How the Enemy Could Hit the U.S. Army at Home
What good is having the best fighting forces in the world if the U.S. Army loses the ability to employ them? What happens when the 82nd Airborne Division isn’t physically able to deploy because its paratroopers and families are psychologically targeted where they live, train, and go to school? What happens when installation infrastructure is sabotaged by multiple attacks timed to natural disasters? What happens when bases at home become the first skirmish lines of future war? It is time for the U.S. Army to change the way it thinks about its installations.
Today, U.S. Army installations are a complex ecosystem where soldiers live, train, conduct warfighting missions, generate combat power, and raise families. They are dealing with issues such as chronic underfunding, outdated organizational structures, and most importantly, technological change. Future adversaries will attempt to exploit these critical vulnerabilities to defeat the U.S. Army long before it deploys. Rivals will seek to strip away the Army’s ability to maneuver using cyber, information, and unconventional warfare to take down its warfighting functions one by one. To prevent this, the Army should update its concept of installations and accept that they are the first skirmish lines of tomorrow’s defense so that it can better prepare itself for the coming salvos in its own backyard.
The Fight: Coming to an Army Base Near You
Last week, Popular Mechanics published an article about a Russian drone carrying a single thermite grenade that destroyed the largest ammunition depot in the world, killing one, injuring five others, and causing over a billion dollars of damage. The grenade was flown to a spot on Balakliya military base in Eastern Ukraine, setting off a chain of explosions that resulted in the destruction of ammunition stockpiles and the evacuation of over 20,000 residents. However, this type of attack was not the first of its kind. Russian intelligence and guerrilla forces have been methodically targeting Ukrainian bases for several years. These saboteurs exploit growing vulnerabilities of military facilities using readily available consumer drones not only to inflict casualties, but to take away their adversary’s ability to maneuver.
Meanwhile, that very same week in Washington, five drones were spotted flying within just one kilometer of Fort McNair. Fort McNair is a satellite installation of Joint Base Myer Henderson-Hall, which I command. It falls within the Federal Aviation Agency’s metro Washington-area restricted air space and is considered a no-drone fly zone. The drone pilots were obviously undeterred by those restrictions and the aircraft were identified by their downlinks as popular consumer drones. However, we still do not know what the operators’ intentions were and whether future flights near Army installations will be benign.
The Internet of Things and Frontier Forts
While no analogy is perfect, the Internet of Things and frontier forts have more in common than one might think, especially when it comes to their usefulness for updating how we should think about U.S. Army installations.
Today, the Internet of Things is exploding and outstripping the capabilities of nearly every institution and multinational-corporation. We are engulfed by once unimaginable ever-expanding clouds, software-defined networks, robotics, and artificial intelligence. And as these things proliferate wildly, their costs are dropping. The ever-decreasing barrier to entry provides individuals more access to lethal and disruptive technologies than ever before and has democratized a new era of destructive capability.
Yet, while the prospect of wide-open tech possibilities seems to portend wide-scale threats, that doesn’t necessarily mean mass casualties and widespread destruction. Rather, recent observations suggest that the Internet of Things and accompanying technology will instead be purposefully applied to induce widespread calamities. Disruptive technologies will be deliberately used to paralyze economic, financial, and military systems. Just like the Russian attack in Ukraine described above, future adversaries will use unmanned systems to present multiple dilemmas, induce psychological responses, and immobilize reactions. Whether by bits or bytes, meme-warfare, or acts of sabotage, this method of warfare will not be about how many people an adversary can kill, but how badly they can tie systems in knots.
In response to the changing characteristics of technological threats, some multinational corporations have gone to extremes to field their own cyber-enabled crisis response teams and private armies. Updating their own responses and mindsets towards the expanding surface area of attacks, multi-national corporations are using new methods to protect their physical assets, networks, and most importantly, their data and information. In effect, multinational corporations have recognized the need to update their conceptual defenses and are already pitching some of the first skirmish lines for tomorrow’s fights.
U.S. Army installations have a long history, but even in their current design, are not dissimilar from their more modest beginnings. Shortly after the Civil War, Americans ventured westward seeking new opportunities and a new way of life. Right alongside them, the U.S. Army built more and more forts safeguarding the way. Carved out of the raw frontier, these early installations were Spartan in amenities but vital in their roles, protecting strategic lines of communication, burgeoning settlements, and garrisoning soldiers and their families. Frontier forts were the outposts of civilization from which countless satellite towns emerged.
Situated on key terrain and constructed of wood, frontier forts had high stockade fences, serpentine defenses, and were manned by guards with guns. They had clear fields of fire, few entry points, and perimeter earthworks that channeled movement along observed terrain. People saw forts as a place to safeguard soldiers and their families while providing the training space and marshaling areas to assemble before projecting forces outside their walls. Even then, despite humble beginnings, forts were the initial maneuver platforms for the Army, and remain so today.
Today, installations have exploded to provide countless services to ensure Army combat readiness. While “readiness” is open to interpretation, today’s installations must manage a whole spectrum of diverse programs, some directly tied to warfighting like training areas, barracks, and dining facilities, while others have more social-welfare functions. Regardless, Army installations have dramatically evolved and now include the entire life cycle of soldiers, from raw recruits to retirees. Like the Internet of Things, installations have exploded with vast arrays of physical, informational, and logical infrastructure to become complex ecosystems that continue to provide the Army the space it needs to maneuver, whether that means training, preparing, or deploying.
What is different about today is the scope, scale, and diversity of what installations contain. Tenant agencies, organizations, and units of every size, type, and kind now live and work across every installation. Each one of them contains specific missions, roles, and most importantly, a sub-component of larger multi-domain capability that, when combined, provide the U.S. Army its combat power. So, as technology continues to provide more and more attack surfaces, so too does it create ever-new vulnerabilities across installations.
Army leaders should be concerned. The U.S. Army still requires freedom to maneuver in order to assemble its assets into war-fighting functions. Further, to successfully employ those capabilities against an adversary requires the Army to achieve positions of relative advantage. As the characteristics of conflict change, so too must our concepts of installations. Installations in their current configuration are inadequate and unprepared for future attacks.
What happens when these capabilities are attacked one by one by multiple disruptive operations? What happens when the Army isn’t physically able to deploy because its soldiers and families are targeted somehow? What happens when installation networks are hacked, critical electric, heat, and communication infrastructure are sabotaged at peak consumption, or water reservoirs are poisoned? What happens when multiple man-made attacks are timed to coincide with natural disasters to create multiple and simultaneous emergencies at once?
Not Frontier Forts, but Skirmish Lines: Three Ways to Prepare for the Future Fight
Installation commanders must be equipped to fight because they are where the future fight will happen. Rather than looking outwards from the ramparts, tomorrow’s installation fights will be inside the wire, miniaturized, and virtual. They will be ambiguous brush-fires. Installation commanders need to understand the threat and be ready with resources and trained personnel to fix and report initial contacts. There are three simple things the U.S. Army can do to better defend the greatest fighting force in the world. It must get smart, get secure, and change the way it thinks about installations.
It is time to take lessons from smart-city thinking for Army installations. The installations of tomorrow should decentralize response to the points of incident by better integrating the defensive tools required into installation-level capabilities. Powering down edge computing enables installation commanders to apply the right tool at the right time and the right place.
Installations require increased investment. The Army’s backlog of deferred building maintenance has ballooned to $10.8 billion dollars in 2017. The Army’s infrastructure sustainment, restoration, and modernization accounts have been underfunded for several years and is a significant problem, perpetuating compounding vulnerabilities.
Installations need smarter types of investments with more focus on war-fighting and less on fluff. As technology drives increased open market competition, the Army should capitalize on every opportunity to privatize and divest social welfare programs to the countless interconnected local communities that surround them.
The future of security is less about what you see and more about what you don’t. This means that the virtual and information realms will become as important to security as the physical one. A cyber-enabled approach to security means employing fewer fences, guards, and gates, and more interconnected and integrated access control systems.
The Army must develop an “Installation Internet of Things” operating concept and framework which includes baked-in cyber-security and a resilient design. The framework should securely integrate a wide array of industrial control systems, supervisory control and data acquisition systems, cyber-physical systems, and critical infrastructure and key resources across installations. It should be able to safely connect key platforms to networks, to edged devices, and to the users that need them.
Also, following the example of some multi-national corporations, establishing a chief security officer or chief risk officer at every installation could help holistically manage and integrate physical, logical, and informational layers into a more effective security governance framework. This would help support Army combat readiness objectives.
A New Mindset
Most importantly, the U.S. Army – from the top of the chain of command down to the newest private – needs to change the way it thinks about installations. These installations are not sanctuaries anymore. They are skirmish lines in our own backyard. Installations must be networked, resilient, and customized according to each geographic location’s unique circumstances, threats, and situations. Above all, installations must be built upon an innovative culture, so that when the lights do go out, trust and mission command will prevail. During the coming times of non-connectivity and blackout attacks, the key to the Army’s success will be recognizing that disruptive attacks are not the end of the world, only the opening battles for which it has already prepared.
Installations may have evolved in services since their frontier days, but they still remain the indispensable platform to projecting U.S. Army combat power. Future adversaries will attempt to exploit their growing technological vulnerabilities to de-domain Army capabilities by using cyber-warfare, information warfare, and unconventional warfare attacks. Thus, we must update our concepts of installations from being sanctuaries to being the first skirmish lines of future defense. In the end, defeating the U.S. Army with its own installations might seem like hyperbole, but it would be dangerous to simply hope that our enemies will not try.
Patrick Duggan is the commander of Joint Base Myer Henderson-Hall. He is a career Special Forces Officer and Unconventional Cyber-Strategist. His views are his alone and do not represent those of the Department of Defense or the U.S. Army.