WASHINGTON -- "The limiting factor for cyber effectiveness continues to revolve around policy and process," said Gen. Raymond A. Thomas III.
The process to approve cyber operations at the tactical, operational and strategic levels is detailed and lengthy. China and Russia are not as inhibited, he said, summarizing a recent statement from Chairman of the Joint Chiefs of Staff Gen. Joseph F. Dunford Jr.
Thomas, commander of U.S. Special Operations Command, spoke at an Association of the U.S. Army-sponsored forum on cyber issues, Dec. 13.
"The speed of decision making and action must keep pace with the speed of war," Thomas said, referring to offensive cyber latitude needed by commanders.
Having said that, he added that military leaders and policy makers are pushing for the necessary authorities "that will be effective and consistent with our American values and applicable statutes, such as the law of armed conflict."
It essentially boils down to trusting the commander and the team to do the right thing, he said.
Additionally, he said, while many U.S. allies have greater authorities in which to operate in the cyberspace domain, current methods of classification don't facilitate sharing with them.
Early on, SOCOM's approach, Thomas said, was not to outsource cyber to the chief information officer or J-6. Cyber was viewed as a commander's tool and it has been integrated into everything SOCOM does.
Taking the initiative, he said, has driven policy discussions.
"Special operations forces thrive in a world that's often ahead of policy," he said. "Many of our approaches over the last decade-and-a-half of continuous combat were previously undefined in the policy realm. This can be said about cyber capability and [tactics, techniques and procedures] development."
Thomas outlined how, during a recent unnamed operation, SOF and partners combined offensive cyber operations with information operations, financial disruption and kinetic effects to "destroy that adversary on an epic scale."
He added that "we should be conducting operations like that all the time, but we're not there yet. Exploitation must be the mindset."
Besides policy and authorities, the force must get the right talent in place, Thomas said.
The Army is building effective cyber teams and is now direct commissioning talented cyber officers, he noted. The decision to make cyber a branch was a good one as well.
However, he cautioned to "resist the institutional tendencies to hold [cyber operators] to the same standards" as the rest of the force.
They might not be marathon runners or cross-fit fanatics, he said, alluding to providing some flexibility in standards.
Once those talented cyber operators are in place, they need to be incorporated into all training exercises, he advised, returning to the point of infusing cyber into every activity.
Thomas also touched on the antiquated acquisition system, which he said is much too slow to deliver new technology to the cyber operator.
"Cheap cyber tools enable terrorist organizations to act like nation states, and small nation states can act like global powers," he said, meaning that the U.S. must keep ahead with new technologies that relate to cyber, such as artificial intelligence and machine learning.
Lastly, Thomas compared cyber to Sputnik and the space race.
"We can win this, but we need to bring in the right people," he said. "And like special operations forces, it needs to be lean, quick to respond, and flexible, with a flat administrative structure, with top-tiered skills and broad authorities to conduct effective cyber operations."
For more information, visit:
• Army Research Lab
• Army News Service