For months it has been an entertaining parlor game in the nation’s capital: guessing what will happen next with U.S. Cyber Command, the military organization designed to defend the country’s networks and attack its adversaries. The topic will increasingly be in the spotlight as the head of that command, General Keith Alexander, is also the director of the National Security Agency, which is beset by revelations of cyber snooping—possibly a damaging link if the crisis does not blow over.
Cyber Command is only a few years old, but the history of its predecessors helps give clues to what is to come. For fifteen years, the military has tried to integrate or “normalize” cyber, but the meaning of normal and how to achieve that has shifted several times.
The U.S. military began to organize around cyber and information warfare just after the first Gulf War of 1991. The Air Force Information Warfare Center was launched in 1993 and the other services followed soon after. Offense and defense operations were combined in the operational 609th Information Warfare Squadron in 1995. These units, however, were all single-service and generally could not direct cyber defenses, only making suggestions with little Pentagon control.
To “normalize” cyber, in 1998 the Pentagon created the real predecessor to U.S. Cyber Command, the twenty-four-person Joint Task Force–Computer Network Defense (JTF-CND) to be in charge. Two years after it was stood up, the unit was given responsibilities for offense as well as defense, as one of the perceived lessons of the past was that the same commander should handle both.
However, this lesson proved to be transient, as offense and defense were split apart in 2004, with the National Security Agency getting the offensive mission and the Defense Information Systems Agency getting defense, since it seemed more “normal” to have the main military IT organization also defend all the IT. But that solution itself only lasted a few years, when to be more “normal” the missions were recombined into the new U.S. Cyber Command, whose commander was also the director of the NSA. Since NSA had so much cyber capability, it seemed natural to have the same four-star officer run both cyber and signals intelligence; the revelations of cyber spying might just break that connection if it appears having cyber warfighting responsibilities distracted General Alexander from his NSA job.
This history helps inform the debate about what should happen next with U.S. Cyber Command. There are a few leading options:
Splitting NSA and Cyber Command: This had already been a leading option, even before the recent leaks. General Alexander had planned to retire in early 2014, but it is possible he won’t last that long, now that President Obama has had to publicly discuss programs that the General’s organization was supposed to keep secret. This option of splitting the command is probably the most likely, as the president would understandably want a director of NSA able to work it as a full-time job, rather than sharing time with the sexier offensive missions of Cyber Command.
This division of roles would return to the command relationship of 2004, with a three-star NSA director from intelligence reporting and a four-star general from a more traditional warfighting background.