeditionary capabilities we have … is empowering or enabling the effect they’re trying to create or using their access or position physically, to help enable some of our effects,” Lt. Gen. Kevin Kennedy, commander of 16^th Air Force/Air Forces Cyber, told DefenseScoop at the AFCEA TechNet Cyber conference.

He noted that these access-enabling capabilities could be across the services, but primarily from an Air Force perspective, “I’m looking at looking within the Air Force, from aerial platforms down to ground-based airmen, as well about how we would do that,” he said.

Officials have described how the services are seeking to build their own forces separate from Cybercom.

“There was a lot of language that came out the [National Defense Authorization Act] that talked about force design in general. All the services to one degree or another are really — I’m not going to say rethinking — but evaluating what their contribution to the joint force is, as well as what their own … service-retained cyber teams are,” Chris Cleary, principal cyber advisor for the Department of Navy, told DefenseScoop at the AFCEA conference.

Last year’s NDAA directed the Pentagon to develop a strategy for converged cyber and electronic warfare conducted by deployed military and intelligence assets, specifically for service-retained assets.

As electronic warfare and cyber capabilities are expected to be a big part of the battlefield in 2030 — a key waypoint the Army has been building toward — it recognizes those capabilities can’t be held from remote sanctuary, Maj. Gen. Paul Stanton, commander of the Army Cyber Center of Excellence, told DefenseScoop in an interview on the sidelines of the AFCEA conference.

In fact, the Army’s principal cyber adviser has tasked the Cyber Center of Excellence with clarifying certain authorities and capabilities.

“How do you execute electronic attack to achieve effects? How do you differentiate a cyber-delivered capability that benefits from proximity based on owning the land, owning the ground?Because that’s what the Army does. The principal cyber advisor, Dr. [Michael] Sulmeyer is tasking me with conducting a study to clearly define and delineate where those lines are,” Stanton said. “This study is going to help us be able to clearly define that. I expect to be tasked to kick that off here in the very near future with about 90 days to complete.”

When it comes to service-retained forces and capabilities, the Army has built the 11^th Cyber Battalion, formerly the 915^th Cyber Warfare Battalion, which provides tactical, on-the-ground cyber operations — mostly through radio-frequency effects — electronic warfare and information ops. The unit will help plan tactical operations for commanders and conduct missions in coordination with deployed forces. It consists of several expeditionary cyber and electromagnetic activities (CEMA) teams that are scalable and will maneuver with units and conduct operations on the ground for commanders.

The Navy, meanwhile, is building what it’s calling non-kinetic effects teams, which will augment afloat forces with critical information warfare capabilities. Cleary has previously noted that the service is still working through what cyber ops at sea will look like.

“As we continue to professionalize this, [information warfare commanders within carrier strike groups] will become more and more important as it fully combines all aspects of the information warfare space, the electromagnetic spectrum, command and control of networks, eventually potentially offensive cyber being delivered from sea, information operations campaigns,” Cleary said.

“That job will mature over time, and then the trick is to get the Navy and the Marine Corps to work together because we are back to our roots of being an expeditionary force. Even the Marines through [Commandant] Gen. [David] Berger’s new force design is really about getting the Marines back to being what the Marines were designed to be, which is an expeditionary fighting force that goes to sea with the Navy. We work together to achieve our objectives as a team, and we’re getting back to our blocking [and] tackling them.”

For the Marine Corps’ part, officials have been building Marine Expeditionary Force Information Groups (MIGs), which were created in 2017 and support each MEF within the Corps, integrate electronic warfare with intelligence, communications, military information support operations, space, cyber and communication strategy — all to provide MEF commanders with an information advantage.

The service has also recently established Marine Corps Information Command (MCIC), which was designed to more tightly link the service’s information forces — including cyber, intelligence and space — in theater with the broader joint force across the globe.

Mission elements the Marines have created and sent forward with Marine expeditionary units are “right in line with [Joint Publication] 3-12,” Maj. Gen. Joseph Matos, deputy commander of Marine Corps Forces Cyberspace Command, told DefenseScoop at the AFCEA conference.

“How do we take what we do at the fort, or back at Fort Meade [where Cybercom is headquartered], and be able to extend that out to the services? That’s what we’re in the process of doing right now … We started about two years ago doing that. That capability is starting to mature pretty well,” he said. “It’s to extend Cyber Command out to those forward units.”

Matos said the recently created MCIC will act as the integrator for a lot of these capabilities throughout the force, acting as a bridge of sorts.

The organization will help tactical forces understand the authorities and capabilities that cyber can provide to help them conduct their missions.

“You kind of hit a glass ceiling of the capability [of] the lower elements being able to reach out and do cyberspace operations,” Matos said of the process prior to establishing that entity. “We’re able to say, OK, here’s a team, trained, capable,’ understand the capabilities that we can bring, give them to the deployed forces to say, ‘OK, you want to do cyber operations, here’s how we can help you do that.’ We know who to talk to, the authorities and so on so forth, and we can do that. I think it’s right in line with what the [Joint Publication] 3-12 is trying to do.”

That command essentially acts as the glue between the high-end cyber forces and the tactical elements, bridging the gap between Cybercom forces and the deployed forces.

“The genesis of the Marine Corps Information Command to tie all these elements together is to address that concern, is to be that integration point between the forces below the tactical edge who have these requirements to operate in a rapidly changing environment. But also tie that to the Marine Corps Information Command knows who to talk to at Cyber Command, or at NSA, or at Space Command. To be able to be that touchpoint between the two organizations so you don’t have to have an infantry battalion going all the way to” a combatant command, Matos said during a presentation at the AFCEA conference.

“I think as we operate in this rapidly changing cyberspace world, that Marine Corps Information Command’s going to be a tremendous benefit to the [Marine Air Ground Task Force], but also to the joint world and the intelligence and cyber world,” he added.

The post New DOD doctrine officially outlines and defines ‘expeditionary cyberspace operations’ appeared first on DefenseScoop.