Unified Cyber Command To Help US React Faster

Uploaded on 2016-05-23 in NEWS-Cybersecurity News, INTELLIGENCE--USA, GOVERNMENT-Defence, FREE TO VIEW

A network-attack analogue to the man hunting Joint Special Operations Command would allow cyber warriors to decide, deconflict, and execute more effectively.
    
Several members of the US Congress raised the spectre of promoting US Cyber Command (CYBERCOM) to a unified command, as both the military leader in charge of the organisation and the secretary of defense discussed recently.

In remarks that centred around adjustments to Pentagon organisation on the 30-year anniversary of the 'Goldwater-Nichols' reforms, Secretary of Defense Ashton Carter subtly mentioned the debate at the Center for Strategic and International Studies.
    
As top defense leaders contemplate elevating US Cyber Command to a full-fledged unified command, they should also think about creating a cyber equivalent of the Joint Special Operations Command. The JSOC model would help execute CYBERCOM’s new anti-ISIS mission, and the many other joint operations that lie ahead.

Best known for its man hunting operations, JSOC synchronizes and integrates military and intelligence components to learn and strike quickly. In Iraq, JSOC’s special operators skillfully executed a “decapitation strategy” against al Qaeda’s leaders, key facilitators, and senior operatives. In Afghanistan, they wielded “an array of ‘enablers’” such as drones and attack helicopters to accomplish their tasks.

In essence, the JSOC way is to plan and exercise, meticulously and realistically; to resource the mission appropriately, with a range of tools and equipment at the ready; and to refresh and inject intelligence continuously, placing it in the hands of operators on the ground. The decision-making process is nimble yet expansive. It incorporates the inputs and players who bring real insights into a goal and how to achieve it, as well as representatives of enough organizations to minimize the risk of damage to others’ areas of responsibility.

Of course, process must be backed up by capability. By underwriting its missions with both military and intelligence assets, and by reconciling the authorities and US Code sections governing the military and intelligence community.

This concept and construct should now be applied to the cyber domain. As computer network exploitation blurs into computer network attack, the US needs to be better and quicker at detecting and responding to its adversaries’ online actions, especially when they target critical infrastructure.

A cyber JSOC would help realize that goal, as well as the intent of Cyber Command’s new mission of identifying, undermining, and destroying ISIS online as part of a combined-arms operation that includes kinetic efforts in the physical world. In general, as the offensive dimension looms larger in US cyber planning and execution, the need for a cyber JSOC becomes more urgent.

Bringing JSOC’s methods to the cyber realm would help transform the prevailing decision-making process, which is slow, under-inclusive, and skewed against taking action. A Cyber JSOC, by contrast, would gather the crucial players, then weigh their inputs and whatever competing interests and concerns may be in play.

Just as JSOC draws upon CIA assets and input for kinetic purposes, so Cyber JSOC would use NSA assets and input to achieve US cyber ends and goals. Moving swiftly, it would deconflict and harmonize everything from collection efforts to target selection, then marshal and mobilize the capabilities to enact the chosen outcomes.

This new ability to handle complex multi-variable decisions would allow the US to act more decisively in the cyber domain while avoiding counterproductive moves. For example, the Defense Department will need to balance the value of taking down extremist websites with the intelligence benefits of watching their operators and visitors.

As well, a cyber action intended to affect one geographic location may have effects across many others. Stepping into or onto another’s area of responsibility, even unintentionally, could compromise sources and methods or otherwise place lives at risk. For this reason, it is important for decision-makers to bear in mind the big picture, encompassing other operations underway globally.

As Cyber JSOC evolves and matures, it could ultimately constitute a critical component of our broader cyber deterrence strategy and policy. Since the initiative remains with the first-mover, the United States should ensure that it develops unparalleled offensive capabilities, a cyber equivalent of the Navy SEALs, Delta Force, and Air Force Special Operations, and a framework for putting them to use. Investing in people as well as developing a structure, via JSOC, made all the difference at the tip of the spear. We need the same for cyber.

DefenseOne

 

 

« Enhanced Attribution Program To Identify & Track Hackers Worldwide
Healthcare Execs Credit IT With Improving Care »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Maureen Data Systems (MDS)

Maureen Data Systems (MDS)

Our mission at Maureen Data Systems is to digitally transform business environments with the use of cloud infrastructure, security and privacy controls, data analytics, and managed services.

Research Institute in Trustworthy Industrial Control Systems (RITICS)

Research Institute in Trustworthy Industrial Control Systems (RITICS)

RITICS is one of three Research Institutes formed as part of the UK National Cyber Security Strategy.

TCPWave

TCPWave

TCPWave IPAM is the world’s first acclaimed DNS/DHCP management software to pass the most stringent Information security tests.

DataProtect

DataProtect

DataProtect is a specialized information security company providing consultancy, information management, integration and training services.

Scanmeter

Scanmeter

Scanmeter helps identifying vulnerabilities in software and systems before they can be exploited by an attacker.

NewGens

NewGens

NewGens is a solution and service provider to banking institutions in the APAC region. Areas of expertise include cybersecurity, AML, fruad prevention, compliance and risk management.

BwCIRT

BwCIRT

BwCIRT is the Computer Incident Response Team (CIRT) for Botswana and provides an official point of contact for dealing with computer security incidents.

Brimondo

Brimondo

At Brimondo we help you to maximize and protect your brand value by being a proactive and strategic partner within brand protection with experts within intellectual property and digital assets.

Appgate

Appgate

Appgate is the secure access company. We empower how people work and connect by providing solutions purpose-built on Zero Trust security principles.

ImpactQA

ImpactQA

ImpactQA is a global leading software testing & QA consulting company. Ten years of excellence. Delivering unmatched services & digital transformation to SMEs & Fortune 500 companies.

TXOne Networks

TXOne Networks

TXOne Networks offer cybersecurity solutions to protect your industrial control systems to ensure their reliability and safety from cyberattacks.

TopSOC Information Security

TopSOC Information Security

TopSOC Information Security provide a wide range of security consultation, implementation and training services.

Tech Data

Tech Data

Tech Data, a TD Synnex company, is a leading global distributor and solutions aggregator for the IT ecosystem.

Amtivo Group

Amtivo Group

Amtivo provides Certification, Inspection and Training services to national and local Government bodies, multi-nationals, enterprise clients and SMEs.

Darwinium

Darwinium

Darwinium is a Cyberfraud Prevention Platform that provides scalable customer journey protection without complexity.

JustunSecure

JustunSecure

JustunSecure is dedicated to promoting information technology and cybersecurity in Africa.