Simple question: Are top U.S. government leaders serious about cybersecurity and cyber warfare, or not? It would be simple for anyone concerned to say, "what a silly question; of course we are!" Okay, then, it's time to prove it.
Congress is considering a plan to boost the profile of U.S. Cyber Command at Fort Meade, Md., by elevating the organization to the status of a unified combatant command. Put simply, that would mean that Cyber Command leaders would report directly to the secretary of defense and the president of the United States, unencumbered by other layers of command.
Is cybersecurity high enough on the list of national defense priorities to warrant its own unified command? Clearly the answer is yes. Only nuclear weapons post a more dire threat to the continued existence of the U.S. as a national entity than does cybersecurity.
A catastrophic cyber attack on U.S. military forces and public service infrastructure like power distribution, transportation, water, finance, and the food supply has the potential to trigger millions of deaths in Continental U.S. within a few months. There's a good reason that experts refer to a potential catastrophic cyber attack as a "Cyber Pearl Harbor."
The U.S. House of Representatives just approved a defense authorization bill for federal fiscal 2017. This bill contains a provision to make U.S. Cyber Command the nation's tenth unified combatant command. The Senate has yet to vote on the measure, and it's not clear if boosting Cyber Command's profile might face a presidential veto.
The nine unified combatant commands that exist today in the U.S. Department of Defense (DOD) are: U.S. Africa Command based in Stuttgart, Germany; U.S. Central Command based at MacDill Air Force Base, Fla.; U.S. European Command based in Stuttgart, Germany; U.S. Northern Command at Peterson Air Force Base, Colo.; U.S. Pacific Command at Camp H. M. Smith, Hawaii; U.S. Southern Command in Doral, Fla.; U.S. Special Operations Command at MacDill Air Force Base, Fla.; U.S. Strategic Command at Offutt Air Force Base, Neb.; and U.S. Transportation Command at Scott Air Force Base, Ill.
Placing Cyber Command among these organizations would take it out from under U.S. Strategic Command, where Cyber Command resides today as an armed forces sub-unified command. U.S. Strategic Command primarily is responsible for maintaining and deploying the nation's arsenal of land-, submarine-, and aircraft-based nuclear weapons. The organization also is responsible for missile defense; command, control, communications, computers, intelligence, surveillance and reconnaissance (C4ISR); and combating weapons of mass destruction. It's an open question whether Cyber Command fits in here.
Still, let's face it, I'm not hearing about another potential global "Pearl Harbor" when it comes to special operations, transportation, or C4ISR. It's time that Cyber Command with its responsibilities for policies, plans, and enabling technologies for offensive and defense cyber warfare stepped out on its own.
There's much to be gained. Cyber activities within the U.S. government and the cyber industry that supports them today are woefully fragmented. Industry doesn't have one clear mission when it comes to developing the most important cybersecurity technologies. Customer bases are scattered, and we have a collection of competing cyber fiefdoms.
Now it's time for one voice and one clear message to industry, and elevating U.S. Cyber Command to a unified combatant command within the U.S. Department of Defense is a crucial first step toward that goal.
