Regarding cyber warfare, General James Cartwright once stated, “On the offensive side of cyber, every aperture out there is a target.”1 The United States remains one of the most capable nations in the realm of cyber warfare—but almost exclusively at the strategic level. Defensive cyber teams recently have deployed in support of naval and expeditionary units, yet operational Navy and Marine Corps commands continue to have limited capabilities and authorities to execute offensive cyber attacks.2
Identifying and defending against network intrusions are critical in modern conflict, but commanders also must have cyber weapons available to support operational maneuver and kinetic action. To be prepared to execute offensive cyber at the operational and tactical levels requires a paradigm shift in how the services conduct enemy analysis, develop cyber capabilities, and define the tactics and conditions for their employment. Offensive cyber, as currently employed, centers on the strategic use of cyber weapons. These weapons require considerable time to develop and are subject to rapid perishability and obsolescence, making them unsuitable to achieve the swift and discrete effects deployed commanders need to support maneuver and other combat operations.3
Assess Capabilities and Vulnerabilities
Because the cyber domain is inextricably tied to the electromagnetic spectrum, the fact that electronic warfare (EW) and cyber warfare are now (finally) being considered together as cyber-electromagnetic activities (CEMA) is a welcome development. For many years, EW focused primarily on detecting and jamming enemy signals and networks. With the advent of cyber, network nodes no longer are simply targets to be attacked, but are an entry point into the enemy’s cognitive dimension and decision-making processes. An adversary can train to operate effectively when his networks are degraded, but if U.S. operational commanders can use cyber attacks to take over his networks, this may shatter his cohesion and even break his will. As adversary ships, aircraft, and weapon platforms become more complex, their vulnerability to CEMA increases, thereby offering the tactical cyber operator more vectors to exploit.
In the past, radio communication networks carried mostly voice transmissions, but today they more often transmit data at the tactical and operational levels of war. Tactical radios are now computers operating on temporal ad hoc networks, and military planners must consider any adversary point of electronic transmission or reception a potential target. Order of battle and capability analysis of adversary platforms must now go deeper than the traditional statistics of weapons, ranges, and speed. Planners conducting enemy center-of-gravity analysis must delve into the logical—and in some cases, the layers—to fully identify requirements, capabilities, and vulnerabilities.4
U.S. sailors and Marines can identify an enemy frigate or tank on sight. They can recite speed, range, and weapons capabilities. But can they confidently list electromagnetic nodes, computer systems, and the logical layers that connect them to the better-known physical layer? This demonstrates why mission analysis and problem framing that previously centered on geographic and physical terrain layers must now also consider logical and cyber-persona layers.5 Friendly and enemy order-of-battle analysis must identify and map what has become an internet of battlefield things (IoBT).6 Using this level of knowledge, EW and cyber effects can be devised to exploit vulnerabilities.
Integrate Cyber
The Army has begun experimenting with implementing cyber weapons below the brigade level. In exercises, units with cyber-enabled capabilities could access internet-protocol–based webcams to identify high-payoff targets and poorly secured enemy networks for kinetic and nonkinetic actions by unmanned aerial systems.7 These tactical engagements did not require complex cyber weapons. Instead, they relied on recognizing the vulnerability and creatively applying less complex cyber tools at hand to exploit it.
The small signature and often closed nature of tactical networks requires proximal access to attack, which is much more challenging to accomplish with strategic-level capabilities.8 Similarly, in some cases strategic cyber weapons cannot remotely breach the physical-logical divide and will require individuals or units near the target. This means deployed U.S. forces should be provided with modern tools not only to detect and defend, but also to probe and attack. As commanders and planners begin to see the battlefield beyond the physical domain, they increasingly will see options to employ cyber attacks. When these weapons are technically mature, military units must expand their approaches to problem framing to imagine possibilities for cyber employment. They need to be prepared when the weapons and authorities are presented to them.
Unit commanders will begin to recognize where the mission requires seizing cyberspace instead of physical objectives. When that occurs, a range of options can enable and support conventional operations. These could include:
- Temporarily degrading or disrupting enemy sensor networks to facilitate positional maneuver or kinetic strikes. One example of this is the combination of Israeli EW and cyberattacks in support of the 2007 raid against the Syrian Dayr az-Zwar nuclear reactor.9
- Overwhelming adversary antiaccess/area-denial weapons with autonomous drone swarms or distributed attacks. 10
- Seizing control of tactical network nodes to degrade or redirect network traffic.
- Attacking the cognitive dimension: manipulate enemy information to facilitate maneuver.
- Facilitating deception operations to help defend the fleet.
- Providing proximal access to insert strategic cyber weapons into networks with a physical/logical gap.
Extend Authorities
Determining tactics and techniques to apply cyber weapons is simpler than developing policy or clarifying and delegating legal authorities to employ them. Two arguments for retaining offensive cyber at the National Command Authority level are the risk of collateral damage and the risk of divulging highly classified tools. Strategic control also gives leaders greater confidence that employing cyber weapons can be contained to the virtual domain and not lead to wider conflict. Escalation should be controllable, however, since operational and tactical units are employed when war is ongoing.
Operational maneuver likely will require engaging lower-level tactical networks, as opposed to the large infrastructure that bridges to the wider internet. These tactical networks often are standalone architectures that are less protected and independent of the wider internet, making replication of a cyber weapon across logical boundaries less likely. Employing CEMA weapons against such networks may not require an elegant cyber tool, such as the Stuxnet malicious cyber worm. The techniques and tools that would be most effective at lower levels do not require the level of complexity and development of strategic cyber weapons.
Cyberspace significantly expands the doctrinal battlespace for military units, making it challenging to define cyber “limits of advance” for commanders. Though the area of operations may remain a physically defined and accessible space, units with cyber attack capabilities may have areas of influence and interest spanning the globe. Persistent and attributable cyber weapons may create second-order effects well beyond the operational maneuver space.
Such ambiguities can be clarified with existing doctrine to provide guidance for offensive cyber and its collateral effects. For example, the use of weapons that are expected to remain within the area of operations and create no significant collateral effects may be delegated from the theater commander to operational units. These distinctions will help frame cyber rules of engagement within the law of war.
Arming for the Cyber Future
Beyond addressing the current need for cyber weapons to support naval operations, senior leaders must continue to harness and integrate emerging technology. As the information domain becomes more complex, the most significant vulnerability will be human: our limitations in processing data and acting in an ever-fluid environment. The expanding use of algorithms to drive machine learning (ML) and specialized artificial intelligence (AI) must nest with the development of new cyber weapons. Programs such as the Pentagon’s Project Maven offer intriguing opportunities for human/machine teaming, which supports more efficient and effective decision-making.11 But even with a person in the cyber-targeting loop, the possibility to sift rapidly through extensive data sets and highlight decision points offers commanders an enhanced ability to shape the battlefield. As cyber merges with ML and AI, cyber weapons will continually outpace policies and authorities that move more slowly than technology.
Research and development into these areas must increase, and the Department of Defense must continue to partner with private industry, as the latter’s progress in cyber research outpaces that of the military. This is the new “space race.” Peer adversaries are seeking competitive advantages, unrestrained by U.S. bureaucratic obstacles or ethical concerns. The Department of the Navy needs to consider how future cyber weapons will affect the long trend of concentrating firepower and maneuver capabilities in capital ships and large units. Cyber weapons may help the Navy and Marine Corps better distribute mass, thereby limiting the impact of a discrete attack on ships or tactical units, while facilitating the rapid focus of combat power on an exposed enemy vulnerability.
Though the types of cyber-enabled attacks discussed here may not be available currently for ships and units in the field, the technology does exist. It is only a matter of time before tactical cyber warfare is a reality across battlefields. The U.S. military needs to determine how to employ tactical cyber weapons that technology is increasingly producing.
1. Wyatt Kash, “Hackers Pose Costly Future for Military Jets, Warns Cartwright,” Breaking Government, 16 May 2012.
2. Mark Pomerleau, “Marines Training Expeditionary Cyber Defenders to Join Forces in the Field,” Fifth Domain, 25 October 2017; Travis Howard and Robert Dunford, “Afloat Cybersecurity: Achievable Now!” InfoDomain 1, April–June 2017.
3. Christopher Bartos, “Cyber Weapons Are Not Created Equal,” U.S. Naval Institute Proceedings 142, no. 6 (June 2016).
4. Joint Chiefs of Staff, Joint Publication 3–12: Cyberspace Operations, 8 June 2018.
5. Department of the Army, Field Manual 3–12: Cyberspace and Electronic Warfare Operations, April 2017.
6. Patrick Marshall, “Developing and Protecting the Internet of Battlefield Things,” GCN, 5 March 2018.
7. Mark Pomerleau, “The Army’s New Tool in Firing Back? Cyber,” Fifth Domain, 12 March 2018.
8. Charlie Kawasaki, “Four Ways to Deliver Tactical Cyber to the Battlefield,” Fifth Domain, 3 April 2018.
9. Scott Applegate, “The Principle of Maneuver in Cyber Operations,” 4th International Conference on Cyber Conflict, Cooperative Cyber Defence Centre of Excellence, North Atlantic Treaty Organization, Tallin, Estonia, 5–8 June 2012.
10. Alexis C. Madrigal, “Drone Swarms Are Going to Be Terrifying and Hard to Stop,” The Atlantic, 7 March 2018.
11. Marcus Weisgerber, “General: Project Maven Is Just the Beginning of the Military’s Use of AI,” Defense One, 28 June 2018.