At a congressional hearing in May, senior defense officials publicly acknowledged that CYBERCOM 2.0 — an initiative launched by U.S Cyber Command (CYBERCOM) to overhaul how it builds and manages cyber forces — fell short of the Pentagon’s expectations. The effort was loosely modeled on Special Operations Command, but even under this model, CYBERCOM still lacks the authority to enforce common standards for the services, tailor recruitment to the unique dynamics of cyberspace operations, or control initial training. “We think it needs even more work,” said Laurie Buckhout, the acting assistant secretary of defense for cyber policy.

There have been attempts to address structural shortfalls in the past. Most recently, Congress granted CYBERCOM enhanced budgetary control in fiscal year 2024, giving the command oversight of roughly $2 billion in acquisitions for cyber tools, systems, and training. But the services still control the vast majority of cyber acquisition funds.

More than two decades after declaring cyberspace a warfighting domain, the U.S. military relies on an inefficient and ineffective solution to generate the capabilities needed to defend it. CYBERCOM holds the primary responsibility for operating in and through cyberspace, but it relies on personnel drawn from five different military services to do so. There are no common standards for recruiting, initial training, or career progression across the services, and none treats cyberspace as a core mission. The result is chronic readiness gaps, inconsistent quality, and top talent regularly lost to the private sector.

The solution is not more reform around the margins. Instead, a dedicated U.S. Cyber Force is long overdue. A U.S. Cyber Force would unify the responsibility for recruiting, training, and promoting cyber talent under one roof. It would foster a cyber-native culture, prioritize cultivating mastery within the cyber domain, and allow for a more flexible, mission-driven force structure. This construct is consistent with how the military organizes itself to man, train, and equip forces across all the warfighting domains. And it is structurally and fiscally viable.

Some critics argue that a U.S. Cyber Force would be too costly and duplicative. But the initial budget would be largely budget-neutral by consolidating existing cyber funding. The fact is that the Department of Defense is already paying for this force, but scattered across five services, with a cyberspace activities budget of nearly $15 billion.

If a new service were created, CYBERCOM would remain as a unified combatant command and serve as the primary force employer — just as U.S. Space Command does for the U.S. Space Force.

The U.S. Cyber Force should focus on generating capabilities for three core missions. First, it should be responsible for generating forces for national-level defensive cyber missions, such as defending against active and ongoing threats facing the Defense Department or supporting defense of critical national infrastructure. Second, it should organize, train, and equip for offensive cyber missions to project power in and through cyberspace, both as an independent capability and as an enabler of joint force missions and objectives. And third, it should generate capabilities to support cyber-related military intelligence — especially foundational intelligence relevant for the cyber domain.

Scoping the remit of the U.S. Cyber Force will be critical to ensure its effectiveness, and some functions must remain outside its purview. For example, the U.S. Cyber Force should not take over the Defense Department’s day-to-day IT operations — it cannot and should not be the cybersecurity service provider for the department. Its role should also be carefully scoped when it comes to related but not core functions, such as information warfare or artificial intelligence.

In short, the U.S. Cyber Force must focus squarely on warfighting readiness in cyberspace — building elite forces to defend national interests, deter adversaries, and, if necessary, fight and win in the cyber domain.

In designing the new service, the architects should focus on five core design principles. First, the service should prioritize quality over quantity, recruiting and retaining the right people to perform the mission. Second, the U.S. Cyber Force should establish a model where career progression follows from demonstrated expertise, rather than time in service. Third, in light of the dynamic nature of the cyber domain, the force should be structured to enable flexibility and adaptation over time, as missions, technology, the threat environment, and other factors evolve.

Fourth, standing up the service should involve a phased transition, taking due care to minimize impact to ongoing cyber operations. And finally — and most importantly — the service must focus on organizational leadership and culture. The U.S. Cyber Force can succeed to the extent that it fosters an organizational culture conducive to the cyber domain.

Every year the Pentagon delays creating a U.S. Cyber Force, the military remains underprepared for modern conflict. Establishing a dedicated cyber service is not a moonshot. It is the logical next step to build a purposeful military for a domain the United States can no longer afford to neglect.

Erica Lonergan is an assistant professor at Columbia University’s School of International and Public Affairs and an adjunct fellow at the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation. She previously served as a senior director on the bipartisan Cyberspace Solarium Commission.

Jiwon Ma is the senior policy analyst at the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation, where she contributes to the work of CSC 2.0 and authors its annual assessments.

The post The Pentagon knows its cyber force model is broken. Here’s how to fix it appeared first on DefenseScoop.

Cybercom 2.0, as the effort is known, is an ambitious plan first unveiled by former commander Gen. Paul Nakasone and other top DOD officials, spurred largely by a report requested by Congress in the fiscal 2023 annual defense policy bill to evaluate how Cybercom generates its forces.

In addition to responding to reports required by lawmakers, the initiative was meant to provide a holistic examination of the command and its forces to better posture them for the future, serving as the first major update since Cybercom was formed over 10 years ago when many sophisticated threats and challenges in cyberspace did not exist.

Former Secretary of Defense Lloyd Austin approved a broad outline for Cybercom 2.0 in December 2024, which encompassed four buckets: a new force generation model for how each service provides digital warriors to Cybercom; a talent management model; an advanced training and education center to ensure troops are better prepared when they arrive at their units and have specialized training if needed; and a cyber innovation warfare center that could focus on rapid innovation and capability development.

Those items had to be fleshed out by an implementation plan team. Upon coming into office, Secretary of Defense Pete Hegseth ordered the team to expedite their implementation plan in 45 days. The updated plan was delivered March 21. It had been held up within the Office of the Secretary of Defense because there was some pushback and it wasn’t being well-received.

Now, leadership is asking officials to reevaluate some components.

“We think that 2.0 was a great effort to improve our workforce, management and retention. We have taken another relook and decided that we think it needs even more work. We consider cyberspace as important as you do. We really appreciate your continued emphasis on that matter, so we have decided to do a deeper look and make it a better product,” Laurie Buckhout, the official performing the duties of assistant secretary of defense for cyber policy, told the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems during a hearing Friday.

Later in the hearing, when asked, Buckhout noted that DOD is essentially moving on from the original Cybercom 2.0 and will revamp it.

“DoD remains committed to being responsive to Congressional direction. Much analysis of various force generation challenges and models went into creating a draft implementation plan that was delivered to DoD leadership in March. The Department is currently evaluating whether that plan goes far enough to address this administration’s priorities, and we will adjust accordingly,” according to a department official.

Someone familiar with the situation also noted that the Trump administration wants a clear plan that can outmatch China, and what was submitted previously didn’t meet that standard in their eyes.

Such a relook isn’t completely surprising given the new administration and how late the plan was submitted to the last administration.

“It doesn’t surprise me if indeed, they’ve asked the command to take another look, because you have people in leadership roles inside the department at the White House, and others who may have some different views on specific aspects of what we’re looking to do or want to go further with certain aspects. I don’t think it’s uncommon if you have something that’s at the phase that this was where it really fell into the gap between two administrations,” Charlie Moore, former deputy commander of Cybercom and distinguished visiting professor at Vanderbilt University, told DefenseScoop.  

When Cybercom was first established, there were a lot of assumptions made about how it would operate, what resources would be shared by the NSA, as well as the relationships with the services and combatant commanders. Most of these initial assumptions have proven incorrect or the mission has evolved, according to sources. Having no choice, the command continued to operate while constrained by these assumptions. The Cybercom 2.0 effort is seeking to be the first of many steps to reshape the command into what is needed.

Lt. Gen. William Hartman, acting commander of Cybercom and performing the duties of the director of NSA, told the House Armed Services subcommittee last week that officials evaluated three models: the status quo, a Special Operations Command-like model and the creation of a separate Cyber Force military branch, with the preference being the SOCOM-like model.

While Cybercom was initially a sub-unified command under Strategic Command, which oversees U.S. nuclear weapons capabilities and doctrine — a flawed model for cyber, as history has borne out — officials have always maintained the best model for Cybercom was SOCOM: a combatant command with service-like authority.

Cybercom received enhanced budget authority from Congress that went into effect in March 2024, giving it oversight of cyber funds. Prior to that, the services were responsible for funding and procuring the resources and weapon systems the command relied upon. Hartman told the subcommittee that in fiscal ’24, the command managed over $2.5 billion.

Much of the Cybercom 2.0 effort was aiming to take advantage of those new service-like authorities and implement them, such as joint force trainer and improvements to the man, train and equip oversight functions over the services.

Officials have discussed improvements to how the services have been recruiting, retaining and training their cyber forces over the last year or so.

Congress also created the assistant secretary of defense for cyber policy position, which aims to act like a service secretary, much in the way the assistant secretary of defense for special operations and low-intensity conflict does for SOCOM.

There has been a growing chorus in recent years for the creation of a separate, standalone Cyber Force as proponents believe that is the only way to fix the issues facing Cybercom and cyber forces more broadly.

Rep. Don Bacon, R-Neb., chairman of the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems, expressed his preference for the SOCOM model but noted there are pros and cons to it, namely the fact that there needs to be service buy-in.

“That means they got to recruit, they got to provide trained people to the Cyber Command at a level that they need. They also got to develop cyber leaders within the promotion system and growing leadership. It’s gets at an earlier question I had — I’m not sure that we’re doing adequate there, but we got to have a full service buy-in to make this model work,” he said. “We were looking at all the general officers, all the services, trying to get a feel for just how much depth we have in the cyber career field. I really only spot one general officer that has extensive cyber experience before they became a general officer. Are we doing enough to develop our cyber leadership here? It seems like we’re low on cyber. We got a lot of depth in air, surface warfare, infantry, space, but the cyber area that there seems to be a shortage.”

Some have described what came out of the first Cybercom 2.0 effort as essentially status quo-plus, the result of what happens when trying to design by committee. The services have the ability to make the changes and accommodate the needs of the command, but that doesn’t always mean they have the desire or willingness to do so given the other competing priorities they’re dealing with, according to some observers, potentially laying the groundwork for and strengthening the case for an independent cyber service.

In his written statement to the House Armed Services subcommittee, Hartman said the Defense Department recently approved several concepts to update the command’s force design and the ways it builds and sustains specialization and expertise within the teams. They include ways of fielding new technologies rapidly and ensuring they are tested and scalable. The measures were prompted and facilitated by recent defense policy bills, Hartman wrote, on readiness and force generation that collectively gave the DOD the opportunity to modernize the cyber force and reshape the command.

Some lawmakers at last week’s hearing gave the witnesses a tough time regarding the change in approach for Cybercom 2.0 and how efforts to reach critical milestones and modernize have taken too long.

“I remain very concerned about the state of our cyber training and readiness. General Hartman’s statement noted that the service cyber components only recently attained ‘foundational readiness standards,’” Bacon said. “Foundational readiness has a very specific meaning, and the fact that it took us more than a dozen years to reach this point is not something to celebrate. To succeed in the cyber domain, we need far more than ‘foundational readiness.’ And I am particularly interested in hearing from you what you need to create and sustain a high level of readiness across the cyber warfare enterprise.”

The cyber mission force has faced constant readiness concerns from its inception. Designed around 2012, the running trope from leaders was they were building the airplane while flying it, an analogy they used when describing the construction of these forces. To meet readiness metrics, the services would sometimes double-count personnel, creating what one prominent think tank referred to as a “shell game.”

Ever since the advent of the Cybercom 2.0 effort, top command officials and service commanders have begun discussing the notion of mastery within the cyber force.

Hartman explained that there’s a more efficient training model to take a basic trained service member and create an expert through authorities granted by Congress.

“Instead of trying to do that across all the services, we do believe there’s an opportunity, using Cybercom service-like authorities, Cybercom joint force training authorities in order to build that mastery of the force. And we look forward to working with the services to do that,” Hartman said.

Some of that work has manifested itself in improving the training curriculum executed by each service, where Cybercom provides joint standards and the service schoolhouses train their cyber warriors that they feed to the command to those standards.

Previously, personnel often wouldn’t get all the training they would need at their schoolhouse prior to arriving at their operational units. Rather, digital warriors would get additional on-the-job training upon arriving at their unit. This was a contributing factor to readiness issues.

Now, some schoolhouses are trying to move that training to the left so personnel show up to their units better prepared to do their jobs.

The post DOD leadership asks for Cybercom 2.0 relook appeared first on DefenseScoop.

Sutton — who is currently chief technology advisor to the commander and director of Pentagon operations at U.S. Cyber Command and had been a professional staff member on the Senate Armed Services Committee focused on cyber — will be the second official to hold this position, which was created by Congress in the fiscal 2023 annual defense policy bill.

That position was established due to the growing role of cyber in society and the U.S. military. Many in Congress wanted to elevate the role of cyber policy within the Defense Department to the ASD level.

As the Trump administration looks to fill out its cyber policy personnel at the Pentagon, multiple press outlets last week reported Laurie Buckhout was selected to serve as the Deputy Assistant Secretary of Defense for Cyber Policy, which was the top cyber policy position in the department until the ASD position was created.

A retired Army colonel, Buckhout was an electronic warfare officer and has been outspoken about the degradation of the Army’s and U.S. military’s EW capabilities relative to adversaries. She recently ran for Congress in North Carolina as a Republican, but was defeated by Democrat Don Davis.

These top cyber policy roles will be integral in helping the department navigate critical cyber issues, namely, the evolution of U.S. Cyber Command via an initiative dubbed Cybercom 2.0. That effort was initially meant to not only provide a holistic examination of the command and its forces to better posture it for the future — given its structure remained largely untouched since its inception over a decade ago in a less dynamic environment — but also bunch together multiple congressional reports that lawmakers required of the DOD in several annual defense policy bills.

“What we see now as Cyber Command 2.0 is the command’s efforts to build domain mastery to achieve a competitive advantage in the cyber domain. Through these efforts, we will be enhancing total force readiness and our innovation,” Gen. Timothy Haugh, Cybercom commander, said last week at the Cyber Workforce Summit in Washington.

The effort has four main buckets: a new force generation model for how each service provides cyber forces to Cybercom; a talent management model; an advanced training and education center to ensure forces are more ready when arriving to their units and have specialized training if needed; and a cyber innovation warfare center that could focus on rapid innovation and capability development.

It has been reported that Defense Secretary Pete Hegseth has directed those efforts be expedited by several months, something some in Congress support.

Haugh told senators at a Senate Select Committee on Intelligence hearing Tuesday that for the 2.0 effort he was asked to produce recommendations for the SecDef on how to manage, develop and equip cyber talent. That plan was brought to Hegseth, who told the command to go faster. Based on Hegseth’s guidance, Cybercom is moving forward with the rest of the department, according to Haugh.

The post Trump nominates former congressional staffer for top Pentagon cyber policy job appeared first on DefenseScoop.

As currently architected, each military service provides a set number of forces to Cybercom to employ in operations. However, the different branches, to a large extent, still retain their own policies and regulations when it comes to figuring out how to staff those forces to Cybercom. This has led to inconsistencies within the cyber mission force — which was designed to be joint and trained to the same standards — with different promotion structures, pay and assignments for the same work roles across each branch.

With enhanced authorities bestowed by Congress, the commander of Cybercom now has greater oversight over how each of the services present their forces. The commander must also provide an annual report to lawmakers evaluating the services’ ability to generate ready forces.

“Much of my last year’s report to Congress were about specific things that each of the services were doing to advance our readiness. What wasn’t inside there is uniform in our approach,” Gen. Timothy Haugh, the chief of Cybercom, said Thursday during a panel at the Special Operations Symposium hosted by NDIA. “There’s opportunities for me in the role that’s been empowered in the law to help drive an approach across the department, which will allow us to be more consistent in how we interact with this force. They serve together. They work together. They work shoulder to shoulder. There is an opportunity for us as a department to be able to be ensure that we’re being really coherent in how we develop and lead that force. I think that’s a critical component for us as we go forward.”

Haugh previously explained that he’s noticed progress in boosting readiness, but he’d like to see the methods each service employed to improve be emulated by the other services as well.

The ability to generate and retain these ready forces falls in line with Congress’ and Cybercom’s push to evaluate the forces that are presented to the command.

That congressional tasking in the form of several studies asked of DOD has been folded into a larger Cybercom initiative dubbed Cybercom 2.0, an ambitious plan first unveiled by former commander Gen. Paul Nakasone and other top DOD officials to provide a holistic examination of the command and its forces to better posture them for the future.

Former Secretary of Defense Lloyd Austin approved a broad outline for the initiative in December with four main buckets: a new force generation model for how each service provides cyber forces to Cybercom; a talent management model; an advanced training and education center to ensure forces are more ready when arriving to their units and have specialized training if needed; and a cyber innovation warfare center that could focus on rapid innovation and capability development. An implementation plan team is working to fill those areas out over the coming months.

Haugh noted that since the plan was approved, the command is looking at how special operations forces conduct talent management.

“Now that we’ve also gotten the support from the secretary for our next-generation force generation model, which we titled ‘SOF Inspired,’ which is around the idea of, how do we do talent management of a really unique high-end force in partnership with the services, how do we develop that force and then how do we equip it in rapid capability development?” he said.

The broad plan for the talent management aspect has been modeled off the Joint Special Operations Command-Special Operations Command model for a focused, capable team to manage talent across the services, much like how Socom does it.

Cybercom has sought to posture itself after the Socom model, a combatant command with unique service-like authorities for acquisition and force generation.

As part of building that next-generation force, Haugh has talked for months now about the notion of cultivating personnel with “mastery” in their focus areas.

“This is one of the reasons that Congress tasked us to go build the future force generation model for Cyber Command, which is, what are the ingredients that are going to allow us to reach mastery of our force. We’ve now reached a level of readiness in our force that we think is a really solid floor, but that’s not where you want to be,” he said. “We want to be at mastery. We know what it looks like in our force. We know what those leaders are that we rely upon, whether that be for planning or operations, and we know how they got there. Much of that is around how we retain and how we employ.”

To help retain that high-end force, Haugh noted that officials are trying to incentive that level of expertise with a bonus structure that rewards advanced skills.

While each of the services have enacted bonus structures to retain their personnel amid competition from the lucrative salaries offered in the private sector, Haugh doesn’t believe just being good in cyber is worth a bonus. Only masters should be eligible.

“We don’t necessarily believe we need to go down a path that everybody that’s in cyber needs [a] bonus. What we should be doing is if you’re great in cyber, you should get a bonus. That’s what we want to reinforce,” he said. “Then the more that we can make that uniform policies across the services, that will get felt by the other elements that also have critical elements of cyber that are integrated in each of their formations.”

The post Cybercom wants more consistent readiness approach across the services appeared first on DefenseScoop.

The briefing, conducted by Gen. Timothy Haugh, commander of U.S. Cyber Command, and Ashley Manning, acting assistant secretary of defense for cyber policy, was the first for members of the chamber on the approved framework for the initiative known as Cybercom 2.0.

“The members of the [House Armed Services Cyber, Information Technologies, and Innovation] subcommittee are very engaged on the future direction of USCYBERCOM and the exchange was substantive and candid,” Rep. Don Bacon, R-Neb., chairman of the subcommittee, told DefenseScoop in a statement. “Secretary of Defense [Pete] Hegseth and General Haugh share the committee’s concerns that the status quo is not acceptable and that more must be done to develop DoD’s cyber force posture, capacity, and capabilities to match the strategic environment.”

Cybercom 2.0 is an ambitious plan first unveiled by former commander Gen. Paul Nakasone and other top DOD officials. It was meant to not only provide a holistic examination of the command and its forces to better posture it for the future — given its structure remained largely untouched since its inception over a decade ago in a less dynamic environment — but also bunch together multiple congressional reports that lawmakers required of the department in several annual defense policy bills.

Former Secretary of Defense Lloyd Austin approved a broad outline for Cybercom 2.0 in December, which encompassed four buckets, according to sources: a new force generation model for how each service provides cyber forces to Cybercom; a talent management model; an advanced training and education center to ensure forces are more ready when arriving to their units and have specialized training if needed; and a cyber innovation warfare center that could focus on rapid innovation and capability development.

Although Austin signed off on those four broad buckets, what they encompass must be fleshed out by an implementation team, which is working to deliver them in the coming months.

Cybercom and its force was set up over a decade ago before the emergence of many of the advanced threats that exist today. Thus, the command needs to modernize — particularly in a domain as dynamic as cyberspace — to meet those threats.

Moreover, the organization was granted enhanced budget authority last year, meaning it now has greater control over its forces, capabilities and budgeting. Many of the Cybercom 2.0 recommendations seek to build upon and accelerate how the command can use those new authorities.

Some lawmakers have expressed optimism for the 2.0 effort.

Cybercom 2.0 is not taking place in a political vacuum. The initiative is underway amidst a growing chorus of experts calling for an independent Cyber Force.

Some in Congress and outside government believe the current cyber model is too broken and the only way to deliver successful outcomes is to create a standalone military branch focused solely on cyber that can recruit, train, retain and fill billets for Cybercom, as opposed to the existing services continuing to do that on top of the myriad other warfighting focuses they have.

A provision for an independent assessment of a potential Cyber Force passed both chambers of Congress last year during the annual defense policy bill process, but was eventually watered-down to strip some of the key language such as a deadline for the study and placing a larger focus on alternative models for cyber forces rather than solely focusing on an independent armed service.

One of the authors of that provision in the House, Rep. Morgan Luttrell, R-Texas, told reporters last month that he’ll be pushing again this year to ensure the study gets done.

Other news outlets have noted that several lawmakers plan to keep pushing officials on the results of the study this year, ensure it is completed and evaluate what they need to further examine based on the findings.  

The post House lawmakers receive first briefing on Cybercom 2.0 model appeared first on DefenseScoop.

As initially designed, each service provides a set number of offensive, defensive and support teams — known as the cyber mission force — to Cybercom, which employs them in operations. However, despite the cyber mission force’s joint design from the start, those branches have their own unique service cultures and ways of organizing their forces. These dissimilarities led to readiness issues of the teams, drawing concern from Congress, due to the frequent rotating nature of forces that cycle through joint cyber roles and then return to their individual services, which can come at an expense to taxpayers due to the costs and long duration of training it takes for some roles, according to the Government Accountability Office.

Congress in fiscal 2024 provided Cybercom with service-like authorities called enhanced budget control that now afford the command oversight of the offensive and defensive budgets for the cyber mission force, acquisition authority, capability integration authority and training, among others.

Fully realized in March, the command says it’s making progress on addressing readiness concerns and force generation of the service contributions to the cyber mission force.

“We’ve now been able to make readiness advancements that have really been driven by our partnership with services. But it’s based off of the fact that we now have a set of authorities and we’re collaborating as a service-like organization. That has been really powerful and we’re really pleased with the progress that we’re making,” Gen. Timothy Haugh, commander of Cybercom, said at a dinner Tuesday hosted by the Intelligence and National Security Alliance.

“I’m required to send a report back to Congress. It’s a report on services’ ability to meet the readiness requirements of U.S. Cyber Command. This is an area that’s evolved over time. But what we’ve really seen since we’ve done this report is a collaboration with the services,” he added.

The prior commander of Cybercom had openly suggested the need for congressional assistance in aiding the command to address readiness concerns.

One of the most concrete examples of changes these new authorities provide is related to training. Haugh noted that fiscal 2024 was the first full budget Cybercom was able to produce. As part of that development, they now have the authority and funds to direct training.

“We were able to put a significant amount of money into advanced training whereas before that would have been a request to a service, ‘Could each of you grow the training budget that would make our force better?’” he said. “Now, that’s a responsibility to do at Cyber Command and we could commit our resources to focus on growing the mastery of our force. Already seen benefits from that.”

Haugh advocated for the passage of these authorities during his confirmation hearing last July, noting they will be critical in addressing readiness.

“With those authorities it allows Cyber Command to set the investment in our training infrastructure, in our training courses and allows the services to focus on recruiting, initial skills training aligned to our standard, and then to leverage the retention capabilities that Congress has given to the services,” Haugh told senators at the time. “Those are areas now that really change the dynamic of how we will approach cyber readiness, if confirmed.”

Other examples of changes Haugh offered were mostly driven through the services. Those include:

• An Army program that provides advanced cyber pay based on qualifications.
• The Air Force reestablishing warrant officers for the first time in over 50 years, with the first warrants being in cyber and IT fields. Haugh noted “that’s an example of a service that has now invested in ways that are going to help our workforce.”
• The Navy crating a cyber “rating,” or work role in summer 2023 dedicated to cyber for the first time, something the service was forced into doing by Congress due to significant readiness challenges associated with its cyber mission force contributions.

Haugh said that while he is pleased with progress, he’d like to see each service implement the ideas of the other services.

During their confirmation hearings, which all took place just months apart last year, each current service chief was asked about and addressed concerns from Congress regarding cyber mission force readiness, pledging to take steps to remedy concerns.

Cyber Force v. Cybercom 2.0

Pertinent to the discussion of addressing readiness and the realization of new authorities for Cybercom is the looming prospect of a new military service dedicated solely to cyber, on par with the Army, Navy, Air Force, Marine Corps and Space Force.

Proponents believe a separate service is the only way to address manpower issues along with a host of other perceived problems with the current structure of cyber forces and operations.

When asked about a proposed Cyber Force Tuesday, Haugh said his responsibility was building the best version of Cybercom that he can.

He has inherited an initiative that began under his predecessor dubbed Cybercom 2.0, an effort aimed at examining what the future of the command and cyber force looks like.

“As we look at Cyber Command 2.0, it’s really to take us to the next step. We’ve existed as a combatant command for six years. We really built this force 10 years ago. We’re really built off of the challenges that we faced between 2014 and 2018,” Haugh said. “What does Cyber Command need to look like in 10 years going forward and how to structure that force and how to regenerate that force?”

The effort is essentially a project to combine five or six reports requested by Congress to examine various aspects and structures of the command to include how it builds its warfighting architecture and how its various headquarters are structured.

But the biggest aspect is a force generation study, known as the Section 1533 study from the fiscal 2023 annual defense policy bill.

“What the law asked us to look at was our current model, which is how we were structured in FY ’23, so before we received all of our enhanced budget control,” Haugh said. “That was one bumper of the study, is the far left is what we’re currently doing, the far right was to evaluate whether or not we should have a cyber service, and the middle was some hybrid in between to allow the department to be more effective.”

He noted that part of that study has been completed and officials must now update the secretary of defense.

This so-called force structure assessment was due to the secretary of defense June 1. A DOD spokesperson previously said the department tapped the RAND Corp. to study the issue.

“This is our opportunity to go in with [the assistant secretary of defense for cyber policy] and have a conversation with the DepSecDef and the SecDef about what that vision looks like. It’s all going to come back to how do we ensure that we got the force we need? How to regenerate that force within the department? How do we equip that force and really do it at speed and scale? Then how do we leverage technology?” Haugh said. “We have all the pieces, it’s now an opportunity for us to be able to go to the department and say, ‘This is what we think we need to do,’ and then really be able to get guidance from the secretary.”

The post Following new authorities, Cybercom says it’s making progress on correcting readiness appeared first on DefenseScoop.

Through several National Defense Authorization Acts, Congress mandated studies focused on these challenges. The Office of the Secretary of Defense, the Principal Cyber Advisor, Cybercom, and the rest of the DOD cyberspace operations community are currently supporting DOD’s response to each study. Cybercom 2.0 is the capstone response which will include the command’s recommendations to the secretary of defense and Congress. Recent academic examination and inquiry into these challenges has produced a variety of solutions — not all informed by realism or logic. Some academics, military leaders and politicians believe that establishing a U.S. Cyber Force will address challenges faced by the DOD cyberspace operations community. We disagree.

Proponents of USCF establishment often cite excision of the U.S. Army Air Corps from the Army to form the U.S. Air Force as precedent for their argument. Equating the creation of the USAF to the proposals for a USCF is built on flawed logic and a fundamental misunderstanding of DOD cyberspace operations missions. 

Proponents leverage the aforementioned force generation and readiness challenges then employ a logic that there are no unique aspects of cyberspace, or cyberspace functions, specific to the services to justify the establishment of a USCF. The argument continues that this homogenous domain requires a standalone advocate because the services do not have unique equities and therefore cannot advocate properly for the maturity of DOD cyberspace operations overall. But cyberspace is not the same across the services, and the excision argument built on this is therefore similarly challenged. 

For example, DOD cyberspace enclaves are not separable components that can be removed and used to create a USCF. These enclaves, and their interconnected functions, permeate all facets of DOD operations and support activities. Furthermore, the cyberspace expertise resident within each service is tailored to the unique mission and domain-specific requirements for the cyberspace elements supporting the warfighting platforms in the physical domains (land, air, maritime and space.) 

A USCF would, by necessity, be forced to integrate itself within each of the other services, since cyberspace systems, and the forces that secure, operate and defend them cannot be extracted from the existing services. Such an integration has already been most efficiently accomplished by establishing cyberspace forces within each of the services. Giving these cyberspace forces a new uniform and a new chain-of-command will not improve the operational integration of cyberspace with the other domains.  

Following the logic applied by most proponents, establishing a separate USCF would be equivalent to establishing a separate service that flies all military aircraft or a separate service to drive and maintain all military trucks. Of course, that is not a reasonable approach, but neither is establishing a service whose forces would need to be similarly integrated at the tactical level with the forces of other services. 

Practically, the Marine Corps’ experience in Guadalcanal and the resultant establishment of the Marine Air-Ground Task Force (MAGTF) are illustrative comparisons. During the Marine campaign in August 1942, Naval air and amphibious support forces “left the 1st Marine Division alone” and “exposed to Japanese attacks,” rendering them “virtually a besieged garrison.” In December 1963, the Marine Corps published Marine Corps Order 3120.3 which formalized the MAGTF as an organization to ensure the Marine Corps deployed projection forces with the ability to move ashore with sufficient sustainability for prolonged operations, including organic air, ground and support assets. Today cyberspace operations are also integrated into the standard MAGTF structure. There are similar examples that demonstrate how quintessential elements of force projection are retained within each service, and cyberspace forces should be no different. Cyberspace operations are inherently connected to the modern battlefield, so cyberspace forces must be integrated down to the tactical level — an effect which is best achieved by the current model.

A recent article claimed that a USCF should be established because only a USCF could adequately develop and maintain doctrine for cyberspace operations. The article claims that the Army is primarily responsible for developing cyberspace operations doctrine today. These claims are false. Congress gave the Cybercom commander authority to develop doctrine for DOD cyberspace operations in section 167b of Title 10 U.S. Code, and Cybercom has diligently worked to do so.

The article claims that there is only one joint doctrine publication for cyberspace operations. This claim is also false. There are two joint publications for cyberspace operations (Joint Publication 3-12 Joint Cyberspace Operations, and Joint Publication 6-0 Joint Communications).

Furthermore, Cybercom develops and maintains many command-level doctrine publications in a Cyber Warfighting Library, and some of the services have developed service-specific doctrine for cyberspace operations (e.g. Army Field Manual 3-12 Cyberspace Operations and Electromagnetic Warfare and Air Force Doctrine Publication 3-12, Cyberspace Operations, and Navy Warfare Publication 3-12 Cyberspace Operations). Doctrine development for DOD cyberspace operations is not a challenge equivalent to recruiting, training, retaining, and tracking readiness of cyberspace forces.

Proponents of USCF establishment often present creation of a new service as the only reasonable approach to address training and readiness issues faced by Cybercom and the services. This assertion is false. Congress recently expanded Cybercom service-like authorities to include enhanced budgetary control, and the president designated the command as joint force provider and joint cyberspace trainer for cyberspace forces. Despite becoming a unified combatant command in 2018, it is only now in 2024 that there is a complete alignment between acquisition, the scope of training and provisioning, and budgetary responsibility and authorities. Therefore, it is only in fiscal 2024 that the commander responsible for readiness of cyberspace forces now has the authority over the acquisitions and resources to drive that readiness. These authorities have not yet been fully implemented and evaluated, but external commentators are already calling for a solution that is completely divergent from the Cybercom-centric approach U.S. leadership has advocated for consistently over the past 15-plus years. 

Both the former Cybercom commander, retired Gen. Paul Nakasone, and the current Cybercom commander, Gen. Timothy Haugh, answered congressional inquiry about establishing a new service with discussion on how effective the existing U.S. Special Operations Command (Socom)-like model is. Nakasone also publicly declared his opposition to the creation of a new service for cyberspace operations. A recent article highlights Mieke Eoyang, deputy assistant secretary of defense for cyber policy, advising caution toward the idea of creating a USCF. The article quotes her as warning “be careful what you wish for” in reference to the aforementioned excision fallacy.

Recent articles claim that existing services place a low priority on, and perform poorly at, recruiting and retaining cyberspace forces. Creating a new service is not the only way of addressing this problem and it should not be presented as such. Congress, DOD and Cybercom need to hold the services accountable for providing the trained and ready cyberspace forces they’ve been tasked to deliver. What existing programs can be used to improve performance? How might the Congress, DOD and Cybercom help the services improve recruiting and retention? Ultimately, what is evident to us is that some current scholarship proposes a course of action without adequately considering alternatives to the one they prefer. Without providing complete evaluation criteria to compare proposals against, the community of interest is left wanting.

However, aside from the obvious associated cost, the most critical evaluation criteria must be disruption. Cybercom is responsible for ensuring the security, operations and defense of all DOD-controlled cyberspace, defending the nation from advanced cyber threats, and providing cyberspace operations support to other combatant commands. These are critical all-day-every-day missions. Among the wide range of possible solutions, which options are least disruptive to these ongoing missions? What options are most likely to result in steady improvement while minimizing the disruption of these missions? It is reasonable to assume that creation of a USCF would be the most disruptive option. It is highly likely that all the personnel that are actively working to implement new service-like authorities and address these challenges today would have to cease their progress to “Go figure out how to establish a cyber service.” This disruptive proposal presents unacceptable risk to the nation.

A more reasonable approach is to build up the existing Cybercom-centric model while allowing for controlled progress toward a more robust model like that of the Socom. The force generation model of Socom works because each of its service components deliver domain-peculiar forces and capabilities to the Joint Force. Maturing Cybercom’s employment of the Socom-like force generation model has the potential to address the recruiting, training, retention and readiness challenges. 

It is essential that U.S. leaders give Cybercom a reasonable amount of time to implement, test and iterate on its newly enhanced budgetary control authority, doctrine development authority, and joint force provider and joint cyberspace trainer responsibilities. Leaders, and the broader community of interest, should also allow highly-qualified DOD experts with firsthand experience to complete and present maturation recommendations under the Cybercom 2.0 initiative and likewise consider how leaders in the services, DOD and Congress can enable more rapid progress toward Cybercom 2.0-recommended solutions to address DOD’s challenges in cyberspace. 

DOD has made significant progress toward integrating cyberspace operations within broader department operations. Many challenges remain to optimizing DOD processes that enable successful cyberspace operations, but the arguments for establishing a new service do not justify this extremely expensive and radically disruptive course of action. Instead, U.S. leaders should stay the course, double down on the Cybercom-centric model for military cyberspace operations, and trust the expert recommendations of the experienced individuals they have appointed to lead military cyberspace operations on behalf of the nation. Any solution presented to address these challenges should include robust course of action evaluation criteria, including the degree to which they are likely to disrupt ongoing cyberspace operations and put the nation’s cybersecurity at risk. Future analysis should be focused on evaluating, implementing and refining Cybercom 2.0-recommended solutions.

Authors’ note: The views expressed in this work are those of the authors and do not reflect the official policy or position of the U.S. Cyber Command, the Department of Defense, or any other U.S. government entity.

Alan Brian Long Jr. is a Senior Policy and Doctrine Analyst at U.S. Cyber Command, where he serves as one of the foremost experts on DOD cyber policy and doctrine. He has 11 years of experience at Cybercom, and prior to arriving at the command, he served in the U.S. Marine Corps signals intelligence community. Brian is credited with authoring several notable cyber policy and doctrine documents within the DOD cyberspace operations community. He has deep institutional knowledge about the maturation of Cybercom and the broader DOD cyberspace operations community derived from over a decade of firsthand experience as a practitioner and action officer.

Maj. Alexander Pytlar is an Army Strategist (Functional Area 59) at U.S. Cyber Command, where he serves as the Deputy Branch Chief for the Strategy Branch within the Cybercom J55 Strategy, Policy, and Doctrine Division. His most recent assignment was as an assistant professor of geography at the United States Military Academy at West Point. Prior assignments include reconnaissance platoon leader and tank company commander, with deployments supporting Operation Enduring Freedom and Operation Spartan Shield, respectively.

The post An argument against establishing a U.S. Cyber Force appeared first on DefenseScoop.

The passage of the fiscal 2024 appropriations bill at the end of March enshrined new authorities for Cybercom known as enhanced budget authorities. Despite being in the works for a couple of years, the congressional gridlock to pass a budget delayed these authorities.

Now, the command will be in direct control and management of planning, programming, budgeting and execution of the resources to maintain the cyber mission force.

Moreover, the Department of Defense, again at the direction of Congress, created the role of assistant secretary of defense for cyber policy — the top cyber policy office and official in the department.

Together, these actions seek to bring closer to fruition the vision to make Cybercom in the image of U.S. Special Operations Command, with unique service-like authorities to equip warfighters and set training standards along with a civilian secretary-like position overseeing the policy. In the case of Socom, that oversight is provided by the assistant secretary of defense for special operations and low-intensity conflict.

“That is clearly Congress’s vision — is the relationship between ASD SO/LIC and Socom should evolve that ASD Cyber will look like that with Cyber Command,” Gen. Timothy Haugh, commander of Cybercom, said Tuesday at his organization’s annual legal conference. “Our grade sheet should be built on how well we use the authorities we’ve been given, how fast we scale and how we partner.”

Haugh, in one of his first public remarks since taking command Feb. 2, noted that this partnership will be tested early as the acting ASD for cyber and him will be testifying before both houses of Congress this week. The ASD Cyber office was only just officially established March 20.

One of the critical areas the two organizations must work closely together on is an effort dubbed Cybercom 2.0 — a holistic top-to-bottom review underway at the command to examine how to reshape its organization and forces and ensure it’s best postured for the future and emerging threats.

Officials in the past have described that effort as a means of consolidating many of the products owed to Congress.

“That’s how do we take all these new authorities, how do we take this partnership with ASD Cyber and how do we leverage a series of things that Congress has asked us to do,” Haugh said of Cybercom 2.0.

Among the issues Cybercom and DOD are evaluating for Congress is a study to determine the optimal strategy for structuring and manning elements of the various Joint Force Headquarters-Cyber (JFHQ-C), joint mission operations centers, cyber operations-integrated planning elements and joint cyber centers.

Most pressing, however, is the future for how the services present forces to Cybercom, known as the force generation model. Since the early 2010s when the cyber mission force was created, each of the services has been responsible for providing a set number of offensive and defensive teams to Cybercom that are trained by the services based on basic standards that the command sets.  

Given concerns with the varying readiness statuses of these teams across the services, incongruencies with how personnel are compensated across the services and overall inequities, there has been growing concern that the current model is inefficient and the only solution is an independent cyber service.

“We’re doing a study right now that will evaluate, and we brought in an outside think tank to help us look at this — what are the spectrum of options?” Haugh said. “There are also a number of things in between there that we should consider, and also whether or not any of that menu should be applied together. We’re evaluating that. And that’ll be a great test for us as our teammates within ASD Cyber and Cyber Command as we go forward.”

Congress has grown frustrated that DOD has not included certain studies requested by Congress in the manner in which they were requested, to include the force generation study. Cybercom and the Pentagon are now looking into the matter.

“One of those studies on force generation has required us to go back between ASD Cyber and the commander of U.S. Cyber Command and brief the secretary on our vision for the future of force generation this summer,” Haugh said. “In the force generation study, what it asked us to do was to look at our partnership with the services. What I will tell you is, over time, we have had with the services a different relationship between each service and at different parts of our creation and to where we are today.”

Haugh explained that before his predecessor, Gen. Paul Nakasone, left, he submitted a response evaluating the services’ readiness and their ability to present forces to the command — outlining five things the departments could do to improve.

They were mostly in line with how Socom addressed force presentation issues in the past, Haugh said. He didn’t provide specifics regarding all five, only offering that they centered around personnel policies, how the services leveraged tools that Congress had given for retention, and assignment policies.

Despite readiness concerns, Haugh said over the last year the services began implementing some changes and there has been a significant jump in readiness. However, he added that officials would like to see the services implement all five recommendations uniformly.

“We would like to see them all raise that floor farther. And that would be an area. That’s our starting point when we look at where we are in force generation,” Haugh said.

Next generation for acquiring capability

The realization of enhanced budget authority will now allow Cyber Command to control its own capabilities, from requirements to execution.

To date, the services are responsible for building major acquisition programs as executive agents on behalf of Cybercom.

“That model was really one that was thinking that a monolithic acquisition system would be able to, over time, be able to generate the requisite capabilities. What we have found is that largely we’ve had to generate our capabilities inside our force,” Haugh said. “What that has now occurred over time, has been the growth of what are the expectations of U.S. Cyber Command as an acquisition organization — and with a model that was thinking about how can we grow Cyber Command to be Socom-like, leveraging service-like authorities?”

The command now is fully in charge for the budget responsibility of equipping offensive and defensive cyber teams within DOD, validating requirements and allocating resources to acquire capabilities.

“That’s a pretty radical change from where we started to now what we’re authorized to do today. What Cyber Command now has to do is grow into that role very quickly,” Haugh said.  

Officials in the past have noted that in the short term, not much will change. The services will still build major capabilities for the command, though now Cybercom will just reimburse the services as opposed to the services footing the bill. As the command grows its acquisition office and establishes its program executive office by 2027, it will be looking for help on how best to structure itself.

In addition to rapidly growing the acquisition force, the command is also looking at how to partner with others to develop capabilities.

That includes working with organizations like the Defense Advanced Research Projects Agency — for which the command already inked an agreement to bridge the so-called valley of death in acquisitions and get more cyber capabilities into operational use — and other research and engineering teams within the Office of the Secretary of Defense.

“What does that partnership look like with the services now that we have resources, multibillion-dollar resources, to align against our capability development? How do we use the authorities the department has given us as an S&T center to do tech transfer? Where does that put us now to be able to partner with industry as we start to think about capability [and] capability development?” Haugh said. “That’s an area that for us is going to be one of the most significant priorities that we will focus on and we will accelerate. Those partnerships will primarily drive us with our teammates and the services and with industry.”

The post With new authorities and assistant secretary, DOD prepares for next generation of cyber appeared first on DefenseScoop.