The JAPCC Conference 2019
Theme 2 | Defending Space and Cyberspace
‘Winning the battle in space may not lead directly to winning the war. But if you lose in space, you are guaranteed to lose the war’
NATO may need to adopt a more offensive posture to deny adversaries the use of space – ‘killing the archer’ can be a justifiable means of defending oneself; however, it is still defence and ‘you don’t win until you start punching back’. The positive message to come out of the conference was that, whilst it had not always been the case in the recent past, NATO no longer has its head in the sand about space.
Twelve months ago, the proceedings for the 2018 JAPCC Conference stated that:
‘Likely adversaries have made it clear that they are developing, fielding and expect to operate counter-space weapons. NATO must prepare for physical and cyber-attacks against ground stations and other space mission nodes …’
Air forces have never doubted that their overriding operational mission must be to gain and maintain a requisite level of control of the air. Against a near-peer adversary, this is likely to be a fluid situation where absolute control of the air is not always going to be possible. Will NATO find itself in a similar position where control of space is concerned? If the battle for control of space is a series of consecutive smaller battles, then there is a chance that it will be. If, however, MDO is used to gain control of space then it is likely to be characterized by simultaneous attacks – physical attacks against space hardware and ground stations, cyber-attacks against control systems and data streams, denial of receipt of satellite signals and imagery etc. etc. The effects of such attacks are likely to cause the ‘multiple, simultaneous dilemmas’ characterized in the proposed definition of MDO. In many (if not most) circumstances, space capabilities cannot be replaced in hours, or even in days.
‘Adversaries are using MDO against NATO right now!’
The results and lessons learned over the years from the USAF’s annual Shriever Wargame (the 13th such wargame concluded at Maxwell AFB on September 13th 2019) are unequivocal and the conclusions that are drawn vary little year-on-year – even ‘a day without space’ is likely to severely degrade NATO’s ability to operate and to defend itself. In recent years, the phrase ‘a day without space’ has been expanded to ‘a day without space and cyber’ and this reflects the growing realization that both of these domains are key. In fact, each one of these domains frequently relies on the other.
‘Can we replace a space capability in hours? In days?’
It was also observed that the electromagnetic spectrum (EMS) is vital for all of this. The ‘glue’ between all of the space, cyber, air, land and maritime capabilities. However, this is an area that has been neglected by NATO members for more than 2 decades, and now we need to recover the ability to control and dominate it. It was suggested that securing the EMS from attack from potential adversaries is a vital first step. However, if the EMS is analogous to the oxygen that all human life depends on to survive (and it sounds as if it is) then what policies and protocols can be put in place to assure its continued use, free from contamination?
Four key elements are required for successful MDO and these were outlined, in reverse order, as:
- Sustained, reliable logistic support. Something that can never be taken for granted, particularly in a contested environment.
- Effective combat power – but also generating that same combat power in space and cyberspace. In the case of cyberspace, we may not even know what generating combat power within it should look like.
- Superior battle management – with humans on the loop (rather than in the loop – see the later discussion of this) ready to intervene, take new data and rapidly decide on courses of action (CoAs).
- Space superiority is the number one priority. NATO won’t necessarily win the war with it, but losing in space virtually guarantees that NATO will lose it.
Somewhat reassuringly, the USAF has been addressing the problem of space superiority for the last 4 years and has made huge progress particularly in the last 12 months. However, the USA is only one of 29 nations that comprise NATO and each of the other 28 must also play their part if the Alliance is to achieve true space superiority. As the commander of US Space Command and Air Force Space Command, General Raymond, stated recently at Maxwell AFB:
‘One of our big takeaways … was just how important the coalition is and partners are in space. That provided a great advantage during the game. We’ve learned a lot every time we’ve played that game as it relates to our allies. It is clear that we’re stronger together. It’s also clear that our focus, again, is to deter conflict.’1
Major Gibson’s article in the Read Ahead (page 73) ‘Multi-Domain Operations and Counter-Space’ is an excellent place to start for those who wish to read more on this subject. Whilst it may be more US-focussed, Gibson’s assertion is that the need to mitigate the A2/AD capabilities of a near-peer adversary was the key driver for the creation of the MDO concept. This is another view to set alongside General Townsend’s evolution of the MDO concept from the (potentially) Land-centric concept of multi-domain battle.
Turning now to the second domain within this theme, it was observed that, in cyberspace everything is possible and that each one of us accesses it and is therefore vulnerable via numerous gateways (personal computer, work computer, cell phone, etc.)
Cyberspace is a plastic domain – it can be reconfigured by those who know how. NATO must recruit and build a cyber-infantry that has the knowledge and resources to do this. Federated Mission Networking (FMN) is one step towards this. FMN is a capability that aims to support command and control and decision-making in future operations through improved information-sharing. It provides the agility, flexibility and scalability needed to manage the emerging requirements of any mission environment in future NATO operations. FMN is based on principles that include cost effectiveness and maximum reuse of existing standards and capabilities. (Note: There is much more information about this on the ACT website.)
Cyber-attacks on vital networks are nothing new. They are happening on a daily basis and yet only make the ‘front page’ when:
1. They succeed, and
2. We can directly observe their effect.
Examples of this would include the ‘WannaCry’ ransomware/cryptoworm attack on systems running MS Windows. Users – including many NHS hospitals in the UK – were locked out of vital data and were told to pay a ransom in Bitcoin cryptocurrency to unlock their systems. In many cases, poor or non-existent network security protocols increased the severity of the effects from this attack and increased the time required to recover from it.
And yet technology companies deal, again on a daily basis, with cyber-attacks – the vast majority of which do NOT succeed. The key tool in defending against cyber-attack is AI developed from rigorous testing and probing – by ‘white hat hackers’ (hackers working for the common good as opposed to ‘black hat hackers’ working with malicious intent) – to determine system weaknesses and vulnerabilities.
In cyber-operations, the network is a weapon system – and it can be just as robust or just as vulnerable as any physical weapon system – depending on how it is managed, used and protected. Sadly, it is still the case that the weakest part of many computer networks remains the network users themselves. IT security experts used to admit that one of the simplest ways to introduce malware into an organization’s network was to drop a USB stick containing it in the car park. It then just required a well-meaning employee to plug the USB stick into a networked PC –‘to check and see if they can find out who dropped it’ – to cause a cybersecurity breach. Fortunately, contemporary network security measures mean that this is far less likely to happen now.