CYBERCOM is now a full combatant command rather than a sub-unified command beneath U.S. Strategic Command.
President Donald Trump elevated U.S. Cyber Command to a full combatant command Friday, marking a crucial transition for the 7-year-old military unit that’s scheduled to reach full operating capability next year.
The elevation was authorized in the most recent version of an annual defense policy bill in November and CYBERCOM has been prepping for the elevation for much of this year.
The elevation will “streamline command and control of time-sensitive cyberspace operations by consolidating them under a single commander with authorities commensurate with the importance of such operations,” Trump said in a statement.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
The elevation will also “ensure that critical cyberspace operations are adequately funded” and “help reassure our allies and partners and deter our adversaries,” Trump said.
CYBERCOM’s new status will theoretically give its leaders a more direct line to the Pentagon, though CYBERCOM Chief Adm. Michael Rogers has said he often speaks directly to the Pentagon already.
Previously, CYBERCOM, based at Fort Meade, Maryland, was a sub-unified command beneath U.S. Strategic Command based in Omaha, Nebraska.
The Pentagon is also studying whether to split CYBERCOM from its sister intelligence agency the National Security Agency, according to Trump’s statements. Rogers currently heads both organizations and they share many capabilities.
The Obama administration studied that split extensively and appeared close to committing to it at the end of Obama’s second term, according to numerous reports.
The November National Defense Authorization Act placed several conditions on that split, including certifying to congressional armed services committees that CYBERCOM’s weapons, capabilities, command and control systems, and staffing are all ready for the job.
The split would also have to wait on CYBERCOM reaching full operating capability in 2018.
CYBERCOM’s mission includes assisting other military commands and units with defensive cyber operations and launching offensive cyber operations if directed by the president.
Former Defense Secretary Ash Carter acknowledged the command was launching offensive cyber operations to disrupt Islamic State networks, but officials have not acknowledged other offensive cyberattacks and have generally been tight-lipped on the subject.
The command is also tasked with protecting military networks from cyberattacks at a strategic level, though operational-level protection is managed by the Defense Information Systems Agency and the DOD chief information officer's staff.
Elevating CYBERCOM is a relatively non-controversial move compared to splitting it from NSA.
Skeptics of the split say CYBERCOM’s capabilities will suffer if it can’t rely on NSA’s deep bag of cyber exploits. Advocates argue a military command and an intelligence agency have fundamentally different missions and combining them confuses both.
NSA would typically prefer to retain cyber exploits that might be damaging to U.S. companies and consumers if they can be used against adversaries, advocates of the split say, while CYBERCOM would prefer to expose vulnerabilities that will make the nation more secure.
A Government Accountability Office report from earlier this month tallied numerous downsides to the combination, including that it raised the risk of leaking NSA cyber tools and might diminish NSA’s ability to assist other government agencies.
On the plus side, retaining the organizations’ “dual hat” leadership structure, allows them to use resources more efficiently and make decisions faster, GAO said.