The Department of Defense is establishing a new cyber planning cell on the Korean Peninsula to in response to the threat from North Korea.
The small team, known as a cyber operations-integrated planning elements (CO-IPE), will help better coordinate offensive and defensive cyber tools with traditional military operations.
While U.S. Cyber Command is standing up cyber planning cells locally at all the combatant command headquarters, a Cyber Command spokesman said U.S. Forces Korea is the only sub-unified command with a team.
“Given North Korea’s activities, the decision to establish a CO-IPE at the sub-unified level was well-advised,” the spokesman said.
The services are working to staff new cyber planning cells at the combatant commands to help integrate cyber into traditional military operations.
During written congressional testimony March 13, Vice Adm. Michael Gilday, commander of 10th Fleet/Fleet Cyber Command, said his organization is in the process of standing up three planning elements. While Fleet Cyber Command, through what’s known as the Joint Force Headquarters-Cyber construct, supports Pacific Command and Southern Command, Gilday said they are also standing up a planning element for U.S. Forces Korea, a sub-unified command of Pacific Command designed to deter aggression and defend South Korea.
“The establishment of [CO-IPE] at U.S. Pacific Command, U.S. Southern Command and U.S. Forces Korea is a top priority for our command,” a spokesman from Fleet Cyber Command said. “The challenges associated with the stand-up of this new planning element are no different than any administrative challenges associated with establishment of a new conventional command, unit, or detachment ... These elements will ensure we fully integrate cyberspace operations into operational plans, ensuring timing and tempo are set by the commanders for use of cyberspace effects in the field."
Defense and industry officials have repeatedly noted North Korea’s substantial offensive cyber power.
“The North Koreans have penetrated classified networks, ICS/SCADA systems, and successfully disrupted [South Korea’s] financial industry, and all while under an armistice,” said Ross Rustici, senior director of intelligence services at Cybereason, a cybersecurity company.
“The North’s cyber capability fits very well into the overall war-fighting posture of the North. Theirs would be a conflict of attrition and guerrilla tactics far more closely resembling Afghanistan than Desert Storm.”
Rustici told Fifth Domain that what makes North Korea so effective in cyberspace is, given its limited connectivity, the majority of its cyber forces are outside the country. This means a traditional conflict would do little to disrupt them and going after these forces in anything but a cyber capacity would require precise strikes where North Korean hackers are launching cyberattacks from, substantially expanding the conflict.
Moreover, adversaries are always going to try to penetrate networks, Rustici said, which means even if the U.S. networks are fortified, the chance that allied networks aren’t creates an avenue to gain the same intelligence about operational readiness war plans and contingencies with less effort.
“This slow bleed of information is something that the U.S. combatant commands need to address if they want to maintain information superiority on any future or potential battlefield,” he said.
These planning elements will be staffed by personnel from the service cyber components under the JFHQ-C construct, one of three headquarters elements of Cyber Command that provides planning, targeting, intelligence and cyber support to combatant commands they support. Each of the heads of the various service cyber components are dual-hatted as commander of the various JFHQ-Cybers.
While each service is standing up planning elements at the combatant commands, Central Command and Pacific Command are the farthest along and will be used as test cases going forward, Adm. Michael Rogers, commander of Cyber Command, told lawmakers during an April hearing.
“A couple of [combatant commands] are a little further than others and we’re using this as kind of a test case … I’d highlight PACOM and CENTCOM,” he said.
Rogers said in those cases DoD is “bringing our cyber capabilities to bears” because of “some of the broader activity in their theaters that are of high interest.”
One of the reasons for standing up the cells, Rogers added, was that DoD, in order to integrate cyber into the breadth of operations, has got to be integrated at all the combatant commands. This includes the knowledge and expertise at the combatant command level to plan and execute cyber operations, but the other critical component, Rogers said, is this has to tie back to Cyber Command.
Military leaders have always been quick to note that cyber is not done just for cyber’s sake, but rather delivering cyber effects in war. Cyber can be tied to conventional military capabilities in any conflict. For example, the New York Times reported on a months-long covert effort to hack North Korean missiles preventing them from firing, a tactic known as left of launch.
In an update to a 2012 joint publication, the Joint Staff now includes cyberspace operations for support in countering air and missile threats.
The Joint Staff also updated Joint Publication 3-01 “Countering Air and Missile Threats” to include a discussion on “cyberspace operations support to countering air and missile threats.” Such a tactic would likely be included in any conflict on the Korean Peninsula given the conventional ballistic missile threat North Korea poses to the region.