Green Berets are integrating cyber warfare into their training. Here is why it matters

During this year's Swift Response exercise near Skillingaryd, Sweden two U.S. Special Forces teams (called Operational Detachment Alpha, or ODAs) trained to integrate cyber warfare capabilities into their traditional Special Forces mission.

As a part of the exercise, one ODA identified a target building and, "used a remote access device (RAD) to identify the networks coming from the facility. They were able to crack the WiFi password, enumerate the network, and run exploits on the target computer inside the building. This enabled the team to manipulate security cameras, door locks, and other security systems in the building," an Army press release describes.

With this complete, a second ODA conducted a military free fall jump and then moved seven miles with their equipment, accomplishing a clandestine infiltration. They were then able to strike the target building, which had its security significantly weakened by their partner team's cyber intrusion. The Army itself points out that cyber warfare and Special Forces direct action missions are nothing new, but the blending of these capabilities is.

"This was executed as essentially a standard Red Team operation encapsulated in a military exercise. A lot of the steps in the outline of the exercise speak directly to what standard Red Teams can do in the Cyber industry, which is a good direction for the military to be tracking towards," Matthew Mullins who is currently a supply chain firmware consultant at Eclypsium and has also worked as a Red Team director explained. "Specifically, the blending of Cyber-Physical systems such as Physical Access Control Systems, Industrial Internet of Things, Industrial Control Systems, Wireless Local Area Networking, as an attack surface and how a group with no, or minimal, access can quickly dominate a space and leverage it for an operational objective."

Mullins pointed out that the exercise described sounded to him like a test bed more than a realistic target, noting that there is unlikely to be a WiFi attack surface when hitting a peer or near-peer military target.

"This might be a space where the military and its supporting agencies, contractors, etc, have access to superior 'firepower' but cracking weak hashes [passwords] could be an exaggeration of weakness in a real-world conflict," Mullins told Connecting Vets. "Because of these aspects, it would definitely appear this was a training exercise to build up the muscles, per se," for more complex scenarios in the future.

The Army press release also mentions that the ODA at the target building left signal jamming devices there to conceal the attack's electronic signature as they exfiltrated from the area. Mullins found that a bit perplexing.

"The signal jamming seems to be a bit of theatrics due to the compromise already occurring. Why would you want to emit another signal, which could be detected, after you have complete domination of the space in a cyber capacity? This is a great way to get caught," he said. "For modern civilian Red Teams, operators will maintain access and quietly exit and disconnect knowing that there is less of a signature to capture from a clean break versus a large disruption. There could be stuff I am missing here as the civilian sector operates differently, however," he points out.

Indeed, it appears that Special Forces is keeping a few tricks of the trade to themselves for the time being.

"This capability is something that we need to train on, and keep current with," an anonymous ODA team member who specialized in cyber said in the Army press release . "Because it’s evolving so rapidly, the devices we use today could be obsolete next year. It’s been five years since I first went to school for this - it’s changed so much in that time, I feel like it’s a whole new world."