The US Army is enhancing its offensive and defensive cyberoperations capabilities across the board, but is doing so largely in the shadows.
In 2023, the United States Cyber Command (USCYBERCOM) became a teenager, having plied its trade since May 2010. In its own words, USCYBERCOM’s mission “is to plan and execute global cyber operations, activities and missions to defend and advance national interests in collaboration with domestic and international partners across the full spectrum of competition and conflict.”
Broadly speaking, these “operations, activities and missions” include protection of the US Department of Defence’s Information Network (DODIN). DODIN comprises all the DOD’s non-classified and classified computer networks the department depends on daily. Alongside protecting DODIN, USCYBERCOM responds to cyberattacks against the US and her Critical National Infrastructure (CNI). Beyond these two defensive missions, USCYBERCOM has an offensive remit performing cyberoperations for the US military.
These operations focus on ensuring “the security of networks, data and weapon systems across the world.” The command can also be called upon by its political and military masters to “disrupt, degrade and destroy the capabilities of malicious cyber actors and foreign state adversaries as directed.”
One could be forgiven for thinking this impressive list of tasks and missions is achieved with legions of trained personnel working from desktop computers and laptops connected to large banks of servers. This is partially true. However, like the US armed forces and other militaries around the world, USCYBERCOM does procure dedicated capabilities. One such programme is ‘Starblazor’ which media reports state may have commenced in 2020. Little is known about the initiative.
Some commentary has said that Starblazor was realised in conjunction with the US Army’s Cyber Centre of Excellence. The crux of the initiative was to rapidly develop and deliver Electronic Countermeasures (ECMs) and cyber effects. Stefan Soesanto, senior researcher at the Centre for Security Studies at the ETH Zurich research university in northern Switzerland, has produced an intriguing report entitled ‘A Digital Army: Synergies on the Battlefield and the Development of Cyber-Electromagnetic Activities.’
Published in 2020, he wrote that Starblazor was focused on embedding coders and software developers at the tactical edge. The logic behind this pilot programme was to provide extremely agile responses to battlefield cyber threats and/or to support manoeuvre using cyber effects. The army considered this much more responsive than having to go up and down echelon to request and receive cyber capabilities as and when needed. In addition, Starblazor also allows Electronic Warfare (EW) and cyberoperations cadres to work closely together at the tactical edge, which makes sense.
Today’s and tomorrow’s military operations will be performed in electromagnetically congested environments. Take the ongoing war in Ukraine as an example. According to Worlddata, a German research company, as of 2021 almost 56 million mobile phones were in use in Ukraine. That corresponds to 1.3 per person. Mobile phones routinely use frequencies of circa 850 MHz to 1.9 GHz. This spans much of the Ultra High Frequency (UHF) waveband (300 MHz to 3 GHz).
Armies, Russia’s and Ukraine’s included, routinely use UHF frequencies for land forces tactical communications. If we take Motorola’s SRX-2000 squad radio, this uses frequencies of 700-800 MHz, according to the manufacturer. The challenge in an operational theatre will be finding military radio signals in the morass of electromagnetic noise caused by everyday mobile phone use.
Such tasks get more vexing when Communications Intelligence (COMINT) experts are trying to locate high value individuals such as opposing senior offices from the red force via their mobile phone signals. In January 2023, CBS reported that mobile phone signals from Russian soldiers helped Ukrainian artillery locate hostile troops. Rudimentary Communications Intelligence (COMINT) systems could detect and locate the signals. That these signals came from Russian troops could have been corroborated with imagery intelligence.
For example, live video footage from an Unmanned Aerial Vehicle (UAV) could have confirmed the troops’ location. The video footage may have even shown to them using their mobile phones. Then, it is a matter of sharing the latitude and longitude coordinates of the targets with Ukrainian artillery which then does its deadly work. As the CNN report stated, even the Russian military admitted that unauthorised mobile phone use by their own troops had contributed to a lethal Ukrainian attack in early January 2023 which killed 89 soldiers. Sources from the Electronic Warfare (EW) world have told this author that Ukraine has enjoyed success against several senior Russian Army commanders. These commanders have been located via their mobile phone use and then killed by artillery.
As of 11 July 2023, the Russian military has confirmed that six of its generals have been killed during the invasion. The sources continued that techniques and technologies developed by the US and her allies during counter-insurgency operations in Afghanistan and Iraq have been instrumental in helping locate these generals via their electronic emissions. Activating one’s mobile phone in a warzone is tantamount to giving the enemy not only your location, but most probably also that of your comrades. One potential task of USCYBERCOM could be to employ its vast computer resources to comb through torrents of radio signals to find that all-important signal of interest.
Strategic Cyber Posture
The US Army is an enthusiastic adopter of cyberwarfare capabilities which feed into the overall missions of USCYBERCOM discussed above while also supporting the US Army manoeuvre force. The Department of the Army’s Management Office – Strategic Operations (DAMO-SO) supervises the digitalisation of army warfighting systems according to reports. DAMO-SO’s mission covers all levels of war, from the tactical edge to the strategic level. The organisation was known as DAMO-CY until 2020, the ‘CY’ standing for cyber. The change to ‘SO’ was made to reflect the army’s embrace of Multi-Domain Operations (MDO).
This is part of the wider MDO direction of travel of the US DOD and America’s armed forces.
To summarise MDO in brief, these strive for the full intra- and inter-force connectivity of every person, platform, base, weapons system, sensor and capability (henceforth known as assets), at all levels of war. The goal of MDO is to achieve a better quality and pace of decision-making vis-à-vis one’s adversary. Requisite levels of connectivity will see an unprecedented reliance on communications networks. Robust, efficient and redundant networks will be needed to carry data between these assets.
As DOD discussions on MDO make clear, cloud computing plays a key role in this vision. ‘Combat Clouds’ will be the battlespace repositories where intelligence, surveillance and reconnaissance (ISR), and command and control (C2) data are shared across these assets. Securing MDO networks and combat clouds against cyberattacks will be paramount. It makes sense for the army to fold its strategic cyber posture into its wider strategic MDO-focused digital transformation. Soesanto explained that DAMO-SO “serves as a policy integrator, whose task is to figure out how to better organise, restructure and resource the army in the non-kinetic realm.”
Operational level
While DAMO-SO is arguably concerned with the wider strategic orientation of the US Army’s digital posture, the force’s Cyber Support to Corps and Below (CSCB) initiative moves cyber capabilities into the manoeuvre force. CSCB is primarily concerned with cyberoperation from the corps level downwards. Soesanto wrote that initial army plans called for the CSCB to embed cyber specialists at the brigade level. There, they would support training and exercises. Army exercises performed in 2016 at Fort Irwin, North Carolina, proved instructive by indicating desired cyber specialist numbers to support brigade- and company-level manoeuvre.
Plans called for up to 45 specialists to be deployed with a brigade, with a company having up to three dedicated cyber personnel. One of the takeaways from these exercises was that cyber specialist numbers were insufficient to support the brigade during the exercise. CSCB has since been renamed to stand for ‘Cyber and electromagnetic activities Support to Corps and Below’. Soesanto says this name change reflects lessons learned from army exercises, chiefly that cyber specialists must also have military intelligence, EW and even space warfare skills.
As Ukraine has illustrated, electronic warfare capabilities like COMINT will need to be tightly integrated with other disciplines such as human intelligence (HUMINT) or Imagery Intelligence (IMINT). Let us suppose the intention is not to use COMINT and IMINT to fix and kill hostile troops via their mobile phone signals. Instead, a plan is hatched to deliver false or demoralising information to these mobile phones to attrit enemy morale. This plan may call for malicious code to be delivered to these phones via a radio signal transmitted from the force’s EW equipment. One immediately sees how important the synergy between these respective disciplines is.
It is instructive that one of the training systems the US Army has at its Muscatatuck Urban Training Centre in Indiana is the Social Media Environment Internet Replication (SMEIR) system, which creates a social media environment to support urban warfare training exercises. This is particularly important as battles for hearts and minds are now largely fought on social media. SMEIR allows US Army cyberoperations experts to hone skills and tactics in the social media sphere as much as on the battlefield.
While the CSCB is arguably concerned with cyberwarfare at the operational level, with some overlap into the tactical domain, the latter is the preserve of the army’s new Cyber Battalions. On 15 December 2022, the 11th Cyber Battalion (11th CYB) became the army’s first Cyber and Electromagnetic Activities (CEMA) battalion. Reflecting the synergy of the cyber and EW missions in the Army’s own words, this new unit “can deliver a range of non-lethal, non-kinetic effects – including offensive cyberspace operations and EW capabilities.”
The activation of the 11th CYB, as the unit is known, followed the deactivation of the 915th Cyber Warfare Battalion. This latter unit had been raised as a result of the CSCB’s activities. The 915th was intended to support tactical formations of Brigade Combat Team (BCT) size and below. The Starblazor pilot programme discussed above was originally earmarked for the 915th, wrote Soesanto. It seems reasonable to assume these capabilities have now transitioned into the 11th CYB.
An official army press release announcing the activation of the 11th CYB described it as the force’s first and only CEMA battalion. The press release continued that the 11th CYB’s order-of-battle includes three companies and an eventual twelve expeditionary CEMA Teams. It appears the 11th CYB will be an independent formation with its expeditionary CEMA Teams and companies supporting the manoeuvre force in scaled fashion.
The US Army is in the midst of a reorganisation which sees it adopting the division as the principal manoeuvre unit. This reconfiguration is the result of the revival of strategic great power competition, the Army has said. Larger formations are needed to challenge the military power of rivals such as the People’s Republic of China (PRC) and Russia. This marks a break from the BCT as the primary unit of manoeuvre, which had been developed as a result of the US-led counterinsurgency operations in the Afghanistan and Iraq theatres, both of which required agile, rapidly-deployable manoeuvre units.
Operational/tactical level cyberoperations are also facilitated by the army’s experimental Intelligence, Information, Cyber, Electronic Warfare and Space (I2CEWS) battalion-sized units. One I2CEWS battalion equips each of the army’s Multi-Domain Task Forces (MDTFs). In some ways, the MDTF concept represents an early embodiment of the MDO Eldorado.
According to a 2023 report by the US Congressional Research Service, the function of the MDTF is to provide “theatre-level manoeuvre elements designed to synchronise precision effects and precision fires in all domains against adversary anti-access/area-denial [A2/AD] networks in all domains, enabling joint forces to execute their operational plan.” The I2CEWS battalion joins the MDTF’s strategic fires, air defence and brigade support battalions. These latter three battalions provide long- and medium-range fires, air defence for the MDTF and allied assets, and combat support elements. Constituent units of the I2CEWS include two military intelligence companies, a signal company, information defence company and an extended-range sensing and effects company.
To date, three MDTFs have been activated with two focused on the Asia-Pacific and one focused on Europe. Speaking in March 2023, General James C. McConville, then the Army’s chief of staff, articulated his desire to generate a further two MDTFs. McConville envisaged an additional task force being deployed to the Asia-Pacific. His desire no doubt reflects the tensions existing between the People’s Republic of China, and the US and her allies in the region.
McConville added that an additional MDTF could be raised, which would be able to respond to contingencies outside the Asia-Pacific and Europe as and when they occur. The Army has also made efforts to enhance the size of its cyberoperations and EW cells at the operational and tactical levels. As Soesanto makes clear, the brigade-level cyber cell has doubled from five to ten. Meanwhile, its division level equivalent has increased from five to nine.
Outlook
Much remains opaque about the US Army cyber capabilities supporting the manoeuvre force. Equipment-wise, the Army has said that the new Terrestrial Layer System (TLS) series of EW systems support cyber operations. The Army is acquiring two specific platforms and has stated that the Terrestrial Layer System–Echelon Above Brigade (TLS–EAB) supports tactical/operational level cyberwarfare. Lower down, the Terrestrial Layer System–Brigade Combat Team (TLS–BCT) provides EW and cyberoperations capabilities at the tactical level, primarily for the brigade combat team and below, according to the Army.
Lockheed Martin is providing the prototype TLS-EAB with the production version potentially entering service after 2025. Both Lockheed Martin and General Dynamics are working on designs to satisfy the TLS-BCT requirements via Army contracts awarded in 2022. The TLS-BCT capability could enter army service in a similar timeframe to the TLS-EAB.
Beyond the TLS family, there is little information in the public domain on the other tailored capabilities the US Army has, or is planning to procure, for cyberoperations. Requests for information from USCYBERCOM to this end went unanswered. This reticence for discussion is perhaps not surprising. Cyberoperations, like their EW counterpart, are often shrouded in secrecy. The good news is that the available information in the public domain suggests that the force takes the potential of cyberoperations to support army and joint manoeuvre very seriously.
Thomas Withington