Top commanders across the military have asserted that IT networks are not just services but warfighting platforms in the new cyber domain.
Information has always been power but the growing importance of the cyber domain has led U.S. military leaders to look at their information networks essentially as weapons systems. Or as Vice Adm. Jan Tighe , commander of the Navy’s Cyber Command, put it recently, the branch must “operate the network as a warfighting platform.”
“It's not a service provider. It's not a support capability,” Tighe said. “We know that our operational network is under fire every day; we have to defend it.”
One of these networks the Navy utilizes is the Consolidated Afloat Networks and Enterprise Services. CANES provides a plethora of services to ships, such as improved information assurance, firewall and intrusion detection, an adaptable IT platform that meets shifting requirements and the ability to continue to run current operating systems with the option to upgrade when changes become available, which provides greater flexibility. The Navy maintains that CANES solves vulnerabilities that cannot otherwise be mitigated, allowing the network to become part of the service’s combat capability.
Furthermore, CANES serves as the cyber platform for over 200 applications and connected systems. It has so far been installed on 25 ships and is expected to be installed on an additional 153 by 2024. In January, the Navy addedtwo additional contractors to its CANES contract amid protests. Vendors under the contract will construct one destroyer-class system and compete for work for the remainder of the program.
The Navy also views the Navy Marine Corps Intranet, or NMCI, as well as the OCONUS Navy Enterprise Network, or ONE-Net, as equally essential. NMCI is described as the Navy’s shore-based enterprise network in the continental United States and Hawaii. It provides a single integrated and secure IT environment for reliable and stable information transfer. Additionally, it blocks 321 million unauthorized intrusions while also detecting 26 million threats and blocking 3.5 million spam messages per month. ONE-Net, on the other hand, provides comprehensive end-to-end information and telecommunication services to OCONUS (outside the continental United States) Navy shore commands with common computing environments for both the Non-secure IP Router Network and Secure IP Router Network. Combined, these systems double as IT assets and information weapons.
“In the not too distant past, Navy networks were viewed as delivery systems for email and administrative actions. With the evolution of cyberspace capabilities and vulnerabilities, Navy networks can be viewed as cyber platforms that deliver decisive effects from seabed to space,” the Navy said in a release.
The Navy is not alone in taking this approach. “We are at a point now where the network is not just an enabling or supporting capability, but is a warfighting capability and a warfighting platform,” Army Maj. Gen. Stephen G. Fogarty, commander of the Cyber Center of Excellence and Fort Gordon, Ga., said recently, mirroring Tighe’s comments. “As we start to move into the offensive realm, with cyber capabilities, it becomes even more important to really recognize that fact.”
The network is a weapons system, Fogarty said, adding that data is a munition and must be pointed in the right direction to achieve effectiveness much like precision-guided munitions or a 5.56 mm bullet found in standard-issue infantry weapons. Spectrum is a terrain feature, he said.
“Cyber attack can be thought of as a new weapons payload and a system to deliver that payload on target,” a recent report released by the Center for Strategic and International Studies said, warning, however, that this doesn’t capture the full range of cyber capabilities. “Advanced weapons and command systems are dependent upon software and computer networks, making them attractive targets for cyber attack. In most cases, the attention and expenditure for military systems that depend on computers and software has not been accompanied in any reasonable proportion by spending on securing these systems from cyber attack.”