Army cyber forces should 'take a page' from adversaries
- By Mark Pomerleau
- Oct 15, 2015
The Army could improve its cyber abilities by studying—even imitating—its enemies, according to one of its top cyber leaders.
“We as an Army have to take a page and a lesson learned from our adversaries,” Maj. Gen. Paul Nakasone, commander of the U.S. Cyber Command’s Cyber National Mission Force, said at a panel during the annual Association of the United States Army gathering in Washington, D.C., this week. The lesson he was talking about is the notion of “cheap, fast and easy.”
Nakasone said there have been several examples over the past year of this approach, from the exploitation of vulnerabilities to targeting critical information to advanced phishing attempts. “There are no requirements in this cheap, fast and easy environment for zero days because you get access so easily,” he said, in reference to exploits of vulnerabilities that were previously unknown.
More striking, he added, “we’re on the wrong side of the cost curve” in terms of cybersecurity. “In many ways, we’re not operating cheap, fast and easy, we’re on the slow, expensive and hard ways of doing business.”
Nakasone noted how far adversaries have come in cyber exploitations, intelligence gathering, disruptions such as denial-of-service attacks against the financial industry and even potentially destructive capabilities. That led Nakasone to ask, “What’s cheap, fast and easy look like for us? Because cheap, fast and easy on the other side doesn’t look too good.”
Operating in the cyber domain requires cooperation between the services as well. The myth that the services are not connected or not talking to each other is not true, Col. William Hartman, commander of the 780th Military Intelligence Brigade in the Army’s Intelligence and Security Command, said during the same panel discussion. “When we executed our training event for our teams in Texas that support [the European Command], that team was working for an Air Force Joint Force Headquarters,” Hartman said. “They had to modify the [tactics, techniques, and procedures] to ensure that we were able to talk to the Air Force in language the Air Force understood, although we were an Army force delivering that capability. So from my stand point that’s a pretty good news story.”
The Defense Department is about halfway to forming the 133 teams that will make up its cyber mission force. Hartman said that once more cyber teams are stood up, they will begin to work with the Joint Force Headquarters Cyber.
These joint training exercises fall in line with comments made by Gen. Stephen Fogarty, commanding general of the Cyber Center of Excellence and Fort Gordon, Ga., who said the Army must “integrate the efforts of multiple partners, operate across multiple domains, and present our enemies and adversaries with multiple dilemmas.”
Despite teams stationed at various National Security Agency facilities across the continental U.S. other locations such as Hawaii, Hartman said, “I’ve spent a large portion of the last year going to places like Fort Bragg [N.C.] and Fort Hood [Texas] and Fort Bliss [Texas] and the Joint Readiness Training Center in the national training center,” working on “integrating the cyberspace capability to achieve the effects that a commander is trying to achieve on the battlefield.”
Hartman said the pilot programs are intended to “define what cyber capabilities to integrate at the corps level and below, determine the expeditionary capability required to support our deployed tactical forces, leverage our combat training centers and operational deployments.” That also would help develop long-term requirements for combat training centers. “
Working with traditional ground units helped ground commanders and the cyber force see how to better integrate the capabilities needed to support operations. “With the Rangers we really had an interesting problem set because those forces generally operate on a much tighter timeline than we operated at [Joint Readiness Training Center] with 3rd Brigade 25th [Infantry Division],” Hartman said. “And so in some cases, we were able to have to identify a requirement, modify a tool and then present a capability in sometimes hours – I think the shortest kind of flash-to-bang was two hours.”
Hartman also said that some cyber mission teams are also already supporting Central Command, European Command, Pacific Command and Africa Command.
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.