The Changing Battlefield
The influence of cyber warfare and non-state actors affects us in ways we have not fully understood, much less prepared for militarily. Admiral Patrick Walsh talks about those threats and ways of equipping our forces for current and future threats.
Admiral Patrick Walsh rose to command the U.S. Pacific Fleet before the Annapolis graduate retired after 34 years of service in the United States Navy. Walsh, who grew up in Dallas, now is with the John Goodwin Tower Center for Political Studies at Southern Methodist University. Admiral Walsh spoke with The Catalyst at the Bush Center about how technologies are changing the way the military must prepare for modern threats.
Technology has changed plenty about the military, but how much has it changed the way we, say, protect sea lanes or combat terrorism?
Elements of our mission are enduring, steeped in tradition. Each of the services has certain roles and responsibilities as well as a proud history of representing our national interests in an international arena. Those have not changed.
The difficult challenge is that technology now pressurizes the traditional missions of the services in ways that we have not experienced. We face new challenges from state actors who are reasserting themselves in the world of power politics or as individuals who have specific motivations and agendas.
Prior to 9/11, we imagined only a nation-state could be involved in a conflict with another nation-state; anything or anyone of lesser power was too hard to imagine having a consequential role. Now, the way we organize, train, and equip ourselves has had to shift to keep pace with the challenges to the security environment.
So, how do we change the way we organize, train, and equip ourselves?
The resource requirements and the procurement needed to keep pace with individual actors rather than nation-state actors looks very different from preparing for a major power conflict. The investments go into intelligence and Special Forces, although we now see the rise again of great power competition. The change we see there is the role that cyber is playing.
It’s no longer just the nation-state. It’s no longer just the counterinsurgency. Just about anybody can get in and act on their motivations inside the cyber domain.
It’s no longer just the nation-state. It’s no longer just the counterinsurgency. Just about anybody can get in and act on their motivations inside the cyber domain.
When you try to anticipate what technology means, and the friction that arises from great power competition and political ideology, we can see where cyber plays a role in all of it. This has created new challenges for the role that government plays in the security of the private sector.
For example, what should be the relationship between the national security apparatus and Sony Pictures? Or the Democratic National Committee? You are seeing a long list of victims and cyber attackers play out in real time now. Cyber is not limited to any geographic area or in its ability to influence any function.
You have a different set of challenges when they’re hacking into political institutions and trying to influence the outcome of an election, or when they are manipulating data to the point where you can’t trust the data. Like we had to adjust in the post-9/11 world, we must adjust how we organize, train, and equip in the cyber domain.
Does this make developing electronic capabilities as important as developing, say, a missile?
We once had a sanctuary in the electro-magnetic spectrum and had a sanctuary in the domain. We had the ability to initiate as well as terminate a conflict at a time and place of our choosing. We don’t have that sanctuary anymore. Cyber now can influence us in ways that we have not fully comprehended.
Is email hacking a form of cyber warfare?
I would be circumspect if inside the email there’s information that you trust, and that you consider actionable. We now have several factors of authentication that go into evaluating an email before you ever open it up. Email challenged our form of communication. Now we’re challenging the veracity of the email we receive.
If you get an email from the IRS today, would you open it up? To label hacking a form of warfare, we would have to evaluate the damage associated with the attack.
If you get an email from the IRS today, would you open it up? To label hacking a form of warfare, we would have to evaluate the damage associated with the attack.
How do we prepare for this type of challenge, especially since perpetrators may be hard to find?
This gets back to organizing, training, and equipping the forces for current and future readiness. You have to define what future readiness really means. Cyber needs to be central to everything we do. We have long assumed our ability to communicate, and exercise command and control, so cyber needs to be in the forefront of how we think about challenges and apply resources to them.
Cyber needs to be central to everything we do.
In a world of limited resources, how do we balance the requirements of dealing with belligerent state actors, non-state actors, and now cyber warfare? How do we balance, anticipate, and resource something like that?
First, we should expect that any sort of friction playing out in the land, air, or maritime domain is going to play out in cyber, too. The cyber world was designed to connect people, not protect them. We are now trying to introduce structure into something that was designed to be entrepreneurial and accessible. That’s how we measured success in the past.
Fitting security protocols into something like this is difficult and will challenge resources. The real issue is getting the right people into this environment.
We had an exercise in the Pacific Fleet designed to test responsibilities for command, staffing, and contingency planning. We wanted to look closely at the role of cyber, and how it could influence escalation or de-escalation.
We reached out to the private sector and had them participate. That was very insightful for those of us who had come up through traditional ways of dealing with security challenges.
What we learned was non-classified cyber intelligence, simply collected and analyzed open source, opened our eyes to a different way of thinking of how to be effective in the cyber domain. What I took away was learning ways to leverage the advancements the private sector was making and exploring innovative ways to collaborate between public and private sectors.
The traditional manpower model would take years to get someone through boot camp, get them out in the operating forces, and then, with time, become effective. Then they were recruited by someone else and hired away. That’s a path to manpower obsolescence. This environment is changing quickly.
Historically, operating forces prepared for deployment overseas to face the adversary. It was an away game. Now, the adversary sits right here. The idea that we’ve got all this information on our phones makes us vulnerable. We’re increasingly reliant on technology and yet not taking the right steps and protocols to be security conscious.
Going forward, how does the military tap people who may be getting their Ph.D in some field of technology? Is that getting them into the military, or using them in a one-off capacity?
We need to open the aperture in terms of how we look at tapping into a pool of very talented people but who don’t follow the traditional sorts of norms for military recruits. In many cases, these may be people who did not go to or graduate from college. But they are exceptionally competent and proficient in the technical environment. It is self-defeating if we won’t talk to these guys because we don’t like the tattoos they’re wearing.
We need to open the aperture in terms of how we look at tapping into a pool of very talented people but who don’t follow the traditional sorts of norms for military recruits. In many cases, these may be people who did not go to or graduate from college. But they are exceptionally competent and proficient in the technical environment. It is self-defeating if we won’t talk to these guys because we don’t like the tattoos they’re wearing.
You mean tap their skill regardless if they are officially a member of the military? Or do you mean tap their skill and get them into the military somehow?
I would look for some combination of the two. I don’t know that you’re limited to two choices here.
Americans may read about cyber warfare, but they can’t see it when they turn on the TV or look at a traditional battlefield. They may wonder if we are safer with someone using technological skills going after somebody versus the traditional way of engaging in battle. What is your thought?
The cyber environment is volatile, uncertain, complex, and ambiguous, just as we might use the same characterization in the strategic sense. The question is, how do you prepare for an environment like that?
Trying to keep pace with that changing threat landscape is a real challenge for the private sector. And it’s a challenge on the government, too. In a five-year period, the U.S. enacted four pieces of legislation and 33 executive orders. Yet cyber crime is more profitable today than illicit drug trafficking.
Is the private sector more attuned to this threat than those of us who have served in the military?
On the private sector side they’ll be look at close to 14,000 alerts, or intrusions and attempted intrusions, a week on average. These are extraordinary numbers. How do you manage the risk profile for a company? On the government side, the Office of Personnel Management hack in 2015 illustrates how vulnerable we all are.
There is an opportunity to bridge the public and the private side in ways that I don’t think we’ve really conceived of before. Let me give you an example.
Our [Navy] group responded to the great eastern Japan earthquake, tsunami, and radiation release in March 2011. This earthquake affected the tilt of the Earth’s axis; it physically displaced Japan by several feet. When we landed, we saw ships on top of buildings and trains, automobiles, and homes taken out to sea. When the tsunami hit Fukushima, the nuclear plant actually operated the way it was designed and the rods shut down. We got there as 50 guys with buckets of sand were trying to run toward the reactor to control it. It was a series of cascading casualties.
The problem was larger than us, so we needed the best that the country could offer in resources, talent, and ideas. Typically in traditional organizations, we start with a hierarchy based on authorities, resources, and senior-subordinate relationships. That would have been a non-starter since we were working with so many organizations and the Japanese government, Self-Defense Forces, and many international NGOs.
So, we organized ourselves for unity of purpose rather than unity of command. The organization was organized for transparency. For the purposes of the operation, the world seemed to stop, and the international community responded by pouring in every resource available so we could deal with the immediacy of the situation.
I point out that response because we have an urgent issue here in cyber security, but we do not reference it in such stark language. It is an urgent matter because our adversaries have technical capability and have long sought access to our national networks. That matters to our ability to rely on networks and protected data, so it matters to all of us.
As you talk, it’s clear how central the role of education is for the military. What is the military’s role in our national and local debates over K-12 issues? We hear a lot about the private sector getting involved in those debates.
As we look to the future, even if we have less in terms of numbers of ships and presence in certain regions, we can be equally responsive to something that’s unprogrammed and unscripted because of the investments that we’ve made in education. Since the Goldwater Nichols Act of 1986, midgrade officers and above who intend to make the armed forces their career all made a commitment to professional military education and all have their master’s degrees. The idea of going through a master’s degree means that they have to come up with their own ideas. They must do their own research, collect their evidence, form an argument, and defend it in front of their peers. It is one powerful example of how to develop critical thinking skills.
The way you prepare for this uncertain and unscripted future is the ability to think critically and adapt so you can reason your way through a situation for which you were not prepared.
The way you prepare for this uncertain and unscripted future is the ability to think critically and adapt so you can reason your way through a situation for which you were not prepared.
What about our non-commissioned officers, sailors and seamen?
Their education background is impressive and equally remarkable. We’re looking at young enlisted people with advanced degrees. When we plan and program for how many people are going to stay in the service, we expect a certain amount of attrition. But in the post-9/11 years, many people stayed in because they believed in what they were doing.
When you look at the educational background of our young enlisted people, and the worldview they have developed, I don’t think our local communities realize the investment that the county has made in this cohort of people and what they can do as veterans if similarly challenged when they return back to their respective communities.
-
Previous Article Cyber Warfare: The New Front An Essay by Marie O’Neill Sciarrone, Co-founder and President of Trinity Cyber LLC and Former Special Assistant to the President for Homeland Security
-
Next Article A Period of Consequences An Essay by Rep. Mac Thornberry, Chairman of the House Armed Services Committee