Maintaining a Premier Cyber Force on a World Stage
With geopolitical challenges increasing, including Russia’s invasion of Ukraine, and China posturing to dominate on its terms, the U.S. Department of Defense’s (DoD’s) cyber warfighting regime faces complex operations on a global front. To continue its presence as the world’s leading cyber force, the United States must maintain and expand its relationships with its allies and partners, leaders say.
In addition, the military must continue to tackle its technology modernization efforts domestically and across the globe, according to Gen. Paul Nakasone, USA, commander, U.S. Cyber Command; director, National Security Agency; and chief, Central Security Service; John Sherman, Department of Defense chief information officer (CIO); and Lt. Gen. Robert Skinner, USAF, director, Defense Information Systems Agency; and commander, Joint Force Headquarters-Department of Defense Information Network (JFHQ-DODIN).
“We are the premier cyber force in the world,” Gen. Nakasone said. “We are ready to do whatever the president or the secretary of defense asks us to do. I think the question really speaks to how do we continue to maintain that quality of capability, and how do we continue to grow it. That is what we are looking at. ... This is a domain that’s important to our nation. It’s important to our department. So, we spend a tremendous amount of time looking at not only the capacity of what we’re doing but also the capability.”
The evolution of the U.S. cyber force means taking American cyber expertise out into the world to help defend against malicious activity from forward positions and also to help create and shape the cyber armies of allies and partners.
Indeed, the Polish Army turned to the United States and other allies when constructing its now three-year-old cyber force. Assisted by officials from the U.S. Cyber Command, U.S. European Command and others, the Polish military created its Cyber Command, which now has 6,000 cyber warriors, according to its commander, Brig. Gen. Karol Molenda, who became the institution’s first leader in 2022. Speaking at AFCEA’S Rocky Mountain Cyberspace Symposium in Colorado in February about putting in place the country’s cyber capabilities with the help of the U.S. military and others, he said, “We were lucky enough to do it before the war in Ukraine.”
Gen. Molenda also is now the 12th chair of the international Cyber Commanders Forum, a group that the United States has helped lead. It was established in 2015 and unites cyber commanders from allied and partner member countries from around the world; Gen. Nakasone led the ninth and 10th biannual forums.
Sharing American cyber expertise with countries like Poland and leading cyber issues on a global front has become a normal part of the United States’ role, Gen. Nakasone said.
He reported that many allies seek guidance on building their own version of a cyber command.“One of the things I’ve watched over the past 10 years is the first piece of it: being able to really build the force and train the force,” Gen. Nakasone advised. “And then in 2018, it all starts to come together. It’s not the fact that we built a force. It’s not the fact that the force is trained. It’s also the fact that we have a new strategy here that talks about ‘Defend Forward,’ this idea of being able to operate outside the United States. What we at U.S. Cyber Command talk about as ‘persistent engagement,’ always being engaged with your adversaries below the level of armed conflict.”
Since Congress’ 2018 authorization to place U.S. cyber teams into allied countries, U.S. forward cyber operations have only grown in scope and scale. In helping Ukraine with its cyber defense in the months before Russia’s invasion, U.S. Cyber Command amassed and deployed its largest-ever hunt forward team to date.
The group of about 40 cyber warriors from the Army, Navy, Air Force and Marines improved Ukraine’s cyber stance against Russia. “The first thing is presence matters,” Gen. Nakasone noted. “On the 3rd of December 2021, we sent a hunt forward team to Kyiv. Seventy-eight days later, they came out. ... They were also the facepiece for the United States as the crisis moved almost to the conflict.”
A great deal of effort went into that forward deployment, Gen. Nakasone continued. “In terms of our preparations leading up to Russia-Ukraine, a tremendous amount of work was done,” he said. “It is setting the globe, setting the theater, working with a series of combatant commands, working with the inner agency, but also deploying forces to Europe to work with U.S. European Command. This was the fabric that really kind of tied together our confidence in the security of the DoD Information Network. That was a tremendous amount of work over a period of about four-plus months, led by Bob Skinner and his forces, but really a tremendous amount of work that, I think, [was] a large payoff for us in the end.”
Dovetailing with U.S. cyber operations is the work the CIO’s office is executing with allies on the technology front, Sherman noted. It is a “Herculean effort” to guide innovative technology and capabilities to ensure the nation is postured and prepared from a domestic view and from a NATO and coalition standpoint.
“The amount of work that goes in not only at our senior-most levels here, but with our colleagues and the folks who work for us and with us that are going out to allied capitals, working with the organizations doing that pick and shovel work of the tactics, techniques and procedures, the standards, the organizational aspects that happen every single week of the year,” the CIO stated. “We have folks that are out doing this work, sitting side-by-side with key allies, learning from them, and teaching as well, in a kind of virtuous cycle of this. That’s what goes on behind the scenes. It’s not just when our delegations at the senior levels touchdown [in a country]. It’s our folks that are out there getting it done every day for what’s going on right now and preparing for future contingencies that we need to be concerned about.”
Cyberspace is a global domain, and the United States has global power and responsibility, Gen. Nakasone indicated. “I think this is more of what you’re going to see as we progress in 2023 and beyond.”
Naturally, it has been important for the United States to put in place a nexus from which to operate domestically, Gen. Skinner shared.
From a project standpoint, the message he has received from Gen. Nakasone is to “set the globe,” he noted. “Whatever happens in the future, combatant commands, agencies, our allies and partners are all going to be together, whether it’s competition, crisis or conflict, our job in operating and defending the DODIN is how we set the globe, and we have the right rheostats that we can turn to make sure that this thing we call the DODIN is always secure, always ready and always supporting of whatever our combatant commanders need, at the time and place of our choosing or what our senior leaders need from a command and control standpoint. That’s the big thing on our plate ... making sure we are postured, positioned and prepared.”
And after seven years as a component of U.S. Cyber Command, the JFHQ-DODIN has evolved into a robust federated environment that manages the DoD’s cyber terrain over 15,000 global networks—and is also serving as a role model for other nations.
“We have the DODIN split up into 45 different ‘DODIN areas of operation (DAOs),’” Gen. Skinner explained. “For any one of those DAOs, there’s no doubt in their minds that JFHQ-DODIN can provide direction and command and control.”
When the JFHQ-DODIN was first established, many questioned their roles and responsibilities, according to Gen. Skinner “Now, everyone is aligned. And that’s one of the biggest things that we talk about with our allies and partners as they stand up their cyber commands. They look at it from a secure, operate and defend their country’s networks perspective. And so, laying that out for them with something that is very easy to understand about the roles and responsibilities of every single one of those areas so that the director or commander knows exactly what we expect from them.”
Having a clear division of DODIN allows the leaders to see where improvements are needed. “When we come by and look in and say and validate, ‘Are you meeting the mark?’ I can let Gen. Nakasone know that, ‘Well, in this area, we’re accepting a lot of risk,’” Gen. Skinner said. “And here’s our plan to get after it. That gives him a sense of understanding of the risk that he’s accepting overall, because he’s in charge of the thing we call the DODIN.”
In addition, the United States is leveraging its relationships across the corporate sector and federal government to inform its cyber protection, which helped improve Ukraine and U.S. defense, given the insights shared about adversarial tools and capabilities.
“From a JFHQ-DODIN standpoint, I’d offer the biggest thing we’ve learned is how fast we have gotten in the sharing of information amongst ourselves, with the FBI and with Cybersecurity and Infrastructure Security Agency,” Gen. Skinner said. “We’re also sharing lessons with allies and partners in the European theater that’s being shared back to us globally. They’re seeing things that the Russians have been doing in the cyberspace. They are bringing that back to us so we can shore our defenses up from a global standpoint because you never know what the next step may be, and you’ve got to be prepared and prepared globally.”
Lastly, the U.S. Cyber commander applauded the first growth of its forces, from 133 to 147 cyber protection teams, although he did not specify where the new teams would be assigned.
“It really kind of demonstrates a couple of things,” Gen. Nakasone said. “First of all is that this is a domain that’s growing, and with a growing demand, you need a growing supply. Secondly is the confidence that we have to be able to build these teams to do such things as space and being able to look at our strategic competition and being able to deploy more teams and more hunt forward operations. But I think the last piece that’s so important to remember is that these are teams that come in after we’ve built the first 133. They’ll learn all the lessons because we’ve learned all the lessons.”
U.S. cyber forces are “really good,” and “perform very well,” Gen. Nakasone said. “When you take a look at what the U.S. intelligence community was able to do before the start of the Ukrainian conflict, what we were able to do as a Department of Defense to set the theater, what we’ve been able to do since then, to be able to provide information and knowledge about what Russia was going to do to our partner, it’s unprecedented and something we’re very proud of.”