Cyberspace is the new, virtual battlefield, and lines of offense and defense are blurred if not obliterated
By COL Timothy D. Presby and Dr. Portia I. Crowe
Cyberspace, the newest DOD operational domain, grows more complex and contested by the day. But unlike the traditional domains of land, sea, air and space, cyberspace blurs the line. President Barack Obama has compared the lack of boundaries found in cyberspace to a game of basketball, where—unlike in football or baseball—there is no clear line between offense and defense. Instead, the roles switch constantly.
Such is the realm of cyberspace. And as Soldiers learn how to do battle within this new domain, the cyber frontier is also challenging the Army acquisition and requirements communities to successfully equip and train our cyber forces.
The need to ensure the confidentiality, integrity and availability of information is not new, and today’s military systems are protected through patch management, authentication, encryption, host-based security processes and more. Because of the piecemeal approach to acquiring weapon systems, the Army traditionally treated cybersecurity as a support effort or service for an existing capability. But as cyber now takes on a new role—viewed as a warfighting capability for use in the digital battlefield—the Army is developing the integrated requirements to deliver a new set of solutions for today’s security environment.
Recently, the director of national intelligence named the cyber threat as the number one strategic threat to the United States, placing it above terrorism for the first time since 9/11. April saw the publication of the DOD Cyber Strategy, which provides five prioritized strategic goals and objectives for DOD’s cyber activities and mission to achieve over the next five years.
In this urgent but fiscally constrained environment, it is critical to properly frame the Army’s cyber requirements and capabilities, as well as to ensure that they are flexible enough to support the inherent challenges of this domain.
TEAMING UP FOR THE CYBER REALM
Creating requirements focused specifically on cyber reinforces the need for information security and resilience throughout the program life cycle. To do this, the Army is using the Common Operating Environment (COE) as a vehicle for increased security in newer systems, while also establishing security mechanisms for legacy systems. This strategy necessitates a holistic approach to acquisition and requirements that can adapt to address changing, emerging and unknown threats.
To prepare well for these threats, while also protecting and defending DOD’s information network and data, the Army materiel development and cyber operational communities are building cyber requirements to meet today’s needs. This team includes the U.S. Army Cyber Command (ARCYBER), the U.S. Army Training and Doctrine Command (TRADOC) Cyber Center of Excellence, the acquisition community and a variety of partners from industry and academia. From the acquisition side, the Office of the Assistant Secretary of the Army for Acquisition, Logistics and Technology (ASA(ALT)) System of Systems Engineering and Integration Directorate’s Cyber Acquisition Task Force is responsible for prioritizing cyber gaps and distributing requirements across program executive offices (PEOs) for execution.
Working with the ASA(ALT) Cyber Task Force and the requirements community are three PEOs with key roles in supporting these future technologies: PEO Command, Control and Communications – Tactical (C3T) leads in defense of the tactical network; PEO Enterprise Information Systems (EIS) leads in defense of the enterprise network; and PEO Intelligence, Electronic Warfare and Sensors (IEW&S) leads in offensive cyber efforts. This collaboration—along with those formed with other organizations that support cyberspace operations, such as the intelligence community, international alliances and joint and coalition forces—is key to employing a more defendable network architecture in the joint information environment.
DIVIDE AND CONQUER
From weapon systems to communications capabilities, the Army must lock down its systems even more securely than today. The acquisition community has been responding directly to its customer, the Soldier, by addressing ARCYBER operational needs statements as they come in—even as we are establishing the resources and processes that will govern the long-term acquisition of cyber defense and warfare capabilities.
To aid in improved weapon systems cybersecurity, capabilities for the Army’s newly constituted cyber mission forces and resilience for networks, the acquisition and requirements communities are working together to create new cyber requirements. These include capability development documents (CDDs) and initial capabilities documents (ICDs), in various stages of development, that focus on defensive cyberspace operations, cyber situational awareness and offensive cyberspace operations. Leveraging multiple cyber requirements documents, instead of focusing on a single document, is by design and meant to instill a new level of adaptability as needs change and new threats emerge.
The mechanism that allows this multipronged approach, whereby several requirements documents work together holistically, is known as the Information Technology (IT) Box. Introduced by the DOD in 2014, the IT Box model allows approval for an overarching requirement—cyber, for example—then includes individual information system requirements documents for defensive cyber operations, cyber situational awareness and offensive cyber operations that would only need approval at the service level instead of the joint level. The intent of the IT Box approach is to provide agility and flexibility while ensuring better-integrated cyber solutions than we have seen in the past.
In addition to the overarching requirements documents for cyber capabilities, the Office of the Secretary of Defense is imposing new cyber requirements at the individual system level, creating a cyber survivability key performance parameter to help programs increase cybersecurity in their baselines.
In pulling together the requirements documents, TRADOC and ASA(ALT) are also, for the first time, including capabilities that reach across the total Army network, including both enterprise and tactical systems. Previously, the Army often approached the network as two distinct entities. Now, because of improved integration and the nature of cyber threats, the Army is looking at it more holistically. Data is data—how it flows through the network is the same, and its path must be protected.
Digital systems are fielded more broadly and to lower echelons than ever. Aware of this challenge, the Army continues to advance the modernization and integration of mission command capabilities to allow greater visibility in detecting and defending against cyber threats. The COE, which enables a common interface and architecture for a “plug and play” experience across different systems and operational environments, will also improve security through a common, cyber-hardened data foundation.
A CYBER COMMON OPERATING PICTURE
The cyber-related requirements documents in production address mission command functionality in cyberspace, with the overall goal of producing a clear common operating picture of the cyberspace terrain. This includes understanding the risks, their operational impact and options for mitigation, as well as how to use cyber as a warfighting function in unified land operations.
Defensive cyber operations-related CDDs are intended to build on traditional approaches to defending networks and systems by providing real-time capabilities to discover, detect, analyze and mitigate advanced cyber threats and vulnerabilities. These capabilities will enable defenders to protect key terrain in cyberspace, hunt for and detect adversaries that have gained or are attempting to gain access, and engage or outmaneuver those adversaries for the purpose of eradicating them and achieving mission assurance. Cyber Soldiers will be equipped with “defense in-depth” that integrates people, technology and operations across friendly, neutral and adversarial cyberspace—while having clear situational awareness that includes detecting and analyzing current threats, mitigating potential threats and outmaneuvering adversaries. From the delivery of these capabilities, commanders will realize freedom of action to operate in and through the cyberspace domain.
Closely tied to this effort is the cyber situational awareness CDD, which fuses existing sensor data and mission command data to show how they affect operations. This CDD seeks to move a commander’s situational awareness beyond an indication that an individual system—such as a network router—is not working, and instead will show what that downed or attacked router means to overall operations. These visualization capabilities will likely include functions such as forecasting, trend analysis, mapping and geolocation tools that run in parallel with network visualization, data storage and sensor input. Having a unified data architecture will also enable these capabilities per validated operational requirements.
Through the offensive cyber operations ICD, the Army is establishing the framework for the rapid identification, validation, development and fielding of capabilities for the ARCYBER operational forces to generate denial effects in cyberspace that support service and joint operations. This ICD is meant to align existing programs with emerging technologies across the board.
Within the next year, these validated requirements and their associated documents will establish the framework for the future acquisition and delivery of cyber capabilities across the Army. Over time, they’ll be used to sustain solutions and guide future capability upgrades and enhancements.
While this is a significant challenge, the good news is there’s a lot of work already done on the acquisition front that is helping shape and address future cyber requirements. For example, as part of the COE, the Command Post Computing Environment (CP CE) displays a range of fires, logistics, intelligence, airspace management and maneuver data on a common, geospatial digital map hosted on a common hardware and software infrastructure. By fusing and running the right analytics on mission command data, the Army could leverage these tools to gain a better situational awareness of cyberspace. CP CE also provides a unified-data capability that will automatically label, redact and share information according to the data’s classification level, thus preserving cybersecurity while reducing obstacles to collaboration with other nations and agencies.
The immediate priority in any discussion of cyber requirements is to answer urgent needs by continuing to field solutions to our cyber mission forces. As these cyber capabilities are developed, many could be inherently available for other units across the force. The next step is to equip computer network defense service providers at regional cyber centers, and eventually push specific solutions down to Army corps and below.
Getting cyber requirements right for the short, middle and long term is essential to successful network modernization for Force 2025 and Beyond. By moving forward aggressively and structuring our approach to continuously deliver solutions, we will provide Soldiers a decisive edge to be able to defend against cyber attacks and strengthen DOD’s posture and strategy.
DR. PORTIA I. CROWE is the deputy director and chief technology officer for PEO C3T’s Cyber Operations and Defense Directorate. She has a Ph.D. in systems engineering from the Stevens Institute of Technology, an M.S. in engineering management from the New Jersey Institute of Technology and a B.S. in computer science from Rutgers University. She is Level III certified in systems engineering, a member of the U.S. Army Acquisition Corps and a Lean Six Sigma Green Belt.
This article was originally published in the July – September 2015 issue of Army AL&T magazine. Subscribe to Access AL&T is the premier online news source for the Acquisition, Logistics, and Technology (AL&T) Workforce.