U.S Cyber Command’s Evolution Is Underwritten by Legal Authorities
The strength of the U.S. Cyber Command, the nation’s cyber military operations, rests on its legal authorities to conduct missions and share cyber information. The understanding and expression of these authorities has grown as the command’s cadre of staff judge advocates (SFAs) tackles each new operation, explained Gen. Paul Nakasone, USA, commander, U.S. Cyber Command, director of the National Security Agency and chief of the Central Security Service.
Under a democracy that abides by international laws, the Cyber Command relies on its legal team of SFAs to make sense of its authorities to conduct borderless missons, exercises and operations, said Gen. Nakasone speaking at the U.S Cyber Command’s Legal Conference, held at Joint Base Andrews, Maryland, and streamed virtually today and yesterday. He has seen first-hand the evolution of its legally supported operations, from understanding how the command’s operations fit into national security to knowing how to work more with the private sector.
“Let me tell you about the legal support in 2020 the way I saw it, having known every single staff judge advocate since Gary Brown was our first and now Pete Hayden is our latest,” Gen. Nakasone said. “I would tell you, this is what our legal focus was on in 2020, this idea of policies and authorities, and different and changing policies. What does National Security Policy Memorandum 13 mean to us? How do we work so effectively? What does it mean to be a traditional military activity? This is where I leaned very heavily on my staff judge advocate to say, ‘Hey, what does this do in terms of the authorities and the capabilities and the way that we're able to operationalize our force?'”
The pace of cyber operations in 2020 “is nothing like the pace of 2023,” the general reflected. But even in 2020, the amount of cyber attacks had grown significantly compared to earlier years. And for all of those operations, the Cyber Command’s attorneys “were very, very busy in a series of mission packages,” he said. “They were taking a look at what does it mean to do acquisition? And what does it mean to be in the midst of labor law? And the things that are foundational to what our command does.”
We've done two elections since we last met. We certainly can talk about this as the template that we had established in 2018. It is this idea of being able to understand your adversary better than they understand themselves and share information in support of a series of lead agencies like the FBI and CISA. And then impose costs so that our adversaries understand that there are consequences for attempting to interfere or influence our elections.
Now, the SJAs are underwriting the command’s expanding work with the private sector, fine-tuning the authorizations needed in that unique environment. “In the beginning of 2020, it was this idea of how do we engage with the private sector?” Gen. Nakasone shared. “We relied heavily on the staff judge advocate and his attorneys to really understand what are the limits, the left and right limits of what we can do with the private sector. It was pretty narrow at first, really, it's the defense industrial base. This is where the authorities that reside with the secretary of defense come down. But then this idea of being able to bring the law, and what we're seeing in the domain together, started to take route. Because we realized that there were other entities that we had to be able to engage with to ensure that we're able to secure the nation in cyberspace.
In addition, the command’s authorities to train and equip—akin to a military service’s authorities—have strengthened the command’s operations even more. “We have a set of different service-like authorities,” he stated. “And what are service-like authorities? They are training, provisioning and acquisition that allow us to operate more and more like a service. Because everything in cyberspace is tied to agility and unity of effort. And if you get speed and agility and those kind of authorities, [we succeed]."
Moreover, in fiscal year 2024, the command is looking to harness so-called enhanced budget control. “Being able to provide the resources to the person that has the authorities and responsibility that is operating in the domain, this is called enhanced budget control,” Gen. Nakasone stated. “This is significantly different than the last time we met. And in fact, we're going to start executing enhanced budget control in FY 24. It is a huge effort in terms of what we're doing.”
The elevation of the command to a sub-unified command has also had a strengthening impact, the general said. Leaders of subordinate unified commands—like the Special Operations Command—have responsibilities and functions similar to commanders of unified commands—like U.S. European Command—with operation control of assigned forces, in this case, in the cyber domain.
“Here's the other piece for someone who has commanded the Cyber National Mission Force,” Gen. Nakasone noted. “We were able last year to elevate to a sub-unified command. And why is that important? Because it gives us the stature and ... the authorities that are representative in a sub-unified command, this idea that the services treat the command differently from a manning and recognition of talent perspective. Being able to utilize that, as a premier force, has been something really important to us.”
Even across the federal government, its relationships over the last three years have improved. “The other thing that I would tell you in terms of what's changed since we last met is the idea of partnerships,” the commander stated. “And this is truly the piece that I'd like to make sure that you take away from here is that our partnerships in 2020 were much different than they are in 2023. We had a very, very great understanding of this idea of the partnership between U.S. Cyber Command and the National Security Agency. We also had a growing understanding of the partnerships within the interagency, including the importance of FBI and CISA [Cybersecurity and Infrastructure Security Agency] in terms of what we're doing [to secure the nation], most prominently in our work with election security.”
Also, what has changed since then is Cyber Command’s growth internationally with allies and partners as well as with the private sector and universities. “It is this idea that industry, and international partners and academia, are going to be huge in what we need to do.”
Lastly, ahead of the 2024 U.S. Presidential Elections, Cyber Command is following an enhanced playbook that they established in 2018 to safeguard the election from cyber attacks, the general noted.
“We've done two elections since we last met,” he said. “We certainly can talk about this as the template that we had established in 2018. It is this idea of being able to understand your adversary better than they understand themselves and share information in support of a series of lead agencies like the FBI and CISA. And then impose costs so that our adversaries understand that there are consequences for attempting to interfere or influence our elections.”