Overview of U.S. Cyber Command
U.S. Cyber Command (CYBERCOM) is the unified combatant command responsible for cyberspace operations. Established in 2009 and elevated to full combatant command status in 2018, CYBERCOM directs, synchronizes, and coordinates cyberspace planning and operations to defend and advance national interests.
Headquartered at Fort George G. Meade, Maryland, the command is co-located with the National Security Agency. The CYBERCOM Commander holds a dual-hatted role as Director of the NSA, enabling close coordination between offensive cyber operations and signals intelligence.
CYBERCOM operates through the Cyber National Mission Force, service cyber components (Army Cyber, Fleet Cyber, Air Forces Cyber, Marine Corps Cyberspace), and the Cyber Mission Force teams that execute operations worldwide.
Key Facts
- CYBERCOM was elevated to unified combatant command in 2018
- Headquarters at Fort George G. Meade, Maryland
- Commander also serves as Director of the National Security Agency
- Conducts both offensive and defensive cyber operations
Cyber Operations Mission
CYBERCOM conducts three primary mission areas: defending the Department of Defense information networks, providing cyber support to combatant commanders worldwide, and defending the nation from significant cyberattacks when directed by the President or Secretary of Defense.
The command operates under a persistent engagement strategy, which seeks to contest adversary cyber operations continuously rather than waiting to respond after attacks occur. This approach recognizes that cyberspace is a domain of continuous competition.
CYBERCOM maintains 133 Cyber Mission Force teams composed of approximately 6,200 personnel. These teams are organized into Combat Mission Teams (offensive operations), Cyber Protection Teams (defensive operations), and National Mission Teams (defending critical infrastructure).
Current Threat Environment
The cyber threat environment includes nation-state actors, criminal organizations, hacktivists, and insider threats. China, Russia, Iran, and North Korea are identified as the most capable nation-state cyber adversaries targeting U.S. interests. For a broader view of state-sponsored cyber operations, see our <a href="/cyber-warfare-tracker">cyber warfare tracker</a>.
China conducts extensive cyber espionage targeting U.S. intellectual property, defense technologies, and critical infrastructure. Russian cyber actors have demonstrated capabilities to disrupt critical infrastructure and conduct information operations.
Ransomware attacks by criminal organizations have impacted hospitals, school districts, local governments, and critical infrastructure operators. State-sponsored groups sometimes cooperate with or provide cover for criminal cyber actors.
Notable Operations
CYBERCOM has publicly acknowledged several operations, including efforts to disrupt foreign ransomware groups, defend U.S. elections from foreign interference, and support Ukraine by providing cybersecurity assistance and conducting operations against Russian targets.
The command conducted operations to disrupt the Trickbot botnet before the 2020 U.S. elections and has deployed "hunt forward" teams to allied nations to identify threats before they reach U.S. networks. These defensive operations are conducted at the invitation of partner nations.
Critical Infrastructure Defense
CYBERCOM works with the Cybersecurity and Infrastructure Security Agency (CISA), sector-specific agencies, and private sector partners to defend critical infrastructure from cyberattacks. The command can provide direct support when attacks rise to the level of national security threats.
The 16 critical infrastructure sectors include energy, financial services, healthcare, water systems, and transportation. CYBERCOM maintains awareness of threats to these sectors and can act when civilian agencies require military support.
Official alert status is classified. Our information is based on OSINT analysis, not official military sources.
Frequently Asked Questions
What is the current CYBERCOM alert level?
CYBERCOM does not publicly release alert or readiness levels. The command maintains continuous cyber operations to defend U.S. interests in cyberspace.
Why is the CYBERCOM commander also the NSA director?
The dual-hat arrangement enables close coordination between offensive cyber operations (CYBERCOM) and signals intelligence (NSA). Both missions rely on similar technical expertise and infrastructure.
Does CYBERCOM defend private companies?
CYBERCOM primarily defends DoD networks. For significant attacks on critical infrastructure, the command can support civilian agencies like CISA, but direct defense of private networks requires specific authorization.