CyberWarfare / ExoWarfare

The New Normal: How The US Army Is Improving Tactical Cyber Operations Within Traditional Kinetic Units

The Army is maturing several concepts, capabilities and units to conduct tactical cyber, electronic warfare, intelligence and information operations to support brigade commanders. (Spc. Kiara V. Flowers/Army)

“While the commander doesn’t need to be fluent in geek-speak,
he has to at least have a good understanding of his virtual battle space

“It got everybody’s attention when that [Ukrainian] field artillery unit was decimated in 20 minutes,”
Wittstruck said of Russia’s operations in Ukraine.
It started with drone datalink interruptions preventing aerial eyes, then the loss of communications,
with the next sound being inbound field artillery.


This is part one of a series detailing Army efforts to advance and integrate tactical cyber, electronic warfare and information operations within traditional forces.
Part two (below) examines what lessons the traditional maneuver brigade took from integrating cyber capabilities within its operations.
Part three (below) examines the emerging units the Army is using Cyber Blitz to inform.
Part four (below) examines the electronic warfare and signals intelligence components of Cyber Blitz.


The Army is experimenting with new concepts, capabilities and forces that will be needed within traditional formations as cyber, electronic warfare and information operations become the new normal.

The service’s Cyber Blitz exercise wrapped up its third iteration at the end of September. Launched in 2016 to help the Army learn how to mature cyber operations within traditional units, the experiment serves as a chance for the Army’s cyber community to be the main training audience.

The most recent Cyber Blitz, hosted at Joint Base McGuire-Dix-Lakehurst in New Jersey, set out to explore how cyber forces and capabilities that traditionally belong to a division work with a brigade during a campaign. It also aimed to help prototype new cyber, intelligence and electronic warfare units the Army is standing up.

The Army is looking to stand up a variety of forces with varying degrees of cyber and electronic warfare capabilities to better align related capabilities and create a more lethal force in a modern battlefield.

These forces included:

  • Expeditionary cyber teams — typically a division asset — to bring more cyber capabilities to bear for the brigade commander.
  • Cyber Warfare Support Battalion — a unit already approved by the Army that will fall under Army Cyber Command and serve Army-specific missions, not U.S. Cyber Command joint missions — to integrate intelligence, cyber, electronic warfare, signals, information operations and fires into one formation.
  • Intelligence, cyber, electronic warfare and space (ICEWS, pronounced IQs) detachment — an experimental detachment (part of the Army’s multidomain taskforce in the Pacific) that will integrate all the capabilities of its namesake plus signal, information operations and targeting to support the multidomain task force counter-anti-access/area denial mission, which will be piloted in the fall.

Officials described to Fifth Domain how the Cyber Blitz scenario involved a fight against a near-peer enemy. In this case, the 3rd Brigade, 10th Mountain Division — the actual brigade that was participating and integrating the cyber capabilities within its normal schemes of maneuver — had to move into a country, push out a near-peer threat and reestablish the boarder. This included an air assault at the beginning of the operation.

“We looked at how can we utilize cyber and EW to help set conditions for that air assault to happen,” Lt. Col. John Newman, the deputy commander of the brigade at Cyber Blitz, said.

“Maybe we need to affect some of the communications that are on the ground there to prevent the enemy from realizing that we’re coming in or getting the word out that we are in the process of doing our air assault.”

Army campaign

Cyber Blitz took place as Army leaders consider some radical force structure changes in the cyber and EW space to compete with near-peer nations.

Richard Wittstruck, the Cyber Blitz director, described the campaign plan the Army is evolving, which begins with laboratory demonstrations for emerging technologies then demonstrating those emerging technologies in experiments such as Cyber Quest at the Cyber Center of Excellence.

Some of these emerging technologies are fed into Cyber Blitz, along with programs of record, to test how soldiers like them and how they might help operations.

Cyber Blitz works as the first true integration phase for putting these emerging technologies, concepts and forces together before they are integrated with real brigades during combat training center rotations.

Officials also described to Fifth Domain how the Army is looking to capture lessons from the experiment that will go toward information and updating Army doctrine.

‘Seize the objective’

The Army is learning that all aspects of cyberspace — most of which had been previously reserved for the highest and most strategic levels of the military and government — will be part of the brigade commander’s purview.

“First and foremost a lot of what’s been described in the cyber domain has to be set by Col. Newman in timing and tempo for the first time,” Wittstruck said. He added that the brigade had to take an active leadership role in articulating a maneuver plan and charging cyber personnel to support it.

For the first time, Wittstruck said, the Army broke down some previous barriers. For example, the brigade must tell the expeditionary cyber and electromagnetic activities (CEMA) team commander what they need, when they need it and why they need it as it integrates into the maneuver plan at the brigade level.

Part of this discussion is the notion of a commander needs to dominate in what’s called gray space — space that is not owned by either friendly forces or the enemy — to seize certain objectives as part of their overall campaign. This could manifest itself in the seizing of an oil pumping station due to its importance on the national economy. In the future, Army leaders believe it won’t be enough to physically control the pumping station and surrounding territory, but forces must control the virtual network as well.

“What good is it to win the terrain if the enemy can simply by computer network turn off the pumping,” Wittstruck asked.

Moreover, one of the other additions planners introduced to this year’s Cyber Blitz was the inclusion of split-based operations with a Special Forces detachment that operated from Muscatatuck urban training site in Indiana, more than 1,000 miles away.

These Special Forces units worked with the new multidomain detachment to perform cyber reconnaissance from a remote location during early phases of the operation. Once completed, the special forces units moved to support the ICEWS to establish the cyber objective of the target such as the pumping station.

“In that regard it’s been a very good split-based op,” Wittstruck said.


Part two (below) examines what lessons the traditional maneuver brigade took from integrating cyber capabilities within its operations.





What new cyber teams taught an infantry unit

A brigade combat team took away some key lessons for the future of warfare that will include the integration of local cyber teams. (William B. King/Army)


This is part two of a series detailing Army efforts to advance and integrate tactical cyber, electronic warfare and information operations within traditional forces.


In the not-so-distant future, commanders and infantry units will need to have a better understanding of cyber effects and capabilities.

The Army’s third annual Cyber Blitz experiment, hosted at Joint Base McGuire-Dix-Lakhurst in New Jersey, sought to test new capabilities, concepts and forces for the Army in bringing tactical cyber, electronic warfare and information operations to the battlefield. As the Army continues to experiment with introducing cyber forces and capabilities from the higher levels of government down to the tactical edge, commanders with traditional units must gain a notional understanding of what cyber can bring to them and how it can shape their scheme of maneuver.

It was hugely educational for us as a [brigade combat team] … Generally we’re aware of a lot of capabilities that are out there, but this is typically above the BCT’s level,” Lt. Col. John Newman, deputy commander of 3rd Brigade Combat Team, 10th Mountain Division (the unit that Cyber Blitz planners were integrating new cyber units with), told Fifth Domain.

He added that the capabilities that could be available to a brigade in the tactical fight in the 2025 time frame were eye-opening.

Newman said one of his big takeaways from the experiment was the benefit of the additional cyber personnel that increased the size of his overall force. Wittstruck described one of the key premises of Cyber Blitz was providing force augmentations — additional personnel not typically within the unit — to the brigade in the form of cyber capability.

“As you give us all this increased capability that’s great, but if I don’t have the people there to help plan it, to help execute it, to help inform the leaders of what their operations are, then all the capability in the world is not helpful,” Newman said.

Currently, the only organic cyber/EW-related component to a brigade are cyber and electromagnetic activities (CEMA) planners and EW capability. The expeditionary CEMA teams and support detachments are add-ons to the unit.

How to provide situational awareness

While the commander doesn’t need to be fluent in geek-speak, he has to at least have a good understanding of his virtual battle space, which will now fall under his purview.

Officials described the need for every soldier to be CEMA literate in order to understand the context for how CEMA will fit into their mission or how it can support CEMA, be it intelligence or infantry actions.

“It’s easy to say that we need more situational awareness of what’s going on in the cyber realm but at the same time I don’t need the wire diagrams of where all the computers are,” Newman said.

“We’ve been able to look at some of those different programs and provide at least our opinions of where that line is between this is really good information for the cyber operators and then this is the cutline as to what I would need to know as the [defensive cyber operator]. That was the feedback we were able to offer from my perspective.”

For basics, the brigade staff will need to understand where an adversary would logically be within the cyber domain, what aspects and entities within that are critical to him to be able to operate within in the cyber domain, effectively identify those and pass them to someone who can remediate them, Chief Warrant Officer 2 Robert Newbanks, an intelligence official within the brigade, said during a walk-through of the command post.

Maj. Camero Jong, an intelligence officer within the brigade, said he is worried about friendly space, enemy space and the neutral space in between, even coordinating with the network folks and notifying them of points he would target on friendly networks if he were the enemy.

Newman noted that all the situational awareness tools allow him to track the progress and operations of cyber personal in cyberspace. He wants to know if the cyber folks are getting caught up somewhere on their mission just as he’d want to know if an infantry company meets heavy resistance somewhere and will take longer than expected to reach the object. In communicating with the cyber team, Newman can start to craft a Plan B if needed.

How to compete with Russia

One of the big takeaways for Newbanks was how far down the enemy’s command chain they used cyber and EW to effect maneuver forces.

Newbanks said there is still some work to be done in understanding the granularity of how the enemy coordinates kinetic fires and activity in the electromagnetic spectrum.

“It got everybody’s attention when that [Ukrainian] field artillery unit was decimated in 20 minutes,” Wittstruck said of Russia’s operations in Ukraine. It started with drone datalink interruptions preventing aerial eyes, then the loss of communications, with the next sound being inbound field artillery.

“That sent a clear message that some of our regional peers are looking very seriously at how do they get to the pointy edge of the spear with those kind of advanced capabilities to shape the battle space for what’s to come next,” Wittstruck said.

Newbanks also said that the team took lessons on the tactical EW front, noting that after the counter-improvised explosive device fight in the war on terror, the force writ large doesn’t have a good sense of what electronic attack and electronic support capabilities can offer, especially against a near-peer adversary.


Part three examines the emerging units the Army is using Cyber Blitz to inform.





3 new tactical cyber units the Army is prototyping

The Army is looking to refine new cyber and electronic units it is establishing. (Sgt. Michael Spandau/Army)


This is part three of a series detailing Army efforts to advance and integrate tactical cyber, electronic warfare and information operations within traditional forces.


The Army used a September experiment to look at news ways of bringing tactical cyber, electronic warfare, information and space effects to the battlefield.

The Army’s third annual Cyber Blitz experiment, hosted at New Jersey’s Joint Base McGuire-Dix-Lakhurst, helped service leaders learn more about the process for new units while testing command-and-control relationship with maneuver units and higher headquarters.

The units include intelligence, cyber, electronic warfare and space (ICEWS, pronounced IQs) detachments as part of the Army’s multidomain taskforce based at Fort Lewis in Washington state, the cyber warfare support battalion and expeditionary cyber and electromagnetic activities (CEMA) teams.


The multidomain taskforce is working as a 36-month pilot effort in the Pacific region through a variety of real work exercises to help inform the service on the new doctrinal approach for multidomain operations, or the seamless coordination of capabilities across the five domains of warfare: land, sea, air, space and cyber.

One component of it includes the ICEWS detachment.

The ICEWS will integrate all capabilities in its namesake, plus signal, information operations and targeting.

Army leaders at Cyber Blitz were prototyping the ICEWS detachment composition and its employment into brigade operations, Cyber Blitz Director Richard Wittstruck said.

Wittstruck told Fifth Domain that U.S. Army Pacific approached the Cyber Blitz planners asking them to help examine aspects of multidomain operations to include the ICEWS and how that could work with Special Forces and a brigade. In fact, Cyber Blitz was feeding information and lessons learned during its experiment in real time to U.S. Army Pacific for the Valliant Shield exercise taking place in Guam, which the multidomain task force was participating in, to help inform what right looks like for the ICEWS.

One example was how can the ICEWS work with Special Forces in close reconnaissance.

Cyber Warfare Support Battalion

The Cyber Warfare Support Battalion has been approved by the Army and falls under Army Cyber Command serving Army-specific missions, not U.S. Cyber Command joint missions. It will be used to integrate intelligence, cyber, electronic warfare, signals, information operations and fires all into one formation, while also able to deliver effects remotely and through local expeditionary cyber teams that will plug into the CEMA sections located in each brigade planning cell.

There has not been much information released about these new units to date. Initial capability for these units is slated for 2019 with approved growth.

As they come online, experiments such as Cyber Blitz will help the Army inform where exactly they need to go, given how quickly dynamics change in cyberspace.

“One of the big learning objectives for Cyber Blitz from an ARCYBER perspective was to execute the Cyber Warfare Support Battalion, expeditionary CEMA team construct so that we know what those things are,” Lt. Col. Wayne Sanders, a CEMA assessor with ARCYBER, told Fifth Domain.

“And then inform the policy makers. If senior leaders believe the right decision is to delegate … authorities, we need to have those policy discussions now.”

Expeditionary CEMA Team

The Army has matured the ECT concept a bit more than some of the others. The ECTs, typically a division asset that provides cyber and EW capability, have been pushed down to the brigade level for Cyber Blitz and during ARCYBER’s pilot program at the National Training Center, CEMA Support to Corps and Below.

The latter, similarly, seeks to game how tactical cyber capabilities can be integrated with a brigade combat team. The key difference between CSCB pilot and Cyber Blitz is CSCB is much more high tempo because brigades undergoing a combat training center rotation have several objectives they have to achieve to be validated as a brigade cramming a multimonth campaign into a few weeks. Thus, while the cyber team’s capabilities are worked into the bridge’s overall schemes, the cyber component is not the main piece.

Cyber Blitz, on the other hand, is one of the only venues that allows for CEMA personnel across the Army to be the training audience to test new concepts, capabilities, techniques without worrying about detracting from a BCT’s normal training objectives, Sanders said.

Part of the ongoing experiment for the Army, Wittstruck said, is giving a brigade commander control of what is traditionally a division asset in the ECT, so the brigade commander can set his timing and tempo to the ECT’s ability to support that.

At its most basic level, the ECT acts to fill capability gaps for lower echelons.

Normally a brigade will send effects requests up to the division, which will either approve or deny. If approved, the division would then task the ECT to either conduct an offensive mission or a defensive mission in support of the BCT, Chief Warrant Officer 4 Thomas O’neil, ARCYBER senior targeting officer, told Fifth Domain.

This is a new command-and-control construct, Wittstruck added, because the commander has to think how the ECT will support him because instead of having to make the request to higher headquarters for these capabilities in today’s policy, the commander now controls it directly.

For example, Wittstruck said if a brigade commander had to get at a certain target for which he doesn’t organically possess the resources to get at, other units such as Special Forces ECT, ICEWS — all potentially working together — will set the conditions for the brigade commander. They’ll report back to the commander when that has been accomplished in accordance his timing and tempo.

Ultimately, the ECT construct is about getting effects for lower echelons approved. While the ECT has a plug into the Joint Force Headquarters-Cyber — the Cyber Command element charged with providing effects to combatant commanders at the strategic, theater level — those forces won’t be diverted to the tactical fight.

“What we saw was a capacity gap … Instead of [the brigade] getting request denied, they can get request serviced,” O’neil said, referencing the effects request process that must run through higher headquarters elements.


Part four examines the electronic warfare and signals intelligence components of Cyber Blitz.



The Army successfully tests EW, SIGINT on the battlefield

Army assessors where pleased with the integration of signals intelligence and electronic warfare during a recent experiment. (Armando R. Limon, U.S. Army)


This is the fourth and final part of a series detailing Army efforts to advance and integrate tactical cyber, electronic warfare and information operations within traditional forces.


Through its recent Cyber Blitz exercise, the Army learned lessons regarding how well electronic warfare personnel can conduct cyber planning and how integrating electronic warfare and signal intelligence would work on the battlefield.

On Oct. 1, 2018, all the functional electronic warfare personnel transferred into the cyber branch becoming cyber planners.

Despite questions whether these electronic warfare personnel will be able to plan cyber operations within the cyber and electromagnetic activities (CEMA) cells across echelons, one official noted that their job overall is not changing.

“Being the only [EW career field warrant officer] in the room, the one thing I wanted to emphasize is we are converting to the cyber branch; however, we are still electronic warfare professionals,” Chief Warrant 2 James Gill, Cyber Center of Excellence electronic warfare assessor at Cyber Blitz, told C4ISRNET during a visit to the experiment.

The EW job is not changing, he added. Rather, they will have a foundational understanding of cyber and EW that will allow them to conduct the planning, the integration and the synchronization, just like the definition of CEMA says.

The Army has defined an approach in which everyone will have this foundation of EW and cyber, enabling a tactical cyber force that can also conduct electronic warfare. The high-end folks will feed into the cyber mission force, with the cyber warriors provided by the services to U.S. Cyber Command to conduct strategic level cyber operations.

(Signals) Intelligence versus electronic warfare

Despite friction in the past over what constitutes intelligence and what is necessary for battlefield commanders, the Army is now looking to converge signals intelligence and electronic warfare, both of which rest on similar scientific principles.

Cyber Blitz helped leaders assess this realization, test its integration in operations and allowed assessors to take valuable lessons back.

Cyber Blitz Director Richard Wittstruck told C4ISRNET that the Army published its military intelligence-electronic warfare concept of operations, which was designed to bring the two closer together. For example, from the SIGINT perspective, how can SIGINT support the electronic support/electronic attack mission and vice versa, how does that mission help and intelligence collector refine their SIGINT collection?

Such concepts were gamed during Cyber Blitz with live teams and live capabilities on the base’s range. There were intelligence and electronic warfare personnel rolling to an objective together, doing their respective mission essential tasks, but having a basic understanding of what the other one needed in order to make the objective happen, Wittstruck said.

With this convergence, the Army is now pushing integrated capability for these two forces to use called the Terrestrial Layer System, which is still in the works. Despite the push for integrated capability, Gill noted that the focus of assessors at Cyber Blitz wasn’t on such an integrated system or capabilities in general, but rather the concepts for how these forces can operate together.

“We’re seeing really where we need each other,” he said. “So the SIGINTers take away, ‘OK, this is what EW can do for me and this is where I need EW.’ EW takes away, ‘Well, this is why I need SIGINT, this is why I need them right beside me helping me out with what I need and this is what I can do for them as well.’ ”

Overall, the integration worked fantastic, Gill said, adding it was the best he’d ever seen.





Here’s how the Army is grooming an elite cadre of (electronic) cyber soldiers

The Army will have cyber soldiers trained in a multitude of electronic disciplines.


The Army believes integration will be the key to winning in the high tech environments of the future, and to do so the service is building a force that will be well versed in cyber, electronic warfare, signal and information operations.

One of the Army’s first moves toward this end is the transition of electronic warfare officers into the cyber branch.

“That’s important because it takes them out of being a functional area specialist into an operational branch,” Maj. Gen. John Morrison, commander of the Army Cyber Center of Excellence, told Fifth Domain during an August interview.

This staff will act as cyber planners providing commanders with options on the battlefield in cyber and electromagnetic spectrum.

For cyber, this means everyone will have the same baseline training, but the high-end and most specialized forces will filter into the cyber mission force, U.S. Cyber Command’s forces of action.

“You’re going to have a tactical cyber force that can also conduct electronic warfare to include electronic attack and then you’re going to have the cyber mission force,” Morrison said.

Electronic warfare personnel transitioning to the cyber branch, for the most part, will not go the cyber mission force, Capt. Stephen Rogacki, aide-de-camp to the commandant of the Army Cyber School, told Fifth Domain during an August visit to Fort Gordon. If they are assigned to the cyber mission force, they will then receive the joint training in addition to their electronic warfare specific training.

For the electronic warfare personnel transitioning into the cyber branch that will stay in Army-specific roles as opposed to the joint cyber mission force, Rogacki said the Army is planning to source CEMA officers from the cyber officer cadre as opposed to the entire Army. This way, personnel will receive a core set of cyber training and then expand upon that to get electronic warfare training as a way to get a more integrated cyber, electronic warfare component.

There won’t be as much friction involved with the Army-specific training in this measure as opposed to someone who’s trained in electronic warfare and joint cyber, Rogacki said. This way, they’re not held to the joint standard and they’re not restricted to the joint standard so they can be more tailored to their brigade combat team’s needs.

The Army is creating new Army specific units that will encompass more tactical and operational level cyber, electronic warfare and information operations, which has not existed before on the cyber front.

Rogacki said there will be slots opening up on the new cyber warfare support battalion, which will be used to integrate intelligence, cyber, electronic warfare, signals, information operations and fires all into one formation. Additional slots will open in the intelligence, cyber, electronic warfare, space detachment (ICEWS) within the multidomain task force that will integrate all those capabilities plus signal, information operations and targeting.





How redefining Army intel can help fight high-end adversaries

The Army is working to inject electronic warfare capability back into its formations. (Sgt. Michael C. Roach/Army)


Many senior leaders admit the Army divested a lot of its electronic warfare capability over the last decade-plus, so the service is currently undergoing efforts aimed at injecting capability back into formations.

One way is the Army is beginning to fuse intelligence and electronic warfare at a broad strategic level, as well as in integrated capabilities to be used by new tactical formations.

At the broad level, the Army recently authored what’s known as an initial capabilities document regarding the Terrestrial Layer Intelligence Support to Multi-domain and Joint Combined Arms Maneuver concepts. This document outlines problems across intelligence disciplines.

On the platform side, the Army has decided to scrap its primary program that sought to deliver ground and vehicle forces organic electronic warfare capability — known as Multifunctional Electronic Warfare ground — and replace it with the Terrestrial Layer System (TLS).

TLS will be a signals intelligence/electronic warfare system projected to be fielded on vehicles. Moreover, it is expected that TLS will be used by new military intelligence-electronic warfare (MI-EW) companies the Army is working to stand up.


The fusion of signals intelligence and electronic warfare stems from years of debate surrounding delineations of the two.

There has been an ongoing debate within the military as it relates to SIGINT and EW. While operations are critically reliant on intelligence, intelligence capabilities and authorities are held at much higher classification levels and under different rules versus EW operations, which are conducted at lower classification levels and at the tactical and operational level of war.

“Some are questioning what used to be considered traditional SIGINT. What we are talking about is really sensing the environment and being able to look at the externals and what it is — radio or radar, friendly or foe,” Dave May, an intelligence advisor for the Cyber Center of Excellence, said during a conference last August.

“We made the decision in the Army a while back to separate intel from EW; the other services did not. Those in the business think that process is SIGINT. This is being debated today.”

In other words, on the intelligence collection side, many wonder whether EW collection is being done for Title 50 purposes, the portion of the U.S. code that pertains to intelligence, or if it is sensing for combat information and target information in regard to Title 10, the portion of the U.S. code that pertains to military operations.

“There is a SIGINT portion and that’s … at the time of collect is that truly combat-raw information. And at what point do you say that is going over to the Title 50 side of the house?” Maj. Gen. Patricia Frost, director of cyber in the Office of the Deputy Chief of Staff G-3/5/7, told C4ISRNET last year.

“That is a lot of what we’re doing in the [cyber and electromagnetic activities] optimization: is understand when you look at platform integration … technically we can do a lot of things on a platform, [but] do we have the authorities to integrate these capabilities?”

Currently, under an Army directive, the relevant stakeholders are trying to clarify the EW support mission, which involves the collection and identification of signals, and the SIGINT mission as those in the community see them as complementary but not contradictory, Lt. Col. Chris Walls, deputy division chief for strategy and policy in the cyber directorate, said at the C4ISRNET conference.

“EW soldiers can conduct the electronic warfare support mission and are not conducting SIGINT activities,” he said. “We want to free them up to be able to do their mission separate and distinct from the SIGINT mission.”

Walls added that while the SIGINT mission is absolutely critical for EW personnel in characterizing signals and telling them what they’re observing in the electromagnetic spectrum, they want to make sure EW soldiers aren’t hindered in conducting EW support missions by forcing them to do them under SIGINT authorities.

Force design updates

With the fusion of these disciplines taking place as a means to empower soldiers more at the tactical edge, the Army is standing up MI-EW companies.

These companies will help restore EW capabilities into brigade combat team formations, officials have said. The existing military intelligence force structure will be leveraged to come up with an MI-EW company to bring those capabilities to bear.

The force design updates are pending, according to Maj. Gen. John Morrison, commander of the Cyber Center of Excellence, speaking to C4ISRNET on the sidelines of the AFCEA Defensive Cyber Operations symposium in early May.

Equipping these tactical formations and getting some “meat” behind this capability is the No. 1 goal for the Army’s top intelligence officer.

What’s driving the need for this platform is the Army’s need to get at the electromagnetic spectrum control and adversarial capabilities that Russians and Chinese have exhibited, Lt. Gen. Scott Berrier, the Army’s director of intelligence, told C4ISRNET following a keynote presentation in Springfield, Virginia, in early March.

Morrison said this will provide an “integrated capability with our MI teammates and provide the commander operational flexibility.”

The combined effort came about as the capability requirements generators for intelligence and electronic warfare realized they were developing requirements documents with a roughly 85 to 90 percent overlap, Col. Mark Dotson, Army Training and Doctrine Command capability manager for EW and spectrum management operations, said at the C4ISRNET conference in May.

“One requirement mov[ing] forward from both the intelligence perspective for the SIGINT side of the house and from the electronic warfare side,” he said.

Dotson said the Army is working to get the first ground system approved this fiscal year, which will be for the Terrestrial Layer System type of truck.

Following requirements for that, he said, would come the other parts, such as the dismounted capability from that truck or a more high-powered capability that’s going to be less mobile but have more jamming power or more sensing ability.





How industry helps shape the Army’s emerging tech

Members of industry are able to work side by side with the Army during Cyber Quest as it seeks to inform concepts and capabilities for the future. (Capt. Kyle Key/Army)


The Army continues to shape and evolve its concepts for cyber and electronic warfare operations, and it is using exercises such as Cyber Quest to identify what might be possible soon and what can be improved upon now.

Cyber Quest, which runs June 11 to June 27, seeks to inform operational concepts as the Army continues to build cyber capacity and reestablish electronic warfare capacity and serves to inform operational requirements of new systems to counter threats, Maj. Gen. John Morrison, commander of the Cyber Center of Excellence and Fort Gordon, which hosted the exercise, said during a media call.

During Cyber Quest this year, 20 members of industry brought and integrated their technologies into simulated combat operations. This allows everyone involved to see what could work and what needs work.

“What’s important about the vendor piece of this is they actually put their system engineers on the ground, so as we’re running an operational unit through maneuvers here at Fort Gordon and the system engineers are actually seeing how these capabilities are being employed,” Morrison said.

Top officials said that Cyber Quest provides a true development operations environment in which vendors and operators can collaborate in a space and make adjustments based on the interactions and feedback therein.

In one specific example, vendors were able to gain a more granular understanding of the Army’s tactical network and how it works.

“If you were to ask the vendors what they got out of it, most of the vendor products … are geared toward large enterprises with large volumes of data,” Col. Steven Rehn, the Army’s officer in charge of setting requirements for cyber capabilities, said.

“Their perspective on the tactical environment has opened eyes because the network itself is relatively small compared to what they’re used to in the commercial space. However, the volume and velocity and variety of data for a similar-sized network in the commercial space is exponentially larger. That produces an interesting challenge for them to attack the problem from a cyber defense standpoint.”

At the conclusion of the exercise, one of the many reports that is produced by the Army includes tailored analysis to each company that participated on how their system performed, helping establish a roadmap for continued development.





The Army probably needs to update its cyber doctrine every 18 months

With the rapid pace of operations, top cyber commanders are coming away with a wealth of knowledge that requires more frequent updates to doctrine. (J.M. Eddins Jr./Air Force)


Top Army leaders say that their recent tours have provided valuable lessons on the rate of change in the cyber world that they’re now using to shape training and operations.

“We’ve learned so much in the last two years because we’ve operated and the pace has increased,” Lt. Gen. Stephen Fogarty, commander of Army Cyber Command, said during a July 18 event hosted by the Association of Old Crows. “We’ve accelerated the learning curve and that’s given us confidence to start to make changes in organization, in capabilities and tactics, techniques and procedures.”

Those lessons come, in part, from building out of the cyber mission force, Brig. Gen. Jennifer Buckner, director of the Army’s Cyber Directorate in charge of Army staff level electronic warfare, cyber and information operations policy, told Fifth Domain following the event. Given the pace of operations in the Middle East and other combatant commands around the world, there are a host of operational events that are informing training and organizational structures, Buckner said. Buckner served most recently as the deputy commander of the U.S. Cyber Command led counter-ISIS cyber offensive known as Joint Task Force-Ares.

Because of this accelerated pace, Fogarty, who until May was the chief of staff at CYBERCOM, said that the Army needs to update its cyber doctrine more regularly.

Doctrine provides the template for commanders to conduct operations and understand their respective operating environments.

While the Army published its first field manual outlining cyber and electromagnetic activities doctrine last year, Fogarty said he’s instructed the Cyber Center of Excellence to update the document in the next 18 months based on operations over the last year.

Fogarty, who is now the commander of JTF-Ares, added that he’s given the center and its commander a follow-on task as well: to publish another update 18 months after this first update.

“I’m predicting now that 18 months after we publish the next version it’ll be time, we’ll have learned enough to publish the following version,” Fogarty, said. “A lot of [the field manual] was what we thought. Now we know some of it, we know some of it we got wrong, some of it we got right, some of it we didn’t even know about at that point.”

In some cases, top leaders have said the Department of Defense is outpacing itself in cyber.

“We are outrunning our headlights … We’re learning so much, whether or not it’s with our forces, with our doctrine, with our strategy; we are well forward of where we thought we would ever be,” then Lt. Gen. Paul Nakasone, commander of Army Cyber Command, said in November. Nakasone is now the four-star commander of CYBERCOM.






What Cyber Command learned from ISIS operations

Brig. Gen. Timothy Haugh, left, Director of Intelligence, U.S. Cyber Command at Fort Meade, MD, with Col. Todd Stratton, center, Director, AFCYBER Forward, in a panel on Fighting Terror in Cyberspace moderated by Amber Corrin, right, Sr. Reporter, C4ISRNet, during Cybercon 2017 at the Ritz-Carlton Hotel in Pentagon City on Nov. 28, 2017. (Alan Lessig/Staff)


When Ash Carter, then the secretary of defense, tasked Cyber Command to turn its skill set against the Islamic State group, it was billed as the young command’s first true test.

Since then, Cyber Command leaders learned how to better employ cyber capabilities, Brig. Gen. Timothy Haugh, director of intelligence at Cyber Command, said during a panel at CyberCon hosted by Federal Times in Arlington, Va., Nov. 28.

Chief among those lessons is “how we approach the intelligence problems, how we approach intelligence sharing, understanding the battlespace and also (ensuring) that traditional things like our targeting process were sound and repeatable within the cyber domain,” Haugh said.

Many military leaders are careful to stress that cyber operations do not occur in a vacuum and must support the other functions and domains of warfare.

“AFCYBER, the way we look at this is that really cyberspace operations is just a part of an all domain plan,” Col. Todd Stratton, director of Air Forces Cyber (forward), said during the panel. “You’ve got air, sea, land and space as well as the cognitive domain but those primary five warfighting domains, cyberspace is just a part of that.”

Stratton said the Air Force’s approach is providing full spectrum, all-domain-integrated effects. “What that means is cyber just doesn’t stand alone. It’s part of a holistic joint campaign plan and it has to be integrated in with a timing and tempo of supported commander,” he said. “It isn’t just cyber war on its own. It’s part of an integrated set of gears … rather than just cyber war standing on its own.”

This mirrors comments from his boss, Maj. Gen. Christopher Weggeman, commander of 24th Air Force/AFCYBER, who told C4ISRNET in an interview last summer that the force doesn’t do cyber for cyber’s sake.

Moreover, the teams being developed underneath Cyber Command, once delivered to their respective combatant commands, serve those joint force commanders’ objectives.

“I try to do this with all the combatant commands, sit down face-to-face: ‘Where are we? Are we meeting your requirements?’ ” CYBERCOM Commander Adm. Michael Rogers told Congress earlier this year. “Cyber Command, in many ways, what we do functions to support others. We exist to enable and support the success of others.

While cyber isn’t 100 percent analogous to the other physical domains, Haugh said key pillars are applicable.

“There are obvious differences in terms of the difference in geographic approach – cyber does not present the same clean lines in terms of geography but in terms of understanding how an adversary uses capabilities or vulnerabilities that presents those standard lessons that we’ve learned from all the other domains of warfare apply,” he said.

Haugh noted that the stand up of Joint Task Force-Ares, used to fight the Islamic State, created an operational level headquarters that could bring a cohesive approach to Central Command and be able to be focused on speed, outcomes and integration of the multi-domain fight.

The previous commander of Army Cyber Command and JTF-Ares, Lt. Gen. Edward Cardon, told reporters in 2016 that the task force allows greater command and control for the overall global counter-ISIS collation.

The partnership between CENTCOM and CYBERCOM has continued to evolve through present, Haugh said, and leaders there have learned how to present options in the context of what Central Command’s desired outcomes are.

Stratton’s predecessor, Col. Robert “Chipper” Cole, has stated previously how within the JTF-Ares and counter-ISIS effort more broadly, CYBERCOM and CENTCOM have a say on potential targets with a CENTCOM targeting board and a JTF-Ares targeting board in which the cyber personnel have to link up with the CENTCOM personnel.