From a semi-historical perspective, I recall reading about discussions c. 1942 on creating a separate "desert force" service.  Afterall, the argument went, maneuver with mechanized and armored forces in the desert is totally unlike anything we are doing conventionally.  

My point -- there is utility in investigating the parameters of cyberwarfare, but whether it justifies a separate service at this time -- or in the near future -- is speculation best lubricated with a few beers.

By the way, STRATFOR recently published an analytical piece about China's ventures in cyber warfare.  I can sumarize for those interested; contact me separately.

This subject raises many issues that we in the military must be ready to face.  At what point does a cyber attack force our civilian leadership to commit conventional forces in response.  What if a coordinated cyber attack takes down a regional power grid, 911 sytem, and air traffic control system all at once, and thousands die in the ensuing chaos? Are we going to counter attack using our "cyber-force" or are we going to commit conventional forces to destroy an enemy's ability to wage a cyber war on the U.S.. What if the attack comes from a terroist organization?

The Economist magazine published an article on the subject in it's Dec 4th, 2008 edition titled "Marching off to cyberwar." This article is worth a read, if just to make you think.

Having a Cyber COCOM would help to focus efforts in this area.  I do wonder what will happen when the first OPLAN is executed.  What force would this new functional COCOM bring to bear on an adversary? Will this COCOM be responsible for defending private U.S. companies or just U.S. government agencies? I seem to have more questions than answers.  As we rely more and more on digital communication devices to both earn an income and fight our wars I think this issue will gain more importance.

I wonder what the relation of a Cyber Force would be with the other branches of the military.  All the military branches are in the process of migrating toward highly networked and information-based warfare.  All of that new networked infrastructure will need defending.  A hypothetical Cyber Force would, I assume, find itself deployed (embedded?) along with every other force, to defend their networks.

I truly enjoy this blog.  Both in its dry humor and the sincere insightful approach to the current crossroads of the military profession.

However, after reflecting upon the submission of Space as a separate force as well as the cyber combatant command.... what is the determining factor, the medium (or domain) it encompasses or its newfound prevalence?  Cyber, as in computers, have become ubiquitous (as has communications).  Why create a new entity?

As a young Signal Officer dreading the deletion of the Divisional Signal Battalion, I openly questioned the justification to a mentor.  I was told that the Chief of Staff of the Army intended to make Commander's responsible for their communications (and ensure a Signal LTC wasn't everyone's scapegoat).  Though it failed to impress me then, after time in a division as a BCT S6 it resonates clearly.  Communications are critical to today's Battle Command and the Commander needs to prioritize them.

I personally think computers are just an evolution to this dynamic, and what the Army needs to do is resource Commanders with capable personnel to prosecute this fight.  Cyber warfare is not just the attack; it is the protect and support functions-- as articulated by the EW community and the newly published FM 3-36.  It will be an everyday fight.  It will be in theater and it will be in garrison.  You can't wait for an attachment from JFCOM/COCOM to save the day.

Cyber is an aspect of how we fight and our modular force needs to own it.

v/r

MAJ Abadie

16B

While standing up a new "U.S. CyberForce" military service might have the appeal of being simple and solving a few problems, I believe the gain would not be worth the cost.

All three major functions of Computer Network Operations (CNO) (Computer Network Defense (CND), Computer Network Exploitation (CNE), Computer Network Attack (CNA)) are already assigned AND being executed.  Currently, the USC Title 50 authorities to conduct CNE are already assigned to: the National Security Agency.  The CND portion of CNO already occurs at the national level at a national intelligence agency: the National Security Agency.  The USC Title 10 authorities to conduct CNA missions are already assigned to a standing Joint Task Force Commander... the military General who happens to be the Director of [you guessed it] the National Security Agency.  I expect that is why the DIRNSA is the one everyone expects to lead the new CyberCommand discussed in the originally quoted article in this blog (New Cyber COCOM Likely).  And, unsurprisingly, why the DHS lead on cybersecurity had his panties in a wad and resigned when he discovered that what he really wanted to accomplish was already being done (under a guy who already has the job).

Under this construct, each service also has supplementary, subordinate organizations to do additional functions within the CND mission.  The actions they take are not always complementary, but there is no question where the CURRENT authority lies to make decisions for the nation's defense (which happens to reside in the Department of Defense.)  In the each service, those are almost always Signal Officers (whatever the name each service gives them) who are defending their service's ability to communicate.

The CNE mission is aaaaalllmost universally conducted by intelligence gathering people.  At NSA, the Soldiers, Sailors and Airmen (and a select few Marines) who do those functions as authorized by USC Title 50 sit alongside a crapload of civilian DoD employees and contract personnel to accomplish it.  Those civilian gummint employees and civilian contractors are only authorized to do those things under the authority given to the DIRNSA to proactively gather/analyze cyber intelligence as a function of defending the nation.

Finally, the CNA mission is conducted by a military organization staffed by a similar [some snide, cynical types might even imply THE EXACT SAME] mix of Soldiers, Sailors and Airmen (and a select few Marines) who sit beside a bunch of DoD civilians (no contractors) to execute attacks as directed by the nation’s civilian leadership under USC Title 10 authorities.  Because my interaction with the JTF is so limited, I am not sure where the classified/ unclassified line is (though I am positive this blog is unclassified.) However, the existence of the JTF as a fully functioning JTF (not a proposed, nebulous thing) is unclassified and I’ll leave it there.

So, currently, the military services already provide the staff-power to make these missions happen.  The missions are already ongoing…and have been for years.  Each service also trains their military members to a high state of readiness to make those missions happen.  Often, services train each other’s members to accomplish some of these missions: the Navy, down in Florida, trains every Soldier and Airman for one portion of “what is it” hunting.  What the services have a hard time doing is leaving highly trained Soldiers (or whatever) sitting in place conducting those missions when some assignments dickhead (no offense to any of you assignments dickheads out there)  ;D  thinks that a Sergeant First Class who has become one of the nation’s most advanced computer guys needs some “development” time at Ft. Hood when III Corp needs to deploy to Iraq in 6 months. (that is just an example, of course, the real guy was a MSG).   No one questions that the Army has real, no-shit needs for the MOS these guys happen to have, but there has to SOME plan when there are only 5 or 10 of them in the entire USA gummint, much less the military services.  (Now he is useless to the cybermission and will probably never get back up on his surfboard because the cyberwave never stops.)

In the end, if you could ever get the congressional elephants to look up from slobbering in their rice bowls to stand up an entire military service, it might solve the challenge of fighting over inside-each-service rice bowls for personnel.  What are the real issues to solve?  Who owns the mission, who owns the funding, and who owns the people?  

1) Who owns the mission: NSA

2) Who owns the funding: Does anyone need all three guesses why there is a fight?

3) Who owns the people: DoD for sure, mostly the individual services.

Despite all of the challenges to who wants to be in charge of what, there is already a legal answer.  So, if the congressional elephants can pull their snouts out of trying to get another billion $$$ for a new bridge to nowhere in their election district and just designate the CURRENT JTF the new COCOM, the funding issue would be resolved. Then, the mission can continue without all the yapping from some DHS civilian who wants to have MORE authority (aka MONEY).  The Army happens to be fighting a couple of wars here, so their very legit needs sometimes screws with 5 years of training.  It happens with all the services… even when they aren’t 75% committed to a ground conflict or two.  That one problem would probably be solved with a new US Cyberforce.  But, as anyone who has stuck their nose in any Corps or COCOM HQ knows, the tooth is nothing near as big as the tail (even for a few select Marines). SOMEONE has to do pay services, write awards, make staffing decisions.  It might require bureaucracy to make things happen, but we have enough bureaucracy already built up in the current services and bureaucracy is VERY, VERY expensive.  Designating a new MOS and only placing those MOS billets where there are cyberforce missions to accomplish would have the same effect of aligning staffing capability with the mission WITHOUT having to invent a new uniform.  I can’t imagine why the two Army branches that are currently receive the most CNO funds would resist giving up personnel and billets, but it seems to have happened about two months back…no idea why, of course.

For those civilians out there who want to be a part of something, they can send in their resume.  There were over 170 openings last time I had dinner with the guy (an Army major) who runs the mission schedule and had to listen to him bitch about needing more computer nerds.

Mr. King,

I enjoyed the referenced article by LTC Conti yet I must admit that I was obsessed by the stereotyping of cyber 'specialists' as inable to execute "skills such as marksmanship, physical strength, and the ability to jump out of airplanes and lead combat units under enemy fire."  Since I assume he has more experience than I do with this population, I will not question his characterization regarding an individual or population demographic's capacity to be all they can be.  However, the skills he dismisses as irrelevant are those we value within a combat environment.  More importantly, our current operational environment does not discern between the infantryman or logistician.  Or geek, nerd, and the host of other terms that were used.

Therefore, the relevance in his statement is that there is no element of cyberwarfare at the tactical level.  When describing marksmanship, paratrooping, and combat leadership he proclaims that "these skills are irrelevant in cyberwarfare."  Is there any other conclusion to such a comment?    

Even if Defense leaders deem it necessary to create a specialized force for all of the aforementioned reasons, the Army needs to continue to ask if cyberwarfare is relevant at the BCT level.  If it is, than we need to carefully screen your newfound cyber command for individuals desiring physical prowess and intestinal fortitude.  Our leaders will make them Army Strong and let them loose on what may one day be the cyber 'close fight.'

v/r

MAJ Abadie

16B

Last week the Wall Street Journal published an article stating an announcement of a new cyber command is expected "after the Obama administration finishes its recommendations for cybersecurity policy, which could come as soon as next week."

online.wsj.com/.../SB124060266381953839.html

"Defense Secretary Robert Gates plans to nominate the director of the National Security Agency to head a new Pentagon Cyber Command, which will coordinate computer-network defense and direct U.S. cyber-attack operations, according to a draft memo by Mr. Gates."

"NSA Director Keith Alexander, a three-star general, is expected to earn a fourth star when he moves to his new job at the Cyber Command. The memo doesn't state that directly, but says that his deputy at the new command will be of a three-star rank."

"The new command will be located in Maryland at Fort Meade, which is home to the NSA's headquarters just outside of Washington. It will open by October, according to the memo, and will be at full strength the following year."

This 22 April 09 Washington Post article noted that STRATCOM's current mission set includes the cyber arena, and then touched on some of the other government organizations with cyber roles (DISA, NSA).

The establishment of another combantant command (to a grand total of 11 COCOM's) seems a stretch at this point and I'm not convinced it would be more effective than what is in place now, provide a more clarified unity of effort, or bring about any significant gains in efficiency.  I could understand the establishment as a sub-unified command under STRATCOM.  

Whether a command finally gets established, or an organization just gets the rose pinned on them; I do believe the cyber arena does need a coordinated effort to establish lanes of responsibility, and ensure all aspects of cyber attack and defense are addressed from a national perspective.

Hopefully, I will gain a better perspective on the topic during my next assignment working for DISA.

Respectfully,

MAJ Gregris

Sorry, I forgot to include the URL in my previous post...

www.washingtonpost.com/.../AR2009042202742.html

Respectfully,

MAJ Gregris

Interesting topic, in which I am personally very interested.

Today (15 June) Deputy Secretary of Defense William Lynn address a large crowd at the Center for Strategic and International Studies. Many expected (as reported by Federal News Radio 1400) the announcement of the creation of the Cyber Command... current proposal as a subunified command under USSTRATCOM (possibly using the JFCC-NW and JTF-GNO as its feeder units... my speculation). The Deputy Secretary reported that the SECDEF has not made his mind up yet on the creation of the Cyber Command. The overall topic was Cybersecurity as a Defense Policy and is worth the 40 mins or so to watch the remarks and questions following. Mr Lynn stressed that a Cyber Command (if approved) would only focus on the .mil domain. That would leave .gov for DHS and .com for the private business to "defend." Asked repeatedly about the offensive capabilities and doctrine of the current DoD fight, Mr. Lynn danced around on stage to much laughter.

Enjoy, Clay.

Article:

gcn.com/.../web-dod-cyber-command.aspx

Video:

http://blip.tv/file/2243669

As evidenced by the recent events during the Iranian election, I believe that another tool that needs to be put in the kitbag of the cyberwarriors is their ability to make connections available.  When dealing with societies where they have enough technology penetration, making connections available during crisis times for the man on the street can possibly provide sufficient impetus and support that would normally be stamped down by the government.  The State Department's request to Twitter to delay a software upgrade was exactly the right answer as well as many computer users allowing their computers to act as portals for people in Iran - these are tools that we should foster and use in the future.  It is not just attack and defend, it is also support.