Newly confirmed Army Lt. Gen. (P) Paul Nakasone will formally take the reins at the National Security Agency and Cyber Command following a ceremony May 4. In that role, Nakasone will head the 10th, and newest, combatant command.
But as the organization takes on greater responsibilities, Nakasone will receive broad authorities as the global coordinator for cyber operations in the Department of Defense and as the joint force trainer for cyber.
Here are three key decisions Nakasone will face and that will shape Cyber Command in the long term.
With the elevation of Cyber Command comes additional authorities for its commander, such as the ability to synchronize forces globally.
Does he need to change the cyber warrior force?
Adm. Michael Rogers, the outgoing head, said in 2016 that the command was at a tipping point. He explained then the organization’s offensive and defensive capability and capacity were beginning to come online. These capabilities were being used in broader ways by Cyber Command’s cyber mission force, the 133 teams that make up the cyber warrior cadre created in 2013.
Now that this force is slated to reach a key staffing milestone, known as full operational capability, there have been indications that the structure of this force could change.
Rogers noted during recent testimony that he’d like to “retool” the teams, noting that their structure is based on an evaluation that’s almost eight years old. “The thought was the cyber forces we created would be permanently aligned. I argue it’s not going to get us where we need to be,” he said.
Nakasone, during his confirmation hearings, appeared to agree with this view.
As Cyber Command grows and matures, here are tangible ways it can evolve under its new commander.
“As we actively employ these teams in operations, we continue to mature our understanding of how to strengthen the mission readiness of this force. The Department has made significant investments in cyber payloads and toolsets for the CMF, a formal study is currently underway to more comprehensively inform requirements based on lessons learned from recent operations,” he said.
These teams conduct offensive, defensive, intelligence and analytic work for global cyber operations.
Some in the cyber community have indicated that the balance of the teams as well as the makeup of their personnel should change, something Nakasone also seems to agree with.
He has pointed out that the balance between offensive, defense and support/intelligence teams could also be reevaluated as the current balance “is an initial starting point.”
Officials in the cyber community have indicated that more intelligence personnel could be needed to help better inform operators of targets and context as well as more tool developers as the initial force was very operator heavy, relying heavily on NSA personnel for tools initially.
“What we have looked at is, is there a career field out there for a tool developer that all he’s going to do for 20 years is develop these exquisite tools? We think there is,” he told lawmakers in March.
Nakasone has also indicated information operations, which currently are not within the purview of Cyber Command’s capabilities, could be folded into its toolset.
What new tools does Cyber Command need?
With cyber warrior teams fully coming online, they’ll now need an infrastructure to both launch attacks from and train on.
In that regard, the Air Force is taking the lead to develop the Unified Platform, which can essentially be described as a cyber carrier from which cyber operators can launch attacks, plan and coordinate.
The Department of Defense’s budget request for fiscal 2019 describes a plan to develop such a war-fighting platform for Cyber Command.
Specifically, the military needs its own infrastructure separate from the intelligence community, which it has leveraged since it stood up co-locating with NSA.
“The Department is properly investing in building USCYBERCOM’s own organic abilities to support combat operations,” Nakasone provided to lawmakers. “Operating under the constraint of the intelligence authorities that govern NSA infrastructure and tools would severely limit USCYBERCOM’s ability to effectively support wartime cyber operations.”
In terms of training, the Army is serving as the executive agent for the persistent cyber training environment. This will allow cyber warriors to do individual training, collective training and even mission rehearsal through a global web-based client enabling personnel to dial in from across the world.
Officials have noted that such an environment is imperative and likened it to a shooting range for infantrymen to hone their marksmanship skills. Cyber warriors, similarly, must do the same as the large scale annual exercises are simply not enough, leaders contend.
Nakasone told Fifth Domain in August that he anticipated in the coming year “as we start to take a look at what is the environment, we are going to develop where are we actually going to put this, what are the type of scenarios we are going to develop, how are we going to operationalize it.”
Such training platforms also improve readiness of the cyber force, something Nakasone told senators during his confirmation hearings was his top priority.
How to evolve cyber operations?
Aside from global network defense, Cyber Command’s No. 1 goal is to support others by integrating cyber effects to combatant command schemes.
Rogers told lawmakers recently that one of the highlights of his tenure has been cyber’s integration into other organizations.
Cyber Command has made significant progress in recent years with the integration of cyber into traditional military operations, the organization's chief said.
Leaders have said they don’t see this requirement diminishing. Of note, officials have held up the cyber offensive against the Islamic State group in Iraq and Syria as a test case for how cyber can integrate with traditional military operations going forward.
“Joint Task Force-Ares, the organization we created to lead the fight in cyber against ISIS, has successfully integrated cyberspace operations in to that broader military campaign and achieved some excellent results,” Rogers has said.
Other commanders agree.
“What Ares did, I think for U.S. Cyber Command, was provide, No. 1, a joint capability inside U.S. Cyber Command so you have all the services represented there. But it also gave an opportunity for the combatant commands to reach into Cyber Command, in one single entry point. It gave the interagency one place. It gave our allies and partners one place to come in the counter-ISIL fight,” Maj. Gen. Lori Reynolds, commander of Marine Corps Forces Cyberspace Command, told members of Congress in March.
The commander of Fleet Cyber Command drew similar conclusions.
“On the offensive side, I think that Joint Task Force-Ares is the best example we’ve had as a force in terms of delivering cyber effects in support of the warfighter and also in support of national strategic objectives,” Vice Adm. Michael Gilday, said at the Joint Service Academy Cybersecurity Summit in March. “We’ve learned a lot not only in terms of cyberspace operations offensively but also information operations that are enabled through cyberspace.”
To help tie these capabilities and build greater connective tissue between the combatant commands, Cyber Command began standing up cyber planning cells within the combatant command headquarters to better integrate its capabilities.
Rogers has testified these will be fully staffed in five years, a timeline which puts Nakasone in charge of overseeing their stand up.
Nakasone also has unique insight into a top issue: the authority to employ cyber capabilities at the tactical edge.
Currently cyber capabilities – namely strategic level effects that require work over fiber across the globe – are supervised at the highest level of government. Nakasone, as head of Army Cyber Command, has overseen several rotations of a pilot program to game how tactical cyber and electronic warfare effects can be integrated into local brigade combat teams.
Nakasone told Fifth Domain in August that a report on lessons learned will be presented to Army leadership on the program in the coming fiscal year.
In some cases these effects can be employed in such a way that they don’t raise the concerns strategic level effects do, which is to say localizing cyber effects can be a way to assuage “digitally” entering other countries as is the case with remote capabilities.