This is part six of a series exploring the differences between military cyber forces, capabilities, mission sets and needs. For previous installments, see part one, part two, part three, part four and part five.
In addition to being the direct service link for U.S. Cyber Command, Army Cyber Command, or ARCYBER, has a mission set in cyberspace for the Army that is much more expansive than just the man, train and equip cyber mission force USCYBERCOM contribution.
Army Cyber Command is in charge of operating, maintaining and defending the Army’s portion of the DoD Information Networks, managing all endpoints for the service. In this role, ARCYBER conducts DoDIN operations, which ARCYBER’s commander, Lt. Gen. Paul Nakasone, described in congressional testimony as the most complex and important operations they perform, which includes defensive and offensive operations.
This includes “building, operating, defending, and maintaining the Army’s portion of the DoDIN. Our five Regional Cyber Centers conduct DoDIN operations around-the-clock, serving as the Army’s Cybersecurity Service Providers (CSSP),” he wrote.
The Army also recently underwent a reorganization that placed the Network Enterprise Technology Command under ARCYBER to “better align responsibilities and authorities to support USCYBERCOM and Army requirements and to better align roles and responsibilities for the Army’s portion of” the DoDIN, Nakasone wrote.
Furthermore, in concert with ARCYBER and the CIO/G-6 shop, the Army is looking to modernize its network with key deliverables such as the Joint Regional Security Stacks — managed by the Defense Information Systems Agency and under the guise of DoD’s Joint Information Environment — and Multiprotocol Label Switching upgrades.
One of the separate CMF efforts the Army is working is a defensive cyber program office that stood up recently. “We’ll essentially take marching orders from ARCYBER,” Brig. Gen. Patrick Burden, commander of Program Executive Office for Enterprise Information Solutions, said at the annual C4ISRNET Conference regarding defensive cyber. He said they are delivering defensive cyber capabilities to the Army through the defensive cyber program office responding to operational needs that are out there today.
“We’ve already developed some of those needs or are supporting the preparation of those needs in support of the short-term cyber protection teams in the way of big data analytics,” he added. “The key to ensuring that we continue to have the firepower and capability to fight and win, I think, will be predicated on ensuing we have a strong network, a defendable network and tools that we’ll be able to actively monitor that network.”
Army Central has also devised its own cyberspace strategy with the idea being that they want to build a cyber workforce that surrounds the organic ARCENT workforce — and is not necessarily the cyber forces nestled within Army Cyber Command — identifying soldiers currently working in some cyberspace capacity to bridge the gap until cyber soldiers are specifically assigned to ARCENT.
The ARCENT staff must understand what the teams within Army Cyber Command — cyber protection teams, national mission teams, cyber support teams — do to better understand their role in the event of a crisis, said Lt. Col. Dwyke Bidjou, deputy chief of staff of information operations for ARCENT. “The staff needs to understand what capacities are organic and how to request capabilities needed,” he said.
Similarly, when conducting cyberspace operations it is important the force understands operations aren’t just G-6 efforts, per se, but there must be coordination within the entire workforce to understand the components an operation involves, be it offensive, defensive or a DoDIN operation. ARCENT is working with CENTCOM, Headquarters of the Army, the Army Cyber Center of Excellence and Training and Doctrine command to refine the Army service component command requirements for cyber operations.
While the Army’s Assistant Secretary of the Army for Acquisition, Logistics and Technology, or ASA(ALT), is heading up the service’s efforts to harden weapon systems, as mandated by the 2016 National Defense Authorization Act, the Army’s cyber directorate housed at the Pentagon — the Department of the Army Management Office for Cyberspace Operations (DAMO-CY) — is playing a role in this effort as well.
Col. Tim Brooks, head of the mission assurance branch of DAMO-CY, told Fifth Domain in emailed responses that his section is responsible for the Army G3′s role in the Army Platform Resilience Mission Assurance (A-PRMA) program, which is a direct response to the NDAA that directed operational risk assessments from cyber vulnerabilities of major weapon systems. The effort is also co-lead by ASA(ALT) on the secretariat side, he said.
Brooks noted how the A-PRMA works with program managers to assess weapon systems in three stages; an in-depth cyber table top exercise to study systems and understand the risk from previously identified vulnerabilities and if they have to be tested. Next are a series of lab events to determine in vulnerabilities exist and if adversaries can exploit them. Last, they integrate the validated effects into operational level exercises to enable commanders to better understand and assess mission risk.
Brooks pointed out that the other services are also following this three-step approach as well.