Content, Breach

NSA May Spin Off U.S. Cyber Command for Cyberwarfare

Credit: U.S. Cyber Command

It looks like U.S. Cyber Command, currently part of the National Security Agency (NSA), may soon spin off and become its own military command. The forthcoming move, according to the Associated Press, will intensify "America's ability to wage cyberwar against the Islamic State group and other foes."

While the NSA will remain responsible for monitoring and collecting telephone, Internet and other intelligence data from around the world, the new stand-alone U.S. Cyber Command will be able to wage war in cyber space -- similar to how the U.S. Army, Navy, Air Force and Marines can wage war in the physical world, the report said. Cyber Command, created in 2009, has been headed by the Director of the NSA since its inception, WikiPedia notes. While originally created with a defensive mission in mind, it has increasingly been viewed as an offensive force, the site says.

Ironically, U.S. Cyber Command (USCYBERCOM) could be forced to wage war against hacker tools allegedly created by NSA. Indeed, some recent cyberattacks -- particularly the WannaCry ransomware outbreak -- have involved software hacking tools that were allegedly stolen from the NSA. The tools allegedly were stolen and weaponized by such groups as the Shadow Brokers.

U.S. Cyber Command: Out Gunned?

The U.S. Cyber Command operation has about 700 military and civilian employees, AP estimates, with a proposed budget of $647 million, up 16 percent from this year. Admittedly, those numbers seem paltry in a world where companies like Microsoft spend $1 billion or more on cybersecurity R&D each year.

Still, there are cybersecurity professionals scattered across the U.S. Army, Navy, Air Force and Marines -- including 133 teams with roughly 6,200 personnel, AP estimates.

It's unclear how soon and how aggressively the U.S. Cyber Command operation will spin off from NSA and ramp up on its own, the report said.

Cyberwarfare Requires Digital Geneva Convention

Meanwhile, technology companies have been calling on governments to rethink the way they stockpile digital vulnerabilities that can become digital weapons.

Microsoft President Brad Smith
Brad Smith

Indeed, governments "need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world," Brad Smith, president and chief legal officer, Microsoft, wrote shortly after the WannCry attacks. "We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits."

Reinforcing that mindset, Microsoft has called on governments to embrace a “Digital Geneva Convention” to help govern cyber issues -- including a requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them, Smith wrote.

With or without digital rules for cyberwarfare, it looks like U.S. Cyber Command will potentially gain more autonomy in the months to come.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.