The United States is under increasing threat from both nation state and non-nation state cyberspace domain aggressors. An effective attack against vulnerable elements of our critical infrastructure could produce major and lasting damage to our national economy, military capability, and our cultural way of life. The ability to conduct Cyberspace domain operations is a predicate to both successful military operations and successful private sector operations such as in the economic/financial, health, telecommunications, logistics, and energy operations sectors. Therefore, dominating this domain is critical to a functioning economy, national security, and to ensuring success in the other warfighting domains (air, sea, land, and space). Identifying, defending, and (potentially) reconstituting cyberspace key terrain is an essential task for dominating this domain.
The military (DoD and the Service’s) approach to defending the cyberspace domain, while considerably better than any other US government (USG) entity: is still fragmented, unorganized, and not under effective command and control (C2) ; requires integrated individual and collective training; and lacks effective inter-agency national policy to achieve full effectiveness. The establishment of US Cyberspace Command (USCYBERCOM) is a very effective start toward resolving many of these shortfalls. Another shortfall: the extensive capabilities of the military’s Reserve Components are not effectively utilized to conduct and support cyberspace domain operations. For example, other major military powers use their reserve component forces to support full-spectrum military and national operations in cyberspace domain. (see Figure 1) In response, there are several initiatives to utilized DoD’s RC forces to support national cyberspace objectives. So while we have considerable cyberspace capability in both the Active and Reserve Components, much of it is unorganized, fragmented, the training is non-existent or uneven, and cyberspace domain oriented C2 is primitive if not non-existent.
About the Author(s)
How do you see your concept of the C2 roles and responsibilities of the JRCB/CND-T compared to the CSTs? How about the location of these assets in the DoD RC vs other federal agencies in terms of capabilites, cost effectivness, regional support, and individual training?
Several cyberspace savvy individuals have asked me questions about the article and in response I will provide some clarification concerning the 10 Joint Reserve Cyberspace Brigades (one per each FEMA Region):
1. Each JRCB has a HQs with a Command & Control (C2) element capable of conducting cyberspace domain operations in a degraded network/communications environment potentially independent of USCYBERCOM/JRCC. This capability includes the technology, doctrine, staff, units, and authorities to independently conduct cyberwar with limited or no communications with its higher HQs (JRCC/USCYBERCOM). Each JRCb should be prepared to continue to fight a cyberwar against a nation-state opponent both in isolation or in conjunction with other JRCBs.
2. In support of the ability to conduct independent cyberspace operations, each JRCB should have at least one each of the following unit types: cyberspace intelligence, information operations, electronic warfare, power generation, and space operations battalions.
3. Power generation battalions should have the capability to conduct operations in the virtual (power grid SCADA) and physical domains. In the physical domain, it should be capable of both power generation (mobile and fixed power generation) and the ability to repair/mitigate damage to the existing physical plant. The Army has an example of an existing power generation battalion.
Resilience is critical to success in a domain environment where offensive operations are overwhelmingly dominant. The JRCBs are key to organizing and equipping a national and regional cyberspace resilience and damage mitigation. Most businesses have the capabilty to defend against amateur hackers and criminal activity - what they legitimately lack is the ability to defend themselves against a nation-state level attack. This initiative provides a DoD capabilty conduct cyberspace operations at the regional and national at an acceptable cost (in a budget constraint environment).
The cyberspace domain and its technology reflect an increasing convergence of computers, telephony, wireless, access to an almost infinite information/knowledge base, and a reliance on space, wireless, electromagnetic spectrum in addition to the commonly acknowledged Internet origin. The US military needs to reflect this convergence in its organization and approach to the cyberspace environment.
I received an interesting e-mail with comments and questions concerning this article from a former Assistant Secretary of Defense...I will post it to this blog later this week.