Earlier this month, U.S. Cyber Command announced a critical milestone for its cyber mission force. Its roughly 6,200-person cyber warrior cadre reached what is known as full operational capability, meaning all 133 teams are manned and passed their qualifications.
Now, the command is shifting from building out the teams to bolstering its readiness.
“As the build of the cyber mission force wraps up, we’re quickly shifting gears from force generation to sustainable readiness,” Gen. Paul Nakasone, commander of Cyber Command, said in a release marking the milestone. “We must ensure we have the platforms, capabilities and authorities ready and available to generate cyberspace outcomes when needed.”
Brett Barraclough, executive director of cyber and IT solutions at ManTech Mission Solutions and Services Group, equated the designation to a mile post on a race course. In this case, DoD is not stopping as it is not the finish line.
“Strategically, this was supposed to be a build-assess-build process. I kind of look at the FOC as the completion of the first build and now we’re getting into more readiness or the assessment phase,” he said.
As forces continue to cycle in and out, the services are going to have to sustain their teams from a manning and training perspective.
“The readiness is a rolling process because a lot of the teams have been FOC in terms of the build for a while now,” Katherine Charlet, director of Carnegie’s Technology and International Affairs Program, told Fifth Domain, referencing how some services certified all their teams a year early. “You have hit FOC … but it’s not like you can now just stop thinking about pipelines of people and training, getting them basic training and equipping because it’s still going to be a constant flux.”
Charlet, who previously served as the acting deputy assistant secretary of defense for cyber policy, said from a broad level, readiness is about working as a team, being creative, solving problems, knowing the mission and being fully equipped.
While the individual services are still responsible to “man, train and equip” forces and the commands are responsible for fighting, Cyber Command has been granted service-like authorities from Congress. Officials have testified this will “allow it to acquire cyber-unique equipment and technology rapidly and to train its people to meet the latest threats.”
“The service like authorities that Cyber Command has been given, are they being employed and are they being used in a way to really expedite the questions about readiness,” Michael Sulmeyer, director of Harvard’s Belfer Center’s Cyber Security Project, told Fifth Domain.
Sulmeyer, who previously served as the director for plans and operations for cyber policy in the office of the secretary of defense, said he is curious how much slack Congress will give on the question of readiness.
Specifically, with the staffing designation, he wants to know what are Congress’s expectations going forward and what is the payoff they’re looking for given the authorities and funds it’s bestowed on the command, he said.
One path Congress could take, Sulmeyer posited, is to provide tweaks and flexibility to the personnel system allowing commanders to perform tasks that aren’t in the traditional service personnel model. This includes allowing service members on the cyber missions force to embed with a private company or allowing defensive-oriented team members to venture off and gain more familiarity with concepts such as artificial intelligence.
Increased training and an increase in training resources is an obvious necessity for maintaining readiness. However, Cyber Command does not currently have a high-end training environment akin to what traditional warfighters use to prepare for combat.
In many cases, the first time cyber warriors will engage with an adversary is in the real world and not in simulations in a training environment.
“It’s like a fighter pilot going up and the first time he’s flown actual combat is against a real adversary,” Jim Keffer, director of cyber at Lockheed Martin, said. “That’s not a good way to fight wars. That’s not a good way to train your troops. That’s not a good way to decrease the risk to your forces.”
The Army is currently serving as the executive agent for Cyber Command in developing what is called the persistent training environment, or PCTE.
PCTE will serve as a dedicated training platform for cyber teams of all flavors allowing for individual and collective training as well as mission rehearsal.
Senior leaders have called PCTE critical as Cyber Command only holds a few capstone training events a year, which they contend, are not enough.
“This training environment is absolutely necessary from a military standpoint,” Keffer, who previously served as chief of staff at Cyber Command, told Fifth Domain. “With this persistent training environment, Cyber Command cyber teams will be able to better assess their level of training, which goes into the complete readiness factor, complete readiness rating of that team. They can do it at the speed of heat because this will all be connected and tracked to the individual level.”
While Cyber Command has typically set the training standards for the services and their CMF contributions to meet, Sulmeyer said the challenge will come down to how the training schedules are executed.
“Are people falling behind? Are people who passed that training able to execute the missions they’ve been asked to execute? Does it need to be revamped,” he said. “Those are the kind of questions that I hope Cyber Command at their new status as a unified command is even more empowered to address.”
Evaluating the teams’ setup
Nakasone’s predecessor indicated a need to “retool” the cyber mission force as its construct was designed several years ago. However, promises were made to not made substantial changes until FOC as to not drastically interrupt the build process.
This was an assessment Charlet largely agreed with.
“I think for CYBERCOM and [the office of the secretary of defense] and the Joint Staff, it’s a great opportunity to take stock of the CMF to relook the assumptions of how it’s structured and make changes where they need to,” she said. “Hypothetically, do you need five teams of 40 network defenders or would it be better to have 40 teams of five. Or do you pool certain skillsets so multiple teams can tap into them and so forth.”
Other suggestions have surrounded around more intelligence personnel or even teams that do offense and defense as opposed to the current construct in which teams do one or the other.
The Department of Defense is revisiting how cyber forces are trained to execute operations.
Splitting NSA and Cyber Command
One of the largest issues surrounding Cyber Command has been the impending split of the “dual-hat” relationship with NSA.
Congress a few years ago, in an effort to prevent a preemptive split, put forward restrictions on DoD listing several elements both CYBERCOM and NSA had to meet prior to splitting.
“This was the only one that was really tied to specific timeline,” Charlet said. This was the only element based on an actual event as opposed to a subjective assessment as was the case with the other restrictions.
The Defense Department does not have a hard timeline for splitting Cyber Command from the National Security Agency, but work on the division is ongoing.
“Having accomplished this milestone, I’m curious to see how the department, what it means for the play out of the dual hat question,” she added.