Cybersecurity & Tech

What Did Gen. Nakasone Say About Defense Department Operations (Not Just Cyber Operations)?

Herb Lin
Wednesday, March 31, 2021, 8:01 AM

Some notes on a curious comment from Gen. Paul Nakasone, commander of U.S. Cyber Command.

Gen. Paul Nakasone speaks at the Billington International Cybersecurity Summit in Washington, D.C., March 30, 2017. (U.S. Army Cyber Command Photo)

Published by The Lawfare Institute
in Cooperation With

In prepared testimony to the Senate Armed Services Committee on March 25, 2021, Gen. Paul Nakasone, commander of U.S. Cyber Command, stated:

The DoD depends on USCYBERCOM and its performance. Every operational plan and every mission across the Department builds from the assumption that we will be able to assure that the bandwidth and data that military forces require will be accessible and trustworthy.

This might not seem like much, but it is a most interesting statement. It raises a major question: What will happen to U.S. operational plans and missions should the plan-required or mission-required bandwidth and data not be accessible or trustworthy? The answer to this question has implications for all operational plan development and mission planning—not just the cyber aspects but for the kinetic forces and their support elements as well.

Nakasone’s use of “builds from” is ambiguous in this context, and resolving that ambiguity is crucial to understanding the implications of his statement. One interpretation is that it means “depends on”—that is, that the success of every U.S. operational plan and mission depends on the assumption of bandwidth and data accessibility and trustworthiness. A second interpretation is that “builds from” means “starts from”—that is, the formulation of every operational plan and mission starts with the assumption of adequate bandwidth and data, and then addresses backup arrangements for when connectivity and quality of service is degraded or lost entirely.

I certainly hope that this second interpretation is correct—all operational plans and missions should incorporate some kind of backup or fallback plan that describes what will be done when connectivity is degraded. If the first interpretation is correct, we’re hosed. During the coronavirus pandemic, people everywhere have experienced internet glitches in Zoom and Microsoft Teams connections—with connections dropping, participants having to go to audio-only to conserve bandwidth, screens freezing and so on. In doing teleconferences, participants have had to do test calls a day in advance to ensure the connections would work—and even so, they did not work seamlessly on the day of the event. The same basic limitations apply in the operational domain. I’ve personally observed a combat exercise in which the opposing force was told to dial back its cyber activities so that the exercise could proceed—if it had not, the entire exercise would have collapsed shortly after starting. With peer adversaries doing what they can to disrupt the connectivity of U.S. forces, it’s not reasonable to expect a real battle to unfold without experiencing severe glitches.

But if the second interpretation is true, it has one other important implication for planning that goes far beyond cyber issues alone. The “going-in” plan—the plan that assumes connectivity is available—had better call for a serious overmatch to the adversary. That is, the going-in plan should not be one in which the U.S. military is minimally capable of winning—it should be one in which the U.S. military assembles sufficient forces and capability to entirely rout adversary forces, as it did in the two Gulf wars. It should plan for a 90-10 advantage rather than a 55-45 advantage. Indeed, attaining such an overwhelming operational advantage is the main reason for having all that connectivity in the first place. If U.S. forces do have such a margin, a disruption or degradation of connectivity will diminish U.S. advantage significantly, but U.S. forces will still be able to emerge victorious.

So, does that imply that all U.S. operational plans and missions should assume such serious overmatch against our various adversaries? Against small powers, that’s easy to imagine. But against peer competitors such as Russia or China? That’s much harder to imagine, especially since they have the luxury of concentrating their military power regionally and U.S. military power is spread globally.

Details of all operational plans and missions are properly and necessarily classified, keeping them out of the public eye. But those with oversight authority over such plans and missions have a deep responsibility to the American public—and especially to those in uniform—to ensure that these plans and missions are founded on realistic assumptions recognizing that adversaries have some power to render those assumptions unrealistic.

Dr. Herb Lin is senior research scholar for cyber policy and security at the Center for International Security and Cooperation and Hank J. Holland Fellow in Cyber Policy and Security at the Hoover Institution, both at Stanford University. His research interests relate broadly to policy-related dimensions of cybersecurity and cyberspace, and he is particularly interested in and knowledgeable about the use of offensive operations in cyberspace, especially as instruments of national policy. In addition to his positions at Stanford University, he is Chief Scientist, Emeritus for the Computer Science and Telecommunications Board, National Research Council (NRC) of the National Academies, where he served from 1990 through 2014 as study director of major projects on public policy and information technology, and Adjunct Senior Research Scholar and Senior Fellow in Cybersecurity (not in residence) at the Saltzman Institute for War and Peace Studies in the School for International and Public Affairs at Columbia University. Prior to his NRC service, he was a professional staff member and staff scientist for the House Armed Services Committee (1986-1990), where his portfolio included defense policy and arms control issues. He received his doctorate in physics from MIT.

Subscribe to Lawfare