United States Armed Forces Joint Cyber Command Strategy

Support SouthFront

Click to see the full-size image

Written by Lieutenant Colonel A. Batonov; Originally appeared at Foreign Military Review #12 2019, translated by AlexD exclusively for SouthFront

The United States continues to review national security approaches in the global network environment. The most important direction of this activity is to adjust the regulatory and legal framework that defines the functions of federal departments and subordinate structures in relation to cyberspace. Thus, in April 2018, the “Achieve and Maintain Cyberspace Superiority – Command Vision for US Cyber Command” (Command Complex, hereinafter referred to as the Strategy) was published – one of the key bodies of the Department of Defense responsible for solving a set of tasks in the field of information and technical impact on the enemy and protection of the American network infrastructure.

Click to see the full-size image

This document builds on the United States National Defense Strategy 2018 and presents the Pentagon’s view of the conduct of hostilities in this environment[1]. It defines the purpose, key tasks of the command, how to solve them and the necessary resources.

The Strategy reveals the main U.S. challenges in cyberspace, addresses issues of national policy in responding to network threats, legal regulation of the use of cyber force, risk prevention, and improvement of the existing security system for information infrastructure of the Armed Forces (AF) and the state as a whole.

The U.S. military recognises that global cyberspace has changed significantly over the past decade.  As a result of the spread of information technologies and communication media, new methods of information and technical influence on the enemy have appeared. It is claimed that “activities in this environment can produce strategically significant results”.

Under the Strategy, specific states have “roughly equal” cyber-potential with the United States and sufficient resources to launch full-scale campaigns. According to the document’s developers, Russia, China, Iran and the DPRK are actively financing military projects aimed at “reducing the competitive advantage” of the U.S. Armed Forces in the digital space. At the same time, previously applied approaches to the protection of American computer networks and information systems are actually recognised as ineffective.

The provisions of the Strategy demonstrate the readiness of the U.S. Armed Forces to significantly increase the activity of cyber-forces and to solve relevant tasks without moving to an open armed confrontation. It is planned to ensure dominance in information networks through “continuity of action”, which involves capturing and holding the initiative by pinning down the enemy and imposing competition on it in all segments of the global information sphere, as well as creating unfavourable conditions for his functioning in it.

The document is structurally divided into nine sections, which consistently address the following issues: challenges to the United States in cyberspace, the strategic environment, the operating environment, national digital policy, business continuity management in the network environment, the commander’s vision, long-term Command Complex objectives, risk minimisation and how to implement the Strategy.

In addressing current and emerging challenges, it is argued that military superiority on land, sea, air, and space plays a key role in the ability of the United States to advance its national interests. Conquest in these areas of dominance largely depends on cyber-dominance, which the United States risks losing. It is alleged that the adversaries are continuously fighting with the U.S., without crossing the line leading to the outbreak of armed conflict, increase opportunities for negative impact on American society, the economy and the armed forces of the country, carry out destructive activities in order to gain a competitive advantage and damage the interests of Washington and its allies. This situation is aggravated by the growing dependence of the United States on modern technology, the widespread informatisation of the American state.

According to the Pentagon’s analysts a fundamental change in the current situation requires active defensive (preventive) actions in cyberspace, localise the attacks before the enemy overcomes the defence or can cause damage.

Effective counteraction to rivals and the difficulty of predicting the situation is achieved through systematic networking activities with interagency and international partners. Based on this assessment, the conclusion is that U.S. military cyber-power must be flexible, cooperation with partners efficient, and operations in networks continuous.

In this context, the Strategy is seen as a road map for the Command Complex to gain and maintain superiority in cyberspace. The document stresses that the Command is responsible for countering the growing aggression of the opponents in the information sphere.

It is responsible for agreeing and coordinating the planning and implementation of cyber operations.

As an inter-species control body of the operational-strategic level, the Command Complex should be able to organise counteractions to the relevant threats. To that end, it is planned to coordinate activities in the digital environment, to provide reliable protection for networks and information databases, and to expand the range of possible actions both within the state and under the leadership of the commanders of the American Armed Forces.

In its analysis of the strategic environment, the Pentagon recognises that adversaries are exploiting the limitations within which the United States has chosen to operate in cyberspace, namely the traditionally “high threshold” of response to network activity. Washington’s rivals exploit the vulnerabilities of information systems, the state’s dependence on network infrastructure, and American values themselves to weaken democratic institutions and gain economic, diplomatic and military advantages. However, the number of threats in cyberspace is increasing, they go beyond geographic boundaries and are generally trans-regional in nature. Foreign countries have sufficient resources to carry out operations involving intrusion into secure networks, manipulation of software and information, and destruction of data, network equipment and systems.

It is noted that “a number of States have demonstrated the technical capabilities required to conduct strategic cyber-campaigns”, including theft of intellectual property and personal data, and willingness to use them. Over time, disruptive technologies (offensive hardware and software) will only increase the potential of opponents to solve such problems.

In addition, the document identifies “aggressive non-state actors” such as terrorists, criminals and hackers. They pose less of a threat than specific countries, but they also have the potential to damage U.S. military networks and critical infrastructure, and to endanger the safety of American citizens.

“Militant extremist organisation” such as ISIS, Al-Qaida (banned in the Russian Federation) and affiliated groups destabilise entire regions. Their actions affect the global interests of Washington, threatening directly the United States and American citizens around the world. These groups use cyberspace to promote their own ideology, strengthen the morale of their followers, and lead operations against the United States and its allies.

In turn, organised criminal groups can act independently or for the benefit of specific countries and terrorists. They have significant capabilities to steal data and block state functions carried out through cyberspace.

Hackers seek access to classified information or to harm government structures. It has been argued that civilian specialised structures are often insufficient to stop the malicious activities of these entities and that assistance from the armed forces is required.

In the section on “Operating Environment”, cyberspace is viewed as a highly volatile area with a changing structure, characterised by constant contact between actors in the network. According to the authors of the strategy, the emergence of new segments in it contributes to the emergence of vulnerabilities and provides new opportunities for attackers to have a destructive impact on U.S. information networks and systems. “No target remains static, no offensive or defensive means is effective for a long time, no advantage in cyberspace is permanent”.

The enemy is continuously engaged in offensive actions, as the cost of the attack itself is low, and the access to network resources and the hardware and software tools and algorithms used in this case remain relevant for a long period of time.

The development of cyber technologies allows all actors in the network to increase their offensive potential.

It is emphasized that in a rapidly changing environment, the United States needs to ensure the sustainability of its information infrastructure and its cyber defence to the maximum extent possible (as close as possible to enemy-controlled network segments), and to constantly combat malicious activity in over to maintain tactical, operational and strategic advantage over the enemy. Success in cyberspace is ensured by capturing the initiative maintaining the pace of activities and avoiding the enemy’s freedom of manoeuvre.

The section of the document “National Policy” considers activities in the information sphere in the context of ensuring state security.

According to the “National Defense Strategy” (2018), winning a strategic rivalry depends on the degree of integration of all instruments of national power.

Successful actions in cyberspace will ensure the U.S. superiority over the enemy in all environments. At the same time, the range of power and intelligence tools is expanding, and the resulting analytical information and pre-emptive data on threats obtained ensure national security.

The Strategy notes that a unified approach to protecting the information infrastructure of the United States and addressing challenges in cyberspace must be consistent with the dynamics of the changing environment. The situation is exacerbated by lengthy procedures for the approval and authorisation of network responses. Deeply penetrating the network, “the aggressor forces Washington to respond post facto (the so-called reactionary approach”). Cyber-attacks and unauthorised entry into information systems “are too expensive for the U.S. and bring great dividends to adversaries”. The “reactionary approach” therefore leads to unacceptable risks, as the security of American networks and data sets, decision-making processes and, ultimately, the success of all activities in cyberspace are at risk.

In order to prevent the adversary’s destructive actions in the information environment and to combat the growing threats, the Command Complex has been entrusted with the responsibility of developing capable cyber forces and building their capacity.

The section “Excellence through Continuity” revels the Pentagon’s new conceptual approach to task fulfillment in a worldwide conglomeration of computer networks.

It provides for the capture and retention of initiative in cyberspace by shacking and imposing rivalries on the enemy and creating an unfavourable environment for the enemy to function in that environment[2]. The method of implementation of the approach is coordinated manoeuvring by forces and means with simultaneous conducting both defensive and offensive actions. Task solution sphere is the global cyberspace, including segments located in close proximity to “hostile” networks.

Activities should be carried out on an ongoing basis in order to create advantage over rivals and prevent them from intercepting the initiative.

Cyberspace is an active environment in which superiority is constantly challenged. In this regard, cyber-command is required to maintain its strategic superiority by improving the stability of the information infrastructure, defending the frontiers of the network environment, and constantly fighting against aggressors. High resistance to information technology systems reduces the space for attack, allows you to predict enemy action and reduces response time.

The security of advanced segments of cyberspace that are as close to the enemy as possible is achieved by enhancing the operational capabilities of cyber forces. The strategy indicates the need to study the intentions and potential of opponents, identify weaknesses (vulnerabilities) in their networks, and counter malicious attacks outside their systems.

Thus, conducting a continuous information confrontation disrupts the enemy’s plans, increases the cost of its activities and forces the enemy to redistribute resources, paying more attention to defensive actions. The Pentagon plans to “pursue the aggressors” in all information networks and systems to hold them accountable for any destructive activity in cyberspace.

The intention of the Command Complex Commander should be to achieve superiority in the digital environment by capturing initiative at the tactical and operational levels and ultimately providing strategic advantage over the enemy. The measures taken should increase the manoeuvrability of U.S. troops, hinder the enemy’s activities and force them to focus exclusively on defensive activities.

In addition, they seek to undermine the confidence of the opposing side in the effectiveness of the network against the United States and its allies.

The focus of the Command Complex headquarters is on planning, preparing and conducting activities in cyberspace in full collaboration with the allied joint commands, branches of the Armed Forces, U.S. departments and agencies, industry and specialise structures. It is planned to involve new partners and strengthen links with Pentagon bodies working on cyber-related issues, in particular the Information Systems Directorate and the National Security Directorate of the Department of Defense, as well as with other parts of the intelligence community.

In addition, the Cyber Command Headquarters is tasked with assisting and supporting U.S. partners and sharing information with them to prevent common threats in cyberspace. This body is responsible for keeping the military and political leadership and commanders (chiefs) of the various levels of government informed in a timely manner about the existing challenges, the evolving situation in the network environment, as well as changes that need to be made in the guidelines and application of cyber force in order to guarantee superiority in cyberspace.

The long-term objectives (imperatives) of the Command Complex, aimed at maintaining strategic superiority in cyberspace and convincing the adversary of “the futility of confrontation with the Unites States”, have been identified as:

• operative mastering and introduction of innovations in the sphere of information technologies;
• making actual changes in the plans for construction, development, financing, training of cyber-forces and increasing their combat readiness;
• improvement of the regulatory and legal framework for power activities in the network space, optimisation of the relevant decision-making processes;
• organising support for U.S. troops on the front lines of the operational theatre and facilitating operations in physical environments;
• creation of conditions for effective solutions of information confrontation tasks;
• expansion, deepening and active use of intergovernmental and international interactions.

Particular attention will be paid to the organisation of active defence of the military and state network infrastructure, as well as to increasing the resilience of U.S. federal and commercial information systems in the face of the growing scale of the U.S. offensive cyber-force.

Under the section “Minimizing Risks”, Pentagon analysts suggested that the approaches set out in the Strategy allowed for certain risks to arise. First of all, they affect the use of small but highly demanded combat cyber units. The priorities set in favour of countering specific states (with significant cyber capabilities) and extremist groups compel to pay less attention to other actors in the global information network.

The Cyber Command Headquarters is seeking an indirect solution to this problem by improving the overall resilience of the Department of Defense’s information systems against all types of threats. This will make it possible to categorise most sources of malicious activity as “minor”.

This task requires focused intelligence sharing and collaboration with partners in law enforcement, the Department of Homeland Security and the United States intelligence community.

Risks are also predicted in the diplomatic field. According to the Pentagon, U.S. rivals condemn Washington’s efforts in the cyber sphere, calling them “aggressive”, and this strategy will be used by analogy as a demonstration of attempts by the United States to militarise the information environment. However, it is argued that modern cyberspace is already “militarised” by adversaries, and therefore the Command Complex reserves the right to defend national interests in the information sphere (a task set by the President through the Department of Defense) and intends to interact as widely as possible with allies and partners. It is planned to explain to the concerned authorities and society the origin of cyber-threats, to publicise the “defiant behaviours of opponents of the United States” and to explain the limitations of passive defence.

The section “Implementation of the Strategy” is devoted to the procedure for implementing its provisions. Each specific component of the cyber-command, cyber-force headquarters and relevant officials are required to use the document in their professional activities, to explain its provisions to their subordinates, to strive for the implementation of these tasks in practice, to obtain from personnel an understanding of their role and place in the overall plan, as well as to evaluate the effectiveness of the work carried out.

The publication of the U.S. Army Joint Cyber Command Strategy marked yet another attempt by the Pentagon to adjust U.S. military policy, making it aggressive and seeking to secure its superiority in various areas, this time in cyberspace. Emphasis is placed on the development of information and technical capabilities of cyber-forces, “simplification” of their combat application procedures and proactive actions (below the threshold of unleashing an armed conflict) with regard to “priority threats”, which, according to Washington, come primarily from Russia, China, Iran and the DPRK.

[1] In the U.S. military, cyberspace is recognised as a combat environment (along with land, air, sea and space).

[2] In the U.S. terminology, “superiority in cyberspace” is the degree of dominance that excludes an adversary’s opposition in the networked environment during land, sea, air, space and cyberspace operations. “Continuity in cyberspace” is the ability to continuously identify the opponent’s vulnerabilities and plan and execute cyber operations to counteract their network activities in a given environment.

Support SouthFront