Cyberspace as a Weapon System

March 3, 2014

It is undeniable that all who operate in cyberspace must face the reality that every connection of a device to the Internet places networks and users at risk. Once viewed as a commons meant to share information and research across vast distances with ease, cyberspace is now a warfighting domain where longtime enablers (e.g., networks, computer systems, radios) also serve as weapons platforms capable of being used by any and all with the capability and intent. Numerous actors seeking to gain advantage over the United States through its asymmetric exposure to the cyber domain are already maneuvering in that environment and employing the Internet as a weapons platform to achieve their own ends. The threats come from across the global commons as a combinations of automated systems programmed to look for exposed edges in networks and known vulnerabilities in systems, to criminal entities who wish to further their financial gains and independent cohorts of like-minded individuals united to achieve a common effect, to state-sponsored actors who pose a threat based on their own goals.

Cyberspace has become weaponized and the U.S. Army must be prepared to operate, defend and maneuver in that environment. The evidence is easily seen in the reports of attacks by China and its massive industrial espionage efforts, the Stuxnet attack on industrial control systems in Iran, the Shamoon virus in Saudi Arabia and reported attacks on U.S. banks and multiple news agencies. In light of the numerous attacks and exploitations on all types of networks and services with exposure to the Internet, and the pervasive nature of cyberspace, the Army’s land domain systems can be used (like any other domain) to conduct operations for nefarious purposes when compromised by any of the numerous actors in the cyber domain. Due to the sheer number of current and projected weapon systems that can potentially operate in this domain, the Army must change the way it views the network from a set of provided services to a weapon system and warfighting platform used in the new global maneuver space known as the cyberspace domain.

The Department of Defense (DoD) generally considers a weapon system to be a “combination of one or more weapons with all related equipment, materials, services, personnel and means of delivery and deployment (if applicable) required for self-sufficiency.” However, the dynamic environment and threats in cyberspace demand that this new weapon system be viewed as different from any other system in existence today or in times past. Currently viewed as a communication service, the Defense Information Infrastructure (more specifically the Army’s LandWarNet) must be viewed by today’s Army not only as a weapons platform capable of connecting Soldiers, sensors and multiple nodes to one another in real time but also as a system capable of delivering operational effects across the full spectrum of combat operations. As a weapons platform using a variety of capability sets, the network has the potential to disrupt, degrade or deny logical, physical and virtual infrastructure, as well as to damage the components that comprise the effective responsibilities of the modern developed nation state: governance, defense, economic management, provision of health and human services and the maintenance of the infrastructure on which society interacts.

General Keith Alexander, commander of U.S. Cyber Command and the National Security Agency, has stated that cyberspace “is characterized by high levels of convergence of separate and different networks and technology that have come together to form something greater than the sum of the parts.” In other words, cyberspace is inherently complex, and operating in this domain demands an integrated approach. Changing the mindset from cyberspace as a facilitator of delivery of a service to cyberspace as an operational warfighting domain allows the Army to shift focus from the customer (e.g., ensuring delivery of e-mail) to mitigation of risks posed by current or potential adversaries and their ability to impact the network. As with many other weapons platforms in the Army, the Assistant Secretary of the Army for Acquisitions, Logistics and Technology—ASA(ALT)—should develop and field this weapons platform and provide appropriate oversight. However, the previous mindset of using cyberspace to deliver services led to a practice wherein numerous organizations developed and fielded different aspects of the service (i.e., enterprise versus tactical), which was not always integrated and synchronized across the force. To shift to a new mindset of employing cyberspace as a weapons system, the consolidation of current systems into a system of systems called cyberspace, managed by a new Program Executive Office (PEO) Cyber, would empower the secretariat to build on established working relationships with Army, DoD and industry cyber partners. This would further ensure that the Army is postured to support the force with an adequately developed, fielded and sustained weapon system with unprecedented speed and accuracy. There are numerous challenges to work through to make this paradigm shift, but these challenges must be overcome if the Army is to gain and maintain its warfighting and technological edge in cyberspace.

Coupled with the new weapon system/platform, the Army must change the paradigm of how this platform is used and employed writ large. Continued technological innovation offers increased opportunities but must include commensurate training and education. The Army’s failure to embrace this new paradigm to dominate in cyber as it does on land would aid all those with malicious intent by providing more targets and tools for attack. Therefore, commanders and Soldiers alike must understand and appreciate how to coordinate, synchronize and integrate cyberspace with other warfighting functions. This can be accomplished only through strong leadership, development and training that permeates all of the military communities.