Cyber plays both sides of the spectrum with both offensive bullets and defensive shields
In this Q&A with Jennifer Walsmith, vice president of the Cyber and Information Solutions business unit at Northrop Grumman, we discuss: the role of cyber in keeping conflict left of the boom.
Breaking Defense: The national security community increasingly talks about how a non-kinetic war will play a prominent role in all future threats. To look at it another way, cyber activities can be thought of as being “left of the boom” to prevent kinetics from happening in the first place. A decade ago, nobody looked at cyber in that way. What are your thoughts on the value of non-kinetic deterrence?
Walsmith: Non-kinetic is and will play a large, prominent role in preventing a kinetic war from happening. It’s working left of the boom today. It’s the consummate behind the scenes negotiation — preparing, mitigating, and supporting de-escalation. It’s operating both tactically and strategically.
Some non-kinetics exhibit real-time effects, so you can see them immediately. Others are strategically placed to allow for deterrence later, if needed. Like you said, 10 years ago we didn’t hear our military leaders talking about cyber as one of their key bullets. But today we do.
When I think about the role it will play in JADC2, it’s almost beyond the level of imagination. The technology’s there, the environment is there, and our adversaries are playing that role along with us.
And the unique positioning of Northrop Grumman’s cyber survivability capabilities provides a critical advantage to joint warfighters. Our alignment of cyber survivability expertise within the advanced networks and communications organization is significant because it yields increased resilience against cyberattacks in those nodes that are the initial target of most attacks.
Northrop Grumman provides compelling solutions with small size, weight, power, and cost requirements. These are easily integrated into a wide range of platforms, meeting our customers’ needs for solutions in all domains and across the full spectrum of missions.
Breaking Defense: You made the point that this is going on right now. Are there examples of how cyber is being used effectively to create some JADC2-like capabilities?
Walsmith: That’s a difficult question to answer in an unclassified environment, but I will give you an example that I think illustrates some of the missions that you can then imagine might be playing out right now. When you think about cyber in a tactical landscape, most mechanical devices are now software enabled. Almost anything you can think of is vulnerable to a cyber effect.
Take this simple example; we all watch movies and it’s common to see cyber effects being used. Think of a high-speed chase, where the good guy needs the traffic lights to turn green or red, clearing the way to catch the bad guy. In the battlespace, cyber effects are being used to “clear the way” for various functions across the joint force.
To that point, Northrop Grumman recently demonstrated a multifunction “all-in-one” sensor at Pax River Naval Air Station. On a live range, we showed how an airborne SIGINT capability could inject cyber effects, neutralizing an integrated air defense system on the Pax range, and clearing the airspace for US assets to enter to execute a strike. We used cyber effect to get into an IAD [Integrated Air Defense System] command and control node, disabling its ability to have the search radar communicate with the targeting radar, clearing the way for our strike aircraft. That’s just one example of how cyber effects can enable JADC2.
Breaking Defense: Tell me more about the Pax River demonstration. What did you demonstrate?
Walsmith: In November, we successfully demonstrated a new multifunction, converged sensing capability for the U.S. government. This capability rapidly closes the Observe, Orient, Decide and Act (OODA) loop by integrating four critical mission capabilities: sense, effect/jam, inject and communicate.
In collaboration with the government, Northrop Grumman funded the demonstration, flying our own Dash-8 aircraft. They allowed us to integrate into their ground system to be able to create an end-to-end communications thread to an aircraft. In the demonstration, we showed the art of the possible and what is here now because it is important that we integrate into the larger architecture.
We also demonstrated digital, mobile radio, covert jamming. It’s like when you can’t get the service on your phone, but you’re not sure why. We also did other effects that we can’t discuss.
An important feature in Northrop Grumman’s capability is our open architecture, enabling us to incorporate third-party effects from our industry partners and the government. The cyber effects that we used in this demonstration were not built by Northrop Grumman. They were third-party apps, and this was intentional. In the same way a mobile phone user can choose from many capable GPS navigation applications such as Waze, Google Maps, or MapQuest, our customers need the ability to leverage not only effects that Northrop Grumman might develop but effects from many industry providers.
Working in an open architecture will increase the speed to be able to adapt to changing mission scenarios. What we have statically today might have to be changed dynamically as late as when we’re flying, so you need to have an architecture that allows you to do that.
Breaking Defense: Northrop Grumman says that one of its differentiators is that there are very few companies with its level of expertise in both offensive and defensive cyber, and that it has capabilities and technologies that impact every DoD element. What’s the importance of having capabilities on both sides? How does one inform the other?
Walsmith: Having capabilities on both sides allows you to tune against yourself. Having scale allows for diversity of thought and many innovation cells. Working against near-peer adversaries every day has us playing in the major leagues. Having it organized under one concentrated business brings it all together.
It’s like a team that scrimmages against their own offense and defense. We have diversity by supporting all services: Army, Navy, Air Force, and Marines in current offensive cyber contracts. We red team against ourselves. We share creative ways we have blocked and creative ways we hacked. It’s a living scenario that allows our cyber workforce to continuously refine their skills and see what others are creating.
An example is the Hack-A-Sat we just completed. It’s a US Air Force/Space Force competition designed to inspire the world’s top cyber security talent to hone their skills to help reduce vulnerabilities and build more secure space systems. [The Hack-A-Sat final event last year was an attack/defend-style Capture-the-Flag hacking competition where teams defended their satellite system while employing offensive measures on their opponents’ systems.]
Our team was in three different geographic locations for the event, demonstrating geographic diversity. We placed number-one against the US teams and second overall. Our team had fun, and their skills brought more junior team members to the forefront.
Another indicator of how we are leading is the growing number of diverse contracts that we are executing. We have a broad footprint in weapons systems, defense, vulnerability assessments, and offensive cyber that I’ve described.
We place a strong emphasis on the value of partnership. For example, for a recent, key bid we partnered with more than 40 other companies across commercial, non-traditional players, and small and mid-sized businesses to develop a viable solution to a mission challenge.
Breaking Defense: Your comment about red-teaming yourself was instructive.
Walsmith: It is an ever-increasing game of chess as to which side we’re emphasizing because there are equities across both sides. You need to be strong in both, which have ever-increasing tempos, from the standpoint of a strategic advantage.
Because we are well-versed in the highest-level threat adversaries through our offensive work, we know what we’re going to need to protect within our own systems. We believe there are many commercial products that support the cyber key performance parameters and cyber survivability attributes, known as the KPPs and CSAs. However, for the highest-tier threats, you need specialized products, and they need to be engineered in the beginning to be able to be incorporated.
That’s where we focused our investment — being able to work on the highest threat-level systems. While I can’t tell you what systems we’re working on today, think of the many high-profile programs that you read about. That’s what we’re focused on protecting, and that’s how we’re providing a strategic advantage.
Breaking Defense: The company’s alignment with communications and networks is significant because most cyberattacks will occur within those nodes. We often talk about the kill chain, precision fires, and the OODA loop, but there’s also the communications aspect and the need to operate in denied environments. Discuss the connection between comms, networks, and both offensive and defensive cyber.
Walsmith: It’s so powerful. When you think about it, cyber is executed in basically the radio frequency (RF) domain, and so it’s executed through communications and gateways. Bringing those capabilities and our support to customers together as we think about how we support JADC2 is essential.
It’s well known that communication links are one of the top areas that government officials believe will be a point of attack. By engineering our communication and network systems with the threat in mind and knowing the art of the possible, we’re better prepared to have products that are resilient.