On October 01, 1995, the Navy augmented the Fleet Deception Groups with several other smaller commands and re-designated the assemblage as the Fleet Information Warfare Center (FIWC), the Navy’s Center of Excellence for Information Operations (IO). The Secretary of the Navy (SECNAV) established the Navy Computer Incident Response Team (NAVCIRT) as a department of FIWC to reflect Information Warfare (IW) Manual and Joint Publication 3-13 modifications by adding Information Assurance (IA) protection as a pillar of IO. NAVCIRT’s primary missions were incident handling and sensor monitoring for the Navy, later expanding to include On-line Surveys (OLS) and Red Teaming.
In 1998, as a consequence of a computer network intrusion labeled “Solar Sunrise,” then Deputy Secretary of Defense, Dr. John Hamre, created a standing Joint Task Force for Computer Network Defense (JTF-CND) and directed each service to stand up a service component. The Navy responded and created the Navy Component Task Force for Computer Network Defense (NCTF-CND) command on January 31, 1999.
In late 2000, JTF-CND was renamed to JTF-CNO (Computer Network Operations).
In 2001, the Department of Defense mandated that each service have a Computer Network Defense Service Provider (CNDSP).
In 2003, NAVCIRT separated from FIWC and merged with NCTF-CND, combining billets (about 30 personnel) and mission and was designated as the NAVCIRT Task Force. The Department of the Navy Chief Information Officer (DON CIO) also designated NAVCIRT as the CNDSP for Navy. In 2005, NAVCIRT was accredited as a Level II CNDSP by the Office of the Secretary of Defense.
In May 2002, the Naval Network Warfare Command (NNWC) was established as a three-star flag headquarters and type commander of information operations, technology, and management. NNWC assumed command of FIWC and NCTF-CND, among many others. In October of that year, the new Unified Command Plan, Change 2, re-aligned JTF-CNO under the United States Strategic Command (USSTRATCOM). After the signing of the Joint Concept of Operations for Global Information Grid Network Operations (GIG NETOPS), JTF-CNO was later renamed JTF-GNO (Global Network Operations) and responsible for directing the operation and defense of the GIG.
On January 10, 2006, NAVCIRT became Navy Cyber Defense Operations Command (NCDOC), established as an Echelon IV command by OPNAV Note 5450, administratively and operationally subordinate to NNWC, and also assigned TACON to JTF-GNO, which was responsible for overall management and conduct of computer network and systems defense.
In 2010, Fleet Cyber Command (FCC) was established as a Navy Component Command to the newly established United States Cyber Command (USCC), which was created by combining JTF-GNO and JFCC-NW, as a sub-unified command under USSTRATCOM. As a result, NCDOC was realigned under operational control (OPCON) of FCC, and administrative control (ADCON) of Navy Cyber Forces (NCF), the newly established type commander.
In November 2013, NCDOC moved from Joint Expeditionary Base Little Creek, Virginia Beach, VA to Lake View Technology Park, Suffolk, VA.
In 2014, ADCON of NCDOC was shifted to the newly established Commander, Navy Information Dominance Forces (NAVIDFOR).
Over its history, NCDOC has grown from five personnel into the Department of Defense’s premier cyber defense organization comprised of over 500 military, approximately 15O government civilians, and approximately 120 government contractor personnel.
The rapid growth of network technologies coupled with the increased dependence on integrated command and control systems will continue to fuel the growth of this command and its critical mission for years to come. Operating under the operational control of Fleet Cyber Command/U.S. Commander, TENTH Fleet (FCC/C10F) as Commander, Task Force 1020 (CTF1020), NCDOC is the first organization to be certified (and recertified) by USSTRATCOM as a Level III CNDSP, renamed as Cybersecurity Service Provider (CSSP).
In that capacity, NCDOC/CTF1020 executes defensive cyberspace operations and enables the Navy’s global power projection through proactive network defense. The responsibilities of global defense of Navy networks include taking assertive steps to protect, monitor, analyze, detect, and defensively respond to unauthorized activity on a 24/7/365 basis. This activity may include disruption, denial, degradation, destruction, exploitation, or unauthorized access to Navy computer networks, information systems or their contents. Navy Cyber Protection Teams (CPT) are prepared to respond to Navy network incidents throughout the world.
As a part of the global network defense mission NCDOC/TF1020 collaborates and coordinates monitoring, detection, analysis, and forensics efforts with multiple entities within the Department of Defense, other U.S. Government agencies, and the law enforcement community.