The Senate Armed Services Committee is looking to help the Department of Defense address and correct issues associated with the readiness of its cyber forces, according to new legislation and congressional aides.
Committee aides told reporters on Monday that in discussions with cyber commanders, readiness problems — including recruiting and retention — became more apparent. The SASC version of the fiscal 2023 National Defense Authorization Act calls for a plan to address readiness shortfalls and a study on the responsibilities of the military services for organizing, training and presenting forces to U.S. Cyber Command.
“We had a hearing, a classified hearing about it that really informed these provisions earlier this year where we had testimony [from] all of the joint force headquarters cyber organizations that provide the forces to the cyber mission force,” a committee aide said, referencing the service cyber components that provide the cyber mission force teams to Cybercom. “There are some challenges that they’re facing with having the retention rates and the recruiting rates that they need.”
Some of the readiness issues stem from attracting and retaining talent, a longstanding issue across the cybersecurity landscape in government and the private sector, according to committee aides.
Readiness has long been a top priority for Cybercom. In recent years, the Department of Defense has sought to develop readiness metrics for its cyber teams, first beginning with defensively focused cyber protection teams and moving to offensive and support teams.
A committee aide noted that the DOD understands these readiness issues and is working to address it.
“We’ve had lots of discussions with the responsible people in the Pentagon about this. The universe of issues and potential fixes, we think is pretty well identified. We are leaving it up to them to figure out exactly the mix of remedies that makes the most sense,” the aide said.
However, the committee is concerned as the cyber mission force is set to add an additional 14 teams in the next couple of years.
“We’re not at the point of putting a roadblock up on their modest force expansion, but in practical terms, they’re really are going to need to get a handle on their bottlenecks for readiness if they hope to have expanded forces that are ready,” an aide said.
If the DOD falls flat on its reform efforts, the committee could take additional measures, but aides said next steps shouldn’t be discussed until they receive a strategy from the Pentagon as outlined in the NDAA, which still must pass the full Senate and then be reconciled with the House’s version before becoming law.
Moreover, officials indicated that since it’s been so long since the cyber mission force was designed, now is a good time to reevaluate how the services man, train, equip and present those forces to Cybercom.
“There’s several provisions [in the NDAA legislation] that are looking at what is the best way to do that. Do we need to rethink breakdowns of how these forces are provided?” an aide said. “Making sure that the department’s best postured to efficiently provide those teams in what the services provide. For example … look at things like do we need to have each service providing, building their own training and their own tool sets? Or can we have a more efficient way to do that at this point in the road?”
Despite these various concerns, the committee’s bill recommends increased funding for a variety of efforts to include so-called hunt-forward operations and the Joint Cyber Warfighting Architecture that guides Cyber Command’s acquisition priorities and programs (NDAA legislation only authorizes funding while the appropriations committees actually provide the funding).
SASC staff said the legislation authorizes budget increases for areas the committee believes the military can use more resources to get better capabilities, while emphasizing areas in which the DOD is lagging.