| What: | The creation of U.S. Cyber Command |
| When: | CYBERCOM was created as a sub-unified command in 2009, but its origins can be traced back to the 1980s. |
| Why it matters: | CYBERCOM is in charge of protecting DoD’s information systems and supporting the nation’s efforts to defend critical infrastructure from major cyber threats — its creation allowed the Defense Department to unify cyber operations and strengthen its cyber capabilities. |
The story of U.S. Cyber Command doesn’t start in 2009 when it was formally established as a sub–unified command in 2009. The story really starts in the late 1980s when the first documented cases of cyber-espionage occurred during the early days of the internet.
In 1986, a systems administrator at the Lawrence Berkeley National Laboratory named Clifford Stoll uncovered a Soviet-backed hacking campaign targeting U.S military and research networks — a case he famously documented in The Cuckoo’s Egg. Two years later, the Morris Worm swept through the internet, but it wasn’t until the late 1990s that the Defense Department began to reckon with the strategic implications of the emerging threat environment.
In 1997, the Joint Chiefs of Staff ran an exercise called Eligible Receiver 97, in which NSA red team hackers demonstrated they could easily disrupt military systems and civilian infrastructure. Months later, the DoD created the Joint Task Force–Computer Network Defense (JTF-CND), laying the groundwork for what would eventually result in the establishment of Cyber Command a decade later.
“We’ve been grappling with the insecurity of cyberspace since we’ve been leveraging cyberspace, but we got to a point in the late 2000s where we recognized that the operational reality was sort of constant, or what we call persistent engagement now,” Richard Harknett, director of the center for cyber strategy and policy at the University of Cincinnati, told Federal News Network. “There was also this sort of perceptual reality that emerged, which was, ‘Oh, you could do big things in cyber.’ What happens if we mess around with electric grids and big critical infrastructure? So there was this operational reality, which was more about day-to-day exploitation. And then there was this perception of the reality that something really bad could happen and we need to get ourselves organized for this.”
The early days of Cyber Command were shaped by the perception that a massive, devastating digital attack could occur.
The natural inclination early on was to think about cyberspace and cyber deterrence just like the U.S. thought about the nuclear strategic environment and nuclear deterrence.
“We were thinking about it in a war context and so there was this default to how do we deal with war? We try to deter it,” Harknett said.
This perception was reinforced by the organizational structure of Cyber Command, which was placed under U.S. Strategic Command, the country’s nuclear command. So much of the early thinking about cyber operations revolved around how to deter war, rather than how to operate effectively in a constantly contested digital environment. But the threat wasn’t a “Cyber Pearl Harbor” as much as a persistent campaign of probing and exploiting networks across the federal government, defense industrial base, and critical infrastructure.
“We had a gap early on between the strategic view of cyber and the operational reality that Cyber Command and its capabilities were having to deal with,” Harknett said. “We have to actually, in my view, stop talking about cyber offense, cyber defense, and talk about cyber operations and cyber campaigns. They have both effects. They can have defensive effects, they can have offensive effects.”
The shift came with the “defend forward” and “persistent engagement” concepts, which were publicly announced in 2018 as part of a broader shift in U.S. cyber strategy. That meant moving Cyber Command from a reactive force right to a persistent force.
“To be persistent is to be, as [Gen. Paul Nakasone] noted, not reactive. It is about being proactive, but being proactive is not ipso facto offense. You don’t have to disrupt and destroy in order to set and reset this cyber architecture in a way that favors you and disfavors your opponents. That’s the whole notion of cyber campaigning. This is the cyber part of the fight, that you’re in continuous motion, and you’re going to move laterally, you’re going to move back and forward. It’s a better way of thinking about this space than this legacy, ‘Let’s go on the offense,’” Harknett said.
Recognizing that cyberspace had become vital to national security, Cyber Command was elevated to a unified combatant command in 2018. Between 2018 and 2020 the command received expanded presidential authorities to allow it to operate more proactively and persistently in cyberspace.
But having the legal authority to act and fully using those authorities are not the same, Harknett said. The Biden administration embraced the “defend forward” and “persistent engagement” notions, sometimes referring to them as “disruption campaigns.” Still, an open question remains around how rigorously these strategies have been implemented, how many bureaucratic or legal hurdles remain in place, and whether the operational tempo matches the intent behind the strategy.
One sign of progress is the increasing regularization of “hunt forward” operations, where Cyber Command deploys teams to allied nations to detect, expose and disrupt adversary malware on partner networks.
“We’re early in this and only a few years operating under authorities that are less reactive and more proactive. I think it’s a matter of understanding that we’re evolving to the space, in part my own view is that we’re catching up to some of our cyber adversaries who have been operating in this manner a lot longer than we have. I think the trend line is that operational reality and that strict perception of the strategy — that gap is closing. We’re starting to understand why our adversaries are below the threshold of armed conflict is because they can strategically gain in that space,” Harknett said.
Cyber Command 2.0
With the strategy in place, the command now needs to align its organizational structure, capabilities and partnerships to that “constant fight.”
“Cyber, you just can’t quit. You don’t have any time. You don’t have any day that you can take off. And so we have legacy organizational artifacts that need to evolve. That’s partly the relationships with the services. It’s partly in terms of how you develop capabilities, and how you fund,” Harknett said.
That’s what is expected to come from an extensive examination dubbed “Cyber Command 2.0” — the review is meant to address the command’s longstanding readiness and personnel challenges.
For now, the initiative’s four main efforts include a new force generation model for how each service provides cyber forces to CYBERCOM, an advanced training and education center to ensure forces have the training needed when arriving to their units, a talent management model, and a cyber innovation warfare center.
Separate Cyber Force?
Meanwhile, the debate over establishing a separate Cyber Force continues — the fiscal 2025 defense bill requires the Defense Department conduct an “evaluation of alternative organizational models for the cyber forces of the Armed Forces.” The bill, however, does not include a due date for the study.
Pentagon leaders have largely rejected the idea of a separate cyber branch, but proponents of the idea argue that fixing the nation’s cyber force generation system “demands nothing less than the establishment of an independent cyber service.”
“The inefficient division of labor between the Army, Navy, Air Force, and Marine Corps prevents the generation of a cyber force ready to carry out its mission. Recruitment suffers because cyber operations are not a top priority for any of the services, and incentives for new recruits vary wildly. The services do not coordinate to ensure that trainees acquire a consistent set of skills or that their skills correspond to the roles they will ultimately fulfill at CYBERCOM,” the Foundation for Defense of Democracies report report reads.
“Resolving these issues requires the creation of a new independent armed service — a U.S. Cyber Force — alongside the Army, Navy, Air Force, Marine Corps, and Space Force,” Mark Montgomery, a retired Navy rear admiral, and Erica Lonergan, an assistant professor at Columbia University, said in the report.
Join Federal News Network in celebrating our 25th anniversary as we recount 25 years of major federal moments that forever changed the government, and helped shape today’s federal workforce.
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
