The Army looks to build up its cyber arsenal

Mark Pomerleau, May 6th 2019,

The Army is building a new tactical cyber force and it’s going to need an arsenal. Immediately stocking one is another story, however, because “offensive cyber” tools are currently developed and owned by U.S. Cyber Command for the joint mission, so the Army is working on how to best equip its teams’ specific needs.

The Army’s 915th Cyber Warfare Support Battalion (CWSB) will be capable of conducting localized cyber effects through the electromagnetic spectrum, rather than the IP-based operations conducted by Cyber Command, though it might have a tie-in with these forces and capabilities.

The CWSB will operate as an Army Cyber Command asset. It will live at the division level with 12 expeditionary cyber teams, each consisting of 45-person detachment-sized elements that will be in support of brigade combat teams and arrayed over that brigade’s battlespace on the ground. They will likely operate alongside companies.

In order to prepare these new cyber teams, the Army will have to work through the Joint Cyber Warfighter Architecture (JCWA), a singular approach to tools and platforms for high-end, remote cyber operators established by Cyber Command.

“By defining that architecture, then Cyber Command encourages the service cyber components with their acquisition entities to propose capabilities that would meet that architecture,” Ronald Pontius, deputy to the commanding general at Army Cyber Command, told Fifth Domain on the sidelines of an industry conference May 1. “Cyber Command should lead the architecture and standards, then they should be looking to the services to actually build the capability.”

The JCWA is intended to guide capability development across all the services, as Cyber Command doesn’t want capabilities designed and used by one service. How that translates into equipping these Army-specific entities requires working out “synergies” between that tactical force and the larger force, so determining what common and custom tools the CWSB uses will be in concert with the joint Cyber Command forces.

“It all has to be integrated from top to bottom,” Kenneth Strayer, deputy program manager for electronic warfare and cyber at Program Executive Office-Intelligence, Electronic Warfare and Sensors, told Fifth Domain. “All the way from sanctuary through developing capabilities to delivering capabilities. This all has to be integrated and it’s all nested on Cyber Command and ARCYBER, [which] is a component, and the tactical units are all nested under ARCYBER.”

Strayer added that he wouldn’t separate them, but obviously the needed capabilities will be different depending on the placement of units, either in the close fight on the ground or in remote sanctuary.

Questions Army Cyber Command leaders will have to wrestle with regarding using tools from the joint force at the tactical level include what infrastructure forces will operate on, and whether the tool will be attributable or not. Pontius said generally tools should be 100-percent attributable in the tactical space [letting victims know the United States is attacking them as a deterrent of further action], while that is not always the case in the joint environment.

Having the CWSB in Army Cyber Command and not distributed throughout the service, he added, aids in answering these questions, optimizing tool development, and keeping the force trained and certified much more efficiently than if members of this force were spread out across different Army entities.

One way the Army is potentially benefiting the CWSB separate from the joint mission is a recent $1 billion contract for research and development work in support of the cyber mission. Contractors awarded are tasked with providing research into cyber and electromagnetic activities (CEMA) capabilities. The contract currently is not asking for any materiel development.