Bytes, Bombs, and Spies: The Strategic Dimensions of Offensive Cyber Operations

4. A Strategic Assessment of the U.S. Cyber Command Vision

81 4 A Strategic Assessment of the U.S. Cyber Command Vision max w. e. smeets and herbert lin On April 15, 2010, Lieutenant General Keith Alexander appeared before the Committee on Armed Services in the United States Senate to review his nomination to become the first commander of the U.S. Cyber Command and also lead the National Security Agency (NSA).1 During the hearing, General Alexander noted that serious challenges await: “While cyberspace is a dynamic, rapidly evolving environment, what will never change will be an unwavering dedication by both Cyber Command and the National Security Agency to the protection of civil liberties and the privacy of American citizens.”2 He told the committee that there is “much uncharted territory in the world of cyber-policy, law and doctrine.”3 Four years later, on March 11, 2014, the Senate Armed Services Committee held a nomination hearing for Vice Admiral Michael S. Rogers to succeed Keith Alexander as head of the NSA and U.S. Cyber Command. In advance of the hearing he was asked about the major challenges that would confront the commander of U.S. Cyber Command. “I believe the major challenge that will confront the next Commander, U.S. Cyber Command will be dealing with the changing threat in cyberspace. Adversaries today 82 Bytes, Bombs, and Spies seek persistent presences on military, government, and private networks for purposes such as exploitation and potentially disruption. We as a military and a nation are not well positioned to deal with such threats,” Rogers stated.4 On March 1, 2018, Lieutenant General Paul Nakasone appeared before the same committee to become the third commander of U.S. Cyber Command (and director of the NSA).5 Most of the questions the committee asked Nakasone were on the Cyber Command’s readiness and response to the Russian interference in the U.S. election.6 In line with this trend, Senator Ben Sasse asked: “In the cyber space, are our problems primarily technical, or are they primarily strategic and will?” “Senator,” General Nakasone responded , “I would offer that we have a number of different capabilities, and I don’t think that our problems are either of those. I think that what we have to do is continue to determine what is the best way forward here, what fits within our national strategy, and then act on that, Senator.”7 The purpose of this chapter is to assess to what degree U.S. Cyber Command now has a clear vision of the best way forward. Is cyberspace closer to being “well-charted territory” for the U.S. government? And has the United States found a (potential) way to deal with the variety of cyber threat actors that are said to (co)exist in this space?8 Our assessment focuses primarily on the 2018 U.S. Cyber Command vision entitled “Achieve and Maintain Cyberspace Superiority,” which lays out the potential benefits and risks of following this strategy. Our main finding is that, with the publication of the most recent vision, U.S. Cyber Command has for the first time articulated a comprehensive strategy that is well adapted to the unique “symptoms” of cyberspace. Yet we also argue that the “medicine” the Cyber Command prescribes to effectively deal with the symptoms needs to be further scrutinized; indeed, the “side-effects” of the strategy are still ill-understood. We described multiple possible scenarios and provide several recommendations. The remainder of this chapter proceeds as follows. We briefly discuss the history and mission of U.S. Cyber Command. Next we introduce the 2018 vision and compare it with the 2015 vision. The following sections review how the new vision will likely be implemented within a changing institutional landscape, assess the strategy and provide a scenario-based analysis of the possible short-term and long-term strategic effects of the vision’s implementation , and list several important factors—not discussed in the scenarios— that may influence the potential course of action. The final section provides several recommendations. The U.S. Cyber Command Vision 83 History and Mission of U.S. Cyber Command In mid-2009, Secretary of Defense Robert Gates directed the commander of U.S. Strategic Command (USSTRATCOM) to establish a subunified command , Cyber Command.9 According to Michael Warner, the U.S. Cyber Command historian, “the creation of USCYBERCOM marked the culmination of more than a decade’s worth of institutional change. DoD defensive and offensive capabilities were now firmly linked, and, moreover, tied closely, with...