Education for Action: Operationalizing Cyberspace at the Academy

Much has yet to be discovered and learned in the cyber warfighting domain, but one simple equation has emerged in recent years—a hacker plus an internet-connected device plus malware now equals a potential cyber weapon that can be used for disruption, destruction or intimidation. The hacker can work for either a nation state or a rogue actor. The internet connected device can be a laptop or mobile phone. And the malware is relatively easy to purchase or obtain.

Since 2009, the U.S. Naval Academy has led efforts to develop and commission naval officers with the skills and knowledge required to more effectively operate in the cyber warfighting domain. To date, these efforts have been significant in promoting and fostering an “education for action” mindset, recognizing that in the cyber domain, midshipmen are operational and fully immersed in a Department of the Navy network beginning the day they are issued a USNA intranet account.

There can be little doubt that the Department of the Navy’s cyber challenges reach across all naval communities—air, surface, subsurface, special warfare, medical and human resources. The challenges traverse all naval networks to include but are not limited to C4I (Command Control, Communications, Computers and Intelligence), Hull, Mechanical & Engineering, Platform Information Technology, Navigation, Weapons, Research & Engineering as well as education.

In preparing midshipmen for these cyber challenges, four foundational principles are routinely presented in their curriculum to “operationalize cyberspace.”


The Network is a Warfighting Platform
Operational commanders depend on networks for Command and Control (C2), battlespace awareness, and integrated fires in many phases of conflict and for daily operations. Therefore, as with any essential warfighting platform, the network must be made available, defended from intrusion or attack and, when necessary, deliver warfighting effects to achieve operational missions.

Assured C2, reduction of attack surface and enhanced defense in depth operations are well-understood, critical success factors for carrier strike group operations. These factors are now also core to the day-to-day conduct of successful Navy network operations in the presence of adversaries, natural emergencies, equipment failures and human error.

Operational Framework: Operation Rolling Tide (August 2013–February 2014)
Within the Department of Defense, Navy was targeted by a cyber adversary who engaged in a focused and sustained campaign against the Navy Marine Corps Intranet (NMCI). In network size, NMCI is second only to the internet itself, with more than 770,000 users and more than 120 million browser transactions per day. As the unclassified lifeline network of the Navy, NMCI supports a mix of Navy business, logistics, administrative and readiness processes necessary to sustain combat operations.

In response to the NMCI intrusion, Commander, Tenth Fleet successfully planned and executed Operation Rolling Tide to counter adversary cyber activity and regain C2 and integrity of the network. As noted by Secretary of the Navy Ray Mabus, Rolling Tide represented the largest and most sophisticated network maneuver in Navy history.

The success of Rolling Tide required extensive coordination with all USN Echelon II commands and a wide array of joint cyber partners to ensure mission impacts were minimized, while network security was enhanced. As the Navy’s first named cyber operation, Rolling Tide represents the new cyber norm in which the Navy must be prepared to simultaneously institute network strategies as well as lead and conduct cyber operations across multiple levels.

As a classroom case study, Rolling Tide provides multiple lessons  learned on network defense strategies, improved command and control, risk mitigation processes and, most importantly, the “fight-through” mentality required to operate and maneuver a network in the face of a cyber, advanced persistent threat.


Foster a Cyber Warrior Ethos
Warfighting in the cyber domain requires the ability to maneuver, operate and defend Navy networks in real time. In the traditional warfighting domains, few military members are issued weapons, and even fewer are authorized to load ammo; however, in the cyber warfighting domain, almost every member is given a keyboard. It is essential to foster a warrior ethos with that keyboard to ensure midshipmen understand that the keyboard is more than just the interface to “surfing the net” or doing late-night research; the keyboard needs to be recognized as the interface to executing and enabling operations in and from the cyber domain.

The Navy’s cyber warrior must break down the perception that cyber operators are “techies” or “service providers.” Cyber warriors must be educated and trained in Navy’s traditional warfighting ethos, planning tools and mission accountability to ensure they can operate as a unified maneuvering force that can function under the same planning principles and synchronized operational orders as recognized by other warfighting commanders.

Operational Framework: U.S. Counter-Terrorism Operations
Across this enduring mission set, a unique perspective emerges that helps shape a warrior ethos that is operationally relevant in cyber warfighting on both the offensive and defensive front.

Counter terrorism operations include the policy, strategy, tactics and techniques to combat terrorism, often employing direct-action efforts to seize, capture or destroy a target. These operations usually require full sharing of all-source intelligence to enable and ensure the speed, agility and precision required to execute the mission and return safely.

As can be seen on a daily basis, cyber warriors must also be trained and skilled to employ varying levels of direct-action efforts to seize, capture or destroy targets. These cyber direct-action efforts must also be supported by the rapid dissemination of all-source intelligence to enable the speed, precision and agility required to enable or support both defensive and offensive operations.

Whether it is the eradication of adversary activity on a Navy network, enabling drone-strikes against high-profile targets, or as part of the recently announced (April 2016) U.S. cyber offensive against the Islamic state, cyber operators are fully engaged in direct-action efforts to seize, capture or destroy targets.

In today’s conflicts, the reality is that cyber now plays a part in operational planning and execution that five to 10 years ago was not conceivable. Cultivating a cyber warrior ethos in our midshipmen will be critical in guiding all Navy warfare communities through the cyber challenges and opportunities that are now conceivable in their lines of effort and lines of operation.


Cybertight Integrity
All sailors understand the threatening urgencies associated with a hull breach and the loss of watertight integrity. Similarly, a network breach and the loss of cybertight integrity must engender a similar sense of threatening urgency. Just as midshipmen are introduced to watertight integrity principles, they are now introduced to key cybertight integrity principles such as resiliency, redundancy, diversity and trust management required to assure the data, the network and the mission. Cybertight integrity must become to a network what watertight integrity is to a vessel.

Much like material conditions of readiness, compartmentation and qualified damage control teams are critical components of a ship’s watertight integrity, they must also become critical components of a network’s cybertight integrity. A steady and stable network must have a material condition of readiness program that accounts for and inspects firewalls, boundary control points, intrusion detection systems, detection software, etc. Network compartmentation must allow for the rapid isolation of compromised links and nodes so as not to effect the whole network, and a qualified network damage control team must be identified with roles and responsibilities clearly defined.

Operational Framework: Loss of THRESHER (10 April 1963)
On 9 April 1963, THRESHER departed the Portsmouth Naval Shipyard with 112 crew members and 17 technical observers for deep diving exercises in an area approximately 200 miles east of Cape Cod, MA. At 0917 on 10 April, THRESHER reported “exceeding test depth” and at 0918, THRESHER’s escort ship (Skylark) detected a high-energy, low-frequency noise with the characteristics of an implosion. Thresher sunk in approximately 8,400 feet of water.

Investigative findings identified that THRESHER suffered from a watertight integrity problem that started with a ruptured pipe in the engine room causing flooding and loss of the engine control switchboard. Per investigative conclusions, deficiencies in design, fabrication practices, quality assurance and operational procedures resulted in the THRESHER crew being unable to secure the flooding, blow the ballast tanks or drive to the surface.

In response to the THRESHER findings, the Navy created the SUBSAFE program that is designed to ensure maximum reasonable assurance of watertight integrity and recovery capability of a submarine. SUBSAFE mandates a culture of safety with a set of well-understood and non-negotiable requirements across the design team, the engineering team and the crew.

As part of the enduring THRESHER legacy, SUBSAFE served as a model for the Navy’s recently implemented CYBERSAFE program. CYBERSAFE is designed to ensure maximum reasonable assurance of survivability of critical Navy networks and control systems necessary for mission success. CYBERSAFE’s mission will ensure compliance with policy, establish strategic vision and synchronize Navy’s cyber approach to inform, align, evaluate and prioritize requirements for all platforms and networks.


Cyber will be a Campaign Conflict
Cyberspace as a domain is still relatively new and yet it is completely pervasive. Computers and telecommunications have been integral in the conduct of warfare from their inception; however, with the emergence of cyber technologies and weapons, joint and Navy tactics, techniques and procedures must be developed and learned in order to fight successfully within cyberspace in the virtual domain as well as from cyberspace in the physical domain.

As in any campaign and/or operation, commanders use the principles of war—mass, objective, surprise, simplicity, security, maneuver, unity of command, economy of force and offensive to form and select courses of action and concepts of operation. In the cyber domain and across these principles, the adversary tends to hold unique and distinct advantages that must be accounted for—these advantages are quite similar to those seen over the past decade in Iraqi and Afghanistan combat operations when specifically analyzing U.S. physical security and force protection requirements.

Operational Framework: Forward Operating Bases (FOBs)
For more than a decade and in support of Operations Iraqi Freedom and Enduring Freedom, FOBs have become the mainstay of the U.S. presence in Iraq and Afghanistan. FOBs, such as Danger and Falcon in Iraq and Gardez and Salerno in Afghanistan, provide vivid learning examples of a contested environment that is under constant adversary surveillance, where the threat of harm is real and the adversary holds a number of principle of war advantages to include surprise, maneuver, simplicity, etc.

FOB operations, much like defensive cyber operations, require a secure perimeter, controlled entry points, guarded access lists, intrusion detection systems, hardened defenses, personnel and services accountability, ready response teams and, most importantly, a warrior-like passion to protect each other and get the mission done.

FOBs remain an integral component in the continued Iraqi and Afghanistan campaigns, and the FOB operational framework and mindset provides a real-world example of the framework and mindset required to be successful in the cyber campaign conflict.


On 27 May 2016, 1,000 midshipmen graduated from the Academy with a solid educational foundation in cyber as well as 27 midshipmen who received the first Bachelor of Science Degree in cyber operations. This plankowner crew of 27 represents the Navy’s commitment to enhancing cyber readiness across the fleet as well as the Naval Academy’s role in preparing graduate-leaders with deep foundational cyber knowledge and skills. The Academy’s “education for action—operationalizing cyberspace” program recognizes that in moving forward, we must learn from the past, understand the present and prepare for a complex and challenging future in the cyber warfighting domain—and it will start with one midshipman at a time.

Captain Dave Bondura ’88, USN, currently serves as the U.S. Naval Academy Center for Cyber Security Studies deputy director. His previous assignment was at Fleet Cyber Command/Tenth Fleet as the operations officer.

Resources:
1.  U.S. Fleet Cyber Command/Tenth Fleet Strategic Plan (2015–2020)
2.  SUBSAFE–Thresher (SSN 593) Lessons Learned, available at: nsc.nasa.gov/SFCS/SystemFailureCaseStudyFile/Download/407
3.  Task Force Cyber Awakening EXCOM (14 August 2015)
4.  Thresher Base, available at: http://www.thresherbase.org/the-tragedy.html
5.  War in Cyberspace (A theory of War in the Cyber Domain), available at: https://cyberbelli.com/
6. ADM Rogers remarks during the Cyber Lecture Series at USNA

Source: May-June 2016 Shipmate
By Captain David Bondura ’88, USN

 

© 2018 United States Naval Academy Alumni Association & Foundation 410-295-4000