According to a January--February 2010 Army Sustainment article by Lt. Col. Heber S. Meeks and Maj. Barton T. Brundige, sustainment units' intelligence sections have been "focused on protecting the convoys that carried supplies and equipment to the warfighter daily," during the last 18 years of counterterrorism and counterinsurgency campaigns. Intelligence personnel have identified potential threats and analyzed the enemy's effort to attack friendly supply lines since antiquity, but today the threats to sustainment are changing.
According to Training and Doctrine Command Pamphlet 525-3-1, The U.S. Army in Multi-Domain Operations 2028, as near-peer "adversaries have … expanded the battlefield geographically … multi-domain capabilities are less bound by geographic and time constraints."
Theater Sustainment Command (TSC) G-2 (intelligence) sections need to build a capability to identify multi-domain threats to logistics, which may or may not emanate from the combat theater. One historical axiom of battle is the desire of commanders to destroy or cut off the enemy's supply lines. Today, technology offers the enemy the ability to target supply lines from an adjacent state or the other side of the globe.
Russian and Chinese counter-space strategies, offensive electronic warfare (EW), and offensive cyber capabilities can jam, spoof, exploit, or destroy space-based reconnaissance and communications platforms preventing U.S. mission command. These offensive capabilities, based in the electromagnetic spectrum, have the potential to frustrate or confound theater-wide sustainment operations.
Consider the consequences of delivering the wrong munitions to a U.S. task force at the culmination of a conventional battle or a special operations forces' Joint Precision Airdrop System full of supplies to the enemy. Was the mistake human error, or was an enemy cyber unit inside a logistics computer network? The TSC G-2 section needs to have an understanding of, and the ability to identify, multi-domain threats in order to advise the TSC commander.
The Center for Army Lessons Learned Handbook 18-28, Operating in a Denied, Degraded, and Disrupted Space Operational Environment: Lessons and Best Practices, recommends that Army units prepare for, recognize, react, and report any attacks against space-enabled assets. In this type of environment, the G-2 section's responsibility is to recognize and report indicators and warnings of electromagnetic effects, recognize them for what they are, and not mistake them for computer glitches or human errors. If the attacks can be recognized as a disrupted phase, the potential for mitigation or counterattack increases, which reduces the likelihood of avoiding a denied environment, where theater-wide sustainment will be done by hand with pencil and paper.

Intelligence Support to Sustainment Functions
In recent years, there have been several articles examining intelligence support to sustainment at the tactical level, but few mention intelligence support at the theater level. Multi-domain attacks on sustainment functions can be employed during all levels of conflict from peacetime humanitarian operations to major combat operations. They are potentially most dangerous in near-peer conventional conflict.
Sustainment functions, such as base development, theater opening and reception, staging, onward movement, and integration, are key throughout the spectrum of conflict, and all are subject to an electromagnetic or cyberattack. Military intelligence personnel assigned to TSC G-2 sections need to understand and recognize the effects of non-traditional threats during planning and throughout an expeditionary campaign. The Department of Defense (DOD) Dictionary of Military and Associated Terms, defines a campaign as, "A series of related operations aimed at achieving strategic and operational objectives within a given time and space."
The five sustainment functions play a significant role in supporting the deployment, scale, and duration of any campaign in peacetime or war. In recent deployments, the expeditionary sustainment commands' (ESCs) intelligence sections and their subordinate brigade intelligence sections have handled security manager functions and the challenges of tactical intelligence support to logistics to include attacks against the staging of supplies, logistics bases, and convoy route security.
At the TSC G-2 level, there is a need for a dedicated effort to increase awareness of indicators and warnings of the effects of cyber, EW, and counter-space operations against this expeditionary supply chain. As Lt. Col. Devon Blake and Chief Warrant Officer 4 Deloye Meacham note in their March--April 2013 Army Sustainment article, "Intelligence Support to Sustainment Operations: Lessons Learned from the Iraq Drawdown," intelligence elements supporting sustainment do not "conduct lethal targeting, nor do they own any organic intelligence, surveillance, and reconnaissance assets."
Additionally, they are not responsible for securing computer networks from cyberattack, negating the impact of enemy counter-space systems, or countering adversary EW.
The responsibility of intelligence analysts is to identify enemy capabilities, search for these often disparate indicators and warnings of enemy actions, advise the commander, and share the information with those who need to know. No intelligence section operates in a vacuum. Sustainment intelligence sections should coordinate efforts with other associated units, including the Defense Logistics Agency, Military Surface Deployment and Distribution Command, and Army Sustainment Command.
Indicators and warnings of the enemy's use of cyber, EW, or counter-space activities, such as jamming or spoofing GPS, may not be theater-wide. Subsequently, they may target sustainment functions in dispersed locations. What looks like a broken Blue Force Tracking system in one convoy at the unit level might actually be part of a pattern of an attack against the varied elements of the theater-level supply chain.
This emphasis on the importance of theater-level intelligence support to the TSC commander reflects the importance of the combat logistics chain.
In "Mission Command of Sustainment Operations," published in the January--March 2019 issue of Army Sustainment, Maj. Gen. Steven A. Shapiro and Maj. Oliver Davis write, "In a theater area of operations, mission command of sustainment operations is the senior sustainment commander's authority to direct all sustainment based on the sustainment priorities established by the combatant commander."
Therefore, the TSC G-2 section needs to prioritize the analysis of enemy kinetic and non-kinetic capabilities to avoid the trap of overanalyzing enemy capabilities and actions in lower level tactical reports. The TSC G-2 should ensure that tactical analysis is a priority at the ESC level in order to free up TSC intelligence analysts for the multi-domain fight.
If possible, a dedicated "multi-domain intelligence cell" should be established to focus on theater-wide cyber, EW, and counter-space threats to help prevent the enemy from using the electromagnetic spectrum to cut our physical supply lines.

Cyber/EW Threats to Sustainment
In 2017, the commander of U.S. Transportation Command, Air Force Gen. Darren McDew, noted in his PRISM 7 article, "Power Projection in the Digital Age: The Only Winning Move is to Play," that "the adversary only needs to deny our ability to move the force by attacking our virtual lines of communication or injecting doubt into the system, causing us to question our operations or the integrity of our deployment data."
If the enemy changes, corrupts, or simply deletes logistics data on the battlefield, it would greatly amplify the confusion experienced in an expeditionary environment. In the DOD, the parlance that logistics runs from "factory to foxhole" suggests that sustainment intelligence needs to train and exercise for cyber, EW, and counter-space threats.
Russian cyber and EW capabilities are some of the most effective in the world, and Russia has demonstrated a willingness to use them across the spectrum of war. We must assume that a near-peer enemy with similar capabilities would target U.S. sustainment operations by paring physical and electromagnetic attacks with cyberattacks.
In recent years, Russia has demonstrated a capacity to employ these capabilities in Georgia, Ukraine, and Syria. In Crimea and Ukraine, Russia jammed and spoofed navigation satellites that incapacitated GPS for radios, phones, and even some drones. It is likely Russia sees Ukraine, Crimea, and Syria as testing grounds for its cyber, EW, and counter-space capabilities.
China has highly developed cyber capabilities that it has used to hack foreign government networks in order to steal sensitive information. A hack or penetration of a sustainment network by an enemy could result in numerous nefarious outcomes. The ability to integrate the wide variety of units that support the logistics enterprise would be highly degraded with an enemy in the network.
According to Amanda Macias's CNBC article from July 5, 2018, China is also expanding and testing its EW and counter-space capabilities in places like the South China Sea. Both Russia and China have developed and tested cyber, EW, and counter-space capabilities, and those capabilities currently reside in both countries' arsenals.

Other Logistics Chain Vulnerabilities
Cyber, EW, and counter-space threats to sustainment functions are not beholden only to near-peer actors. The robust means to jam communications and integration functions, and to conduct cyberattacks, already exist in smaller states and some terrorist groups, such as the Islamic State group, due to the relatively low cost of these capabilities. Small states and non-state actors might not be sophisticated enough to compromise a U.S. sustainment computer network, but the U.S. military does not go to war alone.
What about our coalition partners or commercial logistics providers that make up the factory-to-foxhole network?
According to the U.S. Transportation Command, roughly 50 percent of wartime transport capability comes from commercial industry. In theater, commercial logistics firms have played an essential role in the last 18 years of armed conflict. These non DOD entities pose a vulnerability. Potential coalition and commercial industry partner vulnerabilities could send theater sustainment functions into chaos without ever breaking U.S. networks.
If a commercial truck convoy's GPS spoofed routing it into an ambush, the result could be disastrous and offer the enemy a propaganda victory. As noted earlier, the protection of these systems, DOD or otherwise, is not the role of the TSC G-2 section, but it is the responsibility of the G-2 to be cognizant of indicators and warn of these capabilities in its area of responsibility.
In "Visualizing Distribution as an Effect, Rather than a Service," an online Army Sustainment article published in December 2018, Maj. Daniel J. N. Belzer writes that, during major combat operations, consistent consumption data is essential and could place tactical units at risk. Offensive cyber, EW, and counter-space operations against the sustainment enterprise could create a shockwave across the theater of operations. TSC G-2 sections need to emphasize analysis and collection against these multi-domain threats, from both inside and outside of the theater, to sustainment forces.
Leaders should emphasize the pre-deployment training of analysts in cyber, EW, and space-based threats through formal training, such as the Army Space Cadre Course and Electronic Warfare Integration courses. Training in cyber indicators and warning is available to intelligence analysts and should be pursued aggressively in coordination with the unit's G-6 section.
Additionally, the intelligence section should embrace the Army's recommendation to exercise operating in a denied, degraded, and disrupted environment by including indicators and warning of cyber, EW, and counter-space effects in staff and field exercises.
The TSC G-2 section needs a multi-domain intelligence cell with trained intelligence analysts to understand and identify cyber, EW, and counter-space threats. This asset will ensure the sustainment commander can effectively maintain mission command over sustainment functions.


Capt. Matthew Miller is an Army Reserve military intelligence officer currently serving the G-2 section of the 79th Theater Sustainment Command in Los Alamitos, California. He holds a master's degree from the London School of Economics and a doctorate from the University of New South Wales at the Australian Defence Forces Academy. This article was written while he was attending the Joint Command, Control, Communications, Computers and Intelligence/Cyber Staff and Operations Course at the Joint Forces Staff College.