For reservists, returning to active duty is a highly interconnected chain of events. Each step in the activation process comes with complexities and stressors on the system. Reservist expertise in cybersecurity, data analysis, and information warfare makes them valuable assets, but also prime targets for adversaries seeking to disrupt military readiness and operations. In a hypothetical scenario in which email access and critical business functions are compromised, reservists could face hurdles in returning to active duty. Even if the Navy verbally orders a sailor to deploy, functions like setting up a will, pay entitlements, or readiness training could be hindered. The absence of communication channels and disruptions via advanced cyber threats to essential systems could hinder the execution of deployment orders.
Returning to Active Duty
Recently, the National Security Agency (NSA), Federal Bureau of Investigation (FBI), U.S. Cybersecurity and Infrastructure Security Agency (CISA), Japan National Police Agency (NPA), and Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) issued a joint cybersecurity advisory exposing the activities of a China-linked cyber actor. The advisory details how the actor covertly modified network devices such as router firmware and exploited domain-trust relationships to move laterally in networks, with the goal of establishing accessible backdoors into U.S. networks.
Further, Chinese efforts and tactics to penetrate commercial and government vendors are documented in network devices and application development with log4j. The persistent cyber threat is part of a broader campaign against command-and-control systems and cloud applications, but also network devices located in homes and businesses, and could cause significant disruption in a future conflict.
Consider this hypothetical scenario. In 2026, China ramps up its pressure in the Taiwan Strait and begins preparation for an amphibious invasion of Taiwan. In response, the U.S. Navy starts recalling reservists to active duty to fill critical information warfare billets. As the invasion begins, there is a simultaneous cyberattack on U.S. networked infrastructure, halting trading maritime port traffic, crippling civilian internet traffic, and eventually slowing all Department of Defense (DoD) email traffic. DoD must ready itself for the mass mobilizations of reserve personnel and the deployment of active-duty forces. However, a critical concern has emerged: essential systems supporting these operations are experiencing degradation. From the fundamental processes of authenticating and logging into computers to more intricate aspects such as travel arrangements and pay processing, the functionality of these systems is degraded.
Reservists are part of an enterprise supply chain aiming to bring them onto active duty when needed. As of now, each step in this process requires a working common access card with the correct entitlements with accounts already established. The first step is usually checking the data integrity for personnel data—including security clearances, deployment readiness, and training status—often accessed through the Navy Standard Integrated Personnel System (NSIPS). The next step is receiving deployment orders through official email channels such as the Navy Reserve Orders Writing System. The last step involves being booked and ticketed for travel through the Defense Travel System (DTS).
Each step is susceptible to disruption. For instance, a cloud access security broker for the Navy, Okta, recently experienced an extensive data breach resulting in the exfiltration of sensitive customer information. Such disruptions, including from compromised authentication systems, highlight the need for alternative solutions and the importance of holding vendors accountable. Compounding the issues is that DTS often lacks the flexibility required to accommodate certain travel scenarios even under ideal conditions. Fear of not receiving pay because of improperly functioning pay systems and the subsequent worry about the financial impact of mobilizing could divert a sailor’s attention away from the mission—an issue that has already cropped up in the Navy’s efforts to modernize the overall pay and benefits system.
Realistic Countermeasures
Establishing backup deployment processes that do not rely on remote internet access is imperative. Reservists could use secure messaging platforms, encrypted channels, or other offline methods to ensure the continued flow of critical information. Similarly, implementing redundant access points for critical systems is vital. Reservists should have alternative means of accessing NROWS and NSIPS, such as offline access points or more secure networks. Addressing and mitigating these issues promptly is paramount to ensuring the seamless functioning of crucial military operations and maintaining the preparedness of reserve and active-duty personnel.
Developing contingency plans specifically addressing scenarios during which primary communication channels are unavailable is a necessity. During the heights of World War II and the Vietnam War, reservists went back to active duty en masse. This operational muscle must be flexed and stress tested again. Any plans should outline alternative processes and resources to ensure the seamless transition of reservists to active duty.
Looking Forward
We often take for granted easy access to the internet. However, if even basic internet connectivity becomes unavailable, a reservist activating to support national tasking suddenly faces a unique challenge. The whole point of staying in the reserve is to deploy when needed. Navigating the complexities of returning to active duty, especially in the face of compromised communication channels and critical systems, requires a proactive and adaptive approach. Addressing these challenges is crucial for the Navy to effectively navigate and leverage the benefits of digital transformation in its personnel support and cyber warfare domain. Reservists and military organizations must prioritize cybersecurity measures, scalable solutions, and contingency planning to ensure operational readiness in the digital age.