An Outsider’s Look at the United States Cyber Command

Cesar Pie
President and CEO
CSIOS Corporation

Cesar PieThe 10TH Unified and 4TH Functional Combatant Command

The United States (U.S.), along with its allies and potential foes, are witnessing an unprecedented fast–paced evolution of the 21st century cyberspace domain landscape. As it relates to our military advancements, key milestones have included: the establishment of the U.S. Cyber Command or USCYBERCOM on June 23, 2009; the direction to elevate its status to a Unified Combatant Command (UCC) focused on cyberspace operations on August 18, 2017; and its formal promotion to become our nation’s 10th UCC and 4th Functional Combatant Command (FCC) on May 4, 2018.

Headquartered at Fort Meade, Maryland, USCYBERCOM is organized from components that together represent all the Armed Services. USCYBERCOM’s mission is fundamentally to direct, synchronize, and coordinate cyberspace planning and operations to defend and advance national interests in collaboration with domestic and international partners. This mission is performed in accordance with national and Department of Defense (DoD) strategic guidance and in unison with three mission objectives:

  • Ensuring DoD mission assurance by directing the operation and defense of the DoD’s information networks (DoDIN);
  • Deterring or defeating strategic threats to U.S. interests and infrastructure; and
  • Achieving Joint Force commander objectives in and through cyberspace.

USCYBERCOM runs operations through its components: Cyber National Mission Force (CNMF), Joint Force Headquarters (JFHQ)–DoDIN, plus four Service cyber components, including: Army Cyber Command, Marine Forces Cyberspace Command, Fleet Cyber Command/Tenth Fleet, and Air Forces Cyber/24th Air Force (as well as U.S. Coast Guard Cyber).  Today, USCYBERCOM’s Cyber Mission Force (CMF) comprises more than 6,100 personnel including military members, government civilians, and contractors.

The following is an outsider’s look at the decision to elevate USCYBERCOM to UCC status, the global perception of USCYBERCOM’s new promotion as the 10th UCC and 4th FCC, the current dual–hat arrangement between the National Security Agency (NSA)/Central Security Service (CSS) and USCYBERCOM, and its immediate challenge as a new UCC.

A Unified Combatant Command: Why Now?

The decision is clearly a direct response to the growing number of threats found in the cyber realm, from nation–sponsored and independent actors; as well as the growing size and increased complexity and criticality of the DoD’s cyber terrain.

In recent years, the magnitude of DoD’s cyber–attack surface has expanded and now extends globally to more than 145 countries, 6,000+ locations, 600,000+ buildings and structures, more than 15,000 classified and unclassified networks and 7 million IT devices worldwide. It is no secret that, over time, the enormous size of the DoD has made it an easier target for a growing number of cyber–attacks that are becoming more sophisticated and aggressive. Every day, the largest attack–surface in the world, represented by the DoDIN, is subject to cyber–attacks—any of which could, without adequate implementation of cybersecurity controls, have adverse effects on mission operations, our nation, and our allies.

In light of this, the decision to elevate USCYBERCOM to UCC status may not be just the foremost significant step in the DoD’s continued efforts to better manage its cyber terrain and continue to build its cyber capacity and capabilities—it may also be one of the greatest strategically timed and carefully placed cyber decisions we may ever witness. This decision has been long–awaited and necessary because it better positions our nation to address the ever evolving and increasing cyber–threats. USCYBERCOM’s elevation from its previous sub–unified command status signals to our adversaries—and reassures our allies and partner—that:

  • The cyberspace domain is critical to our national security;
  • The U.S. is committed to adjust to the changing nature of cyberwarfare; and
  • Our nation is determined to preserve U.S. military superiority across all warfighting domains, to include cyberspace.

In general, USCYBERCOM’s position strengthens our cyberspace operations and creates more opportunities to improve our national defense. For example, consolidating authorities under a single commander will:

  • Streamline the command and control (C2) of time–sensitive cyberspace operations;
  • Facilitate planning and execution of military operations that involve multiple mission areas and warfighting domains that depend on cyberspace and;
  • Help the Department to better synchronize and prioritize resources, training, and cyber investments.

The Global Perception of USCYBERCOM’s Elevation

A Commitment to Cyber Superiority

It is also no secret that nations and nation–sponsored groups are competing against one another—some even forming back door alliances to develop offensive and defensive cyber capabilities in the hunt to establish cyberspace superiority.  The U.S. continues to face cyber–adversaries that are growing in sophistication, capability, motivation, and extreme impudence. Moreover, cyber–attacks from adversaries continue to increase in magnitude, intensity, variety, velocity, and volume.  For example, in addition to Russian and Chinese actors, we are seeing other nation state cyber–actors continue to build off past successes to improve the scope and scale of their capabilities, increase their technical footprint into our military and civilian systems, exploit weaknesses and vulnerabilities to steal from private contractors, and constantly challenge the adequacy of our cyber defenses. For years, our cyber defenders have been fighting an uphill battle to maintain superiority on today’s cyber battlefield as threat actors have conducted hacking and cyber–espionage campaigns with precision and stealth—unconcerned and unafraid of repercussions or retaliation.

By elevating USCYBERCOM to UCC status , the U.S. demonstrates a commitment to cyber superiority—and by embracing the changing nature of military warfare, the U.S. reassures its allies that our nation has no problems adapting, adopting, and reprioritizing its efforts to maintain a leadership role in the cyberspace domain. As a new UCC, USCYBERCOM now has the authority,  power, and resources to maneuver forces as needed to deny freedom of action to adversaries—and  create cyber effects to gain operational advantage in, through, and from any point in cyberspace.

A New Cybersecurity Paradigm

DoD’s dependency on cyberspace is beyond measure. In essence, cyberspace superiority has become the linchpin of our military superiority. Today, the DoDIN is much too large to defend against all threats and too vast to close all vulnerabilities. While the Department is taking steps to identify and prioritize assets based on risk to the mission in order to better protect and defend its most critical assets and information, USCYBERCOM continues to strategically organize its chess pieces to address this reality.

While USCYBERCOM continues to work collaboratively with DoD organizations and allies to build and maintain viable options to control conflict escalation and shape the conflict environment in the cyberspace domain, it is also focused on defending the DoDIN, securing DoD data, and mitigating risks to DoD missions through the integration, balancing, and improvement of the Department’s cyber operational resilience and cyber deterrence postures.

Since our defense capabilities cannot guarantee that every cyber–attack will be denied successfully, we must invest in resilient and redundant systems to sustain operations in the face of disruptive or destructive cyber–attacks. Cyber resilience allows our nation to operate under adverse conditions, even in a degraded or debilitated state. Today, DoD organizations are learning to take proactive steps to identify, prioritize, and defend their most important assets in order to carry out their missions within a contested cyber environment in the event of a successful attack  or if aspects of the infrastructure on which they rely is disrupted.

Cyber deterrence forces an adversary to think about the potential consequences of launching a cyber–attack or exploitation activity. To successfully accomplish deterrence, we need to:

  • Convince would–be attackers that they won’t succeed, at least without an enormous level of effort and cost beyond what they are willing to invest, and;
  • Ensure adversaries know there will be a strong response that might inflict more harm than they are willing to bear.

Nations such as Russia and North Korea, for example, have shown an incredible resistance to U.S. political and economic pressure and may be difficult to deter without credible threats of military actions. To be effective, we must understand the motives, intent, and levels of risk tolerance of cyber–threat actors; tailor our cyber deterrence strategies toward each group; and work towards increasing the prosecution rate to a level that swings the cost–benefit calculus in favor of the U.S.

Splitting of the “Dual Hat” Arrangement

NSA/CSS and USCYBERCOM Dual–Hatting Responsibilities

Chairman of the Joint Chiefs of Staff (CJCS) Instruction 1330.05A, Joint Officer Management Program Procedures, employs the term “dual–hatting” to describe a position in which an incumbent officer has responsibilities in two organizations simultaneously—usually to that officer’s particular military service, and to a joint, combined, or international organization or activity. Dual–hatting is a relatively common practice within the DoD that helps align authorities, improve mission effectiveness, employs a senior commander’s experience and expertise while balancing the scope of responsibility.

When the Secretary of Defense directed USCYBERCOM’s establishment in 2009, he also advised President Obama to assign its commander dual–hat responsibility as Director of the National Security Agency (NSA). This would allow USCYBERCOM to use existing NSA/CSS infrastructure and tools to carry out its mission more quickly while establishing unity of command and effort for DoD in the cyberspace domain. In accordance with DoD Directive 5100.20, National Security Agency/Central Security Service and Joint Publication 3–12(R), Cyberspace Operations, roles and responsibilities of the dual–hatted leader of the Director NSA/CSS, and USCYBERCOM include the following:


U.S. government lead for cryptology

Principal advisor to the DoD on signals intelligence

Exercises signals intelligence operational control and establishes policies and procedures for departments and agencies to follow to appropriately, effectively, and efficiently perform signals intelligence

Provides information assurance guidance and assistance to DoD and national customers

Develops and manages the NSA portion of the Military Intelligence Program resources and capabilities

Promotes full partnership between NSA and the cryptologic elements of the Armed Forces in the execution of signals intelligence and other cryptologic operation

Defends critical cyberspace assets, systems, and functions against intrusion or attacks

Secures, operates, and defends the DoD information network

Synchronizes and directs transregional cyberspace operations in coordination with other Combatant Commands, the CJCS, and the Office of the Secretary of Defense, liaises with other U.S. government departments and agencies, and members of the defense industrial base in conjunction with the Department of Homeland Security.

Conducts full spectrum military cyberspace operations in order to ensure freedom of action in cyberspace and deny the same to adversaries

Advantages and Disadvantages

While the DoD does not have an official position on the merits and pitfalls of maintaining the dual–hat leadership arrangement of NSA/CSS and USCYBERCOM, a recent report to the Congressional Committees by the United States Government Accountability Office identified the following advantages and disadvantages of the arrangement.

Improved coordination and collaboration between NSA/CSS and USCYBERCOMConcern that USCYBERCOM priorities may receive preference over other commands’ priorities with respect to NSA/CSS support
Faster decision–makingIncreased potential of NSA/CSS operations and tools being exposed
Efficiency of resourcesToo broad of a span of control that potentially limits effective leadership
Increases tension between NSA/CSS and USCYBERCOM staff who are responsible for military and/or intelligence operation tasks that are not always mutually achievable
Enables sharing of resources between NSA/CSS and USCYBERCOM  resulting in resource allocation that is not always easily understood by personnel

Conditions to Ending the Dual–Hat

During Fiscal Year 2017 (FY17), Section 1642 of the National Defense Authorization Act  (NDAA) enumerated a number of conditions that the Secretary of Defense and the CJCS must jointly certify before the dual–hat leadership arrangement for NSA/CSS and USCYBERCOM can be terminated.  These conditions include:

  • Robust operational infrastructure has been deployed that is sufficient to meet the unique cyber mission needs of USCYBERCOM and NSA;
  • Robust C2 systems and processes have been established for planning, deconflicting, and executing military cyber operations;
  • The tools and weapons used in cyber operations are sufficient for achieving required effects;
  • Capabilities have been established to enable intelligence collection and operational preparation of the environment for cyber operations;
  • Capabilities have been established to train cyber operations personnel, test cyber capabilities, and rehearse cyber missions and;
  • The CMF has achieved full operational capability.

Mitigating the Risks Associated with Ending the Dual–Hat

One of the differences of dual–hatting a UCC focused on cyberspace operations versus any other organization is that cyberspace is a man–made virtual domain that is constantly under construction. Cyberspace is not only a domain in, from, and through which military operations create intended effects, it is embedded in every warfighting domain of–land, sea, air, and space–which makes operations in all other domains dependent of the cyberspace domain. These dependencies have risks and impacts to political, economic, and diplomatic areas—a span of influence that some may consider too broad for effective leadership of a single organization.

In fact, since some risks, impacts, and dependencies are still unknown, Section 1642 of the NDAA for FY17 also required DoD and Congress to document actions that could mitigate the risks associated with ending the dual–hat leadership arrangement. These actions include:

  • Achieving full operational capability for the 133 CMF Teams;
  • Formalizing agreements between NSA/CSS and USCYBERCOM to ensure collaboration on key issues;
  • Developing a persistent cyber training environment to provide a realistic, on–demand training capability;
  • Developing independent Title 10 cyber capabilities for USCYBERCOM that do not rely as much upon NSA/CSS Title 50 infrastructure;
  • Elevating and resourcing USCYBERCOM to a UCC and;
  • Completing implementation of NSA–21 reorganization initiative.

Conclusion: The Immediate Challenge

While the department’s Unified Command Plan (UCP) sets forth basic guidance to all Combatant Commanders and establishes the missions, responsibilities, and areas of geographic responsibility among all the Combatant Commands, DoD Directive 5100.03, Support of the Headquarters of Combatant and Subordinate Unified Commands, pursuant to section 165 of title 10, U.S. Code, establishes policy and assigns responsibilities for the administrative and logistical support of Combatant Command headquarters and subordinate unified command headquarters.

According to DoD Directive 5100.03, the military departments—as Combatant Command support agents—are responsible for programming, budgeting, and funding the administrative and logistical support of the headquarters of the Combatant Commands and subordinate unified commands. As it stands, on an annual basis the three military departments assess needs and request funding as part of their respective operation and maintenance budget justification to support the Combatant Commands’ and subordinate unified commands’ cyber requirements. The directive assigns each military department responsibility for specific Combatant Commands and subordinate unified commands. With now ten Combatant Commands there may be some initial struggle identifying how to adequately resource the new UCC. One would assume that the DoD’s budgeting and funding may become more competitive and selective with the new UCC’s priorities getting most of the attention from the military departments.

As this tug– of–war unfolds, two things are clear. First, while our nation is on the right path of cyber transformation, it will take some time before USCYBERCOM becomes a high–performing UCC.  USCYBERCOM will need time to mature its internal capabilities to monitor, manage, and periodically reevaluate its cyber human capital practices, as well as gather and use complete and reliable data and metrics to ensure resources are appropriately matched to today’s and tomorrow’s cyberspace mission needs. Further, until higher DoD authorities, such as the Office of the Secretary of Defense and the CJCS, can effectively attain visibility of the new UCC, it may be difficult to ensure that the command will be satisfactorily resourced to meet its assigned missions and carry out those missions with maximum effectiveness and efficiency. Second, our nation and USCYBERCOM are definitely up for the challenge. Our country has ridden the first waves of the industrial revolution, modern invention, nuclear power, and space discovery; in all certainty, our generation of cyber defenders does not intend to flounder in the backwash of the up and coming age of cyberspace. Our generation may have been born too late to explore the world and a little too early to explore the universe, but our timing is perfect to explore cyberspace. As cyberspace exploration becomes more important to our economic and national defense, USCYBERCOM will progressively mature to become the symbol our nation’s cyberspace and military superiority.

About CSIOS Corporation

CSIOS is certified under ISO 9001:2015 (Quality Management System), ISO/IEC 20000–1: 2011 (Information Technology Service Management System), ISO 22301: 2012 (Business Continuity Management System), and ISO/IEC 27001: 2013 (Information Security Management System) standards under the scope: The “Provision of Cyberspace Operations (Defensive, Offensive, and Information Network Operations) and Cybersecurity services to U.S. Federal customers worldwide.”


451 Hungerford Drive
Suite 119-358
Rockville MD 20850, United States
T. (301) 752-2729