The funding limitations stem from the committee’s annual defense policy bill, which passed the Senate panel June 13. It pertains to Cybercom’s Joint Cyber Warfighting Architecture (JCWA), designed in 2019 to get a better handle on the capabilities, platforms and programs the command was designing, and set priorities for the Department of Defense as well as the industry partners that would be building them. It includes large programs for data analytics, operations conducted outside DOD networks, dashboards to command forces, and smaller components for individual tools and sensors.

When Cybercom was first created, it relied heavily on intelligence personnel, infrastructure platforms and tradecraft to build its enterprise. But just like the Army needs tanks and the Air Force needs planes to conduct missions, cyber troops need their own military-specific cyber platforms separate from the National Security Agency, which conducts foreign intelligence.

According to a summary of the Senate Armed Service’s bill — the full text of which has not been released as of publication — the committee will limit the funding available for JCWA until the Cybercom commander provides a plan to minimize work under the current architecture and creates a baseline plan for a “Next Generation JCWA.”

According to staff on the committee, they want the DOD to pause the current architecture to make sure it is looking at what the next iteration looks like and how it evolves. The Defense Science Board conducted a study on the architecture.

While staff noted there isn’t any indication the DOD isn’t looking at the next generation, they didn’t want to go too far down the current path before devising plans for how the architecture will evolve.

Cybercom has been on a long journey to develop its own capabilities, stemming from being granted limited acquisition authority in 2016 to realizing full control over its budget beginning in fiscal 2024. One of the main issues is the services still procure many of the capabilities needed by the cyber forces they provide to Cybercom, which over time, has created a hodgepodge of distinct and disparate capabilities that are not well integrated.

As a joint organization overseeing joint cyber teams, the command envisions a warfighting architecture that has the same look and feel across all teams — offensive and defensive — and services. The current architecture encompasses several components built by each of the services on behalf of the joint cyber mission force. The services provide them to Cybercom to conduct cyber operations, as executive agents. As such, JCWA is thought of as a singular platform to conduct military cyber operations, comprised of the sum of its parts.

Officials have alluded to the next generation of JCWA in the past, previously dubbed JCWA 2.0, to better integrate the disparate parts after an in-depth review found some pretty significant deficiencies in the architecture.

Now, the nomenclature has shifted to NextGen, through which Cybercom hopes to evolve the architecture into a more common and integrated platform, Col. Seth Bennett, deputy director of Cybercom’s cyber acquisition and technology directorate, J9, said at the AFCEA TechNet Cyber conference in Baltimore on June 25. Many of the major cyber acquisition programs to date did not have integrated requirements, something that will change going forward while also trying to work backward to integrate what’s already been built retroactively.

“To realize the JCWA Design, USCYBERCOM must balance the need to coalesce around a unifying architectural vision with the fact that the disparate programs already exist in some capacity today, and that the cyber operations forces need capabilities now—they do not have time to wait for a perfectly realized end state,” a chard from Bennett’s presentation read.

JCWA NextGen looks like a “Common Platform Runtime. Today, there are multiple, independently mange [sic] Kubernetes-based service meshes. Work toward a common platform architecture to reduce variance across PMOs. Imagine a fleet of vehicles of varying types, styles, brands, and fuel types for which the team of drivers must learn each vehicle’s needs, idiosyncrasies, and procedures, resulting in significant inefficiencies and delays,” the slide continued, referencing the current state of capabilities.

Also at issue is Congress’ requirement for Cybercom in the fiscal 2023 annual defense policy bill to create a program executive office for JCWA to manage all the capabilities and programs by 2027.

To get there, the command has drafted and outlined its path to initial operational capability and full operational capability. The roadmap includes areas for acquisition policies, hiring and improving the architecture, among others.

The initial operational capability involves continuing to plod along on the current path, something Bennett described as JCWA 1.X, essentially working to lay the groundwork for integration while it works on further developing the programs in progress.

“The idea is that we’ve got to do integration steps along the way. Just because we’re building the PEO and the personnel, doesn’t change the fact that we’ve got to be able to do integration steps,” Bennett said. “There’s clearly spots that we’ve evaluated in that giant architecture where that’s not efficient, that doesn’t make sense, why are there two of those, why are there six of these. We’re picking those spots with our lead architecture and trying to lay out when we’re going to work on integration points.”

The services will continue their work — for which now they will be reimbursed through Cybercom under its new authorities — while the J9 develops the programmatic, organizational and technical outlook for the PEO.

Some examples include aligning and integrating the various software factories across the services. Currently, services run software factories independent and distinct from each other.

“You can’t get to the other software factory from there to see what the amazing tools they’ve developed. Just something as silly as that needs to be integrated, because if you sign into JCWA, you need to be able to go see, look at all the tools, whether it be a Marine, Army, Navy, they should absolutely have them all in one spot so we can go find out how best to use them,” Bennett said. “That’s what we’re going to do in JCWA 1.0 is make those better.”

While the organization continues on its current work, it is also working with the Office of the Undersecretary of Defense for Acquisition and Sustainment to prove it can perform the necessary duties, manage programs and gain milestone decision authority.

Efforts are also underway to gain more staff and acquisition expertise. While the command has gained significantly more authority and funding, its acquisition staff and expertise have remained relatively flat from when it first gained acquisition authority and a budget nearly eight years ago, which was only $75 million per year compared to nearly $3 billion now.

While Cybercom can reach IOC with current staffing, Bennett said, “We will need more billets to get to a full operating capability, no question. I don’t have an answer for you yet on what’s next. How do we get more than what we have today? We’re all working. We’re all trying to do manpower studies and discuss that right now.”

Getting to FOC, on the other hand, will require addressing the findings of the Defense Science Board study, such as redundancy.

“Now we’re faced with: Why are we running six or seven different service mesh clusters when the truth is we can manage them all as a common runtime environment, create the JCWA common runtime environment and manage that in the central spot so that it can maintain its uptime and have its appropriate backups and not waste a lot of money, time and energy?” Bennett said. “That’s what the JCWA NextGen is supposed to be focusing on, making that common runtime environment all at the same time.”

Part of NextGen is aligning the various program offices that the services run on behalf of Cybercom to be value-stream-related and associated with the operational functional needs, such as software agile methodologies.

But until Cybercom gains more authority from the Office of the Undersecretary of Defense for Acquisition and Sustainment to affect programs run by the services, everything is still based upon handshake agreements, Bennett said. The J9 does not have the authority to tell the services how something should look, which is a power retained by the Pentagon’s A&S. Rather, they rely on verbal agreements between the command and service program managers to shape the end state of what Cybercom would like.

“We need that acquisition authority, which is why we’ve got to convince A&S that we can do this so that they can grant it to us. But in the meantime, we can do this,” Bennett said.

The post Senate committee looks to withhold funding for Cybercom capability architecture appeared first on DefenseScoop.

“The area that we need to be able to accelerate is capability development and how we use our budget control and our authorities to generate an acquisition. We should be able to develop things faster than anybody else in the [Defense] Department,” Gen. Timothy Haugh told the House Armed Services Subcommittee on Cyber, Innovative Technologies, and Information Systems during a hearing on Wednesday.

Cybercom has finally received greater control over its budget and capabilities with the passage of the fiscal 2024 appropriations bill at the end of March. That enabled changes, years in the making, to advance the command’s acquisition authority, among others, and begin to provide the organization unique service-like authorities that had previously only been bestowed upon one other U.S. military combatant command — Special Operations Command.

So-called enhanced budget authority means Cybercom will be in direct control and management of planning, programming, budgeting and execution of the resources to maintain the cyber mission force.

Given Cybercom deals primarily in the software realm, it is trying push the boundaries of the traditional acquisition and fielding cycle that is very hardware- and platform-centric and often takes many years from inception to building and delivering.

“The only thing we’re developing is code. How do we do that faster? How do we get it in the hands of our cyber mission force faster?” Haugh told lawmakers.

To date, each of the military services are responsible for building major acquisition programs as executive agents on behalf of Cybercom. But as the organization has matured over time, that model might not be the most effective anymore.

“We’ll drive the requirement, we’ll drive the overall acquisition oversight and the dollars, but we will also partner with the services. It’ll just look different. Whereas before the services were doing that in support of their own forces they presented, which was very disconnected from operations,” Haugh said regarding the new oversight of requirements as part of the enhanced budget authority. “We’re now going to be able to drive that, and we’ve got good service partnerships with their program offices and with their acquisition force. We need to be able to move faster and be able to recast those relationships that are more responsive.”

As Cybercom is looking to evolve as an organization, it is reevaluating all of its relationships with the services and how it goes about its business to enable the faster adoption of capabilities in the software world.

“We also are evaluating our overall architecture and our acquisition. Inside that is how can we use our service like authorities to be more aggressive in the capabilities we have,” Haugh told the Senate Armed Services Committee during a separate hearing Wednesday. “When I first took over command, I met with each of the program offices that are providing capability of U.S. Cyber Command. I saw each of them as really having an agile opportunity because we deal in software. We are not building large iron, we’re building code. We have the right program office structure to move faster. We now needed the resources to do it. You’ve given us the enhanced budget control and we have to combine it with that acquisition authority.”

Part of this evolution is maturing the Joint Cyber Warfighting Architecture (JCWA), first envisioned in 2019 as a way of getting a better handle on the capabilities, platforms and programs the command is designing and an integrated system of systems for the department to conduct military cyber operations.

When Cybercom was first created, it relied heavily on intelligence community personnel, infrastructure platforms and tradecraft to build its enterprise. But just like the Army needs tanks and the Air Force needs planes to conduct missions, cyber troops need their own military-specific cyber platforms separate from the National Security Agency, which collects foreign intelligence.

JCWA is now thought of as a singular platform to conduct military cyber ops. Officials have made integration of the disparate capabilities and systems within the architecture a key goal for 2024.

The majority of these programs being managed by the services right now are utilizing the software acquisition pathway and a continuous integration and continuous delivery approach.

“Agile acquisition is crucial to creating advantage for our commanders, component elements, and operators. The most important effort in this regard is our Joint Cyber Warfighting Architecture,” Haugh told lawmakers in written testimony this week. “In 2024, the Command will partner with the Services and DARPA (among others) to ensure our acquisition strategies can achieve agility, scale, and precision at cyber-relevant speed.”

Haugh also provided that the command received systems engineering and integration authority from the Office of the Under Secretary of Defense for Acquisition and Sustainment for JCWA, which will allow Cybercom to define interoperability standards between the subcomponents of JCWA that are managed by the services.

The A&S directorate is also working with the command to establish a program executive office for JCWA and provide milestone decision authority and other decision authority as that PEO grows in size and capability, Haugh stated.

Congress has mandated Cybercom establish a PEO by 2027. Since gaining enhanced budget authority, officials in the past have noted that in the short term, not much will change. The services will still build major capabilities for the command, though now Cybercom will reimburse the services as opposed to the services footing the bill. As the command grows its acquisition team and establishes its program executive office, it will be looking for help from the services and others in the department on how best to structure itself.

The post Cybercom looking to speed up capability development for digital warriors appeared first on DefenseScoop.

The Joint Cyber Warfighting Architecture, or JCWA, was first envisioned in 2019 as a way of getting a better handle on the capabilities, platforms and programs the command is designing and setting priorities for the Department of Defense and its industry partners that are building them.

When Cybercom was first created, it relied heavily on intelligence personnel, infrastructure platforms and tradecraft to build its enterprise. But just like the Army needs tanks and the Air Force needs planes to conduct missions, cyber troops need their own military-specific cyber platforms separate from the National Security Agency, which collects foreign intelligence.

The JCWA encompasses several components that are built by each of the services on behalf of the joint cyber mission force. The services provide them to Cybercom to conduct cyber operations, as executive agents. Now, JCWA is thought of as a singular platform to conduct military cyber ops, made up of the sum of its parts.

JCWA consists of “disparate program shops, not really well synchronized together,” Khoi Nguyen, command acquisition executive and director of the cyber acquisition and technology directorate (J9) at Cybercom, said during remarks at the AFCEA Northern Virginia chapter’s annual Army IT Day conference Jan. 11. “What we’re doing this next year from a delivery perspective is I picked a chief engineer, we’re laying out a JCWA product roadmap that says hey, the next six months, these six components will play around, we’ll be a little bit better, interoperable in these specific areas.”

As initially laid out, it included four main programs and two additional categories:

• The Persistent Cyber Training Environment for conducting training and mission rehearsal, which is managed by the Army.
• Unified Platform, considered the centerpiece where data is ingested, analyzed and shared, which is managed by the Air Force.
• Joint Cyber Command and Control to command cyber forces and the larger cyber environment, which is managed by the Air Force.
• The Joint Common Access Platform (JCAP) for executing offensive operations beyond friendly firewalls, which is managed by the Army.
• Sensors, which pertain to the kits defensive cyber protection teams use to respond to intrusions, that are overseen by Cybercom’s acquisition arm.
• Tools, which consists of the Joint Development Environment — a space to rapidly develop and test cyber tools run by the Army — though the rest of the portfolio is overseen by Cybercom’s acquisition arm.

Nguyen said specifically, the goal over the next six months will be to get tools developed in the Joint Development Environment seamlessly transferred to JCAP, which today is done by burning the tools to a disk and uploading to JCAP.

“That’s very slow,” Nguyen said.

Congress granted Cybercom so-called enhanced budget authority that was supposed to begin in fiscal 2024, pending budget passage. This gives the command greater oversight over all the programs and personnel as it now inherits the nearly $3 billion budget dealing with almost everything cyber related.

In the short term, the services will still run the programs as executive agents and be reimbursed by Cybercom as the command establishes its own program executive office and acquisition workforce.

This evolution will help Cybercom gain better control and integration over the execution of these programs, experts have said.

Officials have been very open about the fact that the command still has a ways to go in terms of building its program executive office, acquisition prowess and workforce as a still relatively young organization.

The key challenge will be integrating these disparate systems all developed separately into a common framework that all the joint cyber mission forces can use for missions — something that has not truly been done yet.

“We did an in-depth review of the platform, compared to what the operational needs were … [and] we found some pretty significant deficiencies in the architecture,” Michael Clark, Nguyen’s predecessor, said last year. “We know that platform does not meet our mission needs.”

He referred to JCWA in its current state as a confederation of capabilities that aren’t integrated into a true warfighting platform. But now that Cybercom and its units are maturing, it needs an integrated platform that the joint cyber mission force can use, which the command has dubbed JCWA 2.0.

Clark described how, despite the name and vision, programs such as Unified Platform really aren’t unified.

“It’s a federation of Army, Navy, Air Force, DISA, NSA, soon to be Space [Force] probably, SOCOM and the command. And there’s no reciprocity between them in terms of interoperability,” he said. For example, “I can’t do a query, take Log4j, and be able to sit at [Joint Force Headquarters-DOD Information Network] and do a query and understand: Have any of the services’ sensors detected Log4j? I can’t do that today because of the way we have architected the big data clouds.”

Log4j is commonly used to log security information. Last year, a major vulnerability was discovered within it.

To address some of these issues, Nguyen said, officials want to consolidate their DevSecOps environments as each program has its own DevSecOps platform, or DSOP.

“From a DevOps perspective, they all have their own DevSecOp environment and they all have their own DSOP. I’m looking to consolidate DSOPs,” he said. “I’m looking to have UP as one DSOP for all the non-OCO capabilities and then JDE as the other DSOP for offensive capabilities, because their functionality is s a little bit different and I want the uniqueness of the Dev environment to really facilitate to the developers kind of thing.”

When it comes to a JCWA 2.0 mindset, Nguyen said officials want to get to a common Kubernetes platform so all the users and programs can add applications to it.

“Because I have the authority over all these programs, it’s going to be easier for us to move to this much more modern software development construct,” he said.

The post US Cyber Command aiming to consolidate disparate programs in warfighting platform in 2024 appeared first on DefenseScoop.

In a ceremony on July 25, Christopher Green assumed the role for project management for cyber and space within the program executive office for intelligence, electronic warfare and sensors.

Officials have previously discussed the creation of such a program office, but it was officially stood up this week. The new portfolio was necessary to carve out from IEW&S due to the amount of joint work the Army is doing on behalf of U.S. Cyber Command to deliver capabilities and programs for the cyber mission force across all the services, which grew too big to continue to manage out of the electronic warfare and cyber program office.

The services, as executive agents, have historically been responsible for procurement for larger acquisition programs on behalf of Cybercom for the entire joint cyber mission force as part of the Joint Cyber Warfighting Architecture (JCWA). The JCWA was designed in 2019 to get a better handle on the capabilities, platforms and programs Cyerbcom was designing, and set priorities for the Department of Defense as well as the industry partners that would be building them.

While Cybercom will inherit new budgeting authorities in October that will put it in charge of all aspects of the cyber force and capabilities, it is still maturing and thus will still look to the services and their expertise to continue building these platforms for them on a reimbursable basis.

The new program office will handle work on the Joint Common Access Platform for executing offensive operations and the Joint Development Environment, a space to rapidly develop and test cyber tools.

The new office also follows a larger consolidation within the Army that will take place this fall in which all cyber capabilities, offensive and defensive, will be managed by IEW&S. Previously, the defensive portfolio was managed by the program executive for enterprise information systems.

According to an Army release, the move to establish the new office is a recognition of the Army’s contribution to joint cyber ops.

“The days of the Army being a kinetic-only force are gone. Our ability to operate in multiple arenas has become paramount with none more important than mastering the cyber warfare arena … The speed in which you must operate in this environment [cyberspace] is crucial,” Brig. Gen. Ed Barker, PEO for IEW&S, said at the ceremony this week, according to the Army. “That’s why we felt that the emphasis on this domain is important and to stand-up a dedicated organization based on that. An organization that has the agility, the mechanisms, the processes in place, the workforce, the culture to be able to respond quickly. The traditional acquisition cycles no longer apply in this space.”

On the space front, the office will manage much of the national space assets the Army has been handling in recent years under product manager for tactical exploitation of national capabilities.

The Army said the new PM C&S will focus on recruiting new talent and supporting its stakeholders over the next six months to a year. In the future, it will also include the migration of tactical space capabilities and new offices to support emerging cyber requirements.

The post Army officially creates new offensive cyber and space program office appeared first on DefenseScoop.

“Expeditionary cyber forces have already demonstrated potential to extend the reach of cyber enabling activities and close the gaps that limit cyber forces’ ability to access important tactical targets in forward locations,” Lt. Gen. Timothy Haugh wrote to senators in a questionnaire as part of his nomination process.

For the first time, the Department of Defense recognized and defined cyber operations conducted in physical or tactical spaces, called expeditionary cyber operations, in formal doctrine as an update to its cyberspace doctrine in December 2022.

That recognition was significant given authorities to conduct cyber operations were held at the highest levels of government for many years due to fears that operations could have unintended consequences or spread into networks beyond the intended target.

Cybercom owns the offensive cyber capabilities within DOD, and the services conduct offensive cyber ops through Cybercom and the cyber mission forces that each service provides to the command from remote locations, mostly focused on IP-based networks.

However, increasingly, there are targets that either aren’t reachable through IP networks or remote access might not be possible. And as DOD has matured its cyber policies, doctrine and capabilities, the reins have begun to loosen up.

Certain factions have sought to use more proximal effects conducted through radio-frequency, which require fewer levels of approval to conduct operations at the very tactical level.  

Several of the services have begun investing in capabilities and forces for their own offensive cyber. However, that is mostly in the blended electronic warfare or radio frequency-enabled sphere at the tactical level.

While individual services have begun developing and even deploying such forces, all cyber ops must still be connected through Cybercom.

“If confirmed, I will work with the Services to ensure any tactical forces will meet USCYBERCOM training standards, follow Department deconfliction policies, and when leveraging USCYBERCOM authorities, ensure interoperability with Joint Cyber Warfighting Architecture,” Haugh wrote.

The Joint Cyber Warfighting Architecture was designed in 2019 to get a better handle on the capabilities, platforms and programs Cybercom was designing and set priorities for the Department of Defense as well as industry partners that would be building them. They include systems for collecting data, conducting offensive cyber operations, and commanding and controlling cyber forces, among others.

With the advent of these more proximal or tactical forces being built, it is understood that they could provide access to networks for higher-end cyber operators in Cybercom through their close proximity to harder targets as opposed to accessing them fully remotely.

Haugh noted that if confirmed, he’ll work with the services as well as the geographic combatant commands as the department continues to satisfy a provision in last year’s annual defense policy bill to develop integrated non-kinetic forces and capabilities.

That provision directed the Pentagon to develop a strategy for converged cyber and electronic warfare conducted by deployed military and intelligence assets, specifically for service-retained assets, which refers to non-Cybercom elements.

The issues Haugh plans to examine include training, standards, interoperability, and authorities to implement the requirements under the provision.

Haugh wrote to senators that the military must continue to seek new capabilities to exploit adversary systems.

“In my opinion, developing new and novel capabilities and approaches to deliver non-kinetic effects will benefit the Combatant Commands and the Services,” he wrote. “The unique value of the cyber domain is that it crosses, supports, and enhances every warfighting domain by ensuring the secure operation of the Department’s decision-making systems, disrupting malicious cyber actors’ capabilities and ecosystems before they can threaten our networks and platforms, and, when called upon, deliver non-kinetic effects to enable Joint Force Commanders to achieve early initiative during contingencies.”

From a defensive standpoint, he recognized these same threats to U.S. systems, vowing to improve defenses.

“The nature of modern network-centric warfighting is such that nearly every piece of electronic equipment represents a potential cyber-attack surface, to include tactical military systems,” he said. “USCYBERCOM capabilities are always evolving to take advantage of cutting-edge technology, research, and development. Just as we continually improve our own defenses against novel cyber threats, so do our adversaries; if confirmed, it is my intent for the Command to seek new and innovative means, methods, and doctrine to achieve our mission and provide a comprehensive suite of non-kinetic effects when called upon to do so.”

It is unclear when Haugh will be confirmed due to the blanket hold on senior military nominations placed by Sen. Tommy Tuberville, R-Ala., to protest DOD’s abortion policy.

The post Cybercom nominee plans to work with services on ‘expeditionary’ cyber forces appeared first on DefenseScoop.

The Joint Cyber Warfighting Architecture (JCWA) was designed in 2019 to get a better handle on the capabilities, platforms and programs the command was designing, and set priorities for the Department of Defense as well as the industry partners that would be building them. When Cybercom was first created, it relied heavily on intelligence personnel, infrastructure platforms and tradecraft to build its enterprise. But just like the Army needs tanks and the Air Force needs planes to conduct missions, cyber troops need their own military-specific cyber platforms separate from the National Security Agency, which conducts foreign intelligence.

The JCWA encompasses several components that are built by each of the services on behalf of the joint cyber mission force. The service provide them to Cybercom to conduct cyber operations, as executive agents. Now, JCWA is thought of as a platform in and of itself to conduct military cyber ops.

As initially laid out, it included four main programs: the Persistent Cyber Training Environment for conducting training and mission rehearsal, which is managed by the Army; Unified Platform — considered the centerpiece where data is ingested, analyzed and shared — which is managed by the Air Force; Joint Cyber Command and Control to command cyber forces and the larger cyber environment, which is managed by the Air Force; and the Joint Common Access Platform for executing offensive operations, which is managed by the Army. It also included a category for tools and sensors.

Most recently, the Army was awarded as the executive agent for the Joint Development Environment, a space to rapidly develop and test cyber tools.

Last summer, the Department of Defense decided to take a look at JCWA and determine how well Cybercom was postured to use the platform the services were contributing to and building for it.

“We did an in-depth review of the platform, compared to what the operational needs were … [and] we found some pretty significant deficiencies in the architecture,” Michael Clark, director for cyber acquisition and technology at Cybercom, said at the AFCEA TechNet Cyber conference Thursday. “We know that platform does not meet our mission needs.”

He referred to JCWA in its current state as a confederation of capabilities that aren’t integrated into a true warfighting platform.

Now that Cybercom and its units are maturing, it needs an integrated platform that the joint cyber mission force can use.

“There is an effort that we’re leading right now and is beginning to look at what we call JCWA 2.0, or what I want to re-nomenclature as the cyber operations integrated weapons platform,” Clark said. “We don’t fight architectures, we fight weapons platforms. That is going to be a fundamental reengineering and rewickering, rethinking of how the architecture must support the warfighter [and] what that platform is.”

He added the concept of operations and strategy for what a JCWA 2.0 looks like is currently going through staffing at Cybercom.

Part of that maturity has been the command’s evolution in incrementally gaining acquisition authority, and now oversight, over the requirements for its systems.

Congress granted Cybercom $75 million in acquisition authority just seven years ago in a crawl, walk, run methodology to ensure the command didn’t bite off more than it could chew — but only for a five-year period. Now, beginning in fiscal 2024, Congress has granted the command enhanced budget authority, meaning it has greater oversight over the dollars involved in the capabilities and platforms the services were building on its behalf prior. There is also now a single integrated requirements process where Cybercom has control to direct the full acquisition and direction of programs. This is significant given there are currently four different requirements processes under the weapons platform, Clark said, which inhibits prioritization.

Despite the command assuming budget control officially in October — and having set its first budget this year — Clark said in the immediate term, things won’t be much different, citing the mantra “don’t break good.”

“For the next couple years, we’re going to continue to do what we’re doing today — don’t break good — while we take the time to better understand the environment as we move forward,” Clark said. “What’s being done today is generally good enough and we’re not going to upset the applecart by changing how we do acquisitions or radically changing our investing.”

The $3.2 billion Cybercom assumed will be pumped back to the services in the near term. The command will reimburse the services’ program offices for the work they continue to perform on major platforms, but those offices will report up to Cybercom as opposed to their service-specific program executive offices or chains of command.

“I’ll pay the Air Force now — and now that we have the money — to do the acquisition for me. But the strategy in terms of requirements and what the warfighter needs and whether or not we’re getting what we are paying for, will be managed by the command,” Clark said. “We’re going to manage the process, we’re going to manage the requirements, we’re going to drive the standards. But I’m still going to execute most of the acquisition by, with and through the service program offices.”

Building an acquisition portfolio

While the services will continue to perform acquisition work on the major platforms, Cybercom will simultaneously be building out its own acquisition arm through a new program executive office.

Clark said he wants that PEO to be stood up by fiscal 2025, acknowledging that might be aspirational given the biggest hurdle is getting the people to build out that office.

In fiscal 2027, the hope is to negotiate with the services to fully transition acquisition responsibility from their program executive offices that manage those capabilities, to Cybercom.

This fiscal year, Clark said he’ll begin establishing a program management office for a joint cyber weapons portfolio. As an example of the command continuing to work with the services, Clark explained the Air Force is building this office on his behalf.

“It’s my program office, but I am reimbursing the Air Force to get the talent that I need to be able to make that program office scale,” he said.

While the mantra right now is “don’t break good,” Clark said the five-year budget planning process beginning in fiscal 2025 is already working on what JCWA 2.0 looks like and what areas the command can budget for to make significant changes.

One area is managing data.

There are “obvious efficiencies there that can be gained if we figure out a better way to manage the data that we have today,” he said. “The department over the next few years is going to be investing a lot of money to be able to improve our ability to create the outcomes against the challenges we all know we’re going to have by, let’s say, 2027. Fundamentally to that problem is data. Fundamental to the problem in terms of what we need to build is: How do I create a data analytic environment, again at the speed of operational relevance, that creates the model so they can operate at speed?”

Clark cited the example of Unified Platform — considered the centerpiece of JCWA where data is ingested, analyzed and shared — noting there currently is not a way for it to share data from the services as envisioned.

“It’s a federation of Army, Navy, Air Force, DISA, NSA, soon to be Space [Force] probably, SOCOM and the command. And there’s no reciprocity between them in terms of interoperability,” he said. For example, “I can’t do a query, take Log4j, and be able to sit at [Joint Force Headquarters-DOD Information Network] and do a query and understand: Have any of the services’ sensors detected Log4j? I can’t do that today because of the way we have architected the big data clouds.”

Log4j is commonly used to log security information. Last year, a major vulnerability was discovered within it.

Ultimately, Cybercom must be more flexible in the future and adapt faster given adversaries can now turn exploits in hours, not weeks.

“Looking back just two or three years ago, when a new vulnerability was identified in Microsoft Office or Microsoft Windows or Linux, that we probably had six months to a year to posture the DODIN to be able to defend ourselves against that,” Clark said. “Today, it’s hours. Today, our adversaries are taking advantage of large language models [like] ChatGPT and can field an exploit and throw it against the DOD within hours. How do we begin operating, defending ourselves in that kind of environment? But then also, how do we begin taking advantage of that kind of technology to better posture us to achieve the outcomes the nation wants us to be able to achieve against our adversaries?”

Clark noted to stay competitive, the command must fundamentally change its acquisition approach.

“We’re going to have to fundamentally rethink how the platform operates, how we build the sort of capabilities into the platform, and to enable a DevSecOps agile-like construct to be able to drive capabilities at the speed of cyber operational relevance in the warfighters’ hands,” he said.

The post US Cyber Command beginning to examine next-generation weapons platform appeared first on DefenseScoop.

The Joint Common Access Platform (JCAP) will allow the Department of Defense’s cyber operators to connect to their targets beyond friendly firewalls. It had been run by the Army since 2020 as the executive agent for Cybercom. Previously, it had been classified in budget documents, lending little information regarding its programmatic details and funding numbers. To date, what had been known regarding the program was that ManTech had been awarded a $265 million contract in 2020 to support the program over three-and-a-half years.

The funding numbers are found in Cybercom’s research and development budget for fiscal 2024. Previously, the services were responsible for funding capabilities and personnel that fed up to Cybercom. However, in the fiscal 2022 National Defense Authorization Act, Congress granted Cyber Command enhanced budget authority, which provides direct control and management of planning, programming, budgeting and execution of the resources to maintain the cyber mission force.

The services have historically had their own platforms for delivering cyber effects. But as Cybercom has sought to bring capabilities under its Joint Cyber Warfighting Architecture, which guides the command’s acquisition priorities and efforts for the joint cyber mission force across all the services, it has sought to consolidate disparate systems.

JCAP will serve as the joint cyber firing platform for the services, and they are all expected to migrate to it by 2024.

Given the sensitive nature of the program, little information has been released. The Government Accountability Office has described it as a “common access platform for cyber warfighters to project combat power using a comprehensive suite of tools.”

JCAP uses an agile software approach with a bi-monthly forum to assess gaps, threats, requirements and emerging technology to plan for the injection of capabilities on a faster cycle to outpace threats. It delivered its first minimum viable capability last year.

“The Joint Common Access Platform (JCAP) supports USCYBERCOM by providing a protected, managed, orchestrated environment and common firing platform to coordinate and execute the delivery of cyber effects against approved targets,” Cybercom’s budget request states. “This capability enables Cyber Mission Forces’ (CMF) ability to execute operations while managing detection and attribution. The JCAP program leverages existing service access platform programs, with the objective of combining, enhancing, and evolving existing program baselines into a ‘Best of Breed’ JCAP.”

The $89.4 million request for fiscal 2024 would go toward capability improvements that enhance cyber mission force operations and support mission readiness. It would also continue integration across the Joint Cyber Warfighting Architecture with other elements.

JCAP appears in Cybercom’s R&D budget under the title “Robust Infrastructure and Access.” That program element also includes a second effort, dubbed “Other Cyber Operations Infrastructure,” which is highly classified. The budget documents provide no details other than a $80.7 million request for fiscal 2024, bringing the entire program element request to $170.1 million.

When it comes to procurement, Cybercom is also requesting $50.5 million for “Robust Infrastructure and Access (JCAP),” however, the documents described those funds going toward systems for the Joint Mission Operation Centers — where command and control and execution of cyber operations occur — for help desk and technical support, licenses and tech refreshes.

The post US Cyber Command requests nearly $90M for offensive platform appeared first on DefenseScoop.

While no topline budget or number has been released or announced by the command or DOD, budget documents released by the Pentagon detail Cybercom’s operations and maintenance budget request of $332.6 million for its headquarters, a procurement budget request of $129 million and a research, development, test and evaluation budget request of $1.1 billion.

The DOD as a whole is committing $13.5 billion to cyberspace activities in fiscal 2024, which includes a raft of activities that include Cybercom, such as zero trust, encryption and support to the defense industrial base.

Previously, the services were responsible for funding capabilities and personnel that fed up to Cybercom. However, in the fiscal 2022 National Defense Authorization Act, Congress granted Cybercom enhanced budget authority, which provides direct control and management of planning, programming, budgeting and execution of the resources to maintain the cyber mission force.

Cybercom was previously responsible for executing a budget of around $600 million mostly for its headquarters.

“Enhanced budgetary control (EBC) gives USCYBERCOM the ability to directly allocate resources for greater efficiencies during the Department’s programming phase and ensure they remain aligned with priorities through execution. EBC will lead to better alignment between USCYBERCOM responsibilities and authorities for cyberspace operations,” Gen. Paul Nakasone, commander of Cybercom, provided in written Congressional testimony last week.

The significance of Cybercom’s first budget with a program objective memorandum – or POM, which sets fiscal plans for future years – is that it now has greater oversight over the programs, capabilities and readiness of its teams.

As the command matures, it has gained significantly more “service-like” authorities for things like acquisition similar to Special Operations Command and typically not found with other combatant commands.

“The FY24 budget is a significant milestone for CYBERCOM, since this is our first planned budget submission under our Enhanced Budget Control authorities,” a command spokesperson said to DefenseScoop.

This is a big step for the still-young command after Congress granted it $75 million in acquisition authority just seven years ago in a crawl, walk, run methodology to ensure Cybercom couldn’t bite off more than it could chew. Despite some members of Congress over the years expressing skepticism regarding the execution of its acquisition dollars, it now will be responsible for executing significantly more.

Congress has also now directed the command to establish a program executive office in order to manage all the capabilities it will now oversee. That is mandated to fully stand up in fiscal 2027, though the command has already taken steps to begin putting those mechanisms in place.

“Our resourced informed plan is to have an IOC PEO by FY25 to begin a phased transition from the [military departments] PEOs but retaining the absolute goodness of the existing [program management offices] on a reimbursement basis for the Command,” Michael Clark, director of J9, acquisition and technology directorate at Cyber Command, wrote in a LinkedIn post in December.

Previously, the military services provided the funds and budgeting for Cybercom’s major weapons programs, part of its Joint Cyber Warfighting Architecture (JCWA), its platform for conducting military cyber operations that is broken down into several components and systems.

Under this new paradigm, funding for major acquisition programs that the services were directing on behalf of the command will shift to Cybercom, although the services’ program executive offices and program managers will continue to execute the programs.

In last year’s budget materials, the services did not provide numbers for future years spending on JCWA items as is typical, noting “[i]n response to Section 1507 of the FY22 NDAA, the FY24+ funds … will be transferred to USCYBERCOM to be responsible for the planning, programming, budgeting, and execution of the resources.”

Cybercom’s $1.05 billion RDT&E request includes much of the components of the JCWA.

More Cyber Mission Force teams

The DOD’s budget request also funds an additional five Cyber Mission Force teams, from 142 to 147.

As initially conceived in 2012, the Cyber Mission Force – which is composed of cyber teams that conduct offensive, defensive and intelligence and support operations on behalf of Cybercom – set out 133 teams. That number has stayed the same since, despite a rapidly changing global landscape.

The fiscal 2022 budget added growth to that structure for the first time, approving a phased approach between fiscal 2022 and fiscal 2024 to add 14 additional teams.

The first build was four teams in fiscal 2022, five in fiscal 2023 and now five teams in fiscal 2024, bringing the total to 147.

Editor’s note: A previous version of this story misstated the budget Cybercom will inherit.

The post US Cyber Command releases first full budget appeared first on DefenseScoop.

“The Joint Cyber Warfighting Architecture (JCWA) concept continues to mature; however, no dedicated JCWA-level operational test and evaluation (OT&E) is currently planned or resourced, despite aggressive efforts to field critical components of the architecture. This will limit the Department’s ability to understand the impact of current and future capability integration on JCWA’s operational effectiveness, suitability, or survivability,” the fiscal 2022 annual report from the Office of the Director, Operational Test and Evaluation states.

Created in 2019 by Cybercom Commander Gen. Paul Nakasone, this architecture was designed to get a better handle on the capabilities, platforms and programs the command is designing and set priorities for DOD and the industry partners who are building them.

As initially laid out, it included four main programs: the Persistent Cyber Training Environment for conducting training and mission rehearsal; Unified Platform — considered the centerpiece where data is ingested, analyzed and shared; Joint Cyber Command and Control to command cyber forces and the larger cyber environment; and the Joint Common Access Platform for executing offensive operations. It also included a category for tools and sensors. Officials have noted that this is meant to be an agile framework that will evolve over time, likening it to a military cyber warfighting platform through which cyber warriors conduct their missions and analysis, similar to how soldiers leverage tanks and pilots rely on airplanes to carry out their missions.

Despite acquisition authorities, the services, on behalf of Cybercom — which sets the requirements and standards — procure these systems as executive agents.

Last year’s report noted that a lack of governance has led to an ad-hoc alignment of T&E efforts for the JCWA systems that could result in fielding capabilities without demonstrating or understanding their contribution to JCWA operational effectiveness, suitability or survivability.

“USCYBERCOM has not designated an Operational Test Agency to define and develop metrics needed to conduct integrated JCWA‑level OT&E. T&E strategies and processes are maturing, but not fast enough to support initial delivery of capability and features,” last year’s report stated, in line with other similar government watchdog reports asserting that Cybercom has not developed an outcome-based metric to support assessments of programs and staffing issues for acquisitions.

A Cybercom spokesperson explained to DefenseScoop that the command is taking steps to address items DOT&E identified.

Cybercom had previously created two offices within JCWA for better oversight on requirements and integration: the JCWA integration office – which focused on lower-level tactical aspects, such as how the individual service program offices worked together – and the JCWA capability management office – which worked for the deputy commander, drove system requirements and looked at the strategic vision and concepts needed for integration and what the big picture architecture must look like holistically.

In fiscal 2022, the command consolidated those offices in keeping with its focus on enhancing speed, agility and unity of effort across the enterprise as well as optimizing staff, the spokesperson said, adding the merger of efforts has streamlined and optimized the staff driving JCWA integration.

“The resulting entity from the merge continues to lack the authority and resources to effectively manage critical JCWA-level activities. Each program has its own release and deployment schedules, and there are no validated JCWA level mission thread requirements or plans for an integrated JCWA level operational test,” DOT&E’s report stated.

Cybercom, for its part, said it will be receiving additional funding to put toward an integration office for interoperability and testing.

“Currently, CYBERCOM JCWA programs are conducting specific program-focused testing. The command is starting to receive specific funding dedicated to resourcing the combined JCWA Integration Office. As a result of the additional funding, CYBERCOM can enable the Joint Interoperability Test Command to serve as the JCWA Operational Test Authority,” the spokesperson said. “Once JITC is on board, CYBERCOM will continue to work with DOT&E, Service Cyber Components, JCWA program management offices, and other stakeholders to determine when a JCWA-level OT&E event can appropriately be scheduled.”

Moreover, the command stated that enhanced budget controls and procurement authorities have better positioned it to improve coordination, resource management and acquisition requirements. It is further aligning efforts to inform better processes linked and integrated with JCWA requirements.

DOT&E listed four recommendations Cybercom should take. They include immediately resourcing and empowering the Joint Interoperability Test Command to plan, conduct and assess integrated, JCWA-level OT&E; requiring OT&E to inform the JCWA value assessments; establishing a cadence of testing for dedicated OT&E in fiscal 23 to understand how the capability afforded by JCWA is evolving over time and to ensure it is an effective, suitable, and survivable enabler of cyber operations; and, defining and resourcing the test infrastructure required to successfully support JCWA integration, as well as T&E.

The post US Cyber Command still lacks dedicated operational test and evaluation for its weapons platform, Pentagon asserts appeared first on DefenseScoop.

Enter the Joint Cyber Warfighting Architecture (JCWA). Created around 2019 by Cybercom Commander Gen. Paul Nakasone, this architecture was designed to get a better handle on the capabilities, platforms and programs the command is designing, and set priorities for DOD as well as the industry partners that would be building them.

As initially laid out, it included four main programs: the Persistent Cyber Training Environment for conducting training and mission rehearsal, Unified Platform — considered the centerpiece where data is ingested, analyzed and shared — Joint Cyber Command and Control to command cyber forces and the larger cyber environment, and the Joint Common Access Platform for executing offensive operations. It also included a category for tools and sensors.

A Cybercom spokesperson said the ultimate vision for JCWA has not changed since it was laid out in 2019, adding “the development of JCWA capabilities focuses on building a living architecture … By maximizing innovation, JCWA can address evolving threats, adapt to changing technologies and implements new tactics, techniques, and procedures to make timely decisions and take decisive action to defeat U.S. adversaries at speed and scale.”

The services, on behalf of Cybercom — which sets the requirements and standards — and the cyber mission force procure these systems as executive agents. This creates potential integration challenges given all these capabilities must be able to interact and be compatible with each other at the joint level with joint cyber teams.

“I think it’s definitely a large feat of trying to bring together all of these service level elements into this converge warfighting platform,” Chris Benney, vice president at Parsons, said in an interview. “If we can’t integrate these great, amazing capabilities together, we’re not going to be able to achieve that end state of this unified system-of-systems weapons platform and really be part of that multi-domain operations view that we have from a unified Department of Defense strategy.”

Creating the architecture has been beneficial to contractors.

“I’m really excited about that architecture and that framework, specifically because it allows the industrial base to deliver capabilities at speed and scale in support of the command,” Janelle Romero, vice president for cyberspace operations at CACI, said in an interview.

Her colleague, Pete Gallagher, senior vice president for technology solutions at CACI, echoed these sentiments explaining it helps partners organize their approach toward software and hardware.

Aside from the major contractors that are acting as primes to develop systems such as Northrop Grumman for Unified Platform, ManTech for JCAP, Cole Engineering for PCTE’s larger Cyber TRIDENT effort and Two Six Technologies, whose Ike platform is a key component for JCC2, several other companies are supporting the JCWA from a tools or integration standpoint.

“We’re actually actively engaged in several of the development integration of the JCWA core components across not only at the joint-like U.S. Cybercom level, but also down at the DoD service executive agent level,” Benney said. “We’re currently supporting the integration of our enterprise network mapping capability into the Unified Platform component, as well as the JCAP or that firing platform with our access management system for the automated configuration and orchestration of the access operations.”

Benney also said Parsons is working at the strategic level to help integrate systems together, engaging with working groups and the Rapid Development and Integration office within Cybercom’s J9 acquisition and technology directorate.

Others are also looking at supporting the initiative when it comes to tools and access capabilities.

“Our customers need to [have] new and novel approaches to ‘arrive on target,’ evolving beyond current capabilities and current delivery infrastructure to account for defensive features seen in hard-target environments. And we find our customers looking for tools that will allow them to project power against all types of network targets,” said Kevin Fogarty, group chief technology officer for aerospace, defense and civil operations at Dynetics, a Leidos subsidiary. “Dynetics is able to combine our experience and expertise in platform development and systems analysis to create research projects that result in prototype and demonstrated next-generation access capabilities and tools.”

Sources who spoke to DefenseScoop could not think of a completely analogous setup across the DOD that resembles the JCWA. The cyber enterprise within DOD is quite unique, and it includes a combatant command with service-like authorities to train and oversee joint cyber operators and operations.

Some pointed to the Special Operations Command model, others pointed to the F-35 Joint Strike Fighter program, but most recognized that there isn’t an exact replica for procuring capabilities and priorities within the DOD.

“You can search for analogues, but in some ways, I think it is a very unique approach that is again, oriented with U.S. Cybercom specific and unique Title 10 mission,” Dan Haas, director in Peraton’s cyber mission sector, said in an interview. “They, the [combatant command], is creating the major warfighting platform that then they can move out to the service components who are going to be executing some of the missions and allow them to make limited modifications that are operationally relevant or necessary to conduct operations in this specific environment that they will be operating in.”

A weapons platform

Having initially laid out an architecture for programs, Cybercom has shifted its strategic thinking recently, referring now to the architecture as a whole as a weapons platform, not just an architecture of disparately connected systems.

Many see this as a positive step, given cyber warriors will be conducting operations from this platform in support of combatant commanders and national objectives.

“The way I see that it’s more of analogous to these larger weapons platforms we have throughout the DOD. That’s really in my opinion repositioning the focus of what the intention of it really is,” Benney said.

Sources indicated that one of driving forces behind this shift was the naming of Michael Clark as the new director for the J9. Clark has a rich history with the command dating back to its predecessor organization, Joint Functional Component Command – Network Warfare.

“I’m not sure everybody outside the command recognizes the importance of doing that,” one industry source, who requested to not be named, said of Clark’s appointment to the position. “He’s been with the command the longest, he’s got the most experience in the command all on the ops side. Bringing Mike over to make him the [J9] was pretty significant … it makes a lot of sense because he knows JCWA from before it started. He knows the command.”

Sources also indicated one of Clark’s goals has been to help clarify what the JCWA is in both vision and practical terms. Additionally, Lt. Gen. Timothy Haugh, who recently assumed the Cybercom deputy commander role from 16^th Air Force — the Air Force’s information warfare command and service component to Cybercom — will turn his priority to the JCWA.

Haugh’s background, recently as a commander in the fight and previously leading the elite cyber national mission force for Cybercom, along with Clark’s vision will “bring in a renewed energy and perspective to what the command can do to synchronize JCWA within the headquarters,” the source believes.

Some are already starting to see a change in both clarity and consolidation.

“It is positive that U.S. Cybercom is making some deliberate actions to centralize their efforts, their resourcing and their control over the development of the JWCA and its elements in a way to address the complexity and the challenges they have had so far,” Haas said. “The cyber domain is an extremely dynamic domain. It is a domain where we are in contact with our adversary every day. It is moving at a pace, oftentimes, it is more rapidly developing and evolving than the other physical domains. I think what you see in the evolution of the JCWA is a reflection of that reality.”

If the JCWA is to be a warfighting platform, it also has to be outcomes focused, meaning Cybercom has to focus on more than just the technical requirements when communicating to industry, sources say.

“It is operational integration of the elements of the JCWA with a focus on achieving outcomes not just achieving an architecture. That is the way we design a platform. That’s the way we design any large complex warfighting platform, be it a bomber, a fighter, aircraft carrier, etc.,” Haas said. “It’s got to be integration focused on operational outcomes. It has to move beyond the technical.”

Improved coordination with contractors

Cybercom is still a relatively new organization as far as DOD goes, especially when it comes to building its own acquisition prowess that is poised to manage $3 billion.

Industry sources indicated that the command’s communication on priorities and needs is getting better from where it was years ago, but there is still room for more improvement.

“The interaction with industry over the past couple of years has been challenging, but I’m very encouraged by the recent deliberate engagements with industry,” Haas said.

The command is hosting industry days where members of the contracting community can interact with procurement officials and hear what the command desires for support.

A Cybercom spokesperson noted the command holds various forums such as procurement forums and academic engagement network efforts through its DreamPort facility.

“At the top level, [the command] and its partners have done a good job of articulating JCWA vision. From our company’s business, we see well-articulated requirements and use cases at a contract level,” Fogarty said.

These types of engagements have provided for more of a dialogue, allowing industry to provide feedback to Cybercom.

“I think we’ve started to get back to a different state where they opened the doors slowly into that engagement and giving us those opportunities to have a two-way conversation,” Benney said. “That type of level of engagement with industry and even some of our leaders that are involved in so many different elements of this gave us an opportunity to provide them real and honest feedback with where they’re going, what they’re doing and where we think, and giving them suggestions on where they need to go.”

The Cybercom spokesperson said as emerging and innovative capabilities are identified, the command ensures associated requirements and needs are incorporated into the JCWA integration efforts.

Others indicated some of the most important dialogues occur in classified spaces, indicating they’d like to see more of these.

“When we could have the classified discussions and really understand the threat and really understand what … they need from us, I think those are critical,” Gallagher said. “The threat-based understanding of what the demands are, I think, from Cybercom is helpful to all of industry.”

Others have suggested more unclassified sessions to attract more participation, especially since many tools that underpin the technologies for the JCWA components are unclassified.

Fogarty said the most important relationship is threefold: the government acquisition element purchasing a capability, industry, and operators who will use the technology.

“We have seen success when all three parties are in close collaboration, the feedback loop between operator and technology developer allows for the right capabilities to be developed and delivered in the right form factor for operational use. Ensuring this collaboration continues to the greatest extent possible will go a long way in ensuring the operational utility of the JCWA over time,” he said.

Ultimately, the biggest area the command needs to improve upon is integration to ensure success, sources say.

“Given that they are moving in the right direction on some of the consolidation, as we’ve discussed in viewing this as a platform, I think that the biggest room for improvement lies … in that integration piece,” Haas said, reiterating it’s “not technically integrate, because technical integration is necessary, but insufficient to achieving operational outcomes.”

The post Cyber Command now building a warfighting platform, not just a capability architecture appeared first on DefenseScoop.