This is Part III of a four-part series exploring what U.S. Cyber Command will need to operate on its own, separate from the National Security Agency.
As important as a platform is to conduct missions, so too are tools. As mentioned in Part II, U.S. Cyber Command as a war-fighting organization will require different tools than the National Security Agency, which serves as an intelligence organization. Cyber Command's tools would be meant to be attributed to the Pentagon in a war scenario; obfuscating attribution won't be a necessary endeavor.
"The tools are different. Tools designed to reside and extract information might be different than tools designed to delay, degrade, disrupt and all that," Michael Hayden, former director of the NSA and the CIA, told C4ISRNET in a recent interview. Hayden also commanded the first military and offensive cyber-oriented organization — Joint Functional Component Command-Network Warfare, CYBERCOM's direct predecessor.
Hayden said the purpose of a powerful overlap in tools for both the NSA and CYBERCOM lies in network penetration. "If you separate them, would you then force Cyber Command to develop its own penetration to foreign networks? Which does suggest a deconfliction problem, but I don't think an unmanageable deconfliction problem," he offered, highlighting what he characterized as one argument — though not compelling, in his opinion — against an NSA-CYBERCOM split.
PART I: What is needed to split NSA and Cyber Command?
PART II: Here's what Cyber Command's war-fighting platform will look like
PART IV: Cyber Command leverages acquisition model of special operations group
Most agree that CYBERCOM and the NSA will remain closely aligned even after the inevitable split, considering the NSA is still a combatant command-support organization and provides the requisite intelligence necessary to execute cyber operations.
However, according to some, intelligence operations are more difficult in cyberspace than the physical world, adding credence to the need for a conjoined CYBERCOM to rely on network penetration from the NSA for its offensive work.
"In physical space, intel is generally easier," Hayden said, using an example of identifying Soviet intercontinental ballistic missile fields and passing that information along for operators to target and shoot down.
"In cyberspace," he added, "the intelligence on a foreign network is actually the more demanding operational task. It is operationally and technology more demanding to penetrate a network, reside on it for long periods of time and extract information from it than it is to kick in the door and destroy something."
For this reason, that's why CYBERCOM was initially set up alongside the NSA, Hayden explained, because the NSA doesn't have the legal authority to manipulate or destroy data and systems, and also because the NSA "has the operational ability to do that by virtue of conducting this surveillance."
"But at some point — although you do want to maintain really good contacts between the two so they can trade off penetrations and presences on foreign networks — at some point you have to understand that the mission of denying degrading, destroying or disrupting an adversary network or information is different from the mission of simply stealing their information," he said.
Given the high degree of difficulty and training necessary for conducting intelligence in cyberspace, Bill Leigher, director of government cyber solutions at Raytheon, said cyber training must get the same attention given to training on a weapons system.
Cyber, from a military-CYBERCOM perspective, should be "something [where] I can take a 22 year old out of boot camp who has been to their basic school and I can train them to use this weapon system," he told reporters during a recent media day at a Raytheon facility in Northern Virginia, analogizing the way traditional military forces train personnel to use weapon systems. The intelligence community side, by contrast, "is very skills-intensive ... being able to stealthily navigate through someone else's network. ... That just doesn't scale to the sense that [U.S. Pacific Command] would need it if we [the United States] ever went to war with China."
[FifthDomain: House subcommittee wants more cyber in the Pacific]
Separate from tools needed for cyber warriors to perform their military cyber mission, it also might be necessary to develop tools to help combatant commanders — who CYBERCOM ultimately supports — understand both how cyber might be folded into their campaign plans and how it could help visualize the effects.
"I think from the [combatant commands], what I hear is they are not seeing something that helps them in their campaign, and because of that they're a little bit distrustful of their being able to depend on what they ask for," Leigher told C4ISRNET. "They don't have control over it, it's not expressed in a way that makes sense for a plan that they already have on the books.
"The bigger issue is having capabilities that combatant commanders understand, understand where they fit into their campaigns and why they need the legal definition of a weapon and how are you going to treat them like so."
These include tools such as the Electronic Warfare Planning and Management Tool, which provides commanders a visualization of EW and cyber effects for planning and operational purposes, and the Coordinated Cyber/Electronic Warfare Integrated Fires program, which is designed to help instill confidence in the deployment of emerging technology tools and to develop concepts of operations going forward.
"I think any time that we introduce a new capability into a [combatant commander’s] kit bag, we’re going to find both from the perspective that a new [tactic, technique and procedure] needs to be developed, the whole family of joint task force commanders who may have access to either enjoin those effects or delivering those effects, and it will be a maturity, an evolutionary thing as this mature[s]," Leigher said.
"I try to do this with all the combatant commands; sit down face to face: 'Where are we? Are we meeting your requirements?' " Rogers told Congress earlier this year. "Cyber Command, in many ways, what we do functions to support others. We exist to enable and support the success of others. … I always tell our team that much of our success will be defined by others, not by us. That’s the way it should be."
Part IV will examine Cyber Command's acquisition construct and authorities.