War Game Shows TRANSCOM Vulnerabilities

Cargo pallets are loaded onto a Kalitta Air Boeing 747 by 436th Aerial Port Squadron airmen March 24, 2017, at Dover AFB, Del. In addition to military airlifters, Dover regularly sees civilian cargo planes that support Department of Defense missions. Air Force photo by SrA. Zachary Cacicia.

A recent war game conducted by US Transportation Command revealed that US military lift is “distinctly vulnerable” because of its heavy reliance on commercial partners, Gen. Darren McDew told the Senate Armed Services Committee Tuesday. The war game focused on “imagining a scenario where we didn’t dominate the skies or own the seas,” and the experience was sobering, the chief of TRANSCOM told senators.

McDew said the exercise “uncovered a surprising amount of lessons learned,” because a contested environment is “a space we haven’t had to operate in, logistically speaking, for a very, very long time.” The results of the war game were so startling, McDew said, that “it is now driving everything we think about mission assurance in our portfolio.”

The challenges of the current situation have been a long time coming. Because of the reduction of the C-5 and C-141 and C-17 fleet by 50 aircraft since the 1990s, the military is much more reliant on commercial partners for airlift today than it was during Desert Storm, Sen. Mike Rounds (R-S.D.) said during the hearing. In the event of a major conflict today, Rounds continued, TRANSCOM has said it would rely on the Civil Reserve Air Fleet to help move 90 percent of passengers to a conflict zone—up from 60 percent in Desert Storm. For cargo, the military would rely on CRAF to move 40 percent of cargo today—up from 25 percent in Desert Storm.

The problem is that commercial partners are more vulnerable to cyberattack and less able to fly in contested environments than military aircraft, and similar problems plague sealift. Today, McDew said, “I would not call upon the commercial industry to go into a contested environment.” That limitation would not present a problem early in a conflict because “our first force to go into these contested environments is our organic aircraft and our organic sealift ships,” which are equipped for anti-access, area-denial (A2AD) environments. The problem comes after the first wave, when TRANSCOM would have to increase reliance on commercial partners.

How badly equipped are commercial assets?

In cyber defense, many companies TRANSCOM relies on don’t even recognize the scope of the problem. “I can talk to CEOs,” McDew said. “I’ve talked to some that have no idea that they have been attacked.” But raising the standard of protection is difficult as well because the Department of Defense cannot simply force companies to change their security standards. “I do not have the authority to compel a commercial industry to bring their standards up to the level that we have [in DOD],” McDew said.

“I guarantee you that every CEO thinks that they have the level they think they need,” in terms of cybersecurity, he said. “Reconciling what they think and what reality is, is important.” In both cyber defense and A2AD, McDew warned, “we’ve not thought through, what does it mean to go to war reliant on this much commercial activity in a contested environment.”

In the case of a potential conflict on the Korean peninsula, TRANSCOM has the lift capacity “to provide him [Gen. Vincent Brooks, commander of US Forces in Korea] what he needs in the first 30 days organically,” McDew said. TRANSCOM would have to “see how we can do after that.” Even once the transition to commercial partners begins, McDew said that “we can go up to six months fairly easily. Beyond six months, there’s a challenge.” In short, he told SASC, “we do not have the capability that I wish we had.”

The problem is a thorny one. “Because of the risk we’ve taken in the portfolio over the last few decades,” McDew said, commercial assistance for military lift is only likely to increase. TRANSCOM’s current reliance on commercial partners is so great that McDew calls them his “fourth component” in addition to the air, Army, and Navy components. This marks a dramatic shift at TRANSCOM, he said, where “some of my predecessors wouldn’t actually even call them our partners.” Today, he has no choice. “I have to and must rely on this commercial industry to get things done.”

Instead of seeking greater authorities to compel commercial partners to raise their standards, however, McDew pointed to an ongoing collaboration with the Department of Homeland Security and the FBI that is seeking to address the issue.

“We owe [commercial partners] a better view of their resilience,” he said. “We owe them a better view of how they’re going to contend in contested environments, and we owe that to them in partnering with them.”

At minimum, this would involve “setting a clear cybersecurity standard,” which McDew said must “continue to evolve as we learn more.” TRANSCOM also needs “some level of third party verification that companies are complying with said standard.” He said TRANSCOM is working with “commercial industry” partners to “strengthen their ability to operate at least on the edges of a contested environment.”

In these ways, McDew told the committee, “we’ve already started to absorb” the lessons of the war game that demonstrated these new surprising vulnerabilities. “We’ve adapted our tactics, techniques, and procedures accordingly, but we still have work to do,” he said.