U.S. Cyber Command plans to begin integration of the disparate factions of its warfighting platform this year.
The Joint Cyber Warfighting Architecture, or JCWA, was first envisioned in 2019 as a way of getting a better handle on the capabilities, platforms and programs the command is designing and setting priorities for the Department of Defense and its industry partners that are building them.
When Cybercom was first created, it relied heavily on intelligence personnel, infrastructure platforms and tradecraft to build its enterprise. But just like the Army needs tanks and the Air Force needs planes to conduct missions, cyber troops need their own military-specific cyber platforms separate from the National Security Agency, which collects foreign intelligence.
The JCWA encompasses several components that are built by each of the services on behalf of the joint cyber mission force. The services provide them to Cybercom to conduct cyber operations, as executive agents. Now, JCWA is thought of as a singular platform to conduct military cyber ops, made up of the sum of its parts.
JCWA consists of “disparate program shops, not really well synchronized together,” Khoi Nguyen, command acquisition executive and director of the cyber acquisition and technology directorate (J9) at Cybercom, said during remarks at the AFCEA Northern Virginia chapter’s annual Army IT Day conference Jan. 11. “What we’re doing this next year from a delivery perspective is I picked a chief engineer, we’re laying out a JCWA product roadmap that says hey, the next six months, these six components will play around, we’ll be a little bit better, interoperable in these specific areas.”
As initially laid out, it included four main programs and two additional categories:
- The Persistent Cyber Training Environment for conducting training and mission rehearsal, which is managed by the Army.
- Unified Platform, considered the centerpiece where data is ingested, analyzed and shared, which is managed by the Air Force.
- Joint Cyber Command and Control to command cyber forces and the larger cyber environment, which is managed by the Air Force.
- The Joint Common Access Platform (JCAP) for executing offensive operations beyond friendly firewalls, which is managed by the Army.
- Sensors, which pertain to the kits defensive cyber protection teams use to respond to intrusions, that are overseen by Cybercom’s acquisition arm.
- Tools, which consists of the Joint Development Environment — a space to rapidly develop and test cyber tools run by the Army — though the rest of the portfolio is overseen by Cybercom’s acquisition arm.
Nguyen said specifically, the goal over the next six months will be to get tools developed in the Joint Development Environment seamlessly transferred to JCAP, which today is done by burning the tools to a disk and uploading to JCAP.
“That’s very slow,” Nguyen said.
Congress granted Cybercom so-called enhanced budget authority that was supposed to begin in fiscal 2024, pending budget passage. This gives the command greater oversight over all the programs and personnel as it now inherits the nearly $3 billion budget dealing with almost everything cyber related.
In the short term, the services will still run the programs as executive agents and be reimbursed by Cybercom as the command establishes its own program executive office and acquisition workforce.
This evolution will help Cybercom gain better control and integration over the execution of these programs, experts have said.
Officials have been very open about the fact that the command still has a ways to go in terms of building its program executive office, acquisition prowess and workforce as a still relatively young organization.
The key challenge will be integrating these disparate systems all developed separately into a common framework that all the joint cyber mission forces can use for missions — something that has not truly been done yet.
“We did an in-depth review of the platform, compared to what the operational needs were … [and] we found some pretty significant deficiencies in the architecture,” Michael Clark, Nguyen’s predecessor, said last year. “We know that platform does not meet our mission needs.”
He referred to JCWA in its current state as a confederation of capabilities that aren’t integrated into a true warfighting platform. But now that Cybercom and its units are maturing, it needs an integrated platform that the joint cyber mission force can use, which the command has dubbed JCWA 2.0.
Clark described how, despite the name and vision, programs such as Unified Platform really aren’t unified.
“It’s a federation of Army, Navy, Air Force, DISA, NSA, soon to be Space [Force] probably, SOCOM and the command. And there’s no reciprocity between them in terms of interoperability,” he said. For example, “I can’t do a query, take Log4j, and be able to sit at [Joint Force Headquarters-DOD Information Network] and do a query and understand: Have any of the services’ sensors detected Log4j? I can’t do that today because of the way we have architected the big data clouds.”
Log4j is commonly used to log security information. Last year, a major vulnerability was discovered within it.
To address some of these issues, Nguyen said, officials want to consolidate their DevSecOps environments as each program has its own DevSecOps platform, or DSOP.
“From a DevOps perspective, they all have their own DevSecOp environment and they all have their own DSOP. I’m looking to consolidate DSOPs,” he said. “I’m looking to have UP as one DSOP for all the non-OCO capabilities and then JDE as the other DSOP for offensive capabilities, because their functionality is s a little bit different and I want the uniqueness of the Dev environment to really facilitate to the developers kind of thing.”
When it comes to a JCWA 2.0 mindset, Nguyen said officials want to get to a common Kubernetes platform so all the users and programs can add applications to it.
“Because I have the authority over all these programs, it’s going to be easier for us to move to this much more modern software development construct,” he said.