Unified Cyber Command To Help US React Faster
A network-attack analogue to the man hunting Joint Special Operations Command would allow cyber warriors to decide, deconflict, and execute more effectively.
Several members of the US Congress raised the spectre of promoting US Cyber Command (CYBERCOM) to a unified command, as both the military leader in charge of the organisation and the secretary of defense discussed recently.
In remarks that centred around adjustments to Pentagon organisation on the 30-year anniversary of the 'Goldwater-Nichols' reforms, Secretary of Defense Ashton Carter subtly mentioned the debate at the Center for Strategic and International Studies.
As top defense leaders contemplate elevating US Cyber Command to a full-fledged unified command, they should also think about creating a cyber equivalent of the Joint Special Operations Command. The JSOC model would help execute CYBERCOM’s new anti-ISIS mission, and the many other joint operations that lie ahead.
Best known for its man hunting operations, JSOC synchronizes and integrates military and intelligence components to learn and strike quickly. In Iraq, JSOC’s special operators skillfully executed a “decapitation strategy” against al Qaeda’s leaders, key facilitators, and senior operatives. In Afghanistan, they wielded “an array of ‘enablers’” such as drones and attack helicopters to accomplish their tasks.
In essence, the JSOC way is to plan and exercise, meticulously and realistically; to resource the mission appropriately, with a range of tools and equipment at the ready; and to refresh and inject intelligence continuously, placing it in the hands of operators on the ground. The decision-making process is nimble yet expansive. It incorporates the inputs and players who bring real insights into a goal and how to achieve it, as well as representatives of enough organizations to minimize the risk of damage to others’ areas of responsibility.
Of course, process must be backed up by capability. By underwriting its missions with both military and intelligence assets, and by reconciling the authorities and US Code sections governing the military and intelligence community.
This concept and construct should now be applied to the cyber domain. As computer network exploitation blurs into computer network attack, the US needs to be better and quicker at detecting and responding to its adversaries’ online actions, especially when they target critical infrastructure.
A cyber JSOC would help realize that goal, as well as the intent of Cyber Command’s new mission of identifying, undermining, and destroying ISIS online as part of a combined-arms operation that includes kinetic efforts in the physical world. In general, as the offensive dimension looms larger in US cyber planning and execution, the need for a cyber JSOC becomes more urgent.
Bringing JSOC’s methods to the cyber realm would help transform the prevailing decision-making process, which is slow, under-inclusive, and skewed against taking action. A Cyber JSOC, by contrast, would gather the crucial players, then weigh their inputs and whatever competing interests and concerns may be in play.
Just as JSOC draws upon CIA assets and input for kinetic purposes, so Cyber JSOC would use NSA assets and input to achieve US cyber ends and goals. Moving swiftly, it would deconflict and harmonize everything from collection efforts to target selection, then marshal and mobilize the capabilities to enact the chosen outcomes.
This new ability to handle complex multi-variable decisions would allow the US to act more decisively in the cyber domain while avoiding counterproductive moves. For example, the Defense Department will need to balance the value of taking down extremist websites with the intelligence benefits of watching their operators and visitors.
As well, a cyber action intended to affect one geographic location may have effects across many others. Stepping into or onto another’s area of responsibility, even unintentionally, could compromise sources and methods or otherwise place lives at risk. For this reason, it is important for decision-makers to bear in mind the big picture, encompassing other operations underway globally.
As Cyber JSOC evolves and matures, it could ultimately constitute a critical component of our broader cyber deterrence strategy and policy. Since the initiative remains with the first-mover, the United States should ensure that it develops unparalleled offensive capabilities, a cyber equivalent of the Navy SEALs, Delta Force, and Air Force Special Operations, and a framework for putting them to use. Investing in people as well as developing a structure, via JSOC, made all the difference at the tip of the spear. We need the same for cyber.