Stories‎ > ‎

Cyber, Cyber Everywhere: Preparing for 2035

posted Nov 21, 2016, 3:11 AM by Michael Lenart   [ updated Dec 5, 2016, 4:29 AM ]

By Michael Lenart, Cyber Editor-in-Chief


Introduction


A crude but telling metric: “Cyber” and other forms of the word appear 118 times in Joint Operating Environment (JOE) 2035: The Joint Force in a Contested and Disordered World*. JOE 2035 is a Joint Staff force development document that lays out what the future environment and future conflicts may look like, and the missions the Joint Force may have to perform to be successful in them. Put another way, it provides ways to think about and prepare for the various “futures” that may arrive. Moreover, the prevalence of the word “cyber” within this futures document showcases the ever-increasing importance of proficiency in the youngest domain. This article will provide a very brief overview of JOE 2035 and discuss the cyber aspects within it.



Major Sections of JOE 2035


JOE 2035 has three major sections, briefly described below.


1. The Future Security Environment 2035. Providing an overall backdrop of the future environment, this section describes emerging trends that will lead to new and challenging conditions for the Joint Force.


2. Contexts of Future Conflict. No one can say exactly how the trends outlined in Section 1 will unfold and produce the future we will actually see in 2035. However, drawing on the trends from Section 1, Section 2 outlines six plausible “contexts” that forecast the general types of conflicts the Joint Force may face.


3. Implications for the Joint Force. To secure its interests in the six contexts outlined above, the U.S. will pursue four strategic goals ranging in aggressiveness from Adapt to changing conditions to Impose change and enforce outcomes. Each strategic goal comes with an associated “enduring military task” that describes the Joint Force’s role in achieving the strategic goal.



The Future Security Environment 2035


The first section of JOE 2035 describes major trends that will shape the future operational landscape. These trends are divided among three categories: World Order; Human Geography; and Science, Technology and Engineering.


The first part, “World Order,” states that regional powers aspiring to global influence will make “investments in more advanced cyber capabilities” that will enable them to, among other things, launch strategic attacks against U.S. financial and energy infrastructure. This mirrors the National Intelligence Council’s Global Trends 2030, which states, "A cyber arms race is likely to occur as states seek

to defend both public and private infrastructures against state and nonstate actors.”1 This is not merely an abstract prediction based on imagination; we have indeed already seen attacks against U.S. banks by Iran.2 Moreover, JOE 2035 reminds us that such activity has been and will continue to be conducted by both state and state-sponsored actors.


We then read in the “Human Geography” sub-section that “Shifting ideological affiliations could lead to new and surprising fractures in societies.” These fractures would be partially formed and then reinforced by mass online communication, as “groups will build regional and global networks around sets of ideas, forged and disseminated within cyberspace, with a range of ‘online ideologies’ and identity networks displacing nationalism as a source of legitimacy for many.” An obvious example of this kind of online ideology would be Islamic extremism, but many other potential examples exist in a world of several billion people comprising myriad groups, communities, and interests.


As for science, technology, and engineering trends, it’s no surprise that “Proliferated Information Technologies” play a large role in the 2035 Future Security Environment. This starts with infrastructure: “More modern developing states will continue to construct comprehensive national information technology infrastructures consisting of fiber-optic and cellular networks that far exceed the current state of the art.” Also beyond the current state of the art will be a growing “digital inter-connectedness” that will create an Internet of Things (IoT), leading to an exponential increase in cyber targets and vectors of attack. (For a recent example of a real-world attack that leveraged the IoT, see Jenni Ryall’s “How your smart device caused the internet to crash and burn.”3 For a strategic, systematic approach to securing the IoT, see Scott Shackelford’s “When Toasters Attack: 5 Steps to Improve the Security of Things.”4)


Information technologies of more immediately obvious military significance will include those “that can damage, spoof, confuse, or disrupt integrated battle networks,” and that can do so quickly and dynamically. This will require U.S. and partner battle command networks with enhanced protection, greater redundancy, and automated defenses. (For an in-depth look at analytic capabilities that will enable such automated defenses, see Adam Tyra’s aptly named article, “The Robot Security Analysts are Coming, but not Today.”5)


Lastly, the JOE warns of electromagnetic pulse weapons that will enable “the discriminate and precise targeting of a range of electronics-based systems,” to include U.S. and allied network components. Indeed, this reflects recent increases in Russian use of electronic warfare capabilities in Ukraine and Syria6, and it underscores the need to harden U.S. network and cyber warfare capabilities, and to develop capabilities able to inflict the same damage on our adversaries.

 


Contexts of Future Conflict


Drawing upon trends from Section 1, JOE 2035 outlines six contexts that may characterize future conflict. These include:


·       Violent Ideological Competition focused on the subversion or overthrow of established governments.


·       Threatened U.S. Territory and Sovereignty as enemies attempt to coerce the U.S. and its citizens.


·       Antagonistic Geopolitical Balancing by capable adversaries attempting to challenge the U.S. These adversaries will place difficult demands on the Joint Force over wide areas of the globe.


·       Disrupted Global Commons resulting from intimidation, destabilization, and the use of force by state and non-state actors.


·       A Contest for Cyberspace, in which conflict and/or war are likely to occur as states struggle to define and credibly protect cyber sovereignty, and non-state actors attack U.S. cyber interests.


·       Shattered and Reordered Regions resulting from internal political fractures, environmental stressors, or deliberate external interference.


Importantly, the document notes that the actual future in 2035 is likely to contain elements of some or possibly all of these contexts.


In the “Violent Ideological Competition” of Context 1, competitors will use ideas to influence the thoughts, feelings, impressions, and behaviors of their intended targets, using propaganda, cyber attacks, kinetic attacks, and covert operations. These activities will not occur independently of each other; they will be conducted in concert and thus will reinforce one another.


In Context 3, “Antagonistic Geopolitical Balancing,” state adversaries may seize long-contested territory, and then defend it using a variety of means to include cyber assets, as well as air defense capabilities and “advanced manned and unmanned aircraft, long-range ballistic and cruise missiles, submarines, surface ships, electromagnetic jammers and spoofers.” If successful in consolidating their newfound control and developing long-range strike assets, combatants will exploit this increased strategic depth to “invest in the naval, air, cyber, and other capabilities necessary to build credible power projection capabilities and assert themselves farther from their borders.”


One of the cyber high points of JOE 2035 resides in Context 5, “A Contest for Cyberspace.” This context states that the usual assumption is that cyberspace is a “commons,” or space that is “owned by none, accessible to all.” However, not all of cyberspace fits this definition, so the challenge for the U.S. and other state actors is to ensure access to the “commons” of cyberspace- those parts that should be open to all- while denying access to those parts that must remain secure.


For those parts that must remain secure, “The vulnerability of cyber-enabled systems to exploitation presents an assailable flank which competitors are likely to probe, infiltrate, and potentially attack.” As always, states will exploit an advantage when they see one. Accordingly, many will “[attempt] to influence, disrupt, degrade, or perhaps even destroy” key cyber-enabled assets of their competitors. Specific examples of such operations include attacks that undermine “the trust and data integrity” of financial, legal, and technical infrastructure; strategic surveillance; industrial and scientific espionage; and attacks against industrial machinery.


Moreover, beyond the technical attacks described above, cyber operations may be used “to stress or fracture the social and political cohesion of competitors,” intending to affect the perceptions and decision making of those competitors. The document doesn’t elaborate much on this point, but one could imagine these activities might involve cyber-enabled strategic communications, such as when attackers hijack major websites or social media accounts in order to broadcast their messages.  


JOE 2035 also adds that some states may “integrate cyber warfare capabilities at the operational and tactical levels of war,” targeting the command networks the Joint Force so thoroughly depends upon. Moreover, this can be accomplished not only through pure cyber attacks, but also via “an array of destructive weapons, including high-power microwave munitions and laser systems which are increasingly effective against digitized, miniaturized, and integrated circuits.”


Section 2’s final context, “Shattered and Reordered Regions,” posits that global cyber activist networks will be among several types of organizations who exploit the failures of central governments. No specifics are given, but examples may include Islamic extremist activists encouraging citizens to blame their governments’ failures on allegedly un-Islamic forces; anti-globalization groups conducting online campaigns in economically depressed regions, etc.



Implications for the Joint Force


The final section of JOE 2035 recognizes that the amount of resources, blood, time, and political capital the U.S. is willing to invest in a situation will vary according to the importance of the interest at stake, and whether that interest is currently being met or must be achieved through more concerted effort. Accordingly, Section 3 outlines four strategic goals of increasing ambition and effort, along with associated military tasks.


Strategic Goal

Enduring Military Tasks

Adapt to changing conditions – ensure the United States can adequately cope with emerging changes in the security environment.

Shape or contain to assist the United States with coping and adapting to changed international security conditions.

Manage antagonism and impose costs – discourage changes to the security environment that are unfavorable to the United States.

Deter or deny to manage the antagonistic behavior of competitors or to impose costs on competitors or adversaries taking aggressive action.

Punish aggression and rollback gains – block and undo changes to the security environment that are dangerous or disruptive to the United States.

Disrupt or degrade to punish aggressive action by an adversary or to force an adversary to retreat from previous gains.

Impose change and enforce outcomes – introduce desired changes to the security environment that are favorable to the United States.

Compel or destroy to impose desired changes on the international security environment and subsequently enforce those outcomes.



With regard to cyber, JOE 2035 explicitly identifies four future cyber missions, and two broader missions to which cyberspace operations contribute.


Under the enduring military tasks Shape or contain, the Joint Force must provide Military Support to Cyber Resiliency. This entails minimizing “the consequences of threatened or successful cyberattacks against the United States, its allies, and partners.” This mission will require working with traditional partners like U.S. government and civilian organizations, and allied nations, as well as nontraditional partners such as private companies or even cyber activists.


As part of the enduring military tasks Deter or deny, Joint Forces must conduct national and allied Network Defense. This mission may include “the development of a Department of Defense cyber umbrella; the creation of a national ‘cyber border patrol’; more comprehensive intelligence sharing efforts; contributions to national level cyber exercises; the development of hardened networks; and reinforced coordination with domestic law enforcement.” Additionally, it will “require steady-state information operations” that communicate to attackers the resiliency of major U.S. systems, ostensibly to deter attacks in the first place.


Under Disrupt or degrade, cyber forces must support Global Counterterrorism through offensive operations that “erode [terrorists’] ability to coordinate activities,” especially when attempting attacks against the homeland.


Perhaps the most comprehensive treatment of cyber’s future role and related functions is outlined in the portion of JOE 2035 describing Cyberspace Disruption, which is worth quoting at length:


…to attack adversary assets and impede their ability to adversely affect the unrestricted use of cyberspace by the United States. Offensive cyber operations will impose costs on adversaries by identifying and exploiting their cyber vulnerabilities, and may include distributed denial of service attacks, targeted cyber denial measures, and actions to physically impair military systems through cyberspace. Additionally, the Joint Force may conduct proportional cross-domain operations to physically damage an adversary’s cyber infrastructure, using weapons operating in other domains to suppress enemy cyber defenses and specifically strike their critical cyber infrastructure. Furthermore, these operations should be coupled with defensive cyber efforts to block adversary responses, and might include the use of autonomous or semi-autonomous cyber defense systems or the activation of war reserve networks when peacetime networks are unavailable.




Shifting to Compel or destroy tasks, cyber contributes to multi-domain offensive operations that impose Global Commons Exclusion on adversaries who threaten the free use of the commons. Furthermore, though JOE 2035 doesn’t explicitly say so, this support to multi-domain operations could also contribute to what it calls Major Sustained Operations and other high-intensity fights.7


JOE 2035 ends on a high note in terms of cyber-relevant missions. The last is a very ambitious challenge called Cyberspace Control, and its purpose is to:


eliminate an adversary's ability to define and defend their interests in cyberspace and force them to recognize U.S. views on its use. Cyberspace control operations will frequently integrate cyber and non-cyber capabilities. In coordination with law enforcement agencies, offensive operations may be required to identify, target, and capture or kill adversary cyber operatives. Offensive operations will also be used to eradicate an adversary’s cyber infrastructure and capabilities, which might include an array of kinetic strikes combined with simultaneous electronic, cyber, and space warfare actions. Finally, the Joint Force may impose cyber-military governance, including the introduction of U.S. cyber rules and laws on captured adversary networks to include the control of domain names, access and registration, and administration of key systems.



Conclusion


In very practical, even bureaucratic terms, the purpose of force development documents like JOE 2035 is to start identifying changes in areas like doctrine, organization, training, and material capabilities that are necessary to ensure warfighters are prepared for future environments. Though JOE 2035 doesn’t attempt to predict the future, forecasting various scenarios that may arise based on what we know now is helpful, because themes or features that appear in several of these scenarios are fairly strong indicators that, no matter what specific future ends up occurring, these particular themes or features are likely to appear. In terms of cyber, a few of such themes and features include continually increasing digital interconnectedness, continued disagreements over the boundaries and rules of cyberspace, cyber threats to the homeland, increased multi-domain and interagency cooperation, and probably increased reliance on autonomous cyber systems. The Department of Defense and the U.S. Government must therefore begin preparing for these and other likely occurrences sooner rather than later, since developing capabilities, changing large organizations, and budgeting for government procurement almost always take longer than one first anticipates- especially when one must do all three.


In less practical but equally important terms, the value of future-looking activities is intellectual. Deliberately moving oneself outside a current perspective improves one’s ability to think about what may happen, and to give serious consideration to plausible developments that would otherwise be overlooked. Moreover, if done repeatedly, this discipline even prepares one to deal with unforeseen surprises when they occur, since one has through practice overcome the mental handicap of only being comfortable dealing with the concrete and the predictable, the here-and-now.



About the Author



Michael Lenart is the Editor-in-Chief of Cyber magazine and an Army Strategist. His areas of interest include national security, cyberspace operations, and organizational change.











End Notes


*All JOE 2035 quotes and other citations retrieved from http://dtic.mil/doctrine/concepts/joe/joe_2035_july16.pdf


1. National Intelligence Council. Global Trends 2030. https://www.dni.gov/index.php/about/organization/global-trends-2030


2. Volz, D. & Finkle, J. U.S. indicts Iranians for hacking dozens of banks, New York dam. http://www.reuters.com/article/us-usa-iran-cyber-idUSKCN0WQ1JF


3. Ryall, J. How your smart device caused the internet to crash and burn. http://mashable.com/2016/10/21/dyn-attack-iot-device/#qIFPujAARiqO


4. Shackelford, S. When Toasters Attack: 5 Steps to Improve the Security of Things. http://magazine.milcyber.org/stories/whentoastersattack5stepstoimprovethesecurityofthings


5. Tyra, A. The Robot Security Analysts are Coming, but not Today. http://magazine.milcyber.org/stories/therobotsecurityanalystsarecomingbutnottoday


6. Patterson, C. Russia’s Surging Electronic Warfare Capabilities. http://www.thediplomat.com/2016/04/russias-surging-electronic-warfare-capabilities


7. Freedberg, S. Army’s Multi-Domain Battle To Be Tested In PACOM, EUCOM Wargames. http://breakingdefense.com/2016/11/armys-multi-domain-battle-tested-in-pacom-eucom-wargames/



Photo credits (in order of appearance)

1. Defense Technical Information Center

2. HD Wallpapers

3. Ng Han Guan

4. Army, iStock