Vulnerabilities of Multi-Domain Command and Control (Part 1)

By: John Donaldson and Charles Sciarini

Approximate Reading Time: 8 minutes

Editor’s note: The following is the first installment in a 2-part series identifying threats to multi-domain command and control concepts. Part 1 of the series discusses threats to tactical and strategic communications, and how those threats impact information sharing.

Multi-Domain Command and Control Fundamentals
There are some underlying flaws and vulnerabilities with a multi-domain operations (MDO) concept focused on the Air Operations Center (AOC) when operating against a peer adversary with robust electronic warfare (EW), cyber, and space capabilities. MDO has become an emphasis item over the last few years. The Chief of Staff of the Air Force (CSAF) highlighted MDO as one of his focus areas in 2017 and emphasized Multi-Domain Command and Control (MDC2). His stated goal in his letter was the creation of an architecture that can leverage air, space, and cyber capabilities in concert to overwhelm an adversary through multiple dilemmas across domains. While a detailed doctrinal description of MDC2 implementation and characteristics is unavailable at this time, several themes have emerged through interviews and press releases at the unclassified level. Brigadier General Saltzman, the Air Force lead on MDC2 stated “assured communications” are a requirement for effective MDC2 operations. Leveraging big data in order to build a holistic common operating picture from disparate information sources is another common theme in current MDC2 interviews and articles. The Air Force also placed emphasis on leveraging expertise at AOCs through the addition of the 13O career field. From these descriptions, a concept of operations emerges in which the AOC leverages the intelligence derived from distributed sensors in different domains to coordinate the execution of operations in air, space, and cyberspace with “assured communications” meaning a reasonable certainty that the disparate forces linked into the MDC2 construct maintain the ability to communicate and share information.

Joint Doctrine defines Command and Control as “the exercise of authority and direction by a properly designated commander over assigned and attached forces in the accomplishment of the mission.“ The capacity to direct forces requires effective two way communications and an understanding of the current Operational Environment (OE), JP 3-0 states the C2 function includes the task to “communicate and maintain the status of information across the staff, joint force, and with the public as appropriate.” The free flow of communication and information requires superiority or dominance in space and cyber domains, just like freedom of maneuver in the air requires air superiority. Since peer adversaries possess significant space, cyber, and EW capabilities that can sever communications at several points in the communications architecture, a top-down process focusing MDO planning and control at the AOC and above will not provide the necessary flexibility or resiliency to effectively manage and process the tempo of operations across domains. The Air Force should redistribute its current AOC emphasis in MDC2 toward a distributed execution model focused on initiative at the unit level as well as the operational level to create a force that can operate at a rapid tempo in concert or independently across respective domains based on the commander’s intent.

OTH, multi-domain operations, emerging security environment
Chinese Counter-UAV System

Centralized Control Reliance on Assured Communications
The centralized control of multi-domain operations against a peer threat that MDC2 currently emphasizes is unrealistic. Effective C2 requires the ability to relay orders to subordinates, as well as the ability to pass and receive information up- and down-echelon. In addition to this requirement, current MDC2 articles also emphasize use of big data analysis and data fusion to create a shared Common Operating Picture (COP) to synchronize operations between air, space, and cyberspace. Ideally, an AOC that is perfectly aware of friendly and enemy dispositions across the Operational Environment, while capable of near instantaneous communications, can direct forces to execute a synchronized operation across domains that dominates adversaries both physically and mentally. But the synchronized operations that utilize an accurate COP as currently described by MDC2 proponents would require rapid, accurate information exchange across large distances and multiple domains. Inaccurate, incomplete, or untimely information about friendly or adversary forces would cause both operations and effects to desynchronize in the MDC2 construct. The need to relay information and commands across echelons to control operations effectively is a hallmark of traditional Air Force command, control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR) operations and the reason for the emphasis on “assured communications.”

Threats to Assured Communications
However, assured communications is unlikely as capable adversaries will either sever or severely degrade one of the many connection points in the C4ISR architecture that enables MDC2. Many U.S. cyber, space, and intelligence capabilities and agencies that would drive the MDC2 COP remain within the Continental United States (CONUS) while operations in the physical domains are primarily overseas. While this distributed model is ideal for peacetime operations and counter-insurgency, it creates separation between conflicts on other continents and stateside units and capabilities. These stateside units contain many of the personnel and the capabilities required for multi-domain effects. Stateside capabilities also network many space and cyber capabilities incorporated by big data analysis and fusion into the COP. This separation, bridged in peacetime by communications networks that are heavily reliant on space, cyber, and the electromagnetic spectrum (EMS), become a liability against a peer adversary. Physical attacks on communication lines like undersea cables or phone switching stations, jamming in the EMS, and enemy offensive cyber capabilities could sever or severely disrupt effective communications and data sharing with USAF CONUS-based operational space, cyber, or intelligence capabilities. Within the Operational Theater, the same threats to communications lines through EMS, space, and cyber capabilities can severely hamper communications between operational C2 at the AOC and subordinate Wings. Denial or excessive degradation would limit effective pre-mission coordination for flight operations, disrupt distribution of the air tasking order to flying units, and prevent or degrade AOC planning for space and cyber capabilities. During mission execution, EMS and cyber effects could sever or disrupt AOC control of air assets, while depriving or limiting its control of offensive space and cyber capabilities. While still in nominal command of air, space, and cyber operations, the AOC or any other C2 agency would likely lose the capacity to effectively control MDO against a peer adversary.

If technology advancements and procurements assure communications at all levels of MDC2, adversaries could still degrade available bandwidth through space, cyber, EMS, or physical attacks on communications networks and nodes. Degraded bandwidth, while seemingly innocuous, limits the ability of CONUS-based intelligence capabilities to receive information from theater and national collection assets by restricting the flow of unfinished data from these sources. Reduced bandwidth also limits the amount of finished intelligence that these agencies provide the AOC. This limitation can happen in several ways. Receipt of raw information could be delayed until the original collection by the surveillance or reconnaissance asset is no longer tactically or operationally relevant. Just like data from wireless networks can be corrupted or delayed due to RF interference, the data from collection assets transmitted over RF to and from satellites and ground stations to CONUS, may be corrupted, incomplete, or delayed. This would complicate exploitation and cause an incomplete, inaccurate understanding of the Operational Environment (OE). Additionally, the CONUS-based units may not be able to distribute the desired intelligence products to the tactical and operational level in the AOR causing an inaccurate and desynchronized COP across echelons and domains.

Impact of Degraded Communications on the Common Operating Picture

OTH, multi-domain operations, emerging security environment

As an analogy, this problem would be similar to deployed service members using a video communications application like Skype to talk to their stateside families over a public wi-fi network. Bandwidth per person shrinks due to heavy use by several individuals. While data packets still exchange between the two locations making a call, limited bandwidth renders the video chat function unusable. Communications between operational and tactical-level units within a theater would also suffer from limited bandwidth, although likely not as severe. This reduces the number of attack vectors, but bandwidth limitation could still limit transmission of an accurate COP between geographically distant assets or between tactical units and the operational controlling agency. So the COP, far from an accurate representation of the current Operating Environment that creates shared understanding across echelons, is now likely incomplete or inaccurate.

This inaccurate or incomplete COP would likely inhibit operations at all levels of a potential conflict. But the impact of an incomplete COP would be greatest at an organization that had no organic sensor capabilities. This would likely be a unit or agency reliant on networked information like the AOC. Tactical-level airplanes and units leverage a COP but can also rely on organic sensors to supplement their understanding of the OE to accomplish their mission. In the MDC2 construct as described in articles and interviews, the AOC is supposed to leverage the capabilities of air, space, and cyber to synchronize their operations and present multiple problems for an enemy. But an AOC would be unable to do this if it could not develop its own accurate mental model of the current OE and direct planning and execution to overwhelm an adversary. If an adversary leverages cyber, space, and EMS effects to degrade bandwidth or deny communications, a force reliant on the AOC for direction and control will lose its decision superiority. An MDC2-directed force reliant on decision superiority and synchronization capabilities by using a centralized command and control structure at the operational and strategic levels will not execute effective decision-making against an adversary with robust cyber, space, and EMS capabilities.

Major John Donaldson is an RC-135 Electronic Warfare Officer assigned as an Action Officer on the Joint Staff. He is a graduate of the United States Air Force Weapons School and the United States Army Command and General Staff College. His previous experience includes Weapons and Tactics assignments at the Squadron and Wing levels, as well as numerous deployments worldwide for Operations INHERENT RESOLVE, ENDURING FREEDOM, and ATLANTIC RESOLVE.

Major Charles Sciarini is an RC-135 Electronic Warfare Officer assigned as a Strategic Policy Fellow to the Joint Staff. He is a graduate and former instructor of the United States Air Force Weapons School. His previous experience includes joint electronic warfare integration at the Weapons School as well as Weapons and Tactics assignments at the Squadron and Wing levels. He deployed numerous times in support of Operations INHERENT RESOLVE, ENDURING FREEDOM as well as flown missions in support of EUCOM, NORTHCOM, and SOUTHCOM.

The views expressed are those of the authors and do not necessarily reflect the official policy or position of the Department of the Air Force or the US Government.

OTH, multi-domain operations, emerging security environment
Print Friendly, PDF & Email

3 thoughts on “Vulnerabilities of Multi-Domain Command and Control (Part 1)

Leave a Reply