US Cyber Forces: current state and development prospects
In recent years, there has been a change in the views of the US military and political leadership on the goals and objectives of conducting operations in cyberspace. The main result of this transformation was to give legitimacy and expand the list of grounds for conducting offensive cyber operations, including in peacetime.
Practically, the transformation was expressed both in the change of the regulatory framework, the adoption of new documents, and in a significant expansion of the forces and means involved in conducting cyber operations, an increase in the number of tasks they solve and the creation of new cyber infrastructure facilities in various regions of the world.
REGULATORY ASPECT
Initially, the official goals of the US Armed Forces in cyberspace, listed in the first "Strategy of Actions of the US Department of Defense in Cyberspace" (2015), were defensive in nature. To achieve them, the US Armed Forces were instructed to use all available opportunities to repel cyber attacks threatening the interests of the country."
The current "Strategy..." of 2018 has taken on a more aggressive character. It states, for example, that the United States will take proactive actions to block malicious cyberactivity – which can be interpreted as the possibility of launching early cyber strikes on enemy targets. At the same time, offensive and defensive cyber operations are envisaged.
BECOMING A CYBERWAR
The first attempt by the United States to create a Cyber Command dates back to November 2006. At that time, it was a question of a temporary structure under the US Air Force.
In its current form, the Cyber Command began to form in June 2009, and was launched in May 2010. It was the first military formation in the United States related to cybersecurity – before that, such units existed only in the special services.
The army reacted to the appearance of the Cyber Command (US Cybercom) quite violently. Some of the military believed that cybersecurity issues should not be related to the Armed Forces at all. Another part proposed to allocate cybersecurity forces into a separate branch of the armed forces – along with the sea and air fleet and the land army. Following the example of the United States, China, South Korea, Russia and other countries have taken up the creation of cyber troops.
According to the initial plan for the formation of the structure, by 2016, about 6.2 thousand people were supposed to work at US Cybercom. It is reliably known that in 2015 the staff was half staffed, and about a thousand employees were hired in 2014.
In 2015, the administration of US President Donald Trump raised the status of the US Cyber Command in the military hierarchy. Prior to that, it was subordinate to the Strategic Command of the US Armed Forces, which also manages nuclear weapons, missile defense and Space Forces. By Trump's decision, the Cyber Command was taken out of the control of the Strategic Command and placed on the same level in the departmental hierarchy with him and eight other United States combat commands.
Thus, the number of combat commands was brought to ten. Six of them are regional: they plan and conduct military operations in different regions of the world. Four more are functional, that is, they differ in the type of activity: these are Strategic and Transport Commands, as well as Cyber Command and Special Operations Command.
CURRENT SITUATION
Today, in each of the four branches of the US Armed Forces, there are corresponding cyber commands that are administrative management bodies.
Operational management of cyber forces and interaction with other government agencies in matters of planning and conducting cyber operations is carried out by the Joint Cyber Command (OCiC) of the US Armed Forces.
In 2023, the Joint Cyber Command includes more than 130 operational groups. In accordance with the tasks to be solved, these groups are divided into three main types:
– Strategic Cyber Operations (Cyber National Mission Teams);
– operational and strategic cyber operations (Cyber Combat Mission Teams);
– Cyber Protection Teams.
The number of military and civilian personnel of the US Armed Forces OCiC exceeds 6 thousand people.
FEATURES OF PREPARATION AND CONDUCT
The following features of the preparation and conduct of offensive cyber operations of the US Armed Forces should be noted.
When organizing an operation, it is taken into account that the effectiveness of its conduct is determined by two factors: the availability of intelligence information about the vulnerability of the attacked cybersystem and the ability of the attacking side to use it effectively.
To achieve these goals, two tasks are consistently solved: 1) obtaining intelligence information that reveals the weaknesses of the enemy, and 2) preparing personnel and hardware and software for the operation.
To perform the first task, the commander of the US Armed Forces OKiK can use the resources of the National Security Directorate of the US Department of Defense, since he is also the head of this department.
The key to the successful solution of the second task is advance preparation. In some cases, in order to ensure readiness for immediate use, malicious software is introduced into the enemy's information systems in advance.
American military experts recognize the presence of hardware and software bookmarks in various information systems of potential adversaries carried out by the United States intelligence services in recent years.
KNOWN CYBER OPERATIONS
Despite the existence of numerous proofs of the destructive impact on military and civilian objects of cyberspace of a number of states (for example, Iran and Venezuela), the military and political leadership of the United States rarely recognizes the fact of offensive operations.
Official publications comment on the operation "Glowing Symphony", conducted by the US Armed Forces in order to counter the structures of the terrorist organization "Islamic State of Iraq and the Levant" (the organization is banned in the Russian Federation) in the information sphere.
In addition, in July 2020, the then American President Donald Trump acknowledged his authorization of an offensive cyber operation conducted in 2018 against the Russian company Internet Research Agency.
The reasons for official restraint are obvious. The White House itself insistently declares the threat of committing "malicious actions in cyberspace that threaten the national security of the United States, as well as its allies or partners" as a basis for using direct military force.
It is clear that the admission that the United States has committed "malicious cyber operations" directly provokes retaliatory actions on the part of the enemy.
It should be noted that the officially declared composition of information operations conducted by the US Armed Forces also includes various operations in computer networks, including offensive ones designed to influence certain social or professional groups.
THE ELECTROMAGNETIC WAR IS STILL AHEAD
The rapid development of promising and especially information technologies in the late twentieth and early twenty-first centuries created conditions for further improvement of weapons, military equipment and control systems.
This led to the emergence of automated systems, increased the range and significantly expanded the zone of possible warfare. But practically very little has increased the information possibilities of using the electromagnetic spectrum (EMC).
The number of operating ranges used by military and civilian electronic equipment was very limited, there were not enough frequencies, their purpose was repeated many times, various methods were used so that radio-electronic means did not create mutual interference.
According to the statements of American military experts, in connection with the expansion of the list of tasks of electromagnetic warfare, as well as taking into account the increased dependence of the success of cyber operations on gaining superiority in EMS in the battles of the XXI century, the Pentagon centralized all cyber and electromagnetic activities of the US Armed Forces (Cyber Electromagnetic Activities, CEMA).
Due to the continued rapid development of promising technologies, cyber operations of the XXI century will be characterized not only by changing forms, but also by the implementation of new strategic, operational and tactical concepts. Such as network-centric operations, operations in the information spectrum, operations in the electromagnetic spectrum, multi-sphere operations, etc.
All of these operations are characterized by the use of a single information space with simultaneous actions in it to gain and retain superiority in all physical environments, in the electromagnetic spectrum and in cyberspace.
conclusions
Cybernetic space, classified in the United States as one of the spheres of military operations, is indeed the most acceptable for information operations today.
The potential and capabilities of the cyber forces of the US Armed Forces are highly appreciated by Western experts.
For example, in 2020, the International Institute for Strategic Studies (a research and analytical center headquartered in London, founded in 1958) recognized that the US Armed Forces have the widest set of tools for conducting effective cyber operations - from a prepared regulatory framework to professionally trained and constantly trained personnel during training and real actions.
A number of American experts predict an increase in the status of cyber forces in the future to a separate type of the US Armed Forces.
In conclusion, the following facts should be noted that characterize the transformation in the last decade of the views of the US military and political leadership on conducting operations in cyberspace.
When the OCiC was created in 2010, it was assumed that its main task would be to protect against malicious cyber activity directed at the infrastructure of the US Department of Defense in order to disrupt the operability or obtain intelligence information.
Today, such an approach to conducting cyber operations based only on retaliatory actions is considered inconsistent with the nature of modern cyberattacks – more intensive and technically advanced, broader in terms of objects of impact and more severe in terms of possible consequences. Currently, when planning and conducting cyber operations of the US Armed Forces, the principle of "the best defense is an attack" is widely applied.
As stated in one of the official American publications devoted to the analysis of the decade-long activities of the OCiC, "today we have learned that the protection of our cyberspace requires operations beyond its borders."
Vasily Ivanov
Vasily Ivanovich Ivanov is a journalist.