By Ms. Leticia Hopkins (USARCENT)December 23, 2016
SHAW AIR FORCE BASE, S.C. -- When the Army released its cyberspace strategy for 2025 in March, it did not clearly identify cyberspace requirements for Army service component commands, creating an opportunity U.S. Army Central chose to embrace.
"This is unfamiliar terrain for the Army, so the Army has not identified what the ASCC cyberspace requirements look like," said Lt. Col. Dwyke Bidjou, USARCENT deputy chief of information operations. "To assist that effort, (USARCENT) has written a (fiscal year) 17/18 cyberspace strategy, which also speaks to the development of a white paper where we capture our challenges."
Bidjou added, USARCENT is assisting the Army's Training and Doctrine Command with identifying what those requirements will look like. USARCENT's strategy is directly nested with the Army's cyberspace strategy for 2025 to ensure it agrees with Army's objectives.
In October, Lt. Gen. Michael X. Garrett, USARCENT commanding general, approved the strategy, which conveys his vision, purpose and direction for integrating cyberspace operations at USARCENT. The strategy seeks to deter current and emerging threats by building USARCENT's cyberspace workforce; conducting cyberspace operations; identifying anddeveloping cyberspace capabilities; investing in facilities, systems, and infrastructure; and developing partnerships.
There has been a push to develop capabilities and processes that create more resilient and secure networks, systems and platforms to conduct cyber operations. This push stems from the continual rise of cyber threats, the threats that they pose and the damage they've caused or could potentially cause. That's why the Department of Defense, not just the Army, has been making it a priority to focus on the misuse of cyberspace and mitigate the risks in cyberspace.
According to the DoD's April 2015 cyber strategy, "From 2013-2015, the director of National Intelligence named the cyber threat as the number one strategic threat to the United States, placing it ahead of terrorism for the first time since the attacks of Sept. 11, 2001."
It also states leaders need to take steps to mitigate risks in cyberspace with the key being a comprehensive strategy that counters and can resist disruptive and destructive attacks.
"Defense of our networks against cyber threats is always an ongoing process," said Maj. Kelly Sunderland, USARCENT chief of plans, policy, and programs. "Just as technology has advanced to change how we defend our installations from physical threats, our defensive capabilities have also evolved in the cyber realm."
However the complexity of the cyber realm, along with the innovation and resources of terrorists and those committing cybercrimes, complicates the challenge of combatting and deterring cyberspace threats.
"The problem in cyber is this, the Department of Defense and the Army will never keep pace with the innovation going on right now in the tech industry, not in the (Science and Technology) world, not in the (Research Development Test and Evaluation) world," said Lt. Gen. Edward Cardon, former U.S. Army Cyber Command commander, during an Association of the United States Army forum addressing private and public partnerships Oct. 5. "Now, that's a little overstated but not too much."
Although the challenges highlighted by General Cardon make it harder for those who defend Army networks and mitigate cyberspace risks, USARCENT uses several defensive measures to protect its networks.
"We still rely on a defense in depth strategy to protect our information systems," said Sunderland. "Access to equipment, the permissions users are allowed to have on the network, and what devices can be plugged in are some of the more visible defensive measures often seen. Continual internal assessments, scheduled inspections from outside agencies, and cooperation with other agencies and companies in the civilian sector are added defensive measures that we often use to help remain agile in the defense of our networks."
One of the agencies USARCENT has been cooperating with is the Army's Cyber Center of Excellence, which is located at Fort Gordon, Georgia. Working together allows USARCENT to test its strategy and make recommendations to improve the Army's cyberspace warfighting capability. In an attempt to help combat potential cyber threats, the CCoE trains, educates and works to develop highly skilled Soldiers in cyberspace operations, signal/communications networks and information services, and electronic warfare professions. The CCoE also houses the U.S. Army Cyber School, which trains the Army's only career branch dedicated to cyberspace.
USARCENT's staff visited the CCoE Dec. 9, to become more familiar with what the CCoE does and has to offer, and the impact of cyberspace operations on USARCENT's mission.
The cooperation provides another way to educate leaders about the significance of this warfighting domain, requirements and implementation of CCoE-trained Soldiers, and importance of developing capabilities and processes to deter cyber threats.
In addition to educating and informing staff, USARCENT leaders believe this new strategy will require divergent thinking and involvement from all of its staff when it comes to integrating cyberspace operations, identifying vulnerabilities and defining ASCC cyberspace requirements.
"The strategy really says that (USARCENT) planners need to be thinking outside of the box," said Bidjou. "There is no doctrine which is written at this time which is going to say, 'Hey, go to page eight and tell me what your specific requirements are.' I think here is an opportunity for (USARCENT) staff to define for the Army what their peers would need to do at an ASCC level in (order to conduct) cyberspace operations."
Bidjou added everyone should look at it from a different perspective, point out potential mission-related vulnerabilities and communicate what needs to be done to fix those issues. It is important to ensure staff members have a better understanding of their specific warfighting requirements so that issues can be communicated and addressed.
While beneficial, exposing future potential challenges will entail USARCENT to overcome some of its own hurdles in the process. USARCENT leaders chose to accept the challenge despite the decline in manpower and limitation of funds. Mainly, due to the impact it would have on their Soldiers, facilities and resources in the long run.
"You really have to say: What makes sure our Soldiers are protected, our facilities are safe and resilient, and our war plans are protected against exfiltration or adjustment," said Bidjou. "If we're not doing it, who is?"
Bidjou said leadership's decision and interest in shaping the cyberspace doctrine speak volumes about their willingness to help improve not only USARCENT but also the Army. By passing on this opportunity, USARCENT would be placed at an operational disadvantage.
All in all, USARCENT officials believed the opportunity, despite the challenges, was worth embracing. They are hoping to move from the training and conceptual phase to the sustainment phase and begin executing the strategy prior to the end of next fiscal year.
"At the end of (fiscal year) 17/18, (we) should be resourced, educated, informed, and (have) already executed several exercises where degraded cyberspace environments have played a major role," said Bidjou. "And that financing, manpower and operational challenges have been addressed and trending from yellow to green -- actually executing the USARCENT cyberspace strategy."