Cybercom nominee plans to work with services on ‘expeditionary’ cyber forces

President Joe Biden’s pick to lead U.S. Cyber Command said if he is confirmed, he will begin to work closely with the services as they’re building out so-called tactical or expeditionary cyber forces, separate from those at the command.

“Expeditionary cyber forces have already demonstrated potential to extend the reach of cyber enabling activities and close the gaps that limit cyber forces’ ability to access important tactical targets in forward locations,” Lt. Gen. Timothy Haugh wrote to senators in a questionnaire as part of his nomination process.

For the first time, the Department of Defense recognized and defined cyber operations conducted in physical or tactical spaces, called expeditionary cyber operations, in formal doctrine as an update to its cyberspace doctrine in December 2022.

That recognition was significant given authorities to conduct cyber operations were held at the highest levels of government for many years due to fears that operations could have unintended consequences or spread into networks beyond the intended target.

Cybercom owns the offensive cyber capabilities within DOD, and the services conduct offensive cyber ops through Cybercom and the cyber mission forces that each service provides to the command from remote locations, mostly focused on IP-based networks.

However, increasingly, there are targets that either aren’t reachable through IP networks or remote access might not be possible. And as DOD has matured its cyber policies, doctrine and capabilities, the reins have begun to loosen up.

Certain factions have sought to use more proximal effects conducted through radio-frequency, which require fewer levels of approval to conduct operations at the very tactical level.  

Several of the services have begun investing in capabilities and forces for their own offensive cyber. However, that is mostly in the blended electronic warfare or radio frequency-enabled sphere at the tactical level.

While individual services have begun developing and even deploying such forces, all cyber ops must still be connected through Cybercom.

“If confirmed, I will work with the Services to ensure any tactical forces will meet USCYBERCOM training standards, follow Department deconfliction policies, and when leveraging USCYBERCOM authorities, ensure interoperability with Joint Cyber Warfighting Architecture,” Haugh wrote.

The Joint Cyber Warfighting Architecture was designed in 2019 to get a better handle on the capabilities, platforms and programs Cybercom was designing and set priorities for the Department of Defense as well as industry partners that would be building them. They include systems for collecting data, conducting offensive cyber operations, and commanding and controlling cyber forces, among others.

With the advent of these more proximal or tactical forces being built, it is understood that they could provide access to networks for higher-end cyber operators in Cybercom through their close proximity to harder targets as opposed to accessing them fully remotely.

Haugh noted that if confirmed, he’ll work with the services as well as the geographic combatant commands as the department continues to satisfy a provision in last year’s annual defense policy bill to develop integrated non-kinetic forces and capabilities.

That provision directed the Pentagon to develop a strategy for converged cyber and electronic warfare conducted by deployed military and intelligence assets, specifically for service-retained assets, which refers to non-Cybercom elements.

The issues Haugh plans to examine include training, standards, interoperability, and authorities to implement the requirements under the provision.

Haugh wrote to senators that the military must continue to seek new capabilities to exploit adversary systems.

“In my opinion, developing new and novel capabilities and approaches to deliver non-kinetic effects will benefit the Combatant Commands and the Services,” he wrote. “The unique value of the cyber domain is that it crosses, supports, and enhances every warfighting domain by ensuring the secure operation of the Department’s decision-making systems, disrupting malicious cyber actors’ capabilities and ecosystems before they can threaten our networks and platforms, and, when called upon, deliver non-kinetic effects to enable Joint Force Commanders to achieve early initiative during contingencies.”

From a defensive standpoint, he recognized these same threats to U.S. systems, vowing to improve defenses.

“The nature of modern network-centric warfighting is such that nearly every piece of electronic equipment represents a potential cyber-attack surface, to include tactical military systems,” he said. “USCYBERCOM capabilities are always evolving to take advantage of cutting-edge technology, research, and development. Just as we continually improve our own defenses against novel cyber threats, so do our adversaries; if confirmed, it is my intent for the Command to seek new and innovative means, methods, and doctrine to achieve our mission and provide a comprehensive suite of non-kinetic effects when called upon to do so.”

It is unclear when Haugh will be confirmed due to the blanket hold on senior military nominations placed by Sen. Tommy Tuberville, R-Ala., to protest DOD’s abortion policy.