Disclaimer: The information contained herein is not current U.S. doctrine or policy and is not meant to supersede doctrine, commander’s guidance, or established unit standard operating procedures. Examine and use the information in light of your mission, the operational environment, the Law of Armed Conflict, and other situational factors. This document does not constitute the provision of additional information or the approval of additional information upon request. Distribution Statement: Requests for this document shall be referred to the Asymmetric Warfare Group, Fort Meade, MD 20755. Contents INTRODUCTION............................................................................................. V FIRST DREAM...............................................................................................1 The Battle................................................................................................5 The Aftermath...........................................................................................8 SECOND DREAM......................................................................................... 10 The Battle.............................................................................................. 15 The Aftermath.........................................................................................18 THIRD DREAM............................................................................................. 20 The Battle.............................................................................................. 26 The Aftermath......................................................................................... 29 FOURTH DREAM.......................................................................................... 31 The Battle.............................................................................................. 35 The Aftermath......................................................................................... 39 FIFTH DREAM............................................................................................. 41 The Battle..............................................................................................45 The Aftermath.........................................................................................48 SIXTH DREAM............................................................................................. 50 The Battle.............................................................................................. 55 The Aftermath......................................................................................... 57 Figures Armored Brigade Combat Team......................................................................2 Dream 1 Scenario.........................................................................................4 Army Battle Command System.......................................................................6 Stryker Brigade Combat Team......................................................................12 Soldier Communicating Home with Cell Phone............................................... 14 Dream 2 Scenario....................................................................................... 15 Dream 2 Follow-on Scenario.........................................................................18 Infantry Brigade Combat Team..................................................................... 22 Dream 3 Scenario....................................................................................... 27 Dream 4 Scenario....................................................................................... 36 Soldier with UAV.......................................................................................... 37 Polish Woman Speaks Out Againts Americans............................................... 38 Pira Delal Bridge......................................................................................... 42 Residents Would Rather Watch TV Than Protest............................................ 47 Dream 6 Scenario....................................................................................... 56 Introduction “The Defense of Battle Position Duffer” is a visualization of how leaders might integrate the increasingly vital cyber domain into tactical operations in a modern Brigade Combat Team (BCT). The intent is to stimulate thought and debate across the Army with a readable, entertaining, and hopefully provocative glimpse at the business of cyberwarfare and related topics—electromagnetic warfare, spectrum management, operational security, social media, information operations, and others. Much has been written on this topic, but virtually all of it has addressed the cyber domain at the national, policy, strategic, and operational levels. This work is focused on brigade and below. Robert R. Leonhard, Ph.D. Lieutenant Colonel (Retired), U.S. Army The Johns Hopkins University Applied Physics Laboratory September 28, 2016 v First Dream “The art of war teaches us to rely not…on the chance of his not attacking, but rather on the fact that we have made our position unassailable.” —Sun Tzu “The nations, of course, that are most at risk of a destructive digital attack are the ones with the greatest connectivity.” —Kim Zetter “Jest send in your Chief an’ surrender; it’s worse if you fights or you runs: You may hide in the caves, they’ll be only your graves, but you can’t get away from the guns!” —Rudyard Kipling The professor walked into the classroom, and I knew I was doomed. Without a glance in our direction, he jammed a USB into the desktop at the front of the room, and a few seconds later, I was looking at the projection of his “Strategic Theory” presentation. My blood ran cold when I looked at the lower left portion of the screen. “Slide 1 of 243.” My name is Colonel Backsight Forethought V, and I was officially halfway through my year at the Army War College. Each day I found myself more and more excited as I anticipated taking command of a Brigade Combat Team (BCT) and less and less enthusiastic for class. To add to my consternation this particular morning, I had dropped my large coffee onto the sidewalk just before class. Deprived of my morning caffeine, I knew I would be fighting to stay awake as Dr. Ether Lipz began his lecture. I come from a long line of soldiers. My parents are of British descent, and my father served as an American Army officer during the Cold War. He commanded in both Operations Just Cause and Desert Storm. My grandfather fought in the Korean War as a tank commander. My great-grandfather served in both world wars. And my great-great-grandfather—the senior Backsight Forethought—was a British infantry officer who fought in the Boer War. He died in his sleep at a ripe old age. Twenty minutes into the lecture, Dr. Lipz was explaining the Greek etymology of the word “strategy,” when I noticed that he was still on slide 1. Determined to stay awake, I began to perform silent eye exercises, looking from the slide to the clock, 1 to the window, to my classmates, back to the clock, and out the window again. As I slumped imperceptibly forward, the scene outside began to morph from a sultry Pennsylvania morning to a windswept desert setting. I was feeling numb and confused, and as I stared incredulously out the window, at a distance I recognized what appeared to be the Whale Gap. Suddenly I found myself standing on a hilltop at the National Training Center in Fort Irwin, California. But it was clear to me in my dream that this was a real battle, not a training exercise. The terrain, though similar to Fort Irwin, was different: there were highways, secondary roads, and towns and villages dotting the desert landscape. A short, bald, wiry man was standing next to me—Brigadier General A. Chewing, who I somehow knew was the Assistant Division Commander for Maneuver. “What are your questions, Colonel Forethought?” he asked. I looked at him and was about to offer a lot of questions, starting with “What’s going on here?” but my dream-memory kicked in, and I realized that I had just Armored Brigade Combat Team 2 been given a mission to defend with my Armor Brigade Combat Team (ABCT). The scenario described my outfit as part of a joint task force that had conducted a force entry to seize and secure a critical port. Soon the World-Class opposing force (OPFOR), disguised as Krasnovians, would be crashing into my forces to try to take back the city to my rear. My task was to defeat the enemy regiment’s attack, and my purpose was to secure the arrival of the rest of the joint task force prior to its offen- sive operations. I had gone forward into the battle zone, to the forward edge of our main posi- tion—Battle Position Duffer—with the Assistant Division Commander – Maneuver (ADC-M) and the division staff to receive my orders briefing, and my own subor- dinate commanders would soon be on site. Meanwhile, my combat vehicles were preparing to road-march from the port to get into position. The enemy would be able to commit up to a reinforced mechanized regiment against my defense within the next 72 hours, and with my battle staff, I had deter- mined that there were two primary high-speed avenues of approach that I would have to worry about—one to the north, and the other to the south. The northern route included only secondary roads and was dotted with several small villages and a larger town. The southern route was centered on Highway 8 that led directly to the port. My staff and I agreed that the southern avenue of approach was both more dangerous and more likely to be the enemy’s route of attack. I therefore designated my best Combined Arms Battalion (CAB) as my main effort and positioned them squarely on the highway and its environs. I reinforced that main effort with an extra tank company and dedicated most of my fire support and air defense there as well. The CAB in the north would initially be a supporting effort, but I was aware that a clever enemy commander might employ the secondary avenue of approach as his main effort, so I planned and rehearsed a shift of my combat power to the north just in case. I would count upon my organic artillery to weight my main effort and do a lot of the precision destruction of the enemy attackers. My artillery battalion’s 155-mm Excalibur rounds, along with my multiple launch rocket system (MLRS) guided rockets gave me unprecedented precision, which in turn would help me protect against collateral damage. My Brigade Cavalry Squadron was already moving into position to screen the brigade’s front and gain early warning of the enemy’s impending attack. In surveying my new command, I was justifiably proud of my Brigade Tactical Operations Center (TOC). It was an impressive installation, packed full of expert staff that would translate my commander’s intent into synchronized plans and orders. In my pre-command education, I had learned of the importance of the emerging business of cyberwarfare. Combining it with electromagnetic warfare and the mysterious information operations, I knew that a savvy enemy might be able 3 Dream 1 Scenario to pull some tricks that would give them the advantage. Of course, I recognized that all that cyber-stuff was echelons above me, but I hoped that whatever they were doing back at the Pentagon and the National Security Administration would work to my benefit. In the meantime, I decided to add a Cyber-and-Electromagnetic Activity wing to my TOC, just in case. (I thought that was a jolly clever innovation on my part.) I also warned my Brigade S-6, Major Annette Work, to see to our cyber defenses. She seemed puzzled but nodded her compliance. With my tour of the TOC nearly complete, I prepared to depart to inspect the key engagement areas that my battalion task forces would use to destroy the Krasnovi- ans. Just as I was leaving, I heard a spirited argument, and the next moment I saw my Brigade Chaplain, Major Ortho Doxie, emerge from around a corner, red-faced and boiling mad. Behind him stalked my Brigade Legal Officer, Captain Sue M. Alle, equally perturbed. Major Doxie stopped in front of me with his fists on his hips. “Sir, will you please inform your legal officer that ‘human’ is a dimension, not a domain?” 4 “No it isn’t,” chimed in Captain Alle. “It’s a domain, just like land, air, and the rest.” They both looked at me for resolution. “I tend to avoid theological debate,” I intoned, waving them off. But their tiff reminded me to have our Brigade Facebook page updated with our latest news, so that the families back home would be reassured that all was well. This was part of my effort to fortify the morale of my troops. I think it’s important to allow the soldiers to use their cell phones to keep in touch with their families, but only when off-duty. I also reiterated the importance of not communicating classified informa- tion, including our location and mission. I spent the rest of the day and most of the evening touring my area of responsi- bility with my subordinate commanders. I was anxious what tomorrow morning would bring, but I was also eager to demonstrate to the enemy the power of an ABCT and American joint forces. After reviewing our major contingency plans with my staff, I turned in for a few hours of sleep, setting my alarm for 0330. The Battle I arose in the darkness, dressed, and headed out to inspect my main effort. I had arranged for a quick meeting with all my commanders within sight of our primary engagement area. We spent a few hurried minutes catching up on the night’s activities and most recent intelligence reports. As I was moving to my HMMWV after receiving back-briefs from my task force commanders, I received word from the Brigade Support Battalion (BSB) commander that two M1A2 tanks had overheated and were disabled, causing a traffic jam just outside of the port city. Within twenty minutes, more reports came in: seven more tanks were also disabled—all of them for overheated turbine engines. Clearly, this was more than bad luck. I spent more time than I could afford discussing possible causes with our maintenance technicians and field service representatives (FSRs). It seemed inconceivable that so many tank engines had undetected mechanical flaws in them. We discovered too late that one of the contractors working in the port had fallen victim to a spear-phishing attack. He received an email announcing a company party with a link to RSVP. When he clicked on the link, it uploaded malicious soft- ware into his computer. Later, he used the same system to work on our tanks. The attack was sophisticated, and the software replicated itself by infecting any system connected to it, thus spreading through contractor computers from tank to tank. The software specifically targeted our M1A2 onboard systems, causing the engines to overheat. The attack took much of my main combat power out of the fight before 5 the battle even began. By the start of the Every device that emits fight, over fifty of my tanks were out of action. a signal or processes While I was trying to fight through software is a potential that problem, the enemy conducted a preemptive attack along the northern vulnerability. avenue of approach. My brigade cavalry squadron was on station, despite the loss of its tanks, and our scouts had detected the earlier-than-expected enemy movement. But before they could report and develop the situation, the enemy jammed our radio frequencies. Of itself, this was not a new tactic, but in combination with a coordinated cyber-attack, it para- lyzed our command and control (C2) at the critical moment. Our Army Battle Command System (ABCS) was compromised through a clever ruse. As the battle proceeded, several operators reported flickering monitor screens, which we attributed to power interruptions or some other innocuous cause. Eventually, the problem worsened and became widespread throughout the BCT. We discovered after the battle that one of our soldiers in the TOC had found an unmarked CD-ROM disk near his computer station. Evidently, it had been placed there by one of the many contractors who contributed to the burgeoning population near our TOC. That contractor—or someone impersonating a contractor—had laid the CD inconspicuously near a work station. The disk contained software that allowed an enemy hacker—who left his moniker “Iron Man” on our computer screens—to get into the system, whereupon the enemy simply shut it down during the enemy attack. By the time we realized what was happening, the enemy regiment was already penetrat- ing my supporting effort to the north. The battle degenerated into a series of hard-fought local actions in which my soldiers’ guts and good shooting delayed and destroyed the enemy’s initial attacks. The loss of our tanks hamstrung the defense, and my CAB commanders had to innovate to try to contain the escalating fight. But the opposing Army Battle Command System commander pressed the attack 6 and reinforced the threatened sectors faster than I could. He achieved a penetration before I was aware of the danger. Soon I was getting panicked reports of the bri- gade’s support area being overrun. To add to our woes, the enemy apparently jammed the Global Positioning System (GPS). The first indications came from my subordinate leaders who complained that their navigation (and hence, movement) was being slowed and disrupted by their GPS devices not working. What was worse was that our inventories of 155-mm Excalibur guided munitions and our MLRS guided rockets were rendered ineffec- tive as well. Late in the engagement, the TOC itself came under fire. Our forensic The commander must analysis began with the discovery that one of our contractors had taken be able to see and a “selfie” with the TOC in the back- ground and posted it on Facebook. This understand the cyber was apparently enough for the enemy to domain as well as he work with. Just after 1000 that morning, an unmanned aerial vehicle (UAV) does the land, maritime, appeared. An artillery barrage crashed onto the site, effectively destroying air, and space domains. most of the TOC and inflicting many casualties. Just as medical evacuation He must understand his got underway, a second UAV performed own capabilities and a kamikaze attack on the ambulances, wreaking yet more havoc. Clearly my shortfalls to determine failure to set and enforce a policy of cell phone discipline, in addition to the his risk. Then he must vulnerability of a large, immobile TOC, get help to mitigate the contributed to the catastrophe. risk. I found out later that even before the fight had begun, soldiers throughout the BCT were panicking because of a series of confusing and contradictory messages from home. Hackers had gotten into our Brigade Facebook page and announced the deaths of several soldiers. The reports were untrue, but it set off a wave of urgent phone calls, and the rear detachment commander, Major Derriere, was soon swamped with demands for information. Even worse, pictures of soldiers’ spouses and children appeared on social media, including Twitter accounts, communicating death threats. My soldiers went into battle uncertain of what was going on back home, and worried about their loved ones. 7 By noon, elements of the enemy regiment had broken through to the port, and my LOCs to my support base were threatened. The combatant commander (COCOM) and Joint Task Force (JTF) commanders had implemented their contingency plans for what was now an opposed force entry operation. I was saved from hearing about their displeasure, though, because the enemy had jammed our satellite communica- tions (SATCOM) as well. The Aftermath BG Chewing notified me that he was headed to my location, so I waited and tried to remain stoic as the medical evacuation teams did their work. As I surveyed the damage and the shock of what had happened began to sink in, I contemplated a few lessons that I had learned the hard way. 1. Commanders at all echelons are responsible for all domains—including the cyberspace domain—within their areas of responsibility. Don’t assume it’s “echelons above me.” 2. Every device is a potential vulnerability. American warfighting tradition includes the ability to exploit technological advantage. But every piece of equipment that emits a signature or processes software can become a staging area for enemy attack. 3. When contemplating threats within cyberspace and the electromagnetic spectrum, Anticipate-Withstand-Recover-Evolve. Anticipate how the enemy might attack your systems, and prepare to detect such attacks on a timely basis. Withstand those attacks by being ready to work around and through problems. Recover from attacks by preparing ahead of time and communicating throughout the command as problems appear. Evolve through lessons learned and adapt to cyberwarfare faster than the enemy. 4. A CP that gets destroyed is worse than useless. No matter how much C2 capability a TOC or CP can theoretically produce, if its size, immobility, and signature invite enemy artillery or airstrikes, it will be destroyed. 5. Cell phones introduce a plethora of vulnerabilities to the mission and troops. The commander must control their use. 6. Enemy forces will seek to demoralize our forces through attacks on our vulnerable rear—and this includes the use of social media to attack family members. The ADC-M’s vehicle pulled to a halt in a cloud of dust, and I saw General Chew- ing striding up the embankment toward me. Anticipating his tirade, I nonetheless 8 saluted him in resignation. To my surprise, he didn’t say a word. Instead, he walked right up to me, hauled back and punched me in the forehead! I jolted awake in the classroom, my head having hit my desk with a resounding thump. My classmates tittered at this, and Dr. Lipz interrupted his lecture to look at what was causing the fuss. I noticed he was on Slide 2. “Hmmm, I suppose it’s time for a break,” he intoned. “Perhaps Colonel Fore- thought can avail himself of some of our fine coffee before we reassemble.” 9 Second Dream “Threat groups populate the complex operational environment of current and future- armed conflict. Threat groups include nation-state militaries, insurgent organizations, transnational criminal organizations, and terrorist groups. These threat groups may align themselves based on mutual goals and common interests. As a result, the BCT commander must prepare to defeat a complicated and often shifting array of enemies and threats.” —FM 3-96 “Although it is a man-made domain, cyberspace is now as relevant a domain for DoD activities as the naturally occurring domains of land, sea, air, and space.” —2010 Quadrennial Defense Review “Now this is the Law of the Jungle—as old and as true as the sky; And the Wolf that shall keep it may prosper, but the Wolf that shall break it must die. As the creeper that girdles the tree trunk, the Law runneth forward and back; For the strength of the Pack is the Wolf, and the strength of the Wolf is the Pack.” —Rudyard Kipling I reentered the classroom armed with a full cup of coffee. Dr. Lipz was eyeing me with disapproval as I made my way to my desk, but I was determined to stay awake this time. I saw it as a hopeful sign that during the break he had advanced to Slide 3, which was replete with Sun Tzu quotes. But as I lovingly turned my coffee cup in my hand, panic seized me. I saw orange lettering encircling the Styrofoam that I had not noticed before: Decaffeinated. I struggled to keep from hyperventilating as Dr. Lipz resumed his lecture. I would have to last fifty more minutes before relief, and I girded myself for the epic strug- gle. I knew that there was no obstacle that I could not surmount through resolution and strength. Dr. Lipz began to explain the agrarian age context for interpreting the semi-legendary figure of Sun Tzu, and I was instantly asleep. I found myself once again standing with the ADC-M, BG A. Chewing, who had just concluded his briefing on the upcoming defensive operation. I remembered the six lessons I had learned in the last dream, even though the details of the first battle were fading from my mind. Still, I figured that since I was back at the beginning of the battle, I would have the advantage this time. That’s when I noticed the trees. I looked around in confusion. The terrain was different. Instead of a desert set- ting, I was surrounded by thick woods. I soon learned as well that I was no longer 10 in command of an ABCT, but a Stryker Brigade Combat Team (SBCT). We were still defending a port, but this time against a different enemy force! “Something wrong, Colonel?” BG Chewing inquired. “Everything’s changed!” I cried. “The battle reset, but everything is different!” “Yep.” “But that’s not fair!” I protested. “Fair?” Chewing asked, as if I had used a word with which he was not familiar. “My great-great grandfather—the original Backsight Forethought Senior—also fought a series of dream battles. But each time he dreamed, the scenario reset to the same exact battle,” I explained. “Here, you can read about it.” I handed him my copy of The Defence of Duffer’s Drift. He riffled through it, visibly unimpressed. “How quaint,” he remarked, handing the book back to me. I stuffed it into my duff pocket. “Welcome to the twenty-first century, kiddo,” he said. “The environment is always changing. The enemy is always evolving.” I frowned. “Instead of whining about it, how about if we focus on adapting faster than the enemy, hmm?” I grunted my assent, and the general departed. My dream-enhanced mission memory returned, and I realized I was in command of an SBCT with the task of defeating the enemy’s attack for the purpose of turning them southward into the JTF’s main effort defense. After they expended themselves on that, the JTF commander would launch his counterattack with the intent of routing the enemy and seizing the capital city. It was imperative that the bad guys not break through the two avenues of approach I was guarding. I prepared to conduct a reconnaissance with my senior leaders, but I had informed the S-3 and the BSB commander that I wanted to ensure the security of our vehicle onboard systems against cyber-attack, especially because we had drawn some of our combat vehicles from prepositioned stock. I ordered my team to conduct a shakeout road march and live fire for each system—vehicle by vehicle—as soon as each was ready. Once each vehicle system was verified, it would be released to the gaining command. I also worked with the JTF staff and requested additional man- 11 datory training for all FSRs regarding the threat of phishing attacks. I urged them to close down all public facing websites. As anticipated, we discovered that a handful of combat vehicles experienced overheating. The BSB commander had, per my instructions, obtained a “software systems remediation team”, cobbled together from the Corps Support Command. They were on station as the vehicles performed their shakeout march, and they quickly detected malicious software. They were forced to restore the vehicles to an earlier version of onboard software, and I was concerned that that might cascade into compatibility issues later on, but it was the best we could do for now. I had also instructed the XO, S-2, and S-3 to pare down the size of the Brigade TOC. Instead of loading everything into one extended site, they selectively left portions of the command structure back in the corps rear with redundant com- munications and networking. The TOC was now about half the original size, and I ordered it to jump and relocate before the anticipated attack. Several officers and non-commissioned officers (NCOs) grumbled to me that moving like that disrupted their ability to maintain situation awareness. I told them I understood their concern. Then I ordered them to jump again. Stryker Brigade Combat Team 12 The Brigade TOC and other command posts (CPs) were also defended more vig- orously. Contractors were more closely supervised and instructed that all software and hardware was to be labeled and accounted for at all times. Unattended and unmarked items would be confiscated, and no one was to make use of unmarked or untested software. I wanted to ensure this time that I maintained constant visibility of what was going on throughout my command, and it wouldn’t do to have the C2 system crash again. I was satisfied with our new efficiency, but as I completed my inspection, I heard a vicious argument break out. I spotted the Brigade Chaplain, Major Doxie, and Captain Alle, the Brigade Legal Officer, and jumped between them just as they were about to resort to fisticuffs. “What the devil is going on here?” I demanded. Major Doxie was fuming. “I was trying to explain to this…person…that cyberwarfare is a subset of informa- tion operations, sir.” “And I was trying to improve the Major’s obviously deficient education,” explained Captain Alle, “by explaining Just as the battle staff that information warfare is a subset of cyber operations.” prepares a Modified They glared at each other. Combined Obstacle “I can see this is important to you, so Overlay (MCOO) to I’ll leave you to it,” I said. “But no more understand the terrain, shouting, and no violence!” I spent most of the day inspecting so also the S-2, S-6, engagement areas and in the afternoon and S-3 should prepare I stood with my main effort CAB commander atop Battle Position Duffer, a “Cyber-MCOO” to help from where I hoped to put an end to the enemy main body. I had shaped the the commander visualize defense to disrupt the enemy planned the cyber domain. attack and drive them into our key engagement areas, where I intended to mass and synchronize our fires. I wanted to achieve control of the pace of the battle, as I had failed to do in the first dream. 13 To address potential enemy threats to our troops’ families, I had instructed the rear detachment commander, Major Derriere, to ensure that all families and com- munity leaders accept only reports that emanated from his office. Of course we knew that enemy agents or even non-state troublemakers might send messages over social media anyway, but Major Derriere held frequent meetings and went through a series of demonstrations for family members to show them what attacks and threats might look like. He also gave classes on personal safety measures, including the avoidance of discussing their soldiers’ deployment and posting photos of themselves. The Brigade Facebook page was taken down as a precaution. In its place, the major maintained a Twitter account, but, working with the Family Senior Advisor, he reiterated that no casualties would be reported through it, and that he would Tweet updates at predesignated times. My soldiers and contrac- tors still had cell phones, but I had issued specific written guidance on their use, including forbidding photos anywhere within the brigade area of operation. I discussed with the XO, LTC Phil Conners, my S-2, S-3, and S-6 the need to better visualize the cyber domain. Though still nagged by my presup- position that much of the cyber-world was echelons above me, I remembered Soldier Communicating Home with Cell Phone from the first dream that the BCT must treat the cyber domain as it does the land, maritime, air, and space domains. We must first understand it as best we can. We must likewise comprehend what capabilities we can bring to bear, and what we must rely on higher echelons to do in support of us. Wherever we perceive shortfalls between the threat and capability, we define risk. I ordered the battle staff to sketch out the cyber 14 domain in a sort of “Cyber-MCOO.” The result was not pretty, but the exercise at least spurred us to start thinking in the right direction. The Battle The enemy began as before by jamming command radio nets, but we had anticipated that, and the BCT’s leaders had rehearsed our “PACE” (Primary-Alter- nate-Contingency-Emergency) plan. Our primary and alternate communications were over FM frequencies. Tactical satellite (TACSAT) was our contingency means of maintaining comms, and our emergency plan was to use runners and visual signals. The cavalry squadron made good use of liaison officers, landlines, and retransmission sites to alert the BCT as the attack began. It appeared that the opposing commander had intended to preempt our defenses before we were fully ready, but when enemy forces attempted to rush us along the northern of our two avenues of approach, preplanned fires stopped them dead. I had ordered our preci- sion munitions to be used, but when the enemy jammed GPS signals, the artillery battalion commander was ready with conventional rounds. Several company and troop commanders were late getting into position because, without GPS, they got lost. Hard copy maps and compasses were conspicuously absent among my subordinate leaders, and because we were unfamiliar with the Dream 2 Scenario 15 terrain, some units were out of position Our nation’s enemies when the fight started. We muddled through, in part by acquiring maps recognize American from local gas stations, but I ordered my counterattack force to rehearse their superiority in traditional movement to potential attack positions warfare and our growing and to have maps ready if needed. expertise in irregular The failure of the initial attacks gave us a bit of breathing room, but the next warfare. As a result, developments were not so auspicious. We received a message from Major they search for an Derriere that several families were reporting that their bank accounts had open flank in the cyber been hacked. We discovered later that a domain. young specialist in the S-1 section had received a phishing email over what was supposed to be a secure network. When he opened the link in the email, he inadvertently gave a hacker—who again identified himself as “Iron Man”—access to soldiers’ personal identification infor- mation (PII). The hacker either apparently used it himself or, more likely, sold it to third parties who went to work enriching themselves at our soldiers’ expense. In the meantime, I instructed my commanders to assure soldiers we were working on the problem. Whoever this “Iron Man” was, I longed to track him down and nab him. I was doubly frustrated that, as before, my Brigade TOC suffered attack. To my knowledge, there were no incriminating “selfies” this time, but the installation was still emitting tell-tale signatures that stood out like a beacon to enemy signals intelligence (SIGINT) and electronic intelligence (ELINT) operators. Once again, enemy UAVs appeared, and before the TOC could jump, enemy artillery and fol- low-on UAV strikes devastated it. I had lost a major piece of my situation awareness, and worse, I had lost soldiers. The Brigade Support Area as well as several of our battalion battle positions were likewise attacked with uncanny precision. I had inspected most of our key locations for proper camouflage, and I’d been satisfied that our troops and leaders had done their jobs well. But as we discovered afterward, the cell phones that our troops had—even when not in use—were constantly emitting signals that the enemy intercepted. Because they detected unusual density of signals in various locations, they deduced that they had found American positions and targeted them with artillery. I was beginning to view cell phones as a serious liability. The enemy’s attack proceeded more slowly this time, but as the fight developed, some of the civilian population set up roadblocks slowing our response, and a few 16 of them even fired personal weapons at our troops. I wasn’t certain whether this represented a small anti-American insurgency or whether the general population was against us, but the interference was annoying. Indeed, in the extreme northern flank, it was decisive. The enemy were using cell phones to cooperate with some civilians, who acted as deep reconnaissance, helping the enemy artillery to pinpoint our locations. A battalion of tanks broke through, turned our flank, and routed the defense in the north. After the battle, a corporal from the BSB forwarded links to Facebook pages and other social media emanating from our area of responsibility. Unknown to us, a spirited conversation about the American joint task force was proceeding before, during, and after the battle. The pages included pictures of American atrocities that turned out to be faked, along with anonymous eyewitness accounts of rape, theft, and murder, supposedly perpetrated by American soldiers. My Brigade intelligence cell had performed network analysis to identify enemy, criminal, and insurgent operations, but they concluded that the population was mostly neutral or even friendly to the intervention. Clearly, we had missed a key part of the information context within which the fight unfolded. I glanced at my copy of the Cyber-MCOO and noticed the absence of social media. Once again, my BCT had been out-flanked in the cyber domain. During the battle, the S-3 and I noticed on our ABCS that one of our tank compa- nies should have oriented on a key engagement area along the threatened flank was instead sitting idle in a village six kilometers from the action. The S-3 was unable to reach the CAB commander or the company commander, so he went there to see what was happening. When he arrived, there were no tanks to be seen. Instead, he walked into an ambush, and he was wounded in the exchange. The enemy had somehow infiltrated our system and created false position reports. It was not the only one. In fact, our CPs had misread the entire battle due to skewed position location readings. Soon, we were again getting reports of flickering screens and loss of cursor control. Later, our operators were alerted to the loss of data from the systems. The S-2 even suspected that future operation plans (OPLANS) had been com- promised. Because the cascading malfunctions had occurred slowly, we again lost time thinking it was simply software glitches instead of the cyber-attack that it actually was. Major Annette Work, the Brigade S-6, was at a loss as to how the enemy had managed to penetrate our supposedly secure network again. Her section included key specialists that should have helped me dominate the cyber domain—MOS 255S (Information Protection Technician) Warrant Officers, and the MOS 25-Series (Cyber Network Defenders, Information Systems and Satellite Systems Operators-Maintainers) and 29-Series (Electronic Warfare Specialist) Soldiers and NCOs—but they too were unable to explain. They insisted that they 17 had performed the regulatory inspections to ensure network compliance and communications maintenance, but to no avail. I began to ponder if I might be able to use their expertise to get a bit more horsepower out of my Brigade Coommand, Control, Communications, and COmputers (C4) Operations section. In the mean- time, I directed the XO to ensure the S-2 and S-6 collaborated on identifying the enemy’s cyber capabilities. I saw that I couldn’t rely only on the S-6 in matters of cyber defense. By the end of the day, fully half of the BCT was surrounded and combat ineffec- tive. The enemy broke through along the northern flank, and the JTF commander Dream 2 Follow-on Scenario had cancelled his intended counterattack, using the assets instead to retrieve my command’s failure. Frustrated, I began to realize that to unleash the full power of an Army BCT, I had to protect the force in the cyber domain as well as in the other domains. How? was the question that remained. The Aftermath As I contemplated our mission failure, I thought about what lessons I could glean from my dismal experiences. 18 7. Social media represents a key intelligence source. In most places in the world, local populations use Facebook, Twitter, or similar media. The enemy will certainly use these resources to craft a narrative in their favor. The BCT needs to use these sources to help develop situation awareness. 8. In a high cyber threat environment, the commander must assume that even the most secure networks may be vulnerable to penetration. Posi- tion location and other automated features can be useful but should not be trusted without verification. The S-2 must collaborate with the S-6 and the rest of the battle staff in estimating and anticipating enemy cyber threats, along with visualizing the entire cyber domain. 9. Cell phones are emitters. Even if used in a disciplined manner, they present targets for enemy SIGINT and ELINT. Conversely, the enemy may co-opt or provide cell phone use to mobilize resistance among civilian populations. 10. CPs, including the TOC, are vulnerable to detection even when small. To gain the benefits of C2 capabilities that such installations provide, they must have survivability as the top priority. Better to not have a TOC than to have one destroyed. 11. The enemy will target PII from deployed soldiers. Soldiers and their families must be prepared for such incidents and take measures to pre- vent them. Likewise, soldier personal information should be considered “cyber key terrain.” General Chewing arrived at my location, and he was hopping mad. I was trying to explain what went wrong when suddenly he pulled out a chainsaw. Each time I tried to talk, he pulled the switch and the chainsaw buzzed louder and louder. I couldn’t understand what he was doing, but the noise finally got so loud…that I woke up. “Colonel Forethought!” “Yes, sir,” I said, wiping the drool from my mouth. “Your snoring is distracting the other students,” Dr. Lipz announced. “Perhaps you should switch from decaf during the next break.” The laughing died down, and I trooped out of the classroom with the others. At last, it was lunch time. 19 Third Dream “The…human and political dynamics of the operational environment produce additional layers of complexity to BCT operations. As a result, the BCT commander and staff must understand the complicated relationships and the complex interactions between the various actors that produce tactical challenges and opportunities.” —FM 3-96 “If you can keep your head when all about you Are losing theirs and blaming it on you, If you can trust yourself when all men doubt you, But make allowance for their doubting too; If you can wait and not be tired by waiting, Or being lied about, don’t deal in lies, Or being hated, don’t give way to hating, And yet don’t look too good, nor talk too wise…” —Rudyard Kipling “Activists are no longer limited to sit-ins, marching with signs, giving passionate speeches, and engaging in strikes. Today, a political activist can shut down his or her target from the comfort of home by attacking a website. Or he or she can spread rumors by hacking an official news source and publishing false articles. This online activism is commonly known as ‘hacktivism.’” —Chapple and Seidl, Cyberwarfare For some reason, I made the brilliant decision to down an entire foot-long Italian sub for lunch. I settled into my seat in the classroom, and my stomach began to make gurgling noises as my digestive system pondered what to do with this spicy invasion. I had a full cup of real coffee this time, but when Dr. Ether Lipz resumed his monotone and began to wax eloquent about his dissertation on Von der Goltz, I started to panic again. The coffee wasn’t working, and my eyes began to burn. Plus, I had to pee. Fortunately, the colonel sitting in front of me had an enormous head that, if I positioned myself strategically, would hide my face from the instructor. I maneu- vered to prop my chin on my sweaty palms in a defilade posture and closed my eyes to rest them just for a moment. I calculated that I could actually attend to the lecture better if my eyes were closed, so as to avoid visual distractions. Soon I was headed for a warm and happy place… “Don’t screw this up, Colonel Forethought,” said BG Chewing. “There’s no telling what the Atlanticans might throw at you over the next few days, so you’ve got to be flexible. Any questions?” 20 “No sir!” I replied, full of questions. He departed, and I immediately noticed that I was standing atop a three-story building in an urban environment. My dream-memory began to return, and I remembered that my Infantry Brigade Combat Team (IBCT) had recently deployed to the island continent of Aragon to assist the Republic of Cortina. Our chief adver- sary was the People’s Democratic Republic of Atlantica (PDRA), a large country to the east. At issue was the fate of the disputed province of Peason Ridge—an area just over 51,000 acres. Legally a part of the Republic of Cortina to the west, it boasted a restive population that was over sixty percent ethnic Atlantican. Over the past several years, PDRA had begun to make a political issue of Peason Ridge, most likely to distract Atlantican citizens from the dismal economic perfor- mance of the incumbent dictator-president. To provide plausible deniability, PDRA commenced sending unidentifiable Special Forces into the area to try to create an insurgent movement among the ethnic Atlanticans. In this, PDRA had been con- spicuously unsuccessful, as most of the inhabitants of Peason Ridge seemed content with their parent government and the economic advantages that an alliance with the United States brought. PDRA responded by upping the ante with a terror campaign designed to intim- idate the naysayers. A particularly nasty group of thugs—both imported and home-grown—named themselves the “Leesburg Urban Group” (LUG)—and then waged a murderous war of violence, extortion, and rape designed to incline the population eastward. The Republic of Cortina had requested American military aid to help defend the region. My IBCT was a key part of that aid, and the conflict was, according to intelligence reports, about to boil over. The main focus of my mission, reiterated by BG Chewing, was population protec- tion—pretty standard stuff in the business of counterinsurgency. I would also have to pay attention to counterterror operations while securing the interorganizational effort to boost the local economy and strengthen the region’s political ties to Cor- tina. At the same time, I was directed to prepare to defend against a possible PDRA military invasion of the region. I had a vague memory of my previous dream battles, but most especially I remained aware of eleven lessons I had assimilated following embarrassing defeats. I had already ordered that all of our vehicle systems that had onboard computers be put through shakeout road marches and live-fire exercises. This led to the discovery and repair of malicious software. Lieutenant Colonel (LTC) Phil Conners, my XO, had worked with the rest of the staff to pare down the size of the TOC, but I remembered that it was still not mobile enough to evade enemy attack. I charged LTC Conners to innovate and improve the TOC structure and operation with survivability as the top priority, and my situation 21 Infantry Brigade Combat Team awareness and synchronization as the second. When I checked on him a few hours later, he was supervising a radical new design. The essence of it was his stricture that no more than three vehicles could operate together in one location. To achieve teamwork and synchronization, the TOC would become virtually linked together through effective network operations. LTC Conners drilled the various pieces of the TOC relentlessly, forcing them to jump several times in succession. He also directed that antennae were to be placed remotely away from the vehicles. But he still wasn’t satisfied. “Sir,” he confided to me, “the fundamental problem remains.” “Explain,” I ordered. “We…well…you, sir, need a paradigm shift, if I may be so bold.” I frowned. “Be bold, colonel.” “The real problem, sir, is that we are all used to the TOC being ‘always on’, so to speak. In some of the static operations we’ve had over the past decades, we’ve developed the ‘Forward Operating Base (FOB)’ idea. From a relatively secure base 22 against enemies on the lower end of the threat spectrum, our TOCs were free to operate and grow in size and capability. But ‘always on’ means always emitting a signature. The enemy is not stupid. He knows what to look for, and if we are con- stantly putting out a signature, his SIGINT and ELINT are going to find us.” “What do you propose?” I asked. “We need to preplan windows of communication and situation awareness,” he replied. “Let’s develop key times when you need us to capture the situation and synchronize operations. At those times, the different pieces of the dispersed TOC will come up on the network, develop the situation, give you the snapshot, process your orders, disseminate instructions, and then jump and go relatively silent again.” I thought about it. “Risky,” I said. “Things could happen while the TOC is offline.” “True,” Conners said. “There is risk, but it can be managed. We have smaller CPs with enough staff to keep abreast of things. We will work with the command group to ensure full operational capability at the right times, but go down and mobile to survive during other times. And throughout the operation, we will achieve unity of effort through networking rather than physical adjacency.” I looked at my XO and saw the fire in his eyes. He had clearly given the idea much thought. Remembering my other dream experiences, I quickly concluded that the alternative was a bunch of dead soldiers and no TOC. “Do it,” I said. I would have to make do. As I turned to leave, I saw my chaplain, Major Ortho Doxie, locked in a push-me, pull-you battle with the legal officer, Captain Sue M. Alle. “PSYOP!” cried Major Doxie, pushing his opponent. “MISO!” she fired back with a shove. “PSYOP!” “MISO!” I exited stage right quickly to avoid getting drawn into what was no doubt an important debate. After inspecting two of our main engagement areas with my CAB commanders, my travels brought me to the Brigade Support Area. I was unpleasantly surprised to see so many civilians there. Our computer networks and communications systems still required a team of FSRs. They were crawling all over our ABCS and communications systems, and the truth was we couldn’t operate without them. But I worried that I didn’t see enough green-suiters supervising the 23 action. I would have felt more secure if I’d seen one or two master sergeants keeping an eye on things. I also spotted a woman with an oversized camera strolling around. With public interest in the fate of Peason Ridge on the rise, media personnel were everywhere. We were prepared, of course, and my Public Affairs Officer, Major Reed Allaboutit, kept tabs on the news personnel, ensuring that no sensitive areas or information became public. Still, so many strangers not under my command wandering around the area of operations concerned me. My former dreams—well, nightmares really—had convinced me that there were no big advantages in letting soldiers bring their cell phones into theater. We forbade them as we deployed, but I directed that an “Internet Café,” complete with cell phones would be in operation in the rear, so that the troops could check in with their families as time (and the enemy) permitted. Another initiative I took before we departed the continental United States (CONUS) was to start up a Brigade Orienteering League. We already had a number of recreation leagues, so it wasn’t difficult to encourage interest in the sport. I decided to compete personally as well, as an encouragement for my subordinate commanders to get involved. I didn’t win, place, or show in the competition, but I was rewarded nevertheless with a growing team of men and women who could navigate without GPS. As another countermeasure to potential enemy jamming, I also initiated what I called “Analog Tuesday.” Each week, on Tuesday, the Brigade dispensed with computers, radios, and even cell phones. Instead, we exercised our use of liaison officers, couriers, runners, and even visual signals. Morning reports were gathered by hand instead of through the network. We also made use of telephones, but only with our own communications wire and switchboards. We had to dust off and in some cases replace old equipment, but we became proficient in quickly erecting and using landlines. I decided to revamp my C4 Ops cell to make better use of the communications and network specialists therein. I tasked Major Work to create a cell in conjunction with the Intelligence Cell for the purpose of performing data mining and scraping of social media that might be relevant to our area of operations. The payoff came sooner than expected. I had invited several local notables to a meeting and supper. As I was hosting them and receiving their promises of support and friendship, a master sergeant from the cell asked to speak with me in private. He informed me that one of my guests was quite active on both Facebook and Twitter, and that he often ranted anti-American conspiracy theories. Thus informed, I withheld any discussion of our future intentions and didn’t invite him back. Instead, I alerted the 24 mayor of Polkburg, the major town on Peason Ridge. The man was later arrested and found to have illegal weapons in his possession. The battle staff had prepared a more thorough “Cyber-MCOO,” complete with an enumeration of “Cyber Key Terrain” that would receive priority protection. This time it included social media, cell phone towers, regular media, rear detachment issues, and network threats. But as we discussed the situation, I could see that Major Work was not satisfied. I asked her to be frank with her assessment. “Sir, I think the brigade is doing fine,” she said. “But I’m concerned about our partners in the Advise-and-Assist Units.” As we had deployed into theater, we welcomed liaisons from two battalions operating in Cortina with an advise-and-assist mission. These were some of the Army’s best—combat veterans for the most part, who were experts at helping the host nation form, organize, train, and deploy their own battalions. They had been in theater for the past year, and their knowledge of the terrain, the culture, and the language was invaluable. “You see, sir,” Major Work explained, “the units that were deployed here were part of the ‘small Army’.” “Small Army?” I asked. “Yes, sir. They deploy into theater with minimal logistics, and they operate at the extreme end of the network.” She grabbed a dry erase board and started to sketch. “We have the GIG—the Global Information Grid,” she began. “All the globally interconnected data networks. The Army’s LandWarNet is the end-to-end set of Army information capabilities that connects to the GIG. As part of that, the Army protects its network with routine updates. But the ‘small Army’—advisory teams, Special Operations Force (SOF) teams, civil affairs outfits, and others—often have to deploy with severe restrictions on weight and cube. As a result, they can’t bring along the full, robust LandWarNet backbone architecture. And that creates vulnera- bility. Particularly when they connect to our network.” “But don’t we have our network protected?” I asked with a rising sense of urgency. “Our network?” she asked. “It’s better to think of the network as a whole, huge, living organism. We don’t have ‘our network.’ Instead, we operate within the greater GIG. The network includes systems, data, microchips, the silicon in those chips, the data links between systems, the communications, the operators and technicians, and all the seams that lie in between all these components.” 25 “Pretty grim description,” I observed. “You’re making me nervous.” “Well,” my S-6 continued, “we have to view the problem holistically. The ‘small Army’ members of the team are typically at risk for cyber-attacks, because they lack the full weight of network protection that ‘big Army’ enjoys. And when they connect with us…” “I get it.” I said. “What do we do about it?” “We anticipate-withstand-recover-and-evolve,” she intoned. “We’re working the problem, but we may be behind the power curve already. My folks are working around the clock to update their systems and search for possible intrusion, but I’m not convinced we are completely secure yet.” “Keep at it, Major,” I said. But I was worried. The World War Two paradigm The “network” includes of declared wars and mass deploy- ments complete with huge logistical the computers, data infrastructure was a thing of the past. In its place, the Joint Forces, including links, communications, the Army, deployed small teams into software, personnel, the “gray zone”—those areas of conflict short of war in which potential and procedures, and all actual enemies prosecuted all sorts of mischief in pursuit of their objectives. the seams that exist These teams, like the fingers at the end of my arm, were more exposed than the between components. rest of the body. If the enemy was savvy enough—and they probably were—they might try to obtain access into the larger network by probing for openings in the less protected pieces. The problem became exponential when networking with allies. The Battle PDRA’s president-for-life decided to try and force the issue in Peason Ridge. He reasoned that if his forces could defeat the Americans or at least humiliate them and goad them into overreaction, he could accomplish his political objectives. To that end, two PDRA divisions—one armor, one mechanized—invaded Peason Ridge. The enemy units were understrength and had older equipment, but properly led they might be capable of winning against us. The enemy mechanized forces aimed straight for Polkburg, and as the battle developed, their commanders attempted to mobilize the urban population to help 26 them and oppose us. Happily, our efforts to win over local officials—partly through American-sponsored construction projects and the increased security that our IBCT provided—kept most of the citizens quiescent, at least at first. Meanwhile, the enemy’s armor forces were attempting to encircle the town to the south, and my Combined Arms Battalions were soon locked in bloody combat. As had happened in earlier dreams, we found our radios and GPS jammed as the enemy began his offensive, but the IBCT was fully ready for this condition. We had rehearsed our PACE plan, so that the jamming had little impact. The Cavalry Squadron detected the start of the attack and screened our forces from most of the enemy’s reconnaissance. They likewise used obstacles, fires, and deception to coax the enemy tanks into our primary engagement areas. But it was not enough, and the attackers’ momentum threatened a breakthrough. Dream 3 Scenario 27 Having had dispensed with soldiers’ cell phones, I hoped that the BCT made significant strides forward in reducing our electronic signatures. What I had not anticipated was that once in theater, soldiers would avail themselves of the local economy and purchase new phones, along with service sufficient to keep in touch with their families and friends. What made matters worse was that the offered cell phone service used towers under the control of pro-PDRA insurgents. The enemy was thus able to monitor cell phone use both for targeting and intelligence gather- ing. The resulting artillery and air attacks (using a combination of UAVs and fixed wing aircraft) hammered some of our key positions. Even LTC Conners’ innovative TOC design did not escape unscathed. At 1325 we entered a preplanned commu- nications window and nearly got away with it. But the enemy was clever and agile, and his ubiquitous artillery took out a key section of the TOC, including the Intelli- gence Cell. I couldn’t grasp how the enemy had such a good read on how we were disposed and what we were doing. The C4 Ops crew had, at my direction, formed a red team that probed for weakness in our command network. They discovered that a con- tractor had connected an unauthorized laptop to the system, but they were able to isolate the problem and prevent any damage. Still, it seemed that the enemy knew more than he should, and I wondered why. Later, we found out. One of the FSRs working on our ABCS inadvertently inserted a worm into the system that allowed enemy exploitation. The worm originated in the systems used by an advise-and- assist team that was working with us. The enemy didn’t shut the system down, but they did gather intelligence from it and also managed to monkey with the position location, as had happened before. We didn’t fall for the ploy this time. Instead of sending my staff to check on one of our companies, we sent a UAV to confirm my suspicion that the company was not really there. Enemy agents fired at the aircraft but missed. The final blow was one I didn’t see coming at all. Media personnel in the area of responsibility began to receive Tweets at about 1430. There were numerous reports that the Americans had been defeated. Some of my soldiers had been captured and disarmed. Others were retreating. One report claimed that several of my troops had offered to join the Atlanticans. None of these reports were true, but they were replicated and spread like wildfire. When word got out that the LUG were rounding up neutrals and executing them (also untrue), citizens in Polkburg began to emerge wherever they saw Atlanticans and provided them assistance. The most damaging faked news stories carried the moniker of “Iron Man.” Once again, this elusive enemy attacked my BCT with impunity. 28 The whole experience left me longing to be able to perform a computer network attack (CNA) into the enemy’s system, instead of suffering it alone. I decided that if we survived to fight another day, I would visit my C4 Ops Cell again and start exploring options to take the fight to the enemy. There was precious little good news that day, but we managed to protect some of our key information. During our mission analysis, I pressed the staff to determine “cyber key terrain”—i.e., the equipment, software, and information that we had to protect as the highest priority. Soldier PII was among the selected bits of protected information, and we were in fact successful in resisting enemy attempts to hack into the S-1’s system. The rear, for once, did not report any enemy successes. But on Peason Ridge, the situation was deteriorating quickly. By early evening, the enemy was in control of most of Polkburg, and the threatened encirclement prompted the JTF commander to order my withdrawal. I was furious and certain that with persistence we could prevail. But the conflicting news stories about our defeat had caused panic back in Cortina, and the decision was to regroup in prepa- ration for a counterattack. All that night, we conducted a controlled withdrawal, and by first light, Peason Ridge was in the hands of the enemy. The Aftermath When I reached the Brigade Support Area, LTC Conners handed me a cold cup of coffee. He looked dejected. I told him that the improved performance of the TOC was commendable. He thanked me and left me to my thoughts. As I contemplated the battle, a few more lessons came to mind. 12. The C4 Ops Cell is capable of a lot more than simply enforcing network and communications compliance. Be creative, and get the most out of them. One key area to focus on is the problem of network connections with elements of the “small Army” and allies that we work with. 13. Cell phones are everywhere, whether you bring them with you or not. Your operational security (OPSEC) and cyber security efforts must take them into account throughout the operation. 29 14. The ABCS and other systems that provide C2 are high-value targets for the enemy. If they can find a way to hack into or physically infiltrate them, they will. 15. Media personnel are likewise vulnerable to enemy action. They must be fully aware of the enemy’s capability to employ cyber-attacks against them, and they must be inoculated against false reports. BG A. Chewing found me wallowing in self-pity, leaning against my HMMWV. For a moment, he almost seemed sympathetic. I felt that my BCT’s performance in the cyber domain was improving, but we had a long way to go, and Chewing saw it, too. “You…” He seemed at a loss for words. “You didn’t suck that bad.” “High praise, sir,” I replied. “I’ll pass that on to the troops.” He said nothing. He seemed uncharacteristically quiet. In fact, everything around me suddenly went silent. No engine noise, no sounds of battle, no conversation. The absence of sound was deafening…and I woke up. I found myself sitting at my desk in an empty classroom. The lights were out, and the clock showed it was 1730. I saw a handwritten note on the corner of my desk. “I couldn’t bear to disturb your repose. Signed, Lipz.” Fortunately, no other students were around to see my reddening face. I grabbed my rucksack and headed for the BOQ. 30 Fourth Dream “Understanding is critical to seizing, retaining, and exploiting the initiative over enemies and adversaries. Understanding is equally critical to the consolidation of tactical gains to achieve sustainable political outcomes consistent with the mission.” —FM 3-96 “In some cases, traditional warfare techniques are simply updated to use new technologies, leaving attackers and defenders to relearn old lessons in new contexts. In others, cyber- attacks use completely new modes of attack.” —Mike Chapple and David Seidl, Cyberwarfare: Information Operations in a Connected World “Father, Mother, and Me, Sister and Auntie say All the people like us are We, And everyone else is They.” —Rudyard Kipling By 1015 the next morning, I was justifiably proud that I had endured over two hours of Dr. Lipz droning on about the National Security Act of 1947 while remain- ing conscious. We had returned from the first break, during which I put myself through a regime of jumping jacks and emergency caffeine ingestion. Still, the clock was moving perceptibly slower, and we had been on Slide 6 for the past fifteen minutes. I was beginning to feel numb, so I resorted to playing a few games of Pencil Bingo. After what felt like thirty minutes, the clock said 1016. I was losing the fight. When I stared at Slide 6 and saw dancing fairies and flying unicorns, I knew where I was headed… Well, maybe not exactly. I was suddenly standing in a bell tower overlooking a beautiful city. BG A. Chewing was standing next to me with an expectant look on his face. “Well?” he asked. “Uh…no questions, sir.” The dream mission came to me as he mumbled something that didn’t sound good and began to descend the narrow stairs. I paused to survey the city again and remembered that I was in Przemysl in southern Poland, standing atop the city’s famous cathedral that dated back to the fifteenth century. I was in command of an SBCT with the mission to defend against an impending invasion from forces of the Russian Federation and their proxies. One of my Combined Arms Battalions was 31 detached to a Polish brigade, and I, in turn, had received a Polish infantry battalion. We expected an attack within 72 hours. I had forgotten most of the details of my previous dream battles, but I retained the fifteen lessons I had learned. My SBCT had been in theater for a three-month rotation and had recently been refit before the trouble started. I had learned much about warfare in the cyber domain, and my command team had taken care to prepare the brigade for the test of arms that was soon to come. We conducted system shakeouts after refitting to ensure onboard software systems were working properly. Our training regime back in CONUS and in theater emphasized the need to anticipate-withstand-recover-evolve when faced with cyber attacks. Our soldiers’ ability to switch to analog operations had been honed in rehearsals, and we had a team of leaders at all levels who were masters at map-and-compass orienteering. I also worked with my higher headquarters to form a team of network techni- cians that worked with the liaisons that the BCT received and sent out. The goal was to focus on the seams between “small Army” and “big Army,” and between us and our allies. My guidance was to concentrate our attention on the vulnerable extremities of the network—i.e., those pieces that might not have received the latest software updates and network protection tools. I’d done a lot of work with my C4 Ops Cell to explore ways of capitalizing on the expertise of my 255-series and 25-series technicians. In addition to compliance discipline in our CPs and vigorous red team testing of our networks and commu- nications, I had the Brigade S-6, Major Annette Work, come up with contingencies for performing a CNA, in addition to defense. I found that the young specialists and sergeants, who had grown up from infancy in the information age, were full of ideas. I was less certain that my headquarters had the authority to do everything we wanted to do. Nevertheless, I instructed Major Work to coordinate with higher headquarters and attempt to access and neutralize the enemy’s C2 system. That memory reminded me of something else. I sprang down the stairs. “Sir!” I called after the ADC-M. He had been climbing into his HMMWV and turned with a growl. “What?” “Before you depart, sir, I wanted to request additional-” “Fuel,” he interrupted. “I know. I already arranged it.” “Uhhh, thank you, sir,” I said respectfully. “But what I was going to say was I will need additional-“ “Class Five. Got it. I already informed the Corps Support Command.” 32
Enter the password to open this PDF file:
-
-
-
-
-
-
-
-
-
-
-
-