DISTRIBUTION A:
Approved for public release; distribution is unlimited.
Document created: 1 September 2008
Air & Space Power Journal - Fall 2008
|
|
|
Maj Andrew P. Hansen, USAF
Maj Paul D. Williams, PhD, USAF
Lt Col Robert F. Mills, PhD, USAF, Retired
Lt Col Mark A. Kanko, PhD, USAF, Retired*
Red Flag exercises, well known as training components of air warfare, will also become a staple of cyber warfare. —Former Secretary of the Air Force Michael W. Wynne |
The Red Flag exercise, held six times per year at Nellis Air Force Base (AFB), Nevada, and Eielson AFB, Alaska, routinely pits a coordinated team of more than 80 airplanes against numerous, realistic air threats and a robust array of surface-to-air missile (SAM) systems as participants deliver weapons and air-dropped cargo on realistic targets and drop zones. Most participants would agree that Red Flag provides the ultimate peacetime test of joint and coalition air operations, but the Air Force must execute a fundamental paradigm shift if it wishes to meet former secretary Wynne’s vision of a significantly enhanced cyber-warfare environment. This change is so monumental that full implementation would fundamentally detract from the critical objectives of Red Flag. In short, the time is right for Cyber Flag.
The Air Force grew out of technology and its employment (in conjunction with people, processes, and doctrine) within the air domain as a means of influencing the outcome of war. Innovation early in the airpower era helped solidify a new war-fighting domain that proved decisive in World War II, ultimately paving the way for the creation of the United States Air Force as the lead service for organizing, training, and equipping an air-minded military capability. Likewise, we now find ourselves in the infant stages of the cyber era, wherein the addition of cyberspace is revolutionizing the way we will fight and win future wars. We face the significant challenge of providing a realistic training environment that reflects this change. This situation differs considerably from the normal evolution of Red Flag over its 30-year history, but technological advancement represents a core element in the history of the Air Force. Air pioneers of the 1920s could not have imagined how airpower would evolve, and the same holds true of today’s advocates of cyberspace. In a letter to Airmen, former secretary Wynne highlighted the incredible technological advancements that are yet again transforming the face of war: “Our adversaries realize the asymmetric opportunities of cyberspace. They attempt to access American industrial servers that contain sensitive data, exploit electromagnetic energy to try and jam or misdirect our precision weapons, and use radio transmitters to detonate improvised explosive devices, killing Americans, Coalition allies, and innocent civilians.”1
Although the recent emphasis on cyberspace is a step in the right direction, US military preparations pale in comparison to those of other international powers, most notably China. The Chinese have been restructuring their military for over a decade to transform their mechanized People’s Liberation Army (PLA) into an “informationalized” force capable of capitalizing on the asymmetric effects of cyberspace.2 The PLA now focuses on achieving battlefield gains through the full spectrum of kinetic and nonkinetic capabilities. An analysis of Chinese doctrine and recent exercises reveals advanced information warfare (IW) capabilities, such as computer network attack, on par with tanks, artillery, and aircraft in their effectiveness in countering an enemy advance.3
Hardly a week goes by without some news report about how Chinese entities (government, military, or individual actors) have compromised computers and networks in the United States. This series of coordinated attacks, beginning in 2003 and dubbed Titan Rain by the US government, is just one indication that the United States has already fallen victim to offensive IW activity by the Chinese.4 One need also look at the recent public release of the Aurora experiment to understand the effects made possible by cyberspace.5 Although many details remain classified, Aurora demonstrated how computer network attack could destroy one of the most commonly used power generators within the United States’ domestic electrical grid. During this test, the generator responds to a series of malicious computer-control commands by shaking violently and then grinding to a complete halt in a cloud of smoke. Exploitation of this same vulnerability across the nation would produce extended power outages and crippling economic repercussions. Government economist Scott Borg summarizes the consequence of such an attack: “It’s equivalent to 40 to 50 large hurricanes striking all at once. . . . It’s greater economic damage than any modern economy ever suffered. . . . It’s greater than the Great Depression. It’s greater than the damage we did with strategic bombing on Germany in World War II.”6
Cyber threats to the United States range from nation-states to transnational actors to organized crime, each with its own set of capabilities, resources, and objectives. The point is that we must be ready to deal with all of them—and this requires building a force that not only can operate effectively in and through the cyberspace environment but also can integrate capabilities across the various war-fighting domains. This monumental task requires that the Department of Defense (DOD) identify and develop the appropriate skills and abilities of our people and then establish a Cyber Flag to exercise, exercise, exercise!
In October 2006, the Joint Chiefs of Staff endorsed the following definition of the term cyberspace: “a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify and exchange data via networked systems and associated physical infrastructures.”7 Nearly two years later, however, we still have no published service or joint doctrine that defines cyberspace, a situation that has led to differing views about what cyberspace comprises and what constitutes a force operating in that domain. Discussions within and across the services are complicated by the lack of a common lexicon that clearly delineates which forces and capabilities (such as electronic warfare [EW]) fall within the cyberspace domain. China has advanced far beyond these discussions, having already established consistent doctrine—available through open sources—and an accompanying large-scale IW force. Establishment of a tangible exercise environment that reveals these shortfalls would enable development of a common language out of necessity.
An important reality of the cyberspace domain is that it encompasses far more than just computer networks. Cyberspace is a sphere that includes every element of both analog and digital media, just as airspace includes every air molecule. One need only look at the control that these digital elements have over banking, power distribution, and personal communications to realize the true extent of this domain. As former secretary Wynne wrote, “Cyberspace is a domain, like land, where each of the principles of war applies. To grasp this concept requires a major institutional and cultural shift in war planning and operations.”8
The Chinese realized this long ago and capitalized on the fact that the United States has not emphasized the enabling capabilities of operations within and through cyberspace. The conduct and resulting effects of information operations (IO) may not be as impressive as kinetic operations involving physical destruction, but an effective IO capability is just as important as the ability to hit targets with bombs. In fact, due to our own dependence on cyberspace, the United States is more susceptible to asymmetric attacks against our cyberspace infrastructure than to conventional attacks. Because the technology that makes our country so powerful represents a giant Achilles’ heel, we must develop and train with the most effective and cost-efficient techniques to protect it.
Keeping this vulnerability in mind, we acknowledged that the proper posturing of forces to wage war in cyberspace is essential to the future of the Air Force and our nation. Thus, 18 September 2007 saw the activation of Air Force Cyber Command (Provisional) at Barksdale AFB, Louisiana, under Maj Gen William T. Lord.9 An associated force-development effort for this new major command will bring personnel from various career fields (such as EW, communications, and space control) critical to cyberspace operations. With respect to joint operations, Cyber Command complements both the Naval Network Warfare Command and the Army 1st Information Operations Command. The Air Force now fully embraces cyberspace as an operational domain, one in which we attack and defend targets, produce effects, and hold adversary capabilities at risk.
A recent article titled “Defining Information Operations Forces” examines the capability gaps between and within each of the services regarding the IO mission, contending that these gaps exist primarily because previous attempts to define and build a dedicated IO force proved unsuccessful.10 Cyber Command establishes the leadership to build a robust force encompassing the diverse missions, skills, and capabilities of IO, but, as discussed earlier, pitfalls remain. An effective training environment provides a springboard for avoiding these hazards.
While the Air Force begins organizing, training, and equipping a force for cyberspace operations, it faces the fact that much of the expertise rests with civilians. However, this was true of the air domain as well since most air pioneers were civilian enthusiasts. Leveraging the capability of computer hackers who so often try to penetrate government and civilian networks offers incredible potential. Consider that during the early years of aviation, some of the most respected pilots performed unimaginable aerial demonstrations as stunt pilots and barnstormers. Regarded as renegades, these same pilots pushed aircraft capabilities and performance to their limits, leaving such names such as Charles Lindbergh indelibly stamped in the history of aviation. In a number of respects, hackers test our information systems in many of the same ways and represent an invaluable resource as the Air Force and DOD seek the skills required to gain dominance in the cyberspace domain. Cultivating the capability to defend against the best computer hackers in the world will enable the military to leapfrog the civilian sector’s cyberspace capabilities in much the same way that the Air Force now dominates the air domain. The overall goal calls for developing overwhelming expertise, providing a strong deterrent to potential enemies, and assuring that we have the means of taking decisive battlefield actions to minimize damage to US military and civilian personnel as well as their assets. We can integrate this cutting-edge expertise most effectively into our repertoire by creating an environment that highlights, demonstrates, and improves the enabling capabilities of cyberspace.
Based on this understanding, we can now move on to the task of integrating both civilian and military forces to protect and defend our nation from the pervasive threat enabled through cyberspace. Preventing, containing, and defeating attacks such as Aurora are vital to the DOD’s objective of providing adequate defenses for the nation’s critical infrastructure.
Although an eye-opening demonstration, Aurora offers only one example of capabilities by means of cyberspace. The Air Force Information Operations Center at Lackland AFB, Texas, created the Black Demon exercise in 2000 to test the defensive posture of our military networks.11 For many individuals, Black Demon is the equivalent to playing out Red Flag on computer networks. Participants defend critical command and control (C2) nodes from persistent attacks launched by trained adversaries from the 57th and 177th Information Aggressor Squadrons, the 92nd Information Warfare Squadron, and the National Security Agency. In 2006 the exercise, renamed Bulwark Defender, expanded by integrating forces from the Army, Navy, and Marine Corps, focusing on computer network defense and, as such, providing the best venue for joint integration of forces dedicated to this mission area. It does not encompass the other elements of IO (such as EW and psychological operations) to any degree, nor does it provide an environment that integrates cyberspace effects with those achieved by air-breathing or space-based assets. Therefore, to bring this effort to maturity, we must begin developing an environment that combines effects of air, space, and cyberspace into one realistic training environment.
Pentagon staffers with a vision for realistic training first created the concept of Red Flag in 1975. After the commander of Tactical Air Command, Gen Robert Dixon, approved it, the first Red Flag began in November of that year.12 The exercise continues to train joint and coalition air forces to operate in a realistic air-combat environment to this day. Red Flag has also contributed directly to the overwhelming military success of the United States in recent conflicts.13
Red Flag and Bulwark Defender independently provide key realistic training to aircrew and network operators but fall short in demonstrating cross-domain capabilities and effects. We now need to combine Bulwark Defender and Red Flag into an exercise emphasizing cyberspace effects achieved both kinetically and nonkinetically. This Cyber Flag exercise would preserve the effectiveness of existing training while embracing the new domain of cyberspace and integrating capabilities drawn from across the services and coalition partners into one coherent effort. Bulwark Defender enables us to exercise key joint defensive capabilities within cyberspace, whereas Cyber Flag offers a training environment that integrates both offensive and defensive cyberspace effects into the mainstream operational and tactical planning effort. A joint force commander in Cyber Flag could call on IO options or capabilities as readily as he or she would select a bomb or other kinetic weapon. Development of such an environment becomes more palatable when divided into a three-year and 10-year vision, fully focused on maximizing the exposure of participants to effects realized within cyberspace.
Three-Year Vision: Best Practices and Worst Scenarios
A starting point for the establishment of Cyber Flag involves combining the best practices of existing training with the worst cyberspace scenarios, thus enabling a single exercise serving as a proof of concept for the future. The Nevada Test and Training Range (NTTR), the center of Nellis AFB’s Red Flag exercise, provides approximately 1,000 square miles for participating aircraft to maneuver against realistic air and ground threats. Similarly, the Joint Information Operations Range, the center of cyberspace exercises, offers an isolated network of geographically separated nodes capable of emulating a large number of real-world network topologies. This range isolates cyberspace effects from the public Internet while protecting tactics, techniques, and procedures from observation by potential adversaries. In addition, it protects training events from external influences, thus providing a perfect foundation for the Bulwark Defender exercise. Similarities between the NTTR and Joint IO Range environments, as well as between the objectives of the Bulwark Defender and Red Flag exercises, give us an excellent starting point for integration. Adding the appropriate C2 infrastructure enabled by the Joint IO Range makes the defense of networks supporting a tactical exercise such as Red Flag a critical concern as aggressors attack them. The operational-level communications infrastructure exists as part of Bulwark Defender but lacks ties to the tactical-level planning effort; however, the objectives of Bulwark Defender are an important part of evaluating network defenses. Thus, we can now take training to the next level by utilizing the information flowing on the network to realize tactical objectives. The fusion of the Bulwark Defender and Red Flag environments and scenarios into a Cyber Flag would enable aviators and network operators alike to see cyberspace effects played out in real time. Since Cyber Flag emphasizes cyberspace effects, there is no conflict with existing training objectives, as would be the case if a network attack affected Red Flag’s flying training. Friendly network-attack forces participating in Cyber Flag would play a critical role in attacking aggressor target arrays, also enabled by the Joint IO Range. Vital to creating realistic cyberspace targets is the ability to replicate threat systems on an IO range that, when incorporated with the physical Cyber Flag target array on the NTTR, would create an integrated war-fighting environment. Cyber Flag scenarios and lessons learned would then adjust to incorporate this enhanced capability. Consider the following example, which highlights the significant operational impact resulting from an underlying distrust of the data feeding a network.
The combined air operations center, which produces the air tasking order for Red Flag, uses an intranet to tie together the many computers coordinating the operational-planning effort. This network contains several links to the outside world in order to enable access to the Internet and Global Information Grid. Using a relatively low level of sophistication, with no long-term damage, an adversary could penetrate the network and cause various computers to display the adversary nation’s flag as the desktop background and screen saver. In itself, this action is benign but requires access to the computer file system; successful access would also allow theft or modification of data that users would probably never discover. This can and should result in a loss of confidence in the data and information on the affected machines and the network as a whole. The reaction of the commander would likely range from a simple incident response and forensic analysis to momentary termination of planning activities. Although the primary effect entails delayed production of the air tasking order, there exists a strong possibility of rippling effects in the targeting cycle. This is just one of a multitude of scenarios that requires training to ensure that we do not see these cyberspace effects for the first time during an actual crisis.
The visualization component of this integration will pose a significant challenge. The Nellis Air Combat Tracking System, the window into the Red Flag battle, does little to demonstrate battlefield effects beyond the conventional realm. During postmission debriefing, the system allows for repeated replay of the air war on huge screens so that the hundreds of participants have a true understanding of what transpired during the mission. Initially, skillful use of debriefing slides could compensate for a lack of cyberspace-effects visualization, but we must have a future vision for a more robust capability—to display the real-time effects of the air and cyberspace battle. Until this type of capability exists, warriors will not fully realize the power of this new war-fighting domain and the fact that effects, rather than the attrition of target sets, hold the key to fighting and winning wars.
Ten-Year Vision: Cutting-Edge Dominance
The next decade should focus on building Cyber Flag into a mainstream training exercise. With even a small-scale proof of concept for Cyber Flag realized in the near term and a constantly improving visualization capability over the next several years, cutting-edge dominance in cyberspace requires multiple, large-scale, annual events to maximize exposure to this critical training. The Cyber Flag transformation strongly resembles the changes that EW brought to the fight, spawning the Green Flag exercise. During the Vietnam War, employment of low-altitude aircraft proved impractical, so we developed medium- and high-altitude tactics. Key to these tactics was the suppression of enemy SAM systems. A training conflict developed when missile systems were electronically jammed during Red Flag, limiting the participants’ opportunity to react to those threats. Many aircrew members saw actual indications of a SAM system for the first time at Red Flag. To preserve this critical training requirement, Gen Wilbur L. “Bill” Creech developed the Green Flag exercise in 1978 to emphasize the enabling capabilities of EW.14 Green Flag was the most robust exercise of EW assets in the world. The breadth and revolutionary nature of waging war in cyberspace extend beyond the goals and objectives of Red Flag, thus suggesting the need for a similar approach. Realization of a cyber attack that brings all exercise operations to a halt would likely drive home the point that we are fighting a much different type of war. Such an exercise would have the goal of demonstrating offensive and defensive cyberspace capabilities. This approach closely mirrors the way the Chinese have trained since the late 1990s in their transformation from a “mechanized PLA force to an informationalized force.”15 As Timothy L. Thomas states in his book Dragon Bytes,
In October 1999, the PLA conducted another IW exercise. Two army groups of the Beijing Military Region conducted a confrontation campaign on the computer network. Reconnaissance and counter reconnaissance, interference and counter interference, blocking and counter blocking, and air strikes and counter air strikes were practiced. The Operations Department of the General Staff said this was the first time that a computer confrontation was conducted at the campaign level between a red army and blue army. Actual field operations of a similar nature were conducted simultaneously in the Jinan Theater. According to one observer, the performance of the high-tech weaponry was like that of a “tiger with wings.” The force demonstrated new tactics of using live ammunition to hit enemy cruise missiles and computer technology to hit information networks, links and points.16
The training and capabilities of the PLA have likely improved a great deal since 1999, due in part to such credible training. Our future vision for realistic training should rise to meet this level of threat while breaking free of the geographic boundaries imposed by the current exercise arenas.
Most people in the Air Force are familiar with the phase-two employment-exercise environment, which simulates a base under attack. Participation in a future Cyber Flag could have the same flavor, with a base required to launch attacks from home station while under attack from air, space, and cyberspace. Building on this premise, by 2018 we should have a realistic training environment involving a widely distributed war involving multiple bases, conventional ranges, and computer networks. The continual growth of network and communication capabilities makes this a realistic prediction, given the proper emphasis and planning. Unlike the evaluation model of a phase-two exercise, this one would provide training to participants, just as Red Flag has done for years. What better test of training and preparation than an environment where operations are inhibited by compromises of e-mail servers, degradation of mobile and public switched telephones (or their successors), as well as assaults by aggressor aircraft? The Chinese see this type of training as the way to exercise kinetic and nonkinetic options by their informationalized force, as demonstrated in the exercise report mentioned above. In order to dominate air, space, and cyberspace, the United States must do the same. Experiencing such a robust combat environment at one’s home station is the ultimate goal of realistic training since it enables the maximum amount of training, using the most realistic forces, in the shortest amount of time, at the least expense.
Although it is difficult to fathom what the world, much less the Air Force, will look like beyond this 10-year vision, we must strive for a cyberspace capability equivalent to the shock-and-awe campaign of Operation Iraqi Freedom. In order to do so, we must initiate a continuing effort to keep pace with technology and bring the realities of the cyberspace battlefield into our everyday operations.
In light of emerging technology, a pervasive threat, and the conflict with existing exercise objectives, the time is right for Cyber Flag. There is no better training than the hands-on realism associated with participation in an exercise such as Red Flag or Bulwark Defender. Former secretary Wynne had a vision for dominant operations in cyberspace “comparable to the Air Force’s global, strategic omnipresence in air and space.”17 This vision requires a combination of joint coordination, skilled forces, and a realistic training environment to bring them all together. Budget constraints and a failure to accept cyberspace as a decisive war-fighting domain could put the US military in a disadvantageous position against future enemies. Cyberspace increasingly stitches together the diplomatic, informational, economic, and military instruments of power. Creation of a dedicated Cyber Flag exercise would ensure the preservation of critical learning objectives in current exercises while preparing forces to understand the important role of cyberspace in attaining battlefield success. The US military does not currently have the advantage in cyberspace. The future of the nation depends on our ability to harness the best practices in order to achieve cutting-edge dominance and, ultimately, shock and awe within cyberspace.
Wright-Patterson AFB, Ohio
San Antonio, Texas
*Major Hansen is an Intermediate Developmental Education student at the Air Force Institute of Technology (AFIT) (computer science master’s degree program), Wright-Patterson AFB, Ohio. Major Williams is deputy director of the Center for Cyberspace Research and an assistant professor of computer science and cyber operations in the Department of Engineering at AFIT. Dr. Mills is an assistant professor of electrical engineering at AFIT. Dr. Kanko is a senior defense systems analyst with Booz Allen Hamilton in San Antonio, Texas.
[Feedback? Email the Editor ]
Notes
1. Hon. Michael W. Wynne, “Letter to Airmen: Cyberspace Operations,” 7 May 2007, http://www.af.mil/library/ viewpoints/secaf.asp?id=320.
2. Timothy L. Thomas, Dragon Bytes: Chinese Information-War Theory and Practice (Fort Leavenworth, KS: Foreign Military Studies Office, 2004), 1.
3. Ibid., 6.
4. Nathan Thornburgh, “Inside the Chinese Hack Attack,” Time, 25 August 2005, http://www.time.com/time /nation/article/0,8599,1098371,00.html.
5. Jeanne Meserve, “Staged Cyber Attack Reveals Vulnerability in Power Grid,” CNN.com, 26 September 2007, http://www.cnn.com/2007/US/09/ 26/power.at.risk/index.html.
6. Quoted in ibid.
7. Joint Net-Centric Operations Campaign Plan (Washington, DC: Joint Staff, October 2006), 62, http://www.jcs.mil/ j6/c4campaignplan/JNO_ Campaign_Plan.pdf.
8. Hon. Michael W. Wynne, “Flying and Fighting in Cyberspace,” Air and Space Power Journal 21, no. 1 (Spring 2007): 9, http://www.airpower.maxwell.af.mil/ airchronicles/apj/apj07/spr07/spr07.pdf.
9. Erik Holmes, “Lord to Oversee Cyber Command,” Air Force Times, 26 September 2007, http://www.airforcetimes.com /news/ 2007/09/airforce_cyberboss_070924w/.
10. Maj Timothy P. Franz et al., “Defining Information Operations Forces: What Do We Need?” Air and Space Power Journal 21, no. 2 (Summer 2007): 53–63, http://www.airpower.maxwell.af.mil/airchronicles/apj/ apj07/sum07/sum07.pdf.
11. 1st Lt Aaron Hansen, “BD06 Confirms Joint CND Capability,” Spokesman Magazine, April 2006, http://findarticles.com/p/articles/mi_m0QUY/is_ 4_46/ai_n16135398.
12. Maj Alexander Berger, “Beyond Blue Four: The Past and Future Transformation of Red Flag,” Air and Space Power Journal 19, no. 2 (Summer 2005): 46, http://www.airpower.maxwell.af.mil/airchronicles/apj/ apj05/sum05/sum05.pdf.
13. Air Force Doctrine Document 2-1, Air Warfare, 22 January 2000, 63, https://www.hqafdc.maxwell.af.mil/ afdcprivateweb/AFDD_Page_ HTML/Doctrine_Docs/afdd2-1.pdf.
14. Berger, “Beyond Blue Four,” 46.
15. Thomas, Dragon Bytes, 1.
16. Ibid., 25.
17. Wynne, “Flying and Fighting in Cyberspace,” 7.
Disclaimer
The conclusions and opinions expressed in this document are those of the author cultivated in the freedom of expression, academic environment of Air University. They do not reflect the official position of the U.S. Government, Department of Defense, the United States Air Force or the Air University
[ Home Page | Feedback? Email the Editor]
