When Pentagon leaders tasked Air Force cyber teams with helping prevent Russian trolls from influencing the 2018 midterm elections, it marked the first time those forces were tasked with such a mission under new authorities.
Department of Defense has openly discussed their success in keeping the midterm elections free from Russian interference, but officials have provided few details about which teams were tasked with doing so.
During an April 11 event at Langley Air Force Base, Gen. James Holmes, commander of Air Combat Command, said Maj. Gen. Robert Skinner, the head of Air Forces Cyber, was ordered and given the authority to defeat Russian influence operations.
"It’s the first time we’ve really had the authority to go operate and do that in the cyber environment,” Holmes said.
Cyber authorities have typically been held at the highest levels of government making them difficult to be approved for rapid use, but over the last year the Trump administration has begun to loosen those restrictions in an attempt to make it easier for commanders to employ cyber tools faster and react more quickly to adversaries in a domain that is measured in milliseconds.
Gen. Paul Nakasone, the head of U.S. Cyber Command, testified to Congress earlier this year that his organization supported European Command, Northern Command, the Department of Homeland Security and the Federal Bureau of Investigation to defend against attacks on the 2018 midterm elections. This included, among other efforts, establishing a small group within the National Security Agency to focus on Russia, as well as working with European Command and European countries.
To understand why the work fell to Air Forces Cyber means understanding the U.S. military’s cyber hierarchy. Each of the service cyber component commanders also lead various Joint Force Headquarters-Cyber, which provide planning, targeting, intelligence and cyber capabilities to certain assigned combatant commands. As a result, JFHQ-C Air Force is responsible for supporting European Command, Strategic Command and Transportation Command.
Given the sensitive nature of operations, little is known about the exact make up of JFHQ-C Air Force. However, the teams under its purview include Air Force, Army and Navy combat mission teams, which perform cyber attack, cyber intelligence, surveillance and reconnaissance and cyber operational preparation of the battlefield, and support teams, which conduct intelligence, mission planning and other necessary support work for combat mission teams.
The Air Force teams likely had company from other entities and teams within Cyber Command.
U.S. Cyber Command’s Cyber National Mission Force plans and conducts cyber operations aimed to deter, disrupt and defeat cyber actors to defend the nation, according to Cyber Command.
National security experts say the most likely team to handle the task of operating against Russian entities in cyberspace to protect the homeland and election is the Cyber Nation Mission Force.
Teams under the CNMF are aligned to specific nation state threats and work to engage them as a means of preventing cyber intrusions and damage against the U.S. These teams have been referred to by some experts as the Cyber Command equivalent of Special Operations Command’s Joint Special Operations Command, a globally engaged action arm of SOCOM. CNMF teams are often described as some of Cyber Command’s best operators.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.