In a recent visit to PACOM with other Stanford colleagues, we had the chance to observe an Army brigade combat team exercise. This exercise involved an opposing force that was operating under free-play conditions—that is, the opposing force was free to innovate tactics against the brigade in training as it saw fit.
But in conversations with the personnel running the exercise, it came out that what the opposing force could do was highly constrained in the cyber dimension—and the reason offered was that giving them full free rein would shut down the exercise and prevent the brigade from achieving its other training objectives. Given the high cost of the exercise (~$3-4 M), it made more sense to prevent a premature shutdown of the exercise.
That rationale makes sense to me as well, and this posting is no way a criticism of this particular exercise. But one result of conducting the exercise with severe constraints on the opposing force’s cyber operations is that the brigade will not be training against a full-on cyber threat—and thus will get no practice operating in a severely compromised cyber environment.
If the practice constraining the cyber operations of opposing forces in major exercises is common (and I believe it is), our forces will be severely handicapped when they deal with real-world adversaries that do have significant cyber capabilities.
I can’t help but wonder: Would the cyber-induced collapse of expensive exercises motivate senior decision makers to pay more attention to operating in compromised battlefield environments?