CYBINT/DNINT TECHINT Electronic Warfare and Cyber Intelligence Metastasis

Bogeyman 

Experienced member
Professional
Messages
9,192
Reactions
67 31,256
Website
twitter.com
Nation of residence
Turkey
Nation of origin
Turkey
Here, in the technical sense, I will share news and conferences on the subject through the US talking about the synthesis and interpretation of cyber intelligence and electronic warfare.


At a conference on August 21, 2019, the US general in charge of the cyber army was explaining the Electronic Warfare & Cyber Intelligence partnership on a doctrinal basis.


The 10th fleet of the US navy defines the place of cyber command in the navy.
The link also contains very useful information about the nature of intelligence.


US Air Force adds electronic warfare to new intel, cyber office


The U.S. Air Force’s fresh intelligence and cyber entity at the Pentagon is adding electronic warfare to its profile, continuing to build out a more robust information warfare portfolio.

In 2019, the deputy chief of staff for intelligence, surveillance and reconnaissance added in cyber effects operations when creating the A2/6. It’s leader, Lt. Gen. Mary O’Brien, said Tuesday that while cyber and ISR are the primary focus, there are other capabilities that must converge to deliver effects in the information environment.

“It’s imperative to be able to influence the entire electromagnetic spectrum to get after our priorities,” she said Sept. 15 during a panel as part of the virtual Air, Space and Cyber Conference. “Along those lines, earlier this year the Air Force decided to realign the Air Force spectrum management office form Air Combat Command. Starting on 1 October, the Air Force spectrum management officer … is going to be on the A2/6 team.”

The mission of the spectrum management office is to both defend assets in the electromagnetic spectrum and ensure spectrum access for the Air Force and Defense Department activities in support of global missions, O’Brien said.

She noted that the move is part of the multiyear path from Headquarters Air Force to synchronize information warfare.

The Air Force embarked on this path in 2019 when it added cyber effects operations to the A2 portfolio. Next, it merged its cyber- and ISR-numbered Air Forces in October 2019 to create the first information warfare-numbered Air Force, 16th Air Force.


The key distinction between the two is that the Air Staff focuses on the workforce, concepts, training, platforms and tools required so 16th Air Force can focus on actual operations.



The Air Force in 2019 chartered a yearlong study into electronic warfare to gain insight into how adversaries have gained an edge and what opportunities exist for the U.S. to regain its edge. In fact, the leader of that study was selected to be the vice commander at 16th Air Force.

O’Brien noted that the traditional functions of information warfare include cyber, ISR, information operations and electronic warfare, which she noted is now moving toward electromagnetic spectrum operations, which is a more all-encompassing verbiage.


Pentagon updates electronic warfare handbook with new cross-branch approach


The U.S. military has updated its handbook on electronic warfare, changing it to a more all-encompassing, cross-branch approach for planning, executing and assessing operations on the electromagnetic spectrum.

The document, which is dated May 2020 but was not made public until late July, eliminates and replaces the previous joint publication for electronic warfare and provides principles and guidance related to joint electromagnetic spectrum operations, or JEMSO.

The Department of Defense has undergone a renaissance of sorts in the electronic warfare sphere over the past several years. By and large, the department divested much of its electronic warfare capabilities after the Cold War. During counterinsurgency efforts in the last 20 years, the military used blunt jamming tools to thwart improvised explosive devices, which, in turn, inadvertently jammed friendly systems.

In that time, some U.S. adversaries have invested in advanced jamming capabilities and geolocation systems that can target forces based upon their electromagnetic spectrum emissions, which makes large command posts in the counterinsurgency world vulnerable.

Congress in recent years has also sought to right the DoD’s ship in electronic warfare. Last year, among other related moves, Congress created the Electromagnetic Spectrum Cross-Functional Team to help devise a new superiority strategy in this area, which is due to be released later this summer.

This year’s defense policy bill, which still must be reconciled between the two congressional houses, seeks several other changes such as transferring the responsibilities of the electromagnetic spectrum from the commander of Strategic Command to the Joint Chiefs of Staff, and requiring the vice chairman of the Joint Chiefs of Staff to become the senior designated official for electronic warfare.

The changes to the handbook is a sign officials are coming to grips with how critical the electromagnetic spectrum is.

“Just as in the physical domains and in cyberspace, military forces maneuver and conduct operations within the EMS to achieve tactical, operational, and strategic advantage. Freedom of maneuver and action within the EMS are essential to US and multinational operations,” the new document stated.


JEMSO is thought to be a more overarching approach to the electromagnetic spectrum as opposed to just electronic warfare.

The DoD’s last EW guru, William Conley, who left the department in September, put it this way:

“The term EMSO, electromagnetic spectrum operations … is really about how do we do all of those things dynamically through a finite number of apertures but also how do we battle manage all of these different things, which are happening in the electromagnetic spectrum today. It is how all of those come together, how we train operators, how we train commanders to make use of these new and different ways of being able to (a) understand their operational environment, but (b) the command relationships they now actually have and the things they now can control.”

The new joint publication describes JEMSO on a continuum from “peacetime” to armed conflict.

“During peacetime, JEMSO are conducted to ensure adequate access to the EMS and may include deconflicting use of the EMS between joint users and coordinating with a host nation (HN). As a crisis escalates toward armed conflict, JEMSO shift from EMS access coordination to EMS superiority, with coordinated military actions executed to exploit, attack, protect, and manage the electromagnetic operational environment (EMOE),” it stated.

The document described joint force responsibilities, organization, service support and intelligence support, as well as multinational support, organization, planning, operations, execution and assessment of electromagnetic spectrum operations.

One of the critical differences the document seeks to inject into the way the DoD conducts these operations is increased coordinated among the armed services.

“Instead of these mission areas being planned and executed in a minimally coordinated and stovepiped fashion, JEMSO guidance and processes prioritize, integrate, synchronize, and deconflict all joint force operations in the EMOE, enhancing unity of effort. The result is a fully integrated scheme of maneuver in the EMOE to achieve EMS superiority and joint force commander (JFC) objectives,” it stated.

 

Bogeyman 

Experienced member
Professional
Messages
9,192
Reactions
67 31,256
Website
twitter.com
Nation of residence
Turkey
Nation of origin
Turkey

The 47th Cyberspace Test Squadron of the US Air Force has specialized in testing the cyber vulnerabilities of warplanes.


For the operational framework of the fleet

A news about the operationalization of the fleet


96th Cyberspace Test Group Change of Command - 6-12-2020
 

Bogeyman 

Experienced member
Professional
Messages
9,192
Reactions
67 31,256
Website
twitter.com
Nation of residence
Turkey
Nation of origin
Turkey

zCyber-Attack.jpg

Cyber Attack​


Different wireless or wireless/wired networked systems, both military and civil infrastructures, require different frequencies to operate effectively.
They may use standard protocols and routing rules or ad-hoc infrastructures and the information exchanged can be clear or encrypted.
In all the cases, they can be modelled as a network of computing systems.
For a number of years, military operations have used electro-magnetic attacks to disrupt enemy radars on the battlefield.
Today the access and manipulation of the EMS and/or the data and information carried by EMS let us foresee many additional capabilities involving Electronic Warfare (EW) and Cyber Warfare (CW) together.

1-14-1536x672.png


Figure 1: Traditional EW and CW

Traditionally, Electronic Warfare (EW) and Cyber Warfare (CW) were considered as independent disciplines.
However, because communication systems have moved to commodity hardware and radar and navigation systems began to depend on wireless networked operations, the boundaries between the two fields have begun blur.
Convergence between EW and CW mitigates the differences creating a new parallel for common ops. They together can provide effects that deny or degrade spectrum allowing for the control and exploitation of the network.

2-12.png

Figure 2: convergence between EW and CW

EW and CW can cooperate to accomplish Cyber missions in the Electro Magnetic Environment (EME).
They can be used in conjunction and thus may be viewed as two sides of the same coin, which is often indicated as Cyber EW or Cyber Electromagnetic Activity (CEMA).
“The synchronisation and coordination of cyber and electromagnetic activities, delivering operational advantage thereby enabling freedom of movement, and effects, while simultaneously, denying and degrading adversaries’ use of the electromagnetic environment and cyberspace” *

*CEMA Capability Integration Group (CIG)

3-6.png


Figure 3: CEMA Overview

Information Operation layers
We can define three different layers of information operations with increasing complexity:
PHYSICAL LAYER, where the information overlaps with the physical world.
Targets for attack in this layer: physical emissions
INFRASTRUCTURAL LAYER, that has the task to encode, route, encrypt and deliver the information to the correct endpoint: the “consumer”.
Targets for attack in this layer: frames, packets, sessions, signalling and control.
COGNITIVE LAYER, where human decision-making takes place.
Targets for attack in this layer: perceptions, emotions, awareness and understanding

4-3-1536x553.png

Figure 4: Communication layers

Any of these layers can be separately attacked. Of course by increasing the complexity of the layer also the complexity of the attack will increase, but also the covertness of the attack will decrease accordingly. This means that if the attack is made to the physical or low protocol layer it will be easily discovered while it will be very difficult or even impossible to discover an attack to the content of the information.

5-1-1536x665.png


Figure 5: Classes of Cyber-attacks to a communication system


The payload can consist in Viruses, Computer Worms ,Trojan Horses and Spyware and can be activated inside the first networked computer (“n-click”) and then bounced back to the other servers and computers/computing systems via the wired and wireless networks.
The nodes of networked systems physically reside in one of the warfare domains (air, land, sea, space), but the ability to achieve the mission objectives cannot be separated from the ability to control and to have freedom of action in cyberspace that, in this sense, is transversal to all other domains.
The design, development and execution of a Cyber EM operation needs:
Detailed knowledge of the target:
◦ key to address when attacking the application layer
◦ multidiscipline intelligence
Being trusted part of the network:
◦ key to inject, manipulate or modify the information transmitted inside a wireless network
Crack the COMSEC and TRANSEC network protections:
◦ different levels of complexity in term of robustness and resilience
◦ success NOT ensured a-priori
◦ expertise, tools, methodology of REVERSE ENGINEERING
Deal with preparation and verification issues:
◦ Digital laboratory
◦ Numerical simulation, digital RIG, HW in the loop
Deal with validation issues:
◦ open air test range facility

7.png


Figure 6: Cyber-attack mission summary

As seen in Figure 6 a Cyber Attack Mission can be summarized in five subsequent phases:
7-1.png

Figure 7: Data Collection



Phase 1 (Data collection):
The first phase is an Intelligence mission concentrated to the capture of data relevant to the analysis of the opponent communication network.
The Coordination Centre deploys the assets (platforms and sensors) according to the operational conditions.
A picture compilation is synthesized in real time locally in each sensor/platform, whose contributions are available in the distributed data space and correlated/fused in the Coordination Centre (OBSERVE).
Partial view of the same picture are distributed to the platforms, according to their role in the operation (ORIENT), so that short loop adjustments of the mission can be decided at platform level and contribute to the refinement of the picture (DECIDE & ACT).
The mission is also supported by one or more unmanned platforms that must go very close to the opponent network acting as fake stations to enter in the network and acquiring all the information needed.


8.png

Figure 7: Data Collection



• Phase 2 (Data Analysis):
A CETL (Cyber Evaluation Test Laboratory) composed by DMISS (Data Mining Intelligence and Surveillance) and DIGILAB allows to perform the following activities:
◦ Reverse Engineering: process of analyzing the target communication device to identify its components and their interrelationships and to investigate how it works to understand the weak points of the architecture (hardware and software) and produce a set of data (device vulnerability)
that feeds (among others) the DATA analysis activity.
◦ DATA Analysis: process of analyzing the opponent communication networks in order to state what is the protocols they are using to communicate (Protocols Structure Analysis), locate the nodes of the intercepted network (Geolocation Analysis) and reconstruct the network topology (Hierarchical Analysis). These activities are all preliminary to the Vulnerability Analysis and Assessments that are necessary to perform an attack at the opponents’ infrastructures.


9.png

Figure 8: Reverse Engineering and Data Analysis


• Phase 3 (Payload preparation):
This is another activity performed by CETL.
It consists of the process for testing advanced cyber technologies in laboratory environment with realistic and quick replica of interconnected networks to test securely new cyber payloads.
CETL is capable of rapid re-configuration, of emulating a large diversity of networks, and has the flexibility to handle multiple activities simultaneously at different classification levels.
CETL provides a broad range of uses, such as advanced cyber research and development of new capabilities, analysis of effectiveness, cyber training and exercises and is exploited in three subsequent phases for complete environment realistic simulation and cyber applications validation:
◦ a numerical simulation network
◦ A digital RIG
◦ A complete RIG with real HW in the loop


10.png

Figure 9: Payload preparation



• Phase 4 (Payload test):

CECR (Cyber Electronic Combat Range) is an open-air test range dedicated to military exercises and tests for Cyber EW systems.
CECR is used for Cyber Payload Test in order to achieve its Validation.
The test range provides a mixed environment of real, emulated and simulated elements in order to grant the operators a place where to test different capabilities of cyber electronic warfare systems that include:
◦ Detection of network attacks (passive protection);
◦ Techniques of network protection (active protection), for example, reconfiguration of network devices;
◦ Techniques of attack to adversary network’s nodes;
Even if the test range is open-air, elements of the network may be linked to wired network (emulated or simulated): essentially, they operate as gateways between wireless and wired portion of a network. Attacks through these elements may have an impact on systems connected to the network.


• Phase 5 (Cyber-Attack execution):
11.png

Figure 11: Cyber Attack


In this phase the cyber-attack mission is executed, the threat vector is an unmanned platform (or a swarm of unmanned platforms).
A special mission aircraft acting as “mission C2” and flying at very high altitude and at a safe distance from the playground in order to have a good visibility of the Electromagnetic Order of Battle (EOB) can manage the attack mission.
The attack platforms fly at a very low altitude (in order to be as less detectable as possible) towards the playground.
The mission C2 can download updated mission data packages in the attack platforms (real time information) and can act as early warning giving to the mission platforms the indication of incoming threats (according to the EOB and to the platform course).
In addition, the unmanned platforms are boosted by AI that can compensate the residual inaccuracy in mission programming with its flexibility to dynamically changing behavior during the mission course.

 

Bogeyman 

Experienced member
Professional
Messages
9,192
Reactions
67 31,256
Website
twitter.com
Nation of residence
Turkey
Nation of origin
Turkey

New US Army cyber unit is building concepts for tactical cyber operations​


After nearly two decades of conflict against technologically inferior and insurgency-focused adversaries, the U.S. military and the Army are honing their cyber training against more sophisticated forces.

The Army, for its part, is moving toward a multidomain-capable force, which envisions the seamless integration of forces and capabilities across all spheres of warfare; air, land, sea, space and cyber, as well as the information dimension.

Part of realizing a multidomain force is meeting the need for tactical cyber and information capabilities outside of U.S. Cyber Command. Following a series of exercises and experimental units, the Army activated the 915th Cyber Warfare Battalion in 2019.

This first-of-its-kind unit is designed to provide non-lethal capabilities such as cyber, electronic warfare and information operations in support of Army Service Component Commands and their subordinate elements.

“What we are is a new organization that’s helping define what it means to do multidomain operations from an information advantage standpoint and then through our innovation and experimentation, that’s what’s ultimately going to get recorded in doctrine,” Lt. Col. Benjamin Klimkowski, commander of the 915th, said. “The doctrine writers have never done this before. They need our input to help shape that. It’s our experimentation and our operations that pushes that piece.”


The vision is by 2026 the 915th will consist of 12 expeditionary cyber and electromagnetic activities teams (ECTs), each capable of providing cyber, electronic-warfare and information operations. Currently, there are three companies within the battalion with two ECTs under a separate company, consisting of a total of over 200 personnel. The third ECT is slated to be created at the end of fiscal year 2022.

Moreover, the goal is that each ECT will be aligned to specific geographic theaters.

However, much is still uncertain between then and now as the force is being built. For example, initial and full operating capability criteria for teams are still in the works, officials explained.

The information space changes so rapidly that tactics, techniques, procedures and capabilities will likely need to evolve on a constant basis. The unit is concurrently trying to validate its teams — for which training goals are still being developed on the fly – as well as working on concepts.


“The challenge and growing the cyber force is that it takes time,” Klimkowski, said.

Innovation shaping the future of tactical cyber​

Despite nearly ten years of cyber operations within the military, there was little to go on for tactical, on-the-ground cyber operations for conventional forces outside the special operations community.

“On the doctrine side, it hasn’t been a struggle, it’s been an evolution. From the strategic operations to the tactical level, the requirements and the threats that are out there constantly make it evolve,” battalion Sgt. Maj. Marlene Harshman said. “Doctrine, if you will, is, ‘This is how you can do it.’ Well, but what happens if this is how you can do it today but not how you do it tomorrow?”

From the beginning, the battalion and its higher headquarters were given a lot of latitude to innovate and develop the concepts it would need to shape what tactical cyber means.

ZUNPY6CARFFKJOPTB5SZVA3734.jpg


Experimentation was key and it was something that 780th [Military Intelligence Brigade] and [Army Cyber Command] said, ‘Hey, you’re a new unit. Take these soldiers and allow them to innovate, allow them to experiment, you got a lot of talent and utilize that these first couple of years.’ We’re not done with that phase. We always want our soldiers to innovate. That will continue through the life of our unit,” Maj. Richard Byrne, the battalion’s operations and training officer, said.

“It’s pretty impressive to take a unit that was largely ideas, concepts, a lot of guidance from higher and take it to where we are now where we’re starting to create a unit that’s steady-state, a little bit more defined and preparing for support to our theaters.”

In fact, they are continuing to evolve training objectives and concepts. During an experiment last year, the unit worked to define key mission essential tasks and objectives needed to validate itself as a ready unit.

“One of the big changes between this year and last year, … the [qualification requirements] that we’ve created weren’t around last year and a lot of experience from the [combat training center] rotations and the experienced soldiers that we’ve got on this unit, a lot of experience went into those and what our training objectives should be, are and will be,” Capt. Gabriel Akonom, an officer with the battalion, said.


What will they do?​

As the Army moves to become what it calls multidomain-capable by 2028, the 915th will play a key role in the increasingly important competition — or gray zone — sphere below the threshold of armed conflict.

The battalion is currently aligned with Army-owned component commands at the theater level and will support lower-echelon units as needed. It’s not organic to these units — like military intelligence or military police units — meaning a unit must request assistance from the 915th in a certain scenario based on the mission.

Specifically, its soldiers assist in targeting and providing non-lethal effects while also helping to characterize enemy networks through intelligence and reconnaissance.

“The 915th CWB’s unique close-access and proximal tactical capabilities will be critical” in penetrating enemy defenses, Akonom wrote in The Byte, an online publication published by the 780th Military Intelligence Brigade.

Near-peer adversaries will have very complex systems, necessitating the need to be constantly in contact with them during combat.

LPHQLDCSEBEKJEXQXNYXTBLX4E.jpg


Meanwhile, officials said the exact relationship to Cyber Command, which can provide unique remote cyber support to a theater, and the unit is still being determined.

“In each theater it’s going to look different because the [geographic combatant command] and then, by extension, the executive agent for that respective joint force headquarters for cyber is going to employ their forces differently,” Klimkowski said, referencing the Joint Force Headquarters-Cyber structure in which a specific service employs cyber capabilities for geographic combatant commands on behalf of Cyber Command.

“We know INDOPACOM is very different than EUCOM and so it’s going to look different. We’re still working through the nuances of every GCC, but it’s just different.”

As a support element to Army Service Component Commands, the 915th will work very closely with the Multidomain Task Forces, which were designed to be in constant contact with adversaries during the so-called competition phase of conflict. Those units possess a specific battalion that focuses on cyber, electronic warfare, space and information.

One of the key differences between the two, however, is the 915th has the authority to conduct offensive operations.

Officials stressed that in this dynamic domain of cyberspace and information, the unit must maintain its edge to be flexible and innovative, all while continuing to grow and shift with the Army as it builds toward multidomain operations.

“We were designed during the global war on terrorism, but as the Army started thinking critically about large-scale combat operations, we too have essentially have shifted our focus on that as well,” Klimkowski said. “We’re evolving with you and that’s driven some of our thought processes and what’s most critical and what we need to focus on. We’ve had to adapt some of the things that we were previously doing now for a completely new context and situation.”
 

Follow us on social media

Top Bottom