Meet Your New Commander-in-Geek

U.S. Cyber Command has no idea why it exists.


This headline is not from The Onion:

US appoints first cyber warfare general: Pentagon creates specialist online unit to counter cyber attack amid growing fears of militarisation of the internet.

On Friday, newly-created U.S. Cyber Command—that's USCYBERCOM to those in the know—got itself a general. One small problem: It's not clear that anyone, even four-star general and National Security Agency head Keith Alexander, knows what U.S. Cyber Command is supposed to do now that it exists. The commerical Internet has been around since about 1995, but in recent years folks at the Pentagon and White House seem to have been struck with a similar thought: "Hey, we should do something about those Internets, huh?" The longing for a cyber command of some kind dates back at least to President George W. Bush, and the project continued merrily along under President Barack Obama with the inexorable force of a government program that nobody really wants, but no one wants to be the one to kill.

The lack of clarity on Cyber Command's mission has dogged the enterprise from the beginning, and it's a condition that doesn't seem to have been resolved in advance of the appointment of a general to run the operation and an official launch last week. An ad campaign in February 2008 announced the Air Force's plans to "dominate air, space, and cyberspace," explaining that the "Cold War has given way to cyber war." (The page promoting that cyber dominance campaign now—fittingly—generates a 404 error.) The service even changed its mission statement to read, "As Airmen, it is our calling to dominate Air, Space, and Cyberspace." These days, the mission statement available on snazzy, slow-loading airforce.com is "The mission of the United States Air Force is to fly, fight and win … in air, space and cyberspace."

The ad campaign and mission statement change seem to have been an overly hasty land grab by the Air Force, and by August 2008 Wired's Noah Shactman was reporting that at a crucial June conference "the command's emerging leaders couldn't agree on what exactly the new unit would do." Possibilities included "protection and defense of the Air Force's command and control abilities." Or perhaps the "mission is to control cyberspace both for attacks and defense." The scope was also open for debate: "Some believed the Cyber Command would only be responsible for computer networks," wrote Shactman. "Others thought it'd be responsible for every system that had anything to do with the electromagnetic spectrum—up to and including laser weapons." The confusion seemed so impenetrable that Shactman (or his editors, at any rate) declared that the program had been suspended.

But Cyber Command was back to life soon enough, mission or no mission. And on Friday, along with the appointment of a head of operations, 30,000 airmen have been reassigned to the Air Force Cyber Command. Cyber Command is set to be fully operational in October.

Alexander says he has only modest goals for Cyber Command for now. The glasses-wearing commander-in-geek seems to be content with the role of The World's Most Powerful IT Guy for the moment. But that's no bulwark against excesses by his successors—or his superiors, for that matter. "This is not about efforts to militarize cyberspace," he said in April. "Rather it's about safeguarding the integrity of our military system. My goal if confirmed will be to significantly improve the way we defend ourselves in this domain."

But according to a Pentagon "fact sheet," Alexander is authorized to use deadly force: Cyber Command will "direct the operations and defence of specified Department of Defense information networks [involving some 90,000 military personnel] and prepare to, when directed, conduct full-spectrum military cyberspace operations in order to enable actions in all domains, [to] ensure US allied freedom of action in cyberspace and deny the same to our adversaries."

Some major players support even more aggressive measures: "The United States is fighting a cyber-war today, and we are losing," former National Security Agency chief Mike McConnell wrote in The Washington Post on February 28 this year. "It's that simple." But the reality is far from simple. If the government wants to thoroughly track online activity, McConnell admits, "we need to re-engineer the Internet to make attribution, geo-location, intelligence analysis and impact assessment—who did it, from where, why and what was the result—more manageable" [emphasis added]. That's right: Re-engineer one of the most popular and revolutionary new technologies of our time, to allow the government to get in on the business of data security. During the Bush administration, McConnell prompted Bush to sign a secret order to erect firewalls and build malware into military gear. Under Obama he's at it again, lobbying for cyber-war from a private sector perch.

Last month, The Washington Independent asked Dennis Blair, the nation's top intelligence officer until his resignation becomes effective on Friday, if U.S. Cyber Command and the intelligence community had established clear divisions of legal and policy authority or responsibility. "It's a really dynamic area," Blair replied. "Technology has developed far faster than [the] legal or policy framework….We'll do what we have to to get it done." In other words, conflict between the Pentagon and the intelligence services is likely. Striking the we have no idea what's going on gong once more, former CIA director Michael V. Hayden told The Washington Post: "Cyber was moving so fast that we were always in danger of building up precedent before we built up policy."

Wondering what a concrete example of cyber warfighting might look like? In early 2008, right around the time that the Air Force was making a bold move for the Cyber Command account, a Fort Meade-based team called the Joint Functional Component Command-Network Warfare which operates under a program called Countering Adversary Use of the Internet decided it was time to take out a "honeypot" site put up by the U.S. to draw in potential terrorists and gather intelligence, and in doing so—over the CIA's objections—inadvertently took out 300 servers in Saudi Arabia, Germany, and Texas. Even this modest operation wound up breeding institutional conflict, technical failure, and may have harmed national security more than it helped. Alexander has a big job on his hands.

And as preparations for the coming amorphous cyber war ramp up, we'd better hope the worst of the collateral damage is some interrupted Netflix streaming in Texas.

Katherine Mangu-Ward is a senior editor at Reason magazine.