In the U.S. military, cyber capability is undeniably important to joint warfighting, but cyber is still not fully recognized as a warfighting domain, co-equal to land, sea, air, and space. It isn’t because it’s not. But the day will come when the cyber domain becomes a co-equal domain and requires the same deep level of operational planning and integration, and it will likely arrive as a transformative and unifying Gestalt event:
In the early morning hours and half a world away, a despotic regime strikes at a neighboring state. A U.S.-led international alliance rallies to support the aggrieved nation, triggering a compelling, cyber-propelled media blitz of messages, images, and videos intended to manipulate domestic and international sentiment against the newly organized alliance. The world’s leading businesses and financial institutions are targeted, their operating systems rapidly degraded by cyber attacks on critical infrastructure, disrupting governmental and commercial entities and high-profile individuals. Allied militaries, meanwhile, strain to gather intelligence and orchestrate a response because senior military leaders are unable to command and control their forces as they are accustomed. Suffering under the practical realities of severely impaired capabilities and infrastructure, allied political leaders soften their objectives and acquiesce to the adversary’s brutal conquest.
Had the alliance’s defensive and offensive cyber capabilities been integrated into the daily operations and readiness of the joint force, the adversary’s cyber campaign might not have succeeded. Similar ‘aha’ moments in military history have produced abrupt, undeniable, and holistic results. In 1941, the Japanese military’s integration of airpower with its naval forces resulted in absolutely devastating results for the U.S. military at Pearl Harbor. In 1991, the space domain’s ability to provide precise geolocation and timing as well as global communications afforded the U.S military unprecedented synchronization of fires across the battlespace. Like air with sea and space with air in the above examples, cyber’s integration with the other warfighting domains will produce synergistic, perhaps transformative, results on a future battlefield. We, however, remain shrouded from these potential results by our lack of knowledge, creativity, visualization, or perhaps all three. These shrouds can begin to be lifted by strong operational commanders, someone like a Joint Force Air Component Commander.
JFACCs are crucial operational leaders in any warfighting plan. But their apparently casual approach to the integration of cyber capabilities into the air components’ plans and operations has allowed cyber to primarily be branded as a national, strategic capability—instead of demanding its deep integration into the delivery of combat airpower. Continued neglect undermines the Joint force’s ability to develop warfighting capabilities, develop military options, and advance Joint warfighting excellence.
In fact, cyber effects should be integrated into the broad array of JFACC’s responsibilities, just like the development of the Joint Air Operations Plan, the Joint Prioritized Target List, and the Air (or Joint) Tasking Order. Cyber should also be integrated into the execution of Area Air Defense, the development of apportionment recommendations, the conduct of inter-component coordination, as well as all theater-relevant operational plans and exercises. The sooner our cyber operators are integrated into these activities, the sooner JFACCs will fully realize cyber’s immense relevancy. The sooner JFACCs realize cyber’s relevancy; the sooner JFACCs will learn to demand more and, eventually, become champions of this domain.
How can JFACCs take full advantage of the cyber domain? First, be specific about your intent. Cyber operations can encompass many things. Do you need resilient communications in a disrupted-degraded-intermittent-low-bandwidth environment, or DDIL? Do you have critical systems and data that demand protection against attacks? Do you need nonkinetic effects from the cyber domain integrated with your kinetic fires? Do you need cyber-enabled intelligence to fulfill your priority intelligence requirements? Maybe you need operations within the cyberspace domain and information environment that shape the overarching geo-political situation at the strategic level. Or maybe you need all that and more. The key point is this: while commonly described as “cyber,” each of the above represents a distinct type of operation within distinct authorities and required expertise. To get the support you need, you need to be specific about what you require.
Second, integrate early and often. If you expect your systems and data to be resilient in conflict, then cybersecurity needs to be “baked in” from the beginning, not “bolted on” after the fact. If you want non-kinetic fires to support your kinetic fires and increase the survivability of your assets, then cyber operators need the time to develop the accesses and capabilities necessary to achieve those effects. Leave it until too late, and cyber will be a missed opportunity. You need cyber operators in your planning cells from the start. Your exercises and rehearsals must be representative of how you intend to fight. If the first time your continuity of operations and primary-alternate-contingency-emergency (PACE) plans are fully tested is when you are actively trying to C2 in a DDIL environment, you won’t be ready to fight through the challenge. If the first time you synchronize kinetic and non-kinetic fires is when jets are airborne, then your ability to execute your JFACC responsibilities will be severely degraded.
Third, move at the speed of cyber. Technological advancements are changing the conduct of war, as we’ve seen in Europe and the Middle East. All of these rely on the cyber domain, from small unmanned aerial systems to artificial intelligence. Technology is outpacing our acquisition processes, so you must demand the right cyber experts be embedded with your teams and then you must empower them to adapt emerging technological advancements to your warfighting needs, including how to harmonize old and new technologies. Do not chase every emerging technology but do be agile enough to take advantage of changes in the operational environment and the cyber domain. A strength of the cyber domain is that it can change with a few lines of code—so don’t hamstring your cyber operators by making them follow rigid processes designed for physical systems. Move at the speed of cyber, not bureaucracy.
And finally, JFACCs need to be staunch champions for cyber capability. To be blunt, cyber operators need non-cyber champions to value and articulate the risks associated with “doing cyber for cyber’s sake.” Said differently, cyber operators need non-cyber champions who can visualize the potential for how the emerging cyber domain can enhance and strengthen all warfighting domains. And as a champion, you must advocate for them and fight to ensure they are organized, trained, and equipped to meet your requirements. That means you must be demanding of the USAF, and not just of U.S. Cyber Command. You must demand that our service provides you with a cyber force that can meet your requirements as a JFACC.
Each military service should stand ready to provide you with a cyber force that is hungry to advance its technical and tactical expertise to ensure that you can deliver combat airpower in support of combatant command priorities. Your cyber forces should have the capacity and authorities to integrate and train with the combat air forces at the tactical and operational levels; to routinely conduct real-world missions in enemy terrain to develop their craft, rather than being held in reserve as a “break glass” emergency response force; to develop operational concepts and technical solutions that solve the Joint force’s most vexing tactical problems, rather than those generated at the strategic level; to generate new solutions to the new problems facing JFACCs, rather than exclusively generating new solutions to old problems; and most importantly, to improve the lethality and resiliency of the Air Component and the entire joint force. Simply stated, we need to insist our cyber operators deliver combat airpower by conducting cyber operations, and there’s no one better than JFACCs to drive this change.
Major General Larry R. Broadwell, Deputy Commander of Sixteenth Air Force (Air Forces Cyber), oversees global information warfare operations, integrating intelligence, surveillance, reconnaissance, and cyber capabilities to secure and defend the Department of Defense’s global network. A seasoned command pilot with more than 2,400 flight hours, he has led operations across multiple theaters, including Iraq and Afghanistan, and held key leadership roles in ISR and joint operations.
Major John C. Stanley, a Cyber Effects Operations Officer and graduate of the U.S. Air Force Weapons School, brings over 16 years of expertise across the cyber domain, specializing in integrating advanced capabilities to enhance airpower and mission effectiveness.
