The Senate Armed Services Committee is asking the Department of Defense for greater clarity and formalization of its cyber operations.
In its version of the annual defense policy bill — which passed the committee last week, though full text of the language was only made public this week — the committee takes aim at U.S. Cyber Command’s so-called hunt forward operations.
Hunt forward operations involve teams from Cyber Command physically deploying to other nations to assist them with cyber defense. These operations provide American cyber teams insight into tactics that could be turned against U.S. networks or used to disrupt the elections process, officials have maintained.
The Department of Defense wants to spend $11.6 million in fiscal year 2021 to buy systems that would help cyber operators perform “hunt forward” missions, where teams deploy to other countries to stop malicious cyber activity.
The panel wants the department to develop a formal framework for these operations by February in order to enhance consistency, execution and effectiveness.
Such a framework should include, among others:
- Criteria for proposed hunt forward operations including specification of necessary thresholds for the justification of operations for partner cooperation.
- The roles and responsibilities of organizations in the support of the planning and execution of hunt forward operations such as Cyber Command, services components, the Office of the Secretary of Defense for Policy, the geographic combatant commands, cyber operations-integrated planning elements, joint cyber centers, and U.S> embassies and consulates.
- Predeployment planning guidelines to maximize operations success.
- Metrics to measure effectiveness of the operations.
- Roles and responsibilities of Cyber Command and the National Security Agency.
The bill’s provision also requires a briefing on the framework to Congress no later than March 21, 2021.
More broadly, the Senate Armed Services Committee’s draft of the National Defense Authorization Act asks for an assessment of cyber operational planning as well as deconfliction polices and processes by November 2021.
The assessment must evaluate:
- If the joint targeting cycle and relevant operational and targeting databases are suitable for the conduct of timely and well-coordinated cyber operations.
- If each of the policies and processes to facilitate technical, operational and capability deconfliction are appropriate for the conduct of timely and effective cyber operations.
- If intelligence gain-loss decisions made by Cyber Command are sufficiently well-informed and made in a timely fashion.
- If relevant intelligence data and products are consistently available and distributed to relevant planning and operational elements in Cyber Command.
- If collection operations and priorities meet the operational requirements of Cyber Command.
- If authorities relevant to intelligence, surveillance and reconnaissance as well as operational preparation of the environment are delegated to the appropriate level.
With several teams conducting offensive and defensive cyber operations around the world, deconfliction and planning is critical. The U.S. Cyber National Mission Force teams conduct offensive operations in the name of defending the nation in what are known as defensive cyber operations-response actions. The teams are aligned against specific nation-state actors. Teams that belong to the geographic combatant commands also conduct offensive operations against the actors within their purview.
On the defensive side, DoD-Information Network teams conduct global operations to operate and maintain the military’s network, while cyber protection teams across the world act as SWAT teams, defending and responding to network breaches.
Given the global nature of cyberspace, keeping these operations in check — and ensuring friendly forces aren’t tripping over one another — can be challenging.
Cyber Command's new integrated cyber center drastically improves the information sharing of cyber threats across the government.
DoD and Cyber Command have already established some mechanisms to ensure better planning and deconfliction of forces. They have established planning cells, known as cyber operations-integrated planning elements. Those elements are locally based within the staffs at the geographic combatant commands that are involved in the planning of operations, and they work alongside land, air and sea components.
Additionally, the Integrated Cyber Center and Joint Operations Center is tasked with, among other things, deconflicting Cyber Command’s global offensive cyber operations missions.
“Our job is now to provide the global view and to make global command and control decisions or to provide the data so that Gen. [Paul] Nakasone, [head of Cyber Command and director of the National Security Agency], can make those global decisions,” Maj. Gen. Charles Moore, director of operations at Cyber Command, told reporters last year. “We have to be able to look globally at the picture that we’re seeing, we have to be able to see what the enemy is doing, we have to know where our forces are positioned, and then obviously we want to be able to put our forces in the best position so that we can drive enemy activity as opposed to being in reactive mode.”