U.S. Cyber Command plans to spend as much as $75 million in fiscal 2019 to help provide the tools and capabilities the Department of Defense’s cyberwarriors need and to help separate those systems from the equipment the organization has long borrowed from the intelligence community.

That figure is 70 percent higher than what the organization spent in fiscal 2018, but after many years of building cyber teams, Cyber Command is now focusing on the readiness of its cyber forces and ensuring that those workers have the proper equipment.

Gen. Paul Nakasone, the head of U.S. Cyber Command, said in written testimony submitted to the Senate Armed Services Committee Feb. 14 that the command executed 32 contract actions totaling $43 million in fiscal 2018 and could reach as much as $75 million in this fiscal year.

Congress granted Cyber Command limited acquisition authority in 2016 following the model of Special Operations Command and capped acquisition funds at $75 million per year. That agreement sunsets in 2021, though officials have said they are working with Congress to secure a ceiling of $250 million and a sunset in 2025.

One critical aspect of that spending will come from Cyber Command’s development of its own tools and architectures separate from the National Security Agency. As part of a temporary arrangement to help get Cyber Command on its feet, the organization has long borrowed equipment from the NSA.

In addition, the Air Force, which acts as the executive agent on behalf of U.S. Cyber Command for joint cyber command and control platforms, expects to make several cyber-related contract announcements in fiscal 2019 that will provide additional tools for command-and-control and situational awareness.

Already, the Air Force has named Northrop Grumman as the system coordinator for Unified Platform. Unified Platform will be major weapon system in which cyberwarriors will plan and launch offensive and defensive cyber operations from.

But the Air Force is also expected to imminently award a contract for a program called cyber enterprise services (CES).

CES will “enhance multiple cyber platforms with a provision of services in the areas of command-and-control, planning, generation, execution, assessment, reporting and visualization,” an Air Force spokesperson told Fifth Domain.

Bill Leigher, director for DoD Cyber Warfare Programs at Raytheon, told Fifth Domain that he expects CES will be valued around $150 million with six awards valued at $25 million a piece.

The plan for Unified Platform

Even though the Air Force has awarded the system coordinator piece for Unified Platform, Deon Viergutz, vice president for spectrum convergence at Lockheed Martin, told Fifth Domain that the giant defense contractor will continue to focus on the weapon system as a whole.

“On the capability front, remember this is the platform for the cyber forces for doing defensive operations, offensive operations, battle damage assessment, mission planning. There are going to be all of those capabilities required as part of Unified Platform in support of U.S. Cyber Command,” he said. “I think there’s going to be many opportunities to bring those.”

The Air Force said that over the course of the Unified Platform program, the services expects to award "a mix of contracts to a broad array of vendors as part of its efforts to ensure superior development and deployment supporting our Cyber Mission Force. Standardization and interoperability are key pillars that will help propel Unified Platform capability and capacity.”

Cyber Command has recently established a Joint Cyber Warfighting Architecture (JCWA) to guide capability development priorities. According to Nakasone’s written testimony, this architecture consists of five elements:

  • Common firing platforms the four cyber operating locations of the service cyber components that will use a comprehensive suite of cyber tools; 
  • Common firing platforms the four cyber operating locations of the service cyber components that will use a comprehensive suite of cyber tools;
  • Unified Platform, which will integrate and analyze data from both offensive and defensive operations with intelligence and partners;
  • Joint command and control mechanisms for situational awareness and battle management at the strategic, operational and tactical levels; 
  • Sensors that support defense of the network and drive operational decision, and;
  • The Persistent Cyber Training Environment, which will provide individual and collective training as well as mission rehearsal. The Army is managing PCTE on behalf of Cyber Command and the joint force.  

Cyber Command’s deputy commander, Lt. Gen. Vincent Stewart, told Congress in September that none of the services will be developing capabilities by themselves, but, rather, the command is designating a specific service to build each element of the architecture.

“They’ll bring that into a common architecture where U.S. Cyber Command will set the standards, set the information exchange protocols and then each of the elements within are subordinate elements within Cyber Command will build those pieces and those components to a common standard,” he said. “We get the idea that we don’t want the services to build their own unique tools.”

Cyber Command has created joint standards for training and capabilities from the outset as leaders have asserted cyberspace is inherently joint. In fact, teams operate in a joint fashion and the presence of service-specific or developed tools creates unnecessary hurdles to joint cooperation.

Nakasone said acquisition priorities for the command include:

  • The geographically distributed set of redundant and reliable infrastructures;
  • A virtual arsenal of capabilities comprising both open-source and high-end tools;
  • Implementation of cloud and engineering services in support of a big data platform;
  • Foundational architecture portions of the command’s continuous monitoring capabilities, and;
  • A competitive cyber tool contract. 

Nakasone noted in his written testimony, as well as in a recent interview in Joint Force Quarterly, that cyber tools are much more unique than traditional munitions, requiring a much more agile force to develop and deploy them.

“Weapons like [Joint Direct Attack Munitions] are an important armament for air operations. How long are those JDAMs good for? Perhaps 5, 10 or 15 years, sometimes longer given the adversary,” he told Joint Force Quarterly. “When we buy a capability or tool for cyberspace … we rarely get a prolonged use we can measure in years. Our capabilities rarely last six months, let alone six years. This is a big difference in two important domains of future conflict. Thus, we will need formations that have ready access to developers. Also, developers who understand how to complement the work of our operators in a rapid, agile manner.”