The cyber mission force began building in 2012, and the initial 133 teams reached full operational capability in 2018. In DOD’s fiscal 2022 budget request, U.S. Cyber Command proposed and was eventually approved for a phased approach to add 14 additional cyber mission force teams beyond the original 133. That request and authorization in 2021 was the first substantial effort to grow that force since it was designed almost a decade ago, long before modern and advanced threats had surfaced.

“In 2021, the Secretary of Defense directed the creation of 14 New cyber teams by September 2028. Of the 14 teams, 12 have been established. These teams are spread across Army, Air Force, and Navy Commands,” a Cybercom spokesperson said.

They declined to offer specifics regarding how many additional teams each service received or what types of teams those additional builds provided to each service — such as offensive, defensive or support teams — citing operational security.

The original 133-team cyber mission force included 41 Army teams, 40 Navy teams, 39 Air Force teams and 13 Marine Corps teams.

Those teams included 68 cyber protection teams, defensive teams focused on hunting threats on the DOD’s network; 27 combat mission teams that conduct cyber operations on behalf of combatant commands, mostly in the offensive sphere; 13 national mission teams that belong to the high-end Cyber National Mission Force, charged with defending the homeland from cyber threats; and 25 support teams that provide intelligence, mission planning and other necessary support work for combat and national mission teams.

For its part, the Space Force has noted that eventually, it plans to create a component to Cybercom, with mission analysis teams being established. However, a Space Force spokesperson said there’s no definite timeline associated with the standup of other service components, including the Space Force service component to Cybercom. The service will continue to identify requirements to meet the growing demands of combatant commanders’ space needs, they added.

The Air Force was slated to receive the bulk of the new cyber mission force teams as part of the buildup, with a total of six: two cyber protection teams, two combat mission teams and two combat support teams.

Late last year, officials noted they were ready to begin calculating the readiness for three of the new teams.

The Air Force supports cyber operations for European Command, Space Command and Strategic Command, under its Joint Force Headquarters-Cyber. Each service cyber component commander is also the commander of respective Joint Force Headquarters-Cyber organizations that provide cyber support, planning and operations to assigned combatant commands.

The Army was expected to receive four new teams, with two of them supporting the cyber mission force as of late last year.

The Army supports and conducts cyber operations for Northern Command, Africa Command and Central Command.

The Navy, for its part, was slated to receive four new teams as well: two combat mission teams and two combat support teams, according to a source.

The Navy supports and conducts cyber operations for Southern Command, Indo-Pacific Command and U.S. Forces Korea.

The Marine Corps, for its part, supports Special Operations Command and Joint Task Force-Ares, which used to be the counter-ISIS cyber mission but now is focused on nation-state activity, primarily China.

Transportation Command is supported by Joint Force Headquarters-DOD Information Network.

The Cybercom spokesperson also noted that cyber mission force teams can provide operational value before reaching full capacity as their mission elements can function during the “build-up” phase.

Those mission elements break the larger teams up into smaller portions, allowing some elements to be available for tasking and others for training and reconstitution. For example, a 68-person cyber protection team has three elements, allowing them to rotate rather than employing or deploying all personnel.

As new teams are being built, the mission elements could be in different stages, allowing a team to contribute while it’s still holistically being built.

The post 12 of 14 new cyber mission force teams now established appeared first on DefenseScoop.

For years, the Navy was the only service that didn’t have its own work role for cyber warriors conducting operations as part of its contribution to the cyber mission force, the teams each service provides to U.S. Cyber Command. Its cyber personnel were primarily resourced from its cryptologic warfare community — which is also responsible for signals intelligence, electronic warfare and information operations, among several mission sets — leading to a neglect in cyber and having a lack of institutional expertise both in the operations community and at top echelons of leadership, according to critics.

The fiscal 2023 annual defense policy bill directed the service to create a “designator” — the service’s parlance for officer work roles who are now maritime cyber warfare officers or MCWO — and a “rating” — the service’s terminology for enlisted work roles who are now cyber warfare technicians — solely for cyberspace matters.

With those work roles in place, and readiness of those forces beginning to improve, the Navy is now focusing on building out those roles and establishing a culture for which someone in the cyber field can rise all the way up to flag officer.

“The plan is to … start creating the baseline and the foundation for these officers to achieve a flag rank at some point, have the right schooling, have the right career paths to be able to command,” Vice Adm. Michael Vernazza, commander of Naval Information Forces, told reporters at the annual WEST conference.

Vernazza, as the “I-Boss,” is responsible for what the military calls the man, train and equip role for information warfare sailors, a category which cyber falls into.

He and other officials said as part of this career build out, the Navy created a new organization in Hawaii for its cyber operators, a task force that is still in the works and will have two task groups beneath it.

The task force will take the majority of cyber missions that are currently carried out under Navy Information Operations Command (NIOC) Pacific and move them to a dedicated cyber task force, according to a Fleet Cyber Command spokesperson.

Under the construct for how the Defense Department conducts cyber operations, each service cyber component commander also commands a Joint Force Headquarters-Cyber that is subordinate to Cybercom and is responsible for conducting and coordinating cyber operations for assigned combatant commands. The Navy, for example, is responsible for Indo-Pacific Command, Southern Command and U.S. Forces Korea.

The creation of the new task force will allow greater focus on both cyber operations and getting NIOC Pacific back to its traditional missions, the spokesperson said, which include a wide range of information warfare support to the Navy and the National Security Agency, such as signals intelligence.

The reason for the change, they added, is to allow greater focus and expertise to be applied to each mission.

“MCWO now aren’t going to do what cryptologists used to do. Cryptologists did EW, they did SIGINT, they did all kinds of RF analysis, and then, oh, by the way, you guys also go command the cyber teams. Can you imagine being a lieutenant or lieutenant commander and every single one of your tours is in a completely different domain and we expect you to be an expert? Not particularly helpful,” Vice Adm. Craig Clapperton, commander of 10th Fleet and Fleet Cyber Command, said during a presentation at the WEST conference. “Great job by the Navy and working with Congress, and now we have MCWOs. Well, MCWOs are going to do cyber and then they’re going to do cyber, and then right after that they’re going to do cyber.”

When Cybercom was first created it was closely nestled with NSA to rely on its infrastructure and expertise, locating many of the service operations centers along with the spy agency’s cryptologic centers spread throughout the country.

As the military cyber enterprise has matured, DOD has sought to let it stand more apart from its NSA and signals intelligence origins, albeit remaining closely linked for intelligence support.

The new task force, an organization change that won’t affect team operations and structures and will only impact cyber mission force teams and operations that previously reported to NIOC Pacific, will help build the career of MCWOs.

Clapperton said he is working with Vernazza on beginning to screen leaders for the offensive and defensive cyber teams.

The two task groups beneath the task force will have O-5s – or commanders in the Navy – with O-4s – or lieutenant commanders – screened working for them. Then there will be an O-6 – or captain – major command screened MCWO, Clapperton said, noting those personnel have already been identified and will be there by the summer.

“We’re building a career path for MCWO that they’ll do cyber and then cyber and then cyber, and they’ll be experts by the time they’re an O-5 or O-6 doing nothing but cyber with command and increasing responsibilities up the path. They’re going to be steely eyed killers,” he said. “Then we pick from that group of very talented post major command O-6s to be one-star MCWOs.”

Vernazza noted that there will be good movement on the cyber career field in 2025 with the creation of the task force and greater progression of the MCWO and cyber warfare overall.

The post Navy establishing task force along with new cyber career field appeared first on DefenseScoop.

Since the creation of the cyber mission force — the teams each military service is responsible for providing a set number to Cybercom to employ for operations — over 10 years ago, personnel often wouldn’t get all the training they would need at their schoolhouse prior to arriving at their operational units. Rather, digital warriors would get additional on-the-job training upon arriving at their unit. This was a contributing factor to readiness issues that have plagued the cyber mission force across all the services.

Recently, however, Cybercom’s commander, Gen. Timothy Haugh, has noted marked improvements in readiness levels.

Army Cyber Command is trying to move that training to the left as part of its efforts to improve the preparedness of the forces it provides to Cybercom.

“Some of the other things that Gen. Haugh has been talking about, like training to the left, so that more of the soldiers in the CMF when they come out of the schoolhouse don’t require as much or any additional training in order to perform their work role,” Lt. Gen. Maria Barrett, commander of ARCYBER, said in an interview. “The Army, a while ago, aligned its coursework to do … all of the 1000-level tasks and as many of the 2000-level tasks as it could in order to do that. It just didn’t make any sense where we have the majority of the cyber forces in the CMF, why would we insert unique service requirements into the schoolhouse training? First take care of the joint requirements. There is a very strong alignment between the curriculum in the [Cyber Center of Excellence] and the requirements that Cyber Command has put out.”

Operational commanders who receive personnel from the services have to balance their operations with managing the workload directed at training, which is a difficult task, Barrett noted. They don’t want to focus so much on individual training, but rather, the collective training of their respective teams as a unit. She said going forward, they want to spend as little time as possible focusing on the individual training at the operational command and focus more on collective training or developing proficiency beyond basic.

Barrett explained that there are many factors that go into readiness and remedies for deficiencies, noting there is no “silver bullet.”

“There’s the schoolhouse to be considered, there’s the advanced training, there’s the number of ops that we do, there’s the number of trainers to sign off on the training. A whole bunch of things go into the readiness picture,” she said.

Army Cyber is continuing other efforts to improve the preparedness of its forces, some of which were initiated under Paul Nakasone, the previous Cybercom commander, according to Barrett.

Those include special pay for military personnel and civilians, something Haugh has lauded previously, and retention bonuses. Barrett explained that direct hiring authorities with Cyber Excepted Service have also improved readiness.

The Army will be doing five-year tours for cyber mission force members and enablers that perform intelligence, fires, or any other support for those teams.

“If your training pipeline, or some of the unique aspects of doing that discipline in cyber is a one to two years of training and certification, now we get three to four years on the backside of developing proficiency in those disciplines. I think that would be a huge win,” Barrett said.

This leads to deep proficiency in the work roles, something Haugh has talked about realizing for the force.

“It isn’t just about having a particular fill rate, or having people trained at a basic level. We need people at a senior and master level in order to really face the challenges that we think we’d be faced with in the future,” Barrett said.

Army Cyber is looking to instill these readiness fixes, all while continuing to build more teams. In the fiscal 2022 budget, Cybercom proposed and was eventually approved for a phased approach to add 14 additional teams beyond the original 133, adding teams for the first time since the cyber mission force was created. The Army is building four teams over a five-year period and has already seen two such teams achieve initial operating capability. Those teams are now supporting the cyber mission force, marking a significant milestone in enhancing the command’s cyber capabilities, according to an ARCYBER spokesperson.

“That’s a little bit of the challenge of increasing readiness across the rest of the CMF while you’re also growing teams, is we’ve been able to balance that, because that’s very difficult to increase your readiness while you’re growing at the same time. But the teams are on schedule in terms of where we expected them to be from an IOC and [full operating capability] standpoint,” Barrett said.

Regarding the employment of her cyber teams, Barrett declined to offer any specifics regarding operations in the Middle East, but she said they’ve been busy since Oct. 7, 2023, when Hamas’ attack on Israel ramped up tensions and conflicts in the region.

Forces under Cybercom are employed for operations through what’s known as Joint Force Headquarters-Cyber. Each service cyber component commander is also the commander of a Joint Force Headquarters-Cyber and is responsible for operations for assigned combatant commands. For example, JFHQ-C Army is responsible for operations in U.S. Northern Command, Africa Command and Central Command, which covers the Middle East.

Hamas’ attack last year set off a new round of turmoil in the volatile region, which has included an all-out Israeli assault against the militant group and its backers such as Iran and its proxies to include Hezbollah in Lebanon. Additionally, the Houthis — a group backed by Tehran that has controlled portions of Yemen, including the capital, since 2014 — have been attacking U.S. military and commercial ships transiting the Red Sea.

“I do think the volatility of the region is something that we continue to keep our eye on. It is incumbent upon us to deliver both Gen. Haugh and [Central Command commander] Gen. [Michael] Kurilla as many options as possible to kind of try to reset that region. That’s first and foremost, I think. That’s what we’re trying to do is give them options where we can perhaps deescalate, make it more safe to transit the Red Sea,” Barrett said. “That’s what we’ve been really focused on doing.”

The post Army Cyber making moves to improve readiness appeared first on DefenseScoop.

The Air Force announced in February that it was bringing the warrant officer cadre back after they were phased out in 1958. It will start with warrants for IT and cyber. Those cyber warrants will primarily help fill out the ranks of the cyber mission force. The first cohort is slated to graduate in early December and get on mission later that month or early January.

Each of the military services is responsible for providing personnel for a set number of cyber mission force teams to Cybercom, which then employs those forces in operations for geographic combatant commands. The new warrant officers are expected to help with the longevity of work roles within those teams.

“It’s the longevity piece of it and the relationships that they build inside of those spaces. Everything’s unique, but they’re in some very unique spaces with the mission partners that we have, whether it’s the intelligence community or whether it’s mission partners or whether it’s capability developers,” Col. John Picklesimer, commander of 67th Cyber Wing, said in an interview at the AFA Air, Space and Cyber conference. “They’ve built those relationships with those folks, and a lot of this business is based on trust. Now having those folks that are longer term in those seats, that build out their capabilities and their skill sets, then also have the trust of those people — that is going to pay dividends for us, I believe.”

The cyber mission force as a whole has faced readiness issues, due in large part to the disjointed and non-uniform ways that each service presents forces to Cybercom. In many cases, the readiness issue has come down to how services’ personnel policies work in which a cyber warrior undergoes lengthy and expensive training for their work role, but then is cycled out after a few years to perform a different cyber job outside the cyber mission force.

Now, these warrant officers can perform these work roles within the cyber mission force for the duration of their careers and have a path for promotion and career advancement.

“The exploitation analyst is a good example of that where they would move into the CMF and maybe move back into another part of another wing, for example, but their training changes and the qualification requirements change based on the new job they’re going into,” Picklesimer said. “By having them be warrant officers in this space, we don’t lose that time and effort that we put into training these highly talented folks.”

However, he noted that given the roles are so new — especially since the first cadre hasn’t even graduated yet — there will be challenges developing the career paths for warrant officers in the Air Force.

“The piece that we’re really going to have to work on now that we’re getting them in there is, how do we do the professional development of a warrant officer? We don’t really have that model inside of the Air Force to look after,” he said.

The service has received help from the Army and Navy consulting on how they’ve utilized their cohort of warrant officers on their cyber mission force teams.

“We actually brought in a couple of the Army warrant officers, a few Navy warrant officers, really, to help advise on where we would put them in the force, like where they fit inside the different echelons of the CMF, whether it’s on the team level, whether it’s at the headquarters level in the wing perhaps, or whether it’s on our headquarters staff for doing that more operational, strategic-level planning. They were able to help advise on the good location for those and how they’re using those space,” Picklesimer said. “The Army or the Navy how they use their warrant officers … for that professional development, they’ve been great partners already in helping us build out that plan.”

While Picklesimer said the warrant officer cohort is poised to improve the readiness of the Air Force cyber mission force over time, immediately there will likely be a dip given the personnel that volunteered and were selected as the first warrants came from the 67th Cyberspace Wing and its cyber mission force teams.

Once graduated, the majority of the warrants will come back to that wing.

Cybercom’s chief has reported improved numbers in cyber mission force readiness across all the services in recent months.

For the 67th Cyberspace Wing, Picklesimer said officials are engaged in quarterly deep dives for readiness projections.

“It forces our subordinate commanders to really look at their force structure and who they have on teams, and really call their shot and what they’re going to do for the next three months to make sure that they [contemplate], for example, ‘I’m going to create two more senior [interactive on-net operators], I’m going to create two more reporters that are qualified, and this is going to make my readiness come to a certain level,’” he said. “By doing those projections, it’s really enabled us to understand ourselves better and really there’s optimizing the training paths for our 16 different work roles. As you can imagine, with 16 different work roles, there’s 16 different training pipelines, there’s 16 different sets of courses and they’re all different. For us to really put the time and effort into understanding those at a very deep level, it’s enabled us to make big gains in our readiness over the last year.”

The post New warrant officers poised to improve readiness of Air Force cyber mission force teams appeared first on DefenseScoop.

As initially designed, each service provides a set number of offensive, defensive and support teams — known as the cyber mission force — to Cybercom, which employs them in operations. However, despite the cyber mission force’s joint design from the start, those branches have their own unique service cultures and ways of organizing their forces. These dissimilarities led to readiness issues of the teams, drawing concern from Congress, due to the frequent rotating nature of forces that cycle through joint cyber roles and then return to their individual services, which can come at an expense to taxpayers due to the costs and long duration of training it takes for some roles, according to the Government Accountability Office.

Congress in fiscal 2024 provided Cybercom with service-like authorities called enhanced budget control that now afford the command oversight of the offensive and defensive budgets for the cyber mission force, acquisition authority, capability integration authority and training, among others.

Fully realized in March, the command says it’s making progress on addressing readiness concerns and force generation of the service contributions to the cyber mission force.

“We’ve now been able to make readiness advancements that have really been driven by our partnership with services. But it’s based off of the fact that we now have a set of authorities and we’re collaborating as a service-like organization. That has been really powerful and we’re really pleased with the progress that we’re making,” Gen. Timothy Haugh, commander of Cybercom, said at a dinner Tuesday hosted by the Intelligence and National Security Alliance.

“I’m required to send a report back to Congress. It’s a report on services’ ability to meet the readiness requirements of U.S. Cyber Command. This is an area that’s evolved over time. But what we’ve really seen since we’ve done this report is a collaboration with the services,” he added.

The prior commander of Cybercom had openly suggested the need for congressional assistance in aiding the command to address readiness concerns.

One of the most concrete examples of changes these new authorities provide is related to training. Haugh noted that fiscal 2024 was the first full budget Cybercom was able to produce. As part of that development, they now have the authority and funds to direct training.

“We were able to put a significant amount of money into advanced training whereas before that would have been a request to a service, ‘Could each of you grow the training budget that would make our force better?’” he said. “Now, that’s a responsibility to do at Cyber Command and we could commit our resources to focus on growing the mastery of our force. Already seen benefits from that.”

Haugh advocated for the passage of these authorities during his confirmation hearing last July, noting they will be critical in addressing readiness.

“With those authorities it allows Cyber Command to set the investment in our training infrastructure, in our training courses and allows the services to focus on recruiting, initial skills training aligned to our standard, and then to leverage the retention capabilities that Congress has given to the services,” Haugh told senators at the time. “Those are areas now that really change the dynamic of how we will approach cyber readiness, if confirmed.”

Other examples of changes Haugh offered were mostly driven through the services. Those include:

• An Army program that provides advanced cyber pay based on qualifications.
• The Air Force reestablishing warrant officers for the first time in over 50 years, with the first warrants being in cyber and IT fields. Haugh noted “that’s an example of a service that has now invested in ways that are going to help our workforce.”
• The Navy crating a cyber “rating,” or work role in summer 2023 dedicated to cyber for the first time, something the service was forced into doing by Congress due to significant readiness challenges associated with its cyber mission force contributions.

Haugh said that while he is pleased with progress, he’d like to see each service implement the ideas of the other services.

During their confirmation hearings, which all took place just months apart last year, each current service chief was asked about and addressed concerns from Congress regarding cyber mission force readiness, pledging to take steps to remedy concerns.

Cyber Force v. Cybercom 2.0

Pertinent to the discussion of addressing readiness and the realization of new authorities for Cybercom is the looming prospect of a new military service dedicated solely to cyber, on par with the Army, Navy, Air Force, Marine Corps and Space Force.

Proponents believe a separate service is the only way to address manpower issues along with a host of other perceived problems with the current structure of cyber forces and operations.

When asked about a proposed Cyber Force Tuesday, Haugh said his responsibility was building the best version of Cybercom that he can.

He has inherited an initiative that began under his predecessor dubbed Cybercom 2.0, an effort aimed at examining what the future of the command and cyber force looks like.

“As we look at Cyber Command 2.0, it’s really to take us to the next step. We’ve existed as a combatant command for six years. We really built this force 10 years ago. We’re really built off of the challenges that we faced between 2014 and 2018,” Haugh said. “What does Cyber Command need to look like in 10 years going forward and how to structure that force and how to regenerate that force?”

The effort is essentially a project to combine five or six reports requested by Congress to examine various aspects and structures of the command to include how it builds its warfighting architecture and how its various headquarters are structured.

But the biggest aspect is a force generation study, known as the Section 1533 study from the fiscal 2023 annual defense policy bill.

“What the law asked us to look at was our current model, which is how we were structured in FY ’23, so before we received all of our enhanced budget control,” Haugh said. “That was one bumper of the study, is the far left is what we’re currently doing, the far right was to evaluate whether or not we should have a cyber service, and the middle was some hybrid in between to allow the department to be more effective.”

He noted that part of that study has been completed and officials must now update the secretary of defense.

This so-called force structure assessment was due to the secretary of defense June 1. A DOD spokesperson previously said the department tapped the RAND Corp. to study the issue.

“This is our opportunity to go in with [the assistant secretary of defense for cyber policy] and have a conversation with the DepSecDef and the SecDef about what that vision looks like. It’s all going to come back to how do we ensure that we got the force we need? How to regenerate that force within the department? How do we equip that force and really do it at speed and scale? Then how do we leverage technology?” Haugh said. “We have all the pieces, it’s now an opportunity for us to be able to go to the department and say, ‘This is what we think we need to do,’ and then really be able to get guidance from the secretary.”

The post Following new authorities, Cybercom says it’s making progress on correcting readiness appeared first on DefenseScoop.

The capability is part of the Joint Cyber Command and Control (JCC2) program, which is aimed at providing improved situational awareness, battle management, and information about cyber forces’ readiness levels for operations across the globe. According to budget documents, the program provides a “congressionally directed focal point to provide integrated C2 solutions to all echelons for execution of cyberspace operations to enable and accelerate planning/collaboration between Cyber Mission Forces (CMF) and Combatant Commands,” as well as integrating with joint, coalition and interagency command-and-control to enhance multi-domain operations, reduce planning time, improve decision quality and speed — resulting in shorter kill chains.

It is a component of the Joint Cyber Warfighting Architecture (JCWA), first envisioned in 2019 as a way of getting a better handle on the capabilities, platforms and programs the command is designing. It sought to set priorities for the Department of Defense and its industry partners that are building them. It’s thought of as the command’s warfighting platform and consists of a variety of components built by each of the services on behalf of the joint cyber mission force for big data analytics and ingestion, command and control, tools and platforms to launch operations off friendly networks, among others.

JCC2 is being run by the Air Force on behalf of the joint force and Cybercom.

For an effort dubbed JCC2 NextGen, the command has opened a new contract effort that encompasses four areas: threat awareness sharing, IT operations support, battle management development, and field operations and training support.

According to Lockheed Martin, the prime contractor for the readiness effort, the company developed a system to manage cyber force readiness in support of full-spectrum cyber operations that provides commanders with visual dashboards and metrics that display in near-real time the capability and capacity of personnel, teams, equipment and infrastructure to conduct cyber ops.

That readiness application transitioned to the DOD application program management office in 2019 and is mandated for operational use per a task order in June 2023, the company said in responses to DefenseScoop.  

Sources indicated this capability, as envisioned, will be an important tool allowing an unprecedented level of information and fidelity into the status of teams and individual cyber warriors.

Important for the development of the JCC2 capability was not just the ability to command forces across the globe and have insight into their locations and missions, but also the need to track things like mission alignment, how the forces are being used, who is training, who is on mission and what the various skill sets of personnel are.

For example, this level of fidelity to track forces will give commanders the ability to find the right personnel needed for a given mission, something that was not possible previous, as much of that work was done manually on paper. As a hypothetical example, if a commander has a mission and requires a set number of experts for Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) against a particular target, they can find members that are certified for mission with ICS-SCADA expertise and analysts or linguists that pertain to the target, and assign them to that mission.

Without this data and ability to track forces, the commander has no way to make a strategic assessment of them and their availability, which is critical given recent congressional ire concerning readiness of the cyber mission force.

“When it comes to risk assessment, decision-makers need to see the whole picture,” Tish Rourke, vice president of the cyber and intelligence market segment within the Lockheed Martin Rotary and Missions Systems business area, said in a statement.

There were talks as far back as 2018 about tweaking the initial structure of the cyber mission force teams, which hadn’t been reevaluated since it was designed around 2012, in conjunction with all the teams reaching what’s known as full operational capability. Officials always said the answer was to task organize, something modeled after the Cyber National Mission Force, a sub-unified command under Cybercom made up of 39 joint teams and thought to have the DOD’s most talented cyber operators aligned in task forces organized against specific threat actors, with the core mission of defending the nation against digital threats.

In fact, Paul Nakasone, the most recent commander of Cybercom who was also a former CNMF commander, had often talked about his penchant for task forces. The current commander, Gen. Timothy Haugh, was also a former CNMF commander.

Some believe this task force structure will endure and become more widespread across other subordinate commands.

This ability for greater fidelity of readiness and team structure aims to make teams more effective given it provides commanders increased flexibility and responsiveness to the threat or requirements for a mission at any given time, according to sources.

“Delivering data in real time to Commanders enables them for the first time to be able to see themselves, count themselves, and know if the force is a more capable force,” Lockheed said. “One of the core objectives of readiness data is to inform and ensure proper and expedient mission planning in Commander’s [area of responsibility]. Mission effectiveness is significantly improved by ensuring you have the best athletes for the given mission parameters.”

Customizable dashboards are now available to commanders through the system and provide commanders and staff on a daily basis access to information needed for course-of-action development and decision-making, Lockheed said. The readiness application dashboards are utilized on a monthly and quarterly basis by service cyber component commanders to brief the Cybercom commander and deputy commander, Lockheed said.

Moreover, the company noted that commanders and their staff require data and information for joint operations decision-making. The development team demonstrated its ability to integrate with other applications within the DOD application program office, JCWA and other Defense Department components to make the readiness pictures available to commanders even more powerful.

“The Development Team and DOD application PMO have made it a priority to interconnect the Readiness application with other JCWA pillar programs to correlate various stoved piped datasets to create a common operational readiness picture. The application also has capabilities to share its comprehensive datasets to other systems,” Lockheed stated.

One such system is the Persistent Cyber Training Environment (PCTE), an online client that allows access to Cybercom’s cyber mission force from anywhere in the world for individual or collective training and mission rehearsal. While all elements of JCWA must integrate given the concept envisions it as singular platform made up of the sum of its parts, much attention has been paid to the integration with PCTE to be able to track training, which relates to overall readiness.

This integration is “extremely critical,” Mike Hudson, the deputy for the command’s exercise and training directorate, or J7, said during the annual PCTE forum in May.

“From just where I sit in the front office of the J7, being able to track how we’re training, how effectively we’re training and how that reflects in how we conduct operations is a critical component of being able to assess the readiness of our force,” he said. “If we can’t find a way to link these things, we might be off the right path on how we’re training our highly skilled operators. If we have the ability to connect, track training, track operations, track how these folks are doing in the system, it actually gives us a better reflection of whether we need to adjust individual training, whether we need to adjust collective training or whether we need to adjust some other technology, maybe how we’re doing mission rehearsal. All of those things are related.”

A spokesperson for the PCTE program office stated that while JCWA-wide integration is a priority, the focus as of late is JCC2 integration. Functionality was recently introduced that pushes user training data over to the JCC2 readiness application for more accurate readiness reporting.

Cybercom requested $96.9 million dollars for the totality of the JCC2 program for fiscal 2025, according to budget documents.

The documents note that the program office has established a continuous integration/continuous development (CI/CD) pipeline to facilitate the rapid development, integration and fielding of capabilities in order to remain responsive to evolving requirements, and that it will execute the agile development requirements provided by Cybercom, the services and stakeholders.

Lockheed noted that given the system is rooted in DevSecOps and CI/CD principles, it is “highly efficient” in delivering new software releases at the speed of need. New features and capabilities are delivered to the operational community weekly, the company said, noting that the development team engages daily with users for input and feedback.

The post Dashboard aims to give commanders increased ability to assess cyber team readiness appeared first on DefenseScoop.

The U.S. cyber mission force includes 133 offensive, defensive and support teams that conduct ops for Cyber Command. Each of the military services is responsible for providing personnel for a set number of teams to the organization, which then employs those forces in operations for the other geographic combatant commands.

While readiness issues have plagued all the services’ contributions, the Navy has faced heavy criticism from former officials, outside experts, and namely, Congress. Lawmakers grew worried that the Navy’s forces were woefully inadequate.

Last year, at Congress’ direction, the service created specific work roles to address some of those concerns, including the cyber warfare technician rating for sailors and the maritime cyber warfare officer designator. Up to that point, it was the only service that did not have dedicated work roles for its cyber personnel, which were mostly made up of the cryptologic warfare community — which is also responsible for signals intelligence, electronic warfare and information operations, among several mission sets.

Now, after those efforts, the Navy appears to be improving its readiness.

“I’m happy to report that the Navy cyber mission force readiness has increased by 20 percent in the last year,” Anne Marie Schumann, principal cyber adviser for the Department of the Navy, said Wednesday at Defense Talks hosted by DefenseScoop, during her first public speaking engagement since taking the role in April.

Officials in the past had noted there have been improvements in readiness due to these changes, but declined to offer specific metrics or numbers.

Schumann, for her part, also declined to offer “operational specifics to justify what I feel is the quality of our sailors and Marines.”

The post Navy’s top cyber adviser says force readiness improved 20 percent in last year appeared first on DefenseScoop.

That effort will now also combine the equipment cyber protection teams use with the kit for hunt-forward operations performed by the Cyber National Mission Force, Cybercom’s elite unit tasked with defending the nation against significant digital threats. Hunt-forward operations, conceptualized over five years ago, involve physically sending defensively oriented cyber protection teams to foreign countries to hunt for threats on their networks at the invitation of host nations.

Since Cybercom’s inception, there has never been a standardized defensive cyber kit for cyber protection teams — the teams that hunt for malicious activity on Pentagon networks and respond to incidents — despite efforts in the past to create them. Those systems, referred to as Deployable Mission Support Systems (DMSS), varied across all the services. The way Cybercom’s forces are constructed, each of the services are responsible for providing a set number of offensive and defensive teams to the command to conduct operations.

Those DMSS kits are self-contained systems consisting of hardware and software capable of surveying, securing and protecting military networks as well as performing vulnerability analysis and incident response. They are designed to be taken to an incident with little to no notice to connect to the network in order to locate, contain and defeat malicious cyber activity that is either attempting to or has breached Department of Defense systems, according to budget documents.

Despite being designed to be joint in nature with the same training and equipment to operate on the DOD Information Network for defensive teams and the same training for offensive teams, each service provided slightly different DMSS systems to their respective cyber protection teams — creating incongruencies with equipment and forces as well as interoperability issues.

The closest the DOD came was a few years ago, requiring a set of basic tools be included across all DMSS kits provided by the services.

Now, there is an effort to standardize those efforts.

A solicitation from DIU issued Monday aims to combine the DMSS kit with the hunt-forward equipment, to create a singular standardized defensive cyber hunt system across the entire force.

The new Joint Cyber Hunt Kit (JCHK), as it is known, will be a mobile “security operations center (SOC) in a box,” DIU said. It must be portable by a nine-person team anywhere in the world and fit in a suitcase for easy air travel.

“Like the DMSS and HFO kits, the JCHK will be a self-contained flyaway capability utilized by the Cyber Protection Team (CPT) Mission Elements to secure and protect military networks and data centers by conducting Hunt, Clear, Enable Hardening, and Assess missions in blue, gray, and red cyberspace,” fiscal 2025 budget documents state. “The dynamic nature of CPT defensive cyberspace operations driven by the adversary’s rapidly evolving offensive cyber tactics, techniques and procedures require the [Budget Activity-8] flexibility as JCHK evolves. The merging of capabilities will facilitate the standardization of training, maintenance logistics, and force protection and will promote efficient execution of resources based on economy of scale.”

For hunt-forward operations, national cyber protection teams travel to other nations and plug into their network. Most prominent were the ops that took place in Ukraine ahead of Russia’s 2022 invasion, which both governments credit for helping harden Ukraine from potential Russian cyber onslaught. These differ from the tasks that cyber protection teams perform on the DOD’s network.

The new system must be flexible in order to perform standalone operations, given it will most often operate in an environment where it’s not permissible to connect to the internet or send data offsite for analysis.

The solicitation said the kits must to be able to perform any and all activities related to discovering advanced persistent threat activities and analyzing their tactics, techniques and procedures.

DIU has been working to equip Cybercom for many years. Additionally, the commmand awarded a contract worth almost $60 million in 2022 to provide equipment for hunt-forward operations.

Previewing the idea of standardizing the DMSS kits, Cybercom’s top acquisition executive noted that the services will have two years to maintain their separate service kits while the competition is underway.

“We’re going to go out with an RFP and a way of contracting for a common kit, at a minimum at the hardware level and then some layer of software, common software, that will be common across all the services. Then services’ unique needs can be added on top of that,” Khoi Nguyen, who is also the director of the cyber acquisition and technology directorate (J9) at Cybercom, said at a conference in January.

At the time, he said the command wants feedback from industry in a collaborative effort to deliver the best system possible.

“The goal is to get this industry day out there and then we’re looking to do aggressive prototyping. We’re probably going to award two or three more prototyping contracts, give the team [some] amount of time to do the prototyping and then deliver the hardware. Then three months for us [and] the force to play around with it. And then we’ll pick a winner,” he said. “My intent is to, like truly do a competition, allow competition, and that’s why we’re going to give … a decent amount of time for a new vendor or new team of vendors to build a new kit, versus having a prototype period very small, where the incumbent has a higher chance of winning. That’s the goal. We’re going to lay that out as an RFP or RFI. Please come back and tell us if I’m unrealistic or whatever else. We need to know that. But the goal is to get the best kits for the users that we can.”

According to fiscal 2025 budget documents, Cybercom and DIU will be relying on other transactional authority to award a prototype agreement to support the rapid development of a JCHK prototype, with the objective of transitioning cyber protection teams to the new system at the beginning of fiscal 2026.

The post Cybercom looking to combine and standardize defensive cyber kits; solicitation issued appeared first on DefenseScoop.

The passage of the fiscal 2024 appropriations bill at the end of March enshrined new authorities for Cybercom known as enhanced budget authorities. Despite being in the works for a couple of years, the congressional gridlock to pass a budget delayed these authorities.

Now, the command will be in direct control and management of planning, programming, budgeting and execution of the resources to maintain the cyber mission force.

Moreover, the Department of Defense, again at the direction of Congress, created the role of assistant secretary of defense for cyber policy — the top cyber policy office and official in the department.

Together, these actions seek to bring closer to fruition the vision to make Cybercom in the image of U.S. Special Operations Command, with unique service-like authorities to equip warfighters and set training standards along with a civilian secretary-like position overseeing the policy. In the case of Socom, that oversight is provided by the assistant secretary of defense for special operations and low-intensity conflict.

“That is clearly Congress’s vision — is the relationship between ASD SO/LIC and Socom should evolve that ASD Cyber will look like that with Cyber Command,” Gen. Timothy Haugh, commander of Cybercom, said Tuesday at his organization’s annual legal conference. “Our grade sheet should be built on how well we use the authorities we’ve been given, how fast we scale and how we partner.”

Haugh, in one of his first public remarks since taking command Feb. 2, noted that this partnership will be tested early as the acting ASD for cyber and him will be testifying before both houses of Congress this week. The ASD Cyber office was only just officially established March 20.

One of the critical areas the two organizations must work closely together on is an effort dubbed Cybercom 2.0 — a holistic top-to-bottom review underway at the command to examine how to reshape its organization and forces and ensure it’s best postured for the future and emerging threats.

Officials in the past have described that effort as a means of consolidating many of the products owed to Congress.

“That’s how do we take all these new authorities, how do we take this partnership with ASD Cyber and how do we leverage a series of things that Congress has asked us to do,” Haugh said of Cybercom 2.0.

Among the issues Cybercom and DOD are evaluating for Congress is a study to determine the optimal strategy for structuring and manning elements of the various Joint Force Headquarters-Cyber (JFHQ-C), joint mission operations centers, cyber operations-integrated planning elements and joint cyber centers.

Most pressing, however, is the future for how the services present forces to Cybercom, known as the force generation model. Since the early 2010s when the cyber mission force was created, each of the services has been responsible for providing a set number of offensive and defensive teams to Cybercom that are trained by the services based on basic standards that the command sets.  

Given concerns with the varying readiness statuses of these teams across the services, incongruencies with how personnel are compensated across the services and overall inequities, there has been growing concern that the current model is inefficient and the only solution is an independent cyber service.

“We’re doing a study right now that will evaluate, and we brought in an outside think tank to help us look at this — what are the spectrum of options?” Haugh said. “There are also a number of things in between there that we should consider, and also whether or not any of that menu should be applied together. We’re evaluating that. And that’ll be a great test for us as our teammates within ASD Cyber and Cyber Command as we go forward.”

Congress has grown frustrated that DOD has not included certain studies requested by Congress in the manner in which they were requested, to include the force generation study. Cybercom and the Pentagon are now looking into the matter.

“One of those studies on force generation has required us to go back between ASD Cyber and the commander of U.S. Cyber Command and brief the secretary on our vision for the future of force generation this summer,” Haugh said. “In the force generation study, what it asked us to do was to look at our partnership with the services. What I will tell you is, over time, we have had with the services a different relationship between each service and at different parts of our creation and to where we are today.”

Haugh explained that before his predecessor, Gen. Paul Nakasone, left, he submitted a response evaluating the services’ readiness and their ability to present forces to the command — outlining five things the departments could do to improve.

They were mostly in line with how Socom addressed force presentation issues in the past, Haugh said. He didn’t provide specifics regarding all five, only offering that they centered around personnel policies, how the services leveraged tools that Congress had given for retention, and assignment policies.

Despite readiness concerns, Haugh said over the last year the services began implementing some changes and there has been a significant jump in readiness. However, he added that officials would like to see the services implement all five recommendations uniformly.

“We would like to see them all raise that floor farther. And that would be an area. That’s our starting point when we look at where we are in force generation,” Haugh said.

Next generation for acquiring capability

The realization of enhanced budget authority will now allow Cyber Command to control its own capabilities, from requirements to execution.

To date, the services are responsible for building major acquisition programs as executive agents on behalf of Cybercom.

“That model was really one that was thinking that a monolithic acquisition system would be able to, over time, be able to generate the requisite capabilities. What we have found is that largely we’ve had to generate our capabilities inside our force,” Haugh said. “What that has now occurred over time, has been the growth of what are the expectations of U.S. Cyber Command as an acquisition organization — and with a model that was thinking about how can we grow Cyber Command to be Socom-like, leveraging service-like authorities?”

The command now is fully in charge for the budget responsibility of equipping offensive and defensive cyber teams within DOD, validating requirements and allocating resources to acquire capabilities.

“That’s a pretty radical change from where we started to now what we’re authorized to do today. What Cyber Command now has to do is grow into that role very quickly,” Haugh said.  

Officials in the past have noted that in the short term, not much will change. The services will still build major capabilities for the command, though now Cybercom will just reimburse the services as opposed to the services footing the bill. As the command grows its acquisition office and establishes its program executive office by 2027, it will be looking for help on how best to structure itself.

In addition to rapidly growing the acquisition force, the command is also looking at how to partner with others to develop capabilities.

That includes working with organizations like the Defense Advanced Research Projects Agency — for which the command already inked an agreement to bridge the so-called valley of death in acquisitions and get more cyber capabilities into operational use — and other research and engineering teams within the Office of the Secretary of Defense.

“What does that partnership look like with the services now that we have resources, multibillion-dollar resources, to align against our capability development? How do we use the authorities the department has given us as an S&T center to do tech transfer? Where does that put us now to be able to partner with industry as we start to think about capability [and] capability development?” Haugh said. “That’s an area that for us is going to be one of the most significant priorities that we will focus on and we will accelerate. Those partnerships will primarily drive us with our teammates and the services and with industry.”

The post With new authorities and assistant secretary, DOD prepares for next generation of cyber appeared first on DefenseScoop.

“America’s cyber force generation system is clearly broken. Fixing it demands nothing less than the establishment of an independent cyber service,” a report published Monday by the Foundation for Defense of Democracies states. “This research paints an alarming picture. The inefficient division of labor between the Army, Navy, Air Force, and Marine Corps prevents the generation of a cyber force ready to carry out its mission. Recruitment suffers because cyber operations are not a top priority for any of the services … The current system compounds these force-generation challenges. Each of the services has developed its own solutions, leading to both inconsistencies and shortcomings.”

The report’s authors — retired Rear Adm. Mark Montgomery, who is senior director of FDD’s Center on Cyber and Technology Innovation, and Erica Lonergan, an assistant professor in the School of International and Public Affairs at Columbia University — interviewed over 75 active duty and retired U.S. military officers with significant leadership and command experience within cyber. Both authors were members of the now-sunset Cyberspace Solarium Commission.

While not all interviewees believe the creation of a new service is the answer, “everyone agrees that the status quo is not sustainable, even if not everyone we interviewed agreed that necessarily that the solution is to establish an independent uniformed service for cyberspace,” Lonergan told reporters ahead of the report’s release.

Each of the military services is responsible for providing personnel for a set number of teams to U.S. Cyber Command, which then employs those forces in operations for the other geographic combatant commands.

Proponents of an independent cyber service argue the cyber operators have no distinct identity — as they are still members of their respective services — as well as that there are readiness issues associated with each service resourcing their cyber contributions differently, lexicon and pay scales are different for the members of each service, and that command and control structures are confusing.

In one of the most pertinent and striking examples, Congress recently was forced to act in directing the Navy to create cyber-specific work roles as it was the only service to date that had not done so. Navy service members were rotating too frequently in and out of the cyber mission force creating continuity issues, forcing retraining, and ultimately, readiness issues.

Those cyber mission force teams — offensive and defensive — were initially designed to be joint from the outset, trained to the same standards so they could be interchangeable and operate alongside one another. But individual service intricacies have plagued that design, the report alleges.

“The services do not coordinate to ensure that trainees acquire a consistent set of skills or that their skills correspond to the roles they will ultimately fulfill at CYBERCOM … At root, the current readiness issue stems from the fact that none of the existing services prioritizes cyberspace,” it states. “Promotion systems often hold back skilled cyber personnel because the systems were designed to evaluate servicemembers who operate on land, at sea, or in the air, not in cyberspace. Retention rates for qualified personnel are low because of inconsistent policies, institutional cultures that do not value cyber expertise, and insufficient opportunities for advanced training.”

The report, as well as sources who detailed the issue to DefenseScoop previously, allege the services played “shell games” when it comes to staffing the team, oftentimes double counting personnel to make the teams look fully manned.

‘The status quo isn’t working’

There has been frustration among many outside the military that despite readiness shortfalls, not much to date has been done to address how forces are presented.

“This is also a concern that this poor force generation model is negatively impacting readiness. It’s preventing the cyber mission force from conducting operations or really from growing and expanding,” Montgomery told reporters. “We need to absolutely get better or we’re going to create a catastrophic condition where an adversary’s cyber capabilities either enable him to do something we can’t stop or him to stop us from doing something we need to do. I think we’re rapidly getting to that.”

The cyber mission force was conceived in 2012-2013 and began building then. At the time, it envisioned 133 teams. However, that force has remained steady until the fiscal 2022 budget that, for the first time, authorized growth for the cyber mission force approving 14 additional teams.

For Montgomery, the growth and maturation of the force has not been enough to keep pace with America’s adversaries.

“Over the last 14 years, one thing I can definitely say by the Chinese and Russians is their capacity has grown, and the idea that we’ve maintained the exact same level is really concerning. I think we’re there because we’re not able to get the maximum readiness out of that lower level, much less grow and expand it,” he said.

Each of the service chiefs has pledged to make cyber mission force readiness a top priority. However, Montgomery contends the services have completely failed thus far.

“It is definitely a criticism of [the] services. There’s no two ways about it,” he said.

Lonergan noted that there is beginning to be recognition that the current status quo is inefficient and changes must be made.

“The consensus is that the status quo isn’t working and I think I can say that that’s the consensus of our military leaders in cyberspace, too. That’s what’s driving this Cybercom 2.0 effort to do this kind of holistic, comprehensive review of Cybercom,” she said.

Cybercom 2.0 is a holistic top-to-bottom review underway by the command to examine how to reshape its organization and forces and ensure it’s best postured for the future and emerging threats. It’s meant to look at force presentation, force composition, acquisition and other improvements and changes as it evolves.  

Last year, Congress attempted to begin evaluating the prospect of creating an independent cyber service. However, efforts in both the House and Senate were struck from the annual defense policy bill, one of which would have required an independent body to study the merits of establishing a new force.

Advocates for a cyber force are pushing hard this year to ensure something makes it into legislation.

“We do not take lightly the many challenges still ahead in implementing the recommendation for creation of a dedicated Cyber Force, but AUSCF calls upon our nation’s Executive and Congressional leaders to act, through policy and legislation, to meet this call for what our nation so urgently needs in support of national security. The creation of a Cyber Force is a clear message, both to our adversaries and our own citizens, that freedom of action in the cyberspace domain, and protection of our critical infrastructure and sovereignty, are priority responsibilities that the United States takes seriously and will meet with the best our nation can provide,” the Association of US Cyber Forces (AUSCF), a nonprofit dedicated to advancing the capabilities and effectiveness of the United States in the cyber domain, said in a statement provided to DefenseScoop ahead of the release of the FDD report.

Opponents of an independent cyber service argue that now is not the time. The current model has not had enough time to prove itself, the argument goes. Moreover, Cybercom is on the precipice of inheriting significantly more authority. Through what’s known as enhanced budget authority, Cybercom is slated to gain more service-like authorities from full budget ownership of cyber and direction of cyber forces. That was supposed to culminate at the beginning of fiscal 2024.

Others note that the command modeled itself off U.S. Special Operations Command, a combatant command with unique service-like authorities. However, the report notes incongruencies between special operations forces and cyber forces.

“In the SOCOM model, each of the services provides the force employer — SOCOM — with expert personnel who possess skills suited to their particular domain. For instance, an Army Ranger trains for special operations on land, while Navy SEALs possess skills tailored to maritime special operations. Rangers and SEALs are not interchangeable. The Army cannot train SEALS, nor the Navy Rangers. Thus, SOCOM actually gains strength from this one-of-a-kind distributed force-generation model,” the report states. “However, there are no land, sea, or air-specific cyber functions that only particular services can provide.”

As was stated previously, the cyber mission force was designed to be joint from the outset and trained to the same standards so individuals could be interchanged from team to team, offense or defense.

Department of Army and Cyber?

The report’s authors were sure to explain they’re not necessarily wedded to what a cyber force could look like if the Department of Defense has ideas for it.

But it did recommend placing it within the Department of the Army, with Cybercom continuing to be the force employer. Montgomery believes the Army has done the best in cyber, relative to the other services, placing cyber in the hands of general officers. Additionally, the other military departments already have subordinate forces: the Space Force under the Department of the Air Force and the Marine Corps under the Department of the Navy.

“Standing up this new service would be relatively straightforward. Initially, the Cyber Force would encompass the billets that currently comprise the CMF: a 6,200-person mission group consisting of servicemembers, civilians, and contractors,” the report stated. “Beyond the CMF, the Cyber Force could also absorb a select number of billets for cyberspace operators that currently fall within the SOCOM enterprise. The Cyber Force could draw on lessons from the Space Force, which has encountered few issues filling its new roles even though it requires highly technical and skilled personnel.”

The authors were also sure to note the services should keep their organic cyber and IT personnel, meaning the new cyber force wouldn’t suck up all the cyber expertise, leaving the services with nothing.

Ultimately, having a single service — with a service secretary adhering to civilian control of the military — that can solely focus on providing forces for cyberspace operations will improve the readiness of cyber forces and retention, the authors contend.

Montgomery explained that if Cybercom needed to grow, it would be as simple as working with one service as opposed to four right now.

“Cyber Command [could] say, ‘Hey, I need to be 20 teams bigger, to do that I need an extra 1,000 operators.’ He could talk to the cyber force chief and the two of them would then go see the chairman and the Secretary of Defense … and make that argument and then it’d be properly sized,” he said. “I think it would make Cyber Command much more effective and agile. You have a more ready force and then an ability to grow the force. Right now, if he wants to grow the force, he’s got to convince each of the services.”

The post US must establish independent military cyber service to fix ‘alarming’ problems — report appeared first on DefenseScoop.