It’s been two years since the joint U.S. Cyber Command reached operational capability but, before and since then, the individual military services have been hard at work building their own robust but discrete cyber forces. The next question is, who’s responsible for what?
Each of the military services has its own cyber command. While their authorities and responsibilities vary somewhat, each is accountable for manning and training their forces, and operating and defending their respective services’ networks. But they’re also tasked with providing joint cyber capabilities to U.S. Cyber Command and the geographic combatant commanders around the globe. Up until now, defining precisely which national cyberspace missions belong to the Army, Air Force, Navy or Marine Corps has been a somewhat murky issue, but new guidance from Gen. Keith Alexander, the commander of U.S. Cyber Command, has begun to clarify the issue, the cyber chiefs from each of the four DoD branches told Congress last week.
Arriving at those definitions has been a key priority for the military’s cyber leaders, said Lt. Gen. Rhett Hernandez, the commander of Army cyber command.
“We really have to nest that strategy from the top to the bottom in terms of who’s going to do what requirements,” he said. “I think we all believe that over time a couple things are essential. One is that this is going to become more joint. Certainly the training and the standards will need to be joint so that you can count on cyber warriors being able to interact with joint teams. We also need to take a hard look at functional requirements and make sure we’re providing capabilities as one force so you don’t duplicate efforts and have to de-conflict things too late because you’ve already invested resources. We’re working on all of that together.”
Geographically split roles
Hernandez and the other service cyber chiefs told the House Armed Services subcommittee on emerging threats and capabilities that Alexander’s operational directive, issued within the last several months, gave each service a lead cyber role for specific geographic areas of the world.
“[It says] here is my operational vision in terms of how I’ll parse out who will have leadership within different areas of the world,” said Vice Adm. Michael Rogers, the commander of Navy Fleet Cyber Command. “Once you’re designated as the lead, then we collaborate with each other for how we’re going to generate the full spectrum of capability we’ll need to support those joint commanders. Then the tie-in is the Joint Information Environment, which hopefully will give us, over time, an underpinning that we can all plug into somewhat seamlessly as opposed to what we have now, where that’s definitely not the case.” Maj. Gen. Suzanne Vautrinot, commander of the 24th Air Force, that service’s cyber command, said the order also assigns specific tasks to each of the services.
“It leverages the core competencies that are specialties within each of our services, not just for a combatant command but in support of each other as we provide those rare capabilities,” she said. “And the orders process that began when U.S. Cyber Command was established has been very freeing in this regard. Those orders come through to all of us to provide capability across the board. Cyber is foundational to every one of the air, ground, sea and space missions, and we all need to operate in a synchronized and consistent manner.”
But even as the somewhat disjointed pieces that make up DoD’s network transition to a more homogenous environment and the services’ cyber operations become more joint, the military leaders told lawmakers they also want to make sure their individual cyber commands retain the distinctive characters of the four services they represent.
Integration to the cyber role is necessary
The Navy’s Rogers said it’s a message he delivers frequently.
“I regularly tell U.S. Cyber Command, ‘Please don’t view your components as manpower pools.’ We are integrated warfighting organizations just like every other mission set within the Department of Defense,” he said. “Task us, just as we do in every other mission area across the department. We need to bring capacity and capability as an integrated, cohesive whole, which is the way we’ve all structured ourselves.”
Rep. Mac Thornberry (R-Texas), chairman of the emerging threats subcommittee, was not entirely convinced the services will be able to seamlessly interoperate in a joint cyber environment. Thornberry said he wants to see plenty of testing of the new operational directive. “It just occurs to me that as you all sort through these issues, exercises are going to be really essential to test all this out,” he said. “I’m not too concerned about the young folks who work for you, but I am concerned about all the bureaucratic gobbledygook that can foul up even the best intentions, and until we exercise some of this capability it’ll be really hard to know whether it’ll really work.”
Among other lessons learned over the past two years, the cyber commanders told Congress, has been the surprising rate at which servicemembers with highly-valuable cyber skills opt to stay in the military rather than rushing to the exits to earn a much larger paycheck in industry.
“To be honest, we’ve exceeded my expectations,” Rogers said. “I can well remember one of my concerns early on in this mission set was how we were going to retain these men and women. The thing that’s surprised me the most is that increasingly, they view themselves as warriors. That’s one distinct advantage to those of us in uniform. Our civilian counterparts offer many opportunities and, arguably, advantages. One thing they don’t offer is the ability to be a warrior. The workforce really seems to crystallize around that idea and the broader Navy as a whole is very energized by the mission set and has great respect for that mission set. It goes out of its way to highlight to its cyber partners how well-positioned they are for the future, and the workforce really responds well to that.”
The other three cyber leaders agreed retention of cyber warriors has turned out to be mostly a non-issue.
This story is part of Federal News Radio’s daily Cybersecurity Update. For more cybersecurity news, click here.