Next Steps for U.S. Cyber Command after Split with NSA

By Major General Jim Keffer

Major General (Ret.) Jim H. Keffer is the Director for Cyber at Lockheed Martin Government Affairs where he leads and manages interactions with senior U.S. government leaders associated with cyber policy, programs, budgets and operations. Keffer's last military duty was as the Chief of Staff for U.S. Cyber Command and the U.S. Air Force's senior career intelligence officer. During his career, Keffer served as the National Security Agency's Deputy Chief of the Central Security Service where he was responsible for the performance of 15,000 military members conducting global operations. He was also the first Air Force intelligence general officer to deploy on a year-long combat tour as the Deputy Director for Intelligence for U.S. Forces-Iraq.

We all know it’s coming, and soon. There is significant momentum for elevating U.S. Cyber Command to a full combatant command. We should expect that soon. Bifurcating Cyber Command’s and the National Security Agency’s leadership from one leader to separate leaders for each organization also has strong momentum and should happen by October 2018 or sooner. Why that date? The 2017 National Defense Authorization Act states a requirement that “The Cyber Mission Force has achieved full operational capability” before the “dual-hat” arrangement can be terminated, and the Cyber Command commander testified that goal will be reached by the end of Fiscal Year 2018.

With the impending elevation and “dual-hat” split, it’s time to turn the focus on what Cyber Command needs to better deliver for our nation. As Cyber Command stands on its own – or as former NSA Director General Michael Hayden puts it, the “umbilical cord” is cut from NSA – Cyber Command has a critical need for enabling capabilities. But what are these enabling capabilities?

First, Cyber Command needs people – not at the tactical level but at the strategic and operational levels. Cyber Command’s headquarters was created in 2010, primarily by combining the Joint Task Force – consisting of the Global Network Operations and the Joint Functional Component Command for Network Warfare. Its joint service components were created by dual-hatting and triple-hatting operational service organizations and assigning them to support up to three combatant commands. Cyber Command headquarters staff has up to 75 percent fewer personnel than other combatant commands, and the joint components staffs are short as well.

Based on these shortfalls, an estimated additional 1500 billets, or position options, are needed for Cyber Command headquarters and its joint service components for analyzing and reporting intelligence, planning and directing operations, ensuring cyber operations are integrated into global combatant command operational planning documents, conducting and planning exercise events, managing resources, and performing acquisition.

At the tactical level, herculean efforts by the military services are placing 6187 cyber warriors to fill out Cyber Command’s 133 teams.  That process is going well, and all teams are expected to reach full operational capability by the end of FY18. 

Second, Cyber Command needs a training environment. Just as getting soldiers, sailors, airmen, marines, and coastguardsmen combat ready for deployment into an area of operations, the same holds true for cyber warriors. They need to achieve competencies in their individual skills, then train as a unit and subsequently participate in a large scale exercise (i.e., think of RED FLAG for the Air Force, the National Training Center for the Army, Composite Unit Training Exercise (COMPTUEX) for the Navy). That large scale critical cyberspace training environment does not yet exist, but it is coming.

The U.S. Army has been designated the Executive Agent for delivering the Persistent Cyber Training Environment as an operational capability. To be effective, this environment must be able to provide flexible and customizable training networks, both friendly and adversary; events management and scheduling; and red team opposing forces.  It would not only be used for training, but could also be used for cyber “tool” development and evaluation; cyber “bomb damage assessment” modeling; and mission rehearsals. This parallels the training construct used in other domains. Until the Army delivers this Persistent Cyber Training Environment – which should be done as quickly as possible – Cyber Command’s teams rely heavily on the Pentagon’s National Cyber Range for warfighting certifications, large scale cyber exercises, and weapons systems cyber vulnerability assessments. The National Cyber Range could be a foundation for meeting Cyber Command training requirements.

Third, Cyber Command needs a command and control battle management and visualization capability. Just as the other joint commands have their operational centers for supervising their forces, the same is true for Cyber Command. With 133 teams supporting global combatant commands and national command authorities, visualizing the global cyberspace environment and being able to rapidly and effectively direct forces in conducting defensive and offensive missions will be critical to success from strategic, operational, and tactical levels.

Fourth, Cyber Command needs an operations platform for performing cyberspace defensive, offensive, and other enabling operations. Ideally, this platform would be able to monitor the health and status of Pentagon networks and major weapons systems; direct and launch defensive operations to defend Pentagon networks; direct and launch offensive operations through friendly, neutral, and adversary cyberspace to achieve a desired effect for a combatant commander or national command authorities; and to conduct cyber intelligence, surveillance, reconnaissance, and preparation of the battlefield. 

Fifth, Cyber Command needs the capability to create and sustain cyber infrastructures in and through friendly, non-adversary, and adversary cyberspace. Without a clear path in which to reach a target, that target cannot be held at risk by a planned cyber effect. 

Complementing the access architecture is the necessity to sustain and rapidly develop operational cyber “tools” (i.e., “munitions”) that can be sent through that architecture, overcome adversary defenses, and reach a target. In today’s complex arena of constantly changing hardware and software, sustaining architectures and tools will require continuous intelligence capabilities to maintain persistent access to targets. 

There is little doubt the umbilical cord connecting Cyber Command and the NSA needs to be cut, and soon. Optimizing Cyber Command’s mission capabilities requires rapid movement by Congress and the Pentagon, with commitment to funding and developing a training environment, an operations platform, a command and control battle management and visualization capability, an ability to rapidly develop and sustain cyberspace operations architectures and tools, as well as robust intelligence capabilities to sustain access to targets.

Costs of military capabilities are always a significant consideration. But looking at the non-kinetic and integrated kinetic options that cyberspace provides to commanders and national leaders, the costs in dollars and lives is much less than kinetic operations.

Yes, it’s time to have separate leaders for Cyber Command and the NSA. They will be special partners and will complement each other for the betterment of the nation. However, to optimize Cyber Command’s effectiveness, it must have the proper enabling capabilities, and soon.

The views and opinions expressed are the author’s and do not reflect those of the Department of Defense, U.S. Cyber Command, the National Security Agency/Central Security Service, nor Lockheed Martin.

Categorized as:Tech/CyberTagged with:

Related Articles