Allied Cyber Armies

UNITED STATES

The United States Army Cyber Command directs and conducts integrated electronic warfare, information and cyberspace operations as authorized, or directed, to ensure freedom of action in and through cyberspace and the information environment, and to deny the same to its adversaries.

Army Cyber is the Army service component command supporting U.S. Cyber Command.

All 41 of the Active Army’s cyber mission force teams reached full operational capability (FOC) by September 2017.^[6] The cyber mission force teams are composed of a defensive component, denoted cyber protection teams (CPTs), and an offensive component. In addition, 21 CPTs are being readied in the Reserve component.^[6] Initial operational capability (IOC) for some of the cyber protection teams was attained as early as 2014 during DoD missions.^[6]

The Army achieved an initial cyber operating capability in October 2009 by employing the Army Space and Missile Defense Command/Army Forces Strategic Command (USASMDC/ARSTRAT) supported by NETCOM/9thSC(A), 1st IO CMD (L) and INSCOM. The command was originally announced to be named Army Forces Cyber Command (ARFORCYBER).^[7] The command was established on 1 October 2010 with the name Army Cyber Command (Army Cyber), commanded by then-Maj. Gen. Rhett A. Hernandez.^{[11][12][13][14]} There are plans for the command to move to Fort Gordon, in Augusta, Georgia home of the United States Army Cyber Center of Excellence, the U.S. Army Cyber Corps and Signal Corps.^[15]

UNITED KINGDOM

The UK Government acknowledged the growing threat to our national stability, security, and prosperity from actions occurring in and from cyberspace in 2015 through the UK National Security Strategy and Strategic Defence Review. Their national cyber capability supports its strategic goals through three key activities: preventing conflict and threats from materializing; safeguarding the UK and its overseas territories from attack, particularly (but not exclusively) in, and through, cyberspace; and rapidly and nimbly projecting influence and power, either from the UK directly or as part of an expeditionary operation.

FRANCE

“Cyber warfare has begun and France must be ready to fight it,” Florence Parly, the French minister for the armed forces, declared on Jan. 18. Parly was introducing the new French Military Cyber Strategy, which consists of two separate documents: the Ministerial Policy for Defensive Cyber Warfare (hereafter the Ministerial Policy) and the Public Elements for the Military Cyber Warfare Doctrine (hereafter the Public Elements). Together, these documents outline the French Ministry of Defense’s (ministère des Armées) doctrine on lutte informatique défensive et offensive, or defensive and offensive cyber warfare.

Cyber defense in general is the responsibility of the director general of the ANSSI, or National Cybersecurity Agency of France, while the commander of cyber defense (COMCYBER) is exclusively in charge of the Ministry of Defense’s cyber defense. The new documents deal with military cyber strategy and thus apply only to the ministry’s efforts to protect itself against attacks. Thus, it appears the doctrine does not apply to cyber operations led by intelligence services.

GERMANY

The Cyber and Information Domain Service (German: Cyber- und Informationsraum, German pronunciation: [ˈsaɪ̯bɐ ʊnt ɪnfɔʁmaˈt͡si̯oːnsˌʁaʊ̯m] (listen); CIR) is the youngest branch of Germany’s military, the Bundeswehr. The decision to form a new military branch was presented by Defense Minister Ursula von der Leyen on 26 April 2016, becoming operational on 1 April 2017. The headquarter of the Cyber and Information Domain Service is Bonn.^[3]

ISRAEL

Unit 8200 (Hebrew: יחידה 8200, Yehida shmone -Matayim– “Unit eight – two hundred”) is an Israeli Intelligence Corps unit of the Israel Defense Forces responsible for clandestine operation, collecting signal intelligence (SIGINT) and code decryption, counterintelligence, cyberwarfare, military intelligence, and surveillance. Military publications include references to Unit 8200 as the Central Collection Unit of the Intelligence Corps, and it is sometimes referred to as Israeli SIGINT National Unit (ISNU).^[1] It is subordinate to Aman, the military intelligence directorate.

The unit is composed primarily of 18–21 year olds. As a result of the youth of the soldiers in the unit, and the shortness of their service period, the unit relies on selecting recruits with the ability for rapid adaptation and speedy learning.^[2] Afterschool programs for 16–18 year olds, teaching computer coding and hacking skills, also serve as feeder programs for the unit.^[3] Former Unit 8200 soldiers have, after completing their military service, gone on to founding and occupying top positions in many international IT companies and in Silicon Valley.^[3][4]

According to the Director of Military Sciences at the Royal United Services Institute, “Unit 8200 is probably the foremost technical intelligence agency in the world and stands on a par with the NSA in everything except scale.”^[5]

Special mention: NATO

NATO and its Allies rely on strong and resilient cyber defences to fulfil the Alliance’s core tasks of collective defence, crisis management and cooperative security. The Alliance needs to be prepared to defend its networks and operations against the growing sophistication of the cyber threats it faces.

• Cyber defence is part of NATO’s core task of collective defence.
• NATO Allies have affirmed that international law applies in cyberspace.
• NATO’s main focus in cyber defence is to protect its own networks, operate in cyberspace (including through the Alliance’s operations and missions), help Allies to enhance their national resilience and provide a platform for political consultation and collective action.
• In July 2016, Allies reaffirmed NATO’s defensive mandate and recognised cyberspace as a domain of operations in which NATO must defend itself as effectively as it does in the air, on land and at sea.
• Allies also made a Cyber Defence Pledge in July 2016 to enhance their cyber defences, and have continued to bolster their national resilience as a matter of priority.
• NATO reinforces its cyber capabilities, including through education, training and exercises.
• Allies are committed to enhancing information-sharing and mutual assistance in preventing, mitigating and recovering from cyber attacks.
• NATO Cyber Rapid Reaction teams are on standby 24 hours a day to assist Allies, if requested and approved.
• At the 2018 NATO Summit in Brussels, Allies agreed to set up a Cyberspace Operations Centre as part of NATO’s strengthened Command Structure. They also agreed that NATO can draw on national cyber capabilities for operations and missions.
• In February 2019, Allies endorsed a NATO guide that sets out a number of tools to further strengthen NATO’s ability to respond to significant malicious cumulative cyber activities.
• NATO and the European Union (EU) are cooperating through a Technical Arrangement on Cyber Defence, which was signed in February 2016. In light of common challenges, NATO and the EU are strengthening their cooperation on cyber defence, notably in the areas of information exchange, training, research and exercises.
• NATO is intensifying its cooperation with industry through the NATO Industry Cyber Partnership.
• At the 2021 NATO Summit in Brussels, Allies endorsed a new Comprehensive Cyber Defence Policy, which supports NATO’s core tasks and overall deterrence and defence posture to enhance further the Alliance’s resilience.
• Allies are using NATO as a platform for political consultation, sharing concerns about malicious cyber activities and exchanging national approaches and responses, as well as considering possible collective responses. 
• Allies are promoting a free, open, peaceful and secure cyberspace, and pursuing efforts to enhance stability and reduce the risk of conflict by supporting international law and voluntary norms of responsible state behaviour in cyberspace.