Military and Police

CYBERCOM: What a Unified Cyber Command Means for the Future of US Strategy

“Cyber war fighting by its very nature is not tied to any physical location, but the hardware and people needed to conduct operations are.”

The Long-in-Coming Promotion

On August 18, the White House released a statement from president Trump announcing his order to elevate US Cyber Command to the status of a Unified Command under the Department of Defense. Since its creation in 2009, Cyber Command, or CYBERCOM, has been a substructure of US Strategic Command (STRATCOM) in Offutt Air Force Base in Omaha, Nebraska. Included in the order was to “examine the possibility” of severing the ties between Cyber Command and the National Security Agency, which until this point have been largely linked. Admiral Michael S. Rogers currently holds the position as head of NSA as well as chief of CYBERCOM.

Although this move has taken quite a while to implement, the order is no surprise. The executive branch has already been under pressure from Congress for some time to take CYBERCOM to the next level. Legislators took the step of passing a directive last year that the president establish a unified combatant command for cyber operations.

The signs of Cyber moving toward independence have been visible for nearly a year. In October 2016, while its was still tethered to STRATCOM, Cyber Command announced that its Cyber Mission Force, the collection of units set up to execute specialized cyber fighting missions, had achieved the first stages of operational status. The first draft of the Cyber Mission Force comprised about 5,000 individuals across 133 teams. At that time, CYBERCOM officials stated that the expectation was for the force to grow to over 6,000 and for all 133 teams to be fully operational by 2018.

There are a few important implications the independent status has for CYBERCOM. The promotion grants Cyber Command all the typical responsibilities of a combatant command, such as managing its forces and being prepared to conduct operations during war and other security crises. Unlike most operational commands, however, Cyber Command will have additional authorities for training and equipping cyber forces. These authorities are usually reserved for only a handful of military services.

Why is that?

Typically there is substantial layover in terms of the managerial methods used to run different commands. Broad protocols can be established from the top down, directly from the Defense Department. The more specialized the command becomes, however, the more independence it’s given. Which makes sense. That’s why another one of the notable exceptions to this rule is US Special Operations Command (SOCOM), which typically requires gear and training methods unique from other services.

The order also signals to members of the international community who face increasing cyber threats that the US is on the same page as them strategically. The message is that the US is ready to take it up a notch and maintain the same level of commitment as its security partners—as well as potential adversaries—who have done the same. Consider, for example, Germany’s establishment of a Cyber Command in April of this year and China’s Strategic Support Force at the end of 2016.

More importantly, the new structure streamlines the operational chain of command, since CYBERCOM no longer has the sub-command subordinate status. This makes day-to-day staff work significantly more efficient, even if some of the actual operations remain more or less the same.

According to insiders, the biggest practical impact for the Command is that CYBERCOM will probably be in a substantially better position to help fund itself. Now that it has achieved independent status, CYBERCOM has a much stronger position when fighting for resources within the DoD.

Cyberspace Challenges

What challenges face the fledgling new command?

First off is the issue of finding its place among the broader US military structure. And here it gets a little tricky.

All unified commands, with the exception of Transportation, Strategic, and Special Operations, are geographical commands and tend to be very protective of their theaters of operations, as they probably should be in most cases. Cyber war fighting by its very nature is not tied to any physical location, but the hardware and people needed to conduct operations are. CYBERCOM will need to address issues of “deploying” forces cross-theater—for instance, addressing threats emanating from Eastern Europe with warfighting assets located in the mainland US or the Pacific.

The risk of individual sympathizers being spurred to conduct attacks on civilian targets via content viewed on the internet is certainly the primary threat posed by militant Islam to the American population.

To help mitigate these potential clashes, Cyber Command maintains what are called Joint Force Headquarters Cyber (JFHQ-C) as a type of liaison service with all regional commands. These offices have existed way before the recent elevation order and will likely prove vital now that CYBERCOM has the additional responsibilities of an independent command.

Next comes addressing actual defense threats.

In the modern era, any kinetic conflict opens up a cyber arena that parallels it. One of the most ongoing cyber-sphere conflicts has been the promotion and instigation of violence by militant Islam. Groups such as United Cyber Caliphate (UCC) and Cyber Caliphate Army (CCA), both affiliated with ISIS, conduct minor hacking operations, and more importantly, promote and recruit to the Islamic State’s cause.

The risk of individual sympathizers being spurred to conduct attacks on civilian targets via content viewed on the internet is certainly the primary threat posed by militant Islam to the American population. The internet also provides an excellent coordinating medium, as has been demonstrated in attacks carried out in other Western countries. Terrorists trade messages through disposable accounts and even uniquely crafted hashtags that are often lost in the sea of traffic that passes through popular online platforms on a daily basis.

These are not simple threats to contain.

Former FBI director James Comey is on record stating that the United States does not have the capabilities to effectively prevent internet recruitment to militant Islam. This certainly holds true for the other operational uses militants have for the internet as well.

Recent reports have indicated that Cyber Command has been gearing up to address these challenges by organizing teams dedicated to identifying pro-militant accounts, both on commonly used platforms and possibly dark web media. These operations are apparently expected to be supported by foreign deployed “ground teams” that will forward relevant intelligence back to CYBERCOM operators and hackers, but the details on that are still hazy.

One major advantage that CYBERCOM has is that militant organizations tend to rely on existing and improvised telecommunications infrastructure and equipment that is outdated and therefore insecure. If these hubs can be identified and located, it is not difficult to render them inoperable.

The important indication from these reports, in addition to specific operational details, is the shift from a largely defensive posture taken by US defense in fighting cyber-jihad until this point to a more active offensive paradigm that will take the fight to the militants.

Another challenge the newly elevated Command may be able to address is the growing need for partnerships and relationships with the private sector. The need for such a partnership is adamantly clear. While kinetic wars tend to take place in far-off locations, the battlefields of cyber wars spread across countries and regions. No threat is limited to a specific location, group, or institution. The operating systems and other programs used in the private sector can be identical if not very similar to those used in a military or defense context.

As Lt. Gen. Paul Nakasone, the commanding general for US Army Cyber Command, eluded to in a recent conference, the sharing of information regarding vulnerabilities, threat indicators, and trends in cyber attack methods must be a two-way street between private industry and the defense establishment. This is accomplished primarily by the military and other governmental institutions devoting the resources and manpower to creating and fostering relationships, and most importantly, building trust.

If the private industry sees that they are being given invaluable intelligence regarding, say, necessary program patches to bugs that leave them and their clients vulnerable or pre-warnings regarding foreign threats on the horizon, they will be more open to streamlining information to governmental agencies necessary for them to do their jobs more efficiently in protecting the country and its assets from cyber threats.

CYBERCOM’s elevation can be more than just a formality. The new Command can indeed succeed in fostering, organizing, and effectively deploying the cyber assets needed to keep us all a little safer.

Samuel Siskind

Samuel Siskind studied intelligence research at the American Military University in West Virginia. He served as a squad commander in the Israeli Defense Force (IDF) Corp of Combat Engineers, in the Corps' ground battalions and later in its Intelligence Wing at regional and divisional stations. For the past past five years, Samuel has worked as a consultant and researcher on physical and information security issues for private and governmental institutions, in the US, Africa, India, and Israel. He currently lives in Jerusalem.

Join the conversation!

We have no tolerance for comments containing violence, racism, vulgarity, profanity, all caps, or discourteous behavior. Thank you for partnering with us to maintain a courteous and useful public environment where we can engage in reasonable discourse.