The cyber paradox: As connecting devices has created awareness and speed, denial to those processes can create chaos.
The advent of networked systems and cyberwarfare has led military commands to begin training and planning for operations without them in the case an adversary denies them.
“We look to segment and protect in various defense in depth ways, that involves three things; people, processes and technology,” Rear Adm. Danelle Barrett, Navy Cyber Security Division Director, said during an Oct. 27 panel hosted by AFCEA’s DC chapter. “It’s not all technology … You focus on the leadership first and foremost; how does a leader understand if I have to ask you to do without, what is my plan for execution.”
Barrett noted that the Navy is trying to educate commanders to think about courses of action in the event their access to networks or infrastructure ― such as supervisory control and data acquisition or industrial control systems ― are denied by adversaries.
“I’m not talking do without for a couple hours in a power outage, I’m talking Puerto Rico-level do without. What if you were without for a month, how are you going to execute your no-fail mission,” she said.
Commanders, she added, need to understand that is possibility and have a plan ready to execute.
How can the Navy fight through the hurt, she said is their mantra.
“You have to understand what are my no-fail missions ― and I don’t mean my cyber missions, it might be [ballistic missile defense] today, it may be humanitarian, disaster relief … tomorrow,” she said. “What is the critical cyber terrain that supports those missions that cannot fail. That includes the control systems and ICS.”
“A lot of times [commanders will] think about it in terms of I don’t have my network for a couple of hours or I may have portions of it,” Barrett told Fifth Domain following the panel. “The message I’m trying to relay is you may have none of it and it may be for longer than you originally anticipated … If you haven’t worked out those processes of what you’re going to do what and if that happens, and think of Puerto Rico, no power for a month, think of that. That’s not adversary driven but what if it was and what do you do about that.”
While some of the answers might not be ideal, such as paper spreadsheets, at least they’ll have a plan and be prepared to execute their mission if denied. “Mission assurance is the key,” she said.
This is true across the military as well as the private sector. As adversaries seek to jam and block U.S. signals, the military is trying to develop redundant systems in cyber- or GPS-degraded or denied environments.
[No GPS signal, no problem: Army works on ops in denied regions]
Famously, after Sony was sacked with a massive cyberattack in 2014 attributed to North Korea that created physical damage to their computing infrastructure, employees were forced to do business with pen and paper again.
The Naval Academy has even begun reteaching celestial navigation using tools like sextants.
[Naval Academy reinstates celestial navigation]
“That’s a perfect example,” Barrett said. “They took off celestial navigation as a training requirement for ROTC units and Naval Academy. It’s back on now because you’ve got to be able to shoot the sextant … and operate. Again it’s mission assurance.
“What are those elements you can’t fail on, whether it’s navigation, launching weapons, medical, whatever it happens to be for your readiness and then figure out how you have to workaround,” she told Fifth Domain.
In terms of how this manifests itself, Barrett said the Navy is doing some educational trainings, noting she briefed new flag officers in a training on this on Oct. 26. They do it for people going to commanding officer school, as well.
“It’s not just the operations mission afloat, it’s whatever your operational mission is; you may be medical, you maybe [Naval Facilities Engineering Command]. All of those contribute to our readiness so they’re all equally critical,” she said.
The hope is that eventually, commanders will incorporate these contingencies into their campaign plans.
They’re beginning with the commanders because they will implement orders down from the highest levels to the local ships and installations, but, Barrett added, “basic training for surface warfare officer, for Navy leaders, for everybody is starting to include more cyber elements.”
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.