Successful and timely passage of the National Defense Authorization Act and the defense appropriations bill for fiscal 2024 will be the two most critical items in enabling U.S. Cyber Command to address readiness issues and move into its next era of growth and maturation, according to the nominee to be the next Cybercom chief.
“We view FY24 and the overall passing of both the NDAA and the appropriations bill as a critical moment that now aligns the responsibilities and authorities within U.S. Cyber Command analogous to those of U.S. Special Operations Command,” Lt. Gen. Timothy Haugh, currently Cybercom’s deputy commander, told members of the Senate Armed Services Committee Thursday during his confirmation hearing. “With the passing of the FY24 appropriations bill, U.S. Cyber Command will now have the responsibility for the cyber mission force budget, will have the responsibility for the acquisition of the capabilities for our cyber mission force and have the authority to set the training standards.”
Cybercom has, for the most part, been modeled after Socom, which possesses its own budget and enjoys certain service-like authorities such as procurement and the ability to direct training — all of which is unique for a combatant command.
Beginning in fiscal 2024, Congress has granted the command enhanced budget authority, meaning it has greater oversight over the dollars involved in the capabilities and platforms the services are building on its behalf. This is viewed as a critical step regarding Cybercom’s maturation and maturity as it continues to grow since its creation in 2010.
However, if Congress fails to pass these bills, it could jeopardize the combatant command’s ability to continue to mature and address certain challenges.
“The most important thing would be the passing the FY24 appropriation bill. With the FY24 NDAA and the appropriations bill, that will give us those authorities. Without that, we will operate in our previous model until the budget’s passed and then we’ll have to undo that work and redo it,” Haugh said.
This authority will also help organization address readiness issues associated with its cyber mission force — the 133 teams that each service provides the command to conduct cyber operations. From a readiness perspective, Haugh said that’s “the top issue for Cyber Command.”
“With those authorities it allows Cyber Command to set the investment in our training infrastructure, in our training courses and allows the services to focus on recruiting, initial skills training aligned to our standard, and then to leverage the retention capabilities that Congress has given to the services,” Haugh said. “Those are areas now that really change the dynamic of how we will approach cyber readiness, if confirmed.”
Each service has its own identity, culture and way of classifying and providing forces to Cybercom. Many observers argue that this has been to the detriment of the command given these personnel are soldiers or airmen or sailors first, with a secondary focus on cyber.
Senators have been concerned regarding the readiness of these teams and personnel, passing various measures in successive years to remedy them in recent annual policy bills.
“There are a number of pressing issues that will require your attention. First and foremost, it is widely understood that our Cyber Mission Forces are struggling with readiness shortfalls caused primarily by difficulties in training and retaining personnel in key positions requiring special skills,” said committee chairman Sen. Jack Reed, D-R.I. “In order to mature the cyber force and advance our nation’s capabilities to conduct cyber operations and supporting intelligence operations, the military services must provide qualified and trained personnel to your Command on time and at the beginning of their tours.”
The committee’s ranking member seconded such concerns.
“I’m concerned that our cyber readiness may suffer because of cyber mission forces serving brief tours at Cybercom,” Sen. Roger Wicker, R-Miss., said. “The services are providing personnel to Cybercom who lack necessary cyber skills, technical expertise and training. I would welcome your views on how to correct readiness shortfalls within the cyber mission force including how you would work services, training across the department and increase the resiliency of the cyber workforce.”
Haugh noted that in addition to the authorization and funding measures still pending, Congress has already provided the command the ability to build necessary training ranges, advanced training modules and resources to scale such training.
“As we look at that force, one of the things that we want to ensue as U.S. Cyber Command is that we’re setting that baseline standard, so that we can ensure across the department we get the baseline right and allow the services to do that baseline training,” Haugh said.