It’s time to take the human domain seriously. USCYBERCOM is our chance.

USCYBERCOM presents an opportunity to effectively implement human domain forces in a high-threat, resource constrained environment.

Estimated Reading Time: 5 minutes

By Julie “Pistol” Janson

On 4 May, U.S. Cyber Command was elevated to the tenth combatant command (CCMD) “in response to the changing face of warfare.” According to chief Pentagon spokesperson Dana W. White, “the cyber domain will define the next century of warfare.” While this may be true to some degree, the Department of Defense (DoD) would be remiss to once again forget that the human “domain” has defined warfare from the beginning.

When I commissioned in 2006, cyber was the new buzzword and the Air Force now specialized in “air, space, and cyber.” During my first assignment, at the Air Force Research Labs, my exploratory office was tasked to investigate the human factors that would play a role in the not-yet-identified cyber domain. Around the same time, the Air Force was starting an experimental cadre of Information Operations (IO) officers, arguably the military subject matter experts (SMEs) of the human domain, using existing behavioral scientists. Twelve years later, cyber has its own Combatant Command while Air Force IO has managed only to establish a very small career field. Why is this?

Well, to the delight of nerds everywhere, cyber is sexy. It offers mind-blowing solutions to wicked problem sets. It is also technical, and therefore possible to quantify and articulate in normalized tactics, techniques, and procedures (TTPs). While at times difficult, it is possible to assess. And, if we are being honest, there are many who see it as a silver bullet solution. While this may not be true, the Air Force knows better than anyone that it’s better to overpromise and underdeliver when it comes to standing up a new service or CCMD. No one wants to hear that something might work some of the time. They want decisive advantages; cyber can offer that, at least in theory, and likely in practice if utilized effectively.

Unlike cyber, the human domain is not sexy at all. It is absurdly complex, cripplingly difficult to assess, time-consuming and, well, weird. I was once introduced by my Colonel during a mission brief as the girl who was going to talk about “all of that touchy-feely bullsh*t.” There are no black and white answers, and military decision-makers do not like that. (As a reminder, there is no doctrinally defined human domain — there is actually no doctrinal definition of “domain” but that is another subject — but we at Over the Horizon and the Multi Domain Operational Strategist program (MDOS) refer to it as the sixth domain.)

Here is the rub. While the DoD correctly recognized the rapidly evolving threat of cyber attacks when it established U.S. Cyber Command as a subunified command in 2009, the DoD failed to understand that worthwhile cyber effects in the human domain can only be accomplished when coupled with a deep understanding of the leadership, populations, and organizations composing the target. Russia proved this with their election interference. Their overall attack strategy was about not just understanding what networks and programs to infiltrate, but which psychological buttons to push. For example, over three thousand incredibly specific and inflammatory ads purchased by an Internet troll farm sponsored by the Kremlin were funneled with laser precision to narrow categories of social media users. One has to respect Russia’s comprehension of the combined power of cyber and human effects.

So what is the solution? I am not advocating for a HUMANCOM. On the contrary, I propose that the Air Force focus its extremely limited number of IO professionals on cyber domain integration. Embed this group within USCYBERCOM and its supporting organizations. Grow future IO professionals alongside cyber professionals so that they can develop a common language.

Note that I say alongside, not together. The biggest difference between cyber and IO professionals is the level of tactical expertise required. Top cyber operators are selected for National Security Agency (NSA) internships to hone their execution capabilities. IO professionals should be doing shorter internships across multiple government, commercial, and academic institutions. These organizations include the NSA, Central Intelligence Agency, Defense Intelligence Agency, think tanks, contractors, and universities who employ long-term experts in fields such as psychology and anthropology. The reality of military assignments is that no officer is allowed to stay in the same job for more than a few years; therefore, it is a waste of time and effort to attempt the same level of “regional expertise” employed within external organizations. Leadership and culture experts in these organizations retain and hone their knowledge set for decades. Therefore, IO professionals should be connectors who know where to find the best expertise across organizations and then translate that information for commanders to meet military objectives.

Countless leaders want human domain experts embedded in every planning cell throughout the military, as documented in the after action reports of repeated IO road shows. But the reality is that, right now, this is not possible. The human domain and IO career fields across the services do not have the funding, or the advocacy, to meet those manning requirements. The result, in the Air Force especially, is that IO professionals are sprinkled throughout the service at various levels, which makes standardized TTPs across each of the levels of planning next to impossible.

I agree that cyber, and the larger electromagnetic spectrum (EMS) domain, will define the next century of warfare. But to execute cyber operations without understanding the humans at the other end of affected devices is quite simply an exercise in foolhardiness. And to simply defend our networks without understanding our attackers is outright dangerous. Russia gets this, and the U.S. needs to get on board — fast. It is nothing short of a national security imperative. While cyber can achieve profound effects across the various levels of operations, the human domain has always, and will always, be the determining factor in whether or not we achieve desired strategic outcomes.

I have heard and read dozens of statements about how critical the human domain is and how woefully underequipped the US military is in understanding this domain. Recently, USCYBERCOM’s commander, newly confirmed Army General Paul Nakasone, has indicated that information operations, which currently are not within the purview of Cyber Command’s capabilities, could be folded into its toolset. Wouldn’t it be something if our most technical CCMD became the champion of the most “touchy-feely” domain? The human domain needs real advocacy because our top adversaries already understand its importance and excel at wielding its power against us.

It’s time to stop talking and do something.

Hopefully USCYBERCOM will rise to the occasion.

Julie “Pistol” Janson is part of the first group to earn the Information Operations Officers AF Specialty Code in the Air Force. She has over twelve years of experience in Information Operations and planning at the tactical, operational, and strategic levels. She is currently stationed at Maxwell AFB as a student in Air Command Staff College and will PCS this summer to the Pentagon where she will assist in Air Force IO career field and program management. She can be contacted at julie.janson@us.af.mil or @JulesJanson.

The views expressed are those of the author and do not necessarily reflect the official policy or position of the Department of the Air Force or the US government.

Leave a Reply