United States Cyber Command

United States Cyber Command (USCYBERCOM) is one of the eleven unified combatant commands of the United States Department of Defense (DoD). It unifies the direction of cyberspace operations, strengthens DoD cyberspace capabilities, and integrates and bolsters DoD's cyber expertise which focus on securing cyberspace.

USCYBERCOM was established as a sub-unified command under United States Strategic Command (USSTRATCOM) at the direction of Secretary of Defense Robert Gates on 23 June 2009 at the National Security Agency (NSA) headquarters in Fort George G. Meade, Maryland. It cooperates with NSA networks and has been concurrently headed by the director of the NSA (DIRNSA) since its inception. While originally created with a defensive mission in mind, it has increasingly been viewed as an offensive force. On 18 August 2017, it was announced that USCYBERCOM would be elevated to the status of a full and independent unified combatant command.

Mission Statement

According to the US DoD:

USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

The text "9ec4c12949a4f31474f299058ce2b22a", located in the command's emblem, is the MD5 hash of their mission statement.

The Command is charged with pulling together existing cyberspace resources, creating synergies and synchronizing war-fighting effects to defend the information security environment. USCYBERCOM is tasked with centralizing command of cyberspace operations, strengthening DoD cyberspace capabilities, and integrating and bolstering DoD's cyber expertise.

Organizational Structure

Cyber Teams

Since 2015, USCYBERCOM added 133 new cyber teams. The breakdown was:

• Thirteen National Mission Teams to defend against broad cyberattacks

• Sixty-eight Cyber Protection Teams to defend priority DoD networks and systems against priority threats

• Twenty-seven Combat Mission Teams to provide integrated cyberspace attacks in support of operational plans and contingency operations

• Twenty-five Cyber Support Teams to provide analytic and planning support to the national mission and combat mission teams.

Service Cyber Components

Sub-Unified Commands

Cyber National Mission Force (CNMF)

CNMF was activated on 27 January 2014, as an element of USCYBERCOM. At inception, CNMF consisted of 21 teams, broken down into 13 National Mission Teams (NMTs) and 8 National Support Teams (NSTs). Today, CNMF has expanded to 39 joint cyber teams consisting of over 2,000 service members and civilian members across the U.S. Armed Forces On 25 October 2022, SECDEF Lloyd Austin authorized CNMF to become a subordinate unified command underneath USCYBERCOM. Following this, on 19 December 2022, USCYBERCOM Commander (CDRUSCYBERCOM) General Paul Nakasone presided over a ceremony to establish the CNMF with the new "sub-unified" command status.

Brigadier General (BG) Matthew J. Lennox has served as CNMF Commander since 13 March 2026.

CNMF is one of three USCYBERCOM forces that would react to a cyber-attack on the United States. The other two forces are the Cyber Combat Mission Force assigned to the operational control of individual U.S. combatant commanders, and the Cyber Protection Force that helps operate and defend the DODIN.

CNMF is composed of cyber mission force teams across services that support the CNMF mission through their specific respective assignments:

• National Mission Teams (NMTs) defend the nation by identifying adversary activity, blocking attacked and maneuvering to defeat them.
• Combat Mission Teams (CMTs) conduct military cyberspace operations in support of combatant commander priorities and missions.
• Cyber Protection Teams (CPTs) defend DoD's information network, protect priority missions and prepare cyber forces for combat.
• National Support Teams (NSTs) provide analytic and planning support to national mission and combat mission teams.

CNMF operates in both defensive and offensive cyber operations to carry out its missions of: U.S. election defense, counter-ransomware operations, global hunt operations, combating foreign malicious cyber actors, and providing support to national security operations.

Global hunt operations began in 2018 as part of the "persistent engagement" strategy with the goal of looking for malicious cyber activity and vulnerabilities on significant networks. Since its inception, the hunt operations have been requested and conducted in 18 countries and over 50 foreign networks.

Department of Defense Cyber Defense Command (DCDC)

DCDC, initially established as Joint Force Headquarters-Department of Defense Information Network (JFHQ-DoDIN), is a sub-unified command under USCYBERCOM. Lieutenant General Paul T. Stanton has served as DCDC Commander since 4 October 2024. JFHQ-DoDIN achieved initial operational capability on 15 January 2015 and full operational capability on 22 January 2018. It is headquartered in Fort Meade, Maryland.

Joint Task Force Ares (JTF-ARES)

JTF-ARES is a standing joint task force under USCYBERCOM that was established in 2016 with the goal of combatting terrorist threats. One terrorist threat in mind was the Islamic State group, but the focus of JTF-Ares shifted to nation-state actors, mainly in the Indo-Pacific region. In 2018, the command of JTF-ARES was transferred from ARCYBER to MARFORCYBER on 6 September 2018, and Major General Joseph A. Matos III, the current commander of MARFORCYBER, is also the commander of JTF-ARES.

Background

An intention by the U.S. Air Force to create a 'cyber command' was announced in October 2006. An Air Force Cyber Command was created in a provisional status in November 2006. However, in October 2008, it was announced the command would not be brought into permanent activation.

On 23 June 2009, the SECDEF directed the USSTRATCOM Commander to establish USCYBERCOM. In May 2010, General Keith B. Alexander outlined his views in a report for the United States House Committee on Armed Services subcommittee:

My own view is that the only way to counteract both criminal and espionage activity online is to be proactive. If the U.S. is taking a formal approach to this, then that has to be a good thing. The Chinese are viewed as the source of a great many attacks on western infrastructure and just recently, the U.S. electrical grid. If that is determined to be an organized attack, I would want to go and take down the source of those attacks. The only problem is that the Internet, by its very nature, has no borders and if the U.S. takes on the mantle of the world's police; that might not go down so well.

Initial Operational Capability (IOC) was attained on 21 May 2010. General Alexander was promoted to General, becoming one of 38 four-star military officers of the United States, and took charge of USCYBERCOM in a ceremony at Fort Meade that was attended by General David Petraeus, Commander of U.S. Central Command, and SECDEF Robert M. Gates. USCYBERCOM reached full operational capability on 31 October 2010.

USCYBERCOM assumed responsibility for several existing organizations. The Joint Task Force for Global Network Operations (JTF-GNO) and the Joint Functional Component Command for Network Warfare (JFCC-NW) were absorbed by the command. The Defense Information Systems Agency, where JTF-GNO operated, provides technical assistance for network and information assurance to USCYBERCOM, and is moving its headquarters to Fort Meade.

President Obama signed into law, on 23 December 2016, the National Defense Authorization Act (NDAA) for fiscal year (FY) 2017, which elevated USCYBERCOM to a unified combatant command. The FY 2017 NDAA also specified that the dual-hatted arrangement of CDRUSCYBERCOM as DIRNSA will not be terminated until SECDEF and the Chairman of the Joint Chiefs of Staff jointly certify that ending this arrangement will not pose risks to the military effectiveness of USCYBERCOM that are unacceptable to the national security interests of the United States.

Concerns

There are concerns that the Pentagon and NSA will overshadow any civilian cyber defense efforts. There are also concerns on whether the command will assist in civilian cyber defense efforts. According to Deputy SECDEF William J. Lynn, USCYBERCOM "will lead day-to-day defense and protection of all DoD networks. It will be responsible for DoD's networks – the dot-mil world. Responsibility for federal civilian networks – dot-gov – stays with the Department of Homeland Security, and that's exactly how it should be." Alexander notes, however, that if faced with cyber hostilities, an executive order could expand USCYBERCOM's spectrum of operations to include, for instance, assisting the Department of Homeland Security in defense of their networks.

Some military leaders claim that the existing cultures of the Army, Navy, and Air Force are fundamentally incompatible with that of cyber warfare. Major Robert Costa (USAF) even suggested a sixth branch of the military, an Information (Cyber) Service with Title 10 responsibilities analogous to its sister services in 2002 noting:

While no one [IOP, Instrument of National Power] operates in a vacuum... Information increasingly underpins the other three [Diplomatic, Economic and Military], yet has proven to be the most vulnerable, even as US society becomes more dependent on it in peace, conflict, and war. To attack these centers of gravity, an adversary will use the weakest decisive point, ... the Information IOP. In addition, the other IOPs benefit from Unity of Effort--Constitutional balances of power ensure the Diplomatic and Military IOPs exercised by the President in concert with Congress are focused, while the Economic IOP achieves Unity of Action through international market controls and an international body of law. [In 2002], [t]he Information IOP however, [was] rudderless, lacking both Unity of Action and Unity of Command.

Others have also discussed the creation of a cyber-warfare branch. Lieutenant Colonel Gregory Conti and Colonel John "Buck" Surdu (chief of staff of the United States Army Research, Development and Engineering Command) stated that the three major services are "properly positioned to fight kinetic wars, and they value skills such as marksmanship, physical strength, the ability to leap out of airplanes and lead combat units under enemy fire."

Conti and Surdu reasoned, "Adding an efficient and effective cyber branch alongside the Army, Navy and Air Force would provide our nation with the capability to defend our technological infrastructure and conduct offensive operations. Perhaps more important, the existence of this capability would serve as a strong deterrent for our nation's enemies."

In response to concerns about the military's right to respond to cyber attacks, General Alexander stated "The U.S. must fire back against cyber attacks swiftly and strongly and should act to counter or disable a threat even when the identity of the attacker is unknown" prior to his confirmation hearings before the United States Congress. This came in response to incidents such as a 2008 operation to take down a government-run extremist honeypot in Saudi Arabia. "Elite U.S. military computer specialists, over the objections of the CIA, mounted a cyberattack that dismantled the online forum".

"The new U.S. Cyber Command needs to strike a balance between protecting military assets and personal privacy." stated Alexander, in a Defense Department release. If confirmed, Alexander said, his main focus will be on building capacity and capability to secure the networks and educating the public on the command's intent.

"This command is not about an effort to militarize cyber space," he said. "Rather, it's about safeguarding our military assets."

In July 2011, Deputy SECDEF William Lynn announced in a conference that "We have, within Cyber Command, a full spectrum of capabilities, but the thrust of the strategy is defensive." "The strategy rests on five pillars, he said: treat cyber as a domain; employ more active defenses; support the Department of Homeland Security in protecting critical infrastructure networks; practice collective defense with allies and international partners; and reduce the advantages attackers have on the Internet."

In 2013, USCYBERCOM held a classified exercise in which reserve officers (with extensive experience in their civilian cyber-security work) easily defeated active duty cyber warriors. In 2015 Eric Rosenbach, the principal cyber adviser to SECDEF Ash Carter, said DoD was looking at alternatives to staffing with just active-duty military. Beginning that year, USCYBERCOM added 133 teams (staffing out at 6,000 people), with the intent that at least 15% of the personnel would be reserve cyber operations airmen. These new teams had achieved IOC as of 21 October 2016. Officials noted that IOC is not the same as combat readiness, but is the first step in that direction.

President Barack Obama's Commission on Enhancing National Cybersecurity was formed to develop a plan for protecting cyberspace. The commission released a report in December 2016. The report made 16 major recommendations regarding the intertwining roles of the military, government administration and the private sector in providing cyber security.

President Trump indicated that he wanted a full review of USCYBERCOM during his bid for presidency. During his presidency, the Trump administration made USCYBERCOM a unified combatant command, and took other measures attempting to deter cyber attacks. However, the FBI reported that they logged a record number of complaints and economic losses in 2019, as cybercrime continued to grow.

International effects and reactions

The creation of USCYBERCOM appears to have motivated other countries in this arena. In December 2009, South Korea announced the creation of a cyber warfare command. Reportedly, this was in response to North Korea's creation of a cyber warfare unit. In addition, the British GCHQ has begun preparing a cyber force. Furthermore, a shift in military interest in cyber warfare has motivated the creation of the first U.S. Cyber Warfare Intelligence Center. In 2010, China introduced a department dedicated to defensive cyber war and information security in response to the creation of USCYBERCOM.

Operations

In June 2019, Russia has conceded that it is "possible" its electrical grid was under cyberattack by the U.S. The New York Times reported that hackers from USCYBERCOM planted malware potentially capable of disrupting the Russian electrical grid.

Pause on Offensive Cyber Operations

The U.S. government has formally paused offensive cyber operations against Russia. This decision was part of new guidance provided to USCYBERCOM in February 2025.

List of commanders

CDRUSCYBERCOM is a statutory office (10 U.S.C. ) held either by a four-star general or a four-star admiral.

See also

• List of cyber warfare forces
• United States Strategic Command
• Joint Task Force-Global Network Operations
• United States National Security Agency (NSA)
• United States Department of Homeland Security
• U.S. Department of Defense Strategy for Operating in Cyberspace
• Information assurance vulnerability alert
• Cooperative Cyber Defence Centre of Excellence (NATO)
• National Cyberdefence Centre (Germany)
• Cyberwarfare
• Cyberwarfare in the United States
• Defense Information Systems Agency
• 2008 cyberattack on United States
• 2020 United States federal government data breach

Notes

Further reading

• Smeets, Max (4 July 2022). "A US history of not conducting cyber attacks". Bulletin of the Atomic Scientists 78 (4): 208–213.

External links

• 3 November 2019 at the Wayback Machine
• .
• . 13 December 2013.
• , White House. Retrieved 16 September 2023.