Paul Nakasone confirmation hearing for NSA

Cyber

How Cyber Command is taking the fight abroad

Cyber Command launched in 2010 with a mission of defending Defense Department networks, but it has evolved into a more proactive organization, its top leaders say.

Gen. Paul Nakasone, CyberCom chief and director of the National Security Agency, outlined its "persistent engagement" and "defend forward" strategies that involve meeting adversaries in cyberspace "on a recurring basis" in an Aug. 25 Foreign Affairs article titled How to Compete in Cyberspace.

"We learned that defending our military networks requires executing operations outside our military networks. The threat evolved, and we evolved to meet it," Nakasone and his senior adviser Michael Sulmeyer wrote.

One result of persistent engagement is the ability to collect and disclose information, including potentially destructive malware deployed by nation-state actors, to other government and the private sector to enable patching and other defenses.

Nakasone and Sulmeyer said they are confident that such continuous engagement with cyber adversaries is ballooning "from hacking to all-out war" because "inaction poses its own risks."

"Some have speculated that competing with adversaries in cyberspace will increase the risk of escalation—from hacking to all-out war. The thinking goes that by competing more proactively in cyberspace, the risk of miscalculation, error, or accident increases and could escalate to a crisis. Cyber Command takes these concerns seriously, and reducing this risk is a critical part of the planning process," they wrote. "We are confident that this more proactive approach enables Cyber Command to conduct operations that impose costs while responsibly managing escalation."

One key concern, the two wrote, is that "one-off cyber operations are unlikely to defeat adversaries." But Nakasone also stressed, as he often has in the past, that cyber operations "are not silver bullets, and to be most effective, they require much planning and preparation."

"Cyber Command's capabilities are meant to complement, not replace, other military capabilities, as well as the tools of diplomacy, sanctions, and law enforcement," the authors wrote. "U.S. cyber forces should continue to be more proactive and implement the strategy to contest our adversaries' malicious activity online. But our actions must also remain consistent with the law of armed conflict and other important international norms."

This article first appeared on FCW, a Defense Systems partner site.

About the Author

Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


Defense Systems Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.