Transcom cyber officials moving to be ‘a lot more active’ in information operations

SCOTT AIR FORCE BASE, Ill. — Cyber officials are working to strategically integrate defensive, offensive and information operations as part of a broader campaign to enhance U.S. Transportation Command’s capacity to detect and respond to contemporary digital threats.

“It’s about bringing all of those traditionally stovepiped elements together — and employing them at different times and in new and innovative ways,” Col. Michael McFeeters, chief of Transcom’s special activities division, told DefenseScoop last week.

During an exclusive tour of the command’s headquarters at Scott Air Force Base, Illinois, he and other officials shared new details regarding ongoing efforts to fuse information operations with cyber operations in Transcom’s non-kinetic arsenal, and some of the latest trends they are observing from U.S. adversaries in cyberspace.  

“A lot of this is intel-driven to wherever the threats are. And what threats are we talking about? Are we worried about China, Iran, Russia? Because they’re very, very different in how they conduct themselves and how they execute operations to contest logistics or the battle space that we’re trying to operate in through. So, you know, we have to … think differently based on whatever adversary where we’ll go up against,” McFeeters explained.

Transcom is a functional combatant command charged with executing global logistics and the transport of personnel and equipment for the Department of Defense and its components. 

The command relies heavily on data, digital systems and commercial partners to meet its mission, all of which requires significant cybersecurity protections.

“We’ve tried to change the way we do cyber operations. In the past, Transcom really focused on just the stuff that we own and operate. But the joint deployment distribution enterprise is a global enterprise,” said Patrick Grimsley, director of Transcom’s J6 command, control, communications and cyber systems directorate.

Over the last few years, command officials have expanded operations and been moving to better ensure they can present senior decision-makers with the greatest understanding of existing and emerging cyber risks — beyond the elements they operate within the Joint Force Headquarters-DOD Information Network, or JFHQ-DODIN. 

“We’re also becoming a lot more active in information operations. So not just looking at cyber in and of itself, but it’s really cyber is part of the non-kinetic portfolio. So how do we fight through or combat some of the threats that are coming at us, again, outside the things that just Transcom controls? And how do we integrate and work with the other combatant commands to do that, too?” McFeeters said.

“I’d say the majority of what Transcom does is defensive cyber operations. And this is part of thinking in a new way [about] how we leverage the IO side of that to help execute Transcom’s mission,” he added.

Information operations involve the employment of capabilities to influence adversaries’ decision-making and protect friendly forces.

“[U.S] adversaries, they’re all out there — and their focuses are very different. Like, Russia is still focused right now on being able to understand and predict when aid and munitions are crossing the border to get into Ukraine, so they can interdict it before they actually get into the hands of the fighters … who can then employ those. China — completely different. China is just trying to get into everything [in cyberspace]. They’re not facing that same existential threat that Russia is. So, they’re playing more of a wait-and-see, and let’s get in there and have effects ready to shut down systems or critical infrastructure,” McFeeters told DefenseScoop.

DOD leadership expects all military and civilian components to follow its zero-trust cybersecurity framework to protect critical national security data and information. As its name suggests, the zero-trust concept presumes all networks are compromised from the get-go.

“You won’t always be able to keep the bad guys out of everything, right? You have to assume they’re there. But I would say that’s where, by bringing together those non-kinetic disciplines becomes important, [for] intelligence and awareness. For instance, if the bad guys get into one of our systems and we know they’re there, we may not want to kick them out. We may want to take advantage of that,” McFeeters said. “And as long as we know where they’re at and we’re confident they have not laterally maneuvered in that space, we may intentionally start putting stuff into that system so they will see or think something that is not reality.”

When asked for an example, he pointed to a scheduling system Transcom might rely on to coordinate deliveries.

“We may put false schedules in there, right? So that if an adversary is watching and they think something is going to go out of a certain place at a certain time, carrying certain goods, that may not be the case. We have done that in the real world before. We will do that again,” McFeeters said.