In the year since the US Cyber Command was elevated to a unified combatant command there has been an “increase in clarity” on the US cyber strategy, specifically on the Department of Defense’s role, and an “alignment in the law,” US Air Force Brig. Gen. Timothy D. Haugh, commander, Cyber National Mission Force at US Cyber Command, said in Washington on April 23.
“What we are focused on in terms of military activities in cyberspace is…not about what the Department of Defense’s role is, it’s how can we enable our international partners, our domestic partners, and industry to be able to defend those things that are critical to our nation’s success,” said Haugh.
“As you think about the United States Cyber Command…think of us as a teammate, think of us as a close partner and someone that is most interested in defending the critical infrastructure of the United States,” he added.
Haugh spoke at the 8th annual International Conference on Cyber Engagement, co-hosted by the Atlantic Council’s Scowcroft Center for Strategy and Security in partnership with Dentons, PKO Bank Polski, and Texas A&M University.
Haugh said US Cyber Command’s mission is focused on malicious cyber actors through three lines of effort.
The first, said Haugh, is “gaining insights into adversary activities” to get a better understanding of what US adversaries are targeting, including critical infrastructure in the United States. Toward this end, US Cyber Command’s partnership with the National Security Agency (NSA) is critical. The NSA is “our closest and enduring partner in terms of understanding what is occurring in the battlespace that we operate in,” said Haugh.
The second line of effort aims to enable partners. “We spend a significant portion of each of our task force’s time identifying who are the most critical partners based off the critical infrastructure segments or in relation to adversary activity and what is being targeted within the United States or within our allies,” said Haugh.
Citing an example of this activity, he said US Cyber Command has moved toward the “defend forward model” and is partnering with other nations to hunt for adversary activity on their networks. “The intent for that is to challenge our adversaries… to gain insights into how they are targeting the critical processes of our allies and our partners,” he said, adding that this information is then shared with the Department of Homeland Security and the Federal Bureau of Investigation (FBI).
As an example, he said, when malware is discovered it is disclosed on global cybersecurity forums to allow industry to quickly generate countermeasures. “That’s an area we want to continue to explore as to what is the right role of the department in terms of our relationship with industry, how we pass information in the most agile and quickest manner in order to be able to put additional pressure on adversaries who are targeting our critical infrastructure,” said Haugh.
The third line of effort, said Haugh, “is to be prepared to act; to be able to impose a cost.”
In his remarks, Haugh noted significant changes in US cyber strategy over the past year. May 4 will mark one year since US Cyber Command was elevated to a unified combatant command. This elevation came in response to an increase in cybersecurity threats, recognized in the Department of Defense’s National Defense Strategy. Additionally, the Cyber Strategy published by the Department of Defense in 2018 identified threats from Russia, China, Iran, and North Korea.
The Cyber Strategy directs the Department of Defense to “defend forward, shape the day-to-day competition, and prepare for war by building a more lethal force, expanding alliances and partnerships, reforming the Department, and cultivating talent, while actively competing against and deterring our competitors.”
Haugh explained that the “ability to partner across all of the elements within cyberspace is a critical enabler for all of us—whether that be an international partner that faces the same threats to democracy, whether that’s an industry partner… or it’s another US government element.”
He said he has seen significant progress as a result of the shift in the strategy that has “allowed us to begin to align the force.”
Besides changes in strategy there have been some important changes to the law. These changes “send a very clear signal from Congress as its expectations for the Department of Defense,” said Haugh.
Some of these changes include an update to the law that affirmed the authority of the secretary of defense to conduct military activities and operations in cyberspace; an articulation of Congress’ desire for the Department of Defense to be part of an inter-agency effort to defend against cyberattacks by Russia, China, North Korea, and Iran; and an authorization of a Department of Defense pilot program to enhance cyber security and resiliency, specifically giving the secretary of defense the authority to deploy fifty military personnel to work with the Department of Homeland Security to be able to better defend critical infrastructure.
On the last point, Haugh cited the support provided by US Cyber Command to the Department of Homeland Security around the midterm elections in 2018.
The Washington Post reported in February that US Cyber Command had blocked Internet access to a Russian troll farm—the St. Petersburg-based Internet Research Agency (IRA)—on the day of the midterm elections to prevent the IRA from meddling. “They basically took the IRA offline,” a source told the Post on the condition of anonymity.
While neither confirming nor denying the report, Haugh said: “What the nation expects of the Department of Defense is to be prepared to take action when called upon.”
“If we are called upon to defend the critical infrastructure of the United States, we will be ready to do that,” he said.
Ashish Kumar Sen is deputy director of communications, editorial, at the Atlantic Council. Follow him on Twitter @AshishSen.