Enable breadcrumbs token at /includes/pageheader.html.twig

Cyber Personnel Unification Boosts Battle Power

Services must combine training and personnel to close the seams adversaries exploit.

U.S. Marines with 8th Communication Battalion, II Marine Expeditionary Force Information Group, collaborate as part of Team Spartan during Cyber Fury 2020. Cyber Fury is an annual training exercise that allows Marines to simulate a series of cyberspace attacks by identifying and countering them. Credit: Lance Cpl. Haley McMenamin, USMC

Lt. Gen. Brian D. Beaudreault, USMC, commanding general, II Marine Expeditionary Force, receives a brief during the end of Cyber Fury 2020 at Camp Lejeune, North Carolina. Cyber Fury is an annual training exercise that allows Marines to simulate a series of cyberspace attacks by identifying and countering them. Credit: Lance Cpl. Haley McMenamin, USMC

With the 2020 election fast approaching and tensions with Iran continually shifting, many people are looking to U.S. Cyber Command to help ensure cybersecurity. The command faces an uphill battle because the current construct allows each service branch to retain tactical command of its organic cyber experts. To be more successful in the cyberspace domain, the command needs to take over tasking authority for all cyber-related units, establish a standardized joint cyber schoolhouse and establish a Joint Cyber Operations Command to perform joint, effects-driven cyber operations.

One problem that arises from the current organization of the U.S. Defense Department’s cyber forces is the duplication of efforts with regard to training. Each branch is responsible for the doctrine, organization, training, materiel, leadership, personnel and facilities used to support its organic cyber experts. This structure drives the services to establish and maintain its own training curriculum and facilities, costing the government more money.

U.S. Cyber Command (CYBERCOM) took a step forward in 2014 by outlining training standards that cyber forces must meet, but the services still largely determine how to meet those requirements with the resources given. For example, without considering the money allocated for force sustainment, according to the 2020 National Defense Authorization Act, the U.S. Army receives $52 million and the U.S. Air Force $35 million for cyber force training and force support.

Alongside training and equipping their cyber forces, each branch sets the priorities for its cyber professionals, creating another problem with the current model. Air Force cyber experts capture a lot of knowledge involved in supporting air bases and aircraft; Navy personnel do the same for maritime assets. Within the current construct, limited opportunities exist to share information or swap tactics, techniques and procedures because each branch is responsible for operating and tasking its own cyber operations units.

CYBERCOM has been working to address this issue by placing greater emphasis on its annual Cyber Flag and Cyber Guard exercises. Though the exercises are largely successful, two critiques that are frequently mentioned are the Defense Department’s lack of large-scale opportunities for cyber information sharing, as well as standardized vernacular and operating procedures. As discovered in a 2018 exercise, the gap in information sharing is exacerbated when the department is asked to work with civil authorities. The “silos of excellence” created in the current model can lead to stovepiped views of cyber operations and may result in longer recovery times or self-induced vulnerabilities.

One of the biggest problems the Defense Department faces concerning cyber operations is the retention of cyber professionals. A study conducted in 2001 found that one of the top three reasons service members separate from the military is loss of job satisfaction.

Operating cyber weapon systems requires a unique and perishable skill set. By forcing people into more managerial, less operational positions as they increase in rank, the department limits the opportunities cyber professionals have to utilize their skills and feel challenged. This pattern can lead service members to look for other employment opportunities and, as Brig. Gen. Dennis Crall, USMC, deputy principal cyber adviser, Office of the Secretary of Defense, stated in 2018, the Defense Department is hard-pressed to keep up with industry’s ability to hire individuals and rapidly put them to work on challenging projects. If the department wants to achieve national objectives in cyberspace, retention of cyber personnel is paramount.

This assessment falls in line with the thoughts of Master Gunnery Sgt. Scott H. Stalker, USMC, senior enlisted adviser, CYBERCOM. He says the key to retaining cyber forces is keeping cyber warfare specialists “on the keyboard” doing the job they joined to do. Allowing cyber professionals to continue operating the weapon systems they are trained on—similar to the pilot community—will increase these service members’ desire to serve in the military, increase job satisfaction, and ultimately, increase retention.

To address these problems, CYBERCOM needs to play a more deliberate, decisive role in how the department’s cyber professionals are trained and tasked. Each service branch would identify accessions and cross-trainees who possess the necessary skills or aptitude to become successful cyber operators. The individuals selected for cyber slots would attend a schoolhouse that CYBERCOM hosts. The command would fund the curriculum and materials the schoolhouse uses, and it would maintain control of both.

Once the initial training is concluded, a portion of the class would be retained as a Joint Cyber Operations Command (JCYOC), akin to the role Joint Special Operations Command plays for U.S. Special Operations Command. The remaining individuals would be assigned to their service branch to learn its requirements and challenges. For subsequent assignments, service members would be free to rotate into the JCYOC as assignments and career progression dictate.

In this model, CYBERCOM would control all cyber operations effects. When a combatant commander or operational unit requires cyber support, the request would be sent to CYBERCOM. Once the request is fielded, the requirement would be met with a joint team that would be purpose-built from the available pool of cyber operations professionals to achieve the effect that the supported commander desires.

With CYBERCOM shouldering the responsibility of training and equipping cyber forces, less money would be required to operate and maintain a schoolhouse rather than the four service-specific schoolhouses currently used. Because CYBERCOM would own the curriculum, the material could be rapidly changed to meet evolving threats or to capitalize on emerging technologies.

In recent years, CYBERCOM has taken steps to ensure a standardized toolbox of cyber weapon systems, including the creation of the Joint Cyber Warfighting Architecture to drive interoperability and prevent the services from purchasing systems that do not integrate with existing hardware or software. By giving the authority to purchase tools and weapon systems to the combatant command instead of the service branches, CYBERCOM would shorten the coordination chain needed to purchase systems, ease the burden on the service branches’ procurement professionals, and allow the services to utilize that personnel elsewhere. The ability to make in-stride adjustments to cyber professionals’ training, fighting strategies and equipment is key to creating an efficient, effective force and continued success in the cyberspace domain.

Implementing the JCYOC and the CYBERCOM-controlled schoolhouse would drive greater coordination of cyber operations and better information sharing between service components. The relationships formed in the schoolhouse would facilitate more conversation between members and foster standardized terminology. Coupling joint training and joint operations with rotational assignments to service-specific cyber units would allow CYBERCOM to take full advantage of the talents of the entire cyber operations community and carry forward the best tactics, techniques and procedures the Defense Department offers.

In addition, the increased level of coordination among service branches would reduce the attack surface of the department’s networks and bolster the effects of its offensive actions. The consolidation of control and knowledge would open the door to greater coordination between the Defense Department and other government agencies. Rather than each branch trying to coordinate and explain its cyber operations, a single, unified entity would lobby for the force and set the standards for the enterprise. This would drastically reduce the time spent explaining responsibilities to each other and foster a better understanding across the U.S. government, resulting in greater network security and a more lethal cyber force.

The call for a cyber-specific branch of the military, colloquially known as the cyber force, has only gotten louder since CYBERCOM became a unified combatant command in 2018. Although the creation of the new branch could assuage some of the problems cyber professionals face, such as career progression, funding and manning, the creation of the cyber force is a less-desirable option than a coordinated effort.

The Defense Department and cyber professionals need every component of the force to buy into this effort to ensure the greatest amount of network security possible. Isolating cyber experts in their own branch would throw more hurdles in the community’s way and would likely create even more seams for an enemy to exploit.

If the JCYOC is established, the Cyber Workforce construct initiative the Defense Department published in 2013 could still be utilized. The only change for the individuals making up the cyber workforce would be their coordination and who issues their orders. The civilian personnel that comprise the workforce would still be utilized to ensure continuity and expertise in key areas. Of note, however, as the JCYOC matures and retention efforts are more successful, the cyber workforce might be cut down or repurposed to save money and keep military personnel operational.

Establishing a Joint Cyber Operations Command to perform joint, effects-driven cyber operations would save money and allow rapid changes to meet the evolving threat environment.

Capt. Alex M. Roberts, USAF, communications officer, and student, Marine Corps’ Expeditionary Warfare School.