Unified Cyber Command To Help US React Faster

A network-attack analogue to the man hunting Joint Special Operations Command would allow cyber warriors to decide, deconflict, and execute more effectively.
    
Several members of the US Congress raised the spectre of promoting US Cyber Command (CYBERCOM) to a unified command, as both the military leader in charge of the organisation and the secretary of defense discussed recently.

In remarks that centred around adjustments to Pentagon organisation on the 30-year anniversary of the 'Goldwater-Nichols' reforms, Secretary of Defense Ashton Carter subtly mentioned the debate at the Center for Strategic and International Studies.
    
As top defense leaders contemplate elevating US Cyber Command to a full-fledged unified command, they should also think about creating a cyber equivalent of the Joint Special Operations Command. The JSOC model would help execute CYBERCOM’s new anti-ISIS mission, and the many other joint operations that lie ahead.

Best known for its man hunting operations, JSOC synchronizes and integrates military and intelligence components to learn and strike quickly. In Iraq, JSOC’s special operators skillfully executed a “decapitation strategy” against al Qaeda’s leaders, key facilitators, and senior operatives. In Afghanistan, they wielded “an array of ‘enablers’” such as drones and attack helicopters to accomplish their tasks.

In essence, the JSOC way is to plan and exercise, meticulously and realistically; to resource the mission appropriately, with a range of tools and equipment at the ready; and to refresh and inject intelligence continuously, placing it in the hands of operators on the ground. The decision-making process is nimble yet expansive. It incorporates the inputs and players who bring real insights into a goal and how to achieve it, as well as representatives of enough organizations to minimize the risk of damage to others’ areas of responsibility.

Of course, process must be backed up by capability. By underwriting its missions with both military and intelligence assets, and by reconciling the authorities and US Code sections governing the military and intelligence community.

This concept and construct should now be applied to the cyber domain. As computer network exploitation blurs into computer network attack, the US needs to be better and quicker at detecting and responding to its adversaries’ online actions, especially when they target critical infrastructure.

A cyber JSOC would help realize that goal, as well as the intent of Cyber Command’s new mission of identifying, undermining, and destroying ISIS online as part of a combined-arms operation that includes kinetic efforts in the physical world. In general, as the offensive dimension looms larger in US cyber planning and execution, the need for a cyber JSOC becomes more urgent.

Bringing JSOC’s methods to the cyber realm would help transform the prevailing decision-making process, which is slow, under-inclusive, and skewed against taking action. A Cyber JSOC, by contrast, would gather the crucial players, then weigh their inputs and whatever competing interests and concerns may be in play.

Just as JSOC draws upon CIA assets and input for kinetic purposes, so Cyber JSOC would use NSA assets and input to achieve US cyber ends and goals. Moving swiftly, it would deconflict and harmonize everything from collection efforts to target selection, then marshal and mobilize the capabilities to enact the chosen outcomes.

This new ability to handle complex multi-variable decisions would allow the US to act more decisively in the cyber domain while avoiding counterproductive moves. For example, the Defense Department will need to balance the value of taking down extremist websites with the intelligence benefits of watching their operators and visitors.

As well, a cyber action intended to affect one geographic location may have effects across many others. Stepping into or onto another’s area of responsibility, even unintentionally, could compromise sources and methods or otherwise place lives at risk. For this reason, it is important for decision-makers to bear in mind the big picture, encompassing other operations underway globally.

As Cyber JSOC evolves and matures, it could ultimately constitute a critical component of our broader cyber deterrence strategy and policy. Since the initiative remains with the first-mover, the United States should ensure that it develops unparalleled offensive capabilities, a cyber equivalent of the Navy SEALs, Delta Force, and Air Force Special Operations, and a framework for putting them to use. Investing in people as well as developing a structure, via JSOC, made all the difference at the tip of the spear. We need the same for cyber.

DefenseOne

 

 

« Enhanced Attribution Program To Identify & Track Hackers Worldwide
Healthcare Execs Credit IT With Improving Care »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CERT-IS

CERT-IS

CERT-IS is the national Computer Emergency Response Team for Iceland.

OneVisage

OneVisage

Our award-winning 3DAuth digital identity platform turns any consumer mobile device into a real-time 3D facial scanner that securely authenticates the user in seconds.

InPhySec

InPhySec

InPhySec is a leading New Zealand information, physical and cyber security company.

Genians

Genians

Genians provides the industry’s leading Network Access Control (NAC) solution, which ensures full visibility of all IP-enabled devices regardless of whether they are wired, wireless, or virtual.

Touchstone Security

Touchstone Security

Touchstone Security is a company with a passion for technology, a hyper-focus on cybersecurity, and a special affinity for cloud technology.

SOOHO

SOOHO

SOOHO helps to detect security vulnerabilities earlier. Our blockchain security platform audits from smart contracts to on-chain transactions.

Ergo

Ergo

Ergo is a world-class IT Partner of choice, leveraging the latest technology available in cloud, mobility, big data, analytics, and social media.

ThreatX

ThreatX

ThreatX provides complete web application & API protection to address expanding app footprints and complex attacks.

Cyber Security Advisor

Cyber Security Advisor

Notice how sophisticated the cybersecurity market is. Think how would you pick the security provider, assess your company, and be sure of your security decisions? Cyber Security Advisor is the answer!

iON United

iON United

iON United is a full-service IT security solutions provider and one of the most trusted names in cybersecurity in Canada.

Binare

Binare

Binare empowers companies all over the world to improve their IIot/IoT /Embedded cybersecurity posture and digital privacy.

Swiss It Security Group

Swiss It Security Group

Swiss It Security Group offers clients complete IT security concepts based on innovative solutions and technology, with a focus on protection, detection and defence.

Trustmarque

Trustmarque

Trustmarque delivers customer-centric IT solutions that enable better outcomes. We combine the technology, expertise and services to release value at every stage of the IT lifecycle.

Vertek

Vertek

Vertek is a leading provider of operations consulting, end-to-end business process outsourcing, business intelligence, software applications and managed cybersecurity solutions.

Edge Security

Edge Security

Edge Security is an information security research and consulting firm of expert hackers.

Neosoft

Neosoft

Néosoft is an independent digital transformation consulting group with expertise in Consulting & Agility, Cybersecurity, Data, DevOps, Infrastructure & Cloud and Software Engineering.