Meanwhile, the Marine Corps is also hustling to equip expeditionary fighting groups known as Marine Air Ground Task Forces (MAGTFs) with cyber weaponry to take into battle alongside their rifles, artillery, tanks, helicopters and airplanes. "The future environment . . . leads us not only to focus on [cyber] vulnerabilities [and opportunities] at the strategic levels, but to create options for the most forward, tactical commanders to use cyber as an important weapon within their quiver," the Marines' top cyber warrior, Lt. Gen. Richard Mills, said on Aug. 15. That MAGTF commander at the front end of the spear will have organic, offensive [cyber] capabilities, they will be augmented by fires from [Marine Corps Cyber Command] and from U.S. Cyber Command and, perhaps ultimately, from NSA," added Mills, referring to the National Security Agency, considered one of the most potent cyber fighting organizations in the worldIn the 1990s, most discussion about the broader field of information warfare was couched within the framework of the Revolution in Military Affairs (RMA). Either it was about using the network to create Dominant Battlespace Knowledge (one of many concepts that seemed misplaced in retrospect) or stand-alone strategic information warfare to disable the enemy's system of systems. Very little, if any, cyber discussion was couched within a combined arms construct. Today, strategic and standalone information warfare against vulnerable rear areas is still the most prominent area of the cyber discussion. Unfortunately, there hasn't really been very much conceptual advance in that area. Many audiences are unaware of formative cases such as Solar Sunrise or Moonlight Maze and the problems they revealed with US cyber defenses.
Real-world experience and the need to bring capabilities within existing organizational frameworks is motivating a combined-arms approach. There are, however, some risks involved. First, the phrase "weapon" understates the variability of effects that the current generation of cyber-weapons generate as well as the diminishing financial and strategic returns inherent in their current form. As James Hasik notes, precision-guided weapons actually are economical when compared to the cost of deploying cheaper but more numerous "dumb" bombs and delivery vehicles but cyber weapons do not necessarily offer similar savings. The target intelligence, testing demands, legal concerns, shortage of cyber operators, and hat-tipping effects (once used, an vulnerability is exposed to the enemy) inherent in the weapons suggest complications for integrating this sort of weapon into a standard combined arms matrix. That is, if the matrix conceives cyber weapons as somehow equivalent to disembodied field artillery pieces waiting in the ether for grid coordinates. Certainly making things go boom matters, but it is not the only means to an end.
One of the dominant conceptual problems involved in thinking about cyber weapons is also the focus on weapon instead of effect. There were many faults with Effects-Based Operations (EBO), but it at least looked at the problem from the framework of linking targeting method to the type of desired effect rather than trying to figure out what effect was necessary to make a given weapon useful. Thinking about cyber solely from the perspective of the electromagnetic network--and kinetic actions to damage it--is part of the problem. One encouraging sign in Reed's article is precisely a focus on blending different kinds of tools together to precisely achieve a cumulative effect. There are a variety of ways within the broader array of cyber capabilities to achieve effects, and too little thinking about what weapons and attack vectors might match them.
As Sam Liles observed, the common link between what he dubs all three "generations" of cyber warfare is the command and control-centric style of warfighting that originated in the late 19th century. Integrated communications networks is a major part of what enabled the large distributed operations possible on both land and sea that is characteristic of modern warfare. But command and control should not be confused with the technical network. Rather, an institution like the Prusso-German General Staff was a human network that, while built around telegraphic information networks, can be regarded as than more than simply just a electromagnetic superstructure. It might best be considered what Tim Stevens has called a "sociotechnical assemblage" of humans and machines. Human networks constitute a formidable weak link that can be leveraged to compromise technical systems.
If, say, the British or the French had thought about information warfare from our present-day framework, operations against telegraphic networks alone would have been a poor use of their resources. That is why the World War II double-cross system, which gave Britain control over the entire German network of secret agents, was probably more effective than a hypothetical attempt to damage German telecommunications infrastructure at blinding and disrupting Berlin's command and control systems. John Hamre's chief insight about Moonlight Maze was precisely that the infiltration exploited the open norms of the civilian research networks associated with the Department of Defense to compromise it. If this sounds familiar, it also is the method that the Taliban may have used to strike Camp Bastion this weekend. While the base's defenses were thought to be impregnable, the attackers likely exploited a variety of human network vectors that counterintelligence planners may have overlooked. Liles' judgment is that the next generation of cyber weapons will target the entire sociotechnical assemblage, and use advanced computational tools to reveal a system's various fault lines and target it with follow-on weapons customized for purpose.
All of this is a bit of a roundabout way of saying that putting a cyber capability within the framework of combined arms will take a better conceptual lens than imagining digital rifles or mortars. The problem it poses for the American way of warfare is that it puts a premium on a kind of thinking about effects and targeting that runs counter to the instinct of turning battles into engineering equations and thinking about machines over people and the social systems they create. What the Army and Marines are doing is definitely a step forward. The question is how it will be realized--and whether it will avoid or repeat some of the past conceptual errors in how we think about incorporating cyber into military's toolbox.
No comments:
Post a Comment