Cyber Command Task Force Conducted Its First Offensive Operation As The Secretary Of Defense Watched

The operation is another sign of the rapidly evolving nature of warfare in the digital domain and the future importance of offensive cyber operations.

byBrett Tingley|
U.S. Homeland photo


A U.S. Cyber Command task force executed what is being described as its “first offensive cyber effect operation” against real-world cyber threats. While the exact nature of the operation and its target remains unknown, the event was significant enough for the U.S. Secretary of Defense to personally attend to watch the operation in action.

The operation was conducted between February and August 2021 by a task force consisting of personnel from the Maryland Air National Guard’s 175th Cyber Operations Group, the Delaware Air National Guard’s 166th Cyber Operations Squadron, U.S. Navy’s Cyber Strike Activity Sixty-Three, the U.S. Air Force’s 341st Cyber Operations Squadron, and the Air Force Reserve. The task force executed the operation from February to August last year, although the Air National Guard (ANG) just announced it this week. While there have been other offensive cyber operations conducted by U.S. Cyber Command (USCYBERCOM), this is the first conducted and acknowledged by this particular task force.

Cyber National Mission Force members participate in a training and readiness exercise at Fort Meade, Maryland in 2021., USCYBERCOM/Josef Cole

Details about the specific threat countered by the task force’s cyber offensive are scarce, but USAF Maj. Corley Bradford, director of operations for 175th Cyberspace Operations Squadron, said the offensive cyber operation involved the security of Department of Defense information networks. 

“[Our] NMT was a direct contributor to [our task force] conducting a successful offensive cyber effects operation,” Bradford stated in an ANG press release. “It was a lot of excitement to finally see the fruits of our labor when [our task force] delivered its first offensive cyber effects operations during this mobilization,” said Bradford.

Interestingly, Secretary of Defense Lloyd J. Austin III was on hand to personally witness the operation. “It was a massive milestone,” Maj. Bradford said, “so he wanted front row seats to see the action firsthand.”

U.S. Cyber Command has not released information about the target(s) of the operation. One of the largest publicly-known threats Cyber Command responded to last year was the Russian-led SolarWinds breach, but it isn’t clear if this offensive operation was related to that incident in any way. Whatever the case may be, U.S. Cyber Command held an international exercise in late 2021 in direct response to the SolarWinds incidents, and in December 2021 conducted offensive operations against international ransomware groups like those responsible for the Colonial Pipeline attack. At the same time, Russian cyberattacks have been increasing steadily alongside its recent aggressive military posturing along its border with Ukraine.

The U.S. National Guard has been activating additional cyber operations units since 2015 as part of a growing emphasis on cyber operations throughout the Department of Defense. A large part of these units’ mission is to provide assistance and intelligence to state and local governments in the event of emergencies, and they actively carry out exercises to plan for such contingencies. "The Guard is in all 50 states, three territories and the District of Columbia,” said Air Force Col. Timothy T. Lunderman. “If state and local officials need help they're more likely to turn to the folks they know. The people they know are the Guard."

U.S. Air Force 2nd Lt. Robert Kocsis, an operator with the Maryland National Guard Joint Task Force Cyber, at the 175th Wing at Warfield Air National Guard Base.,  ANG/SrA Sarah M. McClanahan

The Maryland Air National Guard’s 175th Cyber Operations Group was stood up in 2016. "We have all the ingredients to operationalize the cyber mission," 275th Operations Support Squadron commander Col. Kevin George said at the time. "Because of our unique situation and support mechanisms we will be able to execute defense, offense and kinetic operations." The group features members who work in civilian positions for defense contractors and cybersecurity firms, which allows the National Guard to leverage the expertise these members have gained in the private sector.

While this may have been the first offensive cyber operation carried out by this particular task force, it underscores the Pentagon’s growing emphasis on cybersecurity. The White House signed an executive order last year aimed at bolstering cyber defenses throughout the intelligence community and Department of Defense, and later announced it would elevate certain cyberattacks to the same priority as terrorist attacks. While those initiatives are largely defensive in nature, Cyber Command has previously issued statements that outline how offensive cyber capabilities are also necessary to "target enemy and hostile adversary activities." The exact nature of those capabilities remains unknown.

Personnel with the 175th Cyberspace Operations Group monitor cyberattacks on the operations floor, known as the Hunter's Den., USAF/Joseph Eddins

As many recent cyber and ransomware attacks worldwide have shown, much of America's utility networks and other critical infrastructure remain vulnerable to cyberattacks from both state and non-state actors. It’s likely the Pentagon’s emphasis on cyber capabilities, both defensive and offensive, will continue to grow as the U.S. government attempts to strengthen its ability to respond to these rapidly emerging threats.

Contact the author: