FORT MEADE, Md. — U.S. Cyber Command is in the midst of a holistic top-to-bottom review to reshape its organization and forces and ensure it’s best postured to deal with threats in a highly dynamic environment.
Officials are dubbing the review Cybercom 2.0.
“As we’re trying to look at the future of U.S. Cyber Command, I want to have a bold move forward,” Gen. Paul Nakasone, commander of Cybercom and director of the NSA, told reporters during a media roundtable at Fort Meade. Nakasone is set to retire Friday following a change-of-command ceremony where he will pass the torch to Lt. Gen. Timothy Haugh, who will pin on his fourth star.
The command, now just north of 10 years old, was built on many principles of its time a decade ago. The domain it operates in is so dynamic that many of these tenets are now outdated.
For example, the cyber mission force — the teams each service provides to Cybercom to conduct offensive and defensive operations — was designed around 2012, built from 2013 to 2016, and reached full operational capability in 2018.
At the time, according to declassified task orders that were unearthed via the Freedom of Information Act by the National Security Archive at George Washington University, the priority was to get the teams formed, built quickly and rely as much as possible on NSA support.
“Given the increasing threats to our nation’s critical infrastructure and DoD networks, it is imperative that we establish, train, and employ equipped cyber mission forces as expeditiously as possible. We must get these forces in position now—these teams will be prepared to defend the nation, provide support to combatant commanders, and to provide active defense of key terrain on critical networks,” a task order from March 2013 read. “We will establish immediate operational capability during FY13 by effectively task organizing our available personnel into [REDACTED] effective, combat-ready teams, positioned in the best locations for mission success, and with a command and control structure in place to direct successful operations.”
The order goes on to state that while the initial focus was on establishing combat-ready teams quickly and efficiently, they would keep the end-state force posture in mind.
Those teams and their structures have not been holistically relooked or reexamined since then, with new teams being added to the initial 133 for the first time in the president’s fiscal 2022 budget request. For example, Nakasone said those teams were built with a different understanding of the world in 2012, with a counterterror focus and when Iranian financial system cyber disruptions were one of the main threats of the day — long before the shift back to great power competition with nations such as China.
Many of the manning numbers of personnel and teams were arbitrary given the quantity of forces the services had available at the time and to justify the need to Department of Defense leadership, according to former officials.
There were calls and expectations in the past to relook the team structure and reexamine how the force trains and acquires capabilities — particularly after the cyber mission force reached full operational capability in 2018 — however, the remedy for many years had been to task organize for particular missions or break teams into smaller elements.
During the build, for instance, Cybercom leadership locked in the structure and didn’t want to tweak the teams so as not to appear as if they were moving the bar on the services until they reached full operational capability.
There wasn’t another model to emulate when building these teams, and so experts have said it’s no surprise they didn’t get everything right.
Additionally, Cybercom relied very heavily on NSA personnel and equipment as it grew. As a military organization, it needs its own military-specific systems separate from intelligence systems. As a result, it wants the ability to acquire and manage those capabilities much like the rest of the military develops platforms to conduct operations.
The command, in partnership with other elements of the DOD, is working hard at a holistic reexamination to better posture the command and its forces.
“I think all options are on the table except status quo,” Nakasone said during an INSA event in December. “We built our force in 2012 and 2013. We’ve had tremendous experience, but scope, scale, sophistication and the threat has changed, the private sector has changed, our partners have changed. I think that we’ve got to be able to take a look at how we’re going to change as well.”
A cross-functional team consisting of a group of experts has been convened to discuss how the command can think about how its authorities, training, personnel and acquisitions can be done differently.
In fact, a problem statement regarding what they’re seeking to examine was approved this weekend, though Nakasone declined to provide details.
“We’ve got to think boldly about such things as how we do training and how we might do personnel processes that are different,” Nakasone said.
Sources indicated it’s been over 10 years since the command was created and they want to update the vision, force structure and doctrine. There are also now personnel at the top levels of leadership that have been around the command for years — such as Haugh and incoming deputy commander Lt. Gen. William “Joe” Hartman — with a lot of knowledge of the domain, making this a good opportunity for a revamp.
Now is the right time to begin looking at what the next iteration of Cybercom is for several reasons, Nakasone said.
In the fiscal 2023 National Defense Authorization Act, Congress directed several studies and examinations of the department, which include a force generation study due in June examining the responsibilities of the services for organizing, training and presenting the total force to Cybercom, among seven other elements. Additionally, there are 14 new teams that are slated to be built over the course of the next five years. Moreover, since 2018, when the department gained new authorities to conduct cyber operations, a lot of lessons have been learned from those operations as well as election defense, ransomware, the Russia-Ukraine conflict and other issues.
“We haven’t done this, I think, really since we started up the force. And I think this is the right time,” Nakasone said of the confluence of these circumstances leading to 2024 being the best opportunity to reexamine the command.
Other officials have noted that the variety of studies Congress has asked for provides a good opportunity to package these key questions together and provide the secretary of defense with several options for the future evolution of the command.
“The Congress has laid on really multiple studies over the past few years to look at what things should the department do or could be doing to improve our ability to generate cyber forces, train cyber forces, retain cyber forces for maximum effect,” John Plumb, assistant secretary of defense for space policy, who also serves as the principal cyber advisor to the secretary of defense, told reporters in January. “We have been slowly working through various options. And the question is like, how much would need to change? What should you look at? … What are we after for readiness? How can we make readiness better?”
He noted as they look at all the things that are coming, the team knows they have to present the secretary a set of options related to this large, significant study and find the best recommendations to present a more comprehensive set of options as opposed to doing them one at a time.
“That leads us to a whole heck of a lot of operations, so from 2018, forward to now, the number of operations is sky high, which means there’s a lot of data, in terms of what’s going on,” he said.
Prior to that point there were only a handful of operations that had taken place because there was a bias for inaction, meaning there wasn’t a lot of data regarding how effective the team structure and personnel were.
This led to the paradigm shift toward persistent engagement, which encompasses challenging adversary activities daily and wherever they operate. Nakasone noted that is something the command got right and must continue to operate.
“You have to have persistent engagement. If you’re on the sidelines watching this, you’re going to get hit. That’s why I think it’s so important for our forces worldwide to be able to be engaged, and being able to act and understand what our adversaries are doing,” Nakasone said. “Being able to continue to operate day in and day out, this is how you get really good. You operate in the domain. This is what Special Operations Command has taught us, right? Continued operations build proficiency and professionalism. We’re going to need that. I think a lot about that piece, in terms of where Cyber Command is going.”
Similarly, the command has fashioned itself off the Socom model even though it was initially under U.S. Strategic Command, which is in charge of the military’s nuclear weapons.
Another turning point in Cybercom’s history happened in 2020 when Nakasone asked for more service-like authorities from the secretary of defense similar to Socom. He also asked for more teams and a reposturing of teams from counterterrorism to be more aligned against China and Russia.
Many of these changes will also affect the services and how they present their forces to the command.
“I’m a pretty demanding customer with the services. I just want their best and I want it all the time. They have been very, very supportive, in terms of what’s gone on, but I will tell you that we operate in a domain that requires a longer dwell time for our soldiers, sailors, airmen and Marines, than the constant movement,” Nakasone said. “I think that this has been a concern that I’ve expressed that I think is one of the things that we’re going to have to deal with in the future.”
Nakasone recognized that the services have to provide a number of different forces to combatant commands, with Cybercom being one of them. They have to balance their readiness needs as well. However, he was aware that it’s his job as the commander of Cybercom to talk about why this domain is unique and why there is a need to consider recruiting, retention, or assignment policies differently than in the past.
This has also led to calls for an independent cyber service — akin to the Army, Navy, Marine Corps, Air Force and Space Force — which have intensified over the last year.
Proponents of an independent cyber service argue that cyber operators have no distinct identity — as they are still members of their respective services — there are readiness issues associated with each service resourcing their cyber contributions differently, lexicon and pay scales are different, and the command-and-control structures are confusing. Moreover, they allege only an independent cyber force or service can solve key problems.
Congress had initially proposed an independent study on the matter, but it was cut out of the annual policy bill for fiscal 2024. Proponents have vowed to get it into the fiscal 2025 bill.
Nakasone has, at least publicly, remained neutral to this notion, offering that it’s a policy determination for the secretary of defense.
What could be done for the future force?
According to experts and sources, there could be more formal restructuring of teams — rather than task organizing for each mission — to break them into smaller elements.
The Cyber National Mission Force — a sub-unified command under Cybercom made up of 39 joint teams and thought to have the DOD’s most talented cyber operators that defend the nation from significant cyber threats, which Nakasone, Haugh and Hartman have all commanded — has significantly more flexibility than the combat mission teams that conduct offensive operations on behalf of combatant commands, and cyber protection teams that conduct defensive cyber ops. This is due to the fact it’s a smaller force and organized around six task forces. This allows them to be able to more accurately task organize based upon skill sets and readiness of personnel needed for certain missions.
That could be a possible model going forward. Having greater oversight of readiness of forces and skills through new tools the command is developing will help commanders be able to have better fidelity of what they’ll need at any given time to pluck personnel with skill sets required for operations.
Initially, cyber protection teams were made up of 39-person teams with five squads. That has evolved to smaller elements after what forces learned through operations and not having to deploy 39 people to address every problem. In the future, they could be split up even more to make additional teams.
Experts noted that everything is on the table and the planners involved are not going in with any pre-determined solutions to figure out what the best way forward will be.
“As Gen. Haugh takes over that he’ll take this forward to a briefing with policymakers then, ultimately, the SECDEF and say, ‘Hey, this is how we think the Cyber Command of the future needs to be able rebuild today,’” Nakasone told reporters.