On October 01, 1995, the Navy augmented the Fleet Deception Groups with several other smaller commands and re-designated the assemblage as the Fleet Information Warfare Center (FIWC), the Navy’s Center of Excellence for Information Operations (IO). The Secretary of the Navy (SECNAV) established the Navy Computer Incident Response Team (NAVCIRT) as a department of FIWC to reflect Information Warfare (IW) Manual and Joint Publication 3-13 modifications by adding Information Assurance (IA) protection as a pillar of IO. NAVCIRT’s primary missions were incident handling and sensor monitoring for the Navy, later expanding to include On-line Surveys (OLS) and Red Teaming.
In 1998, as a consequence of a computer network intrusion labeled “Solar Sunrise,” then Deputy Secretary of Defense, Dr. John Hamre, created a standing Joint Task Force for Computer Network Defense (JTF-CND) and directed each service to stand up a service component. The Navy responded and created the Navy Component Task Force for Computer Network Defense (NCTF-CND) command on January 31, 1999.
In late 2000, JTF-CND was renamed to JTF-CNO (Computer Network Operations).
In 2001, the Department of Defense mandated that each service have a Computer Network Defense Service Provider (CNDSP).
In 2003, NAVCIRT separated from FIWC and merged with NCTF-CND, combining billets (about 30 personnel) and mission and was designated as the NAVCIRT Task Force. The Department of the Navy Chief Information Officer (DON CIO) also designated NAVCIRT as the CNDSP for Navy. In 2005, NAVCIRT was accredited as a Level II CNDSP by the Office of the Secretary of Defense.
In May 2002, the Naval Network Warfare Command (NNWC) was established as a three-star flag headquarters and type commander of information operations, technology, and management. NNWC assumed command of FIWC and NCTF-CND, among many others. In October of that year, the new Unified Command Plan, Change 2, re-aligned JTF-CNO under the United States Strategic Command (USSTRATCOM). After the signing of the Joint Concept of Operations for Global Information Grid Network Operations (GIG NETOPS), JTF-CNO was later renamed JTF-GNO (Global Network Operations) and responsible for directing the operation and defense of the GIG.
On January 10, 2006, NAVCIRT became Navy Cyber Defense Operations Command (NCDOC), established as an Echelon IV command, administratively and operationally subordinate to NNWC, and also assigned to JTF-GNO, which was responsible for overall management and conduct of computer network and systems defense.
In 2010, Fleet Cyber Command (FCC) was established as a Navy Component Command to the newly established United States Cyber Command (USCC), which was created by combining JTF-GNO and JFCC-NW, as a sub-unified command under USSTRATCOM. As a result, NCDOC and NNWC were realigned under operational control of FCC, and under administrative control of Navy Cyber Forces (NCF), the newly established type commander.
In November 2013, NCDOC moved from Joint Expeditionary Base Little Creek, Virginia Beach, VA to the Joint Staff Suffolk Complex in the Lake View Technology Park, Suffolk, VA.
In 2014, NCF was shifted to the newly established Commander, Navy Information Dominance Forces (NAVIDFOR), and renamed to Naval Information Forces (NAVIFOR) in 2017.
Over its history, NCDOC has grown from five personnel into the Department of Defense’s premier cyber defense organization comprised of over 700 military, approximately 17O government civilians, and over130 government contractor personnel.
The rapid growth of network technologies coupled with the increased dependence on integrated command and control systems will continue to fuel the growth of this command and its critical mission for years to come. NCDOC is the first organization to be certified (and recertified) as a Level III CNDSP, currently known as Cyber Security Service Provider (CSSP). In this capacity, NCDOC executes defensive cyberspace operations and enables global power projection through proactive network defense. The responsibilities of global defense of Navy networks include taking assertive steps to protect, monitor, analyze, detect, and defensively respond to unauthorized activity on a 24/7/365 basis. This activity may include disruption, denial, degradation, destruction, exploitation, or unauthorized access to Navy computer networks, information systems or their contents. The Navy's Cyber Protection Teams (CPT) are prepared to respond to Navy network incidents throughout the world.
As a part of the global network defense mission NCDOC collaborates and coordinates monitoring, detection, analysis, and forensics efforts with multiple entities within the Department of Defense, other U.S. Government agencies, and the law enforcement community.