CYBERCOM Evaluating Cyber Mission Force The Defense Department and Cyber Command continue to evaluate the effectiveness and construct of the newly established cyber force. “There is actually a study going on right now at CYBERCOM, cyber mission force 2.0, to look at do we have it right, how should we tweak it and things of that nature,” Col. Robert “Chipper” Cole, director of Air Forces Cyber (forward), said during an event hosted by AFCEA NOVA on Dec. 13. Because the cyber mission force is just coming on board, Cole explained, many weren’t sure what it was going to look like when it started. DoD is trying to figure out exactly how to formulate the force, he said. “We do have a pretty sound construct as a foundation to start out from,” he said. The cyber mission force reached initial operational capability in October. “We’re actually talking about an assessment and taking a look at the effectiveness again and how much in terms of mission capacity we have, so not just capability but capacity of the CMF. Since we’re actually employing it in the middle of the build, it’s kind of hard to get a real good solid assessment since we have so few teams relatively speaking that are at full operational capability and maturity,” Maj. Gen. Burke “Ed” Wilson, deputy principal adviser to the Secretary of Defense and senior military adviser for cyber, told C4ISRNET following his speech at the same event. Wilson, who formerly served as the commander of AFCYBER, said there aren’t current plans to expand the force beyond the previously stated 133 teams and roughly 6,200 personnel. This despite several ongoing narratives such as the elevation of Cyber Command to a full unified combatant command — pending a presidential veto — and programs aimed at more effective training of cyber warriors despite the IOC declaration. “We are looking at modeling and simulation to look at from a force posture perspective if we have too many, too few, or just the right amount of teams and personnel,” Wilson said, adding that Cyber Command Adm. Michael Rogers is looking at measuring the effectiveness of components of the teams, such as cyber mission teams and cyber national mission teams. Cole provided an extensive overview of the makeup of the cyber mission force, breaking down the mission sets each team contributes. The first he described involve the “defend the nation” mission set, which involves 39 of the 133 teams to include national mission teams, national support teams and cyber protection teams. According to a slide during his presentation, this mission set aims to “counter cyberspace operations against adversaries emanating from nation states.” National mission teams are made up of 64 individuals, he said, and are typically aligned to a malicious cyber actor, meaning they are often in “red space.” This allows them to get a feel of the state actors they’re aligned to and get indications of warning before they act to allow other forces to set up their defenses. These teams are also posturing themselves to hold that threat at risk, he added. National support teams, composed of 39 individuals, are linguists and analysts who support the mission teams, he said. These teams serve in an intelligence role, providing analytical and planning support to the national mission and combat mission teams. National cyber protection teams, which also include 39 individuals, are defensive teams. Cyber protection teams are deployed to help with defense and response in eliminating threats from the network. Cole said these teams assessed what happened with the Joint Staff email hack last year. Cole then discussed combatant command support, involving combat mission teams and combat support teams and described by his slide as “offensive cyber operations to achieve or directly support combatant commander objectives.” The focus of teams involved here is more aligned toward combatant commander’s design, he said. Cole noted that while these teams originally were operationally controlled by the combatant commander, this changed recently, partially because commanders were looking at their priority list as opposed to the DoD priority. “When we looked across the whole group of 133 teams, our focus was really off because you had teams at different combatant commands really doing the same thing and not really doing what was the DoD priority,” Cole said. “The SECDEF changed that operational control, and now Adm. Rogers has operational control over all of those teams,” Cole said. “Adm. Rogers has set up a global cyber ops synchronization effort. So just like what we do with a lot of the other [high demand assets] — he has basically set up a prioritization system where all the combatant commands feed into that, and then they prioritize and assign the teams appropriately depending on that prioritization.” He added that one of the things they learned is it doesn’t take one combat mission team for one task. One combat mission team can take about three tasks, though it depends on the scope of the task. Teams can achieve greater effects for combatant commanders by working from a strategic standpoint rather than a tactical standpoint, he noted. The last joint mission set from the cyber mission force perspective Cole outlined is cyber defense. Within this scope, 50 teams of service cyber protection teams and combatant command DoDIN cyber protection teams provide defensive cyber operation for key cyber terrain, such as DoD networks. “We don’t deploy a 39-person squad on one problem; we task organize, and this is much more efficient,” he said. Cole also provided some details on the Air Force component and contribution to the joint cyber force, which provides 39 of the 133 teams and 1,700 personnel. These forces are a combination of 24 th and 25 th Air Force; 24 th AF provides the cyber professionals and 25 th AF provides the intelligence professionals, which are brought together, he said.