Cyber Command significantly increases funding request for defense in Indo-Pacific region

U.S. Cyber Command is requesting a hefty increase of funds compared to previous plans to support Indo-Pacific Command’s network sensing and defense, data feeds and analytic resources, among other capabilities, according to newly released fiscal 2026 budget documents.

The command’s research-and-development budget proposal includes $117.2 million under a portfolio called “Data and Sensors.” In last year’s budget release, the command anticipated spending just $20.8 million in FY26 in the future years defense program for that same portfolio. The fiscal 2025 request for the portfolio was $21 million.

According to budget justification documents, the increased funding would go toward cyber mission monitoring capabilities for the Department of Defense Information Network and expand operational technology asset installation at other Indo-Pacom defense critical infrastructure networks and systems. Moreover, the budget activity continues whole-of-government collaboration and coordination for sensor deployment, data sharing and lessons learned, and includes an expanded submarine cable landing monitoring capability, sensor placement in key networks and maintenance of automated alert capabilities to operators.

The documents also note that beginning in fiscal 2024 the DOD added funds within the portfolio for Indo-Pacom’s regional component of the National Defense Strategy to maintain and restore a comparative military advantage. Cybercom added resources and manpower to support the maturation and fielding of monitoring capabilities to hunt and trap adversaries across the DODIN’s priority edge devices and procure new hardware.

The portfolio’s enhanced sensing efforts are part of the larger Pacific Deterrence Initiative, a key effort to provide funding carveouts for Indo-Pacom to bolster its posture relative to China, and expand low-level network sensing and defense for key networks in the region, the documents state.

More specifically, the enhanced sensing investments in Cybercom’s budget request portfolio include support for specialized Indo-Pacom Low-Level Network Sensing and Defense capability, data feed, analytic resources and increased efforts to discover and characterize adversary networks — all of which are necessary to maintain or restore comparative military advantage and reduce risk of contingency plans in support of U.S. national security interests, according to the documents.

The investments have already supported the transition of existing DOD projects to Cybercom and expansion of new sensing and data analytic tools to strengthen the cyberspace defensive posture of Indo-Pacom networks, with a specific focus on defense critical infrastructure in Guam.

The budget touts examples of this, including the employment of over 3,000 operational technology assets that resulted in a 52 percent reduction in malicious and anomalous behavior in the environment and a 32 percent decrease in known vulnerabilities to key assets such as firewalls, switches and routers, to achieve 76 percent adherence to MOSAICS frameworks in industrial control systems.

Cybercom’s cyber protection teams — defensive teams focused on hunting adversaries within the network — performed 31 threat-hunting missions and investigated 58 additional artifacts across multiple networks, informed by the investments made in the portfolio. Those teams worked with local defenders within Indo-Pacom to bolster their tactics, techniques and procedures.

The command noted that that the work established real-time insight into the submarine cable landing in Guam to effectively monitor network traffic transiting to and from the island, including automated alert and visual interface tools for operators.

The scope is also different from the previous budget request, in which Cybercom articulated that most of the portfolio spending would go towards deployable sensors and the “fly away” kits that the command’s cyber protection teams use. Those teams sometimes deploy to sites locally that incur breaches — hence the need for specialized kits.

The funding for 2025, according to previous budget documents, was partially planned to go towards downselecting awardees for Joint Cyber Hunt Kits, standardized fly-away kits for both cyber protection teams and hunt-forward missions that involve physically sending teams to foreign countries to hunt for threats on their networks at the invitation of host nations.

Cybercom’s fiscal 2026 budget proposal moved funding for the Joint Cyber Hunt Kits to the procurement portion. A prototype effort was slated to be completed in June 2025, and a review of the capability was expected completed by August 2025 with a production award scheduled for FY26, the documents state.

In DOD parlance, China is the pacing threat. It has become more brazen in intrusions and probes into U.S. and defense networks, particularly in maritime or port environments to potentially limit an American military mobilization response if Chinese leaders decide to invade Taiwan.

Guam, a key U.S. military outpost, has been a top target for Beijing in recent years. Chinese hackers targeted critical infrastructure there, burrowing deep inside a couple of years ago and startling experts who referred to it as one of the largest cyber espionage campaigns against America.  

The group that conducted the operation has been referred to as Volt Typhoon, one of a number of cyber players from China that have been discovered in U.S. networks, troubling American officials. Volt Typhoon was discovered inside U.S. critical infrastructure using a technique in the cybersecurity world called “living off the land,” which means it’s using legitimate tools organic to the systems for malicious purposes.

What has particularly alarmed officials regarding Volt Typhoon is the paradigm shift of Chinese threats moving from espionage and intellectual property theft to holding critical infrastructure at risk.

In fiscal 2026, Cybercom plans to field hardware security capabilities and support sustainment of existing capabilities installed in fiscal 2024 and 2025, according the budget documents. It will also seek to implement improved or additional tools and tradecraft to keep pace with the dynamic and evolving threat landscape.

The 2026 funding request aims to complete full asset inventory to operational technology assets on Guam defense critical infrastructure for comprehensive and enduring monitoring to reduce malicious activity, address known vulnerabilities and ensure adherence to MOSAICS framework for industrial control systems, the documents state.