The biggest single pot of money under the “One Big Beautiful Bill” would be for Cyber Command, a $250 million allocation for “artificial intelligence lines of effort.” Another $20 million would go to cybersecurity programs at the Defense Advanced Research Projects Agency.

The U.S. Indo-Pacific Command — which counts among its geographical areas of responsibility territorial waters for cyber adversaries in Russia, China and North Korea — would get $1 million for cyber offensive operations. Cyber offense was something the second Trump administration emphasized when coming into office.

A $90 million pool of funds for several purposes at the Defense Department would include “cybersecurity support for non-traditional contractors.”

A broader set of funds at the Coast Guard would allow some funds to be spent on cyber there. A $2.2 billion allocation for maintenance includes upkeep of “cyber assets.” A $170 million allocation for “maritime domain awareness” includes “the cyber domain.”

The lone non-military mention of money that can be spent on cyber comes via the $10 billion-per-year Rural Health Transformation Program, a state grants program meant to counter the legislation’s Medicaid funding cuts that the National Rural Health Association says falls short of doing so.

Grants can be devoted to, among other things, “cybersecurity capability development.”

Earlier in the process, when House committees were assembling their sections of the bill, Democrats took issue with a lack of funds for the Cybersecurity and Infrastructure Security Agency.

“On the matter of cybersecurity, once again, Republicans say one thing [and] do another. Despite the Chairman’s pronouncement that the 119th Congress would be devoted to improving the Nation’s cybersecurity, there is not one penny in the Homeland Security Committee’s reconciliation title devoted to the issue,” the Democratic critique reads.

“This tone-deaf reconciliation package ignores serious threats facing the Nation — including cyber threats from Russia, China and its typhoon campaign, Iran, and cyber criminals — while turning a blind eye to the administration’s reckless dismantling of America’s cybersecurity agency,” the critique continues. “From election security, to threat hunting, to security by design, the Trump administration is gutting the core services CISA offers governments and the private sector alike, and Committee Republicans do not care.”

The post GOP domestic policy bill includes hundreds of millions for military cyber appeared first on DefenseScoop.

The cyber mission force began building in 2012, and the initial 133 teams reached full operational capability in 2018. In DOD’s fiscal 2022 budget request, U.S. Cyber Command proposed and was eventually approved for a phased approach to add 14 additional cyber mission force teams beyond the original 133. That request and authorization in 2021 was the first substantial effort to grow that force since it was designed almost a decade ago, long before modern and advanced threats had surfaced.

“In 2021, the Secretary of Defense directed the creation of 14 New cyber teams by September 2028. Of the 14 teams, 12 have been established. These teams are spread across Army, Air Force, and Navy Commands,” a Cybercom spokesperson said.

They declined to offer specifics regarding how many additional teams each service received or what types of teams those additional builds provided to each service — such as offensive, defensive or support teams — citing operational security.

The original 133-team cyber mission force included 41 Army teams, 40 Navy teams, 39 Air Force teams and 13 Marine Corps teams.

Those teams included 68 cyber protection teams, defensive teams focused on hunting threats on the DOD’s network; 27 combat mission teams that conduct cyber operations on behalf of combatant commands, mostly in the offensive sphere; 13 national mission teams that belong to the high-end Cyber National Mission Force, charged with defending the homeland from cyber threats; and 25 support teams that provide intelligence, mission planning and other necessary support work for combat and national mission teams.

For its part, the Space Force has noted that eventually, it plans to create a component to Cybercom, with mission analysis teams being established. However, a Space Force spokesperson said there’s no definite timeline associated with the standup of other service components, including the Space Force service component to Cybercom. The service will continue to identify requirements to meet the growing demands of combatant commanders’ space needs, they added.

The Air Force was slated to receive the bulk of the new cyber mission force teams as part of the buildup, with a total of six: two cyber protection teams, two combat mission teams and two combat support teams.

Late last year, officials noted they were ready to begin calculating the readiness for three of the new teams.

The Air Force supports cyber operations for European Command, Space Command and Strategic Command, under its Joint Force Headquarters-Cyber. Each service cyber component commander is also the commander of respective Joint Force Headquarters-Cyber organizations that provide cyber support, planning and operations to assigned combatant commands.

The Army was expected to receive four new teams, with two of them supporting the cyber mission force as of late last year.

The Army supports and conducts cyber operations for Northern Command, Africa Command and Central Command.

The Navy, for its part, was slated to receive four new teams as well: two combat mission teams and two combat support teams, according to a source.

The Navy supports and conducts cyber operations for Southern Command, Indo-Pacific Command and U.S. Forces Korea.

The Marine Corps, for its part, supports Special Operations Command and Joint Task Force-Ares, which used to be the counter-ISIS cyber mission but now is focused on nation-state activity, primarily China.

Transportation Command is supported by Joint Force Headquarters-DOD Information Network.

The Cybercom spokesperson also noted that cyber mission force teams can provide operational value before reaching full capacity as their mission elements can function during the “build-up” phase.

Those mission elements break the larger teams up into smaller portions, allowing some elements to be available for tasking and others for training and reconstitution. For example, a 68-person cyber protection team has three elements, allowing them to rotate rather than employing or deploying all personnel.

As new teams are being built, the mission elements could be in different stages, allowing a team to contribute while it’s still holistically being built.

The post 12 of 14 new cyber mission force teams now established appeared first on DefenseScoop.

Today, America’s federal cyber establishment faces a similar crisis of fragmentation. Born of disjointed legislation, overlapping executive orders, and competing congressional mandates, our cyber defense infrastructure has evolved into a convoluted maze where organizational boundaries matter more than mission success.

A fragmented cyber battlefield

The U.S. cyber domain’s evolution has occurred with little strategic coordination, creating unclear jurisdictions and mission overlap. The Department of Defense (DOD) and U.S. Cyber Command (USCYBERCOM) oversee military cyber operations, yet their efforts often compete with the National Security Agency’s (NSA) intelligence-driven priorities. The Cybersecurity and Infrastructure Security Agency (CISA) defends civilian networks but lacks sufficient authorities to compel action across the private sector. The Federal Bureau of Investigation (FBI) handles cybercrime investigations, while the Office of the National Cyber Director (ONCD) attempts to provide strategic oversight — all while adversaries exploit the strategic, operational, and jurisdictional seams between these various civilian and military organizations governed by different statutes.

This disjointed approach has led to catastrophic security failures. During the 2020 SolarWinds breach, Russian intelligence services infiltrated government and private networks while exploiting the gaps between our defensive organizations. The sophisticated cyber-espionage operation went undetected for months, with agencies like CISA, NSA, and FBI struggling to coordinate responses within their respective lanes. When the breach was finally discovered, our fragmented cyber ecosystem couldn’t assemble a complete picture of the attack, with each agency holding only pieces of the puzzle.

The 2021 Colonial Pipeline ransomware attack paralyzed fuel distribution across the East Coast, exposing critical weaknesses in public-private cyber collaboration. As federal agencies debated jurisdictional boundaries and response authorities, Americans faced gas shortages and price spikes. The FBI, CISA, Department of Energy, and multiple other agencies worked parallel tracks with limited coordination, demonstrating how our fractured response system fails during crises that cross public-private boundaries.

More recently, China’s SALT TYPHOON and VOLT TYPHOON campaigns methodically targeted our telecommunications infrastructure, maritime ports, and power grid systems. These persistent, sophisticated intrusions established footholds in critical infrastructure while our agencies struggled to share information effectively. Intelligence agencies detected the threats but faced bureaucratic hurdles in disseminating actionable information to defensive agencies and private sector targets.

In each case, multiple agencies responded with competing priorities: some focused on intelligence collection, others on attribution, and still others on defensive measures — often without real-time coordination or information sharing. Our adversaries deliberately target these organizational seams, knowing that our fragmented response system will delay effective countermeasures.

Geopolitical adversaries exploit our fragmentation

America’s cyber vulnerabilities are not hypothetical — they are actively and daily exploited by our adversaries. China’s persistent cyber-espionage campaigns target U.S. defense contractors and critical infrastructure through operations like VOLT TYPHOON. Russian state-backed hackers conduct disinformation and cyber disruption operations, seeking to undermine public trust. North Korean hackers fund their regime through cryptocurrency theft, while Iran grows increasingly aggressive in targeting American executives and government officials.

These nation-states deliberately exploit the seams between our agencies’ jurisdictions. When an attack crosses from intelligence gathering to destructive effects, from foreign to domestic networks, or from government to private infrastructure, our response fractures along organizational boundaries. Each agency follows its own playbook, often with limited visibility into parallel efforts.

Moreover, in the age of artificial intelligence, the scale and sophistication of cyber attacks will increase dramatically, with potential for unprecedented physical damage and even loss of life beyond purely digital impacts. Our adversaries have already unified their cyber operations under centralized command structures that blend military, intelligence, and criminal capabilities, while we remain divided.

The Cyber Council of Nicaea: A unifying solution

A Cyber Council of Nicaea would serve as a permanent, high-level forum backed by executive order and congressional authorization for resolving cyber policy disputes, coordinating national strategy, and setting enforceable standards. Unlike current ad-hoc coordination mechanisms that lack decisive authority, the Council would have the mandate to make and enforce binding decisions. Its core objectives would be:

Doctrinal unity — Establish a national cyber doctrine clearly defining roles, responsibilities, authorities, and response protocols.

Operational deconfliction — Synchronize military, intelligence, law enforcement, and civilian cyber operations.

Information sharing — Establish efficient and secure pathways for information sharing across agencies and with private sector partners.

Crisis response coordination — Develop binding frameworks for responding to attacks on critical infrastructure, including specific playbooks for common scenarios.

Public-private integration — Foster structured engagement with industry leaders through meaningful incentives and mutual benefit arrangements.

Readiness exercise planning — Develop and execute regular cross-sector cyber exercises modeled after nuclear response readiness drills.

Geopolitical cyber strategy — Align cyber operations with broader national security goals.

The Council’s structure would mirror successful national security decision-making bodies while avoiding excessive bureaucracy:

Chair: National Cyber Director with enhanced authorities via executive order, ensuring overarching strategic coherence and direct presidential reporting.

Core members: Leaders from DOD (to include National Guard), Coast Guard, NSA, CISA, FBI, USCYBERCOM, NSC, and the Office of the Director of National Intelligence (ODNI).

Advisory panel: Private sector cybersecurity executives and critical infrastructure representatives with defined incentives for participation, including enhanced threat intelligence access and priority incident response support.

Standing working groups: Composed of subject-matter experts from member agencies and private sector, focused on doctrine development, interagency coordination, and international cyber norms.

Unlike existing coordinating bodies, the Council would have the authority to make binding decisions about roles, responsibilities, authorities, and resources during both steady-state operations and crisis response. Reporting directly to both the Executive Branch and relevant congressional committees would ensure accountability and oversight. The Council would convene regularly for strategic planning and activate immediately during cyber emergencies, with clear lines of authority established in advance.

Learning from successful models

The Goldwater-Nichols Act of 1986 revolutionized the U.S. military by mandating joint operations and forcing inter-service cooperation after failures in Grenada and elsewhere demonstrated the costs of fragmentation. While imperfect, it fundamentally transformed military effectiveness by compelling unity across service boundaries. Nuclear response and readiness provides another successful model, with comprehensive exercises that coordinate military and government agencies, private sector partners, and even international allies.

A Cyber Council of Nicaea could achieve similar transformative effects for the cyber domain, compelling unity where fragmentation currently reigns, while avoiding the pitfalls of excessive centralization that could stifle innovation or create new bureaucratic obstacles.

Addressing the counterarguments

Skeptics may argue that adding another layer of coordination risks bureaucratic inefficiency. However, the status quo — where cyber responsibilities are split across multiple agencies without a unifying authority — has already proven inefficient and dangerous. The Council would not add bureaucracy but rather streamline existing processes by establishing clear decision paths and eliminating duplicative efforts. Recent examples like SolarWinds and Colonial Pipeline demonstrate how our current approach costs precious time during crises when every minute counts.

Concerns over interagency rivalry are valid but not insurmountable. By establishing clear lines of authority for specific scenarios in advance and building regular coordination exercises into agency operations, the Council would reduce friction during crises. The current nominated ONCD leadership may lack the gravitas of the original Council of Nicaea’s Emperor, but enhanced authority through executive order and congressional mandate would provide the necessary power to drive meaningful coordination.

Regarding private sector involvement, the Council would ensure that response measures balance national security with business continuity and civil liberties through meaningful industry participation. Rather than imposing one-way requirements, this approach would provide tangible benefits to participating companies through enhanced intelligence sharing, technical assistance, and coordinated incident response support.

The alternative — allowing China, Russia, and other adversaries to continue exploiting our divisions — is simply unacceptable.

A call to action

Cyberspace is unquestionably the battlefield of the 21st century, yet we continue to defend it with organizational structures designed for the industrial age. The National Security Council and Congress should immediately authorize and convene the first Cyber Council of Nicaea, bringing together key stakeholders to define America’s cyber future.

Implementation will require amendments to existing authorities and potentially new legislation, but the fundamental architecture already exists in the form of existing coordination bodies. What’s missing is decisive leadership with real authority and accountability — gaps the Council would fill.

The recent Executive Order shifting resilience responsibilities to states makes this Council even more critical, as it must establish the frameworks and standards that will guide state-level cyber defense efforts, preventing further fragmentation at the state and local levels.

Without decisive action, we risk continued fragmentation, persistent vulnerabilities, and a strategic disadvantage against adversaries who operate with singular focus. The Cyber Council of Nicaea isn’t just an administrative reform, it’s an urgent national security imperative that must be established before the next major attack forces reactive, chaotic policymaking in its aftermath.

The choice is clear: unify now or remain divided until disaster forces our hand.

Authors’ note: Brad Levine; John Dobrydney, DSc; Hala Nelson, Ph.D., and Ken Kurz were kind enough to lend their knowledge, expertise, and constructive feedback in the development of this Op-Ed.

Daniel Van Wagenen is a retired Army combat infantryman and defensive cyber operator. He is also the co-founder of the Association of the U.S. Cyber Forces (AUSCF), the first dedicated nonprofit to being a voice for the cyber warfighter, and co-founder and COO of Minerva Cyber Technologies, a full-spectrum cyber operations services and products firm.

Kim Irving is a senior cyber executive focused on supporting the warfighter and the national security mission. Co-founder and CEO of Minerva Cyber Technologies, she has 20+ years of experience serving on executive leadership teams and boards. Her experience includes full-spectrum cyber services and capability development for U.S. Cyber Command, Army Cyber Command, Air Force Cyber Command, Navy Fleet Cyber Command, and Marine Corps Forces Cyberspace Command.

The post The Cyber Council of Nicaea: Unifying America’s fragmented digital defense appeared first on DefenseScoop.

The move follows an executive order issued last week by President Donald Trump, which aims for “a transformation in Federal spending on contracts, grants, and loans to ensure Government spending is transparent and Government employees are accountable to the American public,” according to the EO.

The effort is part of the new administration’s Department of Government Efficiency (DOGE) initiatives, which are being spearheaded by billionaire Trump adviser Elon Musk.

“Each Agency Head, in consultation with the agency’s DOGE Team Lead, shall conduct a comprehensive review of each agency’s contracting policies, procedures, and personnel. Each Agency Head shall complete this process within 30 days of the date of this order and shall not issue or approve new contracting officer warrants during the review period, unless the Agency Head determines such approval is necessary,” per the EO, which was issued Feb. 26. The order also called for agencies to build centralized systems to track every payment they issue for contracts, grants and other expenditures.

DOD’s review, which has major implications for contractors who do business with the department, is now underway.

“My staff and I are presently conducting this review to determine where we might achieve efficiencies to save American taxpayers’ money while executing contracting operations in support of our nation’s defense,” John Tenaglia, the Pentagon’s principal director of defense pricing, contracting and acquisition policy, wrote in a new memo signed Wednesday.

The memo was directed to acquisition and procurement leaders at the Departments of the Army, Navy and Air Force, U.S. Cyber Command, U.S. Special Operations Command, U.S. Transportation Command, and Defense agency and DOD field activity directors.

“Per the EO, Components are directed to forgo issuing new contracting officer warrant appointments to DoD civilian staff members until March 28, 2025, the duration of the review period. On an exception basis, the Secretaries of the Military Departments may approve warrant appointments as necessary for civilian staff members during this period. Given the fact the EO is inapplicable to uniformed service members, there is no restriction on contracting officer warrant appointments to uniformed members of the military,” Tenaglia noted.

He added that he welcomed memo recipients’ input about “specific policy, procedure, and workforce matters we should address to further strengthen our contracting operations toward more affordable defense capabilities for the Warfighter.”

The new memo comes as the DOD is carrying out other cost-cutting initiatives.

On Monday, Darin Selnick, who is performing the duties of undersecretary of defense for personnel and readiness, issued a memo stating that the planned firing of probationary employees would commence March 3.

“The Department will continue taking steps to implement President Trump’s direction to restore accountability to the American public, reduce the size of the Federal Government’s workforce through efficiency improvements and attrition, and faithfully and responsibly manage taxpayer dollars,” he wrote.

The post DOD reviewing contracting policies, procedures and personnel to comply with Trump’s DOGE directive appeared first on DefenseScoop.

It’s been said before. And it’s easier said than done.

Experts that spoke with reporters for this story note several multifaceted questions regarding enhanced offensive operations, including what form they would take and if it’s an appropriate response to the recent rash of intrusions. Offensive operations are technically complex — unlike in Hollywood, where they’re as easy as pushing an “enter” button — and potentially introduce new risks for the attackers.

Furthermore, those calling for more cyber offense might not be aware of the scope of current secret U.S. operations, itself a conundrum: If the country doesn’t take credit publicly, how would adversaries know it struck back and therefore deter present or future attackers? 

In the end, it might not dissuade other nations if the United States gets more aggressive in cyberspace, said Herb Lin, a senior research scholar for cyber policy and security at Stanford’s Center for International Security and Cooperation.

“What I’m trying to understand in all this is people who say we should go on the offensive more. It sounds good in practice, [but] what are you going to do?” he said. “I haven’t seen a plausible scenario that actually gets them the outcome they want.”

Waltz hasn’t detailed exactly in interviews what he means when he says the United States needs to “start going on offense and start imposing … higher costs and consequences” in response to data theft, espionage and most worrisomely, Chinese hackers, known as Volt Typhoon, that the U.S. government has said are prepositioning themselves to attack U.S. critical infrastructure in the event of conflict over Taiwan. But in an interview with the Daily Wire, he said the United States didn’t respond to Soviet nuclear stockpiling by building better missile defenses — instead, it stockpiled its own nukes.

And in an interview with Breitbart, he got a little more specific. “I believe personally you can do that by demonstrating if you’re putting cyber time bombs in our ports and grid that we can do it to you too so let’s both not — mutually assured destruction — and take the temperature down on this a bit.”

At a hearing last month about another Chinese Salt Typhoon hacker group’s massive espionage-oriented hack of telecommunications carriers, several lawmakers on both sides of the aisle pressed witnesses on the topic of offense. “Why aren’t we going on offense, and doesn’t that help?” asked Sen. Dan Sullivan, R-Alaska, saying it’s a repeated line of questioning from lawmakers at classified briefings, too, and other key lawmakers have echoed those calls.

Current national security adviser Jake Sullivan said on Friday that the United States has “taken steps in response to Salt Typhoon” to “make it harder for China to actually be able to execute this” but didn’t elaborate further.

Advocates for increased offensive measures need to clarify what precisely they want to do, experts said. Past, publicly revealed U.S. cyber operations include Stuxnet, which targeted  Iranian centrifuges in a joint effort with Israel, and others aimed at would-be election meddlers from Russia and Iran. Lin said other options include getting into adversary nations’ systems — like Volt Typhoon is said to have done in the United States — to prepare for future attacks, or leaking embarrassing information about enemies, although that’s less about new offensives and more about capitalizing on existing intelligence.

Lin and Erica Lonergan, an assistant professor at Columbia University’s School of International and Public Affairs, said there’s been some blurring in the public discussion about the nature of espionage, like the kind that Salt Typhoon has conducted with its telecom breaches, and whether going on offense is the right response. The United States, after all, uses cyber for espionage, too.

“We risk conflating different types of threats, and also like not being clear about what we mean by offense,” Lonergan said. “Applying a deterrence model to espionage questions is a bit of a mismatch.”

The first Trump administration did loosen the rules on the Defense Department conducting offensive cyber operations. Congress in recent years also has helped pave the way to lift certain hurdles that existed in the past to help demystify legal barriers and speed up operations. 

Charles Moore, the former deputy commander and director of operations at Cyber Command, said a move toward “cyber campaigning” would be “the most important step” that DOD and Cybercom could do to increase the scale and strengthen the impact of their operations.

“Instead of conducting specific, one-off operations, campaigning represents a persistent series of operations geared towards accomplishing clear strategic objectives,” Moore said. “This approach is more impactful than ad hoc operations but requires support from the other departments and agencies in order for Cyber Command to operate at the speed, and have the freedom of maneuver necessary for it to be accomplished effectively.”

Still, the reality is that offensive cyber operations are “slow and grinding, and take a lot of time,” according to Emerson Brooking, director of strategy and resident senior fellow at the Digital Forensic Research Lab of the Atlantic Council Technology Programs, and one of the authors of the 2023 DOD cyber strategy. 

They require gaining access to adversaries’ networks — not always an easy task — as well as mapping those networks to understand where the intended targets or desired information exists, and then figuring out how to degrade or destroy those portions of the network without causing more widespread harm. Experts note that offensive operations also risk the discovery of cyber tools used for other purposes — such as U.S. espionage — that could render them useless.

Much U.S. policymaking on cyber deterrence over the years has emphasized responding to cyberattacks in a variety of ways, from economic sanctions to legal action. Experts believe that’s the right emphasis. Offensive operations can be a part of that, they say.

That’s because researchers say there’s little evidence that any cyberattacks have effectively caused anyone to change their behavior. But some of the outer limits haven’t been tested, and it’s not clear when cyber offense might prompt retaliation against the United States.

“The question for this administration is going to be, how do we send the right messages and create the right deterrent without causing an escalation?” said Kurt Sanger, Cyber Command’s former deputy general counsel. “There’s some line out there that you cross it, and it will lead China and Russia to escalate, but it probably has not been properly explored yet.”

That doesn’t mean the United States isn’t conducting offensive operations right now. But experts say it’s a tool that’s currently less effective than other means of sending signals to adversaries about what kind of behavior they want. The historically clandestine nature of offensive cyber operations runs counter to, for example, the airstrikes the Trump administration ordered against Syria in 2017 in response to their use of chemical weapons. 

The missiles were meant to send a clear, public message. As Cybercom has grown to stand on its own from an offshoot of the intelligence-rooted nature of cyber, it has sought “louder” tools — akin to physical attacks — where the target knew it was from the U.S. military. 

“Maybe the new administration will decide it’s time to do something a little louder, or even if the tool is the same, to accompany it with a statement that [says], ‘hey, we did that,’ for example,” said Gary Brown, Cybercom’s first senior legal counsel and now a professor at Texas A&M’s Bush School of Government & Public Service. 

However, some experts doubt that any steps taken by a new administration would be effective, partly due to the fundamental nature of international conflict. 

“It’s hard to shape the behavior of adversaries in competition just in general, and especially in cyberspace,” Lonergan said.

Or, as Lin put it, when discussing a range of more aggressive U.S. cyber operation options: “Let’s imagine we could do all of that. What good would it do?”

The post Trump and others want to ramp up cyber offense, but there’s plenty of doubt about the idea appeared first on DefenseScoop.

The capability, known as Panoptic Junction, is part of an effort undertaken by Army Cyber Command, a service component command of Cybercom.

“ARCYBER is piloting an AI, machine learning platform that will enable scalable, continuous security monitoring of networks and platforms. It analyzes system compliance, threat intelligence and streaming cyber event data, which will enable advanced detection of adversary activity, malware and anomalies at speeds that human analysts would not come close to. But not only is it fast, it’s agile. It is rapidly taking the pulse of networks and assimilating threat information simultaneously, protecting networks in real time. And it is performing these security assessments in the lens of what is most applicable to the specific architecture” that it’s supporting, Morgan Adamski, executive director of Cybercom, said Wednesday at CyberTalks.

A series of assessments kicked off in April.

Adamski told DefenseScoop that officials have already seen “a lot of great successes” with the technology.

“It’s increased efficiencies in operations and maintenance. It’s improved our ability to identify risk and detect adversary activity. It’s … provided real -time hardening recommendations and improved the technical ability of our force,” she said on the sidelines of the conference.

“Part of the purpose of creating these pilots is to test out the efficiency of it and then determine whether or not it’s applicable to that enterprise-wide approach, which shows a lot of promise,” Adamski added. “Our hope is that we’ll continue to see good things come out of it and then we can make that determination, and then we can roll it into the larger enterprise funding aspect of it.”

Cybercom stood up its AI Task Force within the Cyber National Mission Force a few months ago. The CNMF is a sub-unified command under Cybercom made up of 39 joint teams and thought to have the DOD’s most talented cyber operators.

The task force intends to explore applications within the context of operational execution, in real time, and allow AI capabilities to be employed for immediate use in 90-day windows, according to Adamski.

“We came to find that we needed operational use cases, real-world practice of how we wanted to leverage AI so that we can learn and better inform our way forward,” she said during her keynote at the conference.

The Department of Defense Information Network (DODIN) is massive, with more than 3 million users globally on any given day. And it frequently comes under digital attack, Adamski noted.

AI technology is seen as a solution for quickly analyzing potential threats to the network and rapidly deploying defenses.

The task force is keeping an eye on a number of efforts across the enterprise, such as Panoptic Junction.

“The Cyber National Mission Force oversees the AI Task Force, and the AI Task Force is responsible for seeing all of these pilot activities across the cyber mission force. So it can be specific to the Cyber National Mission Force, but it also can be specific to the cyber components,” Adamski explained, adding that the task force is responsible for “herding and capturing all the great things happening across the [services’] cyber components,” including ARCYBER.

Members of the task force, which is still small right now, have high technical skills, she noted.

“We are building that team as quickly as possible, and we’re also partnering with [federally funded research-and-development centers], research labs, private sector. So we’re looking to augment that technical talent as quickly as possible,” Adamski told DefenseScoop.

The post Cybercom seeing successes with Panoptic Junction artificial intelligence capability appeared first on DefenseScoop.

Through several National Defense Authorization Acts, Congress mandated studies focused on these challenges. The Office of the Secretary of Defense, the Principal Cyber Advisor, Cybercom, and the rest of the DOD cyberspace operations community are currently supporting DOD’s response to each study. Cybercom 2.0 is the capstone response which will include the command’s recommendations to the secretary of defense and Congress. Recent academic examination and inquiry into these challenges has produced a variety of solutions — not all informed by realism or logic. Some academics, military leaders and politicians believe that establishing a U.S. Cyber Force will address challenges faced by the DOD cyberspace operations community. We disagree.

Proponents of USCF establishment often cite excision of the U.S. Army Air Corps from the Army to form the U.S. Air Force as precedent for their argument. Equating the creation of the USAF to the proposals for a USCF is built on flawed logic and a fundamental misunderstanding of DOD cyberspace operations missions. 

Proponents leverage the aforementioned force generation and readiness challenges then employ a logic that there are no unique aspects of cyberspace, or cyberspace functions, specific to the services to justify the establishment of a USCF. The argument continues that this homogenous domain requires a standalone advocate because the services do not have unique equities and therefore cannot advocate properly for the maturity of DOD cyberspace operations overall. But cyberspace is not the same across the services, and the excision argument built on this is therefore similarly challenged. 

For example, DOD cyberspace enclaves are not separable components that can be removed and used to create a USCF. These enclaves, and their interconnected functions, permeate all facets of DOD operations and support activities. Furthermore, the cyberspace expertise resident within each service is tailored to the unique mission and domain-specific requirements for the cyberspace elements supporting the warfighting platforms in the physical domains (land, air, maritime and space.) 

A USCF would, by necessity, be forced to integrate itself within each of the other services, since cyberspace systems, and the forces that secure, operate and defend them cannot be extracted from the existing services. Such an integration has already been most efficiently accomplished by establishing cyberspace forces within each of the services. Giving these cyberspace forces a new uniform and a new chain-of-command will not improve the operational integration of cyberspace with the other domains.  

Following the logic applied by most proponents, establishing a separate USCF would be equivalent to establishing a separate service that flies all military aircraft or a separate service to drive and maintain all military trucks. Of course, that is not a reasonable approach, but neither is establishing a service whose forces would need to be similarly integrated at the tactical level with the forces of other services. 

Practically, the Marine Corps’ experience in Guadalcanal and the resultant establishment of the Marine Air-Ground Task Force (MAGTF) are illustrative comparisons. During the Marine campaign in August 1942, Naval air and amphibious support forces “left the 1st Marine Division alone” and “exposed to Japanese attacks,” rendering them “virtually a besieged garrison.” In December 1963, the Marine Corps published Marine Corps Order 3120.3 which formalized the MAGTF as an organization to ensure the Marine Corps deployed projection forces with the ability to move ashore with sufficient sustainability for prolonged operations, including organic air, ground and support assets. Today cyberspace operations are also integrated into the standard MAGTF structure. There are similar examples that demonstrate how quintessential elements of force projection are retained within each service, and cyberspace forces should be no different. Cyberspace operations are inherently connected to the modern battlefield, so cyberspace forces must be integrated down to the tactical level — an effect which is best achieved by the current model.

A recent article claimed that a USCF should be established because only a USCF could adequately develop and maintain doctrine for cyberspace operations. The article claims that the Army is primarily responsible for developing cyberspace operations doctrine today. These claims are false. Congress gave the Cybercom commander authority to develop doctrine for DOD cyberspace operations in section 167b of Title 10 U.S. Code, and Cybercom has diligently worked to do so.

The article claims that there is only one joint doctrine publication for cyberspace operations. This claim is also false. There are two joint publications for cyberspace operations (Joint Publication 3-12 Joint Cyberspace Operations, and Joint Publication 6-0 Joint Communications).

Furthermore, Cybercom develops and maintains many command-level doctrine publications in a Cyber Warfighting Library, and some of the services have developed service-specific doctrine for cyberspace operations (e.g. Army Field Manual 3-12 Cyberspace Operations and Electromagnetic Warfare and Air Force Doctrine Publication 3-12, Cyberspace Operations, and Navy Warfare Publication 3-12 Cyberspace Operations). Doctrine development for DOD cyberspace operations is not a challenge equivalent to recruiting, training, retaining, and tracking readiness of cyberspace forces.

Proponents of USCF establishment often present creation of a new service as the only reasonable approach to address training and readiness issues faced by Cybercom and the services. This assertion is false. Congress recently expanded Cybercom service-like authorities to include enhanced budgetary control, and the president designated the command as joint force provider and joint cyberspace trainer for cyberspace forces. Despite becoming a unified combatant command in 2018, it is only now in 2024 that there is a complete alignment between acquisition, the scope of training and provisioning, and budgetary responsibility and authorities. Therefore, it is only in fiscal 2024 that the commander responsible for readiness of cyberspace forces now has the authority over the acquisitions and resources to drive that readiness. These authorities have not yet been fully implemented and evaluated, but external commentators are already calling for a solution that is completely divergent from the Cybercom-centric approach U.S. leadership has advocated for consistently over the past 15-plus years. 

Both the former Cybercom commander, retired Gen. Paul Nakasone, and the current Cybercom commander, Gen. Timothy Haugh, answered congressional inquiry about establishing a new service with discussion on how effective the existing U.S. Special Operations Command (Socom)-like model is. Nakasone also publicly declared his opposition to the creation of a new service for cyberspace operations. A recent article highlights Mieke Eoyang, deputy assistant secretary of defense for cyber policy, advising caution toward the idea of creating a USCF. The article quotes her as warning “be careful what you wish for” in reference to the aforementioned excision fallacy.

Recent articles claim that existing services place a low priority on, and perform poorly at, recruiting and retaining cyberspace forces. Creating a new service is not the only way of addressing this problem and it should not be presented as such. Congress, DOD and Cybercom need to hold the services accountable for providing the trained and ready cyberspace forces they’ve been tasked to deliver. What existing programs can be used to improve performance? How might the Congress, DOD and Cybercom help the services improve recruiting and retention? Ultimately, what is evident to us is that some current scholarship proposes a course of action without adequately considering alternatives to the one they prefer. Without providing complete evaluation criteria to compare proposals against, the community of interest is left wanting.

However, aside from the obvious associated cost, the most critical evaluation criteria must be disruption. Cybercom is responsible for ensuring the security, operations and defense of all DOD-controlled cyberspace, defending the nation from advanced cyber threats, and providing cyberspace operations support to other combatant commands. These are critical all-day-every-day missions. Among the wide range of possible solutions, which options are least disruptive to these ongoing missions? What options are most likely to result in steady improvement while minimizing the disruption of these missions? It is reasonable to assume that creation of a USCF would be the most disruptive option. It is highly likely that all the personnel that are actively working to implement new service-like authorities and address these challenges today would have to cease their progress to “Go figure out how to establish a cyber service.” This disruptive proposal presents unacceptable risk to the nation.

A more reasonable approach is to build up the existing Cybercom-centric model while allowing for controlled progress toward a more robust model like that of the Socom. The force generation model of Socom works because each of its service components deliver domain-peculiar forces and capabilities to the Joint Force. Maturing Cybercom’s employment of the Socom-like force generation model has the potential to address the recruiting, training, retention and readiness challenges. 

It is essential that U.S. leaders give Cybercom a reasonable amount of time to implement, test and iterate on its newly enhanced budgetary control authority, doctrine development authority, and joint force provider and joint cyberspace trainer responsibilities. Leaders, and the broader community of interest, should also allow highly-qualified DOD experts with firsthand experience to complete and present maturation recommendations under the Cybercom 2.0 initiative and likewise consider how leaders in the services, DOD and Congress can enable more rapid progress toward Cybercom 2.0-recommended solutions to address DOD’s challenges in cyberspace. 

DOD has made significant progress toward integrating cyberspace operations within broader department operations. Many challenges remain to optimizing DOD processes that enable successful cyberspace operations, but the arguments for establishing a new service do not justify this extremely expensive and radically disruptive course of action. Instead, U.S. leaders should stay the course, double down on the Cybercom-centric model for military cyberspace operations, and trust the expert recommendations of the experienced individuals they have appointed to lead military cyberspace operations on behalf of the nation. Any solution presented to address these challenges should include robust course of action evaluation criteria, including the degree to which they are likely to disrupt ongoing cyberspace operations and put the nation’s cybersecurity at risk. Future analysis should be focused on evaluating, implementing and refining Cybercom 2.0-recommended solutions.

Authors’ note: The views expressed in this work are those of the authors and do not reflect the official policy or position of the U.S. Cyber Command, the Department of Defense, or any other U.S. government entity.

Alan Brian Long Jr. is a Senior Policy and Doctrine Analyst at U.S. Cyber Command, where he serves as one of the foremost experts on DOD cyber policy and doctrine. He has 11 years of experience at Cybercom, and prior to arriving at the command, he served in the U.S. Marine Corps signals intelligence community. Brian is credited with authoring several notable cyber policy and doctrine documents within the DOD cyberspace operations community. He has deep institutional knowledge about the maturation of Cybercom and the broader DOD cyberspace operations community derived from over a decade of firsthand experience as a practitioner and action officer.

Maj. Alexander Pytlar is an Army Strategist (Functional Area 59) at U.S. Cyber Command, where he serves as the Deputy Branch Chief for the Strategy Branch within the Cybercom J55 Strategy, Policy, and Doctrine Division. His most recent assignment was as an assistant professor of geography at the United States Military Academy at West Point. Prior assignments include reconnaissance platoon leader and tank company commander, with deployments supporting Operation Enduring Freedom and Operation Spartan Shield, respectively.

The post An argument against establishing a U.S. Cyber Force appeared first on DefenseScoop.

Influence operations, ransomware attacks, and intrusions into critical infrastructure represent recent examples of the increasing threat malicious cyber actors pose to our national security. U.S. Cyber Command has responded to these threats by conducting operations continuously and building closer partnerships across the public and private sector to address these challenges. Recognizing the capacity and capabilities that military cyber forces bring to continuous campaigning against our adversaries, Cyber Command was granted new authorities. The command can now dictate training and certification standards for all of DOD’s cyber operations forces. Additionally, Congress authorized Cyber Command to exercise broader acquisition and budgeting powers this fiscal year. These authorities allow the command to manage and execute its own budget and run acquisition programs tailored to developing cyber capabilities in a rapidly changing environment.   

However, despite these successes and improvements in training and equipping the force, concerns remain over the command’s ability to field enough forces to meet the nation’s requirements. Simply put, some of the military services have not kept pace with providing Cyber Command with the personnel required for sustained mission success.   

The creation of a new cyber service to organize, man, train, and equip forces for Cyber Command is one option to address these shortfalls. This option utilizes the DOD’s traditional approach, tasking a service to perform these functions, and fits comfortably within the Pentagon’s established processes. Over time, such an approach may improve the manning levels at Cyber Command by creating an organization focused on recruitment, career development and the retention of cyber personnel. Cyber service cadre would also become the cyber experts inside the Pentagon, advocating for the department’s cyber needs.   

An alternative option is to let the command exercise its new budgeting, training and equipping powers while prioritizing DOD’s collective recruitment efforts to solve the cyber manning shortfalls across all services. Cyber Command needs to intensify its efforts and focus on synchronizing its direct engagement with existing service efforts on recruitment, career development, promotions, and retention of cyber personnel. Also, the department could mandate that the existing services provide specific, cyber force-manning levels at Cyber Command before they can retain cyber talent for their own service requirements. These steps could also improve manning levels at the command. Cyber Command has also already begun placing cyber exports inside the Pentagon to advocate for cyber requirements within the department.  

Either option is feasible, but what is the best course to ensure we meet the current and future cyber needs of the department and the nation? That answer requires an examination of the timing and funding costs, the risks to current operations, and of the unique aspects of the cyber domain.   

Establishing a cyber service will take years — with no guarantee of success — much longer than simply allowing Cyber Command to fully execute its new “service-like” authorities. Standing up a new military service involves lengthy bureaucratic processes and a significant transition period. In contrast, allowing the command to focus on working directly with the services regarding recruitment, training, promotions, and retention of personnel would improve manning more rapidly, enabling the command to address current and evolving cyber threats with the urgency they demand.

Further, establishing a new cyber service requires the reallocation of significant funds and manning/expertise from existing roles, weakening current warfighting capabilities at a time when the nation must maintain strong cyber capabilities to address election security, Chinese intrusions into our critical infrastructure, and Russian and Iranian malicious cyber actors’ actions against our nation and allies. The diversion of these resources from current warfighting operations to build a new Pentagon service staff, and with it a greater bureaucracy, seems like a poor tradeoff.  

Finally, unlike the other warfighting domains, in the cyber environment we are persistently engaged with our adversaries and these operations are fundamental to the success of all military actions, not just a way to enhance their operations. We must recognize and embrace the unique and ubiquitous nature of cyberspace, its inextricable link to departmentwide success, and the unique warfighting capabilities it can provide. This suggests a DOD-wide cyber-centric culture, not an individual service one. 

The development of our cyber forces must continue and keep pace with the capabilities of our adversaries. The fastest way to do this, with the lowest cost, and the ability to support our nation’s current security needs, is to accelerate the authorities Cyber Command possesses today, not create a service of the future. The stakes are too high in cyberspace and it is not the time to experiment with an idea that may not deliver solutions now or in the future.

Lt. Gen. Charlie “Tuna” Moore (Ret.) is a distinguished visiting professor at Vanderbilt University. He is a former U.S. Air Force fighter pilot and deputy commander of U.S. Cyber Command.

The post Now is not the time for a new cyber service appeared first on DefenseScoop.

Retired Gen. Jim Mattis said during a special appearance at DefenseTalks, presented by DefenseScoop, that while election systems and voting infrastructure are perhaps the most secure they’ve ever been against cyberattacks, “the bigger problem and the one that I think that we are very vulnerable to right now is the influence operations.”

“When it comes to influence operations, I think I’ve never seen the country more vulnerable and a more lucrative place for the enemy to go after than right now,” Mattis, who led the Pentagon during the early part of the Trump administration, said in an on-stage interview.

Mattis pointed out that this isn’t a secret, with evidence of Russia and China in particular revving up their “propaganda machines,” not only targeting the U.S. but other democracies like France and Germany as well, with disinformation. And increasingly those adversaries are using advanced tech, like artificial intelligence, to boost those influence ops. 

And yet, because of the divisive state of U.S. politics and culture going into the 2024 election, “we’re going to have people who are trying to increase the tribalism, increase the distrust between Americans. And right now with the level of ideological disarray in our country, in Beijing and Moscow, the leaders are cheering us on as we tear each other down and we use scorching rhetoric,” he said, adding that they will “take it to the limit of what they can do to make distrust between you.”

That said, Mattis has great confidence in the cybersecurity of the nation’s election infrastructure, saying he believes there’s a “99.9% chance” there won’t be actual meddling in the voting systems and that vote counts will be accurate.

Mattis also touched on the evolving domain of cyber within the U.S. military. While he wasn’t a fan of an idea that’s growing in popularity to split cyber out from the services and create a new, independent military branch to support it, he did call for the nation’s leaders to find a model that would give the Department of Defense and U.S. Cyber Command a bigger role in the case of a cyberattack on the homeland and its critical infrastructure.

Beyond that, he also talked down the notion that recent advances in technology have dramatically shifted the nature of defense and warfare, saying “the fundamental nature of warfare has not yet changed in the last 10,000 years.” 

“The promise of these technologies is just enormous right now. And I’m no Luddite, I want the highest tech, the most reliable technology in the world,” Mattis said. However, he contended that “history would tell you that technology has not delivered ever with the promise it seems to, except perhaps with the nuclear weapons at the end of World War II.”

That said, he warned: “You have to stay alert with artificial intelligence and machine learning — that could actually change” things in big ways, though that remains to be seen.

Ultimately, regardless of the technology at hand — whether that’s the use of tanks in World War II or drones in today’s conflicts — the most important element is integration, Mattis said.

“You’ve got to look at technology as one tool in the toolbox. Take full advantage of it, but make certain you’re integrating it right. And that has to do with innovation, it has to do with the thinking, the education of the officers and NCOs in your military,” he said. “There’s a lot that goes into something like that, not just about technology alone.”

The post Gen. Mattis on foreign influence operations: The US has never been ‘more vulnerable’ appeared first on DefenseScoop.

In March 2023, the Department of Defense announced that Maj. Gen. Ryan Heritage had been nominated to serve as the next deputy commandant for information. However, a release from the Marine Corps last month noted that after Heritage relinquished command of Marine Corps Forces Cyberspace Command to Maj. Gen. Joseph Matos, he would be going on to serve as the director of operations, J-3, at U.S. Cyber Command.

Although the Senate confirmed him for his third star in December, a decision was made that Heritage would not take the deputy commandant job, but instead would go to Cybercom, the spokesperson said.

As a result, his appointment to lieutenant general was not effectuated, they added.

Moreover, President Joe Biden has not yet nominated someone else to fill the role of DCI. The Corps declined to offer any additional information about deliberations regarding who could be nominated.

At Cybercom, Heritage will take over the J-3 role from Army Maj. Gen. Ryan Janovic, who will be the next commander of the Army’s Cyber Center of Excellence, according to a March 4 DOD announcement.

An official familiar with the assignment process for general officers said Heritage’s appointment was affected by the blanket hold placed on nominees for senior positions last year by Alabama Republican Sen. Tommy Tuberville. For nearly 10 months, Tuberville held up confirmations for top DOD officials in protest of the department’s abortion policies. White House and Pentagon officials have slammed Tuberville for gumming up the military’s personnel system. Eventually, even Tuberville’s Republican colleagues chastised him for the hold and pleaded for him to release it.

In early December, Tuberville decided to lift his hold, effectively clearing the way for top generals and admirals to be confirmed and take over their new jobs.

Despite those officials finally getting cleared, some estimates note the hold could have lasting effects for years.

In Heritage’s case, the hold caused ripple effects on the timing of moves and open positions for general officers.

Lt. Gen. Matthew Glavy is currently serving as the Marine Corps’ DCI, a post he has held since 2021. In this role, Glavy has overseen the service’s enshrinement of information into doctrine with the release of Marine Corps Doctrinal Publication-8, Information, in 2022. MCDP-8 aims to describe the purpose and mechanics of using information as a warfighting tool for the entire service.

Earlier this year, the Corps released the next iteration of the document, “MCWP 8-10 Information in Marine Corps Operations.” Glavy previewed this document in early 2023, saying it was meant to be more of a cognitive discussion that breaks away from the lexicon into what information is and isn’t.

The post No nominee to fill top Marine Corps information post after former pick assigned to different job appeared first on DefenseScoop.