Once entirely controlled by the U.S. National Security Agency (NSA), offensive cyber weapons are making their way into the hands of the U.S. military’s geographic combatant commanders.
The effort was alluded to by the NSA and the U.S. Cyber Command (CYBERCOM) chief, Army Gen. Keith Alexander, as part of congressional testimony March 20, and confirmed by sources. It means that combatant commanders will be able to employ the weapons as part of overall mission planning, pairing traditional kinetic attacks with newly developed cyber capabilities.
CYBERCOM will establish Cyber Support Elements (CSEs) at all six geographic combatant commands, Alexander said in a written statement delivered to the House Armed Services emerging threats and capabilities subcommittee as part of a routine budget hearing.
Thus far, U.S. Central Command is the only command with a fully operational deployment, while U.S. Pacific Command (PACOM) has a partial deployment, a CYBERCOM spokesman confirmed.
These support elements will provide both technical capability and expertise, part of an effort to improve the integration of cyber attack capabilities, a source with knowledge of the efforts said.
“We are currently working closely with two of the geographic combatant commanders,” Alexander wrote. “Our goal is to ensure that a commander with a mission to execute has a full suite of cyber-assisted options from which to choose, and that he can understand what effects they will produce for him.”
A CYBERCOM spokesman confirmed that these options include offensive capabilities as well as defensive capabilities designed to protect systems, but said the details of the offensive capabilities are classified.
A source with knowledge of the effort at PACOM said the process is in its infancy there, as the infrastructure is still being developed and the integration of CYBERCOM personnel into mission planning is still being determined.
Providing capability to combatant commanders will notably differ from the current operational structure, in which most commands must coordinate with CYBERCOM, which in turn deploys cyber capabilities.
Before CYBERCOM was stood up in 2010, offensive capabilities resided with the NSA. But the transition away from reliance on the intelligence agency and toward localized capability is a logical progression, said Chris Coleman, director of cybersecurity for the public sector at Cisco, as the NSA was never intended to engage in combat.
“The NSA is an intelligence agency, so the fact that they’re transitioning combat tools over to CYBERCOM and eventually the combatant commanders makes perfect sense,” he said. “It’s what they should be doing.”
Alexander did not refer to the effort during his oral testimony, nor was he asked about it by subcommittee members. Instead, Alexander described the continuing growth of cybersecurity threats, and the members focused on responsibility for protecting public companies, as the Department of Homeland Security is looking to shoulder more of this burden.
But in his written testimony, Alexander focused on the concept of deterrence through improved attack capability, while avoiding the terms offense or offensive. DoD officials have been reticent to use the terms, given some of the legal ambiguity surrounding the use of cyber weapons.
“Cyber Command exists to ensure that the President can rely on the information systems of the Department of Defense and has military options available for consideration when and if he needs to defend the nation in cyberspace,” he wrote. “Our capabilities represent key components of deterrence.”
Alexander testified with Teresa Takai, the Pentagon’s chief information officer, and Madelyn Creedon, the assistant secretary of defense for global strategic affairs. All three said DoD is in the process of developing rules of engagement for cyber and should conclude the process soon.
Alexander’s testimony also mentioned that CSEs are expected to be deployed at U.S. Africa Command and U.S. Southern Command within the next six months.