Cyberspace joined space, air, land, and sea as areas of concern for the military in the 1960s, when the Advanced Research Projects Agency Network (ARPAnet) first linked the Department of Defense (DoD) with outside defense contractors and academia. While it enabled primarily research labs to more quickly and securely communicate with each other, it also opened the door to a new area of vulnerability.
By the time ARPAnet went public as the Internet in the early 1990s, electronic communication via cyberspace was becoming the norm, not only in the United States, but for many of the world’s militaries, governments, industry, and academia. That, in turn, spawned a new subcommunity of hackers, many individuals stretching their skills without wishing to do harm to others, but also those who found personal satisfaction in breaking into and in some way disrupting computers and networks. Such attacks varied, from individuals they typically did not know, to specific organizations they did not like.
“Cyber threats are the largest national security threat that we have – and we are not prepared to handle it.”
As the potential vulnerabilities of cyberspace grew with the nearly universal adoption of public and private networking, terrorist groups such as al Qaeda, international criminal organizations, and nation-states began recruiting and training skilled individuals – including many previously freelance hackers. These new “cyber warriors” were used to improve defenses for their employers, to track and identify those seeking to break into vital networks, and, ultimately, to create offensive capabilities.
“Cyber threats are the largest national security threat that we have – and we are not prepared to handle it,” Rep. Mike Rogers, R-Mich., chairman of the House Intelligence Committee, told cyber conference attendees in Washington, D.C., on Oct. 3, 2013. “This is an incredibly dangerous time for us.”
The conference addressed recent breaches of data security within some of the nation’s presumably most secure organizations, especially the damage done to international trust and confidence by documents leaked to the media by former National Security Agency (NSA) contractor Edward Snowden.
“One of the long-term ill effects of Snowden is that it was tough enough to get [cybersecurity legislation] through when the waters were calm – and now [Congress] is trying to do it in whitewater rapids,” Gen. Michael Hayden (USAF-Ret.), former director of the NSA and CIA, said at the meeting. “It’s not going to happen; we have lost a whole congressional cycle in getting our government more forward-leaning.”
Nearly 45 years since the launch of ARPAnet, every major government agency – including state and local – company, university, and organization in the world has a cybersecurity department. And every major military has one or more cyber commands, all now entangled in a digital “arms race” every bit as intense, but far more wide-reaching, than their space, air, land, and sea counterparts.
“The speed of war, the speed of business, and the speed of life have all dramatically accelerated,” according to Maj. Gen. J. Kevin McLaughlin, commander of Air Forces Cyber/24th Air Force (AFCYBER). “What used to take days now takes minutes or seconds. The success of operations depends on security – and information security needs to be emphasized right alongside physical security. … The threat is very real. Malicious activity in cyberspace is on the rise, requiring advanced skills and persistent efforts to defend our nation.
“We must also adopt the mindset of protecting our most important assets and worry less about incursions that do not cause harm to systems or missions. We need to apply our resources efficiently and effectively to ensure we can accomplish our mission. This concept applies across the spectrum of public and private organizations. We are working to protect our key cyber terrain through focused, deliberate operations. Working together with our sister services and other partners is the only way to get the full picture of our adversaries’ activities, thus the only way to posture ourselves ahead of those malicious efforts.”
When the Navy stood up its Fleet Cyber Command/Tenth Fleet in January 2010, then-Chief of Naval Operations Adm. Gary Roughead also defined cyberspace as a new challenge to the nation’s security: “The cyber domain is a domain all its own – one of great opportunity, new discoveries, and vexing challenges. It is one into which Fleet Cyber Command [FCC] must forge boldly ahead.”
At that ceremony, the FCC/Tenth Fleet’s first commander, Vice Adm. Bernard J. McCullough III, compared cyberspace today with the early days of World War II’s Battle of the Atlantic, where the United States and its allies were engaged in a physical domain under stress – one in which failing to meet the challenge would have had devastating consequences.
“Cyberspace is a unique domain with a totally different set of challenges. To operate successfully in this newly defined domain, the Navy must first think differently about cyberspace operations. This world travels at the speed of light and requires real-time command and control. We must ensure seamless alignment and integration with fleet operations.”
“Cyberspace is a unique domain with a totally different set of challenges. To operate successfully in this newly defined domain, the Navy must first think differently about cyberspace operations. This world travels at the speed of light and requires real-time command and control. We must ensure seamless alignment and integration with fleet operations,” he said.
“To execute our defined mission, we must be able to exercise command and control over our networks with dynamic, real-time defense and information assurance enabled by intelligence collection. When called upon, we must be able to provide non-kinetic effects in support of regional combatant commanders’ assigned missions. To do this – and do it well – we must work with our sister services, academia, agencies, industry, allies, and partners, for the challenge is so large, to go it alone is not possible.”
It is a perspective his successor, Vice Adm. Michael S. Rogers, shares in pursuing FCC’s mission, which he noted is the only service cyber command to not only operate and defend the networks, but also control offensive cyber capabilities.
“We believe that if you’re going to successfully defend your networks, then you can’t separate operation of the networks from the defensive side – you can’t treat them as totally separate, unrelated activities,” said Rogers, who has since been nominated by President Barack Obama to become the next commander of U.S. Cyber Command, director of the NSA, and chief of the Central Security Service. “I think that gives us great agility. It enables us to make very smart, very fast trade-offs. It’s a real source of strength. We operate them, we maintain them, we structure them, we control them.”
That is reflected in the command’s mission statement: “The mission of Fleet Cyber Command is to serve as central operational authority for networks, cryptologic/signals intelligence, information operations, cyber, electronic warfare, and space capabilities in support of forces afloat and ashore; to direct Navy cyberspace operations globally to deter and defeat aggression and to ensure freedom of action to achieve military objectives in and through cyberspace; to organize and direct Navy cryptologic operations worldwide and support information operations and space planning and operations, as directed; to execute cyber missions as directed; to direct, operate, maintain, secure, and defend the Navy’s portion of the Global Information Grid; to deliver integrated cyber, information operations, cryptologic, and space capabilities; to deliver a global Navy cyber common operational picture; to develop, coordinate, assess, and prioritize Navy cyber, cryptologic/signals intelligence, space, information operations, and electronic warfare requirements; to assess Navy cyber readiness; to manage man, train, and equip functions associated with Navy Component Commander and Service Cryptologic Commander responsibilities; and to exercise administrative and operational control of assigned forces.”
Similarly, the U.S. Army Cyber Command/2nd Army (ARCYBER) also stood up in 2010, and, according to its website, has command and control of Global Army Cyber Command space operations; plans, coordinates, integrates, synchronizes, directs, and conducts network operations and defense of all Army networks; conducts cyberspace operations in support of full spectrum operations to ensure U.S./allied freedom of action in cyberspace and deny the same to adversaries; and develops the Army’s ability to address all doctrine, organization, training, materiel, leadership and education, personnel and facilities (DOTMLPF) domains related to ARCYBER space operations.
Marine Corps Forces Cyberspace Command (MARFORCYBER) stood up in 2010 as the final service component of the new U.S. Cyber Command (CYBERCOM), created in 2010 as a sub-unified command subordinate to the U.S. Strategic Command.