Small Wars Journal

A Reserve Component Initiative to Defend DoD and National Cyberspace

Thu, 11/10/2011 - 9:16am

Download the Full Article

The United States is under increasing threat from both nation state and non-nation state cyberspace domain aggressors.  An effective attack against vulnerable elements of our critical infrastructure could produce major and lasting damage to our national economy, military capability, and our cultural way of life.  The ability to conduct Cyberspace domain operations is a predicate to both successful military operations and successful private sector operations such as in the economic/financial, health, telecommunications, logistics, and energy operations sectors.  Therefore, dominating this domain is critical to a functioning economy, national security, and to ensuring success in the other warfighting domains (air, sea, land, and space).  Identifying, defending, and (potentially) reconstituting cyberspace key terrain is an essential task for dominating this domain.

The military (DoD and the Service’s) approach to defending the cyberspace domain, while considerably better than any other US government (USG) entity: is still fragmented, unorganized, and not under effective command and control (C2) ; requires integrated individual and collective training; and lacks effective inter-agency national policy to achieve full effectiveness.  The establishment of US Cyberspace Command (USCYBERCOM) is a very effective start toward resolving many of these shortfalls.   Another shortfall:  the extensive capabilities of the military’s Reserve Components are not effectively utilized to conduct and support cyberspace domain operations. For example, other major military powers use their reserve component forces to support full-spectrum military and national operations in cyberspace domain.  (see Figure 1) In response, there are several initiatives to utilized DoD’s RC forces to support national cyberspace objectives.   So while we have considerable cyberspace capability in both the Active and Reserve Components, much of it is unorganized, fragmented, the training is non-existent or uneven, and cyberspace domain oriented C2 is primitive if not non-existent.
 

Download the Full Article

About the Author(s)

David M. Hollis is a GG-15 Senior Policy Analyst/Planner with the Office of the Undersecretary of Defense for Intelligence’s (USD(I)) Cyberspace, Warfighter Integration, and Strategic Engagement Division (CWISE).  Prior to this position, he was the Chief of the Cyberspace Security Division for the Office of the Assistant Secretary of Defense for Network & Information Integration /DoD Chief Information Officer (ASD NII/DoD CIO).  Lieutenant Colonel David M. Hollis, (USAR, MI) is also currently serving as the Senior USAR officer & USAR Element OIC for the Joint USCYBERCOM.  He was previously a drilling Joint Plans Officer with the USSTRATCOM Joint Functional Component Command for Network Warfare (JFCC-NW) J5.  Prior to his current USAR assignment, LTC Hollis was assigned/mobilized with the Army 1st Information Operations Command as Senior Operations Planner, S2/Chief of the Army CyberIntelligence Center, and Army Red Team Chief.  Prior to 1st IOC, he was the Senior VP at Cryptek Secure Communications and Director of Federal Operations at Secure Computing Corporation.  His background encompasses almost 30 years of government, military and private sector/commercial cyberspace experience starting in 1982 as a GS-4 communications engineering technician with the Naval Electronic Systems Command.  He was commissioned through ROTC at Old Dominion University in 1985 with an undergraduate degree in engineering and earned an MBA from Strayer University in 1998.   He is a graduate of the Army’s Command and General Staff College and the Joint Forces Staff College’s Advanced Joint Professional Military Education.  He has previously written four articles on cyberspace domain operations for Joint Forces Quarterly, Armed Forces Journal, and Small Wars Journal; and one article for a Civil War magazine/blog on the strategic effect of railroads during the Civil War.

Comments

chris.taylor

Wed, 12/07/2011 - 9:11am

Dave,

How do you see your concept of the C2 roles and responsibilities of the JRCB/CND-T compared to the CSTs? How about the location of these assets in the DoD RC vs other federal agencies in terms of capabilites, cost effectivness, regional support, and individual training?

Respectfully,
Christopher Taylor

david.hollis

Tue, 11/29/2011 - 9:31am

Several cyberspace savvy individuals have asked me questions about the article and in response I will provide some clarification concerning the 10 Joint Reserve Cyberspace Brigades (one per each FEMA Region):

1. Each JRCB has a HQs with a Command & Control (C2) element capable of conducting cyberspace domain operations in a degraded network/communications environment potentially independent of USCYBERCOM/JRCC. This capability includes the technology, doctrine, staff, units, and authorities to independently conduct cyberwar with limited or no communications with its higher HQs (JRCC/USCYBERCOM). Each JRCb should be prepared to continue to fight a cyberwar against a nation-state opponent both in isolation or in conjunction with other JRCBs.

2. In support of the ability to conduct independent cyberspace operations, each JRCB should have at least one each of the following unit types: cyberspace intelligence, information operations, electronic warfare, power generation, and space operations battalions.

3. Power generation battalions should have the capability to conduct operations in the virtual (power grid SCADA) and physical domains. In the physical domain, it should be capable of both power generation (mobile and fixed power generation) and the ability to repair/mitigate damage to the existing physical plant. The Army has an example of an existing power generation battalion.

Additionally:

Resilience is critical to success in a domain environment where offensive operations are overwhelmingly dominant. The JRCBs are key to organizing and equipping a national and regional cyberspace resilience and damage mitigation. Most businesses have the capabilty to defend against amateur hackers and criminal activity - what they legitimately lack is the ability to defend themselves against a nation-state level attack. This initiative provides a DoD capabilty conduct cyberspace operations at the regional and national at an acceptable cost (in a budget constraint environment).

The cyberspace domain and its technology reflect an increasing convergence of computers, telephony, wireless, access to an almost infinite information/knowledge base, and a reliance on space, wireless, electromagnetic spectrum in addition to the commonly acknowledged Internet origin. The US military needs to reflect this convergence in its organization and approach to the cyberspace environment.

I received an interesting e-mail with comments and questions concerning this article from a former Assistant Secretary of Defense...I will post it to this blog later this week.

Dave