Byte, With, and Through: How Special Operations and Cyber Command Can Support Each Other
At first glance, special operations and cyber operations may seem worlds apart from each other. However, Special Operations Command and Cyber Command share global areas of responsibility with missions that span the gap between peacetime and war. The Department of Defense is already taking incremental steps to combine special operations forces and cyber capabilities. On a site visit to Afghanistan in 2019, former Special Operations Command commander General Richard Clarke noted that 60 percent of the special operations community’s focus was now on “working in the information space,” a dramatic change from the 90 percent focus on kinetic operations he observed between 2002-2011. Meanwhile, in 2016, Cyber Command hackers took down media servers and online networks in support of a campaign to defeat the Islamic State largely led by special operations forces.
But despite these successes, the former commander of U.S. forces in Iraq and Syria, General Stephen Townsend, acknowledged that “[w]e are going to have to do better.” Left with a bloated Special Operations Command numbering 70,000 people after 20 years of counterterrorism operations, the Pentagon must make the tough calls about what to prioritize during the shift to peer competition. Here, greater cooperation between U.S. Special Operations Command and U.S. Cyber Command would help. Both commands can draw heavily from a foundation of existing capabilities and structures, while also creating a focal point for cooperation with electronic warfare and space capabilities. To achieve these benefits, the military should develop easier-to-deploy cyber units, enhance the role of special operations forces in enabling cyber operations, and integrate cyber warfare into special operations forces advising missions. Organizationally, this could be facilitated by creating a special operations structure dedicated to supporting the U.S. offensive cyber and information warfare missions, as well as expanding special operations cyber training pipelines, and incorporating special operations expertise into cyber capacity building with U.S. partners.
Bringing Cyber to the Front Lines
The Army is already making strides to position specialized cyber and electronic warfare units on the front lines as part of an ongoing drive to integrate the special operations, cyber, and space capabilities triad. Army scholars have highlighted existing expertise in these areas in the Special Mission Units, but this capability should be increased in scale and better integrated with mission planners. In 2019, a new Army Cyber Command (ARCYBER) created the 915th Cyber Warfare Battalion as part of a pilot program “to build tactical, on-the-ground cyber and electromagnetic teams to augment units with cyber, electronic warfare and information operations capabilities.” The Army plans to create 12 expeditionary cyber and electromagnetic activities teams by 2026 that “will help plan tactical cyberoperations for commanders and conduct missions in coordination with deployed forces.”
Though these units are in the early stages of their development, the potential benefits of operating alongside special operations forces are promising. Recently, the 915th tested its ability to gain access to “Internet of Things” devices inside a house containing mock terrorists to gather intelligence and potentially create effects to drive out the group. Expeditionary cyber operators achieved this by gaining proximal access to the target house from a nearby office in Maryland. This sort of operation is reminiscent of an attempted Russian intelligence close-access operation conducted from a car in The Hague to gain access to the Organization for the Prohibition of Chemical Weapons’ networks in 2018. For operations like this, special operations forces could play a vital role in providing access to a target. The U.S. Government has discussed using human intelligence-enabled technical operations “to seize collection opportunities in the rapidly emerging high-tech environment.” Planners will have to balance the risk calculus of placing individuals in harm’s way with the potential for unique capabilities in contested areas that would threaten more traditional platforms.
In parallel, Special Operations Command is increasing its efforts to operate effectively in the information domain. It has requested Congress more than double its “next-generation effects” budget for FY22 to $36 million to augment cyber, electronic attack, and directed-energy capabilities. The types of operations tested by the 915th Cyber Warfare Battalion could prove invaluable to information gathering on terrorist networks. When compared to on-site exploitation, proximal cyberoperations could potentially reduce the risk to special operations forces, who would help establish access to networks that Cyber Command could later exploit. With effective coordination, the ability of Special operations forces to operate in contested or denied environments would amplify the effectiveness of cyberoperations, electronic warfare, and psychological operations.
Fusing special operations and cyber with broader U.S. information warfare efforts could also provide significant force multiplying effects during conflict. Employing cyberattacks as part of an information warfare strategy in conjunction with influence operations and electronic weapons would amplify their impact. Cyberoperations and electronic weapons could disrupt communications networks and portions of the electromagnetic spectrum alongside direct action missions against supply lines in order to create chaos. Special Operations Command recently released an open call for industry partners to submit proposals for “Next Generation [Intelligence, Surveillance and Reconnaissance]” capabilities and “Next Generation Effects”, specifically for use in areas where the U.S. lacks air dominance. In addition to cyber tools to exploit the Internet of Things and mobile devices, this could include “cyber payloads with deny, disrupt, degrade, or destroy capabilities that are able to be employed to both networked and air-gapped computer devices and systems.” These capabilities would position special operations forces as a key enabler of U.S. cyberattack capabilities and position the U.S. to create cascading effects against an adversary.
Integrating Special Operations and Cyber Units
To this end, Special Operations Command should also leverage its network of psychological operations, now called Military Information Support Operations, and Civil Affairs units, to work with Cyber Command to develop front-line cyber capabilities. A good starting point would be the creation of a Theater Special Operations Command under Cyber Command to provide consistent coordination and support to cyber and information operations, and develop specialized cyber training pipelines for special operations forces and their cyber counterparts. While broader reductions in Theater Special Operations Command funding may complicate implementation, a relatively small “Special Operations Command, Cyber (SOCCYBER)” could provide benefits that cross the borders of the geographic combatant commands. Much like Special Operations Command provides special operations forces to the commander of European Command via Special Operations Command, Europe (SOCEUR), the same can be done for the commander of the National Security Agency and Cyber Command. This would formally align special operations forces with Cyber Command objectives and provide its commander an organic special operations capability. A “Special Operations Command, Cyber” would provide Cyber Command with more tools against adversaries and enable them to respond more quickly. Less specialized personnel could be called upon to augment missions as required, but a Special Operations Command, Cyber would provide a central cadre of expertise for special operations support to Cyber Command.
To facilitate cooperation most effectively, the Department of Defense will have to close the distance between its special and cyber forces while recognizing the limitations of both communities. Army Cyber Command’s exercise flagged a potential hurdle in developing this concept: balancing physical and technical personnel requirements. To operate alongside special operations forces, personnel must have both the technical skills to conduct cyberoperations and meet the physical requirements. Special Operations Command’s specialized training pipelines could help overcome technical and physical limitations in each community. This shift in training priorities would better integrate special operations forces with Cyber Command personnel in order to overcome the inevitable growing pains of combining different levels of specialization and experience.
The U.S. should also consider leveraging special operation forces’ expertise in security force assistance to further develop partner cyber capabilities, including through Cyber Command’s Hunt Forward initiative. Security force assistance is a cornerstone of U.S. support to allies and partners, like Ukraine, the Baltic states, and Taiwan. Cyber Command and a more specialized, still nonexistent cyber incarnation of the Army’s conventional Security Force Assistance Brigade units could provide significantly more overt cyber capacity to partner forces. Special operations forces, in turn, could provide at-risk allies and partners more discrete support, helping incorporate cyber capabilities into an envisioned resistance operating concept. This support would focus on establishing common operating languages and techniques so that U.S forces could operate effectively with local resistance networks. In seeking to develop resistance capabilities to sustain drawn-out insurgencies across multiple domains, Special Operations Command and Cyber Command could engage partners with commercial-off-the-shelf tools as appropriate. Special operations forces could serves as valuable interlocutors in helping Cyber Command engage with host nation hackers and could serve as an important element of broader resistance. While the intent of integrating Special Operations Command is not to match Cyber Command’s capabilities or expertise, it does position Special Operations Command to complement Cyber Command’s Hunt Forward cyber security force assistance mission.
There is a growing need for flexible, low-profile capabilities to identify and disrupt adversary activities short of war. Greater cooperation between Special Operations Command and Cyber Command will help each command fulfill its traditional missions more efficiently and create novel options for U.S. policymakers. A special operations component more closely integrated with Cyber Command operations and priorities would provide quick and flexible military options its currently lacks. Special Operations Command also has the flexibility to operate across the dual hat arrangement between Cyber Command and the National Security Agency. Implementing any of these changes would require overcoming resourcing, staffing, and training challenges, but would enable the U.S. military to field a potentially decisive force over multiple domains. Integrated cyber and special operations capabilities are achievable in the near term and would be a significant force multiplier for the U.S. military, intelligence community, and foreign partners across all levels of competition.
Josh Golding is a Masters in Public Policy candidate at Yale University’s Jackson School of Global Affairs. He previously served as a cyber analyst for the U.S. Department of Defense. The views expressed here are the author’s alone.