In 2017, the Navy saw two deadly ship collisions at sea. First, the destroyer Fitzgerald collided with a container ship near Japan in June, and then again two months later the destroyer John S. McCain collided with an oil tanker near Singapore.
Both incidents were, per comprehensive Navy investigations, due to human error. The findings quieted speculation that a network-based attack could have disabled onboard navigation or other critical systems — but the report didn’t end discussion of the possibilities of such scenarios.
As a result, top Department of Defense leadership ordered new training and safety procedures throughout the Navy; meanwhile, internally, Navy officials called for the service’s key IT and cyber elements to routinely be part of incident investigations in the future.
Navy leaders say the decision to include cyber elements in the incident investigation is a sign of the service’s greater emphasis on stitching together operational domains.
The goal is to better equip naval forces to take on emerging threats and a changing threat landscape, regardless of location or specific mission.
“You can see what’s happened over the past year and a half, where information has been a weapon of choice,” Vice Adm. Michael Gilday, Fleet Cyber/10th Fleet commander, said in an interview with C4ISRNET.
“The way we view the environment now is in the domains of space, cyberspace and the electromagnetic spectrum all merged together. And that invisible battle space is an area that we have to optimize to win in the future. We’re starting to do that now by organizing those functions … so that we’re taking advantage of all of those disciplines.”
As evidence of their progress, Navy leaders point to the establishment of carrier strike group cyber teams and new information warfare leadership, as well as the launch of facilities like the Information Warfighting Development Center.
A new mission
“We take this very seriously. There’s a responsibility on our part to be a contributor to addressing findings in a comprehensive review,” said Rear Adm. Christian Becker, commander of Space and Naval Warfare Systems Command.
“We’ve been positioning ourselves and our resources and our people to fight on the digital battlefield for some time, and as such, we were able to respond to request for information regarding what may have occurred or could have occurred on the networks associated with those ships. We have a capability and a capacity that is unique in the Navy with people and facilities that can conduct the kinds of forensic investigations that were necessary to assess what could have occurred in those mishaps. That’s a tremendous resource for our Navy.”
According to Gilday, cyber investigations into incidents like last summer’s ship collisions involve defensive cyber operations. There, teams must effectively prove a negative: that malicious cyber activity was not a factor. Furthermore, it involves investigating complicated systems that aren’t the usual networks the teams are used to, particularly on a ship with a complex system of systems. That can include weapons, engineering, steering, navigation or other systems — or the confluence of some or all of them.
“If we’re not organized correctly to take advantage of all the information out there in an integrated fashion, we’re not going to be able to make decisions faster than the adversary,” Gilday said.
“And that’s really going to be important in the future because cyber is going to play a leading role, space is going to play a leading role, and the electromagnetic spectrum is going to play a leading role.
“So instead of those functions being stovepiped, it is having situational awareness across that invisible battle space and integrating all of those functions together.”
Here, integration between naval forces emerges as a key factor. In the cases of the McCain and Fitzgerald investigations, Gilday said his teams partnered with specialists from Naval Sea Systems Command that could bring deeper system-specific knowledge to a composite team of network-centric cyber operators.
“The first step is understanding what systems do we possibly have to look at, and then assembling the right people as quickly as we can and deploying them on-site. And that’s what we did,” Gilday said.
“In some cases … you may have evidence up front that it was cyber-related, or there’s a big enough question in your mind that cyber could have been involved, that you do have to send in a team to rule out the negative. And that’s really a call that whoever is the lead on that investigation needs to make that call, and then Fleet Cyber Command would respond and provide a team to take a look at the cyber aspects.”
Deploying information warfare
With the high-priority goal of integrating information warfare and cyber into the broader Navy, particularly at sea, service leaders last year established a new information warfare commander role deployed on carriers with the strike group commander.
Furthermore, defensive cyber teams are deployed with all carrier strike groups as well as expeditionary strike groups, Gilday said.
“We’ve taken collections of intel, of signals intelligence and cyber as well as communications — typically what would be known as the N2, the N39 and the N6 — and we’ve combined those functions under a single commander that’s deployed on the carrier with the strike group commander,” he said.
“All of the big decks that deploy get a cyber element that has the capabilities or the tool kit to get a defensive cyber work out there [protecting] those ships that are out there deployed better than they would have been before.”
The goal, Navy leaders say, is to improve integration at the tactical level as information is seeing a dramatic rise as combat currency. But it’s also critical in linking the physical domain with the cyber and electromagnetic domains, as well as creating a more holistic view of internal and adversarial command, control, communications, computers, intelligence, surveillance and reconnaissance.
“A common question I hear concerning this emerging [information warfare commander] construct is: What problem are we trying to solve? I believe the answer is simple: We are improving the application of information-related capabilities and execution of IW and [electromagnetic warfare maneuver] at the tactical level of war,” wrote Capt. Bryan Braswell, information warfare commander of Carrier Strike Group 10, in the July-September 2017 CHIPS issue.
“A failure to fully integrate all aspects of information warfare before integrating IW across physical warfare domains suboptimizes EMW execution and undermines the effectiveness of tactical situation management as an essential element of Navy combat operations.”
Perhaps at the core of the information warfare commander’s mission is to ensure the U.S. “OODA” loop — the strategic decision-making cycle of observe, orient, decide and act — is faster than that of the enemy. In an era dominated by information overload and the so-called data deluge, the OODA loop becomes more complicated to execute, but doing so provides the decisive edge.
It’s an ethos Navy leaders plan to push down the ranks moving forward.
“We’ve instituted the information warfare commander at three carrier strike groups, and that will continue to build over the next couple of years. We’ll have all our carrier strike groups covered. And the other thing we’re looking at doing is how do we organize at the fleet staff level to do business in the same manner,” Gilday said.
“It’s optimizing those functions in an integrated fashion across each of those three domains, under one commander, and then integrating into other naval operations.”
Across the board, Gilday said the developments across the Navy have improved operations and put the service in a better place than even just a year ago. And while he acknowledged there is still progress to be made in integration throughout the Navy, he’s encouraged by steady improvement and by positive feedback he’s received from operational commanders.
“What we do in terms of signals intelligence, in terms of operations and defense of networks, and in terms of offensive cyber into what they do on a day-to-day basis … our mission sets arguably years ago were much more stovepiped and are now much more integrated into the rest of naval operations,” Gilday said.
“They see the value of it. They understand how technology is advancing. They understand how in the fight today and in the future, we’re going to have to leverage that invisible battle space more and more.”
Training next-gen information warriors
With the emphasis on integrating information warfare taking root in the upper echelons of the Navy, leaders now are turning their attention toward training and education at the operator level. While most agree there’s been progress in cyber training and education, there’s also recognition that there’s much work to be done to arm operators for information warfare.
“We all participate in the mandatory series of cybersecurity training that helps us understand the baseline, but I think we as a service … have got to go beyond that to understand innately that whenever we log on, we are in a space that’s contested. And if we think about it in those terms, that changes behavior,” said Rear Adm. Christian Becker, commander of Space and Naval Warfare Systems Command.
“It’s up to us … to deliver systems that have greater focus on human and machine interface, so that not only are they more capable, but they’re more operable. It’s on us to reduce complexity so that sailors can train to, operate and maintain complex capabilities in a contested environment.”
To that end, the Navy is taking steps such as launching the Information Warfighting Development Center, analogous to similar warfare development commands in areas such as aviation. The IWDC’s mission is to create integrated doctrine to tie information warfare with the other domains and disciplines, and to train sailors in advanced information warfare tactics, techniques and procedures [TTPs].
“One of the most important things we’ve done in the past two years is stand up the Navy IWDC,” said Vice Adm. Jan Tighe, director, naval intelligence and deputy chief of naval operations for information warfare.
“It’s not enough for us to sit up here at the Pentagon and think about what’s the workforce that we’re going to need, think about the capabilities we need to arm them with. But the connective tissue ultimately gets down to how are we going to train them, what are the TTPs that they must use to take advantage of these things and even feedback into the requirements process of what is it that we’re missing, because it’s where the rubber meets the road and how you apply those techniques and capabilities. That organization is our first step in codifying those TTPs, [concepts of operations] and allowing the flow back into the requirements process in a more mature way.”
The Navy is also standing up information warfare training groups in Norfolk, Virginia, and San Diego, California, providing carrier strike and amphibious readiness groups with training in communications, cyber operations, electronic warfare and space. The training will apply to sailors deploying on ships and in aircraft squadrons to integrate those functions into their core missions, Gilday said.
“They go through some high-end training before they’re certified to deploy,” he said. “So, we’re including information warfare training as part of that that training and certification. The common theme here is integration, whether it’s a warfare development piece, whether it’s a training piece, whether it’s the organization piece.”