Cyber Activities At The National Training Center
by U.S. Army Steven Stover, Public Affairs Officer
780th Military Intelligence Brigade (Cyber)
April 28, 2018
U.S. Army Cyber Command (ARCYBER) is using the Cyber-Electromagnetic Activities (CEMA) Support to Corps and Below (CSCB) program at the Army's Combat Training Centers to develop and test CEMA concepts and operational cyber support to those units.
The lessons learned from CSCB support to the National Training Center’s rotational training units (RTUs), Opposing Forces (OPFOR) and Operations Group have resulted in numerous milestones including defensive cyber counterfire and systems that disrupt and neutralize unmanned aircraft systems (anti-UAS).
According to Sgt. Maj. Jesse Potter, the S3 operations sergeant major for the 780th Military Intelligence Brigade (Cyber), it has been an iterative process, learning more each time about developing tactical training that mirrors real world operations.
“Having been involved in all the previous CSCB rotations – and every rotation is a learning event – one of the big learning points is, in this specific rotation, the use of cyber enabled kinetic effects,” said Potter. “That is, the commander understands cyber is not only good for intelligence, but provides him with a sensor-to-shooter link that he is able to then leverage against High-Payoff Targets (HPTs). In other words, using cyber to gain access, to be able to see HPTs, and then to use that in concert with other capabilities to be able to geographically locate and neutralize HPTs is a technique that had not been done in previous rotations.”
Maj. Wayne Sanders, the ARCYBER CSCB chief, gave an example of how that plays out for Tactical Cyber Counterfire missions. He said the defensive cyber operations (DCO) team was noticing anomalous activity on the brigade’s network at certain times – usually late at night. The brigade intelligence section knew who the cyber threat actors were, but because there was a lack of touch points between the intelligence section and the network defenders, they never they never put the two together.
“That is where that CEMA piece is so critical, because otherwise intelligence stays in the S2 channels, and communications stays in the S6,” said Sanders. “This is the CEMA’s job and the Expeditionary CEMA Teams (ECTs) provide that extra expertise that leverages the higher level capabilities, such as the RCCs (Regional Cyber Centers), and the JCC (Joint Cyber Centers), and through the IC (Intelligence Community) – the result is more arrows in the commander’s quiver to generate effects.”
Potter said that in all the previous rotations the DCO perspective was focused on DCO Internal Defensive Measures, which includes hardening the network and monitoring activity in the network, part of information assurance.
“No rotation has done, up until this rotation, any semblance of a DCO counterfire,” said Potter. “To identify the target, being able to characterize the target, and then being able to make the transition from making an internal threat assessment, to making a request to target that individual as a process.”
Potter and Sanders both remarked on another significant achievement during this rotation which was the anti-UAS capability.
Maj. Wayne Sanders, chief, Cyber Electromagnetic Activities (CEMA) Support to Corps and Below (CSCB), U.S Army Cyber Command (left), and Sgt. Major Jesse Potter, the S3 operations sergeant major for the 780th Military Intelligence Brigade (Cyber) (right), watch as Spc. Justin Longshore, a cyber operations specialist assigned to the 782nd Military Intelligence Battalion (Cyber), controls a unmanned aircraft system (UAS) as it maneuvers toward a U.S. Army unit before it is ‘attacked’ by an anti-UAS capability as part of the CSCB program during the 1st Stryker Brigade Combat Team, 4th Infantry Division, National Training Center Rotation 18-03 in January 2018. (U.S. Army photo by Steven Stover)
“There were UAS threats in the area that the OPFOR possessed that we did not have a capability for. We want to be able to task our ARCYBER enterprise to create a capability against those other threats, and that’s the model that we want to use,” said Sanders. “The Army has figured out, no matter where they go, we want to use the intelligence community to tell us what types of threat are out there so we can use our enterprise to create capabilities against that.”
According to Sanders, the Commander of Operations Group (COG) is able to change the training scenario with as much or as little cyber play as they want, usually depending on how the brigade is doing in the fight; the OPFOR having a UAS capability is a real world possibility.
“The primary purpose for what we’re doing is to build confidence in the anti-UAS equipment. That it can actually function as the unit is told it can function, so when the Army deploys into theater they will actually have the real world capability to know – they have seen it work in testing – so they know that it works and they’ll actually deploy it,” said Potter.
Potter went on to say that is why a capability developer is critical to the ECT force structure.
“From the ECT perspective, this helps prove the concept of why the capability developer is so critical to the ECT,” said Potter. “When they arrived they identified an additional threat which their capability did not counter ... a capability developer could potentially create a solution to counter the new threat in real time to support the maneuver commander."