U.S. Cyber Command History
U.S. Cyber Command (USCYBERCOM), located at Fort Meade, Maryland, is the nation's 10th Unified Combatant Command. USCYBERCOM directs, synchronizes, and coordinates cyberspace planning and operations in defense of the U.S. and its interests.
Information, Data and Risk
The Information Age and its consequent technologies have changed the way the world functions. As a result, the Department of Defense (DoD) became increasingly capable and reliant upon the ability to project its command and control and information capabilities in support of its forces and in the defense of U.S. interests globally. DoD also recognized the need to protect and defend these vital systems from adversaries and to defend its information capabilities in military operations. USCYBERCOM, as a Unified Combatant Command (CCMD), represents the latest evolution in a series of organizational designs to enable Department of Defense Information Networks (DoDIN) and to optimize U.S. military capabilities in cyberspace.
As early as 1972, consultants for the DoD warned of serious vulnerabilities in computer and network security, and the importance of cyberspace to national security became a pressing concern after the end of the Cold War. In 1995, then-Director of the Defense Information Systems Agency (DISA), Air Force Lt. Gen. Albert J. Edmonds, told a seminar at Harvard’s John F. Kennedy School of Government that U.S. military networks were vulnerable to remote attacks. Such concerns increased dramatically as cyber focused exercises like ELIGIBLE RECEIVER 97 demonstrated defense network vulnerabilities and highlighted the potential risk associated with network exploitation. During this period, it also became clear that foreign entities were increasingly capable of probing U.S. military networks and that they could potentially disrupt military operations.
The Evolution of U.S. Cyber Command
The DoD and the armed services responded to these evolving challenges through a variety of initiatives. Joint Task Force-Computer Network Defense (JTF-CND), an organization chartered by the Secretary of Defense and that reported directly to him, was a component of DISA. JTF-CND attained initial operating capability Dec. 1, 1998 and was the DoD’s first organization to have authority to oversee and direct operations on individual military service and DoD networks. JTF-CND evolved into Joint Task Force – Computer Network Operations (JTF-CNO) by the end of 1999.
Cyber operations came together under the same organization on Oct. 1, 2000, when U.S. Space Command (USSPACECOM) formally took control of the DoD’s computer network attack activities from the Joint Staff, which had overseen the field since its creation in the early 1990s. USSPACECOM was eventually dissolved and some its functions merged into the reorganized U.S. Strategic Command Oct. 1, 2002. The computer network defense missions would henceforth fall under USSTRATCOM's responsibility.
The computer network defense mission for DoD remained under USSTRATCOM but was soon divided from the computer network attack mission. Computer network attack would be overseen by USSTRATCOM’s three-star Deputy Commander for Network Planning and Integration (as the Director of the National Security Agency). Computer network defense would be overseen by another three-star, USSTRATCOM’s Deputy Commander for Network Operations and Defense (as the Director of DISA).
In 2004, JTF-CNO evolved into Joint Task Force - Global Network Operations (JTF-GNO). That same year, the Joint Chiefs of Staff in its 2004 National Military Strategy declared cyberspace a domain, alongside air, land, sea and space, in which the U.S. must maintain its ability to operate militarily.
USSTRATCOM’s commander, U.S. Marine Corps Gen. James Cartwright, reorganized USSTRATCOM in January 2005, creating a series of joint functional component commands to perform the command’s various missions. Joint Functional Component Command for Network Warfare (JFCC-NW) was established and led by the DIRNSA and JTF-GNO’s defensive mission remained intact under DISA.
Secretary of Defense Robert Gates in early 2008 inquired about better ways of organizing DoD’s cyber functions, setting in motion several studies of alternatives to the current arrangement. The possibility of a “Cyber Command” was discussed that February by senior officials from the Pentagon, USSTRATCOM and the Intelligence Community. This preliminary work led to Secretary Gates’ direction in May of that year to task a departmental-level review of cyber roles and missions. Discussions about a merger of JFCC-NW and JTF-GNO began in earnest that summer.
The Creation of U.S. Cyber Command
Secretary Gates directed the creation of a new sub-unified command, U.S. Cyber Command (USCYBERCOM) on Nov. 12, 2008, to operate under the authority of USSTRATCOM. At the same time, he directed that he would “place JTF-GNO under operational control (OPCON) of the Commander JFCC-NW" (then-Army Lt. Gen. Keith B. Alexander). Secretary Gates directed the merger of JFCC-NW and JTF-GNO and the creation of USCYBERCOM June 23, 2009, thus codifying what would become known as the “dual-hat” arrangement between NSA and USCYBERCOM. One four-star, general or flag officer would be both the DIRNSA and the Commander of USCYBERCOM. The command achieved Initial Operational Capability May 21, 2010.
Elevation of U.S. Cyber Command
President Donald J. Trump announced Aug. 18, 2017, his decision to
accept Defense Secretary James Mattis’ recommendation to elevate
USCYBERCOM from a sub-unified command under USSTRATCOM to a Unified
Combatant Command responsible for cyberspace operations. The decision
to elevate USCYBERCOM was seen as a recognition of the growing
centrality of cyberspace to U.S. national security and an acknowledgment
of the changing nature of warfare. USCYBERCOM became a CCMD May 4, 2018, during the combined Change of Command/Change of Directorship ceremony at the new Integrated Cyber Center/Joint Operations Center (ICC/JOC) located at Fort Meade.
USCYBERCOM executes its mission through forces drawn from the military service cyber components. In 2009, the services began reorganizing their cyber capabilities with the idea of creating headquarters units, in addition to those already assigned to USSTRATCOM, that would function with the new sub-unified USCYBERCOM as service cyber component commands.
• 2nd Army - U.S. Army Cyber Command (ARCYBER)
• 24th Air Force - Air Forces Cyber (AFCYBER)
• U.S. Tenth Fleet - Fleet Cyber Command (FLTCYBER)
• U.S. Marine Corps Forces Cyberspace Command (MARFORCYBER)
After Secretary Gates approved the organizational structure for the service cyber components in late 2010, USSTRATCOM delegated operational control of the various service cyber units and their headquarters to USCYBERCOM a few days later. The following month, USCYBERCOM delegated operational control of the military service network operations centers and forces to the service cyber components.
USCYBERCOM’s concept for organization was approved by the Joint Staff in 2012 and called for the creation of 133 Cyber Mission Force (CMF) teams consisting of Cyber Protection Teams, Combat Mission Teams and National Mission Teams for a total of about 6,200 uniformed and civilian personnel.
As part of the CMF construct, USCYBERCOM activated its Cyber National Mission Force Headquarters (CNMF-HQ) at a NSA headquarters ceremony Jan. 17, 2014. The CNMF would build to a total of approximately 1,900 personnel by the end of 2017. The CNMF’s mission is to "plan, direct, and synchronize full spectrum cyberspace operations to deter, disrupt, and if necessary, defeat adversary cyber actions in order to defend the nation."
Gen. Alexander relinquished command of USCYBERCOM (and as DIRNSA/Chief, Central Security Service) March 28, 2014, and retired from military service. His successor, Navy Adm. Michael S. Rogers assumed command of USCYBERCOM and the NSA/CSS on March 31, 2014.
Under Adm. Rogers, the Cyber Mission Force continued to evolve and operated under mission authorities while still developing capacity and structure:
• Cyber National Mission Force teams defend the nation by seeing adversary activity, blocking attacks, and maneuvering to defeat them.
• Cyber Combat Mission Force teams conduct military cyber operations in support of combatant commands.
• Cyber Protection Teams defend the DoD information networks, protect priority missions and prepare cyber forces for combat.
Moreover, USCYBERCOM aligned Cyber Mission Forces in support of the Joint Force. Specifically, CMF teams were focused toward habitually supporting combatant commands under USCYBERCOM’s Joint Force Headquarters Cyber construct:
• MARFORCYBER supports U.S. Special Operations Command (USSOCOM)
• ARCYBER supports U.S. Central Command (USCENTCOM), U.S. Africa Command (USAFRICOM) and U.S. Northern Command (USNORTHCOM)
• FLTCYBER supports U.S. Pacific Command (USPACOM) and U.S. Southern Command (USSOUTHCOM)
• AFCYBER supports U.S. European Command (USEUCOM), U.S. Strategic Command (USSTRATCOM), and U.S. Transportation Command (USTRANSCOM)
USCYBERCOM announced that all 133 teams of the CMF achieved their milestone Initial Operating Capability (IOC) Oct. 21, 2016 and that the CMF was on schedule to reach Full Operating Capability (FOC) by the end of September 2018. Initial Operating Capability meant that all CMF units had reached a threshold operational capacity whereby the units could execute their fundamental missions. At the time of the announcement, the CMF was about 5,000 in strength across the 133 teams. By the end of September 2018, the goal is for the force to grow to approximately 6,200 as originally designed.
Adm. Michael S. Rogers relinquished command of USCYBERCOM and directorship of the National Security Agency (NSA)/Central Security Service (CSS) to Army Gen. Paul M. Nakasone May 4, 2018, and upon that change of command USCYBERCOM became the nation's 10th CCMD.