Busting The Green Door: Army SIGINT Refocuses On Russia & China

Over 17 years of fighting terrorists and insurgents, “our SIGINT forces mastered the art and science of identifying and tracking individual threats with pinpoint precision," Lt. Gen. Berrier said. "We now face a significant challenge on a much larger scale."

By SYDNEY J. FREEDBERG JR.

CAPITOL HILL: The Army has a new, two-pronged strategy for Signals Intelligence, its top intelligence official said at a recent forum here. First, SIGINT forces must continue their post-9/11 evolution from a secretive, insular priesthood to a hands-on helper for frontline troops. At the same time, SIGINT must scale up the “precision” techniques developed to track insurgents‘ and terrorists‘ transmissions so it can tackle much bigger and more sophisticated adversaries like Russia and China.

Instead of pinpointing terrorist leaders for drone strikes or commando raids, SIGINT may be finding electronic weak points in enemy networks that US cyber and electronic warfare teams can then hack or jam.

There is a foundation of success to build on, Army leaders told the Capitol Hill forum, which was organized by the Association of Old Crows, the leading professional association for electronic warfare. Intelligence in general and SIGINT in particular, they said, have gotten better integrated with other Army branches since 9/11 — and especially since 2016.

“It has been a remarkable two years,” said Brig. Gen. Jennifer Buckner. Formerly deputy commander of Joint Task Force ARES, which led Cyber Command operations against ISIS, she is now cyber director in Section G-3/5/7 of the Army's Pentagon staff. Increasingly close cooperation between intelligence analysts and tactical commanders, she said, has made it possible “to normalize operations like this so we truly are using the intelligence to inform and enable further targeting.”

Ultimately, said the Army's deputy chief of staff for intelligence (G-2), Lt. Gen. Scott Berrier, the Army and its fellow services need to integrate intelligence, cyber warfare, and electronic warfare to realize their vision of Multi-Domain Operations, in which US forces launch coordinated attacks, both physical and electronic, from land, sea, air, space, and cyberspace.

Over 17 years of fighting terrorists and insurgents, “our SIGINT forces mastered the art and science of identifying and tracking individual threats with pinpoint precision,” Berrier told the forum. “We now face a significant challenge on a much larger scale, combat operations with near-peer and peer competitors.”

Even if we never fight Russia or China directly, Berrier said — and let's hope we never do — we'll face the technology they sell around the world. In places like Ukraine, US partners are already fighting Russian proxies. So to meet this challenge, Berrier said, he recently approved a Signals Intelligence strategy with four main lines of effort:

1. Build a SIGINT force that's responsive to and closely integrated with tactical units, from corps headquarters on down;
2. Apply what SIGINT has learned in counterinsurgency and counterterrorism over the last 17 years to high-intensity warfare;
3. Buy new equipment, ground-based and airborne, that's up to the challenge of great power adversaries; and
4. Develop new doctrine, field manuals and concepts for large-scale combat.

Thanks to enthusiastic support from both Army Chief of Staff, Gen. Mark Milley, and recently departed chief of Pacific Command, Adm. Harry Harris, an experimental unit called the Multi-Domain Task Force is already exercising some of these concepts in PACOM. It's built around an Army artillery brigade — both cannons and long-range missiles — augmented with long-range sensors to find targets and an integrated Intelligence, Cyber, & Electronic Warfare (ICEW) team that can stage non-physical attacks.

“If you want to shoot 500 or a thousand miles, you have to see 500 or a thousand miles,” Berrier said. “This is the way of the future.” Getting there, though, requires overcoming the ways of the past.

The “Green Door” Problem

For generations, Army commanders have complained that Signals Intelligence operated behind a “green door” of security restrictions that kept them from sharing vital intelligence in time to act on it. For its part, Army SIGINT tended to see its primary customer as the National Security Agency, not combat units. In this context, the SIGINT community was leery of anyone actually taking action based on intelligence, lest it give away a source of long-term strategic value for a short-term tactical gain.

But in Afghanistan, Iraq, and Syria, the US military was trying to find, target, and capture or kill key insurgents and terrorists, who kept constantly on the move. That meant intelligence on their location had to get to tactical commanders fast, before the target moved again. If you wanted the drone to fire the Hellfire at the right target, or the special operators to kick down the right door, you needed to bust down the green door first.

Conversely, once ground troops grabbed a High Value Target, they had to get his cellphone, laptop, and other devices to the intelligence analysts ASAP so his contacts could be tracked down and special operators could go after them before they scattered. The result was a self-reinforcing cycle that generated much more intelligence than you'd get by just passively listening to the enemy.

So today, tight integration between signals intelligence and tactical commanders for such “intelligence-driven operations” has become almost routine — on a small scale. But there's a big difference between targeting a Taliban bomb-maker on his cellphone in someone's garage as opposed to a Russian general on a high-security network in the middle of a tank division.

For the many scenarios in high-end warfare when a target is too well-protected for other forces to bomb or capture, the Army wants the option to hack the target's network or jam its radio signals — to disrupt what it cannot destroy. That requires SIGINT to hand the target data to so-called “non-kinetic” ways of disrupting the enemy through cyber and electronic warfare. But there's a profound institutional imbalance here.

SIGINT is one of the most influential and well established technical branches of the Army, in large part due to its intimate relationship with the NSA. But cyber is the newest branch, albeit benefiting from rapid growth and high-level attention, with its offensive capabilities highly secret and tightly restricted. And Army electronic warfare was largely disbanded after the Cold War and remains a small, underfunded force with very little actual hardware beyond short-range jammers to keep roadside bombs from detonating.

So while the “green door” between intelligence and operations may have been kicked down, very real barriers remain between intelligence, cyber, and electronic warfare.

The CENTCOM Model

Central Command — which oversees Afghanistan, Iraq, and Syria — has forced intelligence officers and combat commanders to work together in new ways, said Lt. Gen. Stephen Fogarty. This is possible, in part, because intelligence has gotten better at “sanitizing” information so tactical operators can use it without inadvertently revealing intelligence sources and methods, he said. But intel has also grown more willing to take the “tremendous risk” that something might slip out anyway, because the greater risk was that not acting on the intelligence would cost lives.

Fogarty lived all this first-hand. Now head of Army Cyber Command, he was previously head of the Army cyber school at Fort Gordon and the top intelligence officer (J-2) for Afghanistan and, later, CENTCOM as a whole. But Fogarty's far from alone: Not only his fellow high-level panelists, but two veterans in the audience members on Capitol Hill — a young officer and a retired general — took the microphone to agree with him.

“What I saw in theater, [in] my time in CENTCOM and multiple trips to Afghanistan, is that SIGINT drove operations...down to the most tactical level,” Fogarty said. National Security Agency SIGINTers — “both civilian and military” — were actually sitting side-by-side with combat officers in Army brigade headquarters and, in some cases, even on company-sized Combat Outposts (COPs), he said. (This is very similar to how the National Reconnaissance Office has operated over the last decade on the battlefield with its Field Representative program.)

Now many of the company, battalion, and brigade commanders who grew accustomed to this close support are leading the Army. “The guys who were lieutenants, captains, majors, lieutenant colonels that are now two, three, and four stars today, that's what they expect,” Fogarty said.

Of course, what broke down the traditional barriers between intelligence and operations was “the tremendous pressure” of wartime, when US and allied lives were in danger every day. “What we've got to make sure,” Fogarty said, “is we maintain that pressure and that we don't regress to where we were potentially back in the Cold War.”

What's New?

So what is Army intelligence actually doing to build on the counterterrorist successes of the past and prepare for a great power conflict in the future?

Most immediately, the Army is changing how it trains, everything from new schoolhouse courses for officers to new field exercises for entire brigades.

When an infantryman or tanker gets promoted to a leadership role, Berrier noted, they attend specialized courses to help them develop a bigger-picture perspective on the battlefield. For their part, intelligence leaders need to go beyond technical training in purely intelligence tasks — as complex and challenging as that is — and learn how to “integrate our highly technical skills into tactical formations” alongside infantry, armor, artillery, aviation, cyber/electronic warfare, and the rest.

Intelligence soldiers and officers also need to practice their technical and tactical skills in real-world conditions. That's not easy to arrange. First, the law is far more restrictive of training in the US than operations overseas, especially when it comes to intelligence collection in the vicinity of US citizens. Second, the electromagnetic transmissions SIGINTers need to practice detecting can interfere with civilian electronics, and the Army doesn't want to fight the FCC. Training for electronic warfare, which involves deliberately disrupting signals, is even trickier.

The best site for such training in the US, not coincidentally, is the Army Electronic Proving Ground at Fort Huachuca, home of the intelligence branch. Berrier commanded Fort Huachuca until he handed the job over to Maj. Gen. Robert Walters. Since units testing or training there are isolated from civilian population centers by broad deserts and high mountains, Walters told the Capitol Hill forum, “they can turn their jammers on and we don't have planes crashing in Tucson.”

Unfortunately, US electronic warriors don't have many jammers to turn on, not yet. (We'll delve into that tomorrow). But at least Army SIGINT systems like Prophet can train at Huachuca on detecting and analyzing real signals. The Army is also trying to replicate or simulate enemy signals at its Combat Training Centers in California, Louisiana, and Germany. Even so, some aspects of high-tech, high-intensity warfare may only be replicable in simulations, Berrier said. The Army's key tool here is a simulator called IEWTPT, the Intelligence Electronic Warfare Tactical Proficiency Trainer.

Training to do better with current technology, however, is not enough. Current systems were designed and fielded at a time when the US could operate freely in the electromagnetic spectrum, Berrier said, where the main problem was not enemy activity but inadvertent interference from other US systems (known as “electronic fratricide” or “blue on blue”). Against Russia, China — or anyone who's bought their latest systems — the spectrum will become a battlefield. So the Army needs to develop new equipment designed to withstand hacking, jamming, and other rigors of high-tech combat, like advanced anti-aircraft systems that can shoot down scout planes, drones, and helicopters.

Ultimately, the Army envisions multi-purpose systems that can not only detect and analyze enemy signals — the SIGINT function — but also disrupt or subvert those signals — the cyber/electronic warfare functions. That makes a lot of sense, in theory, since cyber/EW needs SIGINT to find its targets in the first place. But it's much more complicated to implement in practice, less because the technology is tricky than because of the intense tribal rivalries within the Army. We'll delve into those divisions and possible solutions in a second article, due out tomorrow.

https://breakingdefense.com/2018/07/busting-the-green-door-army-sigint-refocuses-on-russia-china/