Cyber Command grew from 12 years of work
How lessons learned allowed new command to form
The new U.S. Cyber Command is the result of work that began 12 years ago, when the Defense Department created its first unit dedicated to cyber operations. The lessons that early group learned have guided government cyber policy and laid the groundwork for successor organizations in the military and intelligence communities.
A progenitor of the DOD’s current cyber operational structure, the Joint Task Force for Computer Network Defense was launched in 1998. According to Robert Lamb, former JTF-CND chief of staff and now a Booz Allen Hamilton’s senior vice president, it was the first DOD command dedicated to defending computer networks and cyber operations.
When the JTF-CND was founded, it consisted of a mix of personnel from across the services. Lamb said that task force staff were a blend of warfighters — infantrymen, tankers, pilots, naval personnel and technical staff. An active duty Army officer at the time, Lamb joined the JTF-CND after serving as a battalion commander in Korea and as a signals officer. “It was a time where we were learning new skills," he said.
Cyber command lays groundwork for rapid deployment of resources
New DOD cyber commander seeks better situational awareness
At the beginning, certain skill sets were very rare in DOD. For example, there was a need for intelligence staff who understood networks and cyber operations, but such individuals were hard to come by. For the first few years of the JTF-CND, its staff consisted of mostly traditional DOD personnel transferred from their traditional disciplines. These individuals, from intelligence officers to infantrymen, had to learn about operating in cyberspace. Likewise, technical specialists had to understand warfighters’ operational needs and perspectives.
One of the first lessons the JTF-CND learned was the need for experienced personnel. Lamb said that on the day the task force was officially launched, it had 25 authorized staff slots, but only about 13 had been assigned. By contrast, he estimated that the new U.S. Cyber Command will have something on the order of 1,100 or 1,200 personnel. The JTF-CND knew all along that 25 people was not enough, "But it was all we could get at the time,” he said.
“Cyberspace is everywhere, it’s gigantic and requires a considerable command in terms of size to really accomplish a mission,” he said.
Another lesson from the days of the JTF-CND is the idea of having multidisciplinary personnel. For example, events on a network can be anything from a simple outage to an attack. Understanding the nature of an incident and reacting accordingly is a major operational lesson.
However, in the case of an actual attack, discovering the identity of a perpetrator remains a challenge, as does determining a proper response. All of these issues require a multidisciplinary approach. “You’ve got to have intelligence folks involved, you’ve got to have law enforcement involved, you’ve got to have real smart technical people involved to come together and make decisions quickly to limit the problem and then recover from it,” he said.
Lamb credited the Comprehensive National Cyber Security Initiative, launched 18 months ago by the White House, for embracing many of the operational lessons learned by the JTF-CND. But network defense requires more than just basic security measures, he said. It also necessitates a national posture of deterrence to any potential threats in cyberspace. He said the launch of the U.S. Cyber Command is a concrete example of national will to defend its vital network infrastructure.
However, areas such as joint communications remain a work in progress. Lamb said that inter-service and inter-agency information sharing continues to get better, but he added that there is room for improvement. Part of this improvement centers on issues such as using the same nomenclature and taxonomy for technical and operational terms between organizations.
The JTF-CNO transformed into the Joint Task Force-Global Network Operations in 2004. The JTF-GNO and the Joint Functional Component Command-Network Warfare were both combined within Cyber Command. Lamb noted that in the services, different groups are being combined or working more closely with each other. He added that the intelligence and communications communities are also working together because they each play a vital role in this domain. “Are we there yet? I don’t think so. But we are definitely on the right path as a nation,” he said.
But a lot of work remains in coordinating all of the services’ cyber commands under the umbrella of U.S. Cyber Command. Lamb explained that this is because cyberspace challenges traditional military approaches to operations. He noted that Cyber Command chief Gen. Keith Alexander is working on methods to fully synchronize all of the various service components. Lamb predicted that in the coming year, Gen. Alexander will establish the operating procedures, the command relationships, and leverage them operationally.
Another aspect that Cyber Command is working on is creating the technology, communications processes and command relationships underpinning the various service communities. Lamb explained that these relationships are supported and enhanced by technologies, applications and programs that foster information sharing and speed of mission execution.
Regarding international cooperation in cyberspace, Lamb said that U.S. Cyber Command works closely with allied nations. He added that the whole problem of attribution in cyberspace requires a set of relationships with allies that can help the U.S. respond to network issues.
Lamb observed that in many cases, there are numerous bilateral cyberspace efforts between the U.S. and other nations, but multilateral efforts are more challenging. “When you think about networks and the Internet, it’s going to require a substantial shift in the international community’s approach to the Internet if we’re going to reach some sort of “peace” if you will, on the Internet,” he said.