Cyber security

Urgency grows to align cyber, physical combat

futuristic cyberwar

The time has come to stop thinking of cyberwar and physical combat as separate things, experts say. (Stock image)

Until fairly recently, the idea of warfare meant one thing: physical combat. In recent years this idea has evolved with the establishment of cyberspace as a military domain. But for the most part, the two tend to remain separate: separate military training, separate operations, separate rules of engagement. That will need to change – and soon, according to experts.

Cybersecurity's prominence has skyrocketed in recent months, and as focus ramps up in Congress, the executive branch and the military, that trend will only continue. Dealing with it requires a change in approach that fuses what have until now been distinct lines of operation.

"Right now we're being asked to look at potential consequences of attacks on [critical infrastructure] and prioritize...from a cyber perspective," said Suzanne Spaulding, deputy undersecretary for the National Protection and Programs Directorate at the Homeland Security Department. "You can't do that if you're not looking at the cross-sector and physical consequences."

Spaulding, one of several speakers addressing the Feb. 22 AFCEA DC cybersecurity symposium in Washington, pointed out that at DHS, this idea already is under way in the form of integrated task forces for assessing risks and implementing policies.

"It's an absolutely essential piece of this to have a coordinated approach," she said. "We're pulling in cyber and physical folks to do joint assessments, looking at what are the cyber vulnerabilities, what are the physical vulnerabilities, how do they relate to each other, and importantly, what are the cascading effects?"

An alignment of policies and actions in cybersecurity is happening across the government, recently evidenced by mandates for cooperation and information-sharing rolled out in President Barack Obama's executive order and accompanying presidential policy directive.

On the military side, a parallel alignment is taking place as well, but it has required a careful consideration of core missions and how to meet their requirements, according to one Defense Department official.

"If I ask you what does an infantry battalion or a carrier strike do, you can define that," said Maj. Gen. Brett Williams, director of operations at U.S. Cyber Command. "So one thing we needed to do in defining the missions...we needed to align forces, capability and capacity to each one of the missions."

Those missions – defending national security against cyber threats, securing the DOD information network and supporting combatant commands – are still being tweaked at CyberCom, now in its third year of full operation. However, doing so means walking a fine line between applying traditional military approaches and giving special considerations to the distinctive nature of cyberspace.

"We've done a very good job convincing people how different, mysterious and technical cyber is, which it is. But I would argue [that while] operations are unique...they're no more unique than flying an airplane is from operating a ship," Williams said.

At the same time, leadership cannot take the same approach to cyber weapons and operations that would be used in, say, nuclear cases – a common, but some say faulty, comparison.

"It's an analogy that is almost always false," said Eric Rosenbach, deputy assistant secretary of defense for cyber policy. "Loose nukes are actually an easy problem compared to constraining the flow of destructive malware. They're produced almost entirely by nation-states. They give off a signature – there are actually radiation waves you can track. And it's a physical thing. That's not the same situation when it comes to malware...which passes through borders and is nearly, if not completely possible, to track."

In an operational picture that is blurred by a lack of boundaries, visible enemies and established rules, the fine line emerges. While cyber is a part of national security and military domains that is unlike others, it is still just that – one part of a larger, operational landscape in which the U.S. government as a whole must engage.

"You can't clearly define what's defense and offense. We've got to have all the capability to coordinate, integrate, synchronize and de-conflict across operations, offense and defense," Williams said. "There is no such thing as cyber conflict. There is only conflict, and cyber provides another medium in which to exercise elements of national power."

The 2014 Federal 100

FCW is very pleased to profile the women and men who make up this year's Fed 100. 

Reader comments

Sat, Mar 9, 2013 Jarno Limnéll Helsinki, Finland

Well said and written. We are moving towards a ubiquitous world where the border between kinetic and non-kinetic environments is becoming more blurred. And the speed of this evolution is fast. Many aspects are merging into one which we can interpret as a Cyber domain. We are already living in an interconnected “online world”, where we – as individuals, society, the military, and the global economy – rely on both the functionality and security of this “World of Bytes”. Every second the cyber domain expands and becomes more complex. This means that there is an incredible scope of possibilities and the means develop new things. The integration of the online world with the physical world brings a new dimension to human life. It is vital to understand that cyberspace should not be treated as a separate domain but as one that is entwined with the physical space. In military terms, modern warfare demands the effective use of cyber, kinetic, and combined cyber and kinetic capabilities. Such capabilities could be an additional fifth domain in traditional warfare as the U.S. military views it, or even a standalone approach to warfare. Cyber operations can be kinetic or non-kinetic. The boundaries between conventional and cyber operations are blurring, as cyber capabilities can be seen as force multiplier in conventional operations. It should be noted that any future crisis will introduce cyber capabilities. They will have a cyber warfare component, whether it is public knowledge or not.

Mon, Feb 25, 2013

Very true, considering how much over-the-air data is transferred, GPS use, computer systems, personal electronics,etc are on the battlefield, all it takes is a low tech enemy with a good computer hacker to mess up the mighty powers that spend a lot on technology or to use simple technology to tap into the data streams. Or on the other end, like China which uses top of the line stuff to infiltrate most of the US computer systems. From the battlefield to some office in Podunk North Dakota, all have something the bad guys want or want to mess with, if nothing more than access to another system via a network.

It is apparently so bad now that our computer folks can no longer trust people logging in to be who they are, we now have to send an occasional digitally certified email to say yes, I am the one using this system or we get locked out (wonder how long before the Chinese crack that too?).

The subject of combining the two reminds me of an engineering instructor I had many years ago for high frequency electromagnetic and RF engineering who responded to those students who did not understand why they needed his classes since they were going to be DIGITAL engineers by saying "In not too many years all digital designers will have to know RF design since you will be designing for circuit bandwidths in the gigahertz range" (paraphrased) And how fast are computer bus data transfers now and what are the clock/data rates of processors and other microelectronics?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above