Disclaimer: The information contained herein is not current U.S. doctrine or policy and is not meant to supersede doctrine, commander’s guidance, or established unit standard operating procedures. Examine and use the information in light of your mission, the operational environment, the Law of Armed Conflict, and other situational factors. This document does not constitute the provision of additional information or the approval of additional information upon request. Distribution Statement: Requests for this document shall be referred to the Asymmetric Warfare Group, Fort Meade, MD 20755. Contents INTRODUCTION ............................................................................................ V FIRST DREAM .............................................................................................. 1 The Battle ............................................................................................... 5 The Aftermath .......................................................................................... 8 SECOND DREAM ........................................................................................ 10 The Battle ............................................................................................. 15 The Aftermath ........................................................................................ 18 THIRD DREAM ............................................................................................ 20 The Battle ............................................................................................. 26 The Aftermath ........................................................................................ 29 FOURTH DREAM ......................................................................................... 31 The Battle ............................................................................................. 35 The Aftermath ........................................................................................ 39 FIFTH DREAM ............................................................................................ 41 The Battle ............................................................................................. 45 The Aftermath ........................................................................................ 48 SIXTH DREAM ............................................................................................ 50 The Battle ............................................................................................. 55 The Aftermath ........................................................................................ 57 Figures Armored Brigade Combat Team ..................................................................... 2 Dream 1 Scenario ........................................................................................ 4 Army Battle Command System ...................................................................... 6 Stryker Brigade Combat Team ..................................................................... 12 Soldier Communicating Home with Cell Phone .............................................. 14 Dream 2 Scenario ...................................................................................... 15 Dream 2 Follow-on Scenario........................................................................ 18 Infantry Brigade Combat Team .................................................................... 22 Dream 3 Scenario ...................................................................................... 27 Dream 4 Scenario ...................................................................................... 36 Soldier with UAV ......................................................................................... 37 Polish Woman Speaks Out Againts Americans .............................................. 38 Pira Delal Bridge ........................................................................................ 42 Residents Would Rather Watch TV Than Protest ........................................... 47 Dream 6 Scenario ...................................................................................... 56 v Introduction “The Defense of Battle Position Duffer” is a visualization of how leaders might integrate the increasingly vital cyber domain into tactical operations in a modern Brigade Combat Team (BCT). The intent is to stimulate thought and debate across the Army with a readable, entertaining, and hopefully provocative glimpse at the business of cyberwarfare and related topics—electromagnetic warfare, spectrum management, operational security, social media, information operations, and others. Much has been written on this topic, but virtually all of it has addressed the cyber domain at the national, policy, strategic, and operational levels. This work is focused on brigade and below. Robert R. Leonhard, Ph.D. Lieutenant Colonel (Retired), U.S. Army The Johns Hopkins University Applied Physics Laboratory September 28, 2016 1 First Dream “The art of war teaches us to rely not...on the chance of his not attacking, but rather on the fact that we have made our position unassailable.” —Sun Tzu “The nations, of course, that are most at risk of a destructive digital attack are the ones with the greatest connectivity.” —Kim Zetter “Jest send in your Chief an’ surrender; it’s worse if you fights or you runs: You may hide in the caves, they’ll be only your graves, but you can’t get away from the guns!” —Rudyard Kipling The professor walked into the classroom, and I knew I was doomed. Without a glance in our direction, he jammed a USB into the desktop at the front of the room, and a few seconds later, I was looking at the projection of his “Strategic Theory” presentation. My blood ran cold when I looked at the lower left portion of the screen. “Slide 1 of 243.” My name is Colonel Backsight Forethought V, and I was officially halfway through my year at the Army War College. Each day I found myself more and more excited as I anticipated taking command of a Brigade Combat Team (BCT) and less and less enthusiastic for class. To add to my consternation this particular morning, I had dropped my large coffee onto the sidewalk just before class. Deprived of my morning caffeine, I knew I would be fighting to stay awake as Dr. Ether Lipz began his lecture. I come from a long line of soldiers. My parents are of British descent, and my father served as an American Army officer during the Cold War. He commanded in both Operations Just Cause and Desert Storm. My grandfather fought in the Korean War as a tank commander. My great-grandfather served in both world wars. And my great-great-grandfather—the senior Backsight Forethought—was a British infantry officer who fought in the Boer War. He died in his sleep at a ripe old age. Twenty minutes into the lecture, Dr. Lipz was explaining the Greek etymology of the word “strategy,” when I noticed that he was still on slide 1. Determined to stay awake, I began to perform silent eye exercises, looking from the slide to the clock, 2 Armored Brigade Combat Team to the window, to my classmates, back to the clock, and out the window again. As I slumped imperceptibly forward, the scene outside began to morph from a sultry Pennsylvania morning to a windswept desert setting. I was feeling numb and confused, and as I stared incredulously out the window, at a distance I recognized what appeared to be the Whale Gap. Suddenly I found myself standing on a hilltop at the National Training Center in Fort Irwin, California. But it was clear to me in my dream that this was a real battle, not a training exercise. The terrain, though similar to Fort Irwin, was different: there were highways, secondary roads, and towns and villages dotting the desert landscape. A short, bald, wiry man was standing next to me—Brigadier General A. Chewing, who I somehow knew was the Assistant Division Commander for Maneuver. “What are your questions, Colonel Forethought?” he asked. I looked at him and was about to offer a lot of questions, starting with “What’s going on here?” but my dream-memory kicked in, and I realized that I had just 3 been given a mission to defend with my Armor Brigade Combat Team (ABCT). The scenario described my outfit as part of a joint task force that had conducted a force entry to seize and secure a critical port. Soon the World-Class opposing force (OPFOR), disguised as Krasnovians, would be crashing into my forces to try to take back the city to my rear. My task was to defeat the enemy regiment’s attack, and my purpose was to secure the arrival of the rest of the joint task force prior to its offen- sive operations. I had gone forward into the battle zone, to the forward edge of our main posi- tion—Battle Position Duffer—with the Assistant Division Commander – Maneuver (ADC-M) and the division staff to receive my orders briefing, and my own subor- dinate commanders would soon be on site. Meanwhile, my combat vehicles were preparing to road-march from the port to get into position. The enemy would be able to commit up to a reinforced mechanized regiment against my defense within the next 72 hours, and with my battle staff, I had deter- mined that there were two primary high-speed avenues of approach that I would have to worry about—one to the north, and the other to the south. The northern route included only secondary roads and was dotted with several small villages and a larger town. The southern route was centered on Highway 8 that led directly to the port. My staff and I agreed that the southern avenue of approach was both more dangerous and more likely to be the enemy’s route of attack. I therefore designated my best Combined Arms Battalion (CAB) as my main effort and positioned them squarely on the highway and its environs. I reinforced that main effort with an extra tank company and dedicated most of my fire support and air defense there as well. The CAB in the north would initially be a supporting effort, but I was aware that a clever enemy commander might employ the secondary avenue of approach as his main effort, so I planned and rehearsed a shift of my combat power to the north just in case. I would count upon my organic artillery to weight my main effort and do a lot of the precision destruction of the enemy attackers. My artillery battalion’s 155-mm Excalibur rounds, along with my multiple launch rocket system (MLRS) guided rockets gave me unprecedented precision, which in turn would help me protect against collateral damage. My Brigade Cavalry Squadron was already moving into position to screen the brigade’s front and gain early warning of the enemy’s impending attack. In surveying my new command, I was justifiably proud of my Brigade Tactical Operations Center (TOC). It was an impressive installation, packed full of expert staff that would translate my commander’s intent into synchronized plans and orders. In my pre-command education, I had learned of the importance of the emerging business of cyberwarfare. Combining it with electromagnetic warfare and the mysterious information operations, I knew that a savvy enemy might be able 4 to pull some tricks that would give them the advantage. Of course, I recognized that all that cyber-stuff was echelons above me, but I hoped that whatever they were doing back at the Pentagon and the National Security Administration would work to my benefit. In the meantime, I decided to add a Cyber-and-Electromagnetic Activity wing to my TOC, just in case. (I thought that was a jolly clever innovation on my part.) I also warned my Brigade S-6, Major Annette Work, to see to our cyber defenses. She seemed puzzled but nodded her compliance. With my tour of the TOC nearly complete, I prepared to depart to inspect the key engagement areas that my battalion task forces would use to destroy the Krasnovi- ans. Just as I was leaving, I heard a spirited argument, and the next moment I saw my Brigade Chaplain, Major Ortho Doxie, emerge from around a corner, red-faced and boiling mad. Behind him stalked my Brigade Legal Officer, Captain Sue M. Alle, equally perturbed. Major Doxie stopped in front of me with his fists on his hips. “Sir, will you please inform your legal officer that ‘human’ is a dimension, not a domain?” Dream 1 Scenario 5 “No it isn’t,” chimed in Captain Alle. “It’s a domain, just like land, air, and the rest.” They both looked at me for resolution. “I tend to avoid theological debate,” I intoned, waving them off. But their tiff reminded me to have our Brigade Facebook page updated with our latest news, so that the families back home would be reassured that all was well. This was part of my effort to fortify the morale of my troops. I think it’s important to allow the soldiers to use their cell phones to keep in touch with their families, but only when off-duty. I also reiterated the importance of not communicating classified informa- tion, including our location and mission. I spent the rest of the day and most of the evening touring my area of responsi- bility with my subordinate commanders. I was anxious what tomorrow morning would bring, but I was also eager to demonstrate to the enemy the power of an ABCT and American joint forces. After reviewing our major contingency plans with my staff, I turned in for a few hours of sleep, setting my alarm for 0330. The Battle I arose in the darkness, dressed, and headed out to inspect my main effort. I had arranged for a quick meeting with all my commanders within sight of our primary engagement area. We spent a few hurried minutes catching up on the night’s activities and most recent intelligence reports. As I was moving to my HMMWV after receiving back-briefs from my task force commanders, I received word from the Brigade Support Battalion (BSB) commander that two M1A2 tanks had overheated and were disabled, causing a traffic jam just outside of the port city. Within twenty minutes, more reports came in: seven more tanks were also disabled—all of them for overheated turbine engines. Clearly, this was more than bad luck. I spent more time than I could afford discussing possible causes with our maintenance technicians and field service representatives (FSRs). It seemed inconceivable that so many tank engines had undetected mechanical flaws in them. We discovered too late that one of the contractors working in the port had fallen victim to a spear-phishing attack. He received an email announcing a company party with a link to RSVP. When he clicked on the link, it uploaded malicious soft- ware into his computer. Later, he used the same system to work on our tanks. The attack was sophisticated, and the software replicated itself by infecting any system connected to it, thus spreading through contractor computers from tank to tank. The software specifically targeted our M1A2 onboard systems, causing the engines to overheat. The attack took much of my main combat power out of the fight before 6 the battle even began. By the start of the fight, over fifty of my tanks were out of action. While I was trying to fight through that problem, the enemy conducted a preemptive attack along the northern avenue of approach. My brigade cavalry squadron was on station, despite the loss of its tanks, and our scouts had detected the earlier-than-expected enemy movement. But before they could report and develop the situation, the enemy jammed our radio frequencies. Of itself, this was not a new tactic, but in combination with a coordinated cyber-attack, it para- lyzed our command and control (C2) at the critical moment. Our Army Battle Command System (ABCS) was compromised through a clever ruse. As the battle proceeded, several operators reported flickering monitor screens, which we attributed to power interruptions or some other innocuous cause. Eventually, the problem worsened and became widespread throughout the BCT. We discovered after the battle that one of our soldiers in the TOC had found an unmarked CD-ROM disk near his computer station. Evidently, it had been placed there by one of the many contractors who contributed to the burgeoning population near our TOC. That contractor—or someone impersonating a contractor—had laid the CD inconspicuously near a work station. The disk contained software that allowed an enemy hacker—who left his moniker “Iron Man” on our computer screens—to get into the system, whereupon the enemy simply shut it down during the enemy attack. By the time we realized what was happening, the enemy regiment was already penetrat- ing my supporting effort to the north. The battle degenerated into a series of hard-fought local actions in which my soldiers’ guts and good shooting delayed and destroyed the enemy’s initial attacks. The loss of our tanks hamstrung the defense, and my CAB commanders had to innovate to try to contain the escalating fight. But the opposing commander pressed the attack Army Battle Command System Every device that emits a signal or processes software is a potential vulnerability. 7 and reinforced the threatened sectors faster than I could. He achieved a penetration before I was aware of the danger. Soon I was getting panicked reports of the bri- gade’s support area being overrun. To add to our woes, the enemy apparently jammed the Global Positioning System (GPS). The first indications came from my subordinate leaders who complained that their navigation (and hence, movement) was being slowed and disrupted by their GPS devices not working. What was worse was that our inventories of 155-mm Excalibur guided munitions and our MLRS guided rockets were rendered ineffec- tive as well. Late in the engagement, the TOC itself came under fire. Our forensic analysis began with the discovery that one of our contractors had taken a “selfie” with the TOC in the back- ground and posted it on Facebook. This was apparently enough for the enemy to work with. Just after 1000 that morning, an unmanned aerial vehicle (UAV) appeared. An artillery barrage crashed onto the site, effectively destroying most of the TOC and inflicting many casualties. Just as medical evacuation got underway, a second UAV performed a kamikaze attack on the ambulances, wreaking yet more havoc. Clearly my failure to set and enforce a policy of cell phone discipline, in addition to the vulnerability of a large, immobile TOC, contributed to the catastrophe. I found out later that even before the fight had begun, soldiers throughout the BCT were panicking because of a series of confusing and contradictory messages from home. Hackers had gotten into our Brigade Facebook page and announced the deaths of several soldiers. The reports were untrue, but it set off a wave of urgent phone calls, and the rear detachment commander, Major Derriere, was soon swamped with demands for information. Even worse, pictures of soldiers’ spouses and children appeared on social media, including Twitter accounts, communicating death threats. My soldiers went into battle uncertain of what was going on back home, and worried about their loved ones. The commander must be able to see and understand the cyber domain as well as he does the land, maritime, air, and space domains. He must understand his own capabilities and shortfalls to determine his risk. Then he must get help to mitigate the risk. 8 By noon, elements of the enemy regiment had broken through to the port, and my LOCs to my support base were threatened. The combatant commander (COCOM) and Joint Task Force (JTF) commanders had implemented their contingency plans for what was now an opposed force entry operation. I was saved from hearing about their displeasure, though, because the enemy had jammed our satellite communica- tions (SATCOM) as well. The Aftermath BG Chewing notified me that he was headed to my location, so I waited and tried to remain stoic as the medical evacuation teams did their work. As I surveyed the damage and the shock of what had happened began to sink in, I contemplated a few lessons that I had learned the hard way. 1. Commanders at all echelons are responsible for all domains—including the cyberspace domain—within their areas of responsibility. Don’t assume it’s “echelons above me.” 2. Every device is a potential vulnerability. American warfighting tradition includes the ability to exploit technological advantage. But every piece of equipment that emits a signature or processes software can become a staging area for enemy attack. 3. When contemplating threats within cyberspace and the electromagnetic spectrum, Anticipate-Withstand-Recover-Evolve. Anticipate how the enemy might attack your systems, and prepare to detect such attacks on a timely basis. Withstand those attacks by being ready to work around and through problems. Recover from attacks by preparing ahead of time and communicating throughout the command as problems appear. Evolve through lessons learned and adapt to cyberwarfare faster than the enemy. 4. A CP that gets destroyed is worse than useless. No matter how much C2 capability a TOC or CP can theoretically produce, if its size, immobility, and signature invite enemy artillery or airstrikes, it will be destroyed. 5. Cell phones introduce a plethora of vulnerabilities to the mission and troops. The commander must control their use. 6. Enemy forces will seek to demoralize our forces through attacks on our vulnerable rear—and this includes the use of social media to attack family members. The ADC-M’s vehicle pulled to a halt in a cloud of dust, and I saw General Chew- ing striding up the embankment toward me. Anticipating his tirade, I nonetheless 9 saluted him in resignation. To my surprise, he didn’t say a word. Instead, he walked right up to me, hauled back and punched me in the forehead! I jolted awake in the classroom, my head having hit my desk with a resounding thump. My classmates tittered at this, and Dr. Lipz interrupted his lecture to look at what was causing the fuss. I noticed he was on Slide 2. “Hmmm, I suppose it’s time for a break,” he intoned. “Perhaps Colonel Fore- thought can avail himself of some of our fine coffee before we reassemble.” 10 Second Dream “Threat groups populate the complex operational environment of current and future- armed conflict. Threat groups include nation-state militaries, insurgent organizations, transnational criminal organizations, and terrorist groups. These threat groups may align themselves based on mutual goals and common interests. As a result, the BCT commander must prepare to defeat a complicated and often shifting array of enemies and threats.” —FM 3-96 “Although it is a man-made domain, cyberspace is now as relevant a domain for DoD activities as the naturally occurring domains of land, sea, air, and space.” —2010 Quadrennial Defense Review “Now this is the Law of the Jungle—as old and as true as the sky; And the Wolf that shall keep it may prosper, but the Wolf that shall break it must die. As the creeper that girdles the tree trunk, the Law runneth forward and back; For the strength of the Pack is the Wolf, and the strength of the Wolf is the Pack.” —Rudyard Kipling I reentered the classroom armed with a full cup of coffee. Dr. Lipz was eyeing me with disapproval as I made my way to my desk, but I was determined to stay awake this time. I saw it as a hopeful sign that during the break he had advanced to Slide 3, which was replete with Sun Tzu quotes. But as I lovingly turned my coffee cup in my hand, panic seized me. I saw orange lettering encircling the Styrofoam that I had not noticed before: Decaffeinated. I struggled to keep from hyperventilating as Dr. Lipz resumed his lecture. I would have to last fifty more minutes before relief, and I girded myself for the epic strug- gle. I knew that there was no obstacle that I could not surmount through resolution and strength. Dr. Lipz began to explain the agrarian age context for interpreting the semi-legendary figure of Sun Tzu, and I was instantly asleep. I found myself once again standing with the ADC-M, BG A. Chewing, who had just concluded his briefing on the upcoming defensive operation. I remembered the six lessons I had learned in the last dream, even though the details of the first battle were fading from my mind. Still, I figured that since I was back at the beginning of the battle, I would have the advantage this time. That’s when I noticed the trees. I looked around in confusion. The terrain was different. Instead of a desert set- ting, I was surrounded by thick woods. I soon learned as well that I was no longer 11 in command of an ABCT, but a Stryker Brigade Combat Team (SBCT). We were still defending a port, but this time against a different enemy force! “Something wrong, Colonel?” BG Chewing inquired. “Everything’s changed!” I cried. “The battle reset, but everything is different!” “Yep.” “But that’s not fair!” I protested. “Fair?” Chewing asked, as if I had used a word with which he was not familiar. “My great-great grandfather—the original Backsight Forethought Senior—also fought a series of dream battles. But each time he dreamed, the scenario reset to the same exact battle,” I explained. “Here, you can read about it.” I handed him my copy of The Defence of Duffer’s Drift He riffled through it, visibly unimpressed. “How quaint,” he remarked, handing the book back to me. I stuffed it into my duff pocket. “Welcome to the twenty-first century, kiddo,” he said. “The environment is always changing. The enemy is always evolving.” I frowned. “Instead of whining about it, how about if we focus on adapting faster than the enemy, hmm?” I grunted my assent, and the general departed. My dream-enhanced mission memory returned, and I realized I was in command of an SBCT with the task of defeating the enemy’s attack for the purpose of turning them southward into the JTF’s main effort defense. After they expended themselves on that, the JTF commander would launch his counterattack with the intent of routing the enemy and seizing the capital city. It was imperative that the bad guys not break through the two avenues of approach I was guarding. I prepared to conduct a reconnaissance with my senior leaders, but I had informed the S-3 and the BSB commander that I wanted to ensure the security of our vehicle onboard systems against cyber-attack, especially because we had drawn some of our combat vehicles from prepositioned stock. I ordered my team to conduct a shakeout road march and live fire for each system—vehicle by vehicle—as soon as each was ready. Once each vehicle system was verified, it would be released to the gaining command. I also worked with the JTF staff and requested additional man- 12 datory training for all FSRs regarding the threat of phishing attacks. I urged them to close down all public facing websites. As anticipated, we discovered that a handful of combat vehicles experienced overheating. The BSB commander had, per my instructions, obtained a “software systems remediation team”, cobbled together from the Corps Support Command. They were on station as the vehicles performed their shakeout march, and they quickly detected malicious software. They were forced to restore the vehicles to an earlier version of onboard software, and I was concerned that that might cascade into compatibility issues later on, but it was the best we could do for now. I had also instructed the XO, S-2, and S-3 to pare down the size of the Brigade TOC. Instead of loading everything into one extended site, they selectively left portions of the command structure back in the corps rear with redundant com- munications and networking. The TOC was now about half the original size, and I ordered it to jump and relocate before the anticipated attack. Several officers and non-commissioned officers (NCOs) grumbled to me that moving like that disrupted their ability to maintain situation awareness. I told them I understood their concern. Then I ordered them to jump again. Stryker Brigade Combat Team