August | 2021 | cyberdefense.com

The default modus operandi when facing negative cyber events is to react, often leading to an overreaction. It is essential to highlight the cost of overreaction, which needs to be a part of calculating when to engage and how. For an adversary probing cyber defenses, reactions provide information that can aggregate a clear picture of the defendant’s capabilities and preauthorization thresholds.

Ideally, potential adversaries cannot assess our strategic and tactical cyber capacities, but over time and numerous responses, the information advantage evaporates. A reactive culture triggered by cyberattacks provides significant information to a probing adversary, which seeks to understand underlying authorities and tactics, techniques and procedures (TTP).

The more we act, the more the potential adversary understands our capacity, ability, techniques, and limitations. I am not advocating a passive stance, but I want to highlight the price of acting against a potential adversary. With each reaction, that competitor gain certainty about what we can do and how. The political scientist Kenneth N. Waltz said that the power of nuclear arms resides with what you could do and not within what you do. A large part of the cyber force strength resides in the uncertainty in what it can do, which should be difficult for a potential adversary to assess and gauge.

Why does it matter? In an operational environment where the adversaries operate under the threshold for open conflict, in sub-threshold cyber campaigns, an adversary will seek to probe in order to determine the threshold, and to ensure that it can operate effectively in the space below the threshold. If a potential adversary cannot gauge the threshold, it will curb its activities as its cyber operations must remain adequately distanced to a potential, unknown threshold to avoid unwanted escalation.

Cyber was doomed to be reactionary from its inception; its inherited legacy from information assurance creates a focus on trying to defend, harden, detect and act. The concept is defending, and when the defense fails, it rapidly swings to reaction and counteractivity. Naturally, we want to limit the damage and secure our systems, but we also leave a digital trail behind every time we act.

In game theory, proportional responses lead to tit-for-tat games with no decisive outcome. The lack of the desired end state in a tit-for-tat game is essential to keep in mind as we discuss persistent engagement. In the same way, as Colin Powell reflected on the conflict in Vietnam, operations without an endgame or a concept of what decisive victory looks like are engagements for the sake of engagements. Even worse, a tit-for-tat game with continuous engagements might be damaging as it trains potential adversaries that can copy our TTPs to fight in cyber. Proportionality is a constant flow of responses that reveals friendly capabilities and makes potential adversaries more able.

There is no straight answer to how to react. A disproportional response at specific events increases the risks from the potential adversary, but it cuts both ways as the disproportional response could create unwanted escalation.

The critical concern is that to maintain abilities to conduct cyber operations for the nation decisively, the extent of friendly cyber capabilities needs almost intact secrecy to prevail in a critical juncture. It might be time to put a stronger emphasis on intel-gain loss (IGL) assessment to answer the question if the defensive gain now outweighs the potential loss of ability and options in the future.

The habit of overreacting to ongoing cyberattacks undermines the ability to quickly and surprisingly engage and defeat an adversary when it matters most. Continuously reacting and flexing the capabilities might fit the general audience’s perception of national ability, but it can also undermine the outlook for a favorable geopolitical cyber endgame.

After U.S. forces implement the multidomain operations (MDO) concept, they will have entered a new level of complexity, with multidomain rapid execution and increased technical abilities and capacities. The U.S. modernization efforts enhance the country’s forces, but they also increase the technological disparity and challenges for NATO. A future fight in Europe is likely to be a rapidly unfolding event, which could occur as an fait accompli attack on the NATO Eastern front. A rapid advancement from the adversary to gain as much terrain and bargaining power before the arrival of major U.S. formations from the continental U.S.

According to the U.S. Army Training and Doctrine Command (TRADOC) Pamphlet 525-3-1, “The U.S. Army in Multi-Domain Operations 2028,” a “fait accompli attack is intended to achieve military and political objectives rapidly and then to quickly consolidate those gains so that any attempt to reverse the action by the [United States] would entail unacceptable cost and risk.”

In a fait accompli scenario, limited U.S. Forces are in theater, and the initial fight rely on the abilities of the East European NATO forces. The mix is a high-low composition of highly capable but small, rapid response units from major NATO countries and regional friendly forces with less ability.

The wartime mobilization units and reserves of the East European NATO forces follow a 1990s standard, to a high degree, with partial upgrades in communications and technical systems. They represent a technical generation behind today’s U.S. forces. Even if these dedicated NATO allies are launching modernization initiatives and replace old legacy hardware (T72, BTR, BMP, post-Cold War-donated NATO surplus) with modern equipment, it is a replacement cycle that will require up to two decades before it is completed. Smaller East European NATO nations tend to have faster executed modernization programs, due to the limited number of units, but they still face the issue of integrating a variety of inherited hardware, donated Cold War surplus, and recently purchased equipment.

The challenge is NATO MDO integration and creating an able, coherent fighting force. In MDO, the central idea is to disintegrate and break loose to move the fight deep into enemy territory to disintegrate. The definition of disintegration is presented by TRADOC Pamphlet 525-3-1 as: “Dis-integrate refers to breaking the coherence of the enemy’s system by destroying or disrupting its subcomponents (such as command and control means, intelligence collection, critical nodes, etc.) degrading its ability to conduct operations while leading to a rapid collapse of the enemy’s capabilities or will to fight. This definition revises the current doctrinal defeat mechanism disintegrate.” The utility of MDO in a NATO framework requires a broad implementation of the concept within the NATO forces, not only for the U.S.

The concept of disintegration has its similar concept in Russian military thought and doctrine defined as disorganization. The Russian concept seeks to deny command and control structures the ability to communicate and lead, by jamming, cyber or physical destruction. Historically, Russian doctrine has been focused on exploiting the defending force ability to coordinate, seeking to encircle, and maintain a rapid advancement deep in the territory seeking for the defense to collapse. From a Russian perspective, key to success of a fait accompli attack is its ability to deny NATO-U.S. joint operations and exploit NATO inability to create a coherent multinational and technologically diverse fighting posture. The concept of disorganization has emerged strongly the last five years in how the Russians see the future fight. It would not be too farfetched to assume that the Russian leadership sees an opportunity in exploiting NATO’s inability to coordinate and integrate all elements in the fight.

The lingering concern is how a further technologically advanced and doctrinally complex U.S. force can get the leverage embedded in these advances if the initial fight occurs in an operational environment where the rapidly mobilized East-European NATO forces are two technological generations behind — especially when the Russian disorganization concept appears to be aiming to deny that leverage and exploit the fragmented NATO force.

NATO has been extremely successful safeguarding the peace since its creation in 1949. NATO integration was easier in the 1970s, with large NATO formations in West Germany and less countries involved. Multinational NATO forces had exercises continuously and active interaction among leaders, units and planners. Even then, the Soviet/Russian concepts were to break up and overrun the defenses, and strike deep in the territory.

In the light of increased NATO technical disparity in the multinational forces, and potential doctrinal misalignment in the larger Allied force, add to the strengthened Russian interest to exploit these conditions, these observations should drive a stronger focus on NATO integration.

The future fight will not occur at a national training center. If it happens in Eastern Europe, it will be a fight fought together with European allies, from numerous countries, in a terrain they know better. As we enter a new era of great power competition, the U.S. brings ability, capacity and technology that will ensure NATO mission success if well-integrated in the multinational fighting force.

Jan Kallberg, Ph.D.

cyberdefense.com

Monthly Archives: August 2021

The long-term cost of cyber overreaction

Prioritize NATO integration for multidomain operations