The "shadow warriors" brigade

(To Ciro Metuarata)

It is a few days ago the news about the constitution of the 127th Cyber ​​Battalion of the Army National Guard of the State of Indiana. The new unit, based around 75 miles from Indianapolis, is the fifth battalion of this type established in the last few years, along with the 123rd and at the 124th, both based in Virginia and the 125th e 126th, respectively located in Columbia and South Carolina. These departments share the same superordinate command, that is, the 91st Cyber ​​Brigade, established in February 2017 in Virginia, just seven months after the start of the related project.

Taking inspiration from the aforementioned news, we see below what the really consists of Cyber ​​Brigade of the "shadow warriors" (from the related motto "umbra bellatores"), or how it is articulated and what capacity it is able to express.

First of all it must be said that the cyber capabilities of the 91st Cyber ​​Brigade, unit of the National Guard, are framed in a much broader context, made up of the capabilities of the Armed Forces formed by military full time professionals, who are part of the Cyber ​​Command of the Army, Aeronautics, Navy and Marine Corps, gathered under the US Cyber ​​Command. There are also the capacities expressed by the numerous federal intelligence and law enforcement agencies (NSA, CIA, FBI, etc.).

In general, what distinguishes the cyber units of the National Guard, in addition to the status of "part-time" citizen-soldiers of its members, is the orientation of the expressed capacities: if the cyber units of the Armed Forces are oriented to accomplish the whole spectrum of operations in cyberspace, the brigade of shadow warriors, while also being able to express the full range of cyber capabilities, has the primary task of planning and conducting predominantly defensive operations on the national territory, through units dependent on battalions such as the aforementioned 127th.

Each of the five battalions so far constituted is capable of operating on networks and military computer systems, on those of the Ministry of Defense or on those belonging to any other state or private structure and is formed by four subordinate units, namely: a company of cyber security, a company of cyber warfare and two Cyber ​​Protection Team (CPT), for a total of about one hundred, between men and women of the Army National Guard.

Specifically, the companies of cyber security conduct business of vulnerability assessment (search for "weak points" - programming or configuration errors - computer networks and systems), forensic analysis following security events or incidents (analyzes aimed at identifying the characteristics of cyber attacks, such as: techniques used, origin, presumable purpose, etc.) safety assessments and support to operators of critical infrastructures (electricity production plants, water network managers, hospitals, etc.) and, finally, consultancy in the field of cyber security in general. The companies of this type, through the respective commander, exercise the necessary authority to carry out the missions assigned to the cyber security team employees, to support cyber security or to support critical infrastructures, in the framework of defensive operations in the cybernetic space.

The companies of cyber warfare, instead, I am able to play or support the role of opposing force (the "bad guys") in cyber exercises, to conduct the whole range of military activities in cyberspace, including those of ISR (Intelligence, Surveillance and Reconnaissance). Such units are able to enucleate teams of network warfare, of cyber analysis and cyber support, exercising on them the direction and address for the conduct of all types of cyber operations (therefore also of the offensive ones). Finally, the CPTs have the task of conducting cyber defense operations on military networks, which may also include the provision of services and consultancy in accordance with the federal regulatory framework and the respective States of belonging, such as validations / inspections of military Commands, vulnerability assessment, opposing forces, critical infrastructure assessment, support for theater security cooperation and training support e advisory and assistance.

It is interesting to note that the CPTs have the task of intervening within four hours of activation by the High Command in the event of a cyber crisis. Furthermore, the CPTs of the battalions already operational, such as the 169th CPT based in Baltimore, are permanently employed in operations and also actively participate in all the main cyber exercises.

Returning to the news of the opening, in a recent interview the brig. January Lyles of the Indiana National Guard outlined further steps to be taken in order for the 127th Cyber ​​Battalion become fully operational and highlighted some interesting aspects of the project. In particular, the high-ranking official pointed out that the battalion's staff will be completed in the next two years, both converting new cyber personnel already enrolled in the National Guard and recruiting "new talent" directly from the civil world. At the same time the unit will receive the necessary training and will be equipped with special materials, in order to achieve the expected operating standards.

General Lyles also drew attention to how the choice of the site in which the battalion was established was not accidental, but well thought out. The State of Indiana has been chosen as it is a particularly "fertile" environment for cyber: in its territory there are many professional both military and civil, as well as universities and research centers operating in the specific sector. In essence, this favorable environment has not only allowed the formation of the new unit with relative ease but will allow it to implement its capabilities just as quickly, generating a virtuous circle between the military and civil, academic and industrial worlds.

In this regard, it should be pointed out that what is taking place in the National Guard could constitute a valid reference to which our Armed Forces could be inspired, with due proportions, in order to rapidly equip themselves with cyber capabilities, taking a leading role in strengthening the Country in this sector. On the other hand something similar has already been put into place in France, a nation much closer to our reality, in which to the military professionals of the cyber forces of the Armed Forces, very similar in structure and tasks to the Cyber ​​Battalion US, we add "fixed-term" reservists and reservists who provide free services. In particular, the elements that could be taken as a model are: the predominantly defensive orientation of cyber units, in any case capable of conducting all types of operations, which operate in support of military activities and, if required, also with respect to networks and systems belonging to other State Administrations and / or operators of critical infrastructures; the appearance and concept of the use of CPTs; recourse to existing professional skills in the area, even if not of a continuous nature.

All this, applied in our country, would make it possible to create a "pool" of military experts in the sector, by profession or not, always up to date and readily usable both at home and in Operational Theaters. Moreover, this potential of the Defense could be made immediately available to the entire Nation in a real perspective dual use which, given the transversal characteristics of cyberspace, naturally connotes both threats and cyber capacities to counter them. Ultimately, it would be a very valuable resource for our country, which would not necessarily come into play only in the event of a cyber crisis but, on the contrary, could act as a catalyst for the nation to grow rapidly in the field of cyber security, increasingly crucial for the economy, society and security.


Photo: US National Guard