With a replacement named, a look back at US Cyber Command’s transformational years under Gen. Nakasone
The Biden administration has named Lt. Gen. Timothy Haugh as the next commander of U.S. Cyber Command, meaning that Gen. Paul Nakasone’s tenure — a transformational one — will be coming to a close.
Nakasone came in to lead Cybercom during a significant shift in the cyber community.
He took the helm as Cybercom was elevated to a unified combatant command spearheading a new era for the organization and military cyber. Prior to that, it was sub-unified under U.S. Strategic Command.
Additionally, following a barrage of cyber incidents inside the U.S. involving nation-state actors and criminal groups, there were questions about Cybercom’s role in defending America from significant cyber harm.
For years, there were debates both inside and outside government as to how the Department of Defense would protect the country in the digital realm. It was clear the U.S. military had responsibility to defend the United States from kinetic attacks such as missile salvos, but tackling cyber threats was a trickier problem.
Nakasone helped spearhead the paradigm shift of “defend forward” and “persistent engagement.” While he first teased both at the Aspen Security Conference in July 2018, the terms weren’t officially formalized until the September 2018 DOD cyber strategy was released. They are now part of the military’s doctrine for joint cyberspace operations.
The strategy directed Cybercom to defend forward, which involves operating on networks outside the United States in order to confront threats before they ever reach domestic networks. Cybercom achieves that through persistent engagement, which means challenging adversary activities daily and wherever they operate.
The open question since articulated has been how successful the command has it been in beating back threats and how it’s measuring success. Some officials in the past have noted they’re not looking at metrics, but rather outcomes. Nakasone, in written congressional testimony in March, said success depends on stopping foes from achieving their goals.
“Success for USCYBERCOM will be measured by how effectively foreign adversarial actors are prevented from achieving their strategic objectives,” he wrote. “USCYBERCOM will counter adversaries in competition to defuse crises, deter conflict and prevail against aggression. Aligning efforts of both USCYBERCOM and [the National Security Agency] is essential to achieving these goals and is in the best interest of the nation.”
Sources that spoke to DefenseScoop noted that over the past five years, there has been a misconception regarding what “persistent engagement” is — and isn’t — as well as how the broader public should think about it.
According to one former official, the concept stems from Nakasone’s time commanding the Cyber National Mission Force from 2014 to 2016. While they were somewhat more active than other cyber teams, Nakasone soon realized upon taking command next at Army Cyber Command, that there was a higher risk calculus within the national security establishment for conducting cyber missions. This meant that there weren’t a lot of operations taking place.
“It was a counter remedy to inaction. There was too much bias for inaction at that time,” the former official said. “One of the implied goals or unstated goals of persistent engagement was to demystify a lot of cyber operations through doing it consistently and make it so that it wasn’t such an esoteric mystery.”
Another former official related persistent engagement to just one tool in the broader set of instruments of national power.
“It’s a long-term vision, a campaign that has elements of diplomacy and information and obviously, military operations, and even to a very small extent, it’s across [diplomatic, information, military and economic, or] DIME. I think that framing is important and I think it’s deliberate,” they said.
They highlighted the visibility and public nature of the commander of the Cyber National Mission Force.
Others have noted that the force sought to add friction to adversary activity as prior to the concept, many suspected malicious actors were operating too freely with very little consequences.
“It’s like a full-court press. You’re not waiting for them to get past you. You’re going to defend as soon as they get the ball in bounds,” Kurt Sanger, who was formerly Cybercom’s deputy general counsel, told DefenseScoop.
What is less clear to outsiders is how successful persistent engagement has been in terms of preventing malicious activity.
“We don’t know how bad it might have been had it not been for persistent engagement, but what we do know are certain things that we might have expected to happen didn’t happen, such as we did not see similar interference in the election in 2020 compared to what we believe may have happened in 2016,” Sanger said. “Did Cyber Command and persistent engagement have something to do with that? I believe it did. But I guess you never really know what punches the enemy pulled because of the way we were doing business.”
Others have noted that it’s impossible to fully stop adversary activity and there must be realistic measures of success.
“So long as we have a realistic definition of ‘success,’ then yes [it has been successful]. There’s no universe in which USCYBERCOM somehow could wholly prevent adversarial foreign-government cyber activity,” Bobby Chesney, dean of the University of Texas School of Law and someone who follows cyber law and issues very closely, told DefenseScoop in an email. “But there’s a ton of benefit when we defend forward both in the sense of operating by permission in other states’ systems (to help them identify and fend off adversaries), and when we operate in adversary systems themselves (to see threats as they are emerging and, on occasion, to issue warnings or even take harm-preventing actions).”
While some believed this seemingly more aggressive posture would lead to escalation in the cyber domain, others have noted it has not — which in and of itself is a success.
“One of the primary concerns that people had about the strategy and the vision was that it would lead to escalation. I think there we can say it’s a resounding success,” Jacquelyn Schneider, a fellow at the Hoover Institution, told DefenseScoop.
Schneider noted that in follow-on strategies, she’d like to see less ambiguity, making it more clear about what Cybercom is more willing and not willing to do.
However, one former official believes that the concept has not fully been executed to its potential.
“I think it’s been successful every time it’s been tried. I would fight the notion that has been truly tried,” they said. “I don’t see [persistent engagement] going away, but I think to say that we’ve done persistent engagement with a straight face does not do the concept justice, because it would require a whole lot more in the way of offensive operations.”
Steering the ship
Nakasone has gained high praise consistently from members of Congress while testifying, along with the broader cyber community, and was asked to stay on for an extra year.
“Against all odds, he has kept USCYBERCOM out of headlines and out of our nation’s increasingly unhappy politics,” Chesney said. “That’s amazing when you consider how things have been for just about every other government entity touching on the grey zone conflicts/Cold War II in recent years,” he added, referring to the great power competition between the United States and its advanced adversaries.
Nakasone’s tenure also saw the initial development of so-called hunt-forward operations, which have now ballooned into a mainstay and are part of the U.S. military’s doctrine for joint cyberspace operations.
These ops involve physically sending defensively oriented cyber protection teams from Cybercom’s Cyber National Mission Force (CNMF) to foreign countries to hunt for threats on their networks at the invitation of host nations. Officials say they are mutually beneficial because they help bolster the security of partner nations and provide Cybercom — and by extension, the United States — advance notice of adversary tactics, allowing the U.S. to harden systems at home against these observed threats.
Nakasone’s tenure will likely best be remembered for the enhanced authorities Cybercom received and its maturation into a fully fledged organization. In the years prior, the command was always compared to the analogy of flying a plane while building it.
In the years since becoming a standalone combatant command, it has received significant authorities for executing cyber ops abroad, an important development since those authorities previously had been held at the highest levels of government, effectively dissuading cyber operations from taking place.
A series of executive policy changes, congressional legal changes and clarifications, and conceptual revamps paved the way for Cybercom to operate on networks outside the U.S.
The command has also been given what’s known as enhanced budget authority from Congress, which provides direct control and management of planning, programming, budgeting and execution of the resources to maintain the cyber mission force. This is important as Cybercom aims to leverage service-like authorities to build out key platforms for military cyber ops, and it’s the only other combatant command besides Special Operations Command to have budget authority.
When Cybercom was initially created, it relied heavily on personnel, infrastructure platforms and tradecraft from the National Security Agency to build its enterprise. But cyber troops need their own platforms and infrastructure separate from the NSA, whose primary mission is to conduct foreign intelligence missions.
The two organizations are still co-located and share a leader. Nakasone’s tenure has seen more favorable discussion surround the longevity of what is known as the dual-hat relationship, one of the most hotly debated issues in the military cyber world.
Proponents maintain that the military can benefit from the unique intelligence insights and access of NSA, leading to faster decision-making and operational outcomes. Opponents argue the two roles are too powerful for one person to hold, and relying on intelligence infrastructure and tools —which are meant to stay undetected — for military efforts poses risks to such espionage activity.
It was always expected that the dual-hat arrangement would not be permanent given the inherently different missions of each organization: foreign intelligence and warfighting. However, Nakasone, as well as members of Congress, have continued to laud this relationship. In fact a study led by retired Gen. Joseph Dunford, who was formerly the chairman of the Joint Chiefs of Staff, determined that maintaining the dual-hat arrangement would be beneficial for national security.
“Whatever criticism there might be about USCYBERCOM’s operational quality, it’s light years from where it used to be. People forget what a fledgling entity this really was,” Chesney said.