The proposals are part of each chamber’s version of the annual defense policy bill, the National Defense Authorization Act for fiscal 2026.

According to the Senate Armed Services Committee’s version, DOD must conduct a study on force employment of cyber in support of combatant commands and evaluate establishing Joint Task Force-Cyber elements across those geographic combatant commands.

A proposal in the House, offered by Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems chairman Rep. Don Bacon, R-Neb., requires a similar evaluation, though focused specifically on the Indo-Pacific Command area of responsibility.

According to Bacon, the military is not properly organized for the current cyber conflict.

“Since becoming Chairman of the Subcommittee, I’ve grown increasingly concerned that we are not correctly organized for the cyber fight we find ourselves in today, let alone a more complex and consequential future fight. Our Cyber Command does great working national threats, but I want to ensure our Cyber team is postured right for a potential fight with China over Taiwan,” he said in a statement.

He said he plans to push for the establishment of a Joint Task Force-Cyber — not merely an evaluation — when both chambers of Congress convene to reconcile their bills.

“If we accept the reality that we are already in hostilities with our principal adversary in cyberspace, then there is no time to waste,” Bacon said.

Bacon also pointed to the fact that this is not a new issue. In the fiscal 2023 NDAA, Congress required the creation of a similar organization — a Joint Task Force — in Indo-Pacom to support joint operations in the kinetic space before conflict, because the military was not sufficiently acting jointly, in lawmakers’ view.

Sources indicated that construct has worked well so far and these proposals could mirror that on the non-kinetic side.

Moreover, a classified DOD Inspector General report that examined the effectiveness of Indo-Pacom and Cyber Command’s planning for offensive cyberspace operations and Cybercom’s execution of offensive cyberspace ops in support of Indo-Pacom’s plans, recommended the creation of a Joint Task Force-Cyber, according to someone familiar. That examination began in 2023.

Congress has in several previous NDAAs asked for studies and evaluations on how Cybercom’s headquarters elements are organized and how it employs cyber capabilities effectively. Sources indicated these proposals are likely, in part, an indication that lawmakers aren’t pleased with either the responses from the Defense Department, or there has been a lack of response from DOD.

If realized, the creation of joint task forces for cyber at the combatant commands could potentially lead to a complete restructure for how operations are conducted, according to sources.

How cyber operations are conducted

Ultimately, these proposals could end up giving more oversight and control of cyber operations to the geographic combatant commanders.

Unlike the other domains of warfare, there still is no cyber component command at the geographic combatant commands. Each component command — land, air and maritime — is responsible for commanding and coordinating the forces under their domain on behalf of the four-star combatant commander, who has the ultimate authority on how and which forces are employed for particular operations.

Cyber, however, is different.

Since Cybercom established its cyber mission force over 10 years ago — the 147 teams that the services provide to Cybercom to conduct cyber operations — digital forces and capabilities are employed through what the command calls Joint Force Headquarters-Cyber.

These entities are commanded by the heads of the service cyber components and are assigned particular combatant commands to provide planning, targeting, intelligence, synchronization, and command and control of cyber capabilities.

Joint Force Headquarters-Cyber Army is responsible for Central Command, Africa Command and Northern Command. Joint Force Headquarters-Cyber Navy is responsible for Indo-Pacom, Southern Command and United States Forces Korea. Joint Force Headquarters-Cyber Air Force is responsible for European Command, Space Command and Transportation Command. Joint Force Headquarters-Cyber Marine Corps is responsible for Special Operations Command. DOD Cyber Defense Command, formerly Joint Force Headquarters-DOD Information Network, is the coordinating authority for Transportation Command.

None of the these entities were designed to be identical.

Moreover, there is also the Cyber National Mission Force, a sub-unified command under Cybercom, which is responsible for defending the nation against significant digital threats and is thought to possess the most elite cyber operators. It is a global entity aligned in task forces assigned to different threat actors, which means they are also operating within the areas of responsibility for geographic combatant commands.

Given Cyber National Mission Force’s global mission, the commander of Cybercom can conduct operations in a particular theater based on his priorities and mission sets. While this may be coordinated with the regional commander, they don’t necessarily have to ask for permission, in what could be seen by the geographic combatant commander as infringing on their area of operations.

The geographic combatant commanders don’t have as much control over cyber forces in their regions as they do for the physical or kinetic forces. The cyber teams are controlled by the JFHQ-Cs through Cybercom. Moreover, Cybercom has the ability to reorganize and realign forces around as they see fit against different priorities and threats, though, this is usually done in consultation with the combatant commands.

Cybercom, not the combatant commands themselves, approves the cyber operations for the regional commands, which includes interagency coordination.

Approvals for cyber ops flow through the commander of Cybercom, not the geographic combatant commands themselves, which includes interagency coordination.

Taken together, sources indicated these could all be seen as a loss of control for the geographic combatant commanders, who are responsible for running the operations in their regions and typically have oversight of their forces. Some have argued that the regional combatant commanders should have control and oversight of all the forces in their geography.

Sources indicated tensions exist in this construct with a regionally focused combatant command and a globally focused combatant command that has a high-demand, low-density asset in cyber.

“I think what you’re seeing is the tension that exists today between having Cybercom forces that really, at the end of the day, are controlled by the Cybercom commander in general support to the other Cocoms versus having that combatant commander have full control,” a former military cyber official told DefenseScoop.

Others indicated the creation of a joint task force is a natural evolution for the command and control of cyber forces.

Indo-Pacom, in particular, poses a unique challenge with all the cyber forces operating within its area of responsibility.

There are combat mission teams that conduct cyber operations on behalf of combatant commands, mostly in the offensive sphere, coordinated by Joint Force Headquarters-Cyber Navy, Joint Task Force-Ares — which initially was a counter-ISIS cyber task force but shifted four years ago to focus more on nation-states, particularly in the Pacific region — run by Marine Corps Force Cyberspace Command — as well as teams from the Cyber National Mission Force.

For those reasons, the command and control of these forces must be under a single chain of command. Those forces could be packaged together and work for the Indo-Pacom commander, the former officials posited when discussing a potential future scenario, and then the Indo-Pacom commander would have full control over them, a departure from the situation today.

For Indo-Pacom, everything is on island, a second former military cyber official said, meaning where their Hawaii headquarters are located. Indo-Pacom wants everyone on island with them so capabilities can be better integrated, they added.

Experts and former officials noted that a Joint Task Force-Cyber structure would likely clean up command and control lines for the employment of cyber.

Those that spoke to DefenseScoop noted combatant commands could see this as enhancing simplicity and speed.

In a future conflict, decisions will have to be made at unprecedented speeds, as seen in the Ukraine-Russia war.

However, the global nature of cyberspace and actors could complicate such an arrangement where the regional commander has more control.

China, for example, is a global threat actor and taking control from Cybercom could lessen its ability to surge or act in other regions. If there is a global threat versus a regional threat, officials would have to figure out what takes priority, who makes the decision and who has the authority to re-direct cyber forces to address them, a third former military cyber official posited.

Questions and resource constraints

Experts raised several issues that should be addressed with the potential formulation of joint task forces for cyber at the combatant commands, posing questions that should be answered in an evaluation for their necessity or creation.

One concern is whether the assessment for the creation of a Joint Task Force-Cyber is fair when balanced against what Cybercom has been doing over the last couple of years.

Cybercom has continued to reevaluate how it conducts cyber operations over the years.

Discussions in recent years inside the command have also focused on creating task forces that would be assigned against particular threat actors. This would potentially allow cyber forces to transcend the geographic boundaries given cyber threat actors are global.  

The drafting of this legislation, however, signals that the current processes can be done better.

Would a new process create more hurdles or would it enable greater simplicity?

“You have to ask yourself with what we’ve designed today, is it simple … Simplicity, speed, precision, clarity, these kind of things are really important in a fast fight for C2. And you could offer that’s not necessarily the case with the current design,” the first former official said. “Is the juice worth the squeeze?”

The third former official noted it’s important to ask what problem is this trying to solve? What is this a joint task force to do? Is this an authorities issue, is it a cyber mission force capacity issue, or what are the combatant commands not getting that they need from Cybercom?

Some of these issues could be wargamed or worked out through table top exercises, they noted.

For many officials, an education gap still exists where combatant commands still don’t always know how to employ the JFHQ-Cs or what to ask for from Cybercom. Some of this is relationship and personality based and can differ based on each organization.

About eight years ago, Cybercom began to create planning cells — Cyber Operations-Integrated Planning Elements (CO-IPEs) — located within the staffs of the geographic combatant commands to help them with synchronization and planning given the JFHQ-Cs are at remote locations.

While the CO-IPEs were designed to assist in planning and understanding how to employ cyber operations, they still haven’t all matured effectively to provide all the necessary answers and planning requested.

According to the third former official, some of the geographic combatant commands are probably saying, “I just don’t have the authority.”

They pushed back on that assessment, noting if the combatant commands asked for something, they’d likely get it, but an educational issue on both sides of the problem exists.

Another model could be to bolster the CO-IPEs to mirror Special Operations Command’s theater special operations commands (TSOCs), which are small teams and how special operations forces are employed in geographic combatant commands.

These entities can act as a connective tissue between seams in geographic regions and anticipate which threats may need more resources. They can provide command and control for running operations, if needed. CO-IPEs are currently only for planning and have no command and control functions.  

Another option could be to co-locate the cyber forces within the JTF within the combatant command. Currently, only the CO-IPE is embedded in the geographic combatant command staff. The JFHQ-C and cyber forces conducting the operations are at remote locations, not directly within the geographic combatant command they’re supporting.

But part of the challenge with the way the legislation is written is if Congress wants a Socom model, lawmakers would establish a TSOC equivalent for a Cybercom forward element or cyber element for forces in theater and not a Joint Task Force-Cyber, one of the former officials said. The reason that doesn’t exist today, they added, is the control is done in the rear of the CO-IPE and they conduct the integrated planning with the combatant command staff forward.

“I don’t think Cocom commanders are happy with that. I think they want the control,” the official suggested.

Other key questions surround resources. Oftentimes when there’s a new problem, organizations stand up a new headquarters, but nobody gets any more people, one of the former officials pointed out.

Of note, given each Joint Force Headquarters supports multiple combatant commands, in many cases officials within those organizations wear multiple hats. For example, a service cyber component might have an integrated operations staff that does everything for all their Joint Force Headquarters.

If each combatant command creates a Joint Task Force-Cyber and the Joint Force Headquarters go away — something that isn’t necessarily clear based on the legislation proposed — where do the new joint task force personnel come from? Are those staff that wore multiple hats ripped apart, some sources asked.

Setting priorities

One of the other aspect driving an assessment to create a new joint task force construct is to help drive more emphasis on the combatant command cyber forces and capabilities.

According to a congressional staffer, there was a sense that there was neglect for the combatant command-related cyber capabilities in favor of the Cyber National Mission Forces that defend the nation.

It comes down to prioritization and resources. The Cyber National Mission Force has a global mission and there is a lot of prioritization that goes to them, but that doesn’t mean the other teams aren’t working, former officials said.

With limited resources, what gets the focus? Are they things that are important to Cybercom or the geographic combatant commands, one former official asked, noting they could see an argument coming from a combatant command asking is Cybercom doing things that are of the most interest to that combatant commander or are they working on things that are of less interest to them, but of more interest to Cybercom, which are typically CNMF targets.

The post Congress pushing Joint Task Force-Cyber, shaking up how DOD employs digital capabilities appeared first on DefenseScoop.

“I also have learned that within the executive branch there are very limiting rules of engagement on what Cyber Command can do in response,” Rep. Don Bacon, R-Neb., said during a June 12 House Armed Services Committee hearing.

Bacon serves as the chair of the panel’s subcommittee that oversees Department of Defense cyber operations, forces and policies, giving him unique insights into this matter.

“I’m the chairman of the committee and I’ve talked to multiple layers, they are restricted based off the rules of engagement. Maybe they’re appropriate. I just hope we relook at them because if China can attack our energy grid, our Wall Street grid, our hospitals, I think we should be reviewing, okay, is our responses adequate? I just want to submit that for you to think about and consider,” he told the committee’s witnesses that day, Secretary of Defense Pete Hegseth and Chairman of the Joint Chiefs of Staff Gen. Dan Caine.

He implored them to review the current rules of engagement and consider if they need to be revamped.

In a statement, he later emphasized that while Russia and China are infiltrating systems, rules of engagement are hindering U.S. Cyber Command from responding properly, urging a more aggressive posture.

“China has surpassed Russia as our biggest cyber threat. With malicious intent, they’re attempting to – and largely succeeding in – infiltrating everything from our energy grid and cell phones to our financial institutions, and health care networks. While we have good cyber intelligence, China is no longer deterred in the cyber domain, and I believe our own rules of engagement are holding us back,” Bacon said. “We need to start imposing heavy costs on these cyber actors, including nation states like China and Russia, to establish better cyber deterrence. In some cases, this could mean allowing Cyber Command to fight fire with fire, in other cases this might mean applying targeted non-cyber response like significant economic or diplomatic sanctions or perhaps covert action. Regardless of how we do it, I think everyone can agree that the status quo (of continued cyber attacks) is not acceptable or sustainable: some level of cyber deterrence has to be established.”

When asked if DOD is reviewing its rules of engagement for cyberspace, a department spokesperson on Friday said they had nothing to announce.

For many years, restrictive rules of engagement and improper analogies handicapped the military’s ability to conduct cyber operations. It used to be that U.S. military offensive cyber actions were considered on par with nuclear weapons in terms of requiring presidential sign-off for employment, for fear that effects could lead to escalation and possibly unintended consequences.

The nuclear analogy proved to be a flawed model for cyber, as history has borne out. In 2018, a series of congressional and executive actions cleared the way for smoother cyber operations approval. Those included a clarification that cyber action is a “traditional military activity,” removing interagency barriers that might have previously required an exemption to the covert action statue, effectively allowing Cybercom to operate more freely. Congress also included what essentially boiled down to an authorization to use force in cyberspace against Russia, China, North Korea or Iran to “disrupt, defeat, and deter … active, systematic, and ongoing campaign of attacks against the Government or people of the United States.”

On the executive branch side, the first Trump administration repealed the Obama administration era policy for approvals, issuing what was known as Nation Security Presidential Memorandum-13, which delegated authorities to the secretary of defense to conduct timely cyber operations. The still classified policy also included components to deconflict cyberspace with other government agencies to avoid fratricide among different organizations and equities.

“In line with the shift to a more proactive cyber strategy … NSPM-13 enables faster, more agile decision-making better adapted to the strategic threat. It does so not only by allowing delegations of authority, but by reinforcing those delegations with a coordination and approval process run by the delegee, not the NSC,” Gary Corn, director of the Technology, Law and Security Program and an adjunct professor of cyber and national security law at American University and former Staff Judge Advocate at Cybercom, wrote in a paper in 2021.

Prior to 2018, the military conducted very few cyber operations. Some experts that spoke to DefenseScoop noted that the primary restriction and limitation to engage in offensive cyber action was the lack of clear authorities, but after 2018 it was the lack of a sufficient man, train and equip function to present Cybercom with enough trained, capable personnel to carry out the mission.

The second Trump administration’s pick for assistant secretary of defense for cyber policy noted last month in her confirmation hearing that it’s likely time to begin reassessing some of these authorities from 2018.

“The cyber domain is continuing to evolve and the one constant that I’ve seen in being involved in this domain for over two decades is that the rate of change is exponential. My top priority if confirmed in this role will be to address this change with speed and agility in the department,” Katie Sutton told the Senate Armed Services Committee in May. “As you’re well aware, in 2018 there was a series of activities that enabled the offensive posture that the department is undergoing today; both establishment by President Trump of NSPM-13, the process to do cyber operations, as well as this committee’s definition of traditional military authorities for cyber. I believe we’re at a point where we need to reevaluate those and make sure that we’re postured to be able to respond to the increasing speed of cyber attacks and that we are able to address the incoming impacts of AI.”

Sutton served as a staff member on the Senate Armed Services Subcommittee on Cybersecurity and most recently chief technology advisor to the commander and director of Pentagon operations at Cybercom, giving her relevant insights into cyber operations.

Despite some criticism regarding the current rules of engagement, officials have indicated new rules have significantly increased the ability to conduct cyber operations.

“NSPM-13 is a repeatable, sustainable, agile process that is recognized across the Department of Defense and across the interagency that allows us to move at the speed and agility that’s required based on our intelligence, based on operational requirements, and it has increased our ability to execute cyber operations tenfold,” Lt. Gen. William Hartman, acting commander of Cybercom, told a Senate subcommittee during an April hearing.

Sources that spoke to DefenseScoop noted that after the first Trump administration gave new authorities, the Biden administration came into office with some folks that worked in the Obama White House, and there was still resistance to some actions in cyberspace — which led to efforts to walk back what the Trump team had put in place.

As President Donald Trump was coming back into power for his second term, officials associated with the transition and administration vowed a top priority would be a more aggressive posture in cyberspace to respond to a bevy of activity against the U.S., namely from China.

According to some, while there are standing rules of engagement for combatant commands to respond with force if necessary, cyber is a bit different given the risk profile and some policymakers’ lack of understanding about the digital realm.

As such, over time, certain presidential polices have limited that pre-authorization to use offensive measured except under certain defined circumstances, according to sources.

Legal experts agreed that the president has authority to act as commander-in-chief and respond to activities in America’s self defense. However, for some, response in cyber is a little more opaque.

“There’s been longstanding policy that, consistent with international law, if somebody starts shooting at us, we can shoot back. That is murkier in cyber because of a number of factors, part of which is less than clear lines in international law about what the thresholds are and what types of cyber activities cross those thresholds, and also concerns about escalation dynamics and risks,” Corn said in an interview. “We’ve gotten better at the risk side of it as compared to 10 years ago when there were lots of senior officials who were talking about any out-of-network cyber operations in terms of nuclear conflict.”

Speeding up decision space

One way in which operations under the current framework could be slowed down is if activity needs to be coordinated across the interagency at a time when most civilian government employees are offline and away from their desks.

Cybercom operates 24/7, monitoring threats across the globe and planning for operations. If something were to happen in the middle of the night or on a weekend and the command wants to coordinate with the interagency on the target set to be a good partner, the command could be in a situation where the options are to either violate the framework to complete the mission or delay until personnel are back at work, a former military cyber official explained.

This type of setup can also affect the command’s ability to campaign in cyberspace, that is, looking at sustained and persistent activity to set conditions rather than just conduct one-off operations. The current framework has allowed for those types of one-off engagements, but can hinder ongoing campaigning efforts that require persistence, the former official noted.

Going faster might not necessarily be about changing the framework itself as much as evaluating coordination across the interagency at a faster pace.

“[A]n effective decision-making process should be designed to aid the designated decision-maker in rendering a decision. A process that allows participants to effectively usurp decision authority without the attendant accountability is a design flaw, not a feature,” Corn wrote in 2021. “Imposing process for process’ sake is a fool’s errand, unless the objective is to drive interminable debate and bureaucratic inertia. Process is a means to an end, not an end in itself, and so it should always be designed to fulfill an objective. In the case of national security decision-making, the objective is to achieve the most well-informed decision possible under a given set of circumstances, including acceptable risk parameters and time available. The increasingly complex, fastmoving, and dynamic nature of modern national security threats requires disciplined decentralization of action consistent with centralized intent.”

Also at play now and especially into the future is the speed at which adversaries will likely execute operations employing AI and machine learning capabilities.

Experts referred to the notion of machine-on-machine competition in the future, necessitating the requirement to operate at high speed and be effective in defense and offense. The question for policymakers is if the current policy framework meets those challenges.

As such, some experts noted the need to relook cyber authorities on a more frequent basis than other areas of military operations given the dynamic environment and shifts in tactics.

“Cyber is definitely an area where authorities need to be looked at more frequently than the kinetic space. Obviously, not the idea of layering on more statutory or executive level guidance, but for tightening the OODA [observe, orient, decide and act] loop and coming up with ways to provide the higher level transparency and control that has to be there without sacrificing too much operational capability,” Tom Wingfield, a senior international and defense researcher in RAND’s Department of Defense and Political Sciences who served as deputy assistant secretary of defense for cyber policy from 2019 to 2021, said in an interview. “Part of that would need to be looking at the role AI can play in providing that transparency and tightening the OODA loop. There’s a lot of opportunity there to know what we’re talking about and to build in limitations so that we don’t have clunky 20th century techniques for reporting and waiting for permission.”

Corn noted that there’s a need to constantly assess if authorities and policies are fit for purpose given the risk environment, but acknowledged that lawmakers helped clarify some things a few years ago.

“What Congress did in the end of 2018 was more about clearing some hurdles that were perceived to exist in law from a domestic law perspective, like lifting a potential interagency objection to something that would constitute covert action versus a traditional military activity,” he said.

Ultimately, the more operations cyber forces conduct, the more comfortable national level leadership will be, similar to many of the other domains of warfare.

“The three main problems that really drive most of the oversight [in cyber] are first, the ability to know what needs to be hit. The second is having a weapon or an access that’s able to hit it. And the third is the ability to limit the knock-on effects of that attack to just the immediate area of the attack,” Wingfield said. “Each of those three things is a capability that, as it gets sharpened, would require less oversight and fewer packing peanuts around an operation. So as you do those three specific things better, then you can move much more quickly, much more like the kinetic areas of warfare.”

The post Are DOD’s rules of engagement in cyberspace too limited? appeared first on DefenseScoop.

At the end of the Cold War, many of the services divested of their capability within the electromagnetic spectrum. Now, these technologies are at a premium and in high demand for jamming enemy communications, navigation and missiles while protecting against the same. Adversaries have invested heavily in this area following U.S. divestment, forcing a sprint to reinvigorate American EW prowess.

“We’ve made some progress this year [but] here’s my concern: there’s a lot of studies and there’s a lot of paper, but paper doesn’t jam and paper doesn’t hit missiles,” Rep. Don Bacon, R-Neb., said Tuesday during an event hosted by the Mitchell Institute for Aerospace Studies. “We need to have more capability output, and I’m just not seeing enough of it right now.”

Bacon chairs the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems and is a retired one-star Air Force general who specialized in electronic warfare.

He observed that what’s been learned from military history is that when nations feel dominant, they walk away from electromagnetic spectrum capabilities — thinking they might not be necessary — as was seen at the end of the Cold War when the United States was the sole superpower.

“If you’re very dominant, EW is an unnecessary expense. But if you think you’re going to be in a very tough fight, electronic warfare is critical to saving lives,” he said, adding: “We walked away from [it] in the ’90s and we put very little emphasis” on it. As a result, those capabilities atrophied.

The electromagnetic spectrum should have the same importance placed on it as the other domains of warfare, he suggested, despite not being considered a domain itself.

“We need to talk like we do air power, sea power, the ground, cyber … Just like air, we want to control the air, deny [it] to the bad guys — we got to have that same mindset for the spectrum. That means you need attack capabilities. We got [to] also have the defensive measures,” he said, noting the U.S. dominated in the electromagnetic spectrum when he was a brand new EW officer.

As a one-star in the Pentagon, when he sought resourcing for electronic warfare, officials would tell him there wasn’t enough to go around because other assets, such as the F-35, KC-46 or new intercontinental ballistic missiles, were higher on the priority list, he recalled.

Similarly, the Air Force is slated to only have 12 EA-37B Compass Call aircraft, which boasts cutting-edge capabilities to degrade and disrupt adversary communications, information processing, navigation and radar systems.

Air Combat Command officials say they need 22 of those systems, Bacon said, while others have noted they’d like more platforms for their regions, which contributes to resource constraints in the EW environment.

The Army, for its part, has been on a decade-long journey to rebuild its arsenal. Amid fits and starts, it has sought to cancel or reapproach several programs after years of development, having delivered its first program-of-record jammer only last year, awarding a system tested by Special Operations Command. The service is now looking to move faster in the electronic warfare realm, seeking to utilize agile funds to stay ahead of threats and buy commercial as much as possible.

Bacon has also made it a priority during his years in Congress to drive the services and DOD to identify personnel in charge of EW for accountability.

“When I first came in [Congress] in 2017, I’d go [to] a service, I’d go, ‘who’s in charge of EW?’ say, for the Army or Navy or the Air Force. They would say ‘it’s the vice chief of staff.’ Well, he or she is in charge of a lot of things,” Bacon said at the Mitchell Institute event. “We need somebody at the one- or two-star level to have that accountability.”

He noted progress on that front with leadership at the joint level, both on the Joint Staff and with a new Joint Electromagnetic Spectrum Operations Center at Strategic Command, as well as joint electromagnetic spectrum operations cells resident within each combatant command to help plan and integrate EW into operations.

“I feel like we’ve made a lot of strides in giving people responsibility and knowing who exactly we hold accountable,” he said.

Bacon also noted progress on getting the Pentagon to develop an EW strategy and implementation plan.

The post Top lawmaker wants more progress on EW capabilities across services appeared first on DefenseScoop.

Cybercom 2.0, as the effort is known, is an ambitious plan first unveiled by former commander Gen. Paul Nakasone and other top DOD officials, spurred largely by a report requested by Congress in the fiscal 2023 annual defense policy bill to evaluate how Cybercom generates its forces.

In addition to responding to reports required by lawmakers, the initiative was meant to provide a holistic examination of the command and its forces to better posture them for the future, serving as the first major update since Cybercom was formed over 10 years ago when many sophisticated threats and challenges in cyberspace did not exist.

Former Secretary of Defense Lloyd Austin approved a broad outline for Cybercom 2.0 in December 2024, which encompassed four buckets: a new force generation model for how each service provides digital warriors to Cybercom; a talent management model; an advanced training and education center to ensure troops are better prepared when they arrive at their units and have specialized training if needed; and a cyber innovation warfare center that could focus on rapid innovation and capability development.

Those items had to be fleshed out by an implementation plan team. Upon coming into office, Secretary of Defense Pete Hegseth ordered the team to expedite their implementation plan in 45 days. The updated plan was delivered March 21. It had been held up within the Office of the Secretary of Defense because there was some pushback and it wasn’t being well-received.

Now, leadership is asking officials to reevaluate some components.

“We think that 2.0 was a great effort to improve our workforce, management and retention. We have taken another relook and decided that we think it needs even more work. We consider cyberspace as important as you do. We really appreciate your continued emphasis on that matter, so we have decided to do a deeper look and make it a better product,” Laurie Buckhout, the official performing the duties of assistant secretary of defense for cyber policy, told the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems during a hearing Friday.

Later in the hearing, when asked, Buckhout noted that DOD is essentially moving on from the original Cybercom 2.0 and will revamp it.

“DoD remains committed to being responsive to Congressional direction. Much analysis of various force generation challenges and models went into creating a draft implementation plan that was delivered to DoD leadership in March. The Department is currently evaluating whether that plan goes far enough to address this administration’s priorities, and we will adjust accordingly,” according to a department official.

Someone familiar with the situation also noted that the Trump administration wants a clear plan that can outmatch China, and what was submitted previously didn’t meet that standard in their eyes.

Such a relook isn’t completely surprising given the new administration and how late the plan was submitted to the last administration.

“It doesn’t surprise me if indeed, they’ve asked the command to take another look, because you have people in leadership roles inside the department at the White House, and others who may have some different views on specific aspects of what we’re looking to do or want to go further with certain aspects. I don’t think it’s uncommon if you have something that’s at the phase that this was where it really fell into the gap between two administrations,” Charlie Moore, former deputy commander of Cybercom and distinguished visiting professor at Vanderbilt University, told DefenseScoop.  

When Cybercom was first established, there were a lot of assumptions made about how it would operate, what resources would be shared by the NSA, as well as the relationships with the services and combatant commanders. Most of these initial assumptions have proven incorrect or the mission has evolved, according to sources. Having no choice, the command continued to operate while constrained by these assumptions. The Cybercom 2.0 effort is seeking to be the first of many steps to reshape the command into what is needed.

Lt. Gen. William Hartman, acting commander of Cybercom and performing the duties of the director of NSA, told the House Armed Services subcommittee last week that officials evaluated three models: the status quo, a Special Operations Command-like model and the creation of a separate Cyber Force military branch, with the preference being the SOCOM-like model.

While Cybercom was initially a sub-unified command under Strategic Command, which oversees U.S. nuclear weapons capabilities and doctrine — a flawed model for cyber, as history has borne out — officials have always maintained the best model for Cybercom was SOCOM: a combatant command with service-like authority.

Cybercom received enhanced budget authority from Congress that went into effect in March 2024, giving it oversight of cyber funds. Prior to that, the services were responsible for funding and procuring the resources and weapon systems the command relied upon. Hartman told the subcommittee that in fiscal ’24, the command managed over $2.5 billion.

Much of the Cybercom 2.0 effort was aiming to take advantage of those new service-like authorities and implement them, such as joint force trainer and improvements to the man, train and equip oversight functions over the services.

Officials have discussed improvements to how the services have been recruiting, retaining and training their cyber forces over the last year or so.

Congress also created the assistant secretary of defense for cyber policy position, which aims to act like a service secretary, much in the way the assistant secretary of defense for special operations and low-intensity conflict does for SOCOM.

There has been a growing chorus in recent years for the creation of a separate, standalone Cyber Force as proponents believe that is the only way to fix the issues facing Cybercom and cyber forces more broadly.

Rep. Don Bacon, R-Neb., chairman of the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems, expressed his preference for the SOCOM model but noted there are pros and cons to it, namely the fact that there needs to be service buy-in.

“That means they got to recruit, they got to provide trained people to the Cyber Command at a level that they need. They also got to develop cyber leaders within the promotion system and growing leadership. It’s gets at an earlier question I had — I’m not sure that we’re doing adequate there, but we got to have a full service buy-in to make this model work,” he said. “We were looking at all the general officers, all the services, trying to get a feel for just how much depth we have in the cyber career field. I really only spot one general officer that has extensive cyber experience before they became a general officer. Are we doing enough to develop our cyber leadership here? It seems like we’re low on cyber. We got a lot of depth in air, surface warfare, infantry, space, but the cyber area that there seems to be a shortage.”

Some have described what came out of the first Cybercom 2.0 effort as essentially status quo-plus, the result of what happens when trying to design by committee. The services have the ability to make the changes and accommodate the needs of the command, but that doesn’t always mean they have the desire or willingness to do so given the other competing priorities they’re dealing with, according to some observers, potentially laying the groundwork for and strengthening the case for an independent cyber service.

In his written statement to the House Armed Services subcommittee, Hartman said the Defense Department recently approved several concepts to update the command’s force design and the ways it builds and sustains specialization and expertise within the teams. They include ways of fielding new technologies rapidly and ensuring they are tested and scalable. The measures were prompted and facilitated by recent defense policy bills, Hartman wrote, on readiness and force generation that collectively gave the DOD the opportunity to modernize the cyber force and reshape the command.

Some lawmakers at last week’s hearing gave the witnesses a tough time regarding the change in approach for Cybercom 2.0 and how efforts to reach critical milestones and modernize have taken too long.

“I remain very concerned about the state of our cyber training and readiness. General Hartman’s statement noted that the service cyber components only recently attained ‘foundational readiness standards,’” Bacon said. “Foundational readiness has a very specific meaning, and the fact that it took us more than a dozen years to reach this point is not something to celebrate. To succeed in the cyber domain, we need far more than ‘foundational readiness.’ And I am particularly interested in hearing from you what you need to create and sustain a high level of readiness across the cyber warfare enterprise.”

The cyber mission force has faced constant readiness concerns from its inception. Designed around 2012, the running trope from leaders was they were building the airplane while flying it, an analogy they used when describing the construction of these forces. To meet readiness metrics, the services would sometimes double-count personnel, creating what one prominent think tank referred to as a “shell game.”

Ever since the advent of the Cybercom 2.0 effort, top command officials and service commanders have begun discussing the notion of mastery within the cyber force.

Hartman explained that there’s a more efficient training model to take a basic trained service member and create an expert through authorities granted by Congress.

“Instead of trying to do that across all the services, we do believe there’s an opportunity, using Cybercom service-like authorities, Cybercom joint force training authorities in order to build that mastery of the force. And we look forward to working with the services to do that,” Hartman said.

Some of that work has manifested itself in improving the training curriculum executed by each service, where Cybercom provides joint standards and the service schoolhouses train their cyber warriors that they feed to the command to those standards.

Previously, personnel often wouldn’t get all the training they would need at their schoolhouse prior to arriving at their operational units. Rather, digital warriors would get additional on-the-job training upon arriving at their unit. This was a contributing factor to readiness issues.

Now, some schoolhouses are trying to move that training to the left so personnel show up to their units better prepared to do their jobs.

The post DOD leadership asks for Cybercom 2.0 relook appeared first on DefenseScoop.

Since Cybercom was created a decade ago, it has been co-located with NSA at Fort Meade, Maryland, and shared a leader. At the time, this made sense to help the nascent command grow, relying on the personnel, expertise and infrastructure of the high-tech intelligence agency. The arrangement was initially expected to be temporary.

Severing the dual-hat has been one of the most hotly contested issues in cyber policy. Proponents believe the military can benefit from the unique intelligence insights and resources of NSA, leading to faster decision-making and operational outcomes. Opponents argue the roles of NSA director and Cybercom commander are too powerful for one person to hold and relying on the intelligence community’s tools — which are meant to stay undetected — for military activities poses risks to such espionage activity.

At the end of the first Trump administration, officials made a last ditch effort to sever the dual-hat, but it ultimately was not brought to fruition. Press reports prior to Trump’s inauguration for his second term indicated the administration wanted to end the dual-hat relationship.

There “is renewed speculation about the separation of the ‘dual-hat’ relationship between Cybecom and NSA, a construct that proves its value to our national security every minute of every day. This issue has been studied exhaustively but somehow there are still those who believe they know better,” Rep. Don Bacon, R-Neb., chairman of the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems, said in opening remarks during a hearing Friday. “I’ve spoken to my colleagues on this panel and our friends in the Senate, and on a bipartisan and bicameral basis, the Armed Services Committees are strongly opposed to ending the dual-hat relationship. I want to take this opportunity to make very clear to the Department’s leadership that if they believe they have allies on this issue who sit on the Pentagon’s congressional oversight panels, they do not.” 

Following the firing of Cybercom commander Gen. Timothy Haugh at the beginning of April, there was a feeling that the dismissal prepped the ground to split the dual-hat by nominating a civilian to lead NSA and a military officer to lead the command.

Bacon’s sentiment was shared by the subcommittee’s ranking member, Rep. Ro Khanna, D-Calif., on Friday.

“Let me reaffirm what you said about keeping our Cyber Command and NSA together. That is a bipartisan position, that is a position that we have discussed many times now, and people on this side of the aisle support you in that. It’s bicameral, it’s bipartisan. And you know, I just want to make that clear, because it keeps coming up and … because the support in the Congress is very strong for keeping the — those two departments together,” Khanna said at the hearing.

The issue was addressed on the Senate side over a month ago as well, with Sen. Mike Rounds, R-S.D., voicing support for the current arrangement.

“In wake of the various persistent cyber threats originating from the People’s Republic of China over the last two years, it is my firm conclusion that the importance of the dual-hat is as important today as it has ever been,” Rounds, chairman of the panel’s Cybersecurity Subcommittee, said during an April 9 hearing.

At that hearing, Lt. Gen. William Hartman, acting commander of Cybercom and director of NSA, told Rounds that the relationship between the two organizations allows the command to see what the adversary is doing.

“From my standpoint and senator, I’ve been sitting on the campus of the National Security Agency and Cybercom for most of the last 15 years. I’ve continued to see this partnership evolve. And our ability to execute increasingly more precise operations is fundamentally because the dual-hat allows me, in my current capacity, to move with the speed and agility and unity of effort that is required,” he said. “But it also forces leaders across the organization to collaborate, to do the hard work and to provide the best options for the national security of the country. That’s what I believe is the importance of the dual-hat, and that is really where I believe we’ve evolved.”

Concerned with the prospect of a premature split, in which Cybercom would not be ready to stand on its own, Congress has previously issued a prohibition on a breakup in leadership until certain metrics are met. They include, among others, that each organization have robust command-and-control systems for planning, deconflicting and executing military cyber operations and national intelligence operations — as well as ensuring tools and weapons used in cyber ops are sufficient for achieving required effects and that Cyber Command can acquire or develop these tools, weapons and accesses.

Gen. Dan Caine, chairman of the Joint Chiefs of Staff, told lawmakers at his confirmation hearing for the role in April that he believes the dual-hat should be maintained, agreeing with the findings of a 2022 study that found the role should be strengthened as well.

“The Dual-Hat arrangement provides the ability to look across both organizations and has empowered both USCYBERCOM and NSA to fulfill their missions better than each could do alone. It promotes agility and enables intelligence to be operationalized rapidly,” he wrote in response to advance policy questions from senators. “It also facilitates relationships with key foreign allies and partners in part because the corresponding foreign organizations with signals intelligence (SIGINT) and cyber operations missions are fully integrated, operating under a Dual-Hat leadership structure. The span of control, does however, place a burden on one leader.”

Ahead of his own confirmation hearing in January, Secretary of Defense Pete Hegseth wrote to senators that he would “bring these debates to conclusion, consult with Congress, and make final recommendation for the way ahead.”

The post Members of Congress vow not to split Cyber Command, NSA appeared first on DefenseScoop.

The briefing, conducted by Gen. Timothy Haugh, commander of U.S. Cyber Command, and Ashley Manning, acting assistant secretary of defense for cyber policy, was the first for members of the chamber on the approved framework for the initiative known as Cybercom 2.0.

“The members of the [House Armed Services Cyber, Information Technologies, and Innovation] subcommittee are very engaged on the future direction of USCYBERCOM and the exchange was substantive and candid,” Rep. Don Bacon, R-Neb., chairman of the subcommittee, told DefenseScoop in a statement. “Secretary of Defense [Pete] Hegseth and General Haugh share the committee’s concerns that the status quo is not acceptable and that more must be done to develop DoD’s cyber force posture, capacity, and capabilities to match the strategic environment.”

Cybercom 2.0 is an ambitious plan first unveiled by former commander Gen. Paul Nakasone and other top DOD officials. It was meant to not only provide a holistic examination of the command and its forces to better posture it for the future — given its structure remained largely untouched since its inception over a decade ago in a less dynamic environment — but also bunch together multiple congressional reports that lawmakers required of the department in several annual defense policy bills.

Former Secretary of Defense Lloyd Austin approved a broad outline for Cybercom 2.0 in December, which encompassed four buckets, according to sources: a new force generation model for how each service provides cyber forces to Cybercom; a talent management model; an advanced training and education center to ensure forces are more ready when arriving to their units and have specialized training if needed; and a cyber innovation warfare center that could focus on rapid innovation and capability development.

Although Austin signed off on those four broad buckets, what they encompass must be fleshed out by an implementation team, which is working to deliver them in the coming months.

Cybercom and its force was set up over a decade ago before the emergence of many of the advanced threats that exist today. Thus, the command needs to modernize — particularly in a domain as dynamic as cyberspace — to meet those threats.

Moreover, the organization was granted enhanced budget authority last year, meaning it now has greater control over its forces, capabilities and budgeting. Many of the Cybercom 2.0 recommendations seek to build upon and accelerate how the command can use those new authorities.

Some lawmakers have expressed optimism for the 2.0 effort.

Cybercom 2.0 is not taking place in a political vacuum. The initiative is underway amidst a growing chorus of experts calling for an independent Cyber Force.

Some in Congress and outside government believe the current cyber model is too broken and the only way to deliver successful outcomes is to create a standalone military branch focused solely on cyber that can recruit, train, retain and fill billets for Cybercom, as opposed to the existing services continuing to do that on top of the myriad other warfighting focuses they have.

A provision for an independent assessment of a potential Cyber Force passed both chambers of Congress last year during the annual defense policy bill process, but was eventually watered-down to strip some of the key language such as a deadline for the study and placing a larger focus on alternative models for cyber forces rather than solely focusing on an independent armed service.

One of the authors of that provision in the House, Rep. Morgan Luttrell, R-Texas, told reporters last month that he’ll be pushing again this year to ensure the study gets done.

Other news outlets have noted that several lawmakers plan to keep pushing officials on the results of the study this year, ensure it is completed and evaluate what they need to further examine based on the findings.  

The post House lawmakers receive first briefing on Cybercom 2.0 model appeared first on DefenseScoop.

An amendment to the fiscal 2025 defense policy bill proposed by Rep. Don Bacon, R-Neb., which passed the committee late Wednesday night, would direct the secretary of defense to designate the Joint Force Headquarters-DOD Information Network as a subordinate unified command under U.S. Cyber Command.

JFHQ-DODIN is a subordinate headquarters under Cybercom responsible for protecting and defending the Pentagon’s network globally.

“There is broad agreement on the committee that DOD’s cyber defense mission should have an organizational structure and resource priority commensurate with its significant responsibilities,” Bacon, who is also the new chairman of the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems, said in a statement to DefenseScoop. “As we looked at options, we felt the obvious move was to mirror what the Department did for the offensive side which elevated the Cyber National Mission Force to a subordinate unified command in 2022. The leadership of the Department has been clear on the mission improvements they’ve seen since CNMF was elevated so it was just a matter of applying that same logic to the defensive side of the mission.”

As Bacon referenced, last year, the Pentagon elevated the Cyber National Mission Force — its elite cadre of teams responsible for defending the nation from cyberattacks — to a sub-unified command. This decision signified CNMF’s importance within the department for the mission it performs. While officials said the elevation didn’t mean CNMF would necessarily receive new resources or personnel anytime soon, in practical terms, it signified maturity of the group and will provide a better resource pipeline for personnel from the services — as it will be able to more clearly and with more authority direct the training requirements it needs from the services.   

What was not clear from the legislation is if it would sever the so-called dual-hat relationship in which the Defense Information Systems Agency and JFHQ-DODIN are led by the same person. DISA serves as a combat support agency providing critical IT services to warfighters and is much bigger than JFHQ-DODIN.

Other aspects of the relationship could complicate a possible elevation of JFHQ-DODIN.

Despite the separate reporting chains of command — JFHQ-DODIN to Cybercom and DISA to DOD’s chief information officer — command and control of each group can be complicated and competing in many cases.

DISA also has several directorates and divisions while JFHQ-DODIN’s staff has remained relatively small and has relied frequently on contractor support.

Lawmakers on both sides of Congress have recently raised the prospect of elevating JFHQ-DODIN.

“It’s my understanding that when the nation faces a cyberattack, there are two forces under your operational control that respond: the cyber national mission force and the Joint Force Headquarters-DOD Information Network. As you know, in 2022, the cyber national mission force was elevated to be a sub-unified command … How has this elevation helped Cybercom’s operational readiness to respond to attack?” Sen. Jacky Rosen, D-Nev., asked at a congressional hearing last month. “Would also elevating the DOD Information Network to a sub-unified command enable Cybercom to be more resilient in future cyberattacks?”

Others on the House side have raised similar issues.

“In December 2022, SECDEF officially elevated Cybercom’s defensive arm, cyber national mission force to a sub-unified command. The logic was that it would provide greater enabling resources for this critical mission set. With how much adversary activity we have witnessed against DOD networks, it would appear that your defensive arm Joint Force Headquarters could similar benefit,” Rep. Morgan Luttrell, R-Texas, said during another congressional hearing in April.

For his part, Cybercom commander, Gen. Timothy Haugh told lawmakers that such an elevation could be in the cards as part of a holistic evaluation of the future of the command.

The provision put forth by Bacon would also make clear that JFHQ-DODIN is the “lead organization for the network operations, security, and defense of the Department of Defense Information Network.”

The bill must still pass the full House and be reconciled with the Senate version before becoming law.

The post House bill directs Pentagon’s network defense arm to become subordinate unified command appeared first on DefenseScoop.

Broadly, DOD sets military housing areas (MHAs) — or batches of zip codes around military installations — and assigns basic allowance for housing (BAH) rates for each of those areas. The department’s BAH program is a fundamental component of its pay packages for service members, and it’s ultimately designed to compensate for local median rental costs and average utilities costs for civilians with comparable incomes to each military pay grade in their specific duty locations via monthly payments. 

Officials look to private sector rental housing costs and associated data to compute BAH rates, which are updated annually.

Bacon’s new bill (the text of which hasn’t been released publicly but was shared with DefenseScoop by the lawmaker’s team this week) is titled the “Basic Allowance for Housing Calculation Improvement Act of 2023.”

The three-page legislation would mandate the secretary of defense — no later than Sept. 30, 2024 — to “seek to enter into an agreement with a covered entity pursuant to which the covered entity shall calculate, using industry standard machine learning and artificial intelligence algorithms, the monthly rates of BAH for not fewer than 15 MHAs,” through the proposed pilot program. 

A “covered entity” is defined in the bill as a “nationally recognized entity in the field of single-family housing that has data on local rental rates in real estate markets across” the U.S. 

DOD would have to submit a report evaluating that work to the House and Senate Armed Services Committees (HASC and SASC) within two years of the act’s passage. Beyond that time frame, the bill language does not include further details or directions for the pilot.

The legislation was referred to HASC, where Bacon serves as a member, following its introduction last week.

If the bill does pass, this wouldn’t be the first time AI would be examined by Pentagon officials as a tool to augment the BAH calculation process. A cohort of Air and Space Forces members completed a capstone project that assessed AI and machine learning models to optimize BAH determination procedures, last year, through the Department of the Air Force-Massachusetts Institute of Technology Artificial Intelligence Accelerator’s Phantom Fellowship Program. 

Members of Bacon’s team did not provide further information regarding what prompted the lawmaker to introduce the bill now. Congress is in recess until after Labor Day.

The post House bill would require Pentagon to try commercial algorithms to calculate BAH appeared first on DefenseScoop.