A bill passed by the House Armed Services Committee would task the Department of Defense to assess the resiliency of its cyber operators.
During the committee’s markup of the fiscal 2024 National Defense Authorization Act, an amendment offered by Rep. Mike Gallagher, R-Wisc. — who chairs the HASC subcommittee on cyber, innovative technologies and information systems — would require the DOD’s principal cyber advisor, the undersecretary of defense for personnel and readiness along with the principal cyber advisors of the services and the commander of U.S. Cyber Command to conduct a study on the personnel and resources required to enhance and support the occupational resiliency of the cyber mission force (CMF).
The CMF conducts cyber operations on behalf of U.S. Cyber Command. Each of the services are responsible for providing a set amount of teams to Cybercom to perform offensive and defensive ops. At the outset, there were 133 teams but the DOD has authorized growth to 147 in the next five years.
There are three primary buckets the teams fall into: offensive teams that conduct cyber ops on behalf of combatant commands, defensive teams that defend and hunt on DOD networks for adversary activity, and support teams that provide intelligence, mission planning and other necessary assistance for combat mission teams.
Additionally, the Cyber National Mission Force — the command’s elite cyber warriors tasked with defending the nation from cyber threats — has teams that perform offensive functions under the guise of active defense, or acting outside of DOD networks to thwart a potential threat.
The provision in the House NDAA markup defines ‘‘occupational resiliency’’ as the ability of CMF personnel to mitigate unique psychological factors that contribute to the degradation of mental health and job performance under such assignment.
These personnel often work long hours and are always conducting operations. Officials frequently remind the public that cyber operators are in constant contact with adversaries in cyberspace — either defending DOD networks from daily enemy probes or carrying out offensive ops.
With the exception of so-called hunt-forward operations — which involves physically sending defensively oriented cyber teams to foreign countries to search for threats on their networks at the invitation of host nations — cyber warriors aren’t forward-deployed in the traditional sense, but report to their jobs and return to their homes following operations.
The study mandated by the House panel must include an inventory of the resources and programs available to personnel assigned to the CMF and their locations; an assessment of the risk to the occupational resiliency of personnel relative to their work role within the CMF and the number of such personnel available to perform operations in each type of team; an evaluation of the extent to which personnel assigned to the CMF have been made aware of resources and programs and the measures required to improve such awareness; and a determination by the commander of Cybercom regarding the adequacy and accessibility of such resources and programs for CMF personnel.
The House Armed Services Committee passed its version of the defense policy bill just after midnight on Thursday. The legislation must still be passed by the full House, reconciled with the Senate’s version of the NDAA and be signed by the president before becoming law.