The head of U.S. Cyber Command told Congress on Tuesday that his command should be elevated to become its own unified combatant command, a move that would make it one of the most powerful institutions in the Defense Department.
The idea of upgrading CYBERCOM has been discussed inside the Pentagon for months and the comments from Adm. Michael Rogers, the CYBERCOM commander, signals that senior military leaders may be nearing a final decision on the matter.
"A combatant commander designation would allow us to be faster, which would generate better mission outcomes,” Rogers told the Senate Armed Services Committee.
“I would also argue that the department's processes of budget prioritization, strategy and policy are all generally structured to enable direct combatant commander input into those processes. That's what they're optimized for. I believe that cyber needs to be a part of that direct process,” Rogers said.
Created in 2009, CYBERCOM is subordinate to U.S. Strategic Command, which oversees the nation’s nuclear arsenal. There are nine unified combatant commands, many of them based on geographical areas, which form the basic structure for how the president executes command and control over military forces.
Defense Secretary Ash Carter may make a formal recommendation about elevating CYBERCOM as part of his review for broader reform of the 1986 Goldwater-Nichols law which delineates key aspects of the military’s chain of command, said Sen. Jack Reed, a Democrat from Rhode Island.
The military services are more than halfway through their effort to man, train and equip 133 operational teams and a total of about 6,200 cyber warriors by September 2018.
For now there are 27 teams that are fully operational and 68 that have attained initial operational capability, Rogers said.
In all there are 100 teams conducting cyberspace operations today, Rogers said. The demand for cyber warfare capabilities has been so high that even teams that are not officially operational are contributing to the mission.
Those cyber warriors are well-trained, but in short supply, Rogers said.
“In the two years I've been in command, I have yet to run into a situation where we didn't have the skill set to apply against the problem, but the challenge at the moment … [is] that skill set is embodied in an incredibly small number of people,” Rogers said.
Rogers’ comments came one day after the Government Accountability Office issued a report saying the Pentagon does not have a clear chain of command for responding to a massive cyber attack on domestic targets in the United States.
While some Defense Department documents say that U.S. Northern Command would have primary responsibility for supporting civilian agencies in such an event, other documents suggest U.S. Cyber Command should be leading that effort, GAO found, according to the report published Monday.
In the event of an attack on the nation's electrical grid or financial system, for instance, the Defense Department would be expected to back up the U.S. Department of Homeland Security. Yet, the Pentagon has no clear rules in place for how that might play out.
“This absence has caused uncertainty about who in DoD would respond to support civil authorities in a cyber incident, and how they would coordinate and conduct such a response,” according to the GAO report. “The designation of cyber roles and responsibilities in DoD guidance is inconsistent."