The Pentagon has received more power to conduct cyber operations in the past 18 months. But for the top Army commander in the Middle East and Central Asia, the new authority is not enough.
The head of U.S. Central Command, Gen. Joseph Votel, wrote in a Dec. 18 paper that the Pentagon must “normalize” electronic warfare and cyberattacks and incorporate them into daily operations.
“Normalizing the cyberspace domain means broader authorities that are more responsive than current bureaucratic processes,” Votel wrote in the Army’s Cyber Defense Review. “It also means we need simple and streamlined organizations and processes to increase lethality and enhance performance.”
The paper was coauthored by Votel, Maj. Gen. Julazadeh and Maj. Weilun Lin.
“Our failure to operationalize and normalize the cyberspace domain effectively cedes it to our adversaries, gives them a competitive advantage and, ultimately, creates an increased attack vector against our objectives,” the authors said.
President Trump gave the Pentagon new authorities to conduct cyber operations in August and minimized the process where other agencies can object to cyberattacks, known as “deconfliction.”
Secretary of Defense Jim Mattis can conduct hacking operations without approval from the White House so long as they do not interfere with the American “national interest,” according to four current and former White House and intelligence officials who were either part of internal deliberations or briefed on the changes.
Yet some current and former U.S. officials are skeptical that the new authorities will mean more effective hacking operations for the Pentagon, because it does not solve the nuances of cyberattacks.
But the new mandates do not go far enough for the three officer authors, who argued that cyberwarfare should be under the same authorities as other types of operations.
“We must not see cyberspace as drastically different and separate from other domains that we create new processes to prepare, plan and fight in this new domain. We continue to seek processes that smooth and simplify operations, reducing friendly friction and accelerating decision-making.”
Current and former Pentagon officials have pointed to conducting cyberattacks against enemies that use networks of neutral or partner nations as an area where the Pentagon has changed its decision-making process in recent years. Those officials also pointed to how the Pentagon was able to use hybrid warfare tactics during the 2016 liberation of Mosul, Iraq, as a textbook example of future hybrid operations.
Votel, Julazadeh and Lin echoed the sentiment of other Pentagon officials who have advocated for cyberattacks, electronic warfare and other information operations to be integrated earlier in military operations.
“We need to proactively execute cyberspace and information operations early in 'Phase 0 / steady state’ of the planning process — well before operation execution. Only then can we shape the [information environment], hold our adversaries’ capabilities at risk and execute at the speed of war,” the three wrote.
For example, Pentagon officials say they closely monitored Russia’s 2014 hybrid war in Ukraine and learned from Moscow’s tactics.
Votel, Julazadeh and Lin shed light on the changes, writing that information operations were previously “integrated as an afterthought.” Yet over the last two years, Central Command has incorporated cyberattacks, electronic warfare and military deception at the “strategic level.”
And this hybrid warfare has driven new acquisition demands in the Pentagon.
“We need technology and capabilities to keep pace with the operational environment and continue to build the partnerships to do so,” the three officers wrote.
In recent years, Central Command has bolstered its hybrid warfare through new contracts. The centerpiece of that effort is a July 2017 contract worth $621 million to Science Applications International Corporation for IT support to Central Command that could last seven years.
In August 2018, Vistra communications was also awarded a $22 million contract to support offensive and defensive cyber operations for Central Command.