Some in the academic world think so.
“I think the elevation of Cyber Command and I think the creation of Cyber Command has expedited the security dilemma,” Aaron Brantly, assistant professor of political science at Virginia Tech, said during a panel at the CyCon U.S. conference in Washington Nov. 8.
“I think that that has spurred a process by which multiple other states around the world are in the process of developing their own cyber commands. These people are sitting in buildings and they have to do something so they’re developing exploits.”
Many actors have discovered that while cyber will likely be part of a future conflict ― therefore necessitating preparedness within that sphere ― the domain more easily facilitates operations that fall below the typical threshold of conflict.
The hack of the DNC and subsequent meddling in the 2016 U.S. presidential election is a perfect example. Moreover, cyberspace has given spy agencies greater ease with which to do their jobs by developing exploits and penetrating networks. In fact, former NSA and CIA Director Michael Hayden, as well as then-Director of National Intelligence James Clapper noted the hack of the Office of Personnel Management was fair game. This act, believed to be attributed to the Chinese government, saw the theft of millions of sensitive information of government employees, creating an intelligence gold mine for potential future actions.
“The institutional growth of cyber is being used as a proxy for capability,” Jacquelyn Schneider, assistant professor in the Center for Naval Warfare Studies and a core faculty member of the Center for Cyber Conflict Studies, said during the same panel. She noted that she conducted a study a few years ago in which she examined what the Chinese cared about for a four-month period. One of the primary signals they cared about was the announcement and stand up of Cyber Command’s cyber mission force.
“Nobody announced what these teams actually do, just that there are these people and they operate but it is a standing for order of battle,” she said. “For some reason that ends up being an idea of what the balance of power is in cyberspace.”
The cyber mission force serves as the dedicated cyber warriors for the Department of Defense, consisting of roughly 6,200 individuals and 133 teams conducting offensive, defensive and support/intelligence operations in cyberspace.
To Schneider’s point, the most recent DoD report on China asserted the People’s Liberation Army has taken note of U.S. Cyber Command’s structure that consolidated cyber functions under a single entity through the Strategic Support Force, which links the PLA’s space, cyber and EW missions under one hat.
While cyber operations offer a great deal of asymmetric capabilities, their overall effect can sometimes be overstated. Cyber does not occur in a vacuum and as such, using cyber alone as a deterrent for other domains of warfare might not be very successful.
Schneider explained that during wargames, participants looked at when a player thought they were sending cyber operations as a signal of deterrence, was that signal received and if they received that signal, did it change behavior.
“The answer is almost all of the cyber signals that people thought they were sending were never received,” she said. “In general, deterrence is not elegant.”
“I would say one of the core characteristics of cyberspace is its uncertainty,” she added. “Using uncertainty to deter is very difficult. I think there are other influence type operations that we can use in cyberspace. But so far I have found it is very difficult to use cyberspace operations as an effective means of deterring operations in other domains.”
As such, Schneider noted that Cyber Command might have been pigeonholed into thinking of cyber deterrence, given it was originally stood up under Strategic Command, whose job is deterrence. If Cyber Command had been established under Special Operations Command or Transportation Command, for example, she said, it might not have as much a focus on deterrence.
“I think in some ways it’s counter productive because when you think of a resource as a strategic resource, then you need to hold it tightly and never let other people use it,” she said.
“What that ends up doing is so far cyberspace operations have not been effective for deterrence for the reasons I previous said. At the same time we have decision makers that are so nervous about using cyberspace operations because they’re strategic that they’re not being used in other ways where they could be used in coercion or counter cyber operations or operations that are underneath the threshold of where we would think of war.”
Others have said that the elevation of Cyber Command to a full unified combatant command out from under Strategic Command in some ways might be a reduction in the importance of cyber.
Paul Rosenzweig, former assistant secretary for policy at the Department of Homeland Security, has previously said the elevation signifies a normalization of cyber, much like airplanes or tanks, and not a strategic resource. In practice, the elevation means that the head of CYBERCOM will get a seat at the table and be able to ask for more money, more troops and more billeting, and he’ll likely get it, Rosenzweig added.
“For me I think that Cyber Command should maybe walk back some of the deterrence initiatives … and think a lot more about using cyber operation outside of a deterrence framework,” Schneider said.