Armenia, Ukraine Lessons Shape New US Cyber/EW Unit

By SYDNEY J. FREEDBERG JR.

WASHINGTON: The Army’s year-old Cyber Warfare Support Battalion has “fully fielded” the first of 12 Expeditionary Cyber Teams, the head of Army Cyber Command said today.

“We’re going to get the first ECT out this summer [to] run it through its paces,” Lt. Gen. Stephen Fogarty told the Association of Old Crows CEMA conference. “We’re going to try out a series of ideas that we had” in the field.

“Much of it is has been influenced by the lessons-learned” from recent conflicts, he said, especially the Azerbaijan-Armenia war over Nagorno-Karabakh.

But Fogarty disagrees with the widespread wisdom that Azerbaijan defeated Armenia primarily through the power of drones. After all, before Azerbaijan’s Unmanned Aerial Systems (UAS) could attack Armenian targets, they first needed to find them. They needed to electronically blind or disable their defenses. And above all, they needed commanders to pull together a wide range of information and quickly make the decision to strike – before the target moved on and was lost.

“UAS certainly were important,” Fogarty said. “[However], the information aspects of this were critically important; the impact of spectrum was critically important, but it truly was the ability to converge all the capabilities across all five domains.”


Expeditionary Cyber Team soldiers during a training exercise.

Lessons For All-Domain Ops

Rapid decisions, abundant information, using the electromagnetic spectrum, and converging forces across all five domains – land, sea, air, space, and cyberspace – are also, not coincidentally, crucial characteristics of the US military’s evolving concept for All Domain Operations. But Fogarty warns that traditional command processes do a poor job of pulling all the pieces together so commanders can make good decisions fast.

Part of the problem is habits developed over 20 years of counterinsurgency, he said. The US is used to flying drones wherever it wants, and communicating with them whenever, letting a potential target “soak” in continuous surveillance for hours or days before a strike occurs. In future conflicts, adversaries will jam our sensors, hack our networks, shoot down our drones, and frequently relocate key targets, so that when we spot something, we won’t have the luxury of time. Instead, we need to learn to go after targets quickly.

“Frankly, their shooter-to-sensor links were not great, but they were adequate,” Fogarty said. And most crucially, he said, “if they saw an opportunity, they recognized it might be a fleeting opportunity, [so] they shot what they saw” rather than ponderously deliberating pros and cons.

When it comes to high-value targets, he said, “the likelihood is we will detect them for very short periods of time, [so] we’re going to have to take our shots.”

That doesn’t mean replicating Russian callousness about civilian casualties, he said, but it does mean changing how we think about collateral damage – and how long we have to think about it: “The collateral damage assessments are [still] going to be conducted, but the value, the balance, may be very, very different if you only get one shot at it.”

To keep up this pace, he said, “we need to accelerate our processes,” especially for how staff collate information and present it to commanders.

“I can’t provide my commander five or six different things to look at and then let them figure it out. That becomes just overload,” Fogarty said. “What you don’t want to do as a commander [is] run the gauntlet.” That’s where you walk through your command post and your intelligence guy grabs you to tell you something, then you walk on a little and your electronic warfare guy grabs you and tells you something else, then your communications officer tells you a third piece of information, and your public affairs officer tells you a fourth, and so on ad nauseam, leaving you to sort it all out in your head.

So what are the best-run command posts doing? They’re pulling the different disciplines together into a single “information warfare” organization that can thrash out their different perspectives, put together their different puzzle pieces, and present a single, coherent picture with clear options for the commander.

“The units that really get this …. pull all these guys together in a permanent information warfare cell,” Fogarty said. “As information comes in from any of the different disciplines, they’re able to do that coordination and integration [to] provide the boss a course of action that’s actually viable.”

Now, not all HQs have the expertise on hand to do this. For one thing, the Army’s still standing up Cyber/Electromagnetic Activity (CEMA) cells across the force, which combine cyber, electronic warfare, and spectrum management expertise. Even when the CEMA cells are in place, cyber/electronic warfare assets remain rare and specialized, which is the reason the Army is creating the 915th Cyber Warfare Support Battalion (CWSB), a central pool of expertise which will send out Expeditionary Cyber Teams to support local commanders as needed.

The first Expeditionary Cyber Team is now “fully fielded,” Fogarty said, with more teams on the way over the next four years until at least 12 are stood up. Rather than a dozen identical ECTs, Fogarty envisions a high degree of custom-tailoring as each team matches up with a particular HQ it will support, with a different mix of assets for cyber attack, cyber defense, network and information operations. Each deployment will garner more lessons-learned that will shape how the unit evolves, he said: “By the time we get to ECT 12, what I predict is the ECT composition will be different, the equipment will be very different, [even the] authorities it may have might be very different.”