Leaders at U.S. Cyber Command have been working to ensure its staff has the tools and infrastructure necessary to conduct operations separately from the National Security Agency.

While specificity surrounding desired and needed tools aren’t always available, contractors told Fifth Domain Cyber Command is pursuing tools to access targets and capabilities that enhance data integration. They also want a broader vision for how to ensure large programs of record mature and do not become obsolete.

“Many [proposals] have been a combination of ‘what do you have today?’ because the fight is happening today. So, what do you have today off the shelf that we can acquire to use as part of our mission,” Thomas Warner, vice president of cyber solutions at Lockheed Martin, told Fifth Domain. Or, they ask "how long would it take for you to develop [something]?”

More specifically, given the unique nature of cyber operations within DoD and the fact that each service feeds up into Cyber Command leading to joint teams that span services, there is a need for standardized tools to be used across the force.

Congress has become increasingly interested in ensuring the organization has what it needs. In the last several annual defense policy bills, members asked for reports on how the Pentagon can better acquire and maintain software-based cyber tools. They’ve also asked for studies on future capabilities.

Cyber Command created the Joint Cyber Warfighting Architecture within the last year to help guide capability development, shape its programs and prevent the services from building their own one-off tools that don’t play well with others.

The architecture not only allows Cyber Command to have better oversight of its arsenal, but is also beneficial for contractors to see what the Defense Department wants.

The architecture’s five elements include:

  • Common firing platforms that serve as a comprehensive suite of cyber tools,
  • Unified Platform, a major program to integrate and analyze data from offensive and defensive operations with intelligence and partners,
  • Capabilities for joint situational awareness and command and control,
  • Sensors to support the defense of the network, and,
  • The Persistent Cyber Training Environment, for training.

Warner noted that the architecture outlines capabilities and investments Cyber Command wants is year by year.

“We wouldn’t want DoD or industry to build divergent solutions or to build proprietary stovepipes. So JCWA will allow us to build a common framework,” Don Bray, director for cyber training at Raytheon Intelligence, Information and Services on Cyber Capabilities, told Fifth Domain.

Warner added that the architecture helps companies logically group capabilities, which in turn helps ensure industry is investing in the right tools to support Cyber Command.

Moreover, with such a variety of tools available, the services want weapon systems that work together.

“What I’m seeing from the mission force is there’s a need for those [strategic and operational level tools planned in development] to be integrated together,” Meghan Good, cyber solutions lead at Leidos, told Fifth Domain. “It’s how they integrate commercial tools, how they use them in a way that works for the defending forward that they’re doing, how they can use tools for multiple purposes spreading across all of cyberspace operations” from defensive to offensive operations. Slowly, it is becoming more apparent how capabilities, systems and programs of record are fitting into this larger architecture, she said.

While each service has developed its own capabilities, she said the next iteration must ensure other services can leverage similar capabilities.

“You’re starting to see the need and desire coming out in these systems around the JCWA,” she said.

Doug Booth, director of strategy and business development at Lockheed Martin’s spectrum convergence segment, said in the past, the command was focused on more tactical level targets and operations. But he said newer requirements from Cyber Command show leaders there are looking for strategic level deterrence tools as well as tools that can integrate with traditional military forces. Other industry officials have previously explained in the past few years that the command’s capabilities directorate has looked at the cyber equivalent of parking an aircraft carrier off another country’s coast as a form of power projection.

Data fusion and integration

With a glut of information from sensors and networks around the world, commanders will need a cohesive way to analyze this data and process it for more informed decision making.

“It really comes down to data,” George Franz, cybersecurity lead for Accenture Federal Services' national security business, told Fifth Domain. “You consider what the force is going to have to do now and in the future, the first thing they have to do is have access to all of the data and information they’re going to need to understand the environment to shape the environment, plan in the environment and that’s a significant problem.”

To bring all this data in, enter Unified Platform. Unified Platform is one of Cyber Command’s first major weapons systems and will allow cyber forces to share information, conduct mission planning and provide the command and control tools they need to conduct cyber missions.

“Unified Platform is really that big data infrastructure in the center piece for everything they do,” Franz said.

Unified Platform will consolidate and standardize the variety of big data tools used by Cyber Command and its subordinate organizations to include the Defense Information Systems Agency. This will allow forces to share information more easily and build common tools to be used across the service cyber components leading to greater interoperability, Franz said.

The Air Force, which serves as the executive agent for joint cyber command and control platforms, has named Northrop Grumman as the system coordinator for Unified Platform. Additionally, the service named five companies to a subordinate contract beneath Unified Platform called, cyber enterprise services (CES), which will enhance multiple cyber platforms with a services in command and control, planning, generation, execution, assessment, reporting and visualization.

While DoD is still evolving what the platform will look like in many respects, the vision is becoming clearer.

“I think [Unified Platform is] becoming closer to reality now that there’s some idea of how it’s going to be developed. I think there’s a lot more emerging things of how the data is interoperable between different systems and how you can use tools in one place to another,” Good said. “The conversation is evolving into how we really make it work versus just saying in the conceptual.”

Warner, explained that DoD has given itself a lot of flexibility on Unified Platform, leaving room for new requirements as the fight evolves.

“While they do have a lot of high-level requirements, they’re taking an approach of here’s the capability we need. Industry tell us what you have in this area … and then award the best-of-breed for that,” he said.

Cyber Command’s long-term vision is for Unified Platform to serve as the baseline capability and flow into what the military calls Joint Cyber Command and Control (JCC2), which will provide joint commanders enhanced situational awareness and battle management for cyber forces and missions.

Unlike Unified Platform, little information is publicly available about JCC2. The Air Force is planning to spend $11.6 million in research and development funds for JCC2 in FY20.

The Air Force awarded Enlighten IT Consulting a contract in mid-March under the JCC2 program under something called the “Threat Awareness and Sharing Concept (TASC)” effort, according to an Air Force spokesman.

The TASC is “a year-long prototype activity focused on expanding cyber threat data sharing automation and visualization. This prototype award is but one of several parallel R&D efforts focused on further informing global Combatant Commanders on the heartbeat of cyber operations,” the spokesman said.

Others have noted that while Unified Platform will integrate various cyber platforms or operations, JCC2 will integrate joint, coalition as well as inter-agency command and control.

Good noted that Unified Platform serves as the baseline and it is becoming clearer how these systems are being integrated together.

“Cyber Command, but really DoD at large, is trying to adapt to this changing environment and getting the right platforms ... even though you’re adding new capabilities that are evolving with different threats and mission needs,” she said. “I really am starting to see that progression toward this larger architecture and platform that they’re building to.”

Franz also explained a command-and-control tool at the combatant command level can provide commanders valuable information on the health and readiness of their teams and tools.

Electronic warfare-powered cyber?

One trend Cyber Command officials have considered is the need for radio-frequency-enabled cyber tools to help exploit certain targets.

“It’s one of those where you have to know that not everything is IP based, not everything is on net so what are the other kinds of ways to get into the targets and then to figure out how to manipulate data, how to, again, defend forward and achieve mission outcomes that we want,” Good said.

RF and electronic warfare tools have not just been associated with soldiers on the ground carrying jammers and sensing systems, not necessarily remote operators conducting cyberattacks like Cyber Command.

Bray said the cyber mission force conducts operations at all levels of war — tactical, operational and strategic — adding that at the tactical level, they would need to manipulate electronic warfare or RF-type systems.

“Absolutely, [the] cyber mission force would need EW capabilities as well as RF capabilities when they [are] operating in the tactical space and maybe even the operational space,” he said. “You can combine the tactical capabilities with operational and strategic capabilities. I can see why they would need that.”

However, the so-called multidomain nature of warfare necessitates accessing these types of targets in new ways.

“It’s just a logical maturity, the expansion of the capacity of the CMF that if they’re trained to do it, it’s within their capacity, they’ve got the tools synchronized with ground mission commanders,” Franz said. “I think there’s a lot of discussion around bringing those [EW and cyber] authorities together in an efficient way and it’s logical that the CMF would be part of that future delivery of a future combined effect, particularly if the force and the technology let them do it better.”

Bray said if forces are trying to conduct a long range mission such as a bombing run, they might need some type of close action capability to ensure that the mission or the aircraft can make it there safely and back without being detected.