Inside one of U.S. Cyber Command’s offensive units

Ever wonder how long it takes to get one of the U.S. Army’s best cyber operators trained and ready to conduct high-end offensive operations? About five years, according to the Army’s top intelligence official. "These are not soldiers that are coming out of Dover High School in New Hampshire. These are soldiers that need a ...

Wikimedia Commons
Wikimedia Commons
Wikimedia Commons

Ever wonder how long it takes to get one of the U.S. Army's best cyber operators trained and ready to conduct high-end offensive operations? About five years, according to the Army's top intelligence official.

"These are not soldiers that are coming out of Dover High School in New Hampshire. These are soldiers that need a lot of time and training, coming out of our best universities," said Lt. Gen. Mary Legere, the Army's deputy chief of staff for intelligence during an Oct. 23 speech at the Association of the U.S. Army's annual conference in Washington, where she discussed the Army's 780th Military Intelligence Brigade.

The brigade is a custom-made cyber warfare unit being built up at Fort Meade, Md., and Fort Gordon, Ga., to conduct some of the most sophisticated cyber operations around the world. As the Army's contribution to U.S. Cyber Command, the 780th is responsible for hunting down enemy hackers, figuring out how they operate, and developing cyber weapons to use against a host of online targets.

Ever wonder how long it takes to get one of the U.S. Army’s best cyber operators trained and ready to conduct high-end offensive operations? About five years, according to the Army’s top intelligence official.

"These are not soldiers that are coming out of Dover High School in New Hampshire. These are soldiers that need a lot of time and training, coming out of our best universities," said Lt. Gen. Mary Legere, the Army’s deputy chief of staff for intelligence during an Oct. 23 speech at the Association of the U.S. Army’s annual conference in Washington, where she discussed the Army’s 780th Military Intelligence Brigade.

The brigade is a custom-made cyber warfare unit being built up at Fort Meade, Md., and Fort Gordon, Ga., to conduct some of the most sophisticated cyber operations around the world. As the Army’s contribution to U.S. Cyber Command, the 780th is responsible for hunting down enemy hackers, figuring out how they operate, and developing cyber weapons to use against a host of online targets.

These soldiers work outside the Pentagon’s firewalls to "detect threats against our networks, to characterize where those threats are coming from, and to provide early warning to [Army network] defenders, to provide early warning to [Army] hunters inside the network who will look to cut that threat off."

Although Legere said the soldiers are chiefly looking for threats, she also called them offensive troops.

Her comments come as the Defense Department — and the private sector — embrace the philosophy of "active defense" in the cyber realm. The principle of active defense maintains that the best defense includes offensive actions, such as hunting for enemy hackers, learning about their techniques, determining where they are, figuring out how to foil attacks by them, and when needed, attacking them. 

The Fort Meade-headquartered unit is working its way to being at two battalions’ size and is made up of civilians and soldiers who have high math and logic skills, according to the three-star general. "These are the kinds of basic skills we need for our cyber warriors who are on the offensive side," said Legere.

Once accepted to the 780th, soldiers can expect to wait up to five years before being trusted with the highest-priority cyber missions.

"Once they’re in that unit they have a series of developmental [work] assignments that, in some cases, take three to five years to build," said Legere. "So if you’re looking at the very, very best of our capability, those soldiers who will be trained to do the hardest work of understanding to how to characterize the threat, how to build the solution and how to potentially create" an offensive cyber weapon.

John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.

More from Foreign Policy

A Panzerhaubitze 2000 tank howitzer fires during a mission in Ukraine’s Donetsk region.
A Panzerhaubitze 2000 tank howitzer fires during a mission in Ukraine’s Donetsk region.

Lessons for the Next War

Twelve experts weigh in on how to prevent, deter, and—if necessary—fight the next conflict.

An illustration showing a torn Russian flag and Russian President Vladimir Putin.
An illustration showing a torn Russian flag and Russian President Vladimir Putin.

It’s High Time to Prepare for Russia’s Collapse

Not planning for the possibility of disintegration betrays a dangerous lack of imagination.

An unexploded tail section of a cluster bomb is seen in Ukraine.
An unexploded tail section of a cluster bomb is seen in Ukraine.

Turkey Is Sending Cold War-Era Cluster Bombs to Ukraine

The artillery-fired cluster munitions could be lethal to Russian troops—and Ukrainian civilians.

A joint session of Congress meets to count the Electoral College vote from the 2008 presidential election the House Chamber in the U.S. Capitol  January 8, 2009 in Washington.
A joint session of Congress meets to count the Electoral College vote from the 2008 presidential election the House Chamber in the U.S. Capitol January 8, 2009 in Washington.

Congrats, You’re a Member of Congress. Now Listen Up.

Some brief foreign-policy advice for the newest members of the U.S. legislature.