DOD creates Cyber Command as U.S. Strategic Command subunit

New post will defend .mil domain

Defense Secretary Robert Gates issued a much-anticipated order June 23 establishing the U.S. Cyber Command, which will assume responsibility for the defense of the military’s portion of cyberspace.

The new Cybercom will be a subunit of the U.S. Strategic Command and will be commanded by the director of the National Security Agency. It is expected to be headquartered with NSA at Fort Meade, Md., and to reach initial operating capacity in October, with full operating capacity coming in October 2010.

The order is recognition that cyberspace is a distinct military domain, along with land, sea and air, and the Defense Department must be prepared to defend and conduct offensive operations in it.

“Cyberspace and its associated technologies offer unprecedented opportunities to the United States and are vital to our nation’s security and, by extension, to all aspects of military operations,” Gates wrote in his order. “Yet our increasing dependency on cyberspace, alongside a growing array of cyber threats and vulnerabilities, adds a new element of risk to our national security. To address this risk effectively and to secure freedom of action in cyberspace, the Department of Defense requires a command that possesses the required technical capability and remains focused on the integration of cyberspace operations.”

Planning for Cybercom has been in the works for some time, and the order has been expected for several weeks. Observers in the cybersecurity field have said such coordination of defensive and offensive activities is needed to ensure the security and availability of the critical information infrastructure.

Alan Paller, director of research at the SANS Institute, called the command a "spectacular idea" because it allows defense to be informed by offensive capabilities and offers the potential for increased interoperability, information sharing and visibility. It also could provide enhanced career paths for cybersecurity professionals.

“The only downside is the possibility that they will so militarize the Information Assurance Division of NSA that they stop it from fully realizing the promise of public/private partnership initiatives that will be critical for turning the tide against the attackers,” Paller said.

NSA and DOD officials have said that although the new command would assume responsibility for defending the .mil domain, NSA would continue offering its expertise and assistance to defend the .gov and .com domains. The Homeland Security Department has primary responsibility for the government’s .gov networks, and responsibility for nongovernment critical infrastructure falls to both the public and private sectors.

In remarks made last week, Deputy Defense Secretary William Lynn III said the new command does not represent an expansion of DOD’s mission in cyberspace. “On the contrary, it is keeping with our defined and historic mission, to protect and defend our national security and to protect the lives of our men and women in uniform,” he said.

He also stressed that “such a command would not represent the militarization of cyberspace. It would in no way be about the Defense Department trying to take over the government’s cybersecurity efforts. On the contrary, such a command would not be responsible for the security of civilian computer networks outside the Defense Department.”

The new command will be subject to congressional oversight and “would operate within all applicable laws, executive orders and regulations,” Lynn said.

NSA’s director will be the Cybercom commander and carry the grade of general or admiral. The deputy commander positions at NSA and Cybercom would be separate.

In conjunction with the establishment of the new command, officials will develop a national strategy for cybersecurity and review policy and strategy to develop a comprehensive approach to cyberspace operations.

Gates said the formation of Cybercom does not expand the role of the Strategic Command in military cyberspace operations, but the command will assume responsibility for several existing organizations. The Joint Task Force for Global Network Operations and the Joint Functional Component Command for Network Warfare will be dissolved by October 2010. The Defense Information Systems Agency, where JTF-GNO now operates, will provide technical assistance for network and information assurance to Cybercom.

Combatant commanders, the military services and DOD agencies will remain responsible for carrying out Cybercom policy and for operation and defense of the Global Information Grid.

Featured

Reader comments

Mon, Apr 15, 2013 Sisavanh Tony azetmcktmc

I feel that some operations or training can really mean more than what is on the line here. I predict that decisions n poor sportsmanship will come into factor n rules will be overlooked if not brought on stand. I'm a good sports man, I acknowledge someone's hard work n let them know that I was wrong, but can I expect that from other players, probably not. I'm greatful for the things I have n the things I don't. So all stocks and my bonds is to remain capsuled for my children. Otherwise all training and tests courses I will not join. I'm going to my homeland n be my own security for my country. That way I can defend my territory. Trespassers will be prosecuted, and I can live with that. I'm merely protecting my family n hoping my legacy lives on.

Fri, Jun 26, 2009 bolding cyberspace

The Militarization of US efforts in cyberspace will go down in history as one of the biggest mistakes and con jobs in years. Where and what are the National policies that they are to follow? If they find an electronic spy in cyberspace, who has the authority to give the order to "kill" it, "follow" it, or any other decision; like prove it's identity. Who and what are the forces? Has someone "called-up" the civilians of NSA; are they now military in civilian clothes? What happened to the Title 10 and 50 concerns? I doubt seriously that the people who have sold this, understand the significance of NETSCAPE going public in 1995; remember Kevin Mitnik, or understand the meaning of 2600; or more importantly know the difference between a hacker and a spy in Cyberspace. Defending our National Security in cyberspace is counter intelligence not Information Assurance; offensive action is covert action not military offensive actions like EW. Sub command of STRATCOM? They never understood how to use their JTF; what has changed other than the four star desire of individuals? I am not sure I see the change, except for the number of military general officers and rank of these individuals in NSA. So now does NSA prioritize their intelligence requirements from the DCI or the DoD? The DoD has now given the CIA reason to create the Office of Cyber operations to collect intelligence, conduct counter intelligence, and covert actions. These actions would in effect, replace the present NSA missions. Also,this Command creation action has the potential of "unintended consequence" to destroy a National Asset (NSA). Who in congress oversights this "Command"? The intelligence committes or the military committes? Where is Congress during all of this? The CIA is now the only major US intelligence organization not run by the Military. Have we as a nation decided to turn all intelligence operations over to the DoD? Who pays for NSA now? DoD (who has always paid part of the Information Assurance mission) or the DCI? I guess more importantly, does anyone care!!

Thu, Jun 25, 2009 Brieuc

Hopefully, DOD officials will develop a national military strategy for cybersecurity and review policy and strategy to develop a comprehensive approach to cyberspace operations in conjunction with the Homeland Security folks who are tasked to support the rest of the US government and the nation.

Wed, Jun 24, 2009

The title of this article is misleading; USCYBERCOM is not a "subunit" of NSA rather a subordinate unified command under USSTRATCOM. The Director of the NSA will be dual-hatted as the Commander of USCYBERCOM.

As a side note, previously (ie right now) Commander, JFCC-NW was also the DIRNSA and Commander, JTF-GNO was dual-hatted as Director of DISA.

All of this is very clear in the letter signed by the SECDEF on 23 JUN 09, subject "Establishment of a Subordinate Unified U.S. Cyber Command Under U.S. Strategic Command for Military Cyberspace Operations" (OSD doc #05914-09).

This is an important move forward for Cyberspace Operations, especially considering the one service that has Cyberspace in its mission statement, US Air Force, did not move forward with the Provisional Major Command (MAJCOM) for Cyber of Air Force Cyber Command (AFCYBER). It is relegated to having a Numbered Air Force, also known as a Warfighting Headquarters (WFHQ), but certainly not the importance, authority, and cyber forces that a MAJCOM would enable.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above