An emerging vector, these attacks and operations primarily involve gaining access to targets through the RF spectrum by exploiting wireless or “over-the-air” systems.

While the U.S. military is looking to increase its ability to use these types of operations, adversaries are as well.

The Department of Defense’s “cyber posture remains at risk from attacks by unconventional threats, such as those posed by radio frequency (RF)-enabled cyberattacks where cyber payloads in radio emissions disrupt systems, or direct attacks on weapon systems’ data busses and control systems that are essential to aircraft, ships, and vehicles,” the fiscal 2023 annual report of the Office of the Director, Operational Test and Evaluation, stated. “During FY23, relatively simple RF-enabled cyberattacks caused critical mission disruptions. Future DoD cyber strategies, resource allocation, development, and testing must consider such cyber threats.”

Over the last year, DOT&E’s cyber assessment program, a congressionally mandated effort to assess the cyber survivability of combatant command and service missions in contested environments, has worked with other DOD programs with expertise in this area to improve assessments, according to Jeff Jurgensen, a Pentagon spokesperson.

“As the Department of Defense (DoD) makes progress to improve the cyber survivability of its ground-based networks, radio-frequency (RF) enabled cyber-attacks become more attractive to a potential adversary, despite the added difficulty of such attacks,” he said.

DOT&E’s cyber assessment program (CAP) has built a partnership specifically with the Air Force’s Cyber Resiliency Office for Weapon Systems, or CROWS, working together to show potential mission effects of RF-enabled cyberattacks, Jurgensen said.

They helped develop procedures to mitigate effects in a small number of major Defense Department exercises in fiscal 2023.

“As we look to expand both the capabilities of DoD’s cyber red teams to conduct such attacks, as well as the number of exercises involved, additional personnel with expertise in how DoD combat systems use RF technologies to accomplish critical missions will be critical,” he added. “People that understand vulnerabilities associated with RF technologies, and how those technologies work with DoD’s internet protocol-based systems and networks will also be essential.”

The fiscal 2022 annual report made little mention of this vector. It stated that RF and other unconventional cyber threats pose new and serious challenges, noting that the focus of the Pentagon’s current cyber strategies and defense are primarily aimed at internet protocol-based networks.

DOT&E is trying to expand the focus to pay attention to new vectors.

“In close partnership with the Air Force Cyber Resiliency Office for Weapon Systems (CROWS), CAP is expanding its assessments to include RF-enabled cyberattacks to facilitate an enhanced OPFOR that is not solely focused on traditional cyber and Internet Protocol (IP) networks but includes spectrum and apertures to the spectrum,” the fiscal 2023 report stated. “CAP has taken action on the assertion made in last year’s Annual Report by integrating effects based on potential RF-enabled cyberattacks (cyber payloads contained in radio emissions). These effects include system degradation due to direct attacks on weapon systems’ data buses and other control systems essential to many DoD aircraft, ships, and vehicles.”

The office in fiscal 2023 consolidated two years worth of data that showed potential mission effects for transponder–combat identification systems and developed tools and methods to replicate and insert them into aircraft flying during operational exercises.

“DOT&E is working with operators and solution providers to assess remedial actions and updates to tactics, techniques, and procedures to mitigate risks posed by these threats. Additionally, these results will be included in planning for future [combatant command] and Service exercise assessments,” the report said.

The post Pentagon weapons tester evolving assessment of radio frequency-enabled cyberattacks appeared first on DefenseScoop.

Each of the services, in one way or another, has been developing forces and capabilities to conduct tactically focused, on-the-ground cyber and electronic warfare effects, known as radio frequency-enabled cyber.

Increasingly, there are targets that either aren’t reachable through traditional IP-based networks or remote access might not be possible, which is primarily what Cyber Command does. As the Department of Defense has matured its cyber policies, doctrine and capabilities, the reins have begun to loosen on authorities allowing these on-the-ground forces more latitude, mostly through the electromagnetic spectrum, to perform these actions. Certain factions have sought to use more proximal effects conducted through radio frequency, which require fewer levels of approval to conduct operations at the very tactical level.

Those RF-enabled capabilities, as has been envisioned for some time, could provide the proximal access to the remote operators at Cybercom and be passed off to them.

The command’s new acquisition executive, Khoi Nguyen – who’s been on the job for eight months – has begun thinking more and more about how to leverage these tactical capabilities. He most recently came from the Marine Corps, which has been developing capabilities and concepts for tactical forces that, in some cases, could be the proximal access for Cybercom some have envisioned.

“We’re looking, from a thinking perspective, if every RF sensor is a potential platform for us to deliver cyber effects through? Then from a Cyber Command perspective, how do we ensure that or how do we assist that,” Nguyen, who is also the director of the cyber acquisition and technology directorate (J9) at Cybercom, said during remarks at the AFCEA Northern Virginia chapter’s annual Army IT Day conference Jan. 11. “We’re working closely with both the Army and the Marine Corps and understanding what the way ahead from an RF-enabled cyber prospective or EW implementation and that ensuring that whatever they’re implementing, we can leverage.”

Nguyen confessed that he’s not quite sure how to fully enable this yet, acknowledging this is all very nascent from a Cybercom perspective.

“It’s going to be a balance where I think we need to be able to operate the platform forward with operators in the rear and then some set of cyber operators either trained by us [Cybercom] or certified by us that are assigned to the Army and in the Marine Corps that are forward and then are able to deliver bullets or payloads that we have certified as allowed to be delivered. But that’s a really nascent piece and we really need to work that out,” he noted.

DOD’s updated cyber doctrine, published in December 2022, recognized so-called expeditionary cyber operations for the first time. These are cyber operations that require the deployment of cyber forces within physical spaces.

However, officials in the past have discussed that there is still a potential authorities issue that must be worked through between tactical forces and those from Cybercom.

In a pre-hearing questionnaire for his confirmation to lead Cybercom, Lt. Gen. Timothy Haugh pledged to work closely with the services as they’re building out so-called tactical or expeditionary cyber forces. The Senate approved Haugh as commander in December, but it is unclear when he will officially take over the command.  

Nguyen outlined a potential vision or architecture for how Cybercom could take advantage of the placement and access of forces in the field.

“An area that I’m thinking that we should do as Cyber Command is maybe do the cyber effects against specific targets or against exquisite targets, leveraging off funding and leveraging authority to get the target device and then doing the onboard analysis and everything else and then delivering the effect or delivering data payloads,” he said. “Then ensuring that it can be hosted within an Army device or a Marine Corps RF device and this way, now, I don’t have to add Cybercom’s equipment to the services, but rather, leverage existing service RF-enabled devices and throw our effects through it. Then, of course, there’s also the local operations, where do we need to have cyber operators forward or can we reach back through to where we are at and conduct it from Cyber Command back here and so on.”

This is the type of work they’ve been looking at with the services, Nguyen said, assisting with their equipment and what they need to do the mission and possibly pass off access.

Nguyen said Cybercom is looking to take advantage of open architecture capabilities the Army and Marine Corps have adopted. This includes the Command, Control, Communications, Computers, Cyber, Intelligence, Surveillance, Reconnaissance (C5ISR)/Electronic Warfare Modular Open Suite of Standards, or CMOSS. CMOSS allows for capabilities to be inserted, updated and swapped on hardware platforms — harnessing the modern abilities of software.

“The Army is doing that, Marine Corps [Marine Air Ground Task Force Electronic Warfare Ground Family of Systems] is doing that, Cyber Command we’re going to go with that way too, just from an awareness way ahead. Cyber Command, we’re way, way nascent on this all,” he said. “I just want to communicate that we are supporting CMOSS, that both the Army and the Marine Corps are using.”

The post US Cyber Command looking at how to utilize tactical on-the-ground systems appeared first on DefenseScoop.

Blending electronic warfare tools may be required when old-school cyberattack methods can’t get the job done.

“Traditional cyber operations via hard-wired networks are increasingly challenged by adversaries using standalone networks that have an air gap between themselves and the broader internet, including mobile devices on private wireless networks,” Bryan Clark, senior fellow and director of the Center for Defense Concepts and Technology at the Hudson Institute, told DefenseScoop. “Gaining access to these networks may require physically connecting to them, but another way can be to use RF signals to enter via a radio antenna or wireless router. And against combat systems — such as on a ship, plane, or air defense site — a technique is to access it via a radar or jammer antenna and associated processing stack.”

While the services have been charting their own paths to converge such capabilities to meet their priorities, Congress is trying to push them harder, identifying gaps in their overall approach.

The Senate’s version of the fiscal 2023 National Defense Authorization Act directed the Pentagon to develop a strategy for converged cyber and electronic warfare conducted by deployed military and intelligence assets.

“Through detailed oversight of the committee, a gap was determined in the operational strategies for fielding emerging RF-enabled cyber capabilities,” Sen. James Inhofe, R-Okla., ranking member of the Senate Armed Services Committee, said in a statement. “This provision is intended to ensure that the leadership of the Department, Combatant Commands, and military services mature the strategy and capability development processes for these emerging capabilities.”

Clark articulated the need for an integrated plan between the military branches.

“The reason why alignment between services is important is the Air Force and Army are working on a viable future EW approach, but which may not support RF-enabled cyber,” he said. “The Navy has a strong capability for now to do RF-enabled cyber, but may not have a viable future plan. By bringing the services together, the proposed strategy could address the need for U.S. forces to do more RF-enabled cyber in the future.”

These RF operations are a way to inject cyber effects wirelessly, Clark said. With the proliferation of sensors and electronic warfare equipment, the military is looking to better combine them on the battlefield.

“We’re seeing a lot of synergy between the electromagnetic spectrum, EMS, EW, cyber and [information operations]. We believe in the future, the integration of that to achieve the outcomes of cyber operations forces is going to be necessary,” Michael Clark, director of J9, acquisition and technology directorate at U.S. Cyber Command, told reporters in July.

Despite Cybercom conducting more of the traditional, remote type of cyber operations against networks, it has been investing in these types of electronic warfare capabilities for some time. The combatant command requested $16.7 million in fiscal 2023 for tools to “adapt EW technology and cyber-peculiar capabilities to gain aces to targeted enemy forces,” according to budget documents.

The Senate bill language charges DOD with developing requirements for service-retained tactical cyber forces for offensive and defensive missions, though some of the services have already invested in these types of assets. As these capabilities mature, it is expected that these proximal forces could actually gain access to adversaries’ systems and pass that off to high-end Cybercom operators remotely to exploit.

The Army has built its own tactical force to conduct these types of proximal RF-enabled cyber operations in support of commanders’ mission objectives with the 915^th Cyber Warfare Battalion.

The Army’s Cyber Center of Excellence (CCoE) along with Headquarters Army and Cybercom are collaborating on a cohesive strategy for tactical RF-enabled cyber operations, a CCoE spokesperson said.

Authorities to conduct cyber ops are notoriously onerous and held at the top levels of government, but these more proximal mission “effects” conducted through radio-frequency require fewer levels of approval. However, cyber operations should still be coordinated through Cybercom’s command-and-control mechanisms and capabilities, especially in the event Cybercom wants to use these proximal forces as an in to a network or vice versa.

“We acknowledge USCYBERCOM’s standing authorities to control and direct offensive cyber forces. Authorities and command/support relationships in future conflict will vary and be based on applicable higher echelon [execute orders],” the CCoE spokesperson said. “The Army will be ready to present and/or employ well-equipped and highly-trained expeditionary cyber forces and other multi-domain capable forces by 2030.”

The Marine Corps, from a ground perspective, has also invested in tactically focused cyber and electronic warfare capabilities, mainly through its Marine Expeditionary Force Information Groups, or MIGs, which support each MEF within the Corps by integrating electronic warfare with intelligence, communications, military information support operations, space, cyber and communication strategies to provide Marine Expeditionary Force commanders with an information advantage.

“There certainly is going to be a convergence of what we can do on the tactical edge with signals intelligence, with cyber-EW that’s going to be very enabling for the joint force and for the intel community,” Lt. Gen. Matthew Glavy, deputy commandant for information, said Tuesday during an event hosted by GovConWire.

Glavy noted that the forthcoming Marine Corps Information Command will essentially be the enabling function for converging these capabilities and navigating the authorities that exist between them.

“If you’re not sitting very close to where all these authorities reside and expertise and capabilities that we want to be able to push to the tactical edge, then you may get it wrong,” he said regarding what the new command — which will be stood up in fiscal 2023 — will do.

At the joint level, there are a lot of authorities that have to be coordinated, especially in the non-kinetic and digital realm as it pertains to intelligence collection — which is very heavily regulated under spying authorities known as Title 50 — and operations within cyberspace and the electromagnetic spectrum meant to disrupt adversaries’ operations, known as Title 10 or general warfighting authorities.

In many cases, the lines between these disciplines can be blurred given how closely related their actions are.

“Putting all those authorities together can get a little complicated. Some of its intelligence related, some of it’s more Title 10 warfighting focused, but the force that can bring them all together and can do it right, to do it in a responsible manner is going to be key,” Glavy said, noting the new command will act as that integrator.

The Navy, for its part, has organized all of its information warfare capabilities — which includes cyber and electronic warfare — under one organization, the deputy chief of naval operations for information warfare, or OPNAV N2N6.

Within that office, the Crypto-Electronic and Cyber Warfare Division works as the principal adviser to establish and validate requirements as well as direct overall planning and programming for cyber, cryptologic and electronic warfare tactical networks and capabilities, according to a spokesperson.

In the air domain, the military is looking to include advanced radar technologies that are not just passive, but can also inject capabilities into the environment.

For the Navy, it’s Next Generation Jammer system — its premier aerial electronic attack platform mounted aboard EA-18 Growler aircraft that will replace the ALQ-99 jamming pod — will provide some level of cyber capability.

“Now with the ability to do phased array, advanced jamming techniques, we really start to blur the lines, I think, between what we would consider traditional jamming with cyber warfare,” Rear Adm. John Meier, commander of Naval Air Force Atlantic, said last year. “I think that the capabilities inherent in the [Next Generation Jammer] jamming pod are going to open up a wide, wide array of not only jamming techniques, ranges, effective radiated power, but also taking us into other areas that we’ve never really had the ability to do before.”

Clark noted that the threats posed by advanced adversaries necessitate this push.

“As U.S. opponents become more sophisticated, U.S. cyber warfare needs to rely more on RF methods for access,” Clark said. “For the Navy and Air Force, this will mean building their next generation of EW systems in ways that allow them to inject cyber tools.”

Clark pointed to the Air Force’s Skyborg program and its envisioned Next-Generation Air Dominance platform, as well as the Army’s Air-Launched Effects — essentially small drones or payloads released in midair by larger aircraft — as unmanned examples of these types of capabilities. However, he questioned whether these systems will have the onboard processing and network capabilities to accommodate RF-enabled cyber tools like the much larger and more expensive EA-18G.

Similar to the Navy, from an operational standpoint, the Air Force created 16^th Air Force, the service’s first information warfare command housing cyber and electronic warfare forces, among others, under one commander.

“As you start to mix the capabilities together, you’ll find one segment of it that needs to grow. One of those areas is how we converge electronic warfare and cyberspace operations,” the outgoing commander of 16^th Air Force, Lt. Gen. Timothy Haugh, told reporters in July just before his departure to become the deputy commander of Cyber Command. “That is an area where our service is talking about it. It’s an area Congress is interested in. And now we think we can inform some of that based off of the expertise we have within our various wings. That’s one that’s now a discussion.”

Haugh indicated that 16^th Air Force created a combined detachment between the 55^th Wing, which does a lot of reconnaissance and ISR work, and the 67^th Cyberspace Wing. The 55^th Wing has expertise in the electromagnetic spectrum from a reconnaissance perspective while the 67^th is thinking about systems through an interconnected lens, he said.

“We have established a combined detachment between the two wings to allow them to bring that expertise together,” he said. “Our first step in doing that was we wanted to have an opportunity where they could come together under one roof and allow that synergy to begin.”

The post Services working to convergence EW, cyber warfare capabilities appeared first on DefenseScoop.