Jason Healey recently posted an interesting piece on The Cipher Brief, US Cyber Command: “When faced with a bully…hit him harder.” Healey writes: “Cyber Command’s new strategy demands that, ‘We must not cede cyberspace superiority.’ The goal is ‘superiority’ through ‘persistent, integrated operations [to] demonstrate our resolve” even at “below the threshold of armed conflict.’….Despite being the right move, however, it is also an incredibly risky one.”
I largely agree with Healey’s account of the first U.S. Cyber Command Symposium. As the United States is moving away from a strategy of deterrence to a strategy of persistence, it has to be careful that it is not creating the opposite effect of what it intends to do.
Indeed, one concern that could be raised is that this new strategy might be dangerously escalatory. The statement was made that, “It might get worse, before it gets better.” When do we reach the tipping point, if there is one? And how can we know? Cyber Command’s view is that it has learned over time through observation, and believes that their strategy will lead to stabilization. This needs to be scrutinized and studied.
Yet, my take away from the U.S. Cyber Command symposium is also different from Healey’s in a several important ways: I didn’t sense the same level of emotion and warmongering from the speakers and panelists as Healey does.
U.S. Cyber Command does not ask for “looser rules of engagement” as per Healey – it asks for ‘closer organization integration’ and a better understanding of the ‘box’ in which it is allowed to operate. Healey suggests, that “The gold medal will go to the nation prepared to be the most ruthless and audacious.” U.S. Cyber Command rather argued that advantage lies in the initiative. (Indeed, as someone noted at the event, “In cyberspace, it is not the big that eat the small; it is the fast that eat the slow.”)
“Seizing the initiative” – a phrase frequently used at the conference – is not about "hitting back harder” as Healey writes. Instead, it is as much about prevention and control as it is about post-action. And I didn’t hear them talking about “lethality” nor about “revenge.”
As Henry Kissinger observed in World Order: “Internet technology has outstripped strategy or doctrine – at least for the time being. In the new era, capabilities exist for which there is as yet no common interpretation – or even understanding. Few if any limits exist among those wielding them to define either explicit or tacit restraints.” For any country, it requires significant efforts to articulate a strategy, align interests and coordinate around these new capabilities.
A more positive account of the U.S. Cyber Command is that the organization is continuing to explore new approaches to ‘maneuver' in this new ‘domain of warfare.’ In doing so, it is willing to also open up to a broader community – as this inaugural annual symposium indicates – and talk about how to interpret and understand the explicit and tacit restraints of wielding these capabilities.
Another way to describe the Command's new efforts is that it intends to be assiduous in this new domain of warfare: In an environment of constant contact, it aims to constantly (or ‘persistently’ as conference speakers would say) engage with the adversary – both defensively and offensively, if these can be separated in this domain – whilst doing so in a planned, diligent manner.
Finally, there were several other interesting takeaways from this event which deserve attention.
First, more insight was provided on the current progress within the organization. The goal of Cyber Command is to have 133 operational units. Officials revealed that they currently have 128.
Second, ‘agile’ was indeed a widely used buzzword, almost seen as a panacea against all organizational problems. For example, it was said by one of the speakers, “We need to combine maintenance and maneuver. Agile is the solution.” Yet, its meaning in this context remains vague.
Third, while former U.S. Secretary of Defense Ash Carter recently expressed his disappointment at the U.S. military’s failure to integrate cyberattacks into its war-fighting against ISIS, U.S. Cyber Command provided, unsurprisingly, a more positive account at the conference. This was repeated in NSA & Cyber commander Adm. Mike Roger’s Senate testimony: “Today, ISIS’s so-called ‘Caliphate’ is crumbling….Cyberspace operations played an important role in this campaign, with USCYBERCOM supporting the successful offensive by U.S. Central Command, U.S. Special Operations Command, and our Coalition partners.”
Max Smeets is a cybersecurity postdoctoral fellow at Stanford University Center for International Security and Cooperation (CISAC). He is also a non-resident cybersecurity policy fellow at New America. Smeets' current book project focuses on the causes underlying cyber proliferation and restraint. You can follow him on Twitter @SmeetsMWE.
