Pages

Monday, September 15, 2014

The First US Army Cyber Warfare Brigade


September 14, 2014: The first American Army Cyber Protection Brigade recently became active. This unit was created to provide quick and competent personnel for setting up and maintaining network defenses, as well as experienced personnel to investigate and deal with intrusions.

The core of the brigade are the twenty cyber protection teams. Each contains 39 military and civilian network security experts. To provide the military personnel the army has created a special MOS (Military Occupational Specialty) so qualified personnel can make a career of this work.

This MOS (25D, Cyber Network Defender) is open to all qualified military personnel. Currently there are 700 troops with the 25D MOS and more are being sought. The 25Ds are in high demand, and they are supplemented by qualified civilians, who are more expensive. Since highly skilled 25Ds will always be tempted to leave the army and take better paying civilian jobs the army will, as it does with other specialists (like Special Forces troops) offer big cash reenlistment bonuses to 25Ds they want to keep.

The 25Ds are similar to Special Forces troops in other ways. The Special Forces brigades (called groups) are smaller (1,500 troops) than regular combat brigades (over 4,000 personnel). There are other specialized brigades that have fewer troops, like the 1,100 or so in the Cyber Protection Brigades. What does make the Cyber Protection Brigades unique is the integration of so many civilian contractors with military personnel in the key elements (the cyber protection teams).

These new brigades are part of the army and the new U.S. Cyber Command (USCYBERCOM). There they will join the new offensive cyber-teams, which began forming in 2013. There will be at least 40 of them by 2015. By 2016 the army also expects to have at least three Cyber Protection Brigades.

The offensive and defensive teams benefit from Cyber Command intelligence and monitoring operations as well as a big budget for keeping the software library stocked with effective tools (including zero day exploits, which are not cheap at all).

Cyber Command also has contacts throughout the American, and international, software engineer community. This can provide crucial expertise when needed. The effectiveness of these teams will vary a great deal because one highly skilled Internet software whiz on a team can make a huge difference.

The majority of these teams will be assigned to the nine major commands (like Centcom or Socom), but some of the offensive teams will be maintained separately to strike back at major attacks on the United States. Exactly what weapons would be used are not discussed, nor is the exact size and organization of offensive cyber-teams.

What is known that there is work for such teams of Internet specialists if they work in conjunction with lawyers and the State Department. This kind of organization has already destroyed several Internet criminal organizations. NSA (National Security Agency) has also been even more active in carrying out offensive attacks.

Cyber Command became operational in late 2010 and is still working on an official (approved by the government) policy stipulating how Internet based attacks can be responded to. Meanwhile there have been a lot of unofficial attacks. The 2013 cyber-teams announcement implied that attacks are now allowed, but not what kind of attack.

The NSA leaks confirmed that attacks are going on. While Cyber Command has long been asking for permission to fight back, technical, legal, and political problems have delayed agreement on how that can be done. It's not for want of trying.

In 2012 the U.S. Congress approved a new law that allows the Department of Defense to conduct offensive Cyber War operations in response to Cyber War attacks on the United States. That is, the U.S. military was now authorized to make war via the Internet.

The new law stipulates that all the rules that apply to conventional war also apply to Cyber War. This includes the international law of armed conflict (meant to prevent war crimes and horrid behavior in general) and the U.S. War Powers Resolution (which requires a U.S. president to get permission from Congress within 90 days of entering into a war). Meeting with all the fine print has so far delayed actually allowing a legal counterstrike to a Cyber War attack.

The NSA doesn’t have all those restrictions because it comes out of the intelligence world, where there have always been fewer rules. While this approach to Cyber War makes sense to the NSA, the Department of Defense is frustrated at being held to conventional war standards.

Meanwhile, there are some related serious problems with finding qualified people to carry out such counterattacks. Headquartered in Fort Meade (outside Washington, DC), most of the manpower and capabilities for Cyber Command come from the Cyber War operations the services have already established.

U.S. Cyber Command has some smaller organizations of its own that coordinate Cyber War activities among the services, as well as with other branches of the government and commercial organizations that are involved in network security. But most of Cyber Command manpower actually works for the Cyber War organizations of the four services.

Of the four services the U.S. Air Force is the most experienced in Cyber War matters. Back in 2008 the air force officially scrapped its own planned Cyber Command, which was supposed to operate more like USCYBERCOM. That new air force organization was supposed to officially begin operating by the end of 2008. Instead, many of the personnel that were sent to staff the new command were sent to the new Nuclear Command.

This change was made in response to growing (at the time) problems with the management of air force nuclear weapons. Despite that, the air force continued trying to establish some kind of new Cyber War operation and use it to gain overall control for all Department of Defense Cyber War activities.

The other services were not keen on this. That resistance, plus the nuclear weapons problems, led to the Cyber Command operation being scaled back to being the 24th Air Force. This organization handles electronic and Internet based warfare.

The U.S. Army, following the example of the air force, also established a Cyber War operation. Some 21,000 soldiers were pulled from a large variety of signal and intelligence outfits to form ARFORCYBER (Army Forces Cyber Command). It became fully operational in 2012 with its headquarters at Ft. Belvoir, Virginia.


In 2009 the U.S. Navy created an "Information Domination Corps", in the form of a new headquarters (the 10th Fleet), with over 40,000 people reassigned to staff it. While the new Cyber War command dealt mainly with intelligence and network security, it also included meteorology and oceanography. These last two items are very important for deep water navies, especially since a lot of the information about oceans, and the weather, is kept secret.

The fleet calls upon the talents of 45,000 sailors and civilians. Most (44,000) of these personnel are reorganized into 10th Fleet jobs or will contribute from within other organizations. A thousand new positions were created, mainly for 10th Fleet. All this gave the navy a more powerful and secure position in cyberspace. The navy does not want to repeat the mistakes of the air force in this area.

The U.S. Marine Corps established a Forces Cyberspace Command in 2010, with about 800 personnel, to help provide network security for marine units. The marines are accustomed to doing more with less.

The Americans aren’t the only ones preparing for cyber war. In 2013 Russia revealed that it is organizing a Cyber War organization within the Defense Ministry. This would be a separate branch of the army, joining more traditional branches like infantry, armor, artillery and signal (where Cyber War operations already exist in most countries). Noting what’s going on in China and the United States, the Russians have decided to catch up.

The Chinese military already has a growing number of formal Cyber War units, as well as military sponsored college level Cyber War departments and extensive course offerings. These Cyber War units, plus the volunteer organizations and Golden Shield (Internet censors and monitors) bureaucrats apparently work closely with each other and have provided China with a formidable Cyber War capability.

NET Force, with only a few thousand personnel, appears to be the controlling organization for all this. With the help of RHU and Golden Shield, they can mobilize formidable attacks, as well as great defensive potential. No other nation has anything like it.