Cybercom 2.0, as the effort is known, is an ambitious plan first unveiled by former commander Gen. Paul Nakasone and other top DOD officials, spurred largely by a report requested by Congress in the fiscal 2023 annual defense policy bill to evaluate how Cybercom generates its forces.

In addition to responding to reports required by lawmakers, the initiative was meant to provide a holistic examination of the command and its forces to better posture them for the future, serving as the first major update since Cybercom was formed over 10 years ago when many sophisticated threats and challenges in cyberspace did not exist.

Former Secretary of Defense Lloyd Austin approved a broad outline for Cybercom 2.0 in December 2024, which encompassed four buckets: a new force generation model for how each service provides digital warriors to Cybercom; a talent management model; an advanced training and education center to ensure troops are better prepared when they arrive at their units and have specialized training if needed; and a cyber innovation warfare center that could focus on rapid innovation and capability development.

Those items had to be fleshed out by an implementation plan team. Upon coming into office, Secretary of Defense Pete Hegseth ordered the team to expedite their implementation plan in 45 days. The updated plan was delivered March 21. It had been held up within the Office of the Secretary of Defense because there was some pushback and it wasn’t being well-received.

Now, leadership is asking officials to reevaluate some components.

“We think that 2.0 was a great effort to improve our workforce, management and retention. We have taken another relook and decided that we think it needs even more work. We consider cyberspace as important as you do. We really appreciate your continued emphasis on that matter, so we have decided to do a deeper look and make it a better product,” Laurie Buckhout, the official performing the duties of assistant secretary of defense for cyber policy, told the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems during a hearing Friday.

Later in the hearing, when asked, Buckhout noted that DOD is essentially moving on from the original Cybercom 2.0 and will revamp it.

“DoD remains committed to being responsive to Congressional direction. Much analysis of various force generation challenges and models went into creating a draft implementation plan that was delivered to DoD leadership in March. The Department is currently evaluating whether that plan goes far enough to address this administration’s priorities, and we will adjust accordingly,” according to a department official.

Someone familiar with the situation also noted that the Trump administration wants a clear plan that can outmatch China, and what was submitted previously didn’t meet that standard in their eyes.

Such a relook isn’t completely surprising given the new administration and how late the plan was submitted to the last administration.

“It doesn’t surprise me if indeed, they’ve asked the command to take another look, because you have people in leadership roles inside the department at the White House, and others who may have some different views on specific aspects of what we’re looking to do or want to go further with certain aspects. I don’t think it’s uncommon if you have something that’s at the phase that this was where it really fell into the gap between two administrations,” Charlie Moore, former deputy commander of Cybercom and distinguished visiting professor at Vanderbilt University, told DefenseScoop.  

When Cybercom was first established, there were a lot of assumptions made about how it would operate, what resources would be shared by the NSA, as well as the relationships with the services and combatant commanders. Most of these initial assumptions have proven incorrect or the mission has evolved, according to sources. Having no choice, the command continued to operate while constrained by these assumptions. The Cybercom 2.0 effort is seeking to be the first of many steps to reshape the command into what is needed.

Lt. Gen. William Hartman, acting commander of Cybercom and performing the duties of the director of NSA, told the House Armed Services subcommittee last week that officials evaluated three models: the status quo, a Special Operations Command-like model and the creation of a separate Cyber Force military branch, with the preference being the SOCOM-like model.

While Cybercom was initially a sub-unified command under Strategic Command, which oversees U.S. nuclear weapons capabilities and doctrine — a flawed model for cyber, as history has borne out — officials have always maintained the best model for Cybercom was SOCOM: a combatant command with service-like authority.

Cybercom received enhanced budget authority from Congress that went into effect in March 2024, giving it oversight of cyber funds. Prior to that, the services were responsible for funding and procuring the resources and weapon systems the command relied upon. Hartman told the subcommittee that in fiscal ’24, the command managed over $2.5 billion.

Much of the Cybercom 2.0 effort was aiming to take advantage of those new service-like authorities and implement them, such as joint force trainer and improvements to the man, train and equip oversight functions over the services.

Officials have discussed improvements to how the services have been recruiting, retaining and training their cyber forces over the last year or so.

Congress also created the assistant secretary of defense for cyber policy position, which aims to act like a service secretary, much in the way the assistant secretary of defense for special operations and low-intensity conflict does for SOCOM.

There has been a growing chorus in recent years for the creation of a separate, standalone Cyber Force as proponents believe that is the only way to fix the issues facing Cybercom and cyber forces more broadly.

Rep. Don Bacon, R-Neb., chairman of the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems, expressed his preference for the SOCOM model but noted there are pros and cons to it, namely the fact that there needs to be service buy-in.

“That means they got to recruit, they got to provide trained people to the Cyber Command at a level that they need. They also got to develop cyber leaders within the promotion system and growing leadership. It’s gets at an earlier question I had — I’m not sure that we’re doing adequate there, but we got to have a full service buy-in to make this model work,” he said. “We were looking at all the general officers, all the services, trying to get a feel for just how much depth we have in the cyber career field. I really only spot one general officer that has extensive cyber experience before they became a general officer. Are we doing enough to develop our cyber leadership here? It seems like we’re low on cyber. We got a lot of depth in air, surface warfare, infantry, space, but the cyber area that there seems to be a shortage.”

Some have described what came out of the first Cybercom 2.0 effort as essentially status quo-plus, the result of what happens when trying to design by committee. The services have the ability to make the changes and accommodate the needs of the command, but that doesn’t always mean they have the desire or willingness to do so given the other competing priorities they’re dealing with, according to some observers, potentially laying the groundwork for and strengthening the case for an independent cyber service.

In his written statement to the House Armed Services subcommittee, Hartman said the Defense Department recently approved several concepts to update the command’s force design and the ways it builds and sustains specialization and expertise within the teams. They include ways of fielding new technologies rapidly and ensuring they are tested and scalable. The measures were prompted and facilitated by recent defense policy bills, Hartman wrote, on readiness and force generation that collectively gave the DOD the opportunity to modernize the cyber force and reshape the command.

Some lawmakers at last week’s hearing gave the witnesses a tough time regarding the change in approach for Cybercom 2.0 and how efforts to reach critical milestones and modernize have taken too long.

“I remain very concerned about the state of our cyber training and readiness. General Hartman’s statement noted that the service cyber components only recently attained ‘foundational readiness standards,’” Bacon said. “Foundational readiness has a very specific meaning, and the fact that it took us more than a dozen years to reach this point is not something to celebrate. To succeed in the cyber domain, we need far more than ‘foundational readiness.’ And I am particularly interested in hearing from you what you need to create and sustain a high level of readiness across the cyber warfare enterprise.”

The cyber mission force has faced constant readiness concerns from its inception. Designed around 2012, the running trope from leaders was they were building the airplane while flying it, an analogy they used when describing the construction of these forces. To meet readiness metrics, the services would sometimes double-count personnel, creating what one prominent think tank referred to as a “shell game.”

Ever since the advent of the Cybercom 2.0 effort, top command officials and service commanders have begun discussing the notion of mastery within the cyber force.

Hartman explained that there’s a more efficient training model to take a basic trained service member and create an expert through authorities granted by Congress.

“Instead of trying to do that across all the services, we do believe there’s an opportunity, using Cybercom service-like authorities, Cybercom joint force training authorities in order to build that mastery of the force. And we look forward to working with the services to do that,” Hartman said.

Some of that work has manifested itself in improving the training curriculum executed by each service, where Cybercom provides joint standards and the service schoolhouses train their cyber warriors that they feed to the command to those standards.

Previously, personnel often wouldn’t get all the training they would need at their schoolhouse prior to arriving at their operational units. Rather, digital warriors would get additional on-the-job training upon arriving at their unit. This was a contributing factor to readiness issues.

Now, some schoolhouses are trying to move that training to the left so personnel show up to their units better prepared to do their jobs.

The post DOD leadership asks for Cybercom 2.0 relook appeared first on DefenseScoop.

Since Cybercom was created a decade ago, it has been co-located with NSA at Fort Meade, Maryland, and shared a leader. At the time, this made sense to help the nascent command grow, relying on the personnel, expertise and infrastructure of the high-tech intelligence agency. The arrangement was initially expected to be temporary.

Severing the dual-hat has been one of the most hotly contested issues in cyber policy. Proponents believe the military can benefit from the unique intelligence insights and resources of NSA, leading to faster decision-making and operational outcomes. Opponents argue the roles of NSA director and Cybercom commander are too powerful for one person to hold and relying on the intelligence community’s tools — which are meant to stay undetected — for military activities poses risks to such espionage activity.

At the end of the first Trump administration, officials made a last ditch effort to sever the dual-hat, but it ultimately was not brought to fruition. Press reports prior to Trump’s inauguration for his second term indicated the administration wanted to end the dual-hat relationship.

There “is renewed speculation about the separation of the ‘dual-hat’ relationship between Cybecom and NSA, a construct that proves its value to our national security every minute of every day. This issue has been studied exhaustively but somehow there are still those who believe they know better,” Rep. Don Bacon, R-Neb., chairman of the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems, said in opening remarks during a hearing Friday. “I’ve spoken to my colleagues on this panel and our friends in the Senate, and on a bipartisan and bicameral basis, the Armed Services Committees are strongly opposed to ending the dual-hat relationship. I want to take this opportunity to make very clear to the Department’s leadership that if they believe they have allies on this issue who sit on the Pentagon’s congressional oversight panels, they do not.” 

Following the firing of Cybercom commander Gen. Timothy Haugh at the beginning of April, there was a feeling that the dismissal prepped the ground to split the dual-hat by nominating a civilian to lead NSA and a military officer to lead the command.

Bacon’s sentiment was shared by the subcommittee’s ranking member, Rep. Ro Khanna, D-Calif., on Friday.

“Let me reaffirm what you said about keeping our Cyber Command and NSA together. That is a bipartisan position, that is a position that we have discussed many times now, and people on this side of the aisle support you in that. It’s bicameral, it’s bipartisan. And you know, I just want to make that clear, because it keeps coming up and … because the support in the Congress is very strong for keeping the — those two departments together,” Khanna said at the hearing.

The issue was addressed on the Senate side over a month ago as well, with Sen. Mike Rounds, R-S.D., voicing support for the current arrangement.

“In wake of the various persistent cyber threats originating from the People’s Republic of China over the last two years, it is my firm conclusion that the importance of the dual-hat is as important today as it has ever been,” Rounds, chairman of the panel’s Cybersecurity Subcommittee, said during an April 9 hearing.

At that hearing, Lt. Gen. William Hartman, acting commander of Cybercom and director of NSA, told Rounds that the relationship between the two organizations allows the command to see what the adversary is doing.

“From my standpoint and senator, I’ve been sitting on the campus of the National Security Agency and Cybercom for most of the last 15 years. I’ve continued to see this partnership evolve. And our ability to execute increasingly more precise operations is fundamentally because the dual-hat allows me, in my current capacity, to move with the speed and agility and unity of effort that is required,” he said. “But it also forces leaders across the organization to collaborate, to do the hard work and to provide the best options for the national security of the country. That’s what I believe is the importance of the dual-hat, and that is really where I believe we’ve evolved.”

Concerned with the prospect of a premature split, in which Cybercom would not be ready to stand on its own, Congress has previously issued a prohibition on a breakup in leadership until certain metrics are met. They include, among others, that each organization have robust command-and-control systems for planning, deconflicting and executing military cyber operations and national intelligence operations — as well as ensuring tools and weapons used in cyber ops are sufficient for achieving required effects and that Cyber Command can acquire or develop these tools, weapons and accesses.

Gen. Dan Caine, chairman of the Joint Chiefs of Staff, told lawmakers at his confirmation hearing for the role in April that he believes the dual-hat should be maintained, agreeing with the findings of a 2022 study that found the role should be strengthened as well.

“The Dual-Hat arrangement provides the ability to look across both organizations and has empowered both USCYBERCOM and NSA to fulfill their missions better than each could do alone. It promotes agility and enables intelligence to be operationalized rapidly,” he wrote in response to advance policy questions from senators. “It also facilitates relationships with key foreign allies and partners in part because the corresponding foreign organizations with signals intelligence (SIGINT) and cyber operations missions are fully integrated, operating under a Dual-Hat leadership structure. The span of control, does however, place a burden on one leader.”

Ahead of his own confirmation hearing in January, Secretary of Defense Pete Hegseth wrote to senators that he would “bring these debates to conclusion, consult with Congress, and make final recommendation for the way ahead.”

The post Members of Congress vow not to split Cyber Command, NSA appeared first on DefenseScoop.

At press time, it still remains a public mystery why he and NSA deputy Wendy Noble (who was removed and reassigned) were fired from leading the largest intelligence agency — which produces the majority of the intel for the president’s daily brief — and the government’s main cyber warfare entity, Cybercom.

Chief Pentagon spokesperson released a statement late Friday afternoon that read: “The Defense Department thanks General Timothy Haugh for his decades of service to our nation, culminating as U.S. Cyber Command Commander and National Security Agency Director. We wish him and his family well.”

The websites of Cyber Command and NSA were updated Friday afternoon to reflect that Army Lt. Gen. William Hartman is now in charge of both organizations. Hartman had been the deputy commander of Cybercom. Although the commander is dual-hatted to lead both organizations, the deputy Cybercom commander is not part of NSA.

Those that spoke to DefenseScoop noted how rare it is for a sitting NSA director to be fired mid-term, especially absent any loss in confidence to command or a scandal. For context, the director wasn’t removed after the Snowden leaks came to light during the Obama administration.

Although the president does have the authority to remove officers like this, some observers have indicated it might not be a wise use of that power, and could create morale issues.

“I don’t recall an NSA director in recent memory being removed other than during the normal cycle,” said Jamil Jaffer, founder and executive director of the National Security Institute at the Antonin Scalia Law School at George Mason University, who held positions in the Bush White House, Department of Justice and was senior counsel to the House Permanent Select Committee on Intelligence for the Republican chairman Mike Rogers of Michigan. “When a well-regarded, four-star general is fired for no apparent reason — if in fact that’s what happened and even if it is legally permissible — that can have a massively detrimental impact on both ongoing operations and morale.”

Prior to taking office — and in successive confirmation hearings — Trump administration officials expressed an interesting in taking a more aggressive approach in cyberspace against adversaries in the face of high-profile intrusions of telecom firms and critical infrastructure that some say went beyond traditional espionage to prep the battlefield.

“General Tim Haugh is an outstanding leader and was doing a superb job at Cyber Command and National Security Agency. He was fired with no public explanation. This action sets back our Cyber and Signals Intelligence operations,” Rep. Don Bacon, R-Nebraska, the chairman of the House Armed Services Subcommittee on Cyber, Information Technologies, and Innovation and a former one-star Air Force general, said on X.

A slew of Democrat lawmakers issued statements Friday criticizing the administration’s move.

Sen. Jack Reed, D-R.I., the top Democrat on the Senate Armed Services Committee, expressed alarm and anger regarding the decision to fire Haugh — who was unanimously confirmed by the Senate to his role — and oust Noble.

“As the commander of Cyber Command, General Haugh led the most formidable cyber warfighting force in the world and kept our enemies up at night. President Trump has given a priceless gift to China, Russia, Iran, and North Korea by purging competence from our national security leadership,” he said. “I have long warned about the dangers of firing military officers as a political loyalty test. In addition to the other military leaders and national security officials Trump has fired, he is sending a chilling message throughout the ranks: don’t give your best military advice, or you may face consequences. The President must immediately explain himself to the American people.”

Reed was referring to assertions that political activist Laura Loomer urged President Donald Trump to fire certain officials due to their perceived disloyalty to him and his agenda. She wrote in a social media post Thursday night that Haugh and Noble were fired for being “disloyal” to Trump. In recent weeks, Trump also fired Chairman of the Joint Chiefs of Staff Gen. Charles “CQ” Brown and Chief of Naval Operations Adm. Lisa Franchetti, among other senior defense officials.

“It’s concerning, from a national security perspective, when a 9/11 truther is providing advice to the President on whether a four-star general ought keep his job as the head of the world’s premier signals intelligence agency,” Jaffer said regarding the allegations Loomer had something to do with Haugh’s ouster.

Others agreed with that sentiment.

“If this was tied to Loomer’s action, then preparing for a future war against China is taking a back seat to the fight against DEI and those perceived as not loyal enough to the regime,” said Jason Healey, a senior research scholar at Columbia University’s School for International and Public Affairs with a deep cyber background in the government and military. Healey previously served as a founding member of the Office of the National Cyber Director at the White House and worked at a U.S. military organization that was a precursor to Cybercom.

Sen. Roger Wicker, R-Miss., chairman of the Senate Armed Services Committee and Rep. Mike Rogers, R-Alabama, chairman of the House Armed Services Committee, did not respond to requests for comment.

“Silence, nothing but silence, from my once honorable colleagues in the GOP who just days ago sat with me in meetings on the Armed Services Committee praising GEN Haugh. Cowering before Trump and complicit in letting a lunatic upend their own national security team, they do nothing to stand up for our troops or our country,” Rep. Seth Moulton, D-Mass., wrote on X Friday.

Top Dems on the House Armed Services Committee issued a joint statement citing their concerns.

“Under [Haugh and Noble’s] leadership, the men and women of US Cyber Command and the National Security Agency have been at the tip of the spear in defense of our country against very real cyber threats, including ransomware extortionists and actors like Volt Typhoon and Salt Typhoon. Reports that the dismissals were due not to failure to execute their positions but, rather, being accused of being disloyal by a far-right conspiracy theorist are deeply disturbing,” said HASC ranking member Rep. Adam Smith, D-Wash., Rep. Ro Khanna, D-Calif., ranking member of the CITI subcommittee and Rep. Chrissy Houlahan, D-Penn., who has taken a keen interest in cyber issues.

Houlahan in a separate statement to DefenseScoop called the firing “inexplicable,” adding it “should leave us all feeling less safe today.”

“There have still been no consequences for anyone over the leaking of classified information over Signal – the real threat. This action—meant in some way to distract us from the Signal and gmail fiascos— to summarily remove the four-star General responsible for the National Security Agency and Cyber Command is chilling,” she said. “The American people deserve answers – now including why General Haugh was relieved of his duties. The case is not, in fact, closed.”

The post Firing of top cyber general ‘sets back’ US military and intel operations, makes America ‘less safe,’ lawmakers of both parties say appeared first on DefenseScoop.

Officials are dubbing the review Cybercom 2.0.

“As we’re trying to look at the future of U.S. Cyber Command, I want to have a bold move forward,” Gen. Paul Nakasone, commander of Cybercom and director of the NSA, told reporters during a media roundtable at Fort Meade. Nakasone is set to retire Friday following a change-of-command ceremony where he will pass the torch to Lt. Gen. Timothy Haugh, who will pin on his fourth star.

The command, now just north of 10 years old, was built on many principles of its time a decade ago. The domain it operates in is so dynamic that many of these tenets are now outdated.

For example, the cyber mission force — the teams each service provides to Cybercom to conduct offensive and defensive operations — was designed around 2012, built from 2013 to 2016, and reached full operational capability in 2018.

At the time, according to declassified task orders that were unearthed via the Freedom of Information Act by the National Security Archive at George Washington University, the priority was to get the teams formed, built quickly and rely as much as possible on NSA support.

“Given the increasing threats to our nation’s critical infrastructure and DoD networks, it is imperative that we establish, train, and employ equipped cyber mission forces as expeditiously as possible. We must get these forces in position now—these teams will be prepared to defend the nation, provide support to combatant commanders, and to provide active defense of key terrain on critical networks,” a task order from March 2013 read. “We will establish immediate operational capability during FY13 by effectively task organizing our available personnel into [REDACTED] effective, combat-ready teams, positioned in the best locations for mission success, and with a command and control structure in place to direct successful operations.”

The order goes on to state that while the initial focus was on establishing combat-ready teams quickly and efficiently, they would keep the end-state force posture in mind.

Those teams and their structures have not been holistically relooked or reexamined since then, with new teams being added to the initial 133 for the first time in the president’s fiscal 2022 budget request. For example, Nakasone said those teams were built with a different understanding of the world in 2012, with a counterterror focus and when Iranian financial system cyber disruptions were one of the main threats of the day — long before the shift back to great power competition with nations such as China.

Many of the manning numbers of personnel and teams were arbitrary given the quantity of forces the services had available at the time and to justify the need to Department of Defense leadership, according to former officials.

There were calls and expectations in the past to relook the team structure and reexamine how the force trains and acquires capabilities — particularly after the cyber mission force reached full operational capability in 2018 — however, the remedy for many years had been to task organize for particular missions or break teams into smaller elements.

During the build, for instance, Cybercom leadership locked in the structure and didn’t want to tweak the teams so as not to appear as if they were moving the bar on the services until they reached full operational capability.

There wasn’t another model to emulate when building these teams, and so experts have said it’s no surprise they didn’t get everything right.

Additionally, Cybercom relied very heavily on NSA personnel and equipment as it grew. As a military organization, it needs its own military-specific systems separate from intelligence systems. As a result, it wants the ability to acquire and manage those capabilities much like the rest of the military develops platforms to conduct operations.

The command, in partnership with other elements of the DOD, is working hard at a holistic reexamination to better posture the command and its forces.

“I think all options are on the table except status quo,” Nakasone said during an INSA event in December. “We built our force in 2012 and 2013. We’ve had tremendous experience, but scope, scale, sophistication and the threat has changed, the private sector has changed, our partners have changed. I think that we’ve got to be able to take a look at how we’re going to change as well.”

A cross-functional team consisting of a group of experts has been convened to discuss how the command can think about how its authorities, training, personnel and acquisitions can be done differently.

In fact, a problem statement regarding what they’re seeking to examine was approved this weekend, though Nakasone declined to provide details.

“We’ve got to think boldly about such things as how we do training and how we might do personnel processes that are different,” Nakasone said.

Why now?

Sources indicated it’s been over 10 years since the command was created and they want to update the vision, force structure and doctrine. There are also now personnel at the top levels of leadership that have been around the command for years — such as Haugh and incoming deputy commander Lt. Gen. William “Joe” Hartman — with a lot of knowledge of the domain, making this a good opportunity for a revamp.

Now is the right time to begin looking at what the next iteration of Cybercom is for several reasons, Nakasone said.

In the fiscal 2023 National Defense Authorization Act, Congress directed several studies and examinations of the department, which include a force generation study due in June examining the responsibilities of the services for organizing, training and presenting the total force to Cybercom, among seven other elements. Additionally, there are 14 new teams that are slated to be built over the course of the next five years. Moreover, since 2018, when the department gained new authorities to conduct cyber operations, a lot of lessons have been learned from those operations as well as election defense, ransomware, the Russia-Ukraine conflict and other issues.

“We haven’t done this, I think, really since we started up the force. And I think this is the right time,” Nakasone said of the confluence of these circumstances leading to 2024 being the best opportunity to reexamine the command.

Other officials have noted that the variety of studies Congress has asked for provides a good opportunity to package these key questions together and provide the secretary of defense with several options for the future evolution of the command.

“The Congress has laid on really multiple studies over the past few years to look at what things should the department do or could be doing to improve our ability to generate cyber forces, train cyber forces, retain cyber forces for maximum effect,” John Plumb, assistant secretary of defense for space policy, who also serves as the principal cyber advisor to the secretary of defense, told reporters in January. “We have been slowly working through various options. And the question is like, how much would need to change? What should you look at? … What are we after for readiness? How can we make readiness better?”

He noted as they look at all the things that are coming, the team knows they have to present the secretary a set of options related to this large, significant study and find the best recommendations to present a more comprehensive set of options as opposed to doing them one at a time.

Nakasone noted how 2018 was a watershed year for the command when it gained new authorities through executive policy changes, congressional legal changes and clarifications.

“That leads us to a whole heck of a lot of operations, so from 2018, forward to now, the number of operations is sky high, which means there’s a lot of data, in terms of what’s going on,” he said.  

Prior to that point there were only a handful of operations that had taken place because there was a bias for inaction, meaning there wasn’t a lot of data regarding how effective the team structure and personnel were.

This led to the paradigm shift toward persistent engagement, which encompasses challenging adversary activities daily and wherever they operate. Nakasone noted that is something the command got right and must continue to operate.

“You have to have persistent engagement. If you’re on the sidelines watching this, you’re going to get hit. That’s why I think it’s so important for our forces worldwide to be able to be engaged, and being able to act and understand what our adversaries are doing,” Nakasone said. “Being able to continue to operate day in and day out, this is how you get really good. You operate in the domain. This is what Special Operations Command has taught us, right?  Continued operations build proficiency and professionalism. We’re going to need that. I think a lot about that piece, in terms of where Cyber Command is going.”

Similarly, the command has fashioned itself off the Socom model even though it was initially under U.S. Strategic Command, which is in charge of the military’s nuclear weapons.

Another turning point in Cybercom’s history happened in 2020 when Nakasone asked for more service-like authorities from the secretary of defense similar to Socom. He also asked for more teams and a reposturing of teams from counterterrorism to be more aligned against China and Russia.

This included enhanced budget authority, which provides direct control and management of planning, programming, budgeting and execution of the resources to maintain the cyber mission force.

Many of these changes will also affect the services and how they present their forces to the command.

“I’m a pretty demanding customer with the services. I just want their best and I want it all the time. They have been very, very supportive, in terms of what’s gone on, but I will tell you that we operate in a domain that requires a longer dwell time for our soldiers, sailors, airmen and Marines, than the constant movement,” Nakasone said. “I think that this has been a concern that I’ve expressed that I think is one of the things that we’re going to have to deal with in the future.”

Nakasone recognized that the services have to provide a number of different forces to combatant commands, with Cybercom being one of them. They have to balance their readiness needs as well. However, he was aware that it’s his job as the commander of Cybercom to talk about why this domain is unique and why there is a need to consider recruiting, retention, or assignment policies differently than in the past.

This has also led to calls for an independent cyber service — akin to the Army, Navy, Marine Corps, Air Force and Space Force — which have intensified over the last year.

Proponents of an independent cyber service argue that cyber operators have no distinct identity — as they are still members of their respective services — there are readiness issues associated with each service resourcing their cyber contributions differently, lexicon and pay scales are different, and the command-and-control structures are confusing. Moreover, they allege only an independent cyber force or service can solve key problems.

Congress had initially proposed an independent study on the matter, but it was cut out of the annual policy bill for fiscal 2024. Proponents have vowed to get it into the fiscal 2025 bill.

Nakasone has, at least publicly, remained neutral to this notion, offering that it’s a policy determination for the secretary of defense.

What could be done for the future force?

According to experts and sources, there could be more formal restructuring of teams — rather than task organizing for each mission — to break them into smaller elements.

The Cyber National Mission Force — a sub-unified command under Cybercom made up of 39 joint teams and thought to have the DOD’s most talented cyber operators that defend the nation from significant cyber threats, which Nakasone, Haugh and Hartman have all commanded — has significantly more flexibility than the combat mission teams that conduct offensive operations on behalf of combatant commands, and cyber protection teams that conduct defensive cyber ops. This is due to the fact it’s a smaller force and organized around six task forces. This allows them to be able to more accurately task organize based upon skill sets and readiness of personnel needed for certain missions.

That could be a possible model going forward. Having greater oversight of readiness of forces and skills through new tools the command is developing will help commanders be able to have better fidelity of what they’ll need at any given time to pluck personnel with skill sets required for operations.

Initially, cyber protection teams were made up of 39-person teams with five squads. That has evolved to smaller elements after what forces learned through operations and not having to deploy 39 people to address every problem. In the future, they could be split up even more to make additional teams.

Experts noted that everything is on the table and the planners involved are not going in with any pre-determined solutions to figure out what the best way forward will be.

“As Gen. Haugh takes over that he’ll take this forward to a briefing with policymakers then, ultimately, the SECDEF and say, ‘Hey, this is how we think the Cyber Command of the future needs to be able rebuild today,’” Nakasone told reporters.

The post Holistic examination of the next iteration of US Cyber Command underway appeared first on DefenseScoop.

Hartman’s nomination for assignment to “a position of importance and responsibility” was posted to a congressional website May 30 with no fanfare and no description of his next job.

The news of the nomination was first reported by The Record.

If confirmed, Hartman would pin a third star and be the second in charge at the command, typically seen as the person running the day-to-day activities while the commander of Cybercom also serves as the director of the National Security Agency.

Hartman would take over for Lt. Gen. Timothy Haugh, who was nominated to succeed Gen. Paul Nakasone as commander of Cybercom.

In his role, one of Haugh’s main tasks was focused on developing and building out the Joint Cyber Warfighting Architecture (JCWA), Cybercom’s primary weapon system to conduct cyber operations that consists of an amalgam of platforms and capabilities.

Hartman currently commands the elite Cyber National Mission Force at Cybercom, which is made up of 39 joint teams and thought to have the Department of Defense’s most talented cyber operators at the cutting-edge of their profession. It is aligned in task forces organized against specific threat actors. They have been on the front lines of defending elections from foreign influence.

At the end of 2022, the CNMF was elevated to a sub-unified command under Cybercom, signifying its importance.

Given its prowess, commanding the CNMF has generally been thought to be a launching pad for promotion and higher commands. Prior commanders of the CNMF include Nakasone, Haugh and Vice Adm. Timothy White, who retired in 2020 as the commander of 10^th Fleet/Fleet Cyber Command.

Notably, Hartman has commanded the CNMF since August 2019. Predecessors dating back to Nakasone have only held this job for a maximum of two years.

In his time as the head of CNMF, Hartman has helped lead the so-called “hunt-forward” ops, which involve physically sending defensively oriented cyber protection teams from the CNMF to foreign countries to hunt for threats on their networks at the invitation of host nations. Officials say they are mutually beneficial because they help bolster the security of partner nations and provide Cybercom — and by extension, the United States — advance notice of adversary tactics, allowing the U.S. to harden systems at home against these observed threats.

While they started prior to his command, they ballooned under his leadership as he increased the capacity.

They have become a mainstay for the command, as they were enshrined in recently updated DOD Doctrine for cyber operations and featured as a part of one of four complementary lines of effort the updated DoD cyber strategy seeks to employ.

To date, Cybercom has conducted 70 of these operations in 22 nations on 50 different networks.

These initiatives also have played a significant role in a broader U.S. diplomatic effort within Cybercom’s operating concept of persistent engagement, which envisions challenging adversary activities daily and wherever they operate.

“There’s no accident that Gen. Hartman is visible on the ground and [in] Europe, visible as the commander of the Cyber National Mission Force meeting with and engaging with our partners and allies. That’s a very deliberate, diplomatic and informational use of a military commander and his formation to send a message that bolstered collaboration and to strengthen partnerships,” a former official told DefenseScoop.

Various U.S. diplomatic stations have tweeted out several photos of Hartman — dressed in a business suit, not wearing the typical combat uniform of a military officer — on the ground with leaders of foreign nations.

Moreover, the CNMF under Hartman picked up pilot efforts started before him and bolstered support for the private sector through several initiatives aimed at sharing indicators of compromise discovered in operations to improve the collective cybersecurity of the nation.

Jon Harper contributed to this story.

The post Cyber National Mission Force Commander Maj. Gen. William Hartman nominated as deputy at Cybercom appeared first on DefenseScoop.

The program, dubbed “Under Advisement,” involves members of the command’s elite cyber national mission force (CNMF) — which is responsible for tracking and disrupting specific nation-state adversaries — sitting in chat rooms and disclosing threats with the cybersecurity sector, officials have said.

These military personnel use their real names for the sake of transparency and actually talk to members of the private sector.

“They are technical experts that can actually talk to people. They sit in private chats, elite invite-only industry forums, all in full name and with full transparent attribution,” Maj. Gen. William Hartman, commander of the cyber national mission force, said Wednesday during a speech at the Vanderbilt University Summit on Modern Conflict and Emerging Threats. “If you see something in the news about a cyber incident, you can bet one of them got a call about 1am the night before and have been exchanging unclassified information with cybersecurity experts as rapidly as possible.”

These chats occur on Signal and other trusted cybersecurity forums, Holly Baroody, deputy to the commander of the cyber national mission force, said in an event hosted by AFCEA April 20.

“When I first arrived to CNMF, I said what can we share with them? A lot of what we do is classified. But it turns out, we can share a lot. We’re fighting the same bad actors that industry is fighting,” she said. “When we identify a foreign threat and we’re able to share that with industry, then they share information back, our cyber experts are able to enrich that data and feed it back into industry. This bi-directional sharing of threat information both enables our operations to go after those foreign cyber actors in foreign space and enables homeland network defense.”

Much of cyberspace and cybersecurity is a symbiotic relationship. Threats that affect one affect all, and many have referred to cyber as the ultimate team sport.

“If you have information about a threat to your network, it’s a threat to everyone’s network … If we share information with each other, we can reduce vulnerabilities and we can stop many attacks before they ever occur,” Hartman said. “Not only does it help [the Department of Defense] defend our networks, but enables industry partners where we’re able to enrich their data with our expertise and share information back with those partners who can see and do things on their platforms and in their networks that we can’t.”

As of press time, Cyber Command hadn’t responded to FedScoop about when the program began and why it was needed.

For many years following the creation of Cybercom, the DOD faced problems with how to use its new cyber force to protect the nation from the barrage of cyber intrusions and breaches that it faced.

Historically it was clear the Pentagon would defend against a missile strike on a U.S. entity, for example. However, given the pervasiveness of cyber activities throughout society and given that most networks are not owned by the government, the DoD’s role in protecting the nation from foreign cyberthreats was less clear.

Through streamlined authorities and new operating concepts, Cyber Command articulated an ability to operate outside the country to defeat adversary cyber advances before they reached U.S. soil.

“From an offensive standpoint, we take everything we learn about our adversaries and turn that into offensive action to actively pursue our adversaries in foreign cyberspace,” Baroody said. “We go after their infrastructure, we go after their capabilities. Frankly, we go after anything in their ecosystem that makes them effective at attacking the United States. We take actions to disrupt, degrade and deny their operations. This combined defensive and offensive approach imposes costs on our adversaries by taking time, money and resources away from them [and] making it harder for them to do their job.”

The cyber national mission force has disclosed over 90 malware samples of adversaries on public forums through so-called hunt-forward operations, which involve physically sending defensively-oriented cyber protection teams from the CNMF to foreign nations to hunt for threats on their networks at the invitation of host nations. Disclosing malware not only allows companies to patch against threats, but takes those tools away from adversaries.

The Under Advisement program is another example of Cyber Command using its unique abilities and expertise to lend a hand to efforts to bolster national security.

The post Cyber Command creates forum with industry to share threat information appeared first on DefenseScoop.