Estimated Reading Time: 11 Minutes
By: Christopher Chin
“Today, we are emerging from a period of strategic atrophy, aware that our competitive military advantage has been eroding. In this environment, there can be no complacency—we must make difficult choices and prioritize what is most important to field a lethal, resilient, and rapidly adapting Joint Force. America’s military has no preordained right to victory on the battlefield.”
– James N. Mattis, Secretary of Defense
Strategic Landscape: As the United States Air Force returns to an era of Great Power Competition, the service needs to evolve how cyberspace forces and capabilities are brought to bear for warfare in the information age. After nearly two decades of strategic focus in the counter-insurgency/terrorism arena, the service’s cyberspace forces are not prepared to deter and win against our nation’s peer adversaries. As modern industry continues to advance towards software defined, hardware agnostic, data-centric solutions; the Air Force has yet to move on from its industrial age biases for vendor centric, hardware driven capabilities that is too rigid to support full-spectrum cyber operations, let alone the broader Air Force mission set. Compounding this challenge is an archaic talent management system, emphasizing breadth over depth during an officer’s early years, inhibiting the cultivation of technical proficiency and tactical expertise within the career field. Our adversaries have had a front row seat to the United States’ net-centric warfare approach since Desert Storm. Nations such as the People’s Republic of China and Russia have mastered the indirect, reflexive theorist approach designed to evade America’s military might; operating in the “grey zone” where their actions fall just short of direct armed conflict. Air Force Cyberspace Forces need to rapidly evolve from our current approach to training and equipping cyber forces to bring focused effects to bear for warfare in the information age. Cyber forces of the future must be able to effectively deter and win against a determined adversary that is fixated on eroding our nation’s democracy and power projection capabilities from within.
Current Situation: The recent 2018 Department of Defense (DoD) Cyber Strategy set forth an extensive range of mission requirements for today’s cyber warfighters. Due to the diverse skillsets and capabilities required to execute these missions, the Air Force has struggled to keep pace with the seemingly unquenchable thirst for new cyber capabilities and trained personnel. Today’s limited offensive and defensive forces, the Cyber Mission Forces, is a product of five year investment in the deliberate development of cyber operators that began back in October of 2013. Moving forward, the Air Force will not have the capacity, nor the lead time to keep pace with the demands of a digital age.
- Equipping the Force: Cyberspace capabilities today are procured and developed in stove-piped organizations that have limited linkages with the operational units they support. To this end, the capabilities procured often do not support a unit’s mission tasking, thus forcing operators to heavily modify capabilities on the fly. The service further lacks critical mass in the areas of software development and direct acquisition authority to meet the varied needs of a digital workforce. The current acquisition system is overly myopic on specified programs of record rather than how these systems integrate cohesively to ingest, analyze, and share data across organizations and mission sets. Today’s Cyber Protection Teams alone have over 200 distinct capabilities in their arsenal, many of which are duplicative in function and few that are able to effectively pass data from one system to another. Consequently, data sharing is accomplished through burning compact discs or mailing hard drives…taking hours to days for operators to effectively correlate threat data necessary to interdict threats to our systems. The current acquisition system coupled with the lack of integration with software development organizations severely limit our operator’s ability to be operationally agile in the dynamic battlespace that is the cyberspace domain.
- Training: The inability to effectively equip our forces has had severe implications on training our cyberspace forces to a common standard. As the sheer number of tools, technologies, and operating systems continue to expand, the demands being placed on the service’s training apparatus is becoming increasingly difficult to build, much less maintain. In many cases, training ranges, initial qualification training (IQT), and mission qualification training (MQT) for critical skillsets such as mission defense, software development, and data analytics required to make cyberspace operators a lethal force is completely non-existent.
NConsequently, much of training provided is not related to the employment of a mission platform nor its tactics, techniques, and procedures. Training today is more in-fact an education in information security, designed to hone operators’ skills to meet industry best practices and overly focused on security compliance and service delivery. As a result, qualification timelines for cyber forces are increasingly extended. After nearly three years of intense qualification training in a specified mission area, operators can find themselves transitioning to another unit with a completely different mission set, role, and new capabilities to learn…. starting over at square one. The prescription being offered today is “more training” rather than modernizing our service’s cyber operator training pipeline and developing a talent management system centered on the transferability of skillsets and past operational experiences.
Fortunately, industry and think tanks such as RAND and National Institute of Standards and Technology (NIST) have developed blueprints for developing and delivering cyberspace forces despite the challenges of a dynamic global environment. At the current rate, not only will the current military acquisition processes be too late to provide the capabilities warfighters require, but its operators will not have the training, nor experience to employ the newly acquired capabilities on mission.
Modern Industry’s Approach:
“Before assessing the population that makes up the existing cyber warrior workforce and pipeline, it is important to identify what capabilities are needed for cyber warfare and what training will best serve these needs” -2015 RAND Study: “Training Cyber Warriors”
Start with the Mission: Cyberspace operations in the Air Force today lack a specified set of defined mission types and core activities that aligns its forces, capabilities and training within a common operational framework to meet the Joint Force Commander’s desired outcomes. The definitions we depend on (as defined in JP 3-12 Cyberspace Operations) to articulate actions in the domain are not warfighting terms and are too broadly defined to be understood, much less train towards. Industry hires, trains, and develops their personnel to meet their specified organizational needs. So why wouldn’t the Air Force specialize its cyberspace forces the same? The National Initiative for Cybersecurity Education (NICE) within NIST utilizes the following framework for industry to follow:
Comparatively, the Air Force’s entire 17D (cyberspace operations) career field, from a combat communicator to an offensive cyber operator, is categorized into a single workforce category under a single career field education training plan (CFETP). As a result, the homogenized nature of how the workforce is organized and trained inhibits the development of technical proficiency and tactical expertise within cyberspace operations mission sets. The service should look to refine the missions and core activities within the 17D career field at large and develop distinct career training/developmental paths across mission sets with overlapping talent management pathways as the basis for growing a 21st century force. Once defined, job roles (workforce categories) within each mission set should have its own training pipeline with associated “knowledge, skills, and abilities” (KSAs) that correspond to its most junior operators all the way to its leaders required to execute cyberspace operations missions. Along these lines, career broadening would occur later in an officer’s career within planning, organizing, training, and equipping organizations that stand to benefit the most from a seasoned operator’s past experiences. Such a model would help develop the best of breed across cyberspace operations core functions (OCO, DCO, DoDIN Ops) while not foregoing breadth for these skill sets that are required at operational and strategic levels where cyberspace operations is best integrated as a collective whole.
Capability Delivery: Industry as a whole has transitioned to a hardware agnostic, data-centric, software-based approach to deliver a wide range of capabilities to meet the diverse consumer requirements in today’s globalized economy. “The cloud” as commonly referred to, is built upon on a common storage platform with an established standards for how data is ingested, processed and fused so that it can be utilized for information sharing, analytics, visualization, fusion, tagging, and interoperability across a wide range of mission sets. When a specified capability is required, software developers create applications and tailor them to the meet the operator’s need. In this model, the platform which the operator utilizes can be completely software based, delivered through a web-interface and completely hardware agnostic. Google for example, uses its search engine platform as the primary basis for delivering e-mail, messaging, information sharing, data visualization, navigation, and a host of other capabilities to users across the world.
Using a similar approach, the Air Force can develop or even contract for a consolidated data platform with associated standards designed to ingest and correlate data from multiple intelligence, surveillance, reconnaissance sources and sensors to perform the functions required for effects delivery. This singular architecture enables diverse cyber specialties from its network maintainers, developers, and operators to converge on a similar type of technologies and applications throughout the enterprise, thus enabling training and employment of forces to be normalized.
A common platform would further provide software development organizations such as 90th Cyberspace Operations Squadron, Kessel Run, Defense Innovation Unit X (DIUX), Defense Digital Service (DDS), the ability to directly link their developmental expertise to help field operational requirements at the speed of need…bypassing the lethargic acquisition process that has time and time again shown that it’s not able to meet the speed of modern information age warfare.
A Software Based Cyberspace Weapon System Platform
Expanding upon modern industry’s cloud capability delivery model, the next generation cyberspace weapon system should utilize software and web application as the primary platform that operators employ and deliver effects in and through cyberspace. Mission tailored applications can pull from intelligence and mission related data sources that both offensive and defensive sensors feed and share. Extrapolating from modern technology’s best practices, a software-oriented platform that enables maximum data sharing intrinsically breaks down stove pipes between tribes and organizations between offensive, defensive and ISR organizations within the cyberspace operations community. An example of a singular data-centric platform capable of delivering cyberspace capabilities and effects would look as such:
While this is a simplistic view of the requirements of tomorrow, the technology available to operate this way is not. Organizations such as Microsoft, Google, Netflix, and Amazon all employ similar frameworks for data sharing, capability development as well as service delivery…the same can hold true for a platform designed for effects delivery in the Air Force. Advancements in quantum encryption, data security, and identity management has shown that despite classification, data can be shared between databases and applications within the same architecture. While the nuances of offensive and defensive platforms vary, both mission sets have similar requirements in network storage, analytics, data processing, mission planning, and capability repositories that can be shared and tailored to mission needs as required. Because most cyberspace capabilities are not-standardized within mission sets, much of the training provided to cyberspace forces is varied. A common platform for cyberspace operations will help alleviate this challenge; thereby enabling mission requirements to converge on similar training paths and job roles. By transitioning towards a singular platform, the Air Force can reduce its focus from training in commercial information security best practices and more towards the tactics, techniques, and procedures required on mission.
In the future dynamic security environment, cyberspace operations will be the cornerstone of a Joint Force Commander’s scheme of maneuver. The Air Force simply cannot afford to have an overly homogenized cyberspace workforce with stove-pipe platforms and still expect to win in the 21st century information age. The service does not have the manpower, resources, or capability necessary for each individual organization to train and equip cyberspace forces in a distinct manner or on a case by case basis. At the current rate, cyberspace forces run the risk of the being an overly extended and segmented capability. To this end, building a technically proficient, mission aligned cyberspace force that employs a hardware agnostic, software-based power projection platform is critical to unifying and bringing to fruition the multitude of cyberspace effects to bear against a peer adversary. Doing so will increase cyber integration across all Air Force core missions sets while decreasing duplicative training and equipping requirements across the career field; further enabling the cyberspace force to normalize and lessons learned to be passed from one generation to the next.
Major Christopher Chin is a student in the Multi-Domain Operations Strategists concentration at Air Command and Staff College. He is a graduate of the USAF Cyber Warfare Weapons Instructor Course and has experience across offensive, defensive, and network operations mission sets at the Squadron, Major Command, Combatant Command, and Interagency levels. firstname.lastname@example.org
The views expressed are those of the author and do not reflect the views or official policy of the Department of the Air Force, Department of Defense, or any organization in the United States government.