Cyberspace Operations: What Senior Leaders Need to Know About Cyberspace - EMP, Catastrophic Events, Carrington Event, plus Resilient Military Systems and the Advanced Cyb

The Cyberspace Operations Group of the Center for Strategic Leadership, U.S. Army War College, conducted a three-day workshop to explore the cyberspace issues that should be addressed in senior service college-level education and similar senior leader education programs. This workshop was designed to acknowledge and leverage existing education programs and to identify new programs and curricula that need to be developed. "Have to know" topics, as well as "nice to know" topics, were identified. These topics were further categorized by subject and the educational methodology that would best facilitate senior leader education. Also included in this collection is a vital 2013 report from the U.S. Defense Department warning of serious cyber threats to the military, including the critical nuclear weapons infrastructure, Task Force Report: Resilient Military Systems and the Advanced Cyber Threat. The report addresses the risk of catastrophic cyber attacks and discusses the need for offensive operations. This Task Force was asked to review and make recommendations to improve the resilience of DoD systems to cyber attacks, and to develop a set of metrics that the Department could use to track progress and shape investment priorities. After conducting an 18-month study, this Task Force concluded that the cyber threat is serious and that the United States cannot be confident that our critical Information Technology (IT) systems will work under attack from a sophisticated and well-resourced opponent utilizing cyber capabilities in combination with all of their military and intelligence capabilities (a "full spectrum" adversary). While this is also true for others (e.g. Allies, rivals, and public/private networks), this Task Force strongly believes the DoD needs to take the lead and build an effective response to measurably increase confidence in the IT systems we depend on (public and private) and at the same time decrease a would-be attacker's confidence in the effectiveness of their capabilities to compromise DoD systems. This conclusion was developed upon several factors, including the success adversaries have had penetrating our networks; the relative ease that our Red Teams have in disrupting, or completely beating, our forces in exercises using exploits available on the Internet; and the weak cyber hygiene position of DoD networks and systems. The Task Force believes that the recommendations of this report create the basis for a strategy to address this broad and pervasive threat. Nearly every conceivable component within DoD is networked. These networked systems and components are inextricably linked to the Department's ability to project military force and the associated mission assurance. Yet, DoD's networks are built on inherently insecure architectures that are composed of, and increasingly using, foreign parts. While DoD takes great care to secure the use and operation of the "hardware" of its weapon systems, the same level of resource and attention is not spent on the complex network of information technology (IT) systems that are used to support and operate those weapons or critical IT capabilities embedded within them. DoD's dependence on this vulnerable technology is a magnet to U.S. opponents. In fact, DoD and its contractor base have already sustained staggering losses of system design information incorporating decades of combat knowledge and experience that provide adversaries insight to technical designs and system use. Despite numerous DoD actions, efforts are fragmented, and the Department is not currently prepared to effectively mitigate this threat. Cyber is a complicated domain. There is no silver bullet that will eliminate the threats inherent to leveraging cyber as a force multiplier, and it is impossible to completely defend against the most sophisticated cyber attacks.