Unified Cyber Command To Help US React Faster

A network-attack analogue to the man hunting Joint Special Operations Command would allow cyber warriors to decide, deconflict, and execute more effectively.
    
Several members of the US Congress raised the spectre of promoting US Cyber Command (CYBERCOM) to a unified command, as both the military leader in charge of the organisation and the secretary of defense discussed recently.

In remarks that centred around adjustments to Pentagon organisation on the 30-year anniversary of the 'Goldwater-Nichols' reforms, Secretary of Defense Ashton Carter subtly mentioned the debate at the Center for Strategic and International Studies.
    
As top defense leaders contemplate elevating US Cyber Command to a full-fledged unified command, they should also think about creating a cyber equivalent of the Joint Special Operations Command. The JSOC model would help execute CYBERCOM’s new anti-ISIS mission, and the many other joint operations that lie ahead.

Best known for its man hunting operations, JSOC synchronizes and integrates military and intelligence components to learn and strike quickly. In Iraq, JSOC’s special operators skillfully executed a “decapitation strategy” against al Qaeda’s leaders, key facilitators, and senior operatives. In Afghanistan, they wielded “an array of ‘enablers’” such as drones and attack helicopters to accomplish their tasks.

In essence, the JSOC way is to plan and exercise, meticulously and realistically; to resource the mission appropriately, with a range of tools and equipment at the ready; and to refresh and inject intelligence continuously, placing it in the hands of operators on the ground. The decision-making process is nimble yet expansive. It incorporates the inputs and players who bring real insights into a goal and how to achieve it, as well as representatives of enough organizations to minimize the risk of damage to others’ areas of responsibility.

Of course, process must be backed up by capability. By underwriting its missions with both military and intelligence assets, and by reconciling the authorities and US Code sections governing the military and intelligence community.

This concept and construct should now be applied to the cyber domain. As computer network exploitation blurs into computer network attack, the US needs to be better and quicker at detecting and responding to its adversaries’ online actions, especially when they target critical infrastructure.

A cyber JSOC would help realize that goal, as well as the intent of Cyber Command’s new mission of identifying, undermining, and destroying ISIS online as part of a combined-arms operation that includes kinetic efforts in the physical world. In general, as the offensive dimension looms larger in US cyber planning and execution, the need for a cyber JSOC becomes more urgent.

Bringing JSOC’s methods to the cyber realm would help transform the prevailing decision-making process, which is slow, under-inclusive, and skewed against taking action. A Cyber JSOC, by contrast, would gather the crucial players, then weigh their inputs and whatever competing interests and concerns may be in play.

Just as JSOC draws upon CIA assets and input for kinetic purposes, so Cyber JSOC would use NSA assets and input to achieve US cyber ends and goals. Moving swiftly, it would deconflict and harmonize everything from collection efforts to target selection, then marshal and mobilize the capabilities to enact the chosen outcomes.

This new ability to handle complex multi-variable decisions would allow the US to act more decisively in the cyber domain while avoiding counterproductive moves. For example, the Defense Department will need to balance the value of taking down extremist websites with the intelligence benefits of watching their operators and visitors.

As well, a cyber action intended to affect one geographic location may have effects across many others. Stepping into or onto another’s area of responsibility, even unintentionally, could compromise sources and methods or otherwise place lives at risk. For this reason, it is important for decision-makers to bear in mind the big picture, encompassing other operations underway globally.

As Cyber JSOC evolves and matures, it could ultimately constitute a critical component of our broader cyber deterrence strategy and policy. Since the initiative remains with the first-mover, the United States should ensure that it develops unparalleled offensive capabilities, a cyber equivalent of the Navy SEALs, Delta Force, and Air Force Special Operations, and a framework for putting them to use. Investing in people as well as developing a structure, via JSOC, made all the difference at the tip of the spear. We need the same for cyber.

DefenseOne

 

 

« Enhanced Attribution Program To Identify & Track Hackers Worldwide
Healthcare Execs Credit IT With Improving Care »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Data-Risk Managers

Cyber Data-Risk Managers

Cyber Data-Risk Managers Pty Ltd is an insurance broker based in Melbourne, Australia specializing in Cyber insurance / Data breach insurance.

Engage Black

Engage Black

Engage Black provides solutions for securing and protecting cryptographic keys, data at rest, and data in motion.

Green Hills Software

Green Hills Software

Green Hills Software is the largest independent vendor of embedded secure software solutions for applications including the Internet of Things.

DataProtect

DataProtect

DataProtect is a specialized information security company providing consultancy, information management, integration and training services.

Miradore

Miradore

Miradore is a software company specializing in effective, cloud-based device management. Our goal is to help IT Service Providers and IT departments secure and control devices.

Mvine

Mvine

Mvine's primary business is authoring and selling Cyber-Secure Platforms for Collaboration Portals and for Identity Management as well as delivering cloud support services.

EU Joint Research Centre

EU Joint Research Centre

JRC is the European Commission's science and knowledge service which employs scientists to carry out research in order to provide independent scientific advice and support to EU policy.

Dale Peterson

Dale Peterson

Dale Peterson, a leading ICS security and control system IT information expert, provides consulting services to assess and improve the security of SCADA and DCS.

EuraTechnologies

EuraTechnologies

EuraTechnologies, the French incubator and accelerator, is a centre of excellence and innovation for startups and entrepreneurs with a focus on Digital, Data, Cybersecurity and IoT.

ProSearch Partners

ProSearch Partners

ProSearch Partners are national talent acquisition specialists exclusively focussing on Technology and Digital talent including Cybersecurity, Data Analytics and Execs.

Fortress Information Security

Fortress Information Security

Fortress Information Security is one of the largest cyber security providers of supply chain risk management and vulnerability risk management in the US.

Stealth Software Technologies

Stealth Software Technologies

Stealth Software Technologies is focused on the generation of research and software products focused on applied cryptography and cybersecurity.

Networks Unlimited

Networks Unlimited

Networks Unlimited is a leading value-added distributor in Africa, providing technology solutions with a focus on security, networking, enterprise systems management and cloud technologies.

Ping Identity

Ping Identity

At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. That’s digital freedom.

Tidal Cyber

Tidal Cyber

We formed Tidal for one simple reason—we believe that defenders need and deserve tools and services that make achieving the benefits of threat-informed defense practical and sustainable.

PowerDMARC

PowerDMARC

PowerDMARC is a domain security and email authentication SaaS platform that helps organizations protect their domain name, brand, and emails against unauthorized use.