[Infowarrior] - CYBERCOM Arming U.S. Combatant Commands

[Richard Forno]

DefenseNews.com
March 21,2012

CYBERCOM Arming U.S. Combatant Commands

By ZACHARY FRYER-BIGGS

Once entirely controlled by the U.S. National Security Agency (NSA),
offensive cyber weapons are making their way into the hands of the U.S.
military’s geographic combatant commanders.

The effort was alluded to by the NSA and the U.S. Cyber Command (CYBERCOM)
chief, Army Gen. Keith Alexander, as part of congressional testimony March
20, and confirmed by sources. It means that combatant commanders will be
able to employ the weapons as part of overall mission planning, pairing
traditional kinetic attacks with newly developed cyber capabilities.

CYBERCOM will establish Cyber Support Elements (CSEs) at all six geographic
combatant commands, Alexander said in a written statement delivered to the
House Armed Services emerging threats and capabilities subcommittee as part
of a routine budget hearing.

Thus far, U.S. Central Command is the only command with a fully operational
deployment, while U.S. Pacific Command (PACOM) has a partial deployment, a
CYBERCOM spokesman confirmed.

These support elements will provide both technical capability and expertise,
part of an effort to improve the integration of cyber attack capabilities, a
source with knowledge of the efforts said.

“We are currently working closely with two of the geographic combatant
commanders,” Alexander wrote. “Our goal is to ensure that a commander with a
mission to execute has a full suite of cyber-assisted options from which to
choose, and that he can understand what effects they will produce for him.”

A CYBERCOM spokesman confirmed that these options include offensive
capabilities as well as defensive capabilities designed to protect systems,
but said the details of the offensive capabilities are classified.

A source with knowledge of the effort at PACOM said the process is in its
infancy there, as the infrastructure is still being developed and the
integration of CYBERCOM personnel into mission planning is still being
determined.

Providing capability to combatant commanders will notably differ from the
current operational structure, in which most commands must coordinate with
CYBERCOM, which in turn deploys cyber capabilities.

Before CYBERCOM was stood up in 2010, offensive capabilities resided with
the NSA. But the transition away from reliance on the intelligence agency
and toward localized capability is a logical progression, said Chris
Coleman, director of cybersecurity for the public sector at Cisco, as the
NSA was never intended to engage in combat.

“The NSA is an intelligence agency, so the fact that they’re transitioning
combat tools over to CYBERCOM and eventually the combatant commanders makes
perfect sense,” he said. “It’s what they should be doing.”

Alexander did not refer to the effort during his oral testimony, nor was he
asked about it by subcommittee members. Instead, Alexander described the
continuing growth of cybersecurity threats, and the members focused on
responsibility for protecting public companies, as the Department of
Homeland Security is looking to shoulder more of this burden.

But in his written testimony, Alexander focused on the concept of deterrence
through improved attack capability, while avoiding the terms offense or
offensive. DoD officials have been reticent to use the terms, given some of
the legal ambiguity surrounding the use of cyber weapons.

“Cyber Command exists to ensure that the President can rely on the
information systems of the Department of Defense and has military options
available for consideration when and if he needs to defend the nation in
cyberspace,” he wrote. “Our capabilities represent key components of
deterrence.”

Alexander testified with Teresa Takai, the Pentagon’s chief information
officer, and Madelyn Creedon, the assistant secretary of defense for global
strategic affairs. All three said DoD is in the process of developing rules
of engagement for cyber and should conclude the process soon.

Alexander’s testimony also mentioned that CSEs are expected to be deployed
at U.S. Africa Command and U.S. Southern Command within the next six months.

---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.