JOINT BASE LEWIS-McCHORD, Wash. — In the next war, one of the battlescapes is likely to include a brick building shaded by fir trees, not far from Interstate 5, north of Olympia.
The two-story building, with office space downstairs and shared computer work spaces upstairs, is home to the Washington National Guard’s 262nd Network Warfare Squadron, a unit assigned to provide cyberdefense and unspecified forms of cyberoffense to guard critical U.S. infrastructure, starting with military computer networks.
While its roughly 100 members are fully qualified Air National Guard troops, they control keyboards and wield digital network expertise — not fighter jets, nor aerial drones. Many of them are drawn from the rich information technology culture of the Seattle area, home to Microsoft Corp., Amazon Inc. and a profusion of software and networking companies. In many ways, their jobs in uniform aren’t very different from their civilian jobs.
This squadron of 100-plus Air National Guard airmen is the tentpole of an emerging, coordinated military capability of the Washington National Guard that also involves an intelligence squadron, several air support squadrons, an engineering squadron, a combat communications group and other units. The airmen of these units could be called to deploy, as some have already done to the Middle East, or they could operate at a distance. Collectively, they provide a growing, integrated ability to detect, monitor, defend and potentially disable threats, whether through unseen, digital means, or what the military calls “kinetic,” or active means.
“It makes us a very elegant solution for future warfighting requirements,” said Col. Brian Dravis, commander of the Washington Air National Guard’s 194th Regional Support Wing. The 262nd and the other units fall under the 194th.
It’s not glib to say that this capability is being assembled on the fly. While the 262nd has been assigned to cyberdefense since 2002, other squadrons have begun to convert to new assignments only over the last year. They are part of the Air Force’s growing emphasis on preparing to fight a non-traditional war that doesn’t necessarily depend on heavy equipment, such as jet aircraft. Other branches, particularly the Navy, are training members to think of themselves as on the front lines every time they touch an information network.
“Future adversaries will target our dependence” on information technology, said then-Deputy Defense Secretary William Lynn III in July, when he unveiled the military’s first-ever strategy for operating in cyberspace. “Our assessment is that cyber attacks will be a significant component of any future conflict, whether it involves major nations, rogue states, or terrorist groups.”
This is a real and persistent threat. The Washington Post this week recounted the story of an infection of a classified military computer network by malware that Pentagon officials considered in 2008 to be “the most serious breach of the U.S. military’s classified computer systems.” A virus the military named Agent.btz had burrowed deep into the network, spread to other networks, collected secret information that it sought to transmit to unknown external receivers. A National Security Agency team scrambled to neutralize it and seems to have succeeded.
The case of Agent.btz was one of the catalyzing events that prodded the military to create cybercommands and begin drafting a national cyberstrategy.
The definition of cyber attacks is broader than it might appear. Cyber attacks aren’t only probes and hacks that exploit network vulnerabilities, although there are millions of such attacks on military and civilian networks daily. Such attacks are often efforts to steal personal, corporate or governmental information.
But cyber attacks also may include targeted attacks that take control of real-world equipment, damaging them without firing a shot. The most noted example of such an attack is the Stuxnet worm that attacked the equipment used by Iran to develop its nuclear enrichment abilities. It was a sophisticated exploit — successfully altering the speeds of the finely tuned centrifuges Iranian scientists were using in the uranium enrichment process, while sending signals to the machine operators that nothing was amiss — and nobody has publicly identified the nation or group that unleashed it.
“It’s how to fight the next war,” said Col. Steve Hilsdon, who commands the Washington National Guard’s 252nd Combat Communications Group, which includes the 262nd. When America is threatened by an attack from foreign aircraft, he suggested, what “if the plane can never take off?”
In an era of declining defense budgets — albeit after a decade of growth — National Guard cybertroops represent one of the more cost-effective ways for the United States to engage with its adversaries. National Guard soldiers and airmen cost less to train, maintain and retain than their active-duty counterparts, while cyber specialists don’t require expensive conventional weapons or vehicles.
Washington is in the vanguard of states that have established cyberdefense units in the National Guard. Others include Maryland, Delaware, Texas, Utah, Vermont, Rhode Island and Kansas, where Dravis commanded before coming to Washington.
Andrew Vanzandt, who turns 29 this month, “stumbled into” his place in the 262nd. He had been working in non-profit development, he said, when he read about the Washington Guard’s efforts to work with the private sector to recruit skilled airmen and protect military and other networks. And while the 262nd has been selective about filling its ranks, Vanzandt made the cut.
He knows he may have to deploy overseas. “I signed up for it,” he said.
The information technology professionals in the Washington National Guard, said squadron commander Lt. Col. Ryan Socal, “have pretty much the same job on the outside.” And they are “a bunch of guys who like that startup mentality.”
The difference, said Hilsdon, the group commander, is their work on classified networks “would be illegal downtown.”