Cyber warfare has outgrown its place as a unified combatant command, and now demands the full weight of a service component as its vehicle of execution. However, the question of which service should have responsibility for it is an open question. There’s not a natural fit in any of the more established armed services. The Air Force, Army, Marine Corps, and Navy all have a stake in cyber warfare, so shunting the full efforts for which Cyber Command is currently responsible into any one of these would result in a turf war. Indeed, the assorted services of the Department of Defense have enjoyed unparalleled military success (although it hasn’t always translated into political success) since the 1986 Goldwater-Nichols act. This is in no small part due to a clearly defined chain of command for each service, areas of tactical and doctrinal application and focus (i.e., domains), and the ability to develop and innovate in support of those doctrinal mission sets. However, space and cyber have no such natural delineations; indeed, both are relatively ambiguous arenas of conflict that are rapidly emerging as critical components to the national security architecture. In order to effectively mature as a combat-capable entity within the Department of Defense, the Space Force should assume control of the cyber defense architecture.
Furthermore, a precedent already exists in the fusion of space and cyber. As regular participants in the information environment, crossover exists between land, air, and even sea operations in both space and cyber realms. In 2000, the United States Space Command assumed control of the Joint Computer Network Defense/Operations, a slop bucket of technical specialties that ultimately grew into the combatant command of today. Indeed, the Space Force’s new senior enlisted leader even earned his bona fides in the signals community first, before crossing over into the space realm.
What is the National Security Role of Space?
With the recognition of space as a critical domain in the context of great-power competition, the US government ushered the Space Force into the fold as the youngest sibling in DoD. While the congressional ratification of the 2020 National Defense Strategy helped to create this new branch, questions remain: What will this new service actually do in safeguarding national security? What purpose should it be intended to serve in the space domain—a domain that is scarcely understood by the broader swath of society?
At this juncture, hardware is the only known quantity of the critical new service—sustaining and adding to the ever-growing fleet of satellites in both geosynchronous and low-earth orbits. However, a funds-appropriated branch of the Department of Defense needs to be more than just an inventory delivery service. Space Policy Directive-4, an executive branch directive that served as the formal impetus for the Space Force’s creation, characterized the Space Force as having “both combat and combat-support functions to enable prompt and sustained offensive and defensive space operations, and joint operations in all domains.”
It is assumed that the Space Force will be involved in missile defense and communications (supporting efforts like the Advanced Battle Management System for command and control)—but there is scant definitive guidance. Air Force Secretary Barbara Barrett offered slight insight into the operational function of the new department earlier this year, citing the global positioning system infrastructure and urging the advancement of commercial-public launch enterprises. However, the discussion must include the civil and commercial satellite constellation upon which the communications infrastructure of the United States (and much of the developed world) depends. While the average US citizen may not always fully understand the depth and scope of the service branches and their areas of responsibility, there must be a little more meat on the bone when justifying the billions of dollars that have been appropriated to fund the highly publicized Space Force.
Technological development through public and private cooperation and space inventory expansion will likely fall into the lap of the Space Force as well—with the hope of improved public-private integration for assured dominance in this arena. Several existing organizations with responsibilities in the space domain, including the Space Development Agency and the Missile Defense Agency, are being weighed by Congress as potential assumptions by the Space Force, the sum of which generally solves the “defensive capabilities” query—albeit vaguely.
Cyber, Information Warfare, and the Tools of Digital Conflict
DoD implemented Cyber Command as the tool for national defense in securing the cyber domain and information infrastructure in 2017, an acknowledgement of the growing threat of malicious cyber activity around the globe. Cyber Command is a unified combatant command, drawing on the assorted services’ cyber components. However, in practice this system is somewhat fragmented, as the responsibility for cyber operations rests in a number of places in addition to DoD—the National Security Agency, Department of Homeland Security, and FBI to name a few.
The cyber enterprise continues to face a lack of support, facilities, and manning from the staff level down to the tactical coders and developers. The execution of cyber, and the technical requirements for its operators makes the issue of manning even more challenging. The keyboard warriors who counter adversaries in the ones-and-zeros domain typically lack the critical experience gleaned in operational environments until later in their government careers, and are then likely to join the private sector, as a recent Defense Science Board report has identified.
The intelligence community is facing increased threats in the cyber domain, but current efforts are limited primarily to risk management for addressing vulnerabilities. The National Reconnaissance Office has been toying with a dashboard model for system assessments, while the National Geospatial Intelligence Agency is utilizing heatmap methodology to identify vulnerabilities. Yet these efforts would be better served coming from a unifying service branch—especially if foreign intelligence via cyber operations is truly a priority for the national security enterprise.
Part of the manning struggle may also lie in the traditional cyber operations role—the reality that cyber operations (chiefly offensive operations) have been the nearly exclusive purview of the National Security Agency. By charter, the NSA is responsible for signals intelligence, interpreting digital intelligence, and providing information assurance as it relates to national security threats. In the digital security realm, Cyber Command is the new kid on the block.
The Space Force has an opportunity to pioneer safeguarding the infrastructure security of the United States, and it resides in fusing its responsibility for the hardware component with a consolidated cyber capability. Specifically, it is time to transition the national security cyber domain architecture from a combatant command into the operational mechanism of space warfighting. In short, cyber can and should be the offensive and defensive functions as chartered in SPD-4.
Suggesting cyber’s evolution into the operational capability for the Space Force does not require eliminating cyber warfare from sister services or the intelligence community. However, space communications infrastructure and cyber are intuitively interwoven, and both transcend the physical borders of any of the other service. Each service has struggled to integrate cyber planning and execution into the various operation plans—often leaving the heavy lift to NSA and Cyber Command—in no small part due to the difference between physical and logical pathways of access. In this new age of great-power competition, cyber infrastructure is undoubtedly a vulnerability in state-on-state conflict, as evidenced by Russian utilization of cyber attacks against Georgia and Ukraine, as well as repeated intellectual property theft and hacks by China.
Cyber’s effectiveness in operations under the level of open conflict—as demonstrated by the employment of Stuxnet, Flame, and Duqu—is a harbinger of the future of warfare. Like asymmetric warfare, adversaries understand that they may not effectively counter United States military prowess directly, and as such, the fringes of contact such as the cyber realm are where adversaries will challenge the United States. DoD needs to do more than pay lip service to cyber lines of effort, and actually put cyber in the same category as the land, sea, and air domains. If cyber operations are to become a codified tool of warfighting under Title X authorities granted to the Department of Defense, this will require cyber to become a fully integrated component of military operations—not just a bolt-on part for those targets too difficult to affect kinetically. Of note, and as is also defined by those Title X (chapter six) authorities, the Joint Chiefs of Staff are required to conduct a biennial review of the organization and implementation of the unified combatant commands. The last review took place in 2018, and the next review is due.
Realign Cyber Command to Realize Policy Directives
As a unified combatant command, the aim of establishing Cyber Command was to fuse authorities and consolidate efforts by the unified services to execute their Title X mission. However, this could also be accomplished, but in a more streamlined manner, by implementing cyber operations as the offensive and defensive capabilities delineated under SPD-4. Space will be a critical component in hosting the near-future command-and-control systems upon which DoD will rely. By consolidating the information management enterprise under one service (while sustaining joint involvement from its sister services), cyber becomes clearly and succinctly aligned under the purview of DoD. This advances the point of this analysis from solely an org-chart suggestion to addressing the previously amorphous nature of the cyber enterprise.
Becoming the action arm of the newest service enables the cyber enterprise to take up the weight of an emerging domain of warfighting, while continuing to solicit support from its sister services—personnel, doctrine, development of tactics, techniques, and procedures, and shared methodologies remain critical to advancing the cyber mission. In the same manner as a Marine expeditionary unit embarking as part of a Navy expeditionary strike group, other services may “deploy” their cyber experts in support of the Space Force cyber mission. The expertise has not been lost by consolidating cyber within the purview of the Space Force; rather, it simplifies and codifies the enterprise.
In the interest of adhering to the vision of the Unified Command Plan established in the 2018 update, Cyber Command’s responsibilities should be reassigned to the operational command of the Space Force. This will enable fusion of the information warfare capabilities and critical infrastructure with the service responsible for the security and sustainment of the systems wherein the cyber domain primarily exists.
Current Vulnerabilities Make Future Adversaries
The stark reality with respect to cybersecurity as a facet of the national security enterprise is that a relative lack of information security awareness is apparent, as it relates to threats from state, criminal, and extremist groups. The most aggressive public entity in securing the information domain is the Cybersecurity and Infrastructure Agency, whose primary tools include “information sharing” with the private sector and the National Cybersecurity Protection System’s advanced analytics and intrusion detection and prevention. While transitioning the cyber architecture to a military service does not solve this issue, it signals a shift in policy thinking that reflects the gravity of the issue, and leads to broader discussion of the vulnerabilities.
Again, the United States’ competitors have shown minimal restraint in employing the full swath of cyber capabilities against military and civilian targets alike. The lack of a cohesive, supported, and policy-driven unity of effort by the United States enables those adversaries to attack and press where we are weakest. The information-exchange space and the components that support this domain are intertwined and interdependent, and both the military and American society literally depend on these networks for everyday life, from civilian banking to precision weapons guidance, yet these systems still remain vulnerable to aggressor interference.
The responsibility for protecting the information environment and its closely affiliated infrastructure grid is inarguably within the purview of national defense, and policymakers, defense leaders, and stakeholders in the cyber domain should begin to think of it within the realm of space operations as well. The protection of these information systems that affect every US citizen falls squarely on the organization responsible for providing the connectivity architecture upon which many of these systems rely.
Ethan Brown is a Senior Fellow at the Mike Rogers Center for Intelligence and Global Affairs at the Center for the Study of the Presidency and Congress. He is an eleven-year veteran of the US Air Force as a special operations joint terminal attack controller with six deployments to multiple combat zones. He can be followed on twitter @LibertyStoic.
The views expressed are those of the author and do not reflect the official position of the United States Military Academy, Department of the Army, or Department of Defense.
Image credit: Tech. Sgt. Robert Barnett, US Air Force
First, we fight wars via the combatant commands not the services…we cannot outgrow a combatant command. By their nature CCMDs are a force consumer. Services provide trained/equipped forces.
The reason there is a precedent for Space and cyber to be together is it’s a BAD precedent. It’s been tried and failed by both service and combatant command too many times.
1. Space is too focused on large scale acquisition, while cyber by its nature must be light and innovative.
2. Space is risk averse and checklist drive n because of the large expenditures. Cyber operators are largely allowed to take more risks and be creative
Your premise to link cyber with space seems flawed.
You seem to assume the medium used for distant communication is satellite (space-born), hence a strong correlation with Space Command. In fact, most long range communication via internet are done by optical cables (satellite transmission latency is pretty high and not designed for massive amount of data created by the internet).
Space is a physical scape, like air, ground, or sea. Cyber is not a physical, it is an soft scape which engages in the physical data medium scape (like Signal Intel used to), the software scape (the multiple stacks and layers of automation that consumes, transform, and interpret the data), and finally the mindscape (internal decision-making structure of the user that receive info and interpret it – aka social engineering, which is an evolution of what PsyOps would play with).
The path to an exploit is a mix of assumptions and flaws in some or all levels described above. So, any force that would take full control of cyberoperations need to have a deep relation and understanding of network infrastructure and information communication, software (and other complex systems) design and development, and finally Cognitive sciences (Neuroscience, Psychology, and its digital offspring, Artificial Intelligence).
This statement is key: "Each service has struggled to integrate cyber planning and execution into the various operation plans—often leaving the heavy lift to NSA and Cyber Command—in no small part due to the difference between physical and logical pathways of access."
The services are optimized to organize, train, and equip forces to fight in physical domains. There's a surprising reluctance to let the organization most expertise in cyberspace — NSA — become responsible for organizing, training, and equipping forces to fight in cyberspace. Beyond its intelligence-gathering responsibilities, NSA is a DoD Combat Support Agency…a large part of its manpower comes from the uniformed military branches, and it's fully integrated with the combatant commands. To have an "agency" rather than a "service" be responsible for presenting forces is nothing more than semantics.
As usual, it boils down to money. The services see the cyber mission as a means of growth, in terms of budget, force structure, or both. NSA/CSS knows that it'll be involved in any service development of cyber warfighting capabilities, so doesn't have to work to compete. Collectively, they should bow to reality and simply place the mission where it best fits.