Following new authorities, Cybercom says it’s making progress on correcting readiness

Following the minting of new authorities, U.S. Cyber Command says it is making progress on improving the readiness of the cyber forces that the military services provide to it.

As initially designed, each service provides a set number of offensive, defensive and support teams — known as the cyber mission force — to Cybercom, which employs them in operations. However, despite the cyber mission force’s joint design from the start, those branches have their own unique service cultures and ways of organizing their forces. These dissimilarities led to readiness issues of the teams, drawing concern from Congress, due to the frequent rotating nature of forces that cycle through joint cyber roles and then return to their individual services, which can come at an expense to taxpayers due to the costs and long duration of training it takes for some roles, according to the Government Accountability Office.

Congress in fiscal 2024 provided Cybercom with service-like authorities called enhanced budget control that now afford the command oversight of the offensive and defensive budgets for the cyber mission force, acquisition authority, capability integration authority and training, among others.

Fully realized in March, the command says it’s making progress on addressing readiness concerns and force generation of the service contributions to the cyber mission force.

“We’ve now been able to make readiness advancements that have really been driven by our partnership with services. But it’s based off of the fact that we now have a set of authorities and we’re collaborating as a service-like organization. That has been really powerful and we’re really pleased with the progress that we’re making,” Gen. Timothy Haugh, commander of Cybercom, said at a dinner Tuesday hosted by the Intelligence and National Security Alliance.

“I’m required to send a report back to Congress. It’s a report on services’ ability to meet the readiness requirements of U.S. Cyber Command. This is an area that’s evolved over time. But what we’ve really seen since we’ve done this report is a collaboration with the services,” he added.

The prior commander of Cybercom had openly suggested the need for congressional assistance in aiding the command to address readiness concerns.

One of the most concrete examples of changes these new authorities provide is related to training. Haugh noted that fiscal 2024 was the first full budget Cybercom was able to produce. As part of that development, they now have the authority and funds to direct training.

“We were able to put a significant amount of money into advanced training whereas before that would have been a request to a service, ‘Could each of you grow the training budget that would make our force better?’” he said. “Now, that’s a responsibility to do at Cyber Command and we could commit our resources to focus on growing the mastery of our force. Already seen benefits from that.”

Haugh advocated for the passage of these authorities during his confirmation hearing last July, noting they will be critical in addressing readiness.

“With those authorities it allows Cyber Command to set the investment in our training infrastructure, in our training courses and allows the services to focus on recruiting, initial skills training aligned to our standard, and then to leverage the retention capabilities that Congress has given to the services,” Haugh told senators at the time. “Those are areas now that really change the dynamic of how we will approach cyber readiness, if confirmed.”

Other examples of changes Haugh offered were mostly driven through the services. Those include:

• An Army program that provides advanced cyber pay based on qualifications.
• The Air Force reestablishing warrant officers for the first time in over 50 years, with the first warrants being in cyber and IT fields. Haugh noted “that’s an example of a service that has now invested in ways that are going to help our workforce.”
• The Navy crating a cyber “rating,” or work role in summer 2023 dedicated to cyber for the first time, something the service was forced into doing by Congress due to significant readiness challenges associated with its cyber mission force contributions.

Haugh said that while he is pleased with progress, he’d like to see each service implement the ideas of the other services.

During their confirmation hearings, which all took place just months apart last year, each current service chief was asked about and addressed concerns from Congress regarding cyber mission force readiness, pledging to take steps to remedy concerns.

Cyber Force v. Cybercom 2.0

Pertinent to the discussion of addressing readiness and the realization of new authorities for Cybercom is the looming prospect of a new military service dedicated solely to cyber, on par with the Army, Navy, Air Force, Marine Corps and Space Force.

Proponents believe a separate service is the only way to address manpower issues along with a host of other perceived problems with the current structure of cyber forces and operations.

When asked about a proposed Cyber Force Tuesday, Haugh said his responsibility was building the best version of Cybercom that he can.

He has inherited an initiative that began under his predecessor dubbed Cybercom 2.0, an effort aimed at examining what the future of the command and cyber force looks like.

“As we look at Cyber Command 2.0, it’s really to take us to the next step. We’ve existed as a combatant command for six years. We really built this force 10 years ago. We’re really built off of the challenges that we faced between 2014 and 2018,” Haugh said. “What does Cyber Command need to look like in 10 years going forward and how to structure that force and how to regenerate that force?”

The effort is essentially a project to combine five or six reports requested by Congress to examine various aspects and structures of the command to include how it builds its warfighting architecture and how its various headquarters are structured.

But the biggest aspect is a force generation study, known as the Section 1533 study from the fiscal 2023 annual defense policy bill.

“What the law asked us to look at was our current model, which is how we were structured in FY ’23, so before we received all of our enhanced budget control,” Haugh said. “That was one bumper of the study, is the far left is what we’re currently doing, the far right was to evaluate whether or not we should have a cyber service, and the middle was some hybrid in between to allow the department to be more effective.”

He noted that part of that study has been completed and officials must now update the secretary of defense.

This so-called force structure assessment was due to the secretary of defense June 1. A DOD spokesperson previously said the department tapped the RAND Corp. to study the issue.

“This is our opportunity to go in with [the assistant secretary of defense for cyber policy] and have a conversation with the DepSecDef and the SecDef about what that vision looks like. It’s all going to come back to how do we ensure that we got the force we need? How to regenerate that force within the department? How do we equip that force and really do it at speed and scale? Then how do we leverage technology?” Haugh said. “We have all the pieces, it’s now an opportunity for us to be able to go to the department and say, ‘This is what we think we need to do,’ and then really be able to get guidance from the secretary.”