Cyber operators structured, disciplined and proactive Published March 3, 2015 By Lt. Col. Vincent T. Sullivan III 333rd Training Squadron commander KEESLER AIR FORCE BASE, Miss. -- When you think of a military operator, most folks first think of special operations. If you specified an Air Force operator, everyone thinks that's a pilot, more specifically a fighter pilot. They may include Air Force Special Operators into the mix. But if asked, "What is a cyber operator?" Most people will say one of two things: (1) "Oh, those 'comm' guys? They fix, maintain, and get us new stuff to do our warfighting jobs," or (2) If pressed, people relate them to hackers behind closed doors. It is clear that the cyber operator needs to be better defined in order to become better understood and respected as an operator among all military career fields. To do this, we must become a warfighter that can fully talk the same language. Air Force Chief of Staff Gen. Mark A. Welsh III challenged us at the 2012 Air Force Association, stating, "You have to speak to me in a language I can understand." That language does not need to be invented or dug out of some hard-to-find archive. The language that other operators understand must be integrated into our culture to earn the respect of the rest of the Defense Department. This includes: - Structured, disciplined and proactive - Never assume, belief or think you know the answer without having actual cyber terrain information to create the factual viewpoint - Utilize your tactics, techniques and procedures or make new TTPs - Relentless planning using Joint Operational Planning Process - Follow the planning, briefing, executing and debriefing process in the tactical environment - Never say no. Always find a way to achieve the objective At their very core, operators are structured, disciplined and proactive in how they execute operations. These qualities are seen in every operator career field, especially in our air and space domains. The complexity and intricacy of the cyberspace environment drives a focus on structure and discipline. Structure affords rigor. Whether it is a tactical event like local change management for minor modifications to strategic-level events like conducting enterprise-wide changes on a network, structure is needed to demonstrate and prove unit readiness to accomplish the commander's objectives. This level of structure and rigor affords the cyber operators better control their of cyber terrain and allows operators to be proactive, vice reactive. Without structure, an operator introduces unnecessary risk into execution of tasks. This increases the probability of losing the "execution initiative" and allowing for outside environmental factors to dictate timing and tempo of actions and priorities. This loss of initiative is unacceptable, for a true operator does not sit back and accept the status quo. The true operator, be it the special operations forces, pilots or cyber operators, must take change by the reins and be proactive and dictate tactical operations that are based on operational strategies and priorities. In the cyber domain, "truth" is reflected by actually showing, proving and validating what is happening on your systems. Believing something is factual without black-and-white proof is the kiss of death, since the cyber domain changes every second of every day. Operators do not believe something just because another person has said it. They look for the factual evidence to validate the story and make an insightful decision. Special operations forces and pilots do this with weapons they wield and every mission on which they embark. They are supremely confident and knowledgeable with their weapons and domains in which they operate. For cyber operators, we must be equally confident and knowledgeable with our weapons and domain. That means we must get into the weeds and review the configurations of the systems themselves, analyze the system logs and scrutinize the network traffic. Without validating this information, we can be deceived. Our systems can be manipulated to produce inaccurate results, drawing a drastically different picture between what you believe is happening and what is actually happening. This lack of factual information can lead our people in circles. It would be like our land forces capturing a town or village and realizing it's the wrong location -- then doing that process over and over again with the same results to the same location. That is the definition of insanity -- doing the same thing over and over again expecting different results. Cyber operators cannot perceive, assume, believe or think we know the answer -- we need to prove what is happening with factual information in this cyber domain to be effective. An operator focuses on execution through structure, discipline and a proactive approach after understanding what is actually happening in the terrain. This is done through execution with a detailed understanding of TTPs to ensure actual execution is structured and disciplined. The proactive concept pushes us to rapidly conceptualize, document and execute new TTPs to support operations. As cyber operators, we are expected to build structure and discipline into our operations where very few exists today, such as maintaining crew information files or maintaining our procedures based on domain changes. The days of lone wolves being our saviors are over. The lone wolf mentality generates negative impacts on the domain because they don't coordinate or deconflict between operations. The lone wolf tends to change configurations or employ new undocumented TTPs without synchronizing with mission owners, creating undesirable and unanticipated effects, such as degrading or even isolating our warfighting capabilities at critical points. This concept is unacceptable; we would never let a single ship formation fly over enemy-held territory with no support, no matter how good the pilot. We must operate in a structured and disciplined manner with oversight, even if they are taking actions never before seen or documented. Their task is to share those new TTPs by documenting what they have done so that others may be able to generate and execute the same effects and deliver the desired outcome for all future missions. The key challenge facing our cyber operators is not one of coming up with ideas, using best practices and comparing with industry trends. The true challenge is developing the cyber operator's ability to bring clarity to what is truly happening and associating the effects to the warfighter in a language they understand. Warfighters bring clarity through utilizing the Joint Operational Planning Process to develop campaigns for all current operations. In cyber, using JP 5.0 will allow planners and operators to bring clarity to operations that in the recent past were not planned using this structure. Important aspects that are central to warfighting are to understand the environment (friendly force information and priority intelligence requirements), friendly and enemy centers of gravity that lead to an understanding of the key vulnerabilities that are to be defended or attacked as decisive points. Then utilizing warfighting concepts such as position, maneuver, mass, and understanding the terrain to develop lines of operations and phases to the campaign plan, ensure your decisive points are identified and tracked. A key point to remember when developing your LOOs is that you can only forecast your campaign decisive points so far. You need the flexibility to rapidly add new decisive points as you determine they are needed. Even establishing a LOO that starts out with no decisive points can help planners, operators and strategists make sense and bring clarity to the ultimate objective of defending the friendly and attacking the enemy centers of gravity. A culture is change coming in cyberspace operations. The first wave has already landed. More and more peer leaders inside the cyberspace community truly believe and are implementing warfighting thought patterns throughout our daily operations. This has solidified the fact that we are no longer support personnel we are all operators! The second wave is landing now. Every graduate from the undergraduate cyberspace training and cyberspace warfare operators for the last eight months has lived and learned these Cyber Operator truths. These future leaders of the Air Force, and champions of the cyber operator mantle, have been challenged to implement these truths throughout their careers. The final wave will have landed when other "non-cyber related" Air Force leaders acknowledge that in this manmade domain, operational effects can be generated to support the combatant command with consistency. To foster this, we must instill the operator mindset in our cyber warriors from the very beginning and reinforce that mindset throughout their careers. This will enable all operators to be able to plan consistent tactical, operational and strategic effects in and through the cyber domain. We, the cyber community as a whole, need to hold ourselves accountable to capturing, developing, building, and sharing our cyber heritage with others. We must be proud to spread the message of our heritage and legacy, one that is built on both successes and failures. We must not run from it. A true operator does not learn from successes alone -- they learn as much, if not more, from their failures. The embracing of our heritage and legacy is central to every operator discipline within the United States military, and it should be no different for cyber operators. We are at the bleeding edge of change, a true culture shift in our military, and the entire cyber community must dive in. Only then, can we call ourselves cyber operators! How are you building the next generation?