Soldiers from the 2nd Signal Brigade complete a mission in the Joint Cyber Control Center in Grafenwoehr, Germany, Feb. 23, 2011

Soldiers from the 2nd Signal Brigade complete a mission in the Joint Cyber Control Center in Grafenwoehr, Germany, Feb. 23, 2011 Army / Lawrence Torres III

A Cyber JSOC Could Help the US Strike Harder and Faster

A network-attack analogue to the manhunting Joint Special Operations Command would allow cyber warriors to decide, deconflict, and execute more effectively.

As top defense leaders contemplate elevating U.S. Cyber Command to a full-fledged unified command, they should also think about creating a cyber equivalent of the Joint Special Operations Command. The JSOC model would help execute CYBERCOM’s new anti-ISIS mission — and the many other joint operations that lie ahead.

Best known for its manhunting operations, JSOC synchronizes and integrates military and intelligence components to learn and strike quickly. In Iraq, JSOC’s special operators skillfully executed a “decapitation strategy” against al Qaeda’s leaders, key facilitators, and senior operatives. In Afghanistan, they wielded “an array of ‘enablers’” such as drones and attack helicopters to accomplish their tasks.

In essence, the JSOC way is to plan and exercise, meticulously and realistically; to resource the mission appropriately, with a range of tools and equipment at the ready; and to refresh and inject intelligence continuously, placing it in the hands of operators on the ground. The decision-making process is nimble yet expansive. It incorporates the inputs and players who bring real insights into a goal and how to achieve it, as well as representatives of enough organizations to minimize the risk of damage to others’ areas of responsibility. Of course, process must be backed up by capability. By underwriting its missions with both military and intelligence assets, and by reconciling the authorities and U.S. Code sections governing the military and intelligence community — Titles 10 (Armed Forces) and 50 (War and National Defense) — JSOC pairs a superior process with high-end capacity.

This concept and construct should now be applied to the cyber domain. As computer network exploitation blurs into computer network attack, the U.S. needs to be better and quicker at detecting and responding to its adversaries’ online actions, especially when they target critical infrastructure. A cyber JSOC would help realize that goal, as well as the intent of Cyber Command’s new mission of identifying, undermining, and destroying ISIS online as part of a combined-arms operation that includes kinetic efforts in the physical world. In general, as the offensive dimension looms larger in U.S. cyber planning and execution, the need for a cyber JSOC becomes more urgent.

Bringing JSOC’s methods to the cyber realm would help transform the prevailing decision-making process, which is slow, under-inclusive, and skewed against taking action. (When action is taken, it tends to be in the form of baby steps, even if more robust maneuvers are warranted.) A Cyber JSOC, by contrast, would gather the crucial players, then weigh their inputs and whatever competing interests and concerns may be in play. Just as JSOC draws upon CIA assets and input for kinetic purposes, so Cyber JSOC would use NSA assets and input to achieve U.S. cyber ends and goals. Moving swiftly, it would deconflict and harmonize everything from collection efforts to target selection, then marshal and mobilize the capabilities to enact the chosen outcomes.

This new ability to handle complex multi-variable decisions would allow the U.S. to act more decisively in the cyber domain while avoiding counterproductive moves. For example, the Defense Department will need to balance the value of taking down extremist websites with the intelligence benefits of watching their operators and visitors. As well, a cyber action intended to affect one geographic location may have effects across many others. Stepping into or onto another’s area of responsibility, even unintentionally, could compromise sources and methods or otherwise place lives at risk. For this reason, it is important for decision-makers to bear in mind the big picture, encompassing other operations underway globally. It may also be necessary to lash up CYBERCOM with one or more of the regional commands (e.g., CENTCOM, etc.) Fortunately, by their nature, cyber operations, including their intersections with kinetic campaigns, would be particularly conducive to a virtual dashboard.

As Cyber JSOC evolves and matures, it could ultimately constitute a critical component of our broader cyber deterrence strategy and policy. Since the initiative remains with the first-mover, the United States should ensure that it develops unparalleled offensive capabilities — a cyber equivalent of the Navy SEALs, Delta Force, and Air Force Special Operations — and a framework for putting them to use. Investing in people as well as developing a structure, via JSOC, made all the difference at the tip of the spear. We need the same for cyber.