The essays in this volume describe ways in which U.S. Cyber Command (USCYBERCOM) has evolved over the decade since Secretary of Defense Robert Gates directed its establishment in June 2009. Its current commander, Gen. Paul Nakasone, divides the history of the command into overlapping chapters, or “acts.” Act 1 was standing up the command in May 2010. Act 2 was the team-building phase. In 2012, the Department of Defense (DOD) began building 133 teams – 6,187 people, both military and civilian. Over the ensuing four years, the Cyber Mission Force increased its capacity and capability, reaching full operational capability in 2018. During act 3, those teams were employed. While still building the force in 2016, Joint Task Force–Ares supported U.S. Central Command and U.S. Special Operations Command by conducting operations to defeat ISIS in virtual space. In 2018, the Russia Small Group, a USCYBERCOM partnership with the National Security Agency, in coordination with other members of the interagency community, assisted in securing the 2018 midterm elections.
These organizational and operational milestones have been accompanied by an equally important “conceptual” transformation, characterized by General Nakasone in his 2019 Joint Force Quarterly article as a pivot from a “response force” to a “persistence force.” The commander writes, “USCYBERCOM initially focused on defending DOD networks[,]… executing counterterrorism operations, planning to support conventional forces in crisis scenarios, and maintaining capacity to respond to an attack of significant consequence against our critical infrastructure.” The response force concept, holding forces in reserve for war or responding to attacks after the fact, proved to be no match for increasingly capable adversaries operating continuously below the threshold of armed conflict against our critical infrastructure, government networks, defense industries, and academia. “A persistence force has a much higher chance of disrupting adversary plots and protecting Americans, compared with a force that is confined to sporadic reconnaissance” and episodic engagement. (US Naval War College)
This is from a chapter in a Naval War College publication entitled “Ten Years In: Implementing Strategic Approaches to Cyberspace.” This particular chapter is by Emily O. Goldman called “The Cyber Paradigm Shift.” These two paragraphs capture the evolution of USCYBERCOM quite nicely. I will add that there is no Cyber Force as a new service to accompany this functional combatant command although the idea has been bandied about for decades. Like other combatant commands, it has service components as shown in the organizational chart above. CYBERCOM’s largest and central component is JFHQ-DODIN (Joint Force Headquarters-Department of Defense Information Network) comprised of all DoD computer networks, some 15,000 networks, their infrastructure and the quarter million personnel (military, civilian and contractor) who run those networks. In essence, this is CYBERCOM’s AOR. This grew from DISA (Defense Information Systems Agency) as it was known in my day.
The final component of CYBERCOM is the Cyber National Mission Force consisting of 133 Cyber Mission Force Teams. These teams are what I would consider the maneuver units of CYBERCOM. The following is from an ARCYBER fact sheet:
The Cyber National Mission Force plans and conducts cyber operations aimed at disrupting adversaries. The group works against specific nation-state threats and aims to engage those enemies as a means of preventing cyber intrusions. It is often described as having Cyber Command’s best operators.
The Cyber National Mission Force is considered one of the leading groups at Cyber Command in carrying out Nakasone’s philosophy of “persistent engagement.” This approach recognizes that cyber forces must be in constant contact in cyberspace with competitors day to day. A key pillar to that concept is what defense officials are calling “defending forward,” which involves operating outside U.S. networks to face threats as far away from the United States as possible. (ARCYBER)
These teams are trained, equipped and maintained by the services. They appear to be platoon size elements of military and civilian personnel. I don’t know if they also have contractors assigned to these teams. Although this is a new concept to me that came about after my retirement, I see how the idea evolved. I created and ran a HUMINT collection detachment that combined clandestine collection, linguistic and technical skills to conduct long term collection operations online. We were a military, civilian and contractor mix from both DIA and NSA in near daily contact with analysts from DIA, NSA and FBI. We provided direct support to JTF-CND (Joint Task Force – Computer Network Defense) which operated under SPACECOM. While JTF-CND had numerous surveillance capabilities trying to detect attacks on our systems, we were the only reconnaissance element available to them at the time. We operated in the wild to identify threats and threat actors before, during and after attacks on our systems. We operated in cyber no man’s land and behind enemy lines… over the long haul. I believe we were a, but not the only, precursor to Nakasone’s concept of persistent engagement. My detachment operated under intelligence authorities and restrictions. These cyber mission teams operate under Title 10 authorities. My guess is that their guiding authorities will in many ways mirror those of JSOC forces.
This cyber national mission force is a very different approach than the creation of the Space Force. One similarity will be that both forces will be comprised of a large number of specially skilled civilians, perhaps even the preponderance of personnel. Time will tell if it works. Contributing to future success is the service’s creation of officer, warrant and enlisted cyber career fields. I’m sure the highest aspiration of uniformed members of these career fields is to be assigned to these cyber mission force teams.
https://digital-commons.usnwc.edu/cgi/viewcontent.cgi?article=1044&context=usnwc-newport-papers (The full Naval War College publication)
https://www.disa.mil/-/media/Files/DISA/News/Events/Symposium-2019/1—COL-Craft_Fight-the-DODIN_approved-Final.ashx (A short, but informative, PowerPoint briefing on JFHQ-DODIN)
https://www.lawfareblog.com/defend-forward-us-must-strengthen-cyber-mission-force (Contains a brief discussion of evolving of cyber resourcing concepts and authorities)