The USCYBERCOM, with its 6,200 of personnel (military, civilian, and contractors) spread across 133 mission teams, has been headed by a four-star rank officer, in a dual-hat arrangement with the National Security Agency (NSA), co-located within a common headquarters at Fort Meade, Maryland.[4 ]While the USCYBERCOM has been elevated to the status of a Unified Combatant Command, reports note that the decision to separate it from the NSA is still under consideration.[5]
The USCYBERCOM and NSA have been drawing synergy from each other, on the grounds of common technologies, methods, tools and skill-sets for cyber exploitation. They also draw human resources from the common pool of expertise spread across the armed forces, government and the private sector. However, intelligence gathering in cyberspace, and cyber operations in response to an ongoing conflict, are fundamentally different practices. Intelligence gathering entails prolonged and persistent monitoring of targeted information systems and networks, where the intruder stays under the radar to escape detection or avoids raising any alarms.
On the contrary, cyber operation(s), particularly in response to a geopolitical conflict, might necessitate deliberate attribution to demonstrate its capability, expound its intent or even to establish the deterrent effect. Additionally, intelligence gathering and cyber operations execute different mandates.
While the NSA, being a signals intelligence agency, has a different mandate and modus operandi, the operational competence of USCYBERCOM will tilt further towards cyber offense, with elevated and honed cyber deterrent capabilities. Irrespective of the outcomes of the decision over the existing dual-hat arrangement however, both the NSA and the USCYBERCOM would continue to have a close working-relationship, given the inherent commonalities among intelligence and military activities in cyberspace.
With the creation of the first operational Cyber Command, the US armed forces had already unequivocally prioritised cyber offence, sending a clear geopolitical message of massive retaliation to any act of aggression in either of the natural or cyber domains.
The USCYBERCOM, now ranked equivalent to the US Strategic Command and eight other unified combatant commands, will be better placed and equipped to deter cyber attacks at the first place, and if deterrence fails, then to retaliate or punish the perpetrators.[6] Given that the operational mandate of the USCYBERCOM extends to the domains of land, sea, air, space and cyberspace, a conflict in one of these domains could attract a retaliatory punitive response not just in one, but a few or in all of these domains.
The US decision has strategic implications for every nation state with modernised or modernising armed forces. The growing importance of cyberspace in the doctrines and strategies of modern armed forces have raised the stakes for nation states to recalibrate their security calculus, in accordance with these inevitable changes. This decision of a unified combatant cyber command is going to fuel the prevailing vigorous race to prioritise cyber offence at the one end, and raise its deterrence potential on the lines of space and nuclear commands, at the other end. Therefore, the cyber element is slated to play a predominant role in the arithmetic of deterrence. This will also raise the stakes for both China and Russia, both of whom have a steadfast approach to the role of armed forces in cyberspace, definitely inclined towards offence.
India is not immune to these developments either. A Cyber Command for the Indian armed forces, first mooted by the Naresh Chandra Task Force report in 2012, is yet to see the light of the day. The absence of a statutory cyber command not just limits the options but jeopardises the country’s cyber deterrent capability as well. Therefore, there is the need for an appropriate response, both at the strategic and operational levels.
Views expressed are of the author and do not necessarily reflect the views of the IDSA or of the Government of India.
About the author:
*Munish Sharma is Consultant at the Institute for Defence Studies and Analyses, New Delhi.
Notes:
- 1. Office of the Press Secretary, “Statement by President Donald J. Trump on the Elevation of Cyber Command”, The White House, August 18, 2017, at https://www.whitehouse.gov/the-press-office/2017/08/18/statement-donald-…, accessed August 24, 2017.
- 2. Munish Sharma, “Raising a Cyber Command for Indian Armed Forces: Requisites and Organisational Considerations”, Synergy – Journal of the Centre for Joint Warfare Studies, July 2017, New Delhi, p. 106.
- 3. US Army Cyber Command, “US Cyber Command”, at http://www.arcyber.army.mil/Organization/USCyberCommand, accessed August 24, 2017.
- 4. US Department of Defense, “Department of Defense Cyber Strategy”, April 2015, at http://www.defense.gov/Portals/1/features/2015/0415_cyber-strategy/Final…, p. 6, accessed August 24, 2017.
- 5. Jim Garamone and Lisa Ferdinando, “DoD Initiates Process to Elevate U.S. Cyber Command to Unified Combatant Command”, DoD News, August 18, 2017, at https://www.defense.gov/News/Article/Article/1283326/dod-initiates-proce…, accessed August 25, 2017.
- 6. Carlos Barria, “Trump lifts Cyber Command status to boost cyber defense”, CNBC, August 18, 2017, at https://www.cnbc.com/2017/08/18/trump-approves-plan-to-boost-military-cy…, accessed August 24, 2017.