The skill and capacity of Army cyber forces have grown in the decade since their creation. This podcast focuses on needed structural changes to the Army’s portion of the Cyber Mission Forces that will enable their continued growth and maturity since the Army’s past organizational and structural decisions impose challenges impacting current and future efficiency and effectiveness. This assessment of the current situation highlights the areas military leadership must address to allow the Army’s cyber forces to continue evolving to meet the needs of multi-domain operations.
Keywords: unity of effort, workforce development, cyberspace, operations, task organization, unity of command
Read the article:
https://press.armywarcollege.edu/parameters/vol52/iss3/8/
Episode Transcript: “Assessing the Army’s Cyber Force Structure”
Stephanie Crider (Host)
Welcome to Decisive Point, a US Army War College Press production featuring distinguished authors and contributors who get to the heart of the matter in national security affairs.
The views and opinions expressed on this podcast are those of the podcast guest and are not necessarily those of the Department of the Army, the US Army War College, or any other agency of the United States government.
Decisive Point welcomes from the United States Military Academy Major John Fernandes, Lieutenant Colonel Todd Arnold, and Dr. Jan Kallberg, who coauthored “Assessing the Army’s Cyber Force Structure” with Major Nicholas Starck, Captain Richard Schmel, and Major Charles Suslowics. The article was published in the autumn 2022 issue of
Parameters.
Welcome to Decisive Point. Your recent
Parameters article discusses assessing structural divides in the Army cyberspace force for better support operations. Lay the groundwork for us here and give us some background, please.
(John C. Fernandes)
Hi, this is John. I guess I’ll get started. So the Cyber branch and the cyber units have been around for about 10 years now. And so, we thought it would be a good time to look at some of the decisions we made initially and see if the decisions were the right ones and at what challenges may have arisen and how we might need to change things as we move forward to make sure that we’re the most effective force that we could be. So that’s the basis of the article.
(Todd Arnold)
This is Todd. And to add onto what John was saying, really a good time to do that reassessment now because the entire Cyber Mission Force and the Army’s teams have all been operating for the last three years as fully mission capable. So all the teams across all of the different services are now built and working and then doing their missions fully for a few years. And it’s a good point to actually go back and reassess them with “OK, did all those decisions we were making when we were rapidly building the force—do they still make sense?”
Host
Can you briefly explain the offense/defense split and your considerations for mitigation?
(Arnold)
Yeah. I’ll start with a little bit on why there’s a split. So when we were initially building up the Cyber branch, it was built kind of piecemeal. Some of the offensive teams started getting built first. And the two previous branches that had been doing a little bit in each of the offensive and defensive work started building units separately. The Army tasked them to build those separately. And nobody was really doing it fully. (Military Intelligence or) MI was doing a little bit in the offensive side, and Signal Corps was doing a little bit in the defensive side. And the Army said, like, “Hey, start building these things up.” And so those two separate branches started building the offensive and defensive teams. And then we formed a branch because we were looking at how the other services were doing it, and we felt like building a branch was really going to get it to the point where we are moving forward, we have a full career path for people dedicated in this space because it’s not good to do it piecemeal. But, at the same time, we already had units established that were building up these teams, and so we just kept those units, one brigade for offense and one for defense, and they just kept rolling with building the teams. And so that’s how it’s played out for the last 10 years.
(Jan E. Kallberg)
Jan going to join in here, more from a broader perspective. It’s really tricky to get us doing defensive cyber operations and being siloed in that environment without, really, help. Of course, where is the threat intelligence coming from? If you always get your threat intelligence from how you get hit, it’s like a tank that doesn’t know really what’s coming except what’s already in the air. That’s not good. Of course, then, we just wait for the terminal effect.
We’re also seeing that how you bridge this overlaps to avoid that you get one-eyed or—worst-case scenario—blind and how you sort of, say, have a proper knowledge and talent management through the force.
Host
John, did you have anything to add to this one?
(Fernandes)
Yeah. So I can start talking a little bit about what some of the challenges that then arose from the split. So now that we have this legacy division, we started to form almost silos within offense and defense where people who only saw one side or only saw the other or maybe didn’t understand how the other side works. And there’s benefit in being specialized, but we also noticed that there’s some challenges that come with that: not understanding necessarily what’s feasible, what’s realistic, what the costs are for doing things. And then just, sometimes, the . . . the normal human tendency to see inequity of one side looked like it’s more interesting mission or getting better funding or things like that. We thought that those are some of the challenges we’ve seen over the last couple years with this division.
Host
Something else you mentioned: divided chains of command—another structural challenge. What are your suggestions for resolving this one?
(Arnold)
As part of that buildup, the Army deliberately said, “These organizations are gonna run and do the operations, and these organizations are gonna be in charge of just building up and creating and training up the teams.” That was good for the buildup. But now, that’s caused that rift that you mentioned that there’s a split between the people that, like, just maintain administrative and training versus the people that are doing actual operations. And that kind of really takes away from the whole point of command and the way the Army sees command. And so at whatever level the Army decides to do it at, I think we need to reassess that split. And what we should really start doing is like “OK, who is in charge of, say, a CPT or Cyber Protection Team? Who should be in charge of that? What level of command should that be?” And start actually putting those people in charge of the command, giving them a little bit of a staff to take care of some of their administrative things, and actually planning, like, this is how the Army does things. And making the officers and leaders in charge of some of those traditional Army tasks, but within the Cyber branch.
(Kallberg)
So, yes—Jan here. Now, of course, we . . . we’re talking to the war college. We can’t leave the discussion without the strategic outlook. So we’re also thinking, you know, as things may be more reactive—how we see things, the (observe-orient-decide-act or) OODA loops get shorter, and we have a more mission command driven with intent out there going. And also that we maybe see it’s better to have more cohesion to be able to steer the organization quicker.
(Fernandes)
So, ultimately, I don’t know if there’s a simple solution for this one because a lot of the things we’re talking about are normal Army principles that we should be applying. We just think that we need to make sure we’re doing it very deliberately now, now that we’ve identified it as a challenge. Making sure we’re keeping unit integrity to the greatest extent possible, that we’re clearly just delineating who has what roles as we talk support relationships, command relationships, and that we are . . . we’re looking at how we deconflict as we have competing requirements. Are we doing deconfliction by time? Are we doing a deconfliction by priority? And making sure that those are very clearly understood because as the branch has grown, we can’t solve those with only five people in a room. We have to have a little bit clearer processes moving forward.
(Kallberg)
Also, as Colonel Arnold and Major Fernandes hinted—Arnold spelled it out more—I mean, we got data. I mean, we’ve been running this machinery now for 10 years. Why not put these data to use and hone it and make it better?
Host
So, going forward—give us your recommendations.
(Arnold)
I think it’s a good time to sit back and have the Cyber branch and leadership reassess some of those previous decisions and start looking at “OK, we made those decisions up-front. Do they still make sense?” And having deliberate, well-thought-out discussions on “Where should we go from here?” For instance, do we start integrating more of the command . . . mission command stuff that the Army traditionally does into the force and how it’s supposed to be done. What is that level of specificity or focus that individuals need in their mission? Should we have people that are a little bit more general? How many people need to be more focused on, like, offensive or defensive? Or what is that right balance between specialization and generality? So we need to make some deliberate decisions here in order to keep moving things forward. Ten years of building up all these forces. It was a very large task, and, now that we’ve got them built up, we need to stop, look at it again, and reassess like “OK, we’ve been operating for a little bit. We have the data. How do we move forward and continue making progress?”
(Kallberg)
I think it’s also important to think about retention. When things happens in the commercial world, in the corporate world, it only takes one big verdict . . . multimillion-dollar verdict; everybody start to hiring defensive guys. So we also have these outer forces that we can move talent within the organization and be—to use a really 2020 word, agile—and match up the incoming threats.
(Fernandes)
And I think this is an important point in time to really be thinking about this because the Cyber branch is growing as we incorporate electronic warfare. And the 915th Cyber Warfare Battalion (915th Cyberspace Warfare Battalion), stood up not that long, is growing. So taking the lessons we learned with the 780th (780th Military Intelligence Brigade [Cyber]) and the (Army) Cyber Protection Brigade and making sure that we’re incorporating those lessons as we continue to grow so that we’re growing in the most effective way is important. This idea of “Do we specialize or do we generalize?” As we start talking about another area, electronic warfare becomes more important because we can’t specialize in three things. We have to pick one maybe, or we have to decide that some people are gonna be generalists. And as we expand the branch, we need to really be thinking about these things to make sure that we don’t have to do another look in another 10 years because we missed the mark on something.
(Kallberg)
And also, if we really specialize, we also are gonna end up with a problem that we can’t ramp up the organization. Of course, people are so specialized that there is no overlap. Remember 1942, when the Army has had to go big. And so to increase this organization, we have to watch, as Major Fernandes says, that balance.
Host
I hate that we only had this short time because, like you said, Major Fernandes, very timely topic. And your article really does give a lot more details about it. This is a great overview, and I would encourage our listeners—if this is interesting to you at all, check out the article. Thank you so much for your time and for your insight. This was a real treat.
(Kallberg)
Appreciate it. Thank you.
(Arnold)
Thank you very much.
(Fernandes)
Thank you very much.
Host
If you’d like to learn more about the Army’s cyber force structure and the authors’ suggestions for a path forward, you can find the article at
press.armywarcollege.edu/parameters. Look for volume 52, issue 3.
If you enjoyed this episode of Decisive Point and would like to hear more, look for us on Amazon Music, Spotify, Apple Podcasts, Stitcher, and any other major podcast platform.