Content uploaded by Jan Kallberg
Author content
All content in this area was uploaded by Jan Kallberg on May 20, 2020
Content may be subject to copyright.
5/20/2020 Integrate cyber maintenance into the US Army’s battle rhythm
https://www.fifthdomain.com/show-reporter/ausa/2019/10/07/integrate-cyber-maintenance-into-the-us-armys-battle-rhythm/ 1/7
Col. Stephen Hamilton and Jan Kallberg October 7, 2019
It can take a platoon of soldiers an entire day to build a command post, with its many hundreds of feet of cable
and its complicated compilation of computer servers and terminals. (Amy Walker/Army)
The U.S. Army continually transforms over time, and the latest iteration is the transformation
to support the concept of Multi-Domain Battle. This concept describes how the Army will
operate, fight and campaign successfully across space, cyberspace, air, land and maritime
Opinion
Integrate cyber maintenance into the US Army’s battle rhythm
309
5/20/2020 Integrate cyber maintenance into the US Army’s battle rhythm
https://www.fifthdomain.com/show-reporter/ausa/2019/10/07/integrate-cyber-maintenance-into-the-us-armys-battle-rhythm/ 2/7
domains. While cyberspace is defined as a domain, it is not separate and integrates across all
other domains. Maintaining cyber physical systems is critical to succeed across all domains.
Future conflict will likely unfold quickly and immediately initiate U.S. forces to move from
current positions to theater. Therefore, readiness is key to success, and maintained equipment
is a part of the preparation for these transitions to war fighting. That is a known fact.
Incrementally, over the last decades, cyber physical systems — which include all digital assets,
computers and networking equipment — have been added to the inventory without a
structured way to ensure the highest level of readiness. We propose that cyber maintenance is
embedded in the maintenance cycle as any other military hardware. The cyber maintenance
routine should go beyond the current checking of hardware against a ledger, and just capturing
the presence of hardware, such as batteries, cables, switch boxes and antennas. What is
important is to verify the actual functionality and the appropriate level of cybersecurity to
ensure confidentiality, integrity and availability of these assets.
Tasks performed during cyber maintenance can be exemplified by updating firmware, software
and password-maintenance plans; verifying antivirus and malware signatures are up to date;
ensuring host-based and network-based firewalls are properly configured; and testing
functionality by executing a set of operational tasks.
The Army and the other branches of the Department of Defense have structured maintenance
plans that are executed to ensure unit readiness and the functionality of the equipment. The
execution of these plans is monitored by commanders and thorough inspections. For example,
many units conduct motor pool maintenance once a week where soldiers conduct preventive
maintenance checks and services, or PMCS, on their vehicles. As of today, a PMCS for cyber
maintenance has not been built into these programs. However, the amount of time to secure
our systems is increasing as we add more physical cyber systems to the battlefield.
The war fighter preparing for the future fight must be able to trust the cyber equipment’s
readiness, and the absence of ordered cyber maintenance is an ongoing vulnerability. This
issue must be addressed immediately since we in competition in cyberspace. Either
consciously or unconsciously, there is an assumption that there will be time to sort this out as
The Army hopes less software leads to better results
The software reduction helps to pave the way for fielding of the Command Post
Computing Environment.
By: Mark Pomerleau
5/20/2020 Integrate cyber maintenance into the US Army’s battle rhythm
https://www.fifthdomain.com/show-reporter/ausa/2019/10/07/integrate-cyber-maintenance-into-the-us-armys-battle-rhythm/ 3/7
a future conflict unfolds. We already know that such an assumption is spurious; there will not
be time to address cyber maintenance during conflict, and then, as a result, we enter the
conflict with insecure, unpatched and vulnerable equipment.
Our near-peer adversaries are skilled and potentially have the ability to target networked
update servers, which would deny us the ability to patch and update in the early stage of a
conflict. There could even be false updating sites and patches, exploiting the lack of order in
our patch management. We consider it to be a major vulnerability to wait until the last minute
to patch and update the cyber equipment. There is a tangible need to address this immediately
and integrate cyber maintenance into the command maintenance program.
The cyber maintenance routines are trained and manifested in a cyber-secure culture that is
reoccurring, structured and supported from the top, down. The alternative is to rely on
personal interest. Even if updates are pushed out by security administrators, there is no
verification that the updates are done. Once cyber maintenance is built into the Command
Maintenance Program, it becomes an integrated part of the maintenance cycle, and assesses
through the Command Inspection Program.
Cyber maintenance must be a topic taught at all levels of leadership schools
(noncommissioned officer courses, the Captains Career Course, intermediate-level education
and senior service colleges) because cybersecurity that doesn’t have leadership buy-in will fail.
Physical cyber systems have been integrated step-wise into traditional systems within Army
units over the last few decades, which might be an explanation for why cyber maintenance
programs have not been put in place. There has not been an overnight transformation similar
to when the Army became motorized. A hundred years ago, when the Army became motorized,
it was a concentrated, defining shift that required retraining and the establishment of motor-
Sign up for our Daily Brief
Get the top Cyber headlines in your inbox every weekday morning.
Enter your email address
(please select a country)
I'm not a robot
reCAPTCHA
Privacy - Terms
Subscribe
5/20/2020 Integrate cyber maintenance into the US Army’s battle rhythm
https://www.fifthdomain.com/show-reporter/ausa/2019/10/07/integrate-cyber-maintenance-into-the-us-armys-battle-rhythm/ 4/7
maintenance procedures. It is time to recognize the increased reliance on computer and digital
assets, and integrate cyber maintenance as a part of how we do business. It is long overdue.
Col. Stephen Hamilton is the technical director of the Army Cyber Institute at West Point and
an academy professor at the U.S. Military Academy. Jan Kallberg is a research scientist at
the Army Cyber Institute at West Point and an assistant professor at the U.S. Military
Academy. The views expressed are those of the authors and do not reflect the official policy
or position of the Army Cyber Institute at West Point, the U.S. Military Academy or the
Defense Department.
Recommended For You
European nations may be hesitant to trust AI for
cybersecurity How a pandemic can kickstart cyber lessons
How moving to the cloud can solve remote access
problems For ethical artificial intelligence, security is
pivotal
Around The Web
Comments
0 Comments Sort by
Facebook Comments Plugin
Newest
Add a comment...