The
United States Army’s fresh strategic information warfare unit has conducted its
first training exercise in October 2020. This warfare is mainly dedicated to
mature the concepts of formation and tactics. Army Cyber Command had in 2019
officially created the 915th Cyber Warfare Battalion. It consists of 12
expeditionary cyber and electromagnetic (CEMA) teams (ECT) that are solely
meant to support brigade combat teams or other tactical formations with cyber,
electronic warfare and information operations capabilities.
These “fly away” teams, as some officials
call them, would help plan tactical cyber operations for commanders in theater
and unilaterally conduct missions in coordination with deployed forces. The
CEMA Team 1, or ECT-01 participated in the training event that took place in
early October at Muscatatuck Urban Training Center in Indiana. The sprawling
facility provides a robust digital training environment equipped with infrastructure
that can be manipulated in the cyber realm without damaging actual operational
systems used by the military or civilians. While this unit and its predecessor
through the CEMA Support to Corps and Below pilot at Fort Irwin, California,
previously augmented brigades during training events at the National Training
Center, the ECTs were not the primary training unit. They were there solely to
augment the brigade that was training. Priority one is the ECT’s training
proficiency and having a scenario constructed around them as a training
audience. The second purpose is to develop a training plan for how we are going
to train ECTs as we build them. The
event at Muscatatuck was the first opportunity for the ECT to serve as the
primary training audience working to refine tactics, techniques and procedures,
as well as concepts and gunnery tables for future certification exercises. “We
have not ever before performed a collective training validation/assessment or
figured out what that needs to look like that we need to put an ECT through
before we send them off to support another unit”, Capt. Richard Grue, assistant
S3 for the 915th Cyber Warfare Battalion, told C4ISRNET in an Oct. 12
interview. This type of event would precede deploying teams to a [combat training
center rotation] because the problems that we run into when we go train a CTC
are that we are not the training audience — it’s the maneuver unit. This
provided the opportunity to focus training specifically on the ECT”, Grue
added. The event was primarily focused on the technical aspects of training for
the ECTs such as on-net operations. Grue said there was no physical or
technical opposing force. Despite, the cyber moniker, these units must not only
be proficient in the technical realm but also be able to maneuver with the
units they support. This means being able to keep up in formation and avoid
being compromised when marching on a particular objective. Though ECTs
previously did this at Fort Irwin in support of brigades conducting a training
rotation, this type of physical-specific training for the ECTs is something
that is slated down the road, Grue said.
The drills took place Oct. 1-12, 2020. The ECTs will also have to be fully cognizant of the totality of the information environment, as senior leaders call it. This includes the internet as well as other mediums such as social media and traditional media. Grue said these teams must not only be capable of conducting tactical cyber operations as a standalone capability, but must conduct operations in and through the entire information environment. Part of the exercise tested concepts and operations within this environment using a simulated internet. The teams tied together publicly available information via social media to inform operations in both the physical and virtual environments at Muscatatuck, which included targets' workstations, servers used to push propaganda, and physical recruiting meetings, Amanda Lockwood, solutions architect at IDS International, told C4ISRNET in an Oct. 12 interview. It provides a simulated social media and internet environment that includes virtual machines. The virtual machines allow participants and simulated users to send and receive emails as well as surf fake websites that include malicious links that infect the entire network.