Editors note: This post is part of a series exploring the findings and recommendations of the U.S. Cyberspace Solarium Commission.
The Cyber Mission Force is the locus of the Department of Defenses efforts to counter, disrupt and impose costs for malicious adversary behavior in cyberspace. Three key changes enabled it, under Title 10 authorities, to conduct cyber effects operations more routinely outside of the Defense Departments information network and outside of a defined area of hostilities in support of campaign plans. The first was the debut of the 2018 Department of Defense Cyber Strategy, which introduced the strategic concept of defend forward. The second was the 2019 National Defense Authorization Act (NDAA), which defined cyberspace operations as a traditional military activity. The third was National Security Presidential Memorandum-13 (NSPM-13), which, as described by the Pentagons General Counsel in March 2020, allows for the delegation of well-defined authorities to the Secretary of Defense to conduct time-sensitive military operations in cyberspace. Together, these changes reflect a significant shift in strategic thinking from the 2015 Department of Defense Cyber Strategy, and from operational engagement limited to the kinetic battlefield, such as Joint Task Force ARES. However, while the Cyber Mission Forces operational goals have grown in scope and scale commensurate with the threat environment, its force size and structure have remained constant. Therefore, one of the Cyberspace Solarium Commissions key recommendations is to ensure the Cyber Mission Force achieves the appropriate resourcing, force size and capability mix.
Planning and conducting cyber operations and campaigns demands a significant investment in resources, human capital, access and tool development, and time. Yet, the core component of the cyber force across the joint services is essentially the size of one conventional army brigade. The Cyber Mission Force reached full operational capability in the spring of 2018; this includes 133 teams comprising a total of approximately 6,200 individuals. These teams are responsible for a plethora of diverse missions, including national mission teams that defend the nation by countering malicious adversary activity, combat mission teams that support the missions of the geographic combatant commands, cyber protection teams that defend the Defense Departments information network, and cyber support teams that conduct analysis in support of the national mission teams and combat mission teams.
However, full operating capability requirements were determined in 2013, well before the U.S. experienced or observed key events that subsequently shaped our understanding of the urgency and salience of the threat posed by malicious adversary behavior. Examples of such activity include Russia conducting cyberattacks against Ukraines power grid in 2015, as well as Russian cyber-enabled interference in the 2016 U.S. presidential elections. The full operating capability requirements were also determined prior to the development of the Defense Departments defend forward strategic concept, which broadened the scope of what it means for the Cyber Mission Force to defend the nation in cyberspace short of war.
This raises a number of critical questions. First, is the Cyber Mission Force appropriately sized and resourced given current and future mission requirements? The Cyber Mission Force is tasked with conducting a diverse set of missions, at scale, and must also have sufficient capacity to maintain steady-state operations while surging to respond to an emerging crisis.
Second, is the allocation of resources across teams within the Cyber Mission Force matched to the prioritization of threats? For example, if U.S. strategy identifies the most salient and significant threat to be malicious adversary behavior against the homeland below the threshold of armed attack, it follows that the national mission teams, which make up the Cyber Mission Force and are the operational arm of U.S. Cyber Command, should merit additional teams.
Finally, concurrent with an increase in the size of the Cyber Mission Force, how can the U.S. ensure that supporting entities, particularly the National Security Agency (NSA) in its combat support agency role, are also appropriately resourced? The NSA provides critical intelligence support to cyber operations conducted by Cyber Mission Force teams, particularly at the tactical and operational levels. As the Cyber Mission Forces operations and needs grow, intelligence collection demands corresponding resourcing.
There has been some progress in assessing Defense Department cyber personnel, structure and organizations, particularly in Sections 1652, 1655, and 1656 of the recently passed FY2020 NDAA. However, Congress must also ensure that the Cyber Mission Force, in particular, conducts a force structure assessment and troop-to-task analysis that takes into account the increasing scope and scale of Cyber Mission Force missions compared to previous fiscal years and projected into the future, as well as an assessment of resource requirements for the NSA in support of this aspect of its mission. This is why the commission recommends that Congress should request in the next Cyber Posture Review, and quadrennially thereafter, that the Defense Department provide an assessment of the requirements to grow the Cyber Mission Force, including projected force size and mixture necessary to sustain all Defense Department missions in cyberspace. The results of this assessment should drive resource allocation, force size and mix, and continued congressional oversight of these efforts.
Further, the threat environment and rapid pace of technological change in cyberspace demand speed and agility. These realities drove additional recommendations from the commission. Here, we highlight three in particular that, taken together, would enhance the flexibility of acquisitions and decision-making to enable adaptability, and rapid response and maneuver.
First, Congress should establish a major force program funding category for U.S. Cyber Command. Congress requires the Defense Department, according to 10 U.S.C. 221, as part of the Future Years Defense Program, to annually submit a budget that includes estimated expenditures and appropriations projected over a 5-year period. This program is currently organized into 12 different major force program funding categories that represent a total amount of dollars, manpower and forces appropriated for each category. A new major force program funding category for U.S. Cyber Command, similar to what currently exists for U.S. Special Operations Command, would provide U.S. Cyber Command with acquisition authorities over goods and services unique to the commands needs. It should also provide a process to expeditiously resolve combatant command/service funding disputes.
Second, Congress should request that the Defense Department provide in the next Cyber Posture Review an analysis of, and recommendations for, the conditions under which further delegation of cyber-related authorities is appropriate to U.S. Cyber Command, as well as to other Defense Department components, such as the NSA. The pace of cyberspace operations may require delegated authorities under certain conditions to pursue and deliver effects against adversary targets. This would, when appropriate, remove friction and support rapid response and maneuver. Importantly, this recommendation does not call for new authorities within the scope of Title 10. Rather, it is focused on the cyber-related authorities that already exist within the Defense Department but may be fragmented across different elements (for example, functional combatant commands, geographic combatant commands and the various services). Examples of these authorities include those that support planning and implementing offensive cyber operations, such as information operations-related authorities that include creating, procuring and deploying personas. Relevant authorities to review for delegation to the NSA should include those authorities that enable the agency to rapidly tip relevant foreign intelligence collection to private entities within the Defense Industrial Base and their service providers to support the latters own defensive operations.
Finally, as part of the next Cyber Posture Review, the Defense Department should produce a study that assesses and provides recommendations for amendments as necessary to the Standing Rules of Engagement and Standing Rules for Use of Force for U.S. forces. These rules have not been updated in more than a decade, despite major changes in technology and the strategic environment. The commission, in particular, recommends assessing how these rules apply to activities in cyberspace below the level of war or armed conflict, and how unique aspects of cyberspace (for example, the absence of high seas and the definition of territory) affect their current application. Importantly, this recommendation should not be construed as necessarily calling for a loosening of the rules under all conditions. Rather, updating and clarifying how these apply in cyberspace where U.S. forces are already operating in day-to-day competition is as important for risk mitigation as for reducing operational friction.
Taken together, these recommendations will empower the Cyber Mission Force and U.S. Cyber Command to plan for cyber operations above the level of armed conflict as well as to rapidly maneuver against and engage adversaries below it.
- Edward Snowden will not be pardoned in his lifetime, says author of new book on the NSA whistleblower - Yahoo News - May 22nd, 2020
- Someone is trying to catfish women by pretending to be Paul Nakasone - CyberScoop - May 22nd, 2020
- Myanmar hands over 22 Northeast insurgents to India, operation monitored by NSA Ajit Doval - ThePrint - May 22nd, 2020
- Coronavirus: Sports associations in Singapore stretched but strive to keep staff, salaries intact - The Straits Times - May 22nd, 2020
- Post-Covid, nations will look inwards; India should look at neighbourhood: Ex-NSA - Observer Research Foundation - May 22nd, 2020
- Journalist Who Helped Break Snowden's Story Reflects On His High-Stakes Reporting - WFDD - May 22nd, 2020
- National Security Agency - Wikipedia - May 15th, 2020
- Q&A: What is 'unmasking'? - The Southern - May 15th, 2020
- National Intelligence Report Shows The FBI Never Gets Warrants For Its Backdoor Searches Of NSA Collections - Techdirt - May 15th, 2020
- The NSA has Values and Baby Monitors Go Hi-Tech - CTech - May 15th, 2020
- NSA Ajit Doval packs in 3 blunt messages to Pak in daily PoK weather forecast - Hindustan Times - May 15th, 2020
- NSA welcomes start of trade talks with the US - Darlington and Stockton Times - May 15th, 2020
- Blame NSA for May 9 Disaster - Referee Wilson Sey, man in centre of the fateful game - GhanaWeb - May 15th, 2020
- A discovered malware sample uses code from the NSA and a Chinese hacking group - CyberScoop - May 9th, 2020
- FISA Surveillance and Possible Reforms Are Back on the Senate's Agenda - Reason - May 9th, 2020
- Little League, city softball, others still in holding pattern - Midland Daily News - May 9th, 2020
- Covid-19 different from Tiananmen, China wont be able to tide over crisis: Ex-NSA Menon - ThePrint - May 9th, 2020
- Dismay, confusion over St. Paul Park charter school's impending closure - Bring Me The News - May 9th, 2020
- Operation Jackboot: NSA Ajit Dovals brainchild that eliminated Hizbul Mujahideen chief Riyaz Naikoo - Times Now - May 9th, 2020
- Redmi K30 5G Extreme Edition with 48MP main camera to arrive on May 11 - Gizchina.com - May 9th, 2020
- The FBI Set Flynn Up to Preserve the TrumpRussia Probe - National Review - May 5th, 2020
- Keysight First to Gain Approval from 3GPP for 5G New Radio Protocol Test Cases that Support Carrier Aggregation - EE Journal - May 5th, 2020
- Liberia: Chief Medical Officer Confirms the Investigation of Lab Technicians over 'Leaked' COVID-19 Results - Front Page Africa - May 5th, 2020
- The reach of cyberattacks related to Covid-19 - Politico - April 26th, 2020
- Odisha to invoke NSA for attacks against doctors and healthcare personnel - Economic Times - April 26th, 2020
- NSA Web Shell Advisory and Mitigation Tools Published on GitHub - Computer Business Review - April 26th, 2020
- Six test corona positive in MP after visiting hair-cutting salon that served COVID-19 patient earlier - The New Indian Express - April 26th, 2020
- Washington fights to stay in Syria game from isolated base - The Arab Weekly - April 26th, 2020
- The Reverend John J. Morris, Served 27 Years At OLL - My veronanj - April 26th, 2020
- How a girl grasped the Holy Grail of encryption and changed the paradigm for safely sharing data - SiliconANGLE - April 14th, 2020
- Weird Hours, Contractor Concerns: How the Intelligence Community Is Grappling with Coronavirus - Defense One - April 14th, 2020
- How the National Sheriffs' Association is working to assist agencies in the COVID-19 crisis - Police News - April 14th, 2020
- Walkers asked to heed rules - Craven Herald - April 14th, 2020
- Use of Zoom app with security weaknesses cause of concern - indica News - April 14th, 2020
- All you need to know about the all-new OnePlus 8 Series - TechPP - April 14th, 2020
- What is the National Security Act, (NSA),1980 and when is it imposed? - Jagran Josh - April 11th, 2020
- February construction unemployment rates down in 37 states year over year - AZ Big Media - April 11th, 2020
- NSA Sheep Event and NSA Scotsheep 2020 postponed - Agriland.co.uk - April 9th, 2020
- National Storage Affiliates Announces Internalization of Its Largest PRO and Appointment of David Cramer as Its Chief Operating Officer - Business... - April 2nd, 2020
- NSA Ajit Doval met Nizamuddin event organisers, convinced them about threat it poses - MyNation - April 2nd, 2020
- TikTok popularity irrefutably correlated with US unemployment claims - The Tech - April 2nd, 2020
- 4 candidates vie to be militarys next spy chief - POLITICO - April 2nd, 2020
- Ex-NSA hacker finds new Zoom flaws to takeover Macs all over again, together with webcam, mic, and root obtain - Mash Viral - April 2nd, 2020
- Heres How The National Security Agency Will Protect Itself During A Pandemic - BuzzFeed News - March 16th, 2020
- National Storage Affiliates Trust (NSA) distance from 20-day Simple moving Average is -15.14% : What to Expect? - The InvestChronicle - March 16th, 2020
- Even With Corona Virus, the Show Must Go On - Wheeling Intelligencer - March 16th, 2020
- Over Objections From Privacy Advocates, Tame Surveillance Bill Sails Through the House - Reason - March 16th, 2020
- Ensuring the Cybersecurity and Resilience of the Defense Industrial Base - Lawfare - March 16th, 2020
- Four priorities of the education agenda - The Daily Star - March 16th, 2020
- Is an *NSYNC Reunion Any Closer to Reality? Weve Been Talking, Says Lance Bass - Variety - March 16th, 2020
- NSA Offers Suggestions on Restructuring the IRS - CPAPracticeAdvisor.com - February 24th, 2020
- NSA whistleblower petitions Trump for clemency | TheHill - The Hill - February 24th, 2020
- Advice crucial, but not the only source of truth: NSA - Professional Planner - February 24th, 2020
- Dont distract COAS, Buratai over Buharis NSA/Chief of Staff face-off, former CP cautions - Vanguard - February 24th, 2020
- PSA to honor ABAP as NSA of the Year - ABS-CBN Sports - February 24th, 2020
- Congress set for clash over surveillance reforms | TheHill - The Hill - February 24th, 2020
- Ivanka Trump, Jared Kushner and NSA among Trump`s high-level delegation to India - WION - February 24th, 2020
- Statement on the Firing of Oakland Police Chief Kirkpatrick - SF Bay Area Indymedia - February 24th, 2020
- National Storage Affiliates Trust (NSA) overbought Stock to Bite? We have reviewed it - News Welcome - February 12th, 2020
- Unclear NSA CIO Role Puts the Agency's IT at Risk, IG Says - Nextgov - January 30th, 2020
- Remember the Clipper chip? NSA's botched backdoor-for-Feds from 1993 still influences today's encryption debates - The Register - January 30th, 2020
- What we discussed with Buhari at security meeting NSA - The News - January 30th, 2020
- Powerful lawmakers join effort to kill surveillance program protected by Trump administration - POLITICO - January 30th, 2020
- Edward Snowden warns that Assange and Greenwald prosecutions mark new stage in assault on press freedom - World Socialist Web Site - January 30th, 2020
- Home Prices Rose in All 20 Metro Areas Reported by S&P - Professional Builder - January 30th, 2020
- Sheep farmers invited to the NI NSA AGM - Farming Life - January 30th, 2020
- Explaining why Reality Winner is still in prison with Kerry Howley: podcast and transcript - NBC News - January 30th, 2020
- New Maryland Bill Will Make Possession of Ransomware Illegal - CryptoVibes - January 30th, 2020
- Microsoft patches Windows 10 after NSA finds vulnerability - January 19th, 2020
- NSA goes public with Windows security vulnerability - Technical.ly DC - January 19th, 2020
- NSA tips off Microsoft to security flaw | TheHill - The Hill - January 19th, 2020
- Edward Snowden - Wikipedia - January 16th, 2020
- The Decade We Learned Theres No Such Thing as Privacy Online - VICE - January 5th, 2020
- NSA O'Brien on North Korea: 'We Have a Lot of Tools in Our Toolkit' - MRCTV - January 5th, 2020
- McKean County man serves and protects as a dog handler in the U.S. Navy - Olean Times Herald - January 5th, 2020
- On CAA and Article 370, former NSA Shivshankar Menon warns India of international isolation - Scroll.in - January 5th, 2020
- NSA 'cautious' response to UK farm funding - The Scottish Farmer - January 5th, 2020
- Jewel v. NSA: On to the Ninth Circuit: 2019 Year in Review - EFF - December 28th, 2019
- Popular messaging app is UAE spy tool, developed by firm employing ex-NSA and Israeli intel officers - Haaretz - December 28th, 2019
- No Surprise: Judge Says US Government Can Take The Proceeds From Snowden's Book - Techdirt - December 28th, 2019