The US Cyber Command (USCYBERCOM) is overhauling its means to perform cyber warfare. The Command is one of ten Department of Defense (DOD) Unified Combatant Commands. It is co-located at the National Security Agency’s (NSA) headquarters at Fort George G. Meade, Maryland. The command federates the cyber warfare units belonging to four of the US armed services. These include the US Army Cyber Command, the navy’s Fleet Cyber Command (a.k.a. the Tenth Fleet), the US Air Force’s (USAF) 24th Air Force (a.k.a Air Forces Cyber) and the US Marine Corps’ Cyberspace Command. According to the DOD USCYBERCOM “plans, coordinates, integrates, synchronises and conducts activities to: Direct the operations and defence of specified Department of Defense information networks and prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/allied freedom of action in cyberspace and deny the same to our adversaries.”
In late October, Northrop Grumman won a $54.6 million contract to develop, integrate, deploy and maintain the Unified Platform, one of USCYBERCOM’s key capabilities. An official press release announcing the news stated that the firm will perform the work in Georgia, Maryland, Texas and Ohio. The Unified Platform is being procured by the US Air Force on behalf of the Command. Ultimately, it will be at the core of the Command’s Military Cyber Operations Platform. As per the US’ 2019 defence budget, an initial $29.8 million will be allocated to developing and prototyping the Unified Platform. The initial stages of the programme will see the integration of existing cyber capabilities owned by the commands listed above. The bedrock of the Unified Platform is the development of an agile, scalable and interoperable platform which can be used for the execution of offensive and defensive cyber operations: “The DOD will develop the detailed requirements for integrating disparate cyber platforms and building an interoperable and extendable network of cyber capabilities. This Unified Platform will enable the Cyber Mission Force (CMF) to conduct full-spectrum cyberspace operations in support of national requirements,” as articulated in the DOD’s April 2015 Cyber Strategy. Central to the initiative is the use of open architecture standards to ensure that the platform is easy to modernise as new hardware and software comes to the fore.
The CMFs comprise each of the component commands in the USCYBERCOM, totalling 133 teams in total with over 6000 members. Each of these teams have different responsibilities, with 27 of them tasked with ensuring that cyber effects are integrated with operational efforts and contingency plans. The need for the Unified Platform can be traced back to 2009 when USCYBERCOM was activated. At its formation, it shared capabilities with the NSA; the result of the latter already having the tools, and personnel to perform cyber operations.
However the NSA is primarily an intelligence-gathering body rather than a war-fighting formation, although by the nature of its work, it can and does support US offensive operations. USCYBERCOM, on the other hand, has war-fighting as one of its core missions. Put simply, the work of the NSA is largely passive; listening to, and exploiting the electronic spectrum to gather intelligence which supports political and military objectives and decision-making. The Command’s mission, on the other hand, is inherently ‘active’ particularly in the offensive context, where the execution of cyber operations can be visible to an adversary. Using NSA tools to perform such active missions carries an inherent risk. This is because once a cyber attack is discovered, its origin could be traced back to the NSA, hence revealing cyber tools which the agency has at its disposal. The need for separate tools, and hence a separation of the NSA and USCYBERCOM is as much about preserving the former’s opacity as ensuring the latter has its capabilities. As one source close to the Unified Platform programme told MONch, the separation of the two organisations makes sense as “the NSA has a very different target set from the US military. Just to lump them both together because they are all cyber folks makes no sense.”
In light of these realities, it was politically and operationally logical to split USCYBERCOM from the NSA. The resulting split gave rise to a need for different tools, training and infrastructure to equip the Command. This need for these distinct capabilities resulted in the need for the Military Cyber Operations Platform (MCOP). The MCOP’s rationale was to consolidate the separate capabilities of each component command into a single platform to execute USCYBERCOM’s war-fighting mission. The advent of the MCOP concept resulted in the Unified Platform requirement as articulated in the 2015 Cyber Strategy.
As well as having an offensive cyber capability, the Unified Platform will provide mission planning and Command and Control (C2) of cyber operations whether defensive, offensive or ISR (Intelligence, Surveillance and Reconnaissance) focused. The platform is a ‘chassis’ upon which a series of software and hardware enhancements can be applied as the system continues through its life. This is to ensure it remains ahead of emerging cyber capabilities and threats. This chassis will federate the separate cyber capabilities of each component command enabling them to act in a scalable and/or unified fashion. The advent of the Unified Platform will also free USCYBERCOM from relying on the NSA’s capabilities to perform cyber operations. One source close to the programme told MONch that the capabilities of the Unified Platform “go all the way from defensive to offensive.”
Official figures state that the DOD will spend a total of $215.2 million on the Unified Platform between 2019 and 2023. The initial $53.4 million “is the starting point,” the source continued. Of that, $45 million will be spent on prototyping between 2019 and 2021. $29.8 million will be spent elsewhere on the programme in 2019, $10 million in 2020 and $6 million in 2021. Reports have stated that by the end of March 2019 the Unified Platform will offer basic functions to cyber warrior. It could be fully operational by late 2020.
The air force has emphasised the need for the Unified Platform to be as adaptable and agile as possible. This is imperative as the speed at which software evolves means that the platform will need to remain abreast, if not outstrip these innovations. For example, an adversary may discover that part of their network has been attacked, and work to prevent such an intrusion in the future simply by rewriting part of their software. The platform will need to be responsive enough to accommodate such challenges, even better, provide the tools which will help the user to anticipate the adversary’s course of action. The platform could go through its service life receiving regular enhancements and new capabilities in a similar fashion to personnel computers in the civilian world. Reports have continued that, once in service, the platform could obtain new capabilities every three months, and see the entire architecture being updated every six; timelines which are rare to say the least with conventional military hardware.
The source added that “The $53 million contract is the starting point. This initiative will see a mix of dollars for the programme and for the spiral development of new capabilities (as the programme evolves).” They continued that new acquisitions by USCYBERCOM are in the offing. These include the transition of the Joint Cyber C2 System to USAF auspices. Reports note that the command has requested $13 million for this. This will enhance the overall battle management of cyber operations for combatant commanders and improve their situational awareness during operations. Alongside the Joint Cyber C2 System is the Persistent Cyber Training Environment (PCTE). This is a US Army led programme. Official US Army documents say that this initiative responds to an “urgent need to provide a persistent and realistic training environment to DOD cyber mission forces.” The documents continues that this will be a hybrid cloud-based training platform “supporting individual sustainment training, team certification, and provide the foundation for a collective training network.” The acquisition strategy, the army stated, was signed off in May 2017. Although there appears to be no further details as to when either of these capabilities could enter service, conservatively it could be expected that this might occur in the next five years.
Dr. Tom Withington