The Army Cyber Institute (ACI) at West Point serves as the service’s think tank, helping the Army identify and address key cyber problems to come.
Balancing the priorities of the operational force and Army Cyber Command, the ACI uses a variety of research projects and even internships with cadets to push concepts out into the future.
One effort the ACI’s 70-person team is undertaking is called threat-casting — an attempt to calculate upcoming threats to the United States in the cyber and information environment.
“We take a look and we use a variety of people, diverse populations, diverse ideas, get into small groups, come up with threats of what might happen 10 years out and then we look and work backwards to identify the flags and the gates that might happen on the way to that particular future,” Col. Andrew Hall, director of ACI, told Fifth Domain during a July visit to West Point, explaining that a flag is something they can see, whereas a gate is something that can be controlled.
These threat-casting events — one of which took place in the early summer, while another will take place in September — seek to envision a future person in a place with a particular problem, as opposed to evolving the operating procedures of certain threat actors today 10 years into the future.
“A particular person is in San Francisco and their personal health robot has been hacked ... the on-demand medicines that are being created every morning for this person have been hacked," Hall offered as an example. “Then you build all the way back and say how this would happen.”
Ultimately, the threat-casting events help to frame the decision space for the operational commanders, namely Lt. Gen. Stephen Fogarty, who’s in charge of Army Cyber Command.
“If we’re looking at what are we worried about in 2030, we hope to be able to have a good answer for [Gen. Fogarty] on some of the things we need to work on,” Hall said.
ACI also runs the Jack Voltaic series, which are exercises that test local governments in their ability to respond to critical infrastructure cyber incidents.
An upcoming exercise will test how cities in South Carolina and Georgia respond to cyber incidents, as well as how those local incidents can affect overseas military deployments.
The next event in the series will expand to two Southern coastal cities and tie into a major Army exercise, Defender 2020, to test what might impact local infrastructure that could hamper how the Army can move equipment to Europe for an upcoming deployment.
In addition to these efforts that feed directly to the operational world, the ACI also hosts interns over the summer who work on a variety of projects that examine the future of cyber capabilities. Two Reserve Officers’ Training Corps cadets each examined facets of tactical cyber if they were to be expanded to the general infantry ranks.
One project looked at using facial recognition capabilities mounted to heads-up displays, enabling soldiers to more accurately identify enemies entering a village with the intent of doing harm to a political figure giving a speech.
Using war-gaming software, it was found that 76 percent of the time enemies got through the check point without the facial recognition capability. With the capability, those numbers dropped by 52 to 84 percent.
Another project envisioned the use of tactical cyber capability to eliminate a high-value target in a village. One scenario modeled if forces assaulting a village could hack into the local electrical grid and cut the power to the specific set of buildings they would raid to eliminate the target.
The second scenario involved tracking the cellphone numbers of known enemies in the village and geotagging their exact location. Those locations were then sent to soldiers conducting a raid on the village in real time and displayed on a heads-up display, enabling them to know where the enemy forces are at all times. This can allow them to more accurately locate the high-value target and potentially not engage other enemy forces.
For both scenarios, friendly forces were reduced from the baseline scenario that didn’t have any tactical cyber capabilities from 20 to eight forces against nine enemies in all three.
The success rate for the baseline mission was 89 percent. In scenario one it jumped to 91 percent and in scenario two it jumped even higher to 96 percent. This means smaller forces can be more effective.
“That’s one of the big things with tactical cyber is pushing down, that ability,” Vikram Mittal, assistant professor in the Department of Systems Engineering at West Point and ACI fellow, told Fifth Domain. “But being able to give on the fly ability to a squad to pinpoint a location would effectively give a brand new capability altogether for surgical strike.”
While these technologies and capabilities are not yet realized in the real or operational world, they are helping to set the stage for how they could be used in the future and provide data points for the operational and acquisition community.