A ceremony in May marked the elevation of U.S. Cyber Command from a Sub-Unified Combatant Command to a Unified Combatant Command, a move that will help the military conduct cyber operations. It joined Central Command, Indo Pacific Command and Strategic Command and others as one of 10 Unified Combatant Commands in the Department of Defense. It’s a move whose time had definitely come. In fact, the only possible criticism could be: “What took you so long?”
At the ceremony marking the change, the new commander of CYBERCOM, Army General Paul Nakasone, described CYBERCOM as “responsible for the planning and execution of the cyberspace missions … to secure our nation’s freedom of action in cyberspace and to help mitigate risks to our national security resulting from America’s growing dependence on cyberspace.”
“Our team has both the challenge and, more importantly, the opportunity to build a combatant command from the ground up,” Nakasone said.
It’s a move whose time had definitely come. In fact, the only possible criticism could be: “What took you so long?”
According to Deputy Defense Secretary Patrick Shanahan, the change is “an acknowledgement that this new warfighting domain has come of age.”
Cyber is a domain of warfare with a unique set of challenges. Attribution is difficult, distance is irrelevant, and even small actors can have outsized impact. Given the modern reliance on networks for all facets of society, from power grids to communications networks to individual smart phones, the possibilities of a cyber-attack are broad, varying from minimal to catastrophic. Some have gone so far as to claim cyberwar will define conflict in the next century.
Adversaries such as China, Russia, Iran, North Korea, and some non-state actors have increasingly advanced cyber capabilities that can target the U.S., and the challenging nature of the domain, coupled with the wide range of operations and targets involved, makes this a critical part of the new military landscape.
As technology and our understanding of the implications of cyber warfare have evolved, so too has the United States’ organization to handle military cyber operations.
In 1998, the same year that Apple launched the iMac, Joint Task Force-Computer Network Defense (JTF-CND), an early predecessor to CYBERCOM, was activated under the Defense Information Systems Agency (DISA) to address the early security concerns around DoD networks. In 2002, it was moved to U.S. Strategic Command (STRATCOM).
As the importance of cyber operations grew, in 2009 DoD stood up U.S. Cyber Command as a sub-unified command under STRATCOM. But Cyber always seemed the “odd man out” in a command focused on nuclear deterrence and strategic strike.
Sub-unified commands are created to conduct a portion of the mission assigned to their parent unified command. But the rapidly growing cyber threat and its implications appeared to eclipse the responsibilities of STRATCOM. Almost from the time it was created, CYBERCOM cast a shadow greater than a typical sub-unified command, such as Alaska Command (under Northern Command) or U.S. Forces Korea (under Indo Pacific Command).
To their credit, successive STRATCOM and CYBERCOM commanders made the relationship work, but despite their efforts, the subordinate nature of a sub-unified command served to diminish in stature and importance the critical mission of the command. Cyber-attacks in Georgia in 2009, South Korea in 2009, and the attack on Sony Pictures in 2014 all highlighted the increasing vulnerabilities and potential of cyber warfare.
As a Unified Combatant Command, CYBERCOM’s effectiveness will be enhanced by the ability to work directly with the other combatant commands, and by its commander’s authority to report directly to the secretary of defense. It also means better synchronization of training and operations, as the commander of CYBERCOM was given responsibility to be the joint force trainer for cyber. All of this will enhance the amount of impact Cyber Command will wield inside and outside of the Pentagon, which is needed in this critically important area.
CYBERCOM’s effectiveness will be enhanced by the ability to work directly with the other combatant commands, and by its commander’s authority to report directly to the secretary of defense.
Special Operations Command’s elevation to Unified Command in 1987, and the benefits that this change conveyed, amply illustrates this point. Better training, acquisition speed and coordination of efforts led to SOCOM’s unequaled ability to wage the global war on terror in a fast-paced environment of near constant operations. The Cyber force can now enjoy these advantages as well.
Marking the elevation of CYBERCOM to a unified command, President Trump noted in a White House announcement that “United States Cyber Command’s elevation will also help streamline command and control of time-sensitive cyberspace operations by consolidating them under a single commander with authorities commensurate with the importance of such operations. Elevation will also ensure that critical cyberspace operations are adequately funded.”
Thus the elevation of CYBERCOM is unquestionably positive and the reorganization overdue given the importance of cyber in modern warfare and the need to address threats in cyber space, both here and in combat theaters abroad.
However, this is not a quick fix to the challenges and threats we face in the cyber domain. Much work remains to be done as the nation continues to grapple with this new challenge institutionally.
CYBERCOM’s elevation is a sure win for the United States, but as General Nakasone recognized, the nation is only now beginning to discern the broad contours of the threats and opportunities present in military cyber operations. Greater attention and investment from policymakers are needed to better develop the U.S. strategy and capabilities for effective cyber operations for the future.
Thomas Spoehr is director of the Heritage Foundation’s Center for National Defense, where James Di Pane is a researcher.