Cyber Warfare and U.S. Cyber Command

An Assessment of U.S. Military Power

Cyber Warfare and U.S. Cyber Command

Jan 24, 2024 23 min read

Getty Images

Cyber Warfare and U.S. Cyber Command

James Di Pane

The world of cyber operations is notoriously secretive. Nevertheless, even a rudimentary understanding of the domain, the threats and opportunities associated with it, and the ability of the Department of Defense (DOD) to protect the U.S. from cyberattack and enable military operations against enemies is of the greatest importance. To supplement the concise overview of military cyber capabilities provided in this discussion, two essays, “National Defense and the Cyber Domain” and “The Reality of Cyber Conflict: Warfare in the Modern Age,” from previous editions of the Index of U.S. Military Strength provide a wealth of information about the cyber domain and how it fits into the world of national defense.1

The vulnerability of allies and the private sector to cyberattacks can lead to complications for the military services that negatively affect the ability of the United States to sustain a war effort, thereby compromising our national security. But the need for cybersecurity goes beyond the Department of Defense alone. In the words of former Assistant Secretary of Defense for Homeland Defense and Global Security Kenneth P. Rapuano:

The increasingly provocative activities of key competitors, such as the NotPetya cyber operation conducted by Russia in February 2018, demonstrate how vulnerable the Department is to attacks against the many non-DoD-owned assets that are nevertheless critical to our ability to execute our missions. These assets include civilian ports, airfields, energy systems, and other critical infrastructure. Vulnerabilities in these areas will likely be targeted by our adversaries to disrupt military command and control, financial operations, the functioning of operationally critical contractors, logistics operations, and military power projection, all without ever targeting the comparatively well-protected DoD Information Network. Any large-scale disruption or degradation of national critical infrastructure represents a significant national security threat.
To address these challenges, the DoD Cyber Strategy directs DoD to strengthen alliances and attract new partners to ensure that we are taking a whole-of-society approach and to enable better security and resilience of key assets….2

The use of cyber as a military tool to target enemy forces and capabilities falls into categories that are similar to those of other military operations.

  • Cyber tools can be used in the form of conventional operations like the operations against the Islamic State that were used to disrupt command and control nodes and the group’s ability to distribute propaganda.3 In this type of campaign, cyber supplements other military capabilities as a way to target enemy forces.
  • Cyber also can take the form of special operations–type activity like the Stuxnet cyber operation against Iran, which could be compared to the U.S. Navy Seal raid to kill Osama Bin Laden.4 In these operations, cyber is used to achieve targeted goals, sometimes in a covert way that, like special operations, falls below the threshold of traditional armed conflict.

In conventional operations, cyber is used to support forces and commanders by ensuring that they can operate uninhibited in cyberspace or by disrupting the enemy’s ability to operate in order to achieve necessary objectives more effectively. In this way, cyber is used to gain an advantage over an adversary in much the same way advantage is sought in the other domains5 (for example, when naval forces restrict the enemy’s ability to use the seas to achieve strategic ends).

Like naval power, cyber is an important means with which to maximize one’s own access and effectiveness while restricting the opponent’s access and effectiveness. However, it differs from other domains in a very important respect: In cyber operations, time and space are incredibly compressed. A cyber force can launch an attack from anywhere in the world and strike very quickly; more traditional forces need time to move, are affected by terrain and weather, and must position themselves physically to launch attacks.

U.S. Cyber Command

U.S. Cyber Command (USCYBERCOM) is a capability-based Unified Combatant Command similar to U.S. Special Operations Command and is the military’s primary organization for both offensive and defensive cyber activity. It is currently commanded by U.S. Army General Paul Nakasone, who serves simultaneously as Director of the National Security Agency (NSA). The two organizations have a close cooperative relationship: The NSA and Cyber Command operate, respectively, under Title 50 and Title 10 of the U.S. Code, the sections that govern intelligence and military affairs.6

U.S. Cyber Command was founded in 2010 as a sub-unified command under U.S. Strategic Command. It was elevated to full Unified Combatant Command status by the Trump Administration in 2018 and reached full operational capability in the same year.7 Over the past approximately 12 years, Cyber Command has grown from a very small organization that was largely dependent on the NSA for personnel and resources into the much more robust and independent organization that exists today.

In FY 2024, CYBERCOM will take on more “Service-like authorities” that “will allow it to deliver priority capabilities with agility and at speed.” Specifically:

In Fiscal Year 2024, USCYBERCOM will assume control of the resources for the Cyber Mission Force cyberspace operations and capabilities. Enhanced budgetary control (EBC) gives USCYBERCOM the ability to directly allocate resources for greater efficiencies during the Department’s programming phase and ensure they remain aligned with priorities through execution. EBC will lead to better alignment between USCYBERCOM responsibilities and authorities for cyberspace operations.8


U.S. Cyber Command has a wide range of missions, from offensive and defensive operations to monitoring DOD networks and assisting with the defense of critical infrastructure. Its primary role is to ensure the DOD’s ability to operate in a world that is increasingly dependent on cyber.

To this end, Cyber Command has three “enduring lines of operation.” As described by General Nakasone, they are to:

  • Provide mission assurance for the Department of Defense (DoD) by directing the operation and defense of the Department of Defense Information Networks (i.e. the DoDIN) and its key terrain and capabilities;
  • Defeat strategic threats to the United States and its national interests; and
  • Assist Combatant Commanders to achieve their missions in and through cyberspace.9

These “lines of operation” are critical to ensuring the success of the military enterprise and national defense, as any compromise in the ability to communicate or operate could jeopardize the full range of U.S. military activities.

A key part of these missions is the concept of “defending forward.” As described in the 2018 DOD Cyber Strategy, “[t]his includes working with the private sector and our foreign allies and partners to contest cyber activity that could threaten Joint Force missions and to counter the exfiltration of sensitive DoD information.”10 According to a fact sheet on the 2023 DOD Cyber Strategy, “the Department recognizes that the United States’ global network of Allies and partners represents a foundational advantage in the cyber domain that must be protected and reinforced.”11

CYBERCOM defines “defending forward” as “actively disrupting malicious cyber activity before it can affect the U.S. Homeland.”12 Passive defense, by contrast, involves monitoring within U.S. networks for intrusions. As noted, in the battlespace, cyber by its very nature compresses time and space, and attacks can emanate from anywhere in the world with similar speed. U.S. forces must therefore engage adversaries in their networks and work to disrupt attacks in their early stages, because it is often too late once the networks have been compromised.

U.S. Cyber Command physically deploys teams abroad to work alongside the cyber forces of partner nations to operate in selected networks.13 Since 2018, U.S. Cyber Command has conducted “Hunt Forward” missions more than 40 times in more than 20 countries.14 The U.S. completed one of these missions in Latvia in May 2023 and discovered malware at the end of a three-month defensive operation.15 Cyber Command also completed its first “Hunt Forward” mission in support of U.S. Southern Command in Latin America in 2023, although it did not disclose which country it supported.16

Cyber and the War in Ukraine

Russia’s invasion of Ukraine is significant for cyber because it shows how cyber can be used in conjunction with conventional military assets. While cyber was largely overshadowed by other aspects of Russia’s invasion like the movements of armor units and use of artillery, the Russians used it throughout as part of their overall war plan. This includes some notable operations that had effects beyond Ukraine. For example:

  • The Russians targeted Viasat, an American satellite communications company that provided support to the Ukrainian military, with malware designed to erase its data before disabling it. Because the Russians did not limit the malware’s scope, it ended up affecting other ground satellite components, causing hundreds of thousands of people outside of Ukraine to lose electrical power and their connection to the Internet.17
  • A cyberattack against the City Council of Odessa, a major Ukrainian port city situated on the Black Sea, was timed to coincide with a cruise missile attack that was meant to disrupt Ukraine’s response to Russian forces attacking in the South.18
  • Cyberattacks have also been launched against many parts of Ukraine’s infrastructure and government and civilian networks, including hospitals.19

These actions show that cyber operations are not limited to the military forces of combatants and, like World War II strategic bombing efforts, often extend to strike at infrastructure and areas of economic significance. The Russians continued to use cyber in Ukraine in 2023, reusing a malware program called Cadet Blizzard in February that was used originally in cyber-attacks in 2020.20

U.S. Cyber Command has provided analytic support and has sought additional ways to support Ukraine. It has deployed cyber teams to support both Ukraine and NATO allies, and those efforts have proved critical to protecting U.S. networks and critical infrastructure as well as those of NATO allies. Specifically, according to General Nakasone:

U.S. Cyber Command (with NSA) has been integral to the nation’s response to this crisis since Russian forces began deploying on Ukraine’s borders last fall. We have provided intelligence on the building threat, helped to warn U.S. government and industry to tighten security within critical infrastructure sectors, enhanced resilience on the DODIN [Department of Defense Information Networks] (especially in Europe), accelerated efforts against criminal cyber enterprises and, together with interagency members, Allies, and partners, planned for a range of contingencies.21


Analyzing the budget for cybersecurity is difficult because of the degree of classification involved, but some data can be tracked with respect to USCYBERCOM and the broader Department of Defense. The Biden Administration’s FY 2024 DOD budget request includes $13.5 billion for “cyberspace activities to defend and disrupt the efforts of advanced and persistent cyber adversaries, accelerate the transition to Zero Trust cybersecurity architecture, and increase defense of U.S. critical infrastructure and defense industrial base partners against malicious cyberattacks.22 The budget requests for FY 2023 and FY 2022, respectively, included $11.2 billion23 and $10.4 billion24 for cyberspace activities.

General Nakasone testified in March 2021 that “USCYBERCOM’s FY21 budget [was] roughly $605 million, which covers the headquarters staff and the Cyber National Mission Force,” and that “27 different components shape the Department’s overall Cyber Activities Budget, which averages about $10 billion a year.”25 Given a 25 percent increase in budget authorities for cyber activities between FY 2021 and FY 2024, the DOD clearly believes that this area of competition is critical to success in defending the U.S. and its interests.


The operational arm of U.S. Cyber Command is its Cyber Mission Force (CMF), and CMF teams are distributed across various mission sets. In 2013, a force of 133 teams with 6,200 personnel was envisioned based on the mission requirements at that time. All 133 CMF teams reached full operational capability in 2018.26

CYBERCOM’s CMF teams are distributed across functional areas. The DOD’s FY 2023 budget overview lists a total of 133 active CFM teams:

  • “13 National Mission Teams to defend the United States and its interests against cyber attacks”;
  • “68 Cyber Protection Teams to defend DoD networks and systems against rapidly evolving- threats and technologies in cyberspace”;
  • “27 Combat Mission Teams to provide support to Combatant Commands by generating integrated cyberspace effects in support of operational plans and contingency operations”; and
  • “25 Support Teams to provide analytic and planning support to National Mission and Combat Mission teams.”27

It further specifies “14 new CMF Teams [to be] created in FY 2022 and FY 2023 to support the Combatant Commanders in Space Operations and for countering cyber influence.”28

The teams are supported by four service components: Army Cyber Command (ARCYBER); Air Force Cyber Command (AFCYBER); Navy Fleet Cyber Command (FLTCYBER); and Marine Corps Forces Cyberspace Command (MARFORCYBER). These four commands, created when U.S. Cyber Command was created, provide the operational forces that make up the teams.

  • ARCYBER supplies 41 teams to the CMF,29
  • AFCYBER supplies 39 teams,30
  • FLTCYBER supplies 40 teams,31 and
  • MARFORCYBER provides 13 teams.32

In April 2022, General Nakasone testified that Cyber Command had “approximately 6,000 Service members, including National Guard and Reserve personnel on active duty” in its 133 teams and was expecting to “grow by 14 teams over the next five years.”33 In March 2023, the Congressional Research Service similarly reported that:

The CMF’s 133 teams comprise approximately 6,000 servicemembers and civilians, including reserve component personnel on active duty. Reportedly, DOD expected the CMF to add 14 more teams to the existing 133 between FY2022 and FY2024, with four teams to be added in FY2022 and five in FY2023. The growth is projected to add about 600 people, a 10% increase, to the CMF. The new CMF teams are to include both civilian and military personnel. Each military service is responsible for recruiting and training their own CMF units. CYBERCOM has reported that it is in the process of centralizing advanced cyber training, with the Army serving as the executive agent.34

In addition, there is the Cyber Excepted Service (CES), “a DOD enterprise-wide personnel system for managing defense civilians in the cyber workforce.”

Congress established the authorities for this system as part of the FY2016 NDAA, and these provisions provide DOD with flexible tools to attract and retain civilians with cyber skills. Prior to this law’s enactment a majority of cyber positions were in the competitive service; certain existing competitive service employees were offered the opportunity to convert to CES. The DOD Chief Information Officer (CIO) is responsible for developing CES policy and providing recommended policy issuances to the Undersecretary of Defense for Personnel and Readiness. According to the DOD CIO’s office, as of September 2022 there were 15,000 department employees in the CES, and the Department planned to expand the number of CES positions in coming years.35

Recruiting and retaining cyber talent is one of the key challenges for U.S. Cyber Command, which has invested in retention and incentive programs in an effort to keep the talent it cultivates. The high demand for cyber personnel in the private sector makes this challenge a difficult one.


As noted at the outset, the world of cyber operations is notoriously secretive, and much is classified. Thus, analyzing USCYBERCOM’s capability as reflected in open-source (unclassified) literature is nearly impossible. However, the United States is viewed as one of the world’s most capable cyber actors—an assessment that is based on its wide range of infrastructure and strategies and the advanced technologies that the U.S. is known to employ.36


Because of the lack of open-source reporting, it also is nearly impossible to assess the readiness of America’s cyber forces. The U.S. Government Accountability Office has identified some issues of training consistency in the past.37 Standardizing and improving training is one of the main priorities for U.S. Cyber Command, along with retaining its talent, and both are critical to maintaining readiness.


Cyber is a key domain for the U.S. military. It also is increasingly important in the modern world generally. As seen in the various breaches and ransomware attacks that have come to light, cybersecurity for defense extends well beyond the Department of Defense. For the Joint Force, cyber supports military capabilities by ensuring that U.S. forces can operate in cyberspace without disruption, by making it difficult for enemies to conduct their own operations, and by conducting independent operations against targets as directed to achieve specified goals.

Within the DOD, U.S. Cyber Command bears the primary responsibility for the full spectrum of military cyber operations. Having reached its authorized manning levels, USCYBERCOM has shifted its focus to training the force to ensure that it will be as capable as possible in helping to advance and protect the nation’s interests.


[1] See G. Alexander Crowther, “National Defense and the Cyber Domain,” in 2018 Index of U.S. Military Strength, ed. Dakota L. Wood (Washington: The Heritage Foundation, 2018), pp. 83–97,, and Paul Rosenzweig, “The Reality of Cyber Conflict: Warfare in the Modern Age,” in 2017 Index of U.S. Military Strength, ed. Dakota L. Wood (Washington: The Heritage Foundation, 2016), pp. 31–40,

[2] Kenneth Rapuano, Assistant Secretary of Defense for Homeland Defense and Global Security and Principal Cyber Advisor, statement before the Subcommittee on Intelligence and Emerging Threats and Capabilities, Committee on Armed Services, U.S. House of Representatives, March 4, 2020, p. 13, (accessed July 31, 2023).

[3] Dina Temple-Raston, “How the U.S. Hacked ISIS,” NPR, September 26, 2019, (accessed July 31, 2023).

[4] Crowther, “National Defense and the Cyber Domain,” 2018 Index of U.S. Military Strength, p. 88.

[5] U.S. Department of Defense, Joint Chiefs of Staff, Joint Publication 3-12, Cyberspace Operations, June 8, 2018, p. I-8, (accessed July 31, 2023).

[6] See U.S. Code Title 50, (accessed July 31, 2023), and U.S. Code Title 10, (accessed July 31, 2023).

[7] U.S. Cyber Command, “About: Our History,” (accessed July 31, 2023).

[8] General Paul M. Nakasone, Commander, United States Cyber Command, posture statement before the Committee on Armed Services, U.S. Senate, March 7, 2023, p. 5, (accessed July 31, 2023).

[9] General Paul M. Nakasone, Commander, United States Cyber Command, posture statement before the Committee on Armed Services, U.S. Senate, March 25, 2021, p. 1, (accessed July 31, 2023).

[10] U.S. Department of Defense, “Summary: Department of Defense Cyber Strategy, 2018,” p. 4, (accessed July 31, 2023).

[11] U.S Department of Defense, “Fact Sheet: 2023 DoD Cyber Strategy,” p. 1, (accessed July 31, 2023). Emphasis in original. See also news release, “DOD Transmits 2023 Cyber Strategy,” U.S. Department of Defense, May 26, 2023, (accessed July 31, 2023).

[12] U.S. Department of Defense, “Fact Sheet: 2023 DoD Cyber Strategy, p. 1.

[13] News release, “U.S. Conducts First Hunt Forward Operation in Lithuania,” U.S. Cyber Command, Cyber National Mission Force, May 4, 2022, (accessed July 31, 2023).

[15] Colin Demarest, “US Cyber Team Unearths Malware During ‘Hunt-Forward’ Mission in Latvia,” Defense News, May 10, 2023, (accessed July 31, 2023).

[16] Mark Pomerleau, “Cyber Command Conducts ‘Hunt Forward’ Mission in Latin America for First Time, Official Says,” DefenseScoop, June 8, 2023,,malicious%20activity%20on%20their%20networks (accessed July 31, 2023).

[17] Stavros Atlamazoglou, “Cyberattacks Quietly Launched by Russia Before Its Invasion of Ukraine May Have Been More Damaging than Intended,” Business Insider, May 18, 2022, (accessed July 31, 2023).

[18] Yurii Shchyhol, “Vladimir Putin’s Ukraine Invasion Is the World’s First Full-Scale Cyberwar,” Atlantic Council Ukraine Alert, June 15, 2022, (accessed July 31, 2023).

[19] Ibid.

[20] Tom Burt, “Ongoing Russian Cyberattacks Targeting Ukraine,” Microsoft on the Issues, June 14, 2023,,IT%20service%20providers%20in%20Ukraine (accessed July 31, 2023).

[21] General Paul M. Nakasone, Commander, United States Cyber Command, posture statement before the Committee on Armed Services, U.S. Senate, April 5, 2022, p. 3, (accessed July 31, 2023).

[22] U.S. Department of Defense, Office of the Under Secretary of Defense (Comptroller)/Chief Financial Officer, United States Department of Defense Fiscal Year 2024 Budget Request: Defense Budget Overview, March 2023, p. 1-5, (accessed July 31, 2023).

[23] U.S. Department of Defense, Office of the Under Secretary of Defense (Comptroller)/Chief Financial Officer, United States Department of Defense Fiscal Year 2023 Budget Request: Defense Budget Overview, April 2022, p. 2-10, (accessed July 31, 2023).

[24] U.S. Department of Defense, Office of the Under Secretary of Defense (Comptroller)/Chief Financial Officer, United States Department of Defense Fiscal Year 2022 Budget Request: Defense Budget Overview, May 2021, p. 3-4, (accessed July 31, 2023).

[25] Nakasone, posture statement before Senate Armed Services Committee, March 25, 2021, p. 4.

[26] News release, “Cyber Mission Force Achieves Full Operational Capability,” U.S. Cyber Command, May 17, 2018, (accessed July 31, 2023).

[27] U.S. Department of Defense, Office of the Under Secretary of Defense (Comptroller)/Chief Financial Officer, United States Department of Defense Fiscal Year 2023 Budget Request: Defense Budget Overview, p. 2-13. Punctuation as in original. The FY 2024 budget overview does not include a similar enumeration.

[28] Ibid.

[29] Fact sheet, “Cyber Mission Force,” U.S. Army Cyber Command, September 1, 2002, (accessed July 31, 2023).

[30] News release, “CYBER 101—Sixteenth Air Force (AFCYBER),” U.S. Cyber Command, November 22, 2022, (accessed July 31, 2023).

[31] News release, “CYBER 101: US Fleet Cyber Command (FCC),” U.S. Cyber Command, December 20, 2022, (accessed July 31, 2023).

[32] News release, “CYBER 101: US Marine Corps Forces Cyberspace Command (MARFORCYBER),” U.S. Cyber Command, December 27, 2022, (accessed July 31, 2023).

[33] Nakasone, posture statement before Senate Armed Services Committee, April 5, 2022, p. 2. General Nakasone’s March 7, 2023, does include similar specific data.

[34] Kristy N. Kamarck and Catherine A. Theohary, “FY2023 NDAA: Cyber Personnel Policies,” Congressional Research Service Report for Members and Committees of Congress No. R47270 updated March 6, 2023, pp. 1–2, (accessed July 31, 2023). Footnotes omitted.

[35] Ibid., p. 2.

[36] International Institute for Strategic Studies, The Military Balance 2021: The Annual Assessment of Global Military Capabilities and Defence Economics (London: Routledge, 2021), pp. 503–506.

[37] U.S. Government Accountability Office, DOD Training: U.S. Cyber Command and Services Should Take Actions to Maintain a Trained Cyber Mission Force, GAO-19-362, March 2019, (accessed July 31, 2023).