General: Cyber Command needs new platform before NSA split

U.S. Cyber Command needs to be elevated to a full combatant command as soon as possible, but it should remain tied to the National Security Agency until it has its own cyber platform, according to the head of U.S. Strategic Command.

Air Force Gen. John Hyten told the Senate Armed Services Committee that he and Adm. Michael Rogers, head of the NSA and CyberCom, submitted their plan to the Trump administration calling for elevation of CyberCom "sooner rather than later."

He said that needed to happen "just to normalize that command and make sure that we can kind of develop normal command relationships between Cyber Command and all the combatant commanders including Strategic Command."

Later in the hearing, Hyten added that the end of the dual-hat leadership structure of the NSA and CyberCom will have to wait until CyberCom has an independent cyber platform from the NSA.

"There are acquisition programs of record being instituted to build those capabilities," said Hyten. "Once those capabilities are built, I would be supportive of separating the two. But I will not advocate separating the two until we have a separate platform in the services that Cyber Command can operate on."

Senators pressed Hyten on a number of cybersecurity topics, including the ramifications of modernizing the IT architecture that controls the U.S. nuclear arsenal.

Strategic Command currently oversees cyber, space and nuclear capabilities, and Hyten said they are linked in that a cyber threat that could affect command and control capabilities could undermine the U.S. nuclear deterrent, "and we have to make sure we never allow that to happen."

Hyten said Congress needs to demand that as the military services modernize nuclear command and control capabilities that they move from a 20^th century architecture and not simply move from eight-and-a-half inch floppy discs to the five-inch variety.

"We will introduce cyber vulnerabilities as we walk into that, but if you work it right from the beginning, you can make sure that that threat is mitigated from the beginning," he said.

When asked whether the U.S. has the capacity to protect nuclear cyber systems, Hyten said in general he was happy with where the Cyber Mission Forces are going right now. But he warned that they do yet not have the capacity to meet all of the requirements the DOD has.

He said that currently cyber forces are specifically assigned to the combatant commands, and that DOD needs to look at cyber forces like special forces -- as a high-demand, low-density asset that needs to be centralized and allocated out based on mission priority.

"The demand signal is going to go nowhere but up and the capacity is not sufficient to meet all of the demand," he said.

Hyten also said the conversation on deterrence in cyberspace must move past the nuclear framework of the past, with its binary analysis.

"I think what's missing is a broader discussion of what 21st century deterrence really means," said Hyten. "That involves the nuclear capabilities as the backstop, but fundamentally space, cyber, conventional, all the other elements as well.""Now it's a multivariable analysis and each of those has to be put in context," he said. "And context has to be the fact that we're actually not deterring cyber, we're not deterring space. We're deterring an adversary that wants to operate and do damage in those domains."