The fiscal year 2024 defense policy and spending bills before Congress would provide U.S. Cyber Command with the acquisition, budget, and policy authorities it needs to help solve readiness and training challenges, President Biden’s nominee to lead the command and the National Security Agency said at his confirmation hearing on Thursday.
Passage of the bills will mean USCYBERCOM will have responsibility for the “Cyber Mission Force budget, will have the responsibility for the acquisition of the capabilities for our Cyber Mission Force and have the authority to set the training standards,” Air Force Lt. Gen. Timothy Haugh, who is currently deputy commander of USCYBERCOM, told the Senate Armed Services Committee (SASC). “So, with those authorities, it allows Cyber Command to set the investment in our training infrastructure, in our training courses, and allows the services to focus on recruiting, initial skills training aligned to our standard, and then to leverage the retention capabilities that Congress has given to the services. So those are areas now that really change the dynamic of how we will approach cyber readiness If confirmed.”
SASC Chairman Jack Reed (D-R.I.) and the panel’s ranking member, Roger Wicker (R-Miss.), both cited readiness problems with the Cyber Mission Forces (CMFs), which provide the operational manpower to carry out missions for the command.
Reed said that CMFs “readiness shortfalls” are due to “difficulties in training and retaining personnel in key positions requiring special skills” and said the military services, which supply the manpower to USCYBERCOM, “must provide qualified and trained personnel to your command on time and at the beginning of their tours.” He also pointed out that the private sector is making it difficult because it realizes the value of these cyber personnel and pays them well to leave the military.
Haugh said that 80 percent of the CMFs personnel are military the rest civilians. The command has about 6,000 billets for its cyber forces, 85 percent of which are filled, he said. The gap will shrink as USCYBERCOM refines its baseline standards to allow the military services to recruit and retain personnel in line with those requirements, enabling the command to “develop that force with advanced training,” he said.
USCYBERCOM already has congressional authorities to build out its training ranges and advanced training and the FY ’24 appropriations bill will give it the “resources to scale that,” Haugh said, noting later that the new authorities for budget control and acquisition will also aid in quickly ramping up its defend forward capabilities. Defend forward is a USCYBERCOM mission where U.S. allies and partners ask the command for help in countering cyberthreats.
New budget and acquisition authorities will also allow USCYBERCOM to expand its relationships with the private sector and leverage resources to “operate with more speed and agility aligned with our requirements,” Haugh said. The command will also examine its role in science and technology as its acquisition authorities expand, he said.
U.S. geographic combatant commanders are also asking USCYBERCOM to do work more with allies and partners in their regions on cybersecurity, Haugh said. For example, he said, Indo-Pacific Command has asked USCYBERCOM to continue “our long-standing partnerships” with Australia, Japan, South Korea, and Taiwan and to beginning working with the Philippines, Singapore, and Thailand.