San Francisco ― The RSA Conference ― The four pioneers most instrumental in the creation of the United States Cyber Command (USCYBERCOM) 15 years ago—the Four “Horsemen”—assembled at the Moscone Center on Wednesday, having come together to publicly discuss the origins of the organization for the first time. During their keynote session, which traced the development of USCYBERCOM, they frequently used words like “narratives” and “storyboards,” terms not commonly associated with cybersecurity.
General Paul Nakasone, former Commander of USCYBERCOM who retired in February, was joined on stage at the RSA Conference by Vice Admiral Timothy “TJ” White, former Commander of U.S. Fleet Cyber Command and the Cyber National Mission Force. Also participating were Lieutenant General Stephen Davis, Inspector General of the Department of the Air Force, overseeing the Defense Cyber Crimes Center (DC3), and Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA). Together, they engaged in a panel discussion in the presence of the audience who had gathered to hear them speak.
USCYBERCOM was born out of a significant security breach in 2008, described as the “worst military breach in U.S. history.” That year, a USB flash drive loaded with malicious code, found in a parking lot in Afghanistan, was carelessly connected to a computer linked to the U.S. Central Command. This act compromised both classified and unclassified networks of the defense organization and resulted in data being siphoned off to foreign entities. The breach was only publicly acknowledged four months later. The Pentagon then spent nearly 14 months eradicating the worm from its networks through an operation dubbed “Buckshot Yankee.” This incident, which was later attributed to Russian intelligence services, prompted the establishment of USCYBERCOM within the Pentagon in 2010.
“Everything started to accelerate after the mitigation was done, and we started talking about ‘what do we do about this going forward?’ This was really the reason for US Cyber Command,” said Nakasone, recounting the massive military breach in 2008. When asked about what it was like to be in the crisis, the former commander told the audience that “It was trying to understand the scope of the problem. It was very, very senior people asking very, very basic questions like ‘how many computers are impacted?’ or ‘where did they come from?’ or ‘what can we do about it?'”
Lieutenant General Davis added, “We could not answer the question of ‘how many computers are on the SIPRNet (Secret Internet Protocol Router Network)?’ So, there were those basic questions, and there was this realization that we didn’t really understand the system as well as we should have.” SIPRNet is a computer network system utilized by the U.S. Department of Defense (DoD) and the U.S. Department of State for sharing classified information.
The sense of crisis at the time was further shared by Vice Admiral White. “Four stars, senior civilians, and commanders relied on these networks to do every bit of all the business in the mission. The thing they perhaps did not really think about was protecting them from compromise. When you talk about the DoD, which is global 24-7-365 everywhere, that is unsettling at the minimum.”
CISA Director Jen Easterly shared anecdotes from 2007, during the Iraq War, which underscored the need for a national cyber strategy among U.S. high-level officials. She referenced “RT10” (Real Time 10), a mission that aimed to enhance capabilities, later renamed “RTRG” (Real Time Regional Gateway). A document leaked by Edward Snowden, initially highly classified, described RT10 as a “very high-priority initiative” at the National Security Agency (NSA) in 2007. Its goal was to deliver “essential NSA cryptologic capabilities to the military front lines in seconds and minutes, rather than hours or days.”
Director Easterly elaborated on the mission’s objectives, stating, “What it was supposed to do was to take all the communications that insurgents were using in operationalizing attacks, whether that be a satellite or a cell phone, integrate them, and correlate them, so that we could eliminate terrorist networks not in days or weeks, but in hours or minutes.” She highlighted, “It was one of those projects in the middle of a war zone that took an incredible degree of entrepreneurialism, innovation, teamwork, and collaboration.” This initiative significantly aided the Joint Special Operations Command (JSOC) in removing thousands of insurgents from the battlefield. “It saved lives, and that to me was an incredible lesson learned,” the director added.
Following the success of the RT mission, General Keith Alexander, who would later become the first Commander of USCYBERCOM, emphasized the critical role of cyber and communications in warfare. He conveyed these insights during a testimony to Congress in September 2007, where he referred to cyber as a “strategic instrument.” This testimony, as noted by CISA Director Easterly, who worked closely with him during this period, helped underscore the importance of cyber capabilities. Furthermore, the initiative’s success began to garner support among battle commanders for a sub-unified command dedicated to cyber-operations.
In shaping the vision for Cyber Command, narratives were essential. General Nakasone shared with the audience, “We started with a narrative. We said, ‘let’s educate senior members of the DoD and see what it takes to operate inside cyberspace.’ The first thing that we came up with was a cyber storyboard. It was literally a story that had senior folks from the DoD and other elements of the government drawn into what we wanted to do,” the General added.
In the early stages of establishing Cyber Command, Vice Admiral White traveled to California to engage with the movie industry in Hollywood. Reflecting on that experience, the former commander shared, “How do you build a narrative? How do you tell a story? What do you think of all the storyboards?” He noted, “We had some incredible talent—not us—but to turn that storyboard into something visual, then it could be mapped to a very dynamic narrative. I think we built hundreds of versions of that. The brief was given over hundreds of times during a nine-month period between Fort Meade, the Pentagon, and the Capitol.”
One of the major challenges in establishing the new command stemmed from the difficulty in understanding the intangible and invisible nature of cyber operations. During one of the briefings, as shared by the CISA director, a participant commented, “I understand every word you are saying, but I have no idea what any of it means.” This candid admission drew laughter from the audience.
Lieutenant General Davis also emphasized the effectiveness of storytelling in conveying complex ideas. He remarked, “When you ask everyone in DC if they understand cyber, they all nod their heads and say, ‘Yes, absolutely. I understand it.’ But explaining it to people at such a basic level using cartoons actually helps them to really understand it. And I think that was one of the big keys to our success.”
