US Cyber Command looking at how to utilize tactical on-the-ground systems

Cybercom wants to take advantage of RF-enabled cyber capabilities being built by the services.
Capt. Richard Shmel, a 17A, cyberspace operations officer, participating in the 915th Cyber Warfare Battalion’s Field Training Exercise at Muscatatuck Urban Training. (Photo by Steve Stover, U.S. Army)

U.S. Cyber Command is getting more serious about leveraging capabilities the services are developing for on-the-ground, tactical operations to jam or disrupt enemy systems.

Each of the services, in one way or another, has been developing forces and capabilities to conduct tactically focused, on-the-ground cyber and electronic warfare effects, known as radio frequency-enabled cyber.

Increasingly, there are targets that either aren’t reachable through traditional IP-based networks or remote access might not be possible, which is primarily what Cyber Command does. As the Department of Defense has matured its cyber policies, doctrine and capabilities, the reins have begun to loosen on authorities allowing these on-the-ground forces more latitude, mostly through the electromagnetic spectrum, to perform these actions. Certain factions have sought to use more proximal effects conducted through radio frequency, which require fewer levels of approval to conduct operations at the very tactical level.

Those RF-enabled capabilities, as has been envisioned for some time, could provide the proximal access to the remote operators at Cybercom and be passed off to them.


The command’s new acquisition executive, Khoi Nguyen – who’s been on the job for eight months – has begun thinking more and more about how to leverage these tactical capabilities. He most recently came from the Marine Corps, which has been developing capabilities and concepts for tactical forces that, in some cases, could be the proximal access for Cybercom some have envisioned.

“We’re looking, from a thinking perspective, if every RF sensor is a potential platform for us to deliver cyber effects through? Then from a Cyber Command perspective, how do we ensure that or how do we assist that,” Nguyen, who is also the director of the cyber acquisition and technology directorate (J9) at Cybercom, said during remarks at the AFCEA Northern Virginia chapter’s annual Army IT Day conference Jan. 11. “We’re working closely with both the Army and the Marine Corps and understanding what the way ahead from an RF-enabled cyber prospective or EW implementation and that ensuring that whatever they’re implementing, we can leverage.”

Nguyen confessed that he’s not quite sure how to fully enable this yet, acknowledging this is all very nascent from a Cybercom perspective.

“It’s going to be a balance where I think we need to be able to operate the platform forward with operators in the rear and then some set of cyber operators either trained by us [Cybercom] or certified by us that are assigned to the Army and in the Marine Corps that are forward and then are able to deliver bullets or payloads that we have certified as allowed to be delivered. But that’s a really nascent piece and we really need to work that out,” he noted.

DOD’s updated cyber doctrine, published in December 2022, recognized so-called expeditionary cyber operations for the first time. These are cyber operations that require the deployment of cyber forces within physical spaces.


However, officials in the past have discussed that there is still a potential authorities issue that must be worked through between tactical forces and those from Cybercom.

In a pre-hearing questionnaire for his confirmation to lead Cybercom, Lt. Gen. Timothy Haugh pledged to work closely with the services as they’re building out so-called tactical or expeditionary cyber forces. The Senate approved Haugh as commander in December, but it is unclear when he will officially take over the command.  

Nguyen outlined a potential vision or architecture for how Cybercom could take advantage of the placement and access of forces in the field.

“An area that I’m thinking that we should do as Cyber Command is maybe do the cyber effects against specific targets or against exquisite targets, leveraging off funding and leveraging authority to get the target device and then doing the onboard analysis and everything else and then delivering the effect or delivering data payloads,” he said. “Then ensuring that it can be hosted within an Army device or a Marine Corps RF device and this way, now, I don’t have to add Cybercom’s equipment to the services, but rather, leverage existing service RF-enabled devices and throw our effects through it. Then, of course, there’s also the local operations, where do we need to have cyber operators forward or can we reach back through to where we are at and conduct it from Cyber Command back here and so on.”

This is the type of work they’ve been looking at with the services, Nguyen said, assisting with their equipment and what they need to do the mission and possibly pass off access.


Nguyen said Cybercom is looking to take advantage of open architecture capabilities the Army and Marine Corps have adopted. This includes the Command, Control, Communications, Computers, Cyber, Intelligence, Surveillance, Reconnaissance (C5ISR)/Electronic Warfare Modular Open Suite of Standards, or CMOSS. CMOSS allows for capabilities to be inserted, updated and swapped on hardware platforms — harnessing the modern abilities of software.

“The Army is doing that, Marine Corps [Marine Air Ground Task Force Electronic Warfare Ground Family of Systems] is doing that, Cyber Command we’re going to go with that way too, just from an awareness way ahead. Cyber Command, we’re way, way nascent on this all,” he said. “I just want to communicate that we are supporting CMOSS, that both the Army and the Marine Corps are using.”

Latest Podcasts