DOD leadership asks for Cybercom 2.0 relook
The plan to mature U.S. Cyber Command is getting a relook with top Department of Defense leadership calling for a more in-depth review.
Cybercom 2.0, as the effort is known, is an ambitious plan first unveiled by former commander Gen. Paul Nakasone and other top DOD officials, spurred largely by a report requested by Congress in the fiscal 2023 annual defense policy bill to evaluate how Cybercom generates its forces.
In addition to responding to reports required by lawmakers, the initiative was meant to provide a holistic examination of the command and its forces to better posture them for the future, serving as the first major update since Cybercom was formed over 10 years ago when many sophisticated threats and challenges in cyberspace did not exist.
Former Secretary of Defense Lloyd Austin approved a broad outline for Cybercom 2.0 in December 2024, which encompassed four buckets: a new force generation model for how each service provides digital warriors to Cybercom; a talent management model; an advanced training and education center to ensure troops are better prepared when they arrive at their units and have specialized training if needed; and a cyber innovation warfare center that could focus on rapid innovation and capability development.
Those items had to be fleshed out by an implementation plan team. Upon coming into office, Secretary of Defense Pete Hegseth ordered the team to expedite their implementation plan in 45 days. The updated plan was delivered March 21. It had been held up within the Office of the Secretary of Defense because there was some pushback and it wasn’t being well-received.
Now, leadership is asking officials to reevaluate some components.
“We think that 2.0 was a great effort to improve our workforce, management and retention. We have taken another relook and decided that we think it needs even more work. We consider cyberspace as important as you do. We really appreciate your continued emphasis on that matter, so we have decided to do a deeper look and make it a better product,” Laurie Buckhout, the official performing the duties of assistant secretary of defense for cyber policy, told the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems during a hearing Friday.
Later in the hearing, when asked, Buckhout noted that DOD is essentially moving on from the original Cybercom 2.0 and will revamp it.
“DoD remains committed to being responsive to Congressional direction. Much analysis of various force generation challenges and models went into creating a draft implementation plan that was delivered to DoD leadership in March. The Department is currently evaluating whether that plan goes far enough to address this administration’s priorities, and we will adjust accordingly,” according to a department official.
Someone familiar with the situation also noted that the Trump administration wants a clear plan that can outmatch China, and what was submitted previously didn’t meet that standard in their eyes.
Such a relook isn’t completely surprising given the new administration and how late the plan was submitted to the last administration.
“It doesn’t surprise me if indeed, they’ve asked the command to take another look, because you have people in leadership roles inside the department at the White House, and others who may have some different views on specific aspects of what we’re looking to do or want to go further with certain aspects. I don’t think it’s uncommon if you have something that’s at the phase that this was where it really fell into the gap between two administrations,” Charlie Moore, former deputy commander of Cybercom and distinguished visiting professor at Vanderbilt University, told DefenseScoop.
When Cybercom was first established, there were a lot of assumptions made about how it would operate, what resources would be shared by the NSA, as well as the relationships with the services and combatant commanders. Most of these initial assumptions have proven incorrect or the mission has evolved, according to sources. Having no choice, the command continued to operate while constrained by these assumptions. The Cybercom 2.0 effort is seeking to be the first of many steps to reshape the command into what is needed.
Lt. Gen. William Hartman, acting commander of Cybercom and performing the duties of the director of NSA, told the House Armed Services subcommittee last week that officials evaluated three models: the status quo, a Special Operations Command-like model and the creation of a separate Cyber Force military branch, with the preference being the SOCOM-like model.
While Cybercom was initially a sub-unified command under Strategic Command, which oversees U.S. nuclear weapons capabilities and doctrine — a flawed model for cyber, as history has borne out — officials have always maintained the best model for Cybercom was SOCOM: a combatant command with service-like authority.
Cybercom received enhanced budget authority from Congress that went into effect in March 2024, giving it oversight of cyber funds. Prior to that, the services were responsible for funding and procuring the resources and weapon systems the command relied upon. Hartman told the subcommittee that in fiscal ’24, the command managed over $2.5 billion.
Much of the Cybercom 2.0 effort was aiming to take advantage of those new service-like authorities and implement them, such as joint force trainer and improvements to the man, train and equip oversight functions over the services.
Officials have discussed improvements to how the services have been recruiting, retaining and training their cyber forces over the last year or so.
Congress also created the assistant secretary of defense for cyber policy position, which aims to act like a service secretary, much in the way the assistant secretary of defense for special operations and low-intensity conflict does for SOCOM.
There has been a growing chorus in recent years for the creation of a separate, standalone Cyber Force as proponents believe that is the only way to fix the issues facing Cybercom and cyber forces more broadly.
Rep. Don Bacon, R-Neb., chairman of the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems, expressed his preference for the SOCOM model but noted there are pros and cons to it, namely the fact that there needs to be service buy-in.
“That means they got to recruit, they got to provide trained people to the Cyber Command at a level that they need. They also got to develop cyber leaders within the promotion system and growing leadership. It’s gets at an earlier question I had — I’m not sure that we’re doing adequate there, but we got to have a full service buy-in to make this model work,” he said. “We were looking at all the general officers, all the services, trying to get a feel for just how much depth we have in the cyber career field. I really only spot one general officer that has extensive cyber experience before they became a general officer. Are we doing enough to develop our cyber leadership here? It seems like we’re low on cyber. We got a lot of depth in air, surface warfare, infantry, space, but the cyber area that there seems to be a shortage.”
Some have described what came out of the first Cybercom 2.0 effort as essentially status quo-plus, the result of what happens when trying to design by committee. The services have the ability to make the changes and accommodate the needs of the command, but that doesn’t always mean they have the desire or willingness to do so given the other competing priorities they’re dealing with, according to some observers, potentially laying the groundwork for and strengthening the case for an independent cyber service.
In his written statement to the House Armed Services subcommittee, Hartman said the Defense Department recently approved several concepts to update the command’s force design and the ways it builds and sustains specialization and expertise within the teams. They include ways of fielding new technologies rapidly and ensuring they are tested and scalable. The measures were prompted and facilitated by recent defense policy bills, Hartman wrote, on readiness and force generation that collectively gave the DOD the opportunity to modernize the cyber force and reshape the command.
Some lawmakers at last week’s hearing gave the witnesses a tough time regarding the change in approach for Cybercom 2.0 and how efforts to reach critical milestones and modernize have taken too long.
“I remain very concerned about the state of our cyber training and readiness. General Hartman’s statement noted that the service cyber components only recently attained ‘foundational readiness standards,’” Bacon said. “Foundational readiness has a very specific meaning, and the fact that it took us more than a dozen years to reach this point is not something to celebrate. To succeed in the cyber domain, we need far more than ‘foundational readiness.’ And I am particularly interested in hearing from you what you need to create and sustain a high level of readiness across the cyber warfare enterprise.”
The cyber mission force has faced constant readiness concerns from its inception. Designed around 2012, the running trope from leaders was they were building the airplane while flying it, an analogy they used when describing the construction of these forces. To meet readiness metrics, the services would sometimes double-count personnel, creating what one prominent think tank referred to as a “shell game.”
Ever since the advent of the Cybercom 2.0 effort, top command officials and service commanders have begun discussing the notion of mastery within the cyber force.
Hartman explained that there’s a more efficient training model to take a basic trained service member and create an expert through authorities granted by Congress.
“Instead of trying to do that across all the services, we do believe there’s an opportunity, using Cybercom service-like authorities, Cybercom joint force training authorities in order to build that mastery of the force. And we look forward to working with the services to do that,” Hartman said.
Some of that work has manifested itself in improving the training curriculum executed by each service, where Cybercom provides joint standards and the service schoolhouses train their cyber warriors that they feed to the command to those standards.
Previously, personnel often wouldn’t get all the training they would need at their schoolhouse prior to arriving at their operational units. Rather, digital warriors would get additional on-the-job training upon arriving at their unit. This was a contributing factor to readiness issues.
Now, some schoolhouses are trying to move that training to the left so personnel show up to their units better prepared to do their jobs.
