Cyber Troops Stretched Thin in Ukraine Response as NATO Builds Common Air Picture

The war in Ukraine has provided a wake-up call for U.S. military cyber defenders, who are facing hard choices about how to deploy limited resources, said Air Force Brig. Gen. Chad D. Raduege, the chief information officer of U.S. European Command.

“There’s been a realization that, quite frankly, we can’t protect everything we have,” Raduege told a virtual luncheon hosted by the Gabriel Chapter of the Air Force Association on March 9.

He added that this realization had been growing for some time. In his prior job in 2021 as chief information officer of Air Combat Command, “we found ourselves … identifying the key [IT] components for us to fly, fight, and win. And we were applying mission defense teams from a cyber component against those weapon systems and saying, these are our crown jewels that we need to protect.”

But faced with a crisis that is demanding agile U.S. deployments alongside a wide variety of partners, meaning small teams operating from unfamiliar locations, there weren’t enough cyber defense teams to go around, Raduege said, answering an audience question from retired Maj. Gen. Burke E. ”Ed” Wilson, the former deputy assistant secretary of defense for cyber policy, who previously commanded Air Forces Cyber. 

“I think the area that we’ve got to continue to figure out is this idea that we were going [to] protect the weapon systems themselves, protect those smaller groups, with our mission defense teams. That’s a really great vision. What we found is we didn’t have enough capacity in the cyber realm to even stand up some of those capabilities,” Raduege said.

He said the Air Force is deciding which weapon systems it can afford to protect.

“The Air Force, right now, through Air Combat Command, is working through a prioritization of which weapon systems we will apply those mission defense teams against,” he said. The overwhelming “demand signal” for cyber protection, Raduege said, was driven by the circumstances of the U.S. response to the Ukraine crisis, which combined NATO military operations with humanitarian relief efforts involving a much wider alliance of partners—all requiring connectivity.

“There’s an insatiable appetite to have connectivity. And we’re seeing not only fielded forces at the home stations, but now we have all of these tactical edge airfields and logistics hubs that are standing up,” Raduege said. “We have fielded forces all over the place that have an air picture that they want to share. … We have logistics hubs that are all over the European theater right now. … We’re seeing our own nation want to put donations and goods into the European theater. And so we’re seeing coordination centers stand up” to manage that flow of incoming goods and their onward distribution.

Coordination was required, not just with the 30-member NATO alliance, but with “a whole bunch of other allies and partners for this current fight,” he said. “And the ability to track all of that aid, all of that hardware and software that is going into different places … requires information-sharing requirements at a protected military level,” Raduege said.

That secure connectivity required developing the mission partner environment, or MPE, “a coalition network,” which could move data, classified as highly as “secret,” securely between the military networks of allied nations. The MPE was an alternative to the “sneaker net”-style of manual exchanges NATO partners had to cope with for many years in Afghanistan, but Raduege suggested that some kinks still being worked out.  

“Every nation brings their NIPR [Non-secure Internet Protocol Router] and their SIPR [Secure Internet Protocol Router or] computers, and then they want to join them together. So how do you work through those joints? How do you work through that federation to make mission happen?” he asked. “I will tell you, the amount of information sharing requirements that are taking place right now is off the chart,” he added, citing a common NATO air picture as one result.

Link 16, the NATO standardized line-of-sight communications protocol that can be used by fourth- and fifth-generation fighters, “is more important than it has ever been,” Raduege said. He said new nations were keen to join the Link 16 club.

Raduege noted that open-source data was also increasingly being used in creating a common operational picture, even superseding, in some cases, traditional intelligence feeds available to commanders. 

“Every morning, I get up and check my open source app to get the latest on the Ukrainian front. Because open source intel provided by a commercial partner is providing as much information as our J2 [joint intelligence function at EUCOM headquarters] is able to pull. Now, of course, our J2 has more exquisite information—they fill in a lot of the seams. But that open-source intel allows us to rally around things quite a bit.”