24 April 2024

Cybercom looking to speed up capability development for digital warriors

MARK POMERLEAU

One of the biggest priorities for the new commander of U.S. Cyber Command is developing new capabilities faster.

“The area that we need to be able to accelerate is capability development and how we use our budget control and our authorities to generate an acquisition. We should be able to develop things faster than anybody else in the [Defense] Department,” Gen. Timothy Haugh told the House Armed Services Subcommittee on Cyber, Innovative Technologies, and Information Systems during a hearing on Wednesday.

Cybercom has finally received greater control over its budget and capabilities with the passage of the fiscal 2024 appropriations bill at the end of March. That enabled changes, years in the making, to advance the command’s acquisition authority, among others, and begin to provide the organization unique service-like authorities that had previously only been bestowed upon one other U.S. military combatant command — Special Operations Command.

So-called enhanced budget authority means Cybercom will be in direct control and management of planning, programming, budgeting and execution of the resources to maintain the cyber mission force.

Given Cybercom deals primarily in the software realm, it is trying push the boundaries of the traditional acquisition and fielding cycle that is very hardware- and platform-centric and often takes many years from inception to building and delivering.

“The only thing we’re developing is code. How do we do that faster? How do we get it in the hands of our cyber mission force faster?” Haugh told lawmakers.

To date, each of the military services are responsible for building major acquisition programs as executive agents on behalf of Cybercom. But as the organization has matured over time, that model might not be the most effective anymore.

“We’ll drive the requirement, we’ll drive the overall acquisition oversight and the dollars, but we will also partner with the services. It’ll just look different. Whereas before the services were doing that in support of their own forces they presented, which was very disconnected from operations,” Haugh said regarding the new oversight of requirements as part of the enhanced budget authority. “We’re now going to be able to drive that, and we’ve got good service partnerships with their program offices and with their acquisition force. We need to be able to move faster and be able to recast those relationships that are more responsive.”

As Cybercom is looking to evolve as an organization, it is reevaluating all of its relationships with the services and how it goes about its business to enable the faster adoption of capabilities in the software world.

“We also are evaluating our overall architecture and our acquisition. Inside that is how can we use our service like authorities to be more aggressive in the capabilities we have,” Haugh told the Senate Armed Services Committee during a separate hearing Wednesday. “When I first took over command, I met with each of the program offices that are providing capability of U.S. Cyber Command. I saw each of them as really having an agile opportunity because we deal in software. We are not building large iron, we’re building code. We have the right program office structure to move faster. We now needed the resources to do it. You’ve given us the enhanced budget control and we have to combine it with that acquisition authority.”

Part of this evolution is maturing the Joint Cyber Warfighting Architecture (JCWA), first envisioned in 2019 as a way of getting a better handle on the capabilities, platforms and programs the command is designing and an integrated system of systems for the department to conduct military cyber operations.

When Cybercom was first created, it relied heavily on intelligence community personnel, infrastructure platforms and tradecraft to build its enterprise. But just like the Army needs tanks and the Air Force needs planes to conduct missions, cyber troops need their own military-specific cyber platforms separate from the National Security Agency, which collects foreign intelligence.

JCWA is now thought of as a singular platform to conduct military cyber ops. Officials have made integration of the disparate capabilities and systems within the architecture a key goal for 2024.

The majority of these programs being managed by the services right now are utilizing the software acquisition pathway and a continuous integration and continuous delivery approach.

“Agile acquisition is crucial to creating advantage for our commanders, component elements, and operators. The most important effort in this regard is our Joint Cyber Warfighting Architecture,” Haugh told lawmakers in written testimony this week. “In 2024, the Command will partner with the Services and DARPA (among others) to ensure our acquisition strategies can achieve agility, scale, and precision at cyber-relevant speed.”

Haugh also provided that the command received systems engineering and integration authority from the Office of the Under Secretary of Defense for Acquisition and Sustainment for JCWA, which will allow Cybercom to define interoperability standards between the subcomponents of JCWA that are managed by the services.

The A&S directorate is also working with the command to establish a program executive office for JCWA and provide milestone decision authority and other decision authority as that PEO grows in size and capability, Haugh stated.

Congress has mandated Cybercom establish a PEO by 2027. Since gaining enhanced budget authority, officials in the past have noted that in the short term, not much will change. The services will still build major capabilities for the command, though now Cybercom will reimburse the services as opposed to the services footing the bill. As the command grows its acquisition team and establishes its program executive office, it will be looking for help from the services and others in the department on how best to structure itself.

No comments: