U.S. Cyber Command History
United States Cyber Command (USCYBERCOM), the nation’s unified combatant command for the cyberspace domain, turned ten years old in 2020. Headquartered with the National Security Agency at Fort George G. Meade, Maryland, USCYBERCOM is a military command that operates globally in real time against determined and capable adversaries. The Command comprises military, intelligence, and information technology capabilities. Its mission is to direct, synchronize, and coordinate cyberspace planning and operations to defend and advance national interests in collaboration with domestic and international partners. USCYBERCOM defends the Department of Defense (DoD) information systems, supports joint force commanders with cyberspace operations, and defends the nation from significant cyberattacks. USCYBERCOM represents the latest evolution in a series of organizational designs to enable Department of Defense Information Network (DoDIN) and to optimize U.S. military capabilities in cyberspace.
Information, Data, and Risk
USCYBERCOM was established as a sub–unified command under U.S. Strategic Command (USSTRATCOM). Robert Gates, then Secretary of Defense, directed the creation of USCYBERCOM in a memo on 23 June 2009 that recognized the growing importance and vulnerability of computers and networks in the United States and around the world. The Information Age and its technologies had changed the way the world functioned, creating global networks and allowing adversaries to access strategic centers of national power. DoD depended upon digital information systems to command and control its forces, and recognized the need to protect and defend these vital systems.
Recognition of the necessity for comprehensive computer security and defense began as early as 1972, with military and intelligence efforts to reduce vulnerabilities and protect information systems. Hacking, cyberespionage attempts, equipment malfunctions – and even movies – in the 1980s and 1990s illustrated the need for computer security. By 1995, DoD leaders publicly acknowledged that U.S. military networks were vulnerable to remote attacks. Soon it also became clear that foreign entities were probing U.S. government networks and could potentially disrupt vital operations.
Evolving Toward U.S. Cyber Command
Such concerns increased dramatically as cyber-focused exercises like ELIGIBLE RECEIVER 97 (ER97) demonstrated network vulnerabilities and highlighted the potential risks associated with their exploitation. ER97 pitted a team of NSA programmers against U.S. military defenders, and it raised awareness of cyber warfare and the potential impact to vulnerable systems. The Department of Defense soon developed an operational approach to securing its information systems, creating in 1998 the Joint Task Force-Computer Network Defense (JTF-CND), which operated in conjunction with the Defense Information Systems Agency (DISA). JTF–CND evolved into Joint Task Force – Computer Network Operations (JTF–CNO) by the end of 1999, working under U.S. Space Command (USSPACECOM). When USSPACECOM was dissolved in October 2002, JTF–CNO joined USSTRATCOM.
The Joint Chiefs of Staff in their 2004 National Military Strategy declared cyberspace a “domain” of conflict alongside the air, land, sea, and space domains, and noted DoD must maintain its ability to defend against and to engage enemy actors in this new domain. That same year, Secretary of Defense Donald Rumsfeld divided JTF–CNO into defensive and offensive components: Joint Task Force – Global Network Operations (JTF–GNO), responsible for defense; and Joint Functional Component Command – Network Warfare (JFCC–NW) for offensive cyberspace operations planning.
The Creation of Cyber Command
Both JFCC–NW and JTF–GNO performed their functions under USSTRATCOM until Secretary of Defense Gates directed the reorganization of DoD’s cyber forces with his June 2009 memo. The two task forces soon merged, becoming United States Cyber Command, on 21 May 2010. General Keith Alexander (USA), who was also the Director, National Security Agency (DIRNSA), was USCYBERCOM’s first Commander. This dual–hat arrangement for the Commander, USCYBERCOM and DIRNSA remains in effect.
The Army’s Institute of Heraldry designed USCYBERCOM’s Seal in 2010. The Seal represents both the past and the future. It honors the two organizations that USCYBERCOM came from, JFCC-NW and JTF-GNO, and recognizes the mission ahead to integrate, synchronize and conduct the full spectrum of cyberspace operations.
U.S. Cyber Command
The new command achieved Initial Operating Capability (IOC) on 21 May 2010. Much of the work of Cyber Command is performed by its Service cyberspace components. The Services began reorganizing their cyber capabilities in 2009, creating headquarters units (in addition to those already assigned to USSTRATCOM) that would function with the new sub–unified Cyber Command. The entities created in 2009 were:
- U.S. Army Cyber Command (ARCYBER)
- 24th Air Force (merged with 25th Air Force to become 16th Air Forces Cyber (AFCYBER) as of 11 October 2019)
- U.S. Tenth Fleet/Fleet Cyber Command (FLTCYBER)
- U.S. Marine Corps Forces Cyberspace Command (MARFORCYBER)
The Cyber Mission Force (CMF), authorized in 2012, originally consisted of 133 teams, with a total of almost 6,200 military and civilian personnel.
General Alexander retired in 2014, and Admiral Michael Rogers (USN) succeeded him, taking command of USCYBERCOM and NSA/CSS. ADM Rogers saw the CMF through its evolution as it developed the capacity and structure to fulfill its mission. CMF teams come in several types:
- National Mission Force teams defend the nation by seeing adversary activity, blocking attacks, and maneuvering to defeat them.
- Combat Mission Force teams conduct military cyber operations in support of combatant commands.
- Cyber Protection Teams defend the DoD Information Network, protect priority missions, and prepare cyber forces for combat.
USCYBERCOM also aligned the Cyber Mission Force in support of Joint Force operations. CMF teams supported combatant commands under USCYBERCOM’s Joint Force Headquarters:
- MARFORCYBER supports U.S. Special Operations Command (USSOCOM)
- ARCYBER supports U.S. Central Command (USCENTCOM), U.S. Africa Command (USAFRICOM) and U.S. Northern Command (USNORTHCOM)
- FLTCYBER supports U.S. Indo–Pacific Command (USINDOPACOM), U.S. Southern Command (USSOUTHCOM) and U.S. Space Command (USSPACECOM)
- AFCYBER supports U.S. European Command (USEUCOM), U.S. Strategic Command (USSTRATCOM), and U.S. Transportation Command (USTRANSCOM)
All 133 teams of the CMF achieved IOC in 2016, the threshold capacity whereby the units could execute their fundamental missions. The CMF reached Full Operational Capability (FOC) in 2018, when all CMF units had reached their projected full strength. At the time of the announcement, the CMF had about 5,000 military and civilian personnel across the 133 teams.
USCYBERCOM added two components, the Cyber National Mission Force (CNMF) in 2014, and the Joint Force Headquarters–DoD Information Network (JFHQ–DoDIN) in 2015. The CNMF is a joint element focused on cyberspace operations to deter, disrupt, and if necessary, defeat adversary cyber and malign influence actors. JFHQ–DoDIN’s mission is to oversee the day-to-day operation of DoD’s networks and mount an active defense of them, securing their key cyber terrain and being prepared to neutralize any adversary who manages to bypass their perimeter defenses. The JFHQ–DoDIN commander is dual–hatted as the director of the Defense Information Systems Agency (DISA). USCYBERCOM added JTF–Ares to combat terrorist threats in 2016.
The Elevation of Cyber Command
In the years since USCYBERCOM’s creation, cyberspace has grown more important, becoming a vital center of U.S. national security. Cyber operations undertaken below the level of armed conﬂict since 2018 have been guided by the “persistent engagement” operational approach. Persistent engagement operates as an element of the DoD Cyber Strategy’s “Defend Forward” concept. The USCYBERCOM Vision statement, approved in March 2018, explained that
“Defending forward as close as possible to the origin of adversary activity extends our reach to expose adversaries’ weaknesses, learn their intentions and capabilities, and counter attacks close to their origins. Continuous engagement imposes tactical friction and strategic costs on our adversaries, compelling them to shift resources to defense and reduce attacks. We will pursue attackers across networks and systems to render most malicious cyber and cyber-enabled activity inconsequential while achieving greater freedom of maneuver to counter and contest dangerous adversary activity before it impairs our national power.”
In recognition of USCYBERCOM’s contributions, President Donald Trump in 2018 ordered the Command’s elevation to a Unified Combatant Command. General Paul Nakasone (USA) succeeded Admiral Rogers on 4 May 2018, the day of the Command’s elevation.
Concerns over foreign interference and disruption of the upcoming U.S. elections in 2018 drove changes in USCYBERCOM's authorities and led to a USCYBERCOM-NSA “Russia Small Group” supporting government–wide efforts to defend the midterms. The Group’s efforts informed an even larger effort – the Election Security Group (ESG) – to defend the 2020 election. Both campaigns implemented the DoD Cyber Strategy’s “Defend Forward” approach to cyberspace operations, in which the Command acts to defend vital systems and impose costs on adversaries while enabling our government and allied partners to perform their missions more effectively. USCYBERCOM and NSA continue to work together to identify, mitigate, and respond to intrusions (such as the one behind SolarWinds).
USCYBERCOM's mission has evolved to meet and counter threats to DoD systems and the nation’s critical infrastructure, terrorists' use of the internet, and adversaries’ attempts to influence and disrupt U.S. social cohesion and democratic processes. The Command enables all acts to enhance the efforts of military, law enforcement, homeland security, and intelligence leaders, and is leading the multinational quest to improve cyber defense, and defend the nation in conflict and competition.
At a Glance