The U.S. Cyber Command is ready for its close-up. The command announced May 17 that all 133 of its Cyber Mission Teams are fully operational, capping a roughly one-month stretch that saw the arrival of a new commander, the opening of a new operations center, and the official designation of Cybercom as a full unified combatant command.
With its new beginning, Cybercom has absorbed new responsibilities in national cyber defense while facing rapidly evolving threat landscapes. Its job requires offensive and proactive steps in addition to traditional defensive measures, with a growing need for new technologies such as artificial intelligence, machine learning, and predictive analytics.
“As the build of the cyber mission force wraps up, we’re quickly shifting gears from force generation to sustainable readiness,” Army Lt. Gen. Paul Nakasone, who recently took control of Cybercom, said earlier this month. “We must ensure we have the platforms, capabilities, and authorities ready and available to generate cyberspace outcomes when needed.”
Things have been changing quickly of late for Cybercom, which was created in 2009 as a subcommand of the U.S. Strategic Command, with a primarily defensive mission in response to quickly evolving cyber threats. In 2013, it developed the structure for its Cyber Mission Forces (CMFs), and two years later announced plans for 133 teams that would be made up of more than 6,200 military and civilian personnel. While individual teams were put into operation as they were developed, it wasn’t until October 2016 that all of the teams reached initial operating capability.
Late last year, some major components, such as the Army and Navy’s Cyber Mission Teams, declared full operational capability, while Cybercom’s overall force was still being filled out. In December, the force stood at 5,070, or 82 percent of its target, according to congressional testimony by Adm. Michael Rogers, then Commander of Cybercom and director of the National Security Agency (NSA).
This month, Nakasone assumed command of Cybercom and NSA from Rogers, while NSA and Cybercom officially opened their new, $500 million Integrated Cyber Center and Joint Operations Center (ICC/JOC) at Fort Meade, Md. They will merge cyber operations that are currently being carried out at multiple locations. Meanwhile, Cybercom was elevated to official status as the Department of Defense’s 10th unified combatant command, reflecting the critical role cyber operations play in all military missions.
As Cybercom was growing to maturity, its role in cyber defense–and the cyber threat landscape itself–has also changed. An offensive cyber component has been added to its defensive role. Cybercom has absorbed and consolidated some of the responsibilities held by the Defense Information Systems Agency, among them control of the Joint Force Headquarters-DoD Information Networks (JFHQ-DODIN) and the 15,000 or so DoD networks it defends.
Meanwhile, the defensive ground that cyber operations must cover has grown, particularly with the proliferation of the Internet of Things (IoT) and online activity on social media and elsewhere. There have been, for example, high-profile reports of Russian meddling with U.S. public opinion and attacks on the U.S. power grid and other infrastructure components, Chinese cyber espionage attacks on private and public-sector institutions, and hacks originating in North Korea. And those are just the ones that have found their way into the news.
A major focus for Cybercom will be on artificial intelligence, particularly machine learning, which is drastically changing cyberspace operations in terms of both attack and defense. Other countries and malicious actors are using machine learning to amplify and accelerate their attacks. Defense officials have emphasized the need for better tools to counter those attacks and to keep up with the mountains of information generated by its systems, sensors, and the IoT.
An example of those tools is the Integrated Cyber Intelligence Platform being established by JFHQ-DODIN, which is intended to gather a full range of threat data and use automated predictive analytics to try to identify likely attacks before they take shape.
Automated analytics, which traditionally have relied almost entirely on human review, data, and imagery, is the key to cyber defense, officials have said. As Rogers told Congress last year, “if we’re just going to take this largely human capital approach to doing business, that is a losing strategy.”