The proposals are part of each chamber’s version of the annual defense policy bill, the National Defense Authorization Act for fiscal 2026.

According to the Senate Armed Services Committee’s version, DOD must conduct a study on force employment of cyber in support of combatant commands and evaluate establishing Joint Task Force-Cyber elements across those geographic combatant commands.

A proposal in the House, offered by Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems chairman Rep. Don Bacon, R-Neb., requires a similar evaluation, though focused specifically on the Indo-Pacific Command area of responsibility.

According to Bacon, the military is not properly organized for the current cyber conflict.

“Since becoming Chairman of the Subcommittee, I’ve grown increasingly concerned that we are not correctly organized for the cyber fight we find ourselves in today, let alone a more complex and consequential future fight. Our Cyber Command does great working national threats, but I want to ensure our Cyber team is postured right for a potential fight with China over Taiwan,” he said in a statement.

He said he plans to push for the establishment of a Joint Task Force-Cyber — not merely an evaluation — when both chambers of Congress convene to reconcile their bills.

“If we accept the reality that we are already in hostilities with our principal adversary in cyberspace, then there is no time to waste,” Bacon said.

Bacon also pointed to the fact that this is not a new issue. In the fiscal 2023 NDAA, Congress required the creation of a similar organization — a Joint Task Force — in Indo-Pacom to support joint operations in the kinetic space before conflict, because the military was not sufficiently acting jointly, in lawmakers’ view.

Sources indicated that construct has worked well so far and these proposals could mirror that on the non-kinetic side.

Moreover, a classified DOD Inspector General report that examined the effectiveness of Indo-Pacom and Cyber Command’s planning for offensive cyberspace operations and Cybercom’s execution of offensive cyberspace ops in support of Indo-Pacom’s plans, recommended the creation of a Joint Task Force-Cyber, according to someone familiar. That examination began in 2023.

Congress has in several previous NDAAs asked for studies and evaluations on how Cybercom’s headquarters elements are organized and how it employs cyber capabilities effectively. Sources indicated these proposals are likely, in part, an indication that lawmakers aren’t pleased with either the responses from the Defense Department, or there has been a lack of response from DOD.

If realized, the creation of joint task forces for cyber at the combatant commands could potentially lead to a complete restructure for how operations are conducted, according to sources.

How cyber operations are conducted

Ultimately, these proposals could end up giving more oversight and control of cyber operations to the geographic combatant commanders.

Unlike the other domains of warfare, there still is no cyber component command at the geographic combatant commands. Each component command — land, air and maritime — is responsible for commanding and coordinating the forces under their domain on behalf of the four-star combatant commander, who has the ultimate authority on how and which forces are employed for particular operations.

Cyber, however, is different.

Since Cybercom established its cyber mission force over 10 years ago — the 147 teams that the services provide to Cybercom to conduct cyber operations — digital forces and capabilities are employed through what the command calls Joint Force Headquarters-Cyber.

These entities are commanded by the heads of the service cyber components and are assigned particular combatant commands to provide planning, targeting, intelligence, synchronization, and command and control of cyber capabilities.

Joint Force Headquarters-Cyber Army is responsible for Central Command, Africa Command and Northern Command. Joint Force Headquarters-Cyber Navy is responsible for Indo-Pacom, Southern Command and United States Forces Korea. Joint Force Headquarters-Cyber Air Force is responsible for European Command, Space Command and Transportation Command. Joint Force Headquarters-Cyber Marine Corps is responsible for Special Operations Command. DOD Cyber Defense Command, formerly Joint Force Headquarters-DOD Information Network, is the coordinating authority for Transportation Command.

None of the these entities were designed to be identical.

Moreover, there is also the Cyber National Mission Force, a sub-unified command under Cybercom, which is responsible for defending the nation against significant digital threats and is thought to possess the most elite cyber operators. It is a global entity aligned in task forces assigned to different threat actors, which means they are also operating within the areas of responsibility for geographic combatant commands.

Given Cyber National Mission Force’s global mission, the commander of Cybercom can conduct operations in a particular theater based on his priorities and mission sets. While this may be coordinated with the regional commander, they don’t necessarily have to ask for permission, in what could be seen by the geographic combatant commander as infringing on their area of operations.

The geographic combatant commanders don’t have as much control over cyber forces in their regions as they do for the physical or kinetic forces. The cyber teams are controlled by the JFHQ-Cs through Cybercom. Moreover, Cybercom has the ability to reorganize and realign forces around as they see fit against different priorities and threats, though, this is usually done in consultation with the combatant commands.

Cybercom, not the combatant commands themselves, approves the cyber operations for the regional commands, which includes interagency coordination.

Approvals for cyber ops flow through the commander of Cybercom, not the geographic combatant commands themselves, which includes interagency coordination.

Taken together, sources indicated these could all be seen as a loss of control for the geographic combatant commanders, who are responsible for running the operations in their regions and typically have oversight of their forces. Some have argued that the regional combatant commanders should have control and oversight of all the forces in their geography.

Sources indicated tensions exist in this construct with a regionally focused combatant command and a globally focused combatant command that has a high-demand, low-density asset in cyber.

“I think what you’re seeing is the tension that exists today between having Cybercom forces that really, at the end of the day, are controlled by the Cybercom commander in general support to the other Cocoms versus having that combatant commander have full control,” a former military cyber official told DefenseScoop.

Others indicated the creation of a joint task force is a natural evolution for the command and control of cyber forces.

Indo-Pacom, in particular, poses a unique challenge with all the cyber forces operating within its area of responsibility.

There are combat mission teams that conduct cyber operations on behalf of combatant commands, mostly in the offensive sphere, coordinated by Joint Force Headquarters-Cyber Navy, Joint Task Force-Ares — which initially was a counter-ISIS cyber task force but shifted four years ago to focus more on nation-states, particularly in the Pacific region — run by Marine Corps Force Cyberspace Command — as well as teams from the Cyber National Mission Force.

For those reasons, the command and control of these forces must be under a single chain of command. Those forces could be packaged together and work for the Indo-Pacom commander, the former officials posited when discussing a potential future scenario, and then the Indo-Pacom commander would have full control over them, a departure from the situation today.

For Indo-Pacom, everything is on island, a second former military cyber official said, meaning where their Hawaii headquarters are located. Indo-Pacom wants everyone on island with them so capabilities can be better integrated, they added.

Experts and former officials noted that a Joint Task Force-Cyber structure would likely clean up command and control lines for the employment of cyber.

Those that spoke to DefenseScoop noted combatant commands could see this as enhancing simplicity and speed.

In a future conflict, decisions will have to be made at unprecedented speeds, as seen in the Ukraine-Russia war.

However, the global nature of cyberspace and actors could complicate such an arrangement where the regional commander has more control.

China, for example, is a global threat actor and taking control from Cybercom could lessen its ability to surge or act in other regions. If there is a global threat versus a regional threat, officials would have to figure out what takes priority, who makes the decision and who has the authority to re-direct cyber forces to address them, a third former military cyber official posited.

Questions and resource constraints

Experts raised several issues that should be addressed with the potential formulation of joint task forces for cyber at the combatant commands, posing questions that should be answered in an evaluation for their necessity or creation.

One concern is whether the assessment for the creation of a Joint Task Force-Cyber is fair when balanced against what Cybercom has been doing over the last couple of years.

Cybercom has continued to reevaluate how it conducts cyber operations over the years.

Discussions in recent years inside the command have also focused on creating task forces that would be assigned against particular threat actors. This would potentially allow cyber forces to transcend the geographic boundaries given cyber threat actors are global.  

The drafting of this legislation, however, signals that the current processes can be done better.

Would a new process create more hurdles or would it enable greater simplicity?

“You have to ask yourself with what we’ve designed today, is it simple … Simplicity, speed, precision, clarity, these kind of things are really important in a fast fight for C2. And you could offer that’s not necessarily the case with the current design,” the first former official said. “Is the juice worth the squeeze?”

The third former official noted it’s important to ask what problem is this trying to solve? What is this a joint task force to do? Is this an authorities issue, is it a cyber mission force capacity issue, or what are the combatant commands not getting that they need from Cybercom?

Some of these issues could be wargamed or worked out through table top exercises, they noted.

For many officials, an education gap still exists where combatant commands still don’t always know how to employ the JFHQ-Cs or what to ask for from Cybercom. Some of this is relationship and personality based and can differ based on each organization.

About eight years ago, Cybercom began to create planning cells — Cyber Operations-Integrated Planning Elements (CO-IPEs) — located within the staffs of the geographic combatant commands to help them with synchronization and planning given the JFHQ-Cs are at remote locations.

While the CO-IPEs were designed to assist in planning and understanding how to employ cyber operations, they still haven’t all matured effectively to provide all the necessary answers and planning requested.

According to the third former official, some of the geographic combatant commands are probably saying, “I just don’t have the authority.”

They pushed back on that assessment, noting if the combatant commands asked for something, they’d likely get it, but an educational issue on both sides of the problem exists.

Another model could be to bolster the CO-IPEs to mirror Special Operations Command’s theater special operations commands (TSOCs), which are small teams and how special operations forces are employed in geographic combatant commands.

These entities can act as a connective tissue between seams in geographic regions and anticipate which threats may need more resources. They can provide command and control for running operations, if needed. CO-IPEs are currently only for planning and have no command and control functions.  

Another option could be to co-locate the cyber forces within the JTF within the combatant command. Currently, only the CO-IPE is embedded in the geographic combatant command staff. The JFHQ-C and cyber forces conducting the operations are at remote locations, not directly within the geographic combatant command they’re supporting.

But part of the challenge with the way the legislation is written is if Congress wants a Socom model, lawmakers would establish a TSOC equivalent for a Cybercom forward element or cyber element for forces in theater and not a Joint Task Force-Cyber, one of the former officials said. The reason that doesn’t exist today, they added, is the control is done in the rear of the CO-IPE and they conduct the integrated planning with the combatant command staff forward.

“I don’t think Cocom commanders are happy with that. I think they want the control,” the official suggested.

Other key questions surround resources. Oftentimes when there’s a new problem, organizations stand up a new headquarters, but nobody gets any more people, one of the former officials pointed out.

Of note, given each Joint Force Headquarters supports multiple combatant commands, in many cases officials within those organizations wear multiple hats. For example, a service cyber component might have an integrated operations staff that does everything for all their Joint Force Headquarters.

If each combatant command creates a Joint Task Force-Cyber and the Joint Force Headquarters go away — something that isn’t necessarily clear based on the legislation proposed — where do the new joint task force personnel come from? Are those staff that wore multiple hats ripped apart, some sources asked.

Setting priorities

One of the other aspect driving an assessment to create a new joint task force construct is to help drive more emphasis on the combatant command cyber forces and capabilities.

According to a congressional staffer, there was a sense that there was neglect for the combatant command-related cyber capabilities in favor of the Cyber National Mission Forces that defend the nation.

It comes down to prioritization and resources. The Cyber National Mission Force has a global mission and there is a lot of prioritization that goes to them, but that doesn’t mean the other teams aren’t working, former officials said.

With limited resources, what gets the focus? Are they things that are important to Cybercom or the geographic combatant commands, one former official asked, noting they could see an argument coming from a combatant command asking is Cybercom doing things that are of the most interest to that combatant commander or are they working on things that are of less interest to them, but of more interest to Cybercom, which are typically CNMF targets.

The post Congress pushing Joint Task Force-Cyber, shaking up how DOD employs digital capabilities appeared first on DefenseScoop.

“I also have learned that within the executive branch there are very limiting rules of engagement on what Cyber Command can do in response,” Rep. Don Bacon, R-Neb., said during a June 12 House Armed Services Committee hearing.

Bacon serves as the chair of the panel’s subcommittee that oversees Department of Defense cyber operations, forces and policies, giving him unique insights into this matter.

“I’m the chairman of the committee and I’ve talked to multiple layers, they are restricted based off the rules of engagement. Maybe they’re appropriate. I just hope we relook at them because if China can attack our energy grid, our Wall Street grid, our hospitals, I think we should be reviewing, okay, is our responses adequate? I just want to submit that for you to think about and consider,” he told the committee’s witnesses that day, Secretary of Defense Pete Hegseth and Chairman of the Joint Chiefs of Staff Gen. Dan Caine.

He implored them to review the current rules of engagement and consider if they need to be revamped.

In a statement, he later emphasized that while Russia and China are infiltrating systems, rules of engagement are hindering U.S. Cyber Command from responding properly, urging a more aggressive posture.

“China has surpassed Russia as our biggest cyber threat. With malicious intent, they’re attempting to – and largely succeeding in – infiltrating everything from our energy grid and cell phones to our financial institutions, and health care networks. While we have good cyber intelligence, China is no longer deterred in the cyber domain, and I believe our own rules of engagement are holding us back,” Bacon said. “We need to start imposing heavy costs on these cyber actors, including nation states like China and Russia, to establish better cyber deterrence. In some cases, this could mean allowing Cyber Command to fight fire with fire, in other cases this might mean applying targeted non-cyber response like significant economic or diplomatic sanctions or perhaps covert action. Regardless of how we do it, I think everyone can agree that the status quo (of continued cyber attacks) is not acceptable or sustainable: some level of cyber deterrence has to be established.”

When asked if DOD is reviewing its rules of engagement for cyberspace, a department spokesperson on Friday said they had nothing to announce.

For many years, restrictive rules of engagement and improper analogies handicapped the military’s ability to conduct cyber operations. It used to be that U.S. military offensive cyber actions were considered on par with nuclear weapons in terms of requiring presidential sign-off for employment, for fear that effects could lead to escalation and possibly unintended consequences.

The nuclear analogy proved to be a flawed model for cyber, as history has borne out. In 2018, a series of congressional and executive actions cleared the way for smoother cyber operations approval. Those included a clarification that cyber action is a “traditional military activity,” removing interagency barriers that might have previously required an exemption to the covert action statue, effectively allowing Cybercom to operate more freely. Congress also included what essentially boiled down to an authorization to use force in cyberspace against Russia, China, North Korea or Iran to “disrupt, defeat, and deter … active, systematic, and ongoing campaign of attacks against the Government or people of the United States.”

On the executive branch side, the first Trump administration repealed the Obama administration era policy for approvals, issuing what was known as Nation Security Presidential Memorandum-13, which delegated authorities to the secretary of defense to conduct timely cyber operations. The still classified policy also included components to deconflict cyberspace with other government agencies to avoid fratricide among different organizations and equities.

“In line with the shift to a more proactive cyber strategy … NSPM-13 enables faster, more agile decision-making better adapted to the strategic threat. It does so not only by allowing delegations of authority, but by reinforcing those delegations with a coordination and approval process run by the delegee, not the NSC,” Gary Corn, director of the Technology, Law and Security Program and an adjunct professor of cyber and national security law at American University and former Staff Judge Advocate at Cybercom, wrote in a paper in 2021.

Prior to 2018, the military conducted very few cyber operations. Some experts that spoke to DefenseScoop noted that the primary restriction and limitation to engage in offensive cyber action was the lack of clear authorities, but after 2018 it was the lack of a sufficient man, train and equip function to present Cybercom with enough trained, capable personnel to carry out the mission.

The second Trump administration’s pick for assistant secretary of defense for cyber policy noted last month in her confirmation hearing that it’s likely time to begin reassessing some of these authorities from 2018.

“The cyber domain is continuing to evolve and the one constant that I’ve seen in being involved in this domain for over two decades is that the rate of change is exponential. My top priority if confirmed in this role will be to address this change with speed and agility in the department,” Katie Sutton told the Senate Armed Services Committee in May. “As you’re well aware, in 2018 there was a series of activities that enabled the offensive posture that the department is undergoing today; both establishment by President Trump of NSPM-13, the process to do cyber operations, as well as this committee’s definition of traditional military authorities for cyber. I believe we’re at a point where we need to reevaluate those and make sure that we’re postured to be able to respond to the increasing speed of cyber attacks and that we are able to address the incoming impacts of AI.”

Sutton served as a staff member on the Senate Armed Services Subcommittee on Cybersecurity and most recently chief technology advisor to the commander and director of Pentagon operations at Cybercom, giving her relevant insights into cyber operations.

Despite some criticism regarding the current rules of engagement, officials have indicated new rules have significantly increased the ability to conduct cyber operations.

“NSPM-13 is a repeatable, sustainable, agile process that is recognized across the Department of Defense and across the interagency that allows us to move at the speed and agility that’s required based on our intelligence, based on operational requirements, and it has increased our ability to execute cyber operations tenfold,” Lt. Gen. William Hartman, acting commander of Cybercom, told a Senate subcommittee during an April hearing.

Sources that spoke to DefenseScoop noted that after the first Trump administration gave new authorities, the Biden administration came into office with some folks that worked in the Obama White House, and there was still resistance to some actions in cyberspace — which led to efforts to walk back what the Trump team had put in place.

As President Donald Trump was coming back into power for his second term, officials associated with the transition and administration vowed a top priority would be a more aggressive posture in cyberspace to respond to a bevy of activity against the U.S., namely from China.

According to some, while there are standing rules of engagement for combatant commands to respond with force if necessary, cyber is a bit different given the risk profile and some policymakers’ lack of understanding about the digital realm.

As such, over time, certain presidential polices have limited that pre-authorization to use offensive measured except under certain defined circumstances, according to sources.

Legal experts agreed that the president has authority to act as commander-in-chief and respond to activities in America’s self defense. However, for some, response in cyber is a little more opaque.

“There’s been longstanding policy that, consistent with international law, if somebody starts shooting at us, we can shoot back. That is murkier in cyber because of a number of factors, part of which is less than clear lines in international law about what the thresholds are and what types of cyber activities cross those thresholds, and also concerns about escalation dynamics and risks,” Corn said in an interview. “We’ve gotten better at the risk side of it as compared to 10 years ago when there were lots of senior officials who were talking about any out-of-network cyber operations in terms of nuclear conflict.”

Speeding up decision space

One way in which operations under the current framework could be slowed down is if activity needs to be coordinated across the interagency at a time when most civilian government employees are offline and away from their desks.

Cybercom operates 24/7, monitoring threats across the globe and planning for operations. If something were to happen in the middle of the night or on a weekend and the command wants to coordinate with the interagency on the target set to be a good partner, the command could be in a situation where the options are to either violate the framework to complete the mission or delay until personnel are back at work, a former military cyber official explained.

This type of setup can also affect the command’s ability to campaign in cyberspace, that is, looking at sustained and persistent activity to set conditions rather than just conduct one-off operations. The current framework has allowed for those types of one-off engagements, but can hinder ongoing campaigning efforts that require persistence, the former official noted.

Going faster might not necessarily be about changing the framework itself as much as evaluating coordination across the interagency at a faster pace.

“[A]n effective decision-making process should be designed to aid the designated decision-maker in rendering a decision. A process that allows participants to effectively usurp decision authority without the attendant accountability is a design flaw, not a feature,” Corn wrote in 2021. “Imposing process for process’ sake is a fool’s errand, unless the objective is to drive interminable debate and bureaucratic inertia. Process is a means to an end, not an end in itself, and so it should always be designed to fulfill an objective. In the case of national security decision-making, the objective is to achieve the most well-informed decision possible under a given set of circumstances, including acceptable risk parameters and time available. The increasingly complex, fastmoving, and dynamic nature of modern national security threats requires disciplined decentralization of action consistent with centralized intent.”

Also at play now and especially into the future is the speed at which adversaries will likely execute operations employing AI and machine learning capabilities.

Experts referred to the notion of machine-on-machine competition in the future, necessitating the requirement to operate at high speed and be effective in defense and offense. The question for policymakers is if the current policy framework meets those challenges.

As such, some experts noted the need to relook cyber authorities on a more frequent basis than other areas of military operations given the dynamic environment and shifts in tactics.

“Cyber is definitely an area where authorities need to be looked at more frequently than the kinetic space. Obviously, not the idea of layering on more statutory or executive level guidance, but for tightening the OODA [observe, orient, decide and act] loop and coming up with ways to provide the higher level transparency and control that has to be there without sacrificing too much operational capability,” Tom Wingfield, a senior international and defense researcher in RAND’s Department of Defense and Political Sciences who served as deputy assistant secretary of defense for cyber policy from 2019 to 2021, said in an interview. “Part of that would need to be looking at the role AI can play in providing that transparency and tightening the OODA loop. There’s a lot of opportunity there to know what we’re talking about and to build in limitations so that we don’t have clunky 20th century techniques for reporting and waiting for permission.”

Corn noted that there’s a need to constantly assess if authorities and policies are fit for purpose given the risk environment, but acknowledged that lawmakers helped clarify some things a few years ago.

“What Congress did in the end of 2018 was more about clearing some hurdles that were perceived to exist in law from a domestic law perspective, like lifting a potential interagency objection to something that would constitute covert action versus a traditional military activity,” he said.

Ultimately, the more operations cyber forces conduct, the more comfortable national level leadership will be, similar to many of the other domains of warfare.

“The three main problems that really drive most of the oversight [in cyber] are first, the ability to know what needs to be hit. The second is having a weapon or an access that’s able to hit it. And the third is the ability to limit the knock-on effects of that attack to just the immediate area of the attack,” Wingfield said. “Each of those three things is a capability that, as it gets sharpened, would require less oversight and fewer packing peanuts around an operation. So as you do those three specific things better, then you can move much more quickly, much more like the kinetic areas of warfare.”

The post Are DOD’s rules of engagement in cyberspace too limited? appeared first on DefenseScoop.

At the end of the Cold War, many of the services divested of their capability within the electromagnetic spectrum. Now, these technologies are at a premium and in high demand for jamming enemy communications, navigation and missiles while protecting against the same. Adversaries have invested heavily in this area following U.S. divestment, forcing a sprint to reinvigorate American EW prowess.

“We’ve made some progress this year [but] here’s my concern: there’s a lot of studies and there’s a lot of paper, but paper doesn’t jam and paper doesn’t hit missiles,” Rep. Don Bacon, R-Neb., said Tuesday during an event hosted by the Mitchell Institute for Aerospace Studies. “We need to have more capability output, and I’m just not seeing enough of it right now.”

Bacon chairs the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems and is a retired one-star Air Force general who specialized in electronic warfare.

He observed that what’s been learned from military history is that when nations feel dominant, they walk away from electromagnetic spectrum capabilities — thinking they might not be necessary — as was seen at the end of the Cold War when the United States was the sole superpower.

“If you’re very dominant, EW is an unnecessary expense. But if you think you’re going to be in a very tough fight, electronic warfare is critical to saving lives,” he said, adding: “We walked away from [it] in the ’90s and we put very little emphasis” on it. As a result, those capabilities atrophied.

The electromagnetic spectrum should have the same importance placed on it as the other domains of warfare, he suggested, despite not being considered a domain itself.

“We need to talk like we do air power, sea power, the ground, cyber … Just like air, we want to control the air, deny [it] to the bad guys — we got to have that same mindset for the spectrum. That means you need attack capabilities. We got [to] also have the defensive measures,” he said, noting the U.S. dominated in the electromagnetic spectrum when he was a brand new EW officer.

As a one-star in the Pentagon, when he sought resourcing for electronic warfare, officials would tell him there wasn’t enough to go around because other assets, such as the F-35, KC-46 or new intercontinental ballistic missiles, were higher on the priority list, he recalled.

Similarly, the Air Force is slated to only have 12 EA-37B Compass Call aircraft, which boasts cutting-edge capabilities to degrade and disrupt adversary communications, information processing, navigation and radar systems.

Air Combat Command officials say they need 22 of those systems, Bacon said, while others have noted they’d like more platforms for their regions, which contributes to resource constraints in the EW environment.

The Army, for its part, has been on a decade-long journey to rebuild its arsenal. Amid fits and starts, it has sought to cancel or reapproach several programs after years of development, having delivered its first program-of-record jammer only last year, awarding a system tested by Special Operations Command. The service is now looking to move faster in the electronic warfare realm, seeking to utilize agile funds to stay ahead of threats and buy commercial as much as possible.

Bacon has also made it a priority during his years in Congress to drive the services and DOD to identify personnel in charge of EW for accountability.

“When I first came in [Congress] in 2017, I’d go [to] a service, I’d go, ‘who’s in charge of EW?’ say, for the Army or Navy or the Air Force. They would say ‘it’s the vice chief of staff.’ Well, he or she is in charge of a lot of things,” Bacon said at the Mitchell Institute event. “We need somebody at the one- or two-star level to have that accountability.”

He noted progress on that front with leadership at the joint level, both on the Joint Staff and with a new Joint Electromagnetic Spectrum Operations Center at Strategic Command, as well as joint electromagnetic spectrum operations cells resident within each combatant command to help plan and integrate EW into operations.

“I feel like we’ve made a lot of strides in giving people responsibility and knowing who exactly we hold accountable,” he said.

Bacon also noted progress on getting the Pentagon to develop an EW strategy and implementation plan.

The post Top lawmaker wants more progress on EW capabilities across services appeared first on DefenseScoop.

Cybercom 2.0, as the effort is known, is an ambitious plan first unveiled by former commander Gen. Paul Nakasone and other top DOD officials, spurred largely by a report requested by Congress in the fiscal 2023 annual defense policy bill to evaluate how Cybercom generates its forces.

In addition to responding to reports required by lawmakers, the initiative was meant to provide a holistic examination of the command and its forces to better posture them for the future, serving as the first major update since Cybercom was formed over 10 years ago when many sophisticated threats and challenges in cyberspace did not exist.

Former Secretary of Defense Lloyd Austin approved a broad outline for Cybercom 2.0 in December 2024, which encompassed four buckets: a new force generation model for how each service provides digital warriors to Cybercom; a talent management model; an advanced training and education center to ensure troops are better prepared when they arrive at their units and have specialized training if needed; and a cyber innovation warfare center that could focus on rapid innovation and capability development.

Those items had to be fleshed out by an implementation plan team. Upon coming into office, Secretary of Defense Pete Hegseth ordered the team to expedite their implementation plan in 45 days. The updated plan was delivered March 21. It had been held up within the Office of the Secretary of Defense because there was some pushback and it wasn’t being well-received.

Now, leadership is asking officials to reevaluate some components.

“We think that 2.0 was a great effort to improve our workforce, management and retention. We have taken another relook and decided that we think it needs even more work. We consider cyberspace as important as you do. We really appreciate your continued emphasis on that matter, so we have decided to do a deeper look and make it a better product,” Laurie Buckhout, the official performing the duties of assistant secretary of defense for cyber policy, told the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems during a hearing Friday.

Later in the hearing, when asked, Buckhout noted that DOD is essentially moving on from the original Cybercom 2.0 and will revamp it.

“DoD remains committed to being responsive to Congressional direction. Much analysis of various force generation challenges and models went into creating a draft implementation plan that was delivered to DoD leadership in March. The Department is currently evaluating whether that plan goes far enough to address this administration’s priorities, and we will adjust accordingly,” according to a department official.

Someone familiar with the situation also noted that the Trump administration wants a clear plan that can outmatch China, and what was submitted previously didn’t meet that standard in their eyes.

Such a relook isn’t completely surprising given the new administration and how late the plan was submitted to the last administration.

“It doesn’t surprise me if indeed, they’ve asked the command to take another look, because you have people in leadership roles inside the department at the White House, and others who may have some different views on specific aspects of what we’re looking to do or want to go further with certain aspects. I don’t think it’s uncommon if you have something that’s at the phase that this was where it really fell into the gap between two administrations,” Charlie Moore, former deputy commander of Cybercom and distinguished visiting professor at Vanderbilt University, told DefenseScoop.  

When Cybercom was first established, there were a lot of assumptions made about how it would operate, what resources would be shared by the NSA, as well as the relationships with the services and combatant commanders. Most of these initial assumptions have proven incorrect or the mission has evolved, according to sources. Having no choice, the command continued to operate while constrained by these assumptions. The Cybercom 2.0 effort is seeking to be the first of many steps to reshape the command into what is needed.

Lt. Gen. William Hartman, acting commander of Cybercom and performing the duties of the director of NSA, told the House Armed Services subcommittee last week that officials evaluated three models: the status quo, a Special Operations Command-like model and the creation of a separate Cyber Force military branch, with the preference being the SOCOM-like model.

While Cybercom was initially a sub-unified command under Strategic Command, which oversees U.S. nuclear weapons capabilities and doctrine — a flawed model for cyber, as history has borne out — officials have always maintained the best model for Cybercom was SOCOM: a combatant command with service-like authority.

Cybercom received enhanced budget authority from Congress that went into effect in March 2024, giving it oversight of cyber funds. Prior to that, the services were responsible for funding and procuring the resources and weapon systems the command relied upon. Hartman told the subcommittee that in fiscal ’24, the command managed over $2.5 billion.

Much of the Cybercom 2.0 effort was aiming to take advantage of those new service-like authorities and implement them, such as joint force trainer and improvements to the man, train and equip oversight functions over the services.

Officials have discussed improvements to how the services have been recruiting, retaining and training their cyber forces over the last year or so.

Congress also created the assistant secretary of defense for cyber policy position, which aims to act like a service secretary, much in the way the assistant secretary of defense for special operations and low-intensity conflict does for SOCOM.

There has been a growing chorus in recent years for the creation of a separate, standalone Cyber Force as proponents believe that is the only way to fix the issues facing Cybercom and cyber forces more broadly.

Rep. Don Bacon, R-Neb., chairman of the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems, expressed his preference for the SOCOM model but noted there are pros and cons to it, namely the fact that there needs to be service buy-in.

“That means they got to recruit, they got to provide trained people to the Cyber Command at a level that they need. They also got to develop cyber leaders within the promotion system and growing leadership. It’s gets at an earlier question I had — I’m not sure that we’re doing adequate there, but we got to have a full service buy-in to make this model work,” he said. “We were looking at all the general officers, all the services, trying to get a feel for just how much depth we have in the cyber career field. I really only spot one general officer that has extensive cyber experience before they became a general officer. Are we doing enough to develop our cyber leadership here? It seems like we’re low on cyber. We got a lot of depth in air, surface warfare, infantry, space, but the cyber area that there seems to be a shortage.”

Some have described what came out of the first Cybercom 2.0 effort as essentially status quo-plus, the result of what happens when trying to design by committee. The services have the ability to make the changes and accommodate the needs of the command, but that doesn’t always mean they have the desire or willingness to do so given the other competing priorities they’re dealing with, according to some observers, potentially laying the groundwork for and strengthening the case for an independent cyber service.

In his written statement to the House Armed Services subcommittee, Hartman said the Defense Department recently approved several concepts to update the command’s force design and the ways it builds and sustains specialization and expertise within the teams. They include ways of fielding new technologies rapidly and ensuring they are tested and scalable. The measures were prompted and facilitated by recent defense policy bills, Hartman wrote, on readiness and force generation that collectively gave the DOD the opportunity to modernize the cyber force and reshape the command.

Some lawmakers at last week’s hearing gave the witnesses a tough time regarding the change in approach for Cybercom 2.0 and how efforts to reach critical milestones and modernize have taken too long.

“I remain very concerned about the state of our cyber training and readiness. General Hartman’s statement noted that the service cyber components only recently attained ‘foundational readiness standards,’” Bacon said. “Foundational readiness has a very specific meaning, and the fact that it took us more than a dozen years to reach this point is not something to celebrate. To succeed in the cyber domain, we need far more than ‘foundational readiness.’ And I am particularly interested in hearing from you what you need to create and sustain a high level of readiness across the cyber warfare enterprise.”

The cyber mission force has faced constant readiness concerns from its inception. Designed around 2012, the running trope from leaders was they were building the airplane while flying it, an analogy they used when describing the construction of these forces. To meet readiness metrics, the services would sometimes double-count personnel, creating what one prominent think tank referred to as a “shell game.”

Ever since the advent of the Cybercom 2.0 effort, top command officials and service commanders have begun discussing the notion of mastery within the cyber force.

Hartman explained that there’s a more efficient training model to take a basic trained service member and create an expert through authorities granted by Congress.

“Instead of trying to do that across all the services, we do believe there’s an opportunity, using Cybercom service-like authorities, Cybercom joint force training authorities in order to build that mastery of the force. And we look forward to working with the services to do that,” Hartman said.

Some of that work has manifested itself in improving the training curriculum executed by each service, where Cybercom provides joint standards and the service schoolhouses train their cyber warriors that they feed to the command to those standards.

Previously, personnel often wouldn’t get all the training they would need at their schoolhouse prior to arriving at their operational units. Rather, digital warriors would get additional on-the-job training upon arriving at their unit. This was a contributing factor to readiness issues.

Now, some schoolhouses are trying to move that training to the left so personnel show up to their units better prepared to do their jobs.

The post DOD leadership asks for Cybercom 2.0 relook appeared first on DefenseScoop.

Since Cybercom was created a decade ago, it has been co-located with NSA at Fort Meade, Maryland, and shared a leader. At the time, this made sense to help the nascent command grow, relying on the personnel, expertise and infrastructure of the high-tech intelligence agency. The arrangement was initially expected to be temporary.

Severing the dual-hat has been one of the most hotly contested issues in cyber policy. Proponents believe the military can benefit from the unique intelligence insights and resources of NSA, leading to faster decision-making and operational outcomes. Opponents argue the roles of NSA director and Cybercom commander are too powerful for one person to hold and relying on the intelligence community’s tools — which are meant to stay undetected — for military activities poses risks to such espionage activity.

At the end of the first Trump administration, officials made a last ditch effort to sever the dual-hat, but it ultimately was not brought to fruition. Press reports prior to Trump’s inauguration for his second term indicated the administration wanted to end the dual-hat relationship.

There “is renewed speculation about the separation of the ‘dual-hat’ relationship between Cybecom and NSA, a construct that proves its value to our national security every minute of every day. This issue has been studied exhaustively but somehow there are still those who believe they know better,” Rep. Don Bacon, R-Neb., chairman of the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems, said in opening remarks during a hearing Friday. “I’ve spoken to my colleagues on this panel and our friends in the Senate, and on a bipartisan and bicameral basis, the Armed Services Committees are strongly opposed to ending the dual-hat relationship. I want to take this opportunity to make very clear to the Department’s leadership that if they believe they have allies on this issue who sit on the Pentagon’s congressional oversight panels, they do not.” 

Following the firing of Cybercom commander Gen. Timothy Haugh at the beginning of April, there was a feeling that the dismissal prepped the ground to split the dual-hat by nominating a civilian to lead NSA and a military officer to lead the command.

Bacon’s sentiment was shared by the subcommittee’s ranking member, Rep. Ro Khanna, D-Calif., on Friday.

“Let me reaffirm what you said about keeping our Cyber Command and NSA together. That is a bipartisan position, that is a position that we have discussed many times now, and people on this side of the aisle support you in that. It’s bicameral, it’s bipartisan. And you know, I just want to make that clear, because it keeps coming up and … because the support in the Congress is very strong for keeping the — those two departments together,” Khanna said at the hearing.

The issue was addressed on the Senate side over a month ago as well, with Sen. Mike Rounds, R-S.D., voicing support for the current arrangement.

“In wake of the various persistent cyber threats originating from the People’s Republic of China over the last two years, it is my firm conclusion that the importance of the dual-hat is as important today as it has ever been,” Rounds, chairman of the panel’s Cybersecurity Subcommittee, said during an April 9 hearing.

At that hearing, Lt. Gen. William Hartman, acting commander of Cybercom and director of NSA, told Rounds that the relationship between the two organizations allows the command to see what the adversary is doing.

“From my standpoint and senator, I’ve been sitting on the campus of the National Security Agency and Cybercom for most of the last 15 years. I’ve continued to see this partnership evolve. And our ability to execute increasingly more precise operations is fundamentally because the dual-hat allows me, in my current capacity, to move with the speed and agility and unity of effort that is required,” he said. “But it also forces leaders across the organization to collaborate, to do the hard work and to provide the best options for the national security of the country. That’s what I believe is the importance of the dual-hat, and that is really where I believe we’ve evolved.”

Concerned with the prospect of a premature split, in which Cybercom would not be ready to stand on its own, Congress has previously issued a prohibition on a breakup in leadership until certain metrics are met. They include, among others, that each organization have robust command-and-control systems for planning, deconflicting and executing military cyber operations and national intelligence operations — as well as ensuring tools and weapons used in cyber ops are sufficient for achieving required effects and that Cyber Command can acquire or develop these tools, weapons and accesses.

Gen. Dan Caine, chairman of the Joint Chiefs of Staff, told lawmakers at his confirmation hearing for the role in April that he believes the dual-hat should be maintained, agreeing with the findings of a 2022 study that found the role should be strengthened as well.

“The Dual-Hat arrangement provides the ability to look across both organizations and has empowered both USCYBERCOM and NSA to fulfill their missions better than each could do alone. It promotes agility and enables intelligence to be operationalized rapidly,” he wrote in response to advance policy questions from senators. “It also facilitates relationships with key foreign allies and partners in part because the corresponding foreign organizations with signals intelligence (SIGINT) and cyber operations missions are fully integrated, operating under a Dual-Hat leadership structure. The span of control, does however, place a burden on one leader.”

Ahead of his own confirmation hearing in January, Secretary of Defense Pete Hegseth wrote to senators that he would “bring these debates to conclusion, consult with Congress, and make final recommendation for the way ahead.”

The post Members of Congress vow not to split Cyber Command, NSA appeared first on DefenseScoop.

At press time, it still remains a public mystery why he and NSA deputy Wendy Noble (who was removed and reassigned) were fired from leading the largest intelligence agency — which produces the majority of the intel for the president’s daily brief — and the government’s main cyber warfare entity, Cybercom.

Chief Pentagon spokesperson released a statement late Friday afternoon that read: “The Defense Department thanks General Timothy Haugh for his decades of service to our nation, culminating as U.S. Cyber Command Commander and National Security Agency Director. We wish him and his family well.”

The websites of Cyber Command and NSA were updated Friday afternoon to reflect that Army Lt. Gen. William Hartman is now in charge of both organizations. Hartman had been the deputy commander of Cybercom. Although the commander is dual-hatted to lead both organizations, the deputy Cybercom commander is not part of NSA.

Those that spoke to DefenseScoop noted how rare it is for a sitting NSA director to be fired mid-term, especially absent any loss in confidence to command or a scandal. For context, the director wasn’t removed after the Snowden leaks came to light during the Obama administration.

Although the president does have the authority to remove officers like this, some observers have indicated it might not be a wise use of that power, and could create morale issues.

“I don’t recall an NSA director in recent memory being removed other than during the normal cycle,” said Jamil Jaffer, founder and executive director of the National Security Institute at the Antonin Scalia Law School at George Mason University, who held positions in the Bush White House, Department of Justice and was senior counsel to the House Permanent Select Committee on Intelligence for the Republican chairman Mike Rogers of Michigan. “When a well-regarded, four-star general is fired for no apparent reason — if in fact that’s what happened and even if it is legally permissible — that can have a massively detrimental impact on both ongoing operations and morale.”

Prior to taking office — and in successive confirmation hearings — Trump administration officials expressed an interesting in taking a more aggressive approach in cyberspace against adversaries in the face of high-profile intrusions of telecom firms and critical infrastructure that some say went beyond traditional espionage to prep the battlefield.

“General Tim Haugh is an outstanding leader and was doing a superb job at Cyber Command and National Security Agency. He was fired with no public explanation. This action sets back our Cyber and Signals Intelligence operations,” Rep. Don Bacon, R-Nebraska, the chairman of the House Armed Services Subcommittee on Cyber, Information Technologies, and Innovation and a former one-star Air Force general, said on X.

A slew of Democrat lawmakers issued statements Friday criticizing the administration’s move.

Sen. Jack Reed, D-R.I., the top Democrat on the Senate Armed Services Committee, expressed alarm and anger regarding the decision to fire Haugh — who was unanimously confirmed by the Senate to his role — and oust Noble.

“As the commander of Cyber Command, General Haugh led the most formidable cyber warfighting force in the world and kept our enemies up at night. President Trump has given a priceless gift to China, Russia, Iran, and North Korea by purging competence from our national security leadership,” he said. “I have long warned about the dangers of firing military officers as a political loyalty test. In addition to the other military leaders and national security officials Trump has fired, he is sending a chilling message throughout the ranks: don’t give your best military advice, or you may face consequences. The President must immediately explain himself to the American people.”

Reed was referring to assertions that political activist Laura Loomer urged President Donald Trump to fire certain officials due to their perceived disloyalty to him and his agenda. She wrote in a social media post Thursday night that Haugh and Noble were fired for being “disloyal” to Trump. In recent weeks, Trump also fired Chairman of the Joint Chiefs of Staff Gen. Charles “CQ” Brown and Chief of Naval Operations Adm. Lisa Franchetti, among other senior defense officials.

“It’s concerning, from a national security perspective, when a 9/11 truther is providing advice to the President on whether a four-star general ought keep his job as the head of the world’s premier signals intelligence agency,” Jaffer said regarding the allegations Loomer had something to do with Haugh’s ouster.

Others agreed with that sentiment.

“If this was tied to Loomer’s action, then preparing for a future war against China is taking a back seat to the fight against DEI and those perceived as not loyal enough to the regime,” said Jason Healey, a senior research scholar at Columbia University’s School for International and Public Affairs with a deep cyber background in the government and military. Healey previously served as a founding member of the Office of the National Cyber Director at the White House and worked at a U.S. military organization that was a precursor to Cybercom.

Sen. Roger Wicker, R-Miss., chairman of the Senate Armed Services Committee and Rep. Mike Rogers, R-Alabama, chairman of the House Armed Services Committee, did not respond to requests for comment.

“Silence, nothing but silence, from my once honorable colleagues in the GOP who just days ago sat with me in meetings on the Armed Services Committee praising GEN Haugh. Cowering before Trump and complicit in letting a lunatic upend their own national security team, they do nothing to stand up for our troops or our country,” Rep. Seth Moulton, D-Mass., wrote on X Friday.

Top Dems on the House Armed Services Committee issued a joint statement citing their concerns.

“Under [Haugh and Noble’s] leadership, the men and women of US Cyber Command and the National Security Agency have been at the tip of the spear in defense of our country against very real cyber threats, including ransomware extortionists and actors like Volt Typhoon and Salt Typhoon. Reports that the dismissals were due not to failure to execute their positions but, rather, being accused of being disloyal by a far-right conspiracy theorist are deeply disturbing,” said HASC ranking member Rep. Adam Smith, D-Wash., Rep. Ro Khanna, D-Calif., ranking member of the CITI subcommittee and Rep. Chrissy Houlahan, D-Penn., who has taken a keen interest in cyber issues.

Houlahan in a separate statement to DefenseScoop called the firing “inexplicable,” adding it “should leave us all feeling less safe today.”

“There have still been no consequences for anyone over the leaking of classified information over Signal – the real threat. This action—meant in some way to distract us from the Signal and gmail fiascos— to summarily remove the four-star General responsible for the National Security Agency and Cyber Command is chilling,” she said. “The American people deserve answers – now including why General Haugh was relieved of his duties. The case is not, in fact, closed.”

The post Firing of top cyber general ‘sets back’ US military and intel operations, makes America ‘less safe,’ lawmakers of both parties say appeared first on DefenseScoop.

The briefing, conducted by Gen. Timothy Haugh, commander of U.S. Cyber Command, and Ashley Manning, acting assistant secretary of defense for cyber policy, was the first for members of the chamber on the approved framework for the initiative known as Cybercom 2.0.

“The members of the [House Armed Services Cyber, Information Technologies, and Innovation] subcommittee are very engaged on the future direction of USCYBERCOM and the exchange was substantive and candid,” Rep. Don Bacon, R-Neb., chairman of the subcommittee, told DefenseScoop in a statement. “Secretary of Defense [Pete] Hegseth and General Haugh share the committee’s concerns that the status quo is not acceptable and that more must be done to develop DoD’s cyber force posture, capacity, and capabilities to match the strategic environment.”

Cybercom 2.0 is an ambitious plan first unveiled by former commander Gen. Paul Nakasone and other top DOD officials. It was meant to not only provide a holistic examination of the command and its forces to better posture it for the future — given its structure remained largely untouched since its inception over a decade ago in a less dynamic environment — but also bunch together multiple congressional reports that lawmakers required of the department in several annual defense policy bills.

Former Secretary of Defense Lloyd Austin approved a broad outline for Cybercom 2.0 in December, which encompassed four buckets, according to sources: a new force generation model for how each service provides cyber forces to Cybercom; a talent management model; an advanced training and education center to ensure forces are more ready when arriving to their units and have specialized training if needed; and a cyber innovation warfare center that could focus on rapid innovation and capability development.

Although Austin signed off on those four broad buckets, what they encompass must be fleshed out by an implementation team, which is working to deliver them in the coming months.

Cybercom and its force was set up over a decade ago before the emergence of many of the advanced threats that exist today. Thus, the command needs to modernize — particularly in a domain as dynamic as cyberspace — to meet those threats.

Moreover, the organization was granted enhanced budget authority last year, meaning it now has greater control over its forces, capabilities and budgeting. Many of the Cybercom 2.0 recommendations seek to build upon and accelerate how the command can use those new authorities.

Some lawmakers have expressed optimism for the 2.0 effort.

Cybercom 2.0 is not taking place in a political vacuum. The initiative is underway amidst a growing chorus of experts calling for an independent Cyber Force.

Some in Congress and outside government believe the current cyber model is too broken and the only way to deliver successful outcomes is to create a standalone military branch focused solely on cyber that can recruit, train, retain and fill billets for Cybercom, as opposed to the existing services continuing to do that on top of the myriad other warfighting focuses they have.

A provision for an independent assessment of a potential Cyber Force passed both chambers of Congress last year during the annual defense policy bill process, but was eventually watered-down to strip some of the key language such as a deadline for the study and placing a larger focus on alternative models for cyber forces rather than solely focusing on an independent armed service.

One of the authors of that provision in the House, Rep. Morgan Luttrell, R-Texas, told reporters last month that he’ll be pushing again this year to ensure the study gets done.

Other news outlets have noted that several lawmakers plan to keep pushing officials on the results of the study this year, ensure it is completed and evaluate what they need to further examine based on the findings.  

The post House lawmakers receive first briefing on Cybercom 2.0 model appeared first on DefenseScoop.

“I’m seeing a lot of talk, a lot of thinking going on behind closed doors. I don’t see the output, the actual combat capability output that we need in EW. We’re not there yet,” Rep. Don Bacon, R-Neb., a retired electronic warfare one-star general with the Air Force, said Tuesday during an event hosted by the Hudson Institute. “A lot of planning, not a lot of output. We’re just too slow.”

At the end of the Cold War, the DOD largely divested much of its high-end electronic warfare capabilities.

The Department of Defense has made a lot of progress within the last few years rebuilding its prowess within the spectrum.

Much of that progress, has been due to congressional prodding, Bacon argued, however.

“If it wasn’t for Congress, any progress we made in the last six or seven years, I don’t think would happen. The military was not interested, generally, in putting someone in charge, new strategy, funding lines. It was us mandating it in the [National Defense Authorization Act]. A lot of times the military doesn’t like congressional interference. In this case, we did some good,” Bacon said. “We would’ve not had the great results if it wasn’t for Congress. It wasn’t the DOD coming in saying here’s our plan for EW. No, it was [us] coming in saying we’re going to add four aircraft here, we’re going to protect this fleet, we’re going to do this, that.”

Former officials have also acknowledged that without Congress, certain necessary changes – such as directing strategies, organizations, point people and command and control relationships – likely would not have occurred.

With certain progress being made on the organizational and administrative side, Bacon is now turning his attention towards capabilities, or lack thereof.

“My main concern is it’s well and good to have the [Joint Electromagnetic Spectrum Center], a strategy and doctrine [but] until you start actually seeing, I’ll call it, iron, capability, the ability to put military capabilities out in the field, then it’s all talk,” he said.

The Army, for example, has been working for much of the last decade to rebuild its capabilities – in the sensing, command and control, and offensive realm. Aside from urgently needed systems that were rapidly delivered to certain theaters to fill gaps relative to threats, the Army has not had an offensive jammer program of record. Units will start to get the first program of record system in the next year or so.

Similarly, the Navy has been working to field one of its mainstay modernized capabilities, the Next Generation Jammer, for several years with the first variant awarded in 2016.

Bacon noted that the U.S. military is too bureaucratic, slow and top-heavy, which has led to delays in capabilities.

“We’re going to have to keep pushing until they start leading in this area. Unfortunately, that’s how I perceive it,” he said regarding what Congress can do to address these gaps.

Officials in the past have noted that these invisible electronic tools must harness the power of software to be more rapidly fielded and adaptable.

However, according to Bacon, some of the services just aren’t budging for these capabilities.

“One of the services, I’m trying to be nice, gave us a brief saying this is the capability we need to counter our threats in Asia. I go ‘How much are you budgeting for it?’ It was zero. There’s a disconnect there,” he said. “Until they can come in and say this our need and here’s our plan to get there, here’s how we’re spending the money, it’s just all talk. I feel compelled that we have to keep pushing them until they’re leading on this. I just haven’t seen it yet.”

Bacon recognized the difficulties with finite budgets and other priorities, but from his perch, “what they’re really saying is ‘OK we need this capability but we’re not going to spend it.’ Pretty much asking us to find a way to do it for them.”

The post DOD too slow in fielding EW capabilities, prominent congressman says appeared first on DefenseScoop.