Senior military leaders are recommending that the Pentagon’s two-year-old cyberwarfare unit be elevated to full combatant command status, sending a signal to adversaries that the U.S. military is serious about protecting its ability to operate in cyberspace, officials said.
A Pentagon spokesman, Capt. John Kirby, declined to discuss the pending move.
The elevation of Cyber Command to a level on a par with commands protecting entire regions and continents would give the nation’s top cyberwarriors more direct access to Dempsey and Panetta, allowing them more clout in the struggle for resources.
Created in 2010 at Fort Meade, Cyber Command employs about 750 people — far fewer than most combatant commands — and reports to Strategic Command, based in Omaha. The U.S. military has nine combatant commands, the newest of which, Africa Command, began operations in 2008.
U.S. officials say the establishment of a combatant command for cyberwar fits the administration’s multi-pronged cyber-strategy by projecting military force as a deterrent, even as efforts are ongoing in the diplomatic realm to reduce tensions with adversaries.
“It certainly emphasizes the importance of cyber as a strategic priority,” said retired Air Force Lt. Gen. John “Soup” Campbell, a former commander of the military’s first joint cyberdefense unit, set up in 1988. “It shortens the chain of command up to the president and secretary of defense. It sends a signal that it’s a four-star general’s job to advocate for the cyber mission. That’s important.”
The elevation of Cyber Command could contribute to the perception in some countries that the United States is a military aggressor in cyberspace, though officials say the cyberwarfare unit is heavily focused on defense and limited in its use of offense.
The change in status would not resolve a host of more fundamental issues, such as the scope of its authority to defend the nation. Officials are still debating under what circumstances military commanders can respond on their own to hostile acts in cyberspace and how far notions of state sovereignty should apply in cyberspace.
Making Cyber Command a combatant command could exacerbate some issues, several experts said.
“I would caution rushing to have Cyber Command be a unified [combatant] command,” which would mean it directs cyber-operations globally, retired Marine Gen. James Cartwright Jr., a former vice chairman of the Joint Chiefs of Staff, said at a recent cyberwar symposium sponsored by the Center for Strategic and International Studies (CSIS).
He said the regional commands should be in charge of their own operations.
“You really need that [regional] context to apply the art of war and the weapons to affect the adversary’s mind-set,” Cartwright said.
The move also would raise a novel personnel issue. The head of Cyber Command, Gen. Keith Alexander, also is the head of the Fort Meade-based National Security Agency, which spies electronically on foreign enemies on behalf of numerous government agencies as well as the military.
The potential tension between those jobs could grow, some analysts say, if Cyber Command is elevated.
“No other unified commander is encumbered with a task like being director of NSA,” said Michael V. Hayden, a former director of the NSA and the CIA. “In my mind that makes it almost decisive that you separate the two tasks.”
“They’re both more than full-time jobs,” he said. “Frankly, having the director of one of the nation’s premier intelligence agencies also serve as a combatant commander creates conflicts of interest.”
But James A. Lewis, director of the CSIS’s technology and public policy program, noted that the “bulk of the heavy lifting” for Cyber Command is already done by the NSA.
“There is always a risk when you put a military guy in charge that support for the military will overshadow civilian requirements, but Alexander is particularly sensitive to that,” Lewis said.
When Alexander retires, he said, “you might want to think about splitting the job.”