Key lawmakers, through the annual defense policy bill, want to require the Pentagon to create a dedicated cyber intelligence center.
A provision in the Senate Armed Services Committee’s version of the fiscal 2024 National Defense Authorization Act, would direct the secretary of defense to establish a new organization that will support the requirements of U.S. Cyber Command along with other combatant commands, military departments and agencies.
The bill passed the committee in late June, but the text of the bill was only released publicly last week.
Per the legislation, the Pentagon chief could establish an all-source analysis center within the Defense Intelligence Agency — which is responsible for providing intel on foreign militaries and owning all the intelligence directorates, or J2s, at the combatant commands — to provide foundational intelligence for the dedicated cyber intelligence capability.
Congress has previously inquired about the creation of such a center. And U.S. Cyber Command has already begun building one that’s akin to the National Air and Space Intelligence Center and the National Ground Intelligence Center.
Now, if the provision in the Senate panel’s version of the NDAA is passed into law, a new organization of that nature will be mandated.
For years, dating back to when Cybercom was created, there have been talks about building the capability and capacity for developing organic cyber intelligence within the U.S. military. Relatedly, as cyber has grown in importance, there have been increasing discussions at the Defense Intelligence Agency regarding what constitutes foundational cyber intelligence.
Congress has grown concerned recently because, of more than two dozen agencies that focus on intelligence, there isn’t a direct line out of Cybercom’s intelligence shop that focuses on nation-state threats from a military angle, according to a defense official who spoke to DefenseScoop on the condition of anonymity.
“It became evident during the Russia invasion into Ukraine that the traditional intel rolls within the DIA could not handle the volume of work needed to support this combatant command. DIA could fill the role but they require restructuring their HR system to provide experts in the technical arena. Some they have — but they’re not near enough,” the official said, adding that the creation of the new center will require a greater depth of cyber knowledge.
With the substantial increase of ransomware and misinformation/disinformation campaigns, such a capability is necessary, but even more so from the DOD’s need to operate both offensively and defensively, they added.
Additionally, despite the close linkage Cybercom shares with the National Security Agency — in which the two organizations share a boss and are co-located — NSA has a fundamentally different mission focused on foreign intelligence targets. Having a dedicated military cyber intelligence capability under Title 10 — the part of U.S. law that governs the armed forces — is considered increasingly important.