Vol. 52, No. 4

In this edition

With polls showing that over 80% of the American people view cyberterrorism as one of the top threats facing the United States, the latest Ripon Forum examines what is being done to prevent a “Cyber 9/11.”

In Memorian: “An Enduring Peace”

In tribute to the life and accomplishments of the late John McCain, we republish his 2008 interview with the Forum that not only remains remarkably relevant today, but reminds us why he will be missed.


America has played defense long enough when it comes to cybersecurity. In the face of an increasing multitude of threats, it is time to go on offense.

Elevating Cyber Command:

The elevation of CYBERCOM earlier this year is a move whose time has definitely come. In fact, the only possible criticism could be: “What took you so long?”

The Magnitude of the Cyber Threat Facing America

With an estimated 40 billion new devices expected to be interconnected by 2020, the American people — and the U.S. economy — are more vulnerable than ever before to a cyber attack.

Defending the Grid

With cyber threats continuing to grow and evolve, the public & private sector are working together to protect America’s supply of electric power.

Closing the Federal Cyber Workforce Gap

A recent OMB report highlighted the fact that Three quarters of federal agencies lack the capability “to effectively detect data exfiltration attempts and respond to cybersecurity incidents.”

Paper Ballots & Election Security:

Eliminating the human element from filling out paper ballots is as essential to election security as ensuring election machines produce a voter verifiable paper ballot.

Safeguarding the Mid-Terms

There’s a mixed bag of actions being taken by election officials in states across the country in order to mitigate the infiltration of election systems during the 2018 mid-terms.

Troubling Trends in the Federal Budget

Elected leaders profess to be concerned about the nation’s long-term economic growth. You’d never know it, however, by looking at the federal budget.

A Failure on 9/11, and a Lesson Finally Learned

Prior to 2001, the ability to communicate over commercial wireless carriers would routinely be unavailable during major incidents — times when first responders need it the most.

Ripon Profile of Jackie Walorski

The Indiana Congresswoman discusses, among other topics, the importance of farmers and manufacturers in her District, and how tariffs will impact their work.

Elevating Cyber Command:

An Overdue Step towards Enhancing Military Cyber Operations

A ceremony in May marked the elevation of U.S. Cyber Command from a Sub-Unified Combatant Command to a Unified Combatant Command, a move that will help the military conduct cyber operations. It joined Central Command, Indo Pacific Command and Strategic Command and others as one of 10 Unified Combatant Commands in the Department of Defense.  It’s a move whose time had definitely come. In fact, the only possible criticism could be: “What took you so long?”

At the ceremony marking the change, the new commander of CYBERCOM, Army General Paul Nakasone, described CYBERCOM as “responsible for the planning and execution of the cyberspace missions … to secure our nation’s freedom of action in cyberspace and to help mitigate risks to our national security resulting from America’s growing dependence on cyberspace.”

“Our team has both the challenge and, more importantly, the opportunity to build a combatant command from the ground up,” Nakasone said.

Its a move whose time had definitely come. In fact, the only possible criticism could be: What took you so long?

According to Deputy Defense Secretary Patrick Shanahan, the change is “an acknowledgement that this new warfighting domain has come of age.”

Cyber is a domain of warfare with a unique set of challenges. Attribution is difficult, distance is irrelevant, and even small actors can have outsized impact. Given the modern reliance on networks for all facets of society, from power grids to communications networks to individual smart phones, the possibilities of a cyber-attack are broad, varying from minimal to catastrophic. Some have gone so far as to claim cyberwar will define conflict in the next century.

Adversaries such as China, Russia, Iran, North Korea, and some non-state actors have increasingly advanced cyber capabilities that can target the U.S., and the challenging nature of the domain, coupled with the wide range of operations and targets involved, makes this a critical part of the new military landscape.

As technology and our understanding of the implications of cyber warfare have evolved, so too has the United States’ organization to handle military cyber operations.

In 1998, the same year that Apple launched the iMac, Joint Task Force-Computer Network Defense (JTF-CND), an early predecessor to CYBERCOM, was activated under the Defense Information Systems Agency (DISA) to address the early security concerns around DoD networks. In 2002, it was moved to U.S. Strategic Command (STRATCOM).

As the importance of cyber operations grew, in 2009 DoD stood up U.S. Cyber Command as a sub-unified command under STRATCOM. But Cyber always seemed the “odd man out” in a command focused on nuclear deterrence and strategic strike.

Sub-unified commands are created to conduct a portion of the mission assigned to their parent unified command. But the rapidly growing cyber threat and its implications appeared to eclipse the responsibilities of STRATCOM. Almost from the time it was created, CYBERCOM cast a shadow greater than a typical sub-unified command, such as Alaska Command (under Northern Command) or U.S. Forces Korea (under Indo Pacific Command).

To their credit, successive STRATCOM and CYBERCOM commanders made the relationship work, but despite their efforts, the subordinate nature of a sub-unified command served to diminish in stature and importance the critical mission of the command. Cyber-attacks in Georgia in 2009, South Korea in 2009, and the attack on Sony Pictures in 2014 all highlighted the increasing vulnerabilities and potential of cyber warfare.

As a Unified Combatant Command, CYBERCOM’s effectiveness will be enhanced by the ability to work directly with the other combatant commands, and by its commander’s authority to report directly to the secretary of defense. It also means better synchronization of training and operations, as the commander of CYBERCOM was given responsibility to be the joint force trainer for cyber. All of this will enhance the amount of impact Cyber Command will wield inside and outside of the Pentagon, which is needed in this critically important area.

CYBERCOMs effectiveness will be enhanced by the ability to work directly with the other combatant commands, and by its commanders authority to report directly to the secretary of defense.

Special Operations Command’s elevation to Unified Command in 1987, and the benefits that this change conveyed, amply illustrates this point. Better training, acquisition speed and coordination of efforts led to SOCOM’s unequaled ability to wage the global war on terror in a fast-paced environment of near constant operations. The Cyber force can now enjoy these advantages as well.

Marking the elevation of CYBERCOM to a unified command, President Trump noted in a White House announcement that “United States Cyber Command’s elevation will also help streamline command and control of time-sensitive cyberspace operations by consolidating them under a single commander with authorities commensurate with the importance of such operations. Elevation will also ensure that critical cyberspace operations are adequately funded.”

Thus the elevation of CYBERCOM is unquestionably positive and the reorganization overdue given the importance of cyber in modern warfare and the need to address threats in cyber space, both here and in combat theaters abroad.

However, this is not a quick fix to the challenges and threats we face in the cyber domain. Much work remains to be done as the nation continues to grapple with this new challenge institutionally.

CYBERCOM’s elevation is a sure win for the United States, but as General Nakasone recognized, the nation is only now beginning to discern the broad contours of the threats and opportunities present in military cyber operations. Greater attention and investment from policymakers are needed to better develop the U.S. strategy and capabilities for effective cyber operations for the future.

Thomas Spoehr is director of the Heritage Foundation’s Center for National Defense, where James Di Pane is a researcher.