Beyond the Build How the Component Commands Support the U.S

Home , Cyber force

U.S. Navy’s fourth Mobile User Objective System communications satellite will bring advanced, new global communications capabilities to mobile military forces (Courtesy United Launch Alliance/U.S. Navy)

Beyond the Build How the Component Commands Support the U.S. Cyber Command Vision

Compiled by the U.S. Cyber Command Combined Action Group

etworked technology is trans- went largely unrecognized. Today, works as a subordinate, unified com- forming society. That transfor- cyberspace ranks as its own warfighting mand under U.S. Strategic Command N mation has come with signifi- domain—one that intersects the four (USSTRATCOM) to conduct the cant change to war and the military natural domains. full scope of cyberspace operations. art. Until recently, cyber considerations Cyberspace operations demand un- These have three distinct mission areas: rarely extended beyond the comput- precedented degrees of collaboration, to secure, operate, and defend the ers and cables that supported kinetic which the U.S. Government must ap- Department of Defense Information warfighting functions. The natural proach holistically—leveraging resources Network (DODIN); to provide combat- domains—land, sea, air, and space— and expertise from industry, academia, ant command support; and to defend dominated the planning and conduct of and state/local governments, as well the nation against strategic cyber attack. operations, while the risks entailed in as allied and coalition partners. U.S. USCYBERCOM is building the cyber- using cyberspace for military purposes Cyber Command (USCYBERCOM) space operations force of tomorrow, and

86 Commentary / Beyond the Build JFQ 80, 1st Quarter 2016 looking beyond that build to how the Motivated by Mission operate Navy spacecraft, oversee infor- command will operate with mission part- Each of the Service components con- mation operations, coordinate Navy ners in this dynamic and contested space. tributes to USCYBERCOM missions by electronic warfare, and plan and direct USCYBERCOM and its components providing an array of cyber forces and operations under USCYBERCOM. act to help the joint force operate globally capabilities in order to defend DOD The Coast Guard focuses on three with speed, flexibility, and persistence. Information Networks, bolster the strategic priorities in the cyber domain: USCYBERCOM headquarters focuses capabilities of combatant commands, defending cyberspace, enabling op- on defining and achieving strategic objec- and strengthen our nation’s ability erations, and protecting infrastructure. tives and has delegated operational-level to withstand and respond to cyber CGCYBER ensures the security and cyber mission areas to three types of attacks of significant consequence. Each resiliency of Coast Guard information headquarters. The first of these is the component also fulfills Service-specific technology systems and networks to Cyber National Mission Force (CNMF), requirements in cyberspace, which are ensure the full scope of Coast Guard ca- which defends the United States and correlated with and unique to the indi- pabilities. Maritime critical infrastructure its interests against strategic cyber at- vidual Service’s role in the domain of and the Maritime Transportation System tacks. The second type of headquarters land, sea, air, or space. (MTS) are vital to our economy, national comprises four distinct joint force head- ARCYBER’s three priorities are to security, and national defense. The quarters (JFHQs) in addition to Coast operationalize cyberspace operations to MTS includes ocean carriers, coastwise Guard Cyber Command (CGCYBER) support combatant and Army commands shipping along our shores, the Western to support the geographic and functional at echelon; pursue a more defensible rivers and Great Lakes, and the Nation’s combatant commands across the globe. network; and organize, man, train, and ports and terminals. Cyber systems not The standup of a JFHQ-Cyber by each equip ready cyber forces. These priorities only enable the MTS to operate with of the USCYBERCOM Service cyber strengthen both joint and Army cyber unprecedented speed and efficiency, components—Army Cyber Command capabilities, enable ground forces to but also create potential vulnerabilities. (ARCYBER), Fleet Cyber Command continue their dominance in the land This technology is inextricably linked (FLTCYBER), Marine Corps Cyberspace domain, and support the Army’s top goal with all aspects of Coast Guard opera- Command (MARFORCYBER), and of readiness to fulfill its primary mission tions. As the maritime transportation Air Forces Cyber (AFCYBER)—con- to win in ground combat. ARCYBER Sector Specific Agency (as defined by the stitutes a vital first step to integrating supports Army tactical forces and has National Infrastructure Protection Plan), cyberspace operations to deliver effects made delivering cyberspace operations the Coast Guard provides the unity of ef- in support of combatant commanders. capabilities to Army corps and below fort required to protect maritime critical The third type of JFHQs and newest a major focus. The integration of net- infrastructure from attacks, accidents, and of USCYBERCOM’s operational com- works, systems, and data has delivered disasters. mands, JFHQ-DODIN, provides unity unprecedented awareness and warfight- Along similar lines, MARFORCYBER of command and unity of effort to secure, ing capability to the tactical edge—to the is shaping the tools, doctrine, processes, operate, and defend the DODIN. point that it is now a dependency, which and capabilities to ensure Marine cyber Each of these components and its by extension makes it a vulnerability that mission teams provide effective support respective joint force headquarters have a must be protected. to USCYBERCOM and the joint force, vital role to play as we finish building the FLTCYBER’s missions align to while also ensuring Marine Air Ground Cyber Mission Force (CMF) and work those of USCYBERCOM. They are to Task Forces (MAGTFs) achieve victory together to bring the USCYBERCOM operate Navy networks as a warfighting on the modern battlefield. AFCYBER’s Vision to fruition. The main elements of platform, produce signals intelligence, mission statement—“Fly, Fight and Win this vision serve to organize and guide deliver warfighting effects through cy- In, Through, and From Cyberspace”— their efforts (see the interview with berspace, create shared cyber situational captures a breadth of responsibilities to Admiral Michael S. Rogers, USN, in this awareness, and establish and mature the include extending cyber capabilities to edition of Joint Force Quarterly). JFQ Navy’s cyber mission forces. FLTCYBER the tactical edge of the battlefield. asked each of the component commands conducts operations in and through cy- Each Service, as part of the broader to summarize its efforts on behalf of the berspace, the electromagnetic spectrum, joint force team, is responsible for pro- collective enterprise toward implement- and space to ensure Navy and joint free- tecting its Service-specific cyber network ing the vision. This article represents a dom of action and decision superiority (for example, LandWarNet, AFNET, compendium of these contributions, while denying the same to the adversary. Marine Corps Enterprise Network, Navy organized around the main elements of Achieving this requires FLTCYBER to Marine Corps Intranet) to ensure its the vision’s intent. operate and defend the Navy’s networks ability to detect, mitigate, and defeat and shore-to-ship communications in- advanced persistent threats capable of cluding Nuclear Command and Control compromising the network and DODIN Communications (NC3), plan for and itself. The scale of this mission cannot

JFQ 80, 1st Quarter 2016 U.S. Cyber Command Combined Action Group 87 U.S. Army Chief of Staff General Mark Milley watches officers from Army Cyber Institute demonstrate Cyber Capability Rifle during 2015 Association of the U.S. Army annual meeting, Washington, DC (U.S. Army/Chuck Burden) be overstated. The Navy Marine Corps the unity of effort for the operation and operating across the spectrum of conflict Intranet, for instance, consists of more defense of the entire DOD information in cyberspace, with appreciation for the than 500,000 end user devices, approxi- environment. effects that cyberspace operations have on mately 75,000 networked devices, and With its standup in 2010, the physical warfighting domains. nearly 45,000 applications and systems USCYBERCOM rapidly focused on The CNMF is a joint force of military across three security enclaves. providing mission assurance for the and civilian members from the Army, Each Service cyber component DOD information network, deterring or Marine Corps, Navy, Air Force, Coast focuses on configuring and operating defeating strategic threats to U.S. inter- Guard, and Intelligence Community. It layered defense-in-depth capabilities to ests and infrastructure, and supporting will comprise 39 teams and nearly 2,000 prevent malicious actors from gaining joint force commander objectives. While personnel spread over four locations. The access to Service-specific networks. This responding to evolving threats, a new force consists of three types of maneuver is an enterprise-wide effort in which the need surfaced for an agile force ready to elements, each with a unique and speci- components work in collaboration with engage adversaries in the tactical cyber fied mission. National Cyber Protection their parent Services, USCYBERCOM, fight when directed by the President. Teams (NCPTs) are defensive elements JFHQ-DODIN, the Defense This force gathered talent from across working within DOD networks and, Information Systems Agency (DISA), and the DOD and Intelligence Community when authorized, outside DOD networks, the National Security Agency (NSA). The to build teams with the capabilities and identifying and mitigating vulnerabilities, Service cyber components function at understanding needed to collaborate with assessing threat presence and activities, the operational and tactical levels of this foreign and domestic partners engaged in and responding to adversary actions. domain and rely on JFHQ-DODIN to the same mission. Since 2013, the Cyber National Mission Teams are maneuver ensure lateral coordination, information- National Mission Force has developed elements conducting on-network opera- sharing, and synchronization—ensuring into a highly proficient and agile force tions in neutral and adversary territory,

88 Commentary / Beyond the Build JFQ 80, 1st Quarter 2016 looking for indications and warning of ad- Dominance Forces man, train, and equip significant consequence. Headquartered versary cyber activities, and enabling cyber forces; Space and Naval Warfare Systems at Fort Meade, Maryland, it has forces effects when authorized and directed. Command, as the technical authority, in Georgia, Texas, and Hawaii, and en- National Support Teams are analytic ele- delivers and sustains capabilities and gages with partners around the world. It ments providing planning, development, systems. FLTCYBER’s operational synchronizes efforts across disparate time and technical support to National CPTs partners execute the Navy’s mission every zones and optimizes the balance between and Mission Teams. The creation of teams day to reduce the network attack surface, on-site and remote operations to achieve with distinct, mutually reinforcing mis- educate both commanders and users, lasting effects. The success of the CNMF sions presents commanders with forces modernize unsupported systems, improve mission relies on establishing and nurtur- capable of confronting and defeating a patch maintenance and configuration ing partnerships, including relationships growing and creative series of threats. control, inspect compliance, and reduce with the NSA, DOD, and Intelligence our collective risk. Community, to widen its awareness and Powered Through Partnerships The Coast Guard has a unique set of capacity to deliver effects. The CNMF Cyberspace is the quintessential col- authorities to conduct cyber operations is strengthening partnerships with DHS laborative environment where teaming in support of its missions. It works with and FBI to enable future operational with partners inside and outside govern- partners across the Federal Government; success and expanding its partnerships to ment will determine how successful we in foreign governments; at the state, include other Federal agencies, industry, are in defending the nation. Adversaries’ local, tribal, and territorial levels; and academia, and the international sphere. targeting of both public and private in the private sector. At the Federal The cyberspace domain is primarily sectors underlines the necessity of build- level, the Coast Guard aligns capabili- owned and operated by private industry ing strong partnerships. ties and coordinates operations with the and thus the ability to collaborate with The Army’s cyber community Department of Homeland Security industry partners benefits the Nation’s cy- includes a triad of three critical part- (DHS) and works with the Federal bersecurity posture. The Army has hosted ners—ARCYBER, the new Cyber Center Bureau of Investigation (FBI), the NSA, multiple industry events including a Joint of Excellence (CCOE), and the Army USCYBERCOM, and other departments Service Academy Cyber Summit with Cyber Institute (ACI)—that collaborates and agencies. The Coast Guard trains its C-suite executives from industry and a to advance the state of the art in cyber operational personnel to the applicable twice a year Cyber Talks event held at the operations and work with the larger standards of all partners, and where ap- National Defense University that convenes Army to share cyber-related advances. propriate, integrates its cyber personnel innovators from industry and inside DOD The CCOE, located at Fort Gordon, into partner agencies to enhance coor- to share ideas. FLTCYBER leverages in- Georgia, is ARCYBER’s institutional dination. The Coast Guard also fosters dustry leaders to help defend the network. cyber component and is developing its relations with private sector members Experts from the Navy have worked with structure, curriculum, and methods of the Marine Transportation System to industry to use data analytics and create to meet future challenges and mission better understand its vulnerabilities and new techniques that better detect mali- requirements. The ACI, located at West support their cybersecurity efforts. cious activity. In the past, FLTCYBER Point, is the primary cyber innovation For AFCYBER, 25th Air Force (25 has also teamed with industry to conduct agent and bridge builder, responsible AF) continues to be a critical strategic defensive cyber operations on Navy for developing partnerships between partner across all missions because suc- networks. In addition to daily interac- the Army, academia, government, and cess in today’s cyberspace operations tion with industry partners, AFCYBER industry, while providing insight into hinges on the effectiveness of cyber intel- has developed Cooperative Research and future cyber challenges through inter- ligence, surveillance, and reconnaissance Development agreements with cyberse- disciplinary analysis on strategic cyber (ISR) to meet warfighter requirements. curity, telecommunications, and cleared initiatives and programs. ARCYBER, AFCYBER and 25 AF have partnered defense contractors (comprising at least 28 CCOE, and ACI work together to de- on the Cyber–ISR–Electronic Warfare industry partners) to collaborate on inno- velop high-payoff external partnerships Mission Integration Team initiative aimed vative technologies and concepts, advance across the interagency community, U.S. at leveraging their respective unique the science and technology of cyberspace Government, and national and interna- capabilities to develop and field innova- operations, and exchange best practices. tional cyber communities of interest. tive, multidomain solutions in support of JFHQ-DODIN continues to partner with FLTCYBER, as the Navy’s combatant and air component command- industry to include exploring cooperative warfighting fleet in cyberspace, maintains ers’ urgent needs. research and development efforts and partnerships to leverage their strengths The CNMF plans, directs, and academic outreach. Additionally, it lever- and maintain focus on the missions. The synchronizes full-spectrum cyberspace ages DISA’s long-established industry, Deputy Chief of Naval Operations for operations to be prepared to defend the academia, and research and development Information Dominance prioritizes and U.S. homeland and vital interests from efforts to improve its approach for shaping allocates resources; Navy Information disruptive or destructive cyber attacks of DODIN operations and defense.

JFQ 80, 1st Quarter 2016 U.S. Cyber Command Combined Action Group 89 Local partnerships also exist. The of officers and enlisted personnel. These maneuver, protection, and sustainment. Army has a relationship with Augusta, programs include electrical and computer Understanding that the “cyber platform” Georgia, and is building strong ties in engineering, computer science, cyber extends beyond traditional IT and busi- Atlanta to create a public-private “center systems operations, applied mathematics, ness systems, the Navy is extending its of gravity” in support of cyberspace operations analysis, and defense analysis. cybersecurity apparatus to all networked operations, workforce development, and The Naval War College, which hosts a capabilities including warfighting control technical innovation. AFCYBER has Center for Cyber Conflict Studies, is and combat systems, combat support, a long-standing relationship with San incorporating cyber into its strategic and and other information systems while Antonio, Texas (referred to as “Cyber operational level of war courses at both strengthening authority and account- City USA”), which includes civic-leader intermediate and senior graduate course ability. Task Force Cyber Awakening engagements to swap lessons related to levels, and has emphasized cyber in its (TFCA) was established to improve the cybersecurity and support programs to wargaming role. FLTCYBER partners Navy’s cybersecurity posture based on engage young students. The Air Force with the U.S. Naval Academy’s Center procedures devised for Operation Rolling Association’s “CyberPatriot” STEM for Cyber Security Studies, as well as of- Tide, the response to incidents involving (science, technology, enginneering, and fering summer training opportunities to the Navy Marine Corps Intranet in 2013. mathematics) initiative sees Airmen men- Academy and Reserve Officer Training The Navy realized it needed the ability to tor cyber teams as part of a nationwide Course (ROTC) Midshipmen. The Navy “maneuver” the network during cyber in- competition involving over 12,000 pri- is also working with the Johns Hopkins cidents. TFCA addresses organizational, mary and secondary school students. Applied Physics Laboratory, Carnegie financial, cultural, workforce, and techni- Each of the Service components Mellon, Penn State, University of Texas, cal issues. It includes development of a has ties to academia. CGCYBER is MIT Lincoln Laboratory, and University cyber resiliency plan—the CYBERSAFE leveraging its relationship with the U.S. of Hawaii. In addition, FLTCYBER program—that focuses on assuring the Coast Guard Academy and industry to has partnered with the University of survivability of critical capabilities. capitalize on its knowledge of trends in Maryland, Baltimore Campus, to offer in- The Army Chief of Staff challenged cyberspace. MARFORCYBER is leverag- ternships for recruiting skilled civilian and ARCYBER to demonstrate tactical cyber ing partnerships with The Johns Hopkins military cyber workforce professionals. integration at Brigade Combat Team– University, Carnegie Mellon University, level home-station training and at the and Naval Postgraduate School (NPS) to Oriented Toward Outcomes Combat Training Centers. Lessons from build knowledge, skills, and experience The Commander’s Vision for these pilots are informing the Army’s em- in a continuous cycle of professional de- USCYBERCOM and its operational ployment and integration of cyberspace velopment. ARCYBER has championed components calls for integrating cyber capabilities and the convergence of infor- scholarships and collaborative research into new ways of defending, fighting, mation operations and electronic warfare. with top-tier academic institutions and partnering. To execute their mis- The Army will use exercises to inform the such as The Johns Hopkins University, sions, USCYBERCOM and its compo- concepts, organizations, and capabilities University of Maryland, Carnegie Mellon nents must turn strategy and plans into needed to support ground forces. These University, Virginia Tech, and Georgia operational outcomes. This requires experimental efforts are helping to cre- Tech. AFCYBER leverages expertise from commitment to an operational mindset ate a cultural shift in which innovators, the Air Force Research Laboratory, MIT whereby networks and cyber capabilities experimenters, and creative thinkers are Lincoln Laboratory, MITRE, Air Force are not administered but rather led by valued despite drawdowns and resource Institute of Technology, National Air and commanders who understand they are constraints. These efforts also teach op- Space Intelligence Center, Air University, always in real or imminent contact with erational forces how to integrate cyber/ and the U.S. Air Force Academy, as well adversaries. electronic warfare capabilities into their as academia and industry to meet grow- More than 5 years ago, the Navy traditional missions, how to defend their ing joint warfighter needs. created a fundamental shift from networks, and how to operate under de- FLTCYBER is well integrated into “Information in Warfare to Information graded network conditions. academia, in particular NPS, where the as Warfare,” and has assimilated this op- In the same manner with which FLTCYBER commander serves as the erational mindset. The Navy recognizes the Marines employ combined sponsor for the computer science, cyber that freedom of action in cyberspace is arms to conduct maneuver warfare, systems and operations, and master of essential to maritime operations. From MARFORCYBER is integrating and science in applied cyber operations cur- satellites orbiting above the Earth to synchronizing the employment of offen- ricula. These programs deliver graduates the “Silent Service” below the seas— sive and defensive cyberspace capabilities who meet the evolving operational needs and everything in between—the Navy to protect Marine Corps networks. of the Navy and other Services. NPS depends on cyberspace for assured Operating and defending these networks offers outstanding graduate degree pro- command and control, integrated fires, are as critical to the Corps as securing grams that contribute to the development battlespace awareness/intelligence, command posts and combat operations

90 Commentary / Beyond the Build JFQ 80, 1st Quarter 2016 centers. In January 2015, then-Comman- dant Joseph Dunford directed integration of cyberspace operations using warfighting principles to increase the MAGTF capacity and capability to operate in and exploit the cyberspace domain. To achieve this end, MARFORCYBER has begun to unify its networks, adapt its manpower model to serve the unique requirements of the cyber domain, define standards for a sustainable cyber readiness posture, and reduce acquisition times to better equip forces with the tools they need to outpace the adversary. AFCYBER’s overhauled command and control structure has been at the center of transforming what was previously a reactive, maintenance-based planning approach to a more operationally focused strategy, plans, and execution process. Built around the joint planning process and modeled after an air operations center organization, Air Forces Cyber now produces daily cyber tasking orders that direct units in the field that perform the full spectrum of cyber operations. These operations include over 50 defensive cyber missions per day to defend key cyber terrain in support of combatant and air component commanders. To maximize the combat capabilities of its existing cyberspace operations forces, AFCYBER established a new force-employment strategy by des- ignating cyber “force packages” and synchronizing them in “vulnerability U.S. Navy’s fourth Mobile User Objective System communications satellite, encapsulated in 5-meter windows.” Like joint force employ- payload fairing, lifts off from Space Launch Complex-41, September 2, 2015 (Courtesy United Launch ment in traditional combat operations, Alliance/U.S. Navy) these concepts allow the decomposi- tion of existing and emerging cyber world. Realizing the need to operational- live-training environment. These simula- capabilities into smaller, more flexible, ize training, AFCYBER also mirrored tions are accelerating the development and consistent units of employment. cyber operations training based on les- and fielding of new tactics, techniques, The result has been simultaneous versus sons shared by its counterparts in air and procedures, and complement ef- serial actions, compressed execution and space operations and leveraged the forts to integrate cyber effects with both timelines, and less capability “left on the mission qualifications process to ensure kinetic and nonkinetic operations across ramp.” Two years ago, AFCYBER was cyberspace operators meet mission-ready multiple warfighting domains. able to conduct a few named operations qualification standards. The CNMF operates at the tip of the simultaneously in defense of AFNET Cyberspace operators from cyber spear, turning USCYBERCOM and key cyber terrain. Today, the same across all the Services participate in operational imperatives into executable teams are executing more than 15 named USCYBERCOM events such as CYBER actions. CNMF teams work together cyberspace defensive operations at once FLAG, in addition to Service-specific to achieve lasting effects on the enemy: across the AFNET, as well as providing exercises such as the Air Force Warfare offense informs defense, defense enables direct support across the full spectrum of Center’s RED FLAG, to hone skills offense. As such, the CNMF is poised cyberspace operations to combatant and through real-world, force-on-force exer- to deliver a wide range of response op- air component commanders around the cises that integrate cyber capabilities in a tions tailored to specific cyber actors and

JFQ 80, 1st Quarter 2016 U.S. Cyber Command Combined Action Group 91 scenarios. It provides opportunities for its flow of fresh talent. The Cyber Center of are exposing the next generation of in- people to grow as members of an opera- Excellence created the first-ever Cyber novative leaders to technical, policy, and tional force and empowers them as leaders Basic Officer Leader Course less than 10 operational concepts to prepare them who understand technical solutions and months after the branch was formed. for cyberspace operations. AFCYBER inherent risks while being able to commu- The Navy is on course to have leverages traditional Reservists, Air nicate with nontechnical senior military personnel assigned for all 40 Navy- Reserve Technicians, and Air National and policy leaders. Developing leaders sourced CMF teams in 2016 with full Guardsmen across the command to meet capable of directing cyber operations operational capability in the following its warfighting commitments. These integrates cyber as a tool in the greater year. Additionally, by 2018, 298 cyber Total Force members meet the same mission to protect national security. Reserve billets will also augment the demanding standards and serve alongside Cyber Force manning plan. The Navy has their Active-duty counterparts. Completing the Build made establishing and maturing its Cyber Like the Army, the Air Force insti- The Commander’s Vision for Mission Force a top priority. Working tuted a new cyberspace officer career USCYBERCOM and its operational with the University of Maryland Center field specific to Cyberspace Warfare components calls for accelerating full- for the Advanced Study of Language, Operations to develop Airmen with the spectrum capacity and capability devel- FLTCYBER is developing a Cyber requisite skills and expertise to meet the opment to give commanders and policy- Aptitude and Talent Assessment that will Nation’s emerging needs. The 2013 makers the options they need to execute identify talent across the spectrum of standup of a Cyber Weapons Instructor full-spectrum operations. Generating technology, analytic capability, and inge- Course at the Air Force Warfare Center the DOD cyber capability and capacity nuity. In an effort to meet the growing was a milestone on the way toward falls to the Service cyber components demand, the Navy is creating ways to bet- normalizing cyberspace operations in with their authorities to man, train, and ter assess, track, and manage cyber talent support of combatant and air component equip the force. in the workforce. commanders by focusing on the tactical Each of the Service cyber compo- FLTCYBER has several efforts under employment of these emerging capabili- nents is building maneuver elements way to identify individuals with critical ties. In addition, a Cyber Intermediate for the Cyber Mission Force by man- cyber warfare skill sets by building aware- Leadership program was developed to ning, training, and certifying teams to ness of Navy cyberspace operations and ensure cyber operators and intelligence USCYBERCOM standards. Over the associated career options. The U.S. Naval officers have the right professional past 2 years, the Army has begun align- Academy established a summer intern growth opportunities in key command ing command and control by assigning program with Task Force 1090, Navy and operational positions. Recently, the Network Enterprise Technology Cyber Warfare Development Group, AFCYBER established a Ready Cyber Command to Army Cyber Command enabling Midshipmen to gain exposure Crew program to ensure all cyberspace and building its Active Component CMF to a wide range of cyber operations over operators receive the right amount and with the goal of having all 41 Army a 6-week period as part of their summer type of continuation training to maximize CMF teams on track for full operational training. A similar program was estab- their combat effectiveness and, ultimately, capability no later than 2018. Reserve lished for Naval ROTC Midshipmen with mission success. Collectively, these steps Component forces are an essential part computer-related curricula that allow have become integral to developing of the Army’s cyberspace force, and them to work with Task Force 1020, Airmen into a ready cyber force ca- ARCYBER is also building 21 additional Navy Cyberspace Defense Operations pable of operating in joint and coalition CPTs, 11 in the Army National Guard Command, for their first class summer environments. and 10 in the Army Reserve. To help cruise. By 2020, the Marine Corps will have meet the Army’s demand for cyberspace The Air Force will contribute deployable, full-spectrum cyberspace talent, in September 2014 the Army nearly 2,000 Airmen to support the operations capabilities integrated into the created its first new career branch in joint cyber force. To meet the CMF’s MAGTF, enabling it to fight a single- nearly 30 years—the Cyber Branch and growing requirements, the Air Force battle across all five domains of warfare Career Management Field—to manage has restructured and expanded its train- using a combined-arms construct. Three cyber talent for the Service and allow ing and force development programs, of thirteen MARFORCYBER CMF career-long professional development. nearly quadrupling the rate at which teams have achieved full operational Since September 2014, the Army has cyberspace operators and intelligence capability and are operating in support handpicked approximately 300 Soldiers specialists qualify to join Air Force cyber of Marine Corps, USCYBERCOM, and from across the force to serve as the first teams in support of the CMF. Likewise, combatant commander missions. As it cohort of Cyber Branch officers from long-standing cyber programs such as enters the final stages of its CMF team lieutenant to colonel, and partnered the Air Force Institute of Technology as build, MARFORCYBER is establish- with ROTC, West Point, and the Officer well as new ones such as the Air Force ing the Marine Corps Cyber Warfare Candidate School to provide a continual Academy’s Cyber Innovation Center Group, which will be responsible for

92 Commentary / Beyond the Build JFQ 80, 1st Quarter 2016 manning, training, and equipping the sophisticated intrusion attempts. Many of Lynn explained. JFHQ-DODIN had Marine Corps CMF teams. To support these cyber solutions were developed and no time to grow and learn before being the training and exercises of cyber units, fielded in weeks or months and we need thrown into the fight: “We are absolutely MARFORCYBER is also developing faster results. in the fight now.” The general cited seven a persistent training environment to ARCYBER is pursuing cyber analyt- named cyber operations that JFHQ- enhance military occupational skills ics capabilities to gather unprecedented DODIN has been involved in since proficiency, test and develop next genera- quantities of data across cyberspace, pro- reaching initial operational capability in tion solutions, host remote training and viding a clearer picture of Army networks, early 2015. Some were deployed opera- education of Marine Corps operating systems, and data. Coupled with architec- tions, while others were launched from forces, and refine tactics, techniques, and ture modernization, this effort is critical the component’s Fort Meade headquar- procedures. to protect the future force and its ability ters. The first operation began only days JFHQ-DODIN has built capability to fight and win. The director of DISA, after JFHQ-DODIN’s inception, and through the workforce that it continues who is dual-hatted as the commander required a deployed CPT to locate and to assemble and through lessons learned of JFHQ-DODIN, hopes to leverage mitigate the threat. from the frontlines of DODIN cyber technology to improve operations and We can expect that pace to intensify activity. Before the creation of this opera- influence traditional warfighting concepts in the years ahead. The JFHQ-DODIN tional headquarters, a Service responding such as deception, maneuver, battlespace, experience typifies the pace of cyberspace to an attack on its network would deal passage of lines, and defense-in-depth to operations for all USCYBERCOM com- with the problem more or less decisively, improve the overall defensive posture of ponents. Our current cyber quandary is but in isolation, thus leaving other the DODIN. One example is Software not some passing phase—it is the new Services and agencies potentially vulner- Defined Networks, which can provide normal for the joint force. Indeed, it is able to the same attack. Information the ability to create a network, and when the new normal for every government regarding the attack might be shared with necessary, kill a network and move the and military around the world. That is other interagency partners, but there was warfighters and assets to another network why USCYBERCOM published its vi- no joint mechanism to alert the rest of in a virtualized space, thus remaining sion last year. We have an opportunity the vast force of DOD network operators resilient and agile in the protection and to use our experience, our technology, to a new threat. JFHQ-DODIN assumed defense of our systems while ensuring the and the investments we have already this synchronizing responsibility. mission continues unhindered. made in training and infrastructure to People are the ultimate enabler of the stay ahead of would-be adversaries that joint cyber force, but they require tools In the Fight Now have arrived in cyberspace comparatively and capabilities. The Service cyber com- In cyberspace we are already in real recently. We must also ensure that our ponents are building new capabilities for or imminent contact with adversaries. ability to generate assured command and use in cyberspace, and sharing these with Every day, opponents attempt to access control continues even in a degraded the joint force. One of the most critical the DODIN to establish persistent environment—even as we also focus on components to maintaining our military’s presences in the critical networks we developing mission capabilities to provide warfighting advantage is the ability to rely on for mission success. The level of the joint force with more options within develop and rapidly field innovative cyber adversary activity varies greatly and is the cyber arena. USCYBERCOM, look- capabilities. The Air Force has established influenced by multiple factors, including ing Beyond the Build, has a vision to do seven cyber weapons systems to ensure geopolitical events and even significant just that. JFQ the cyber capabilities being presented anniversaries. DOD systems mitigate to the joint community are properly an average of two million “intrusion organized, trained, and equipped to attempts” each month, not counting meet the demands of an increasingly the billions of malicious emails that contested domain. The Air Force Life DOD receives annually, 85 percent of Cycle Management Center has strived which are blocked by a filter or defen- to streamline the ability to provide solu- sive capability. tions to support cyber missions through Lieutenant General Alan Lynn, USA, its “Rapid Cyber Acquisition” and “Real commander of JFHQ-DODIN and Time Operations and Innovation” director of DISA, highlighted the pace initiatives. These efforts have resulted of operations for JFHQ-DODIN last in the fielding of capabilities that have fall: “[JFHQ-DODIN recently] stood thwarted adversary exploitation of user up, so you would think we are just build- authentication certificates and the unau- ing it as we are flying it—and it would thorized release of personally identifiable be kind of a slow process.” But such a information, while also helping to block thought would be mistaken, General

JFQ 80, 1st Quarter 2016 U.S. Cyber Command Combined Action Group 93