Sailors at the Fleet Operations Center in Fort Meade, MD. Image: U.S. Navy / Samuel Souvannason
Sailors at the Fleet Operations Center in Fort Meade, MD. Image: U.S. Navy / Samuel Souvannason

Cyber Command reshuffles force expansion due to Navy readiness woes

The U.S. military has rearranged a years-long effort to expand the "action arm" of its top cyber forces, according to multiple sources, as leaders try to balance fighting advanced foreign threats like China with maintaining basic readiness.

Poor readiness specifically within the Navy’s digital personnel has prompted U.S. Cyber Command to alter what is likely a multibillion-dollar push to grow its main warfighting corps, known as the Cyber Mission Force (CMF), by 14 teams.

The four new teams the Navy was tasked to provide as part of the expansion will focus on training the service’s existing cyber operators first, not acting as additional cyber warriors as originally intended, according to multiple military, civilian and congressional sources with direct knowledge of the process.

Long considered a problem child among the military branches for not fulfilling its personnel requirements to Cyber Command, the Navy examined its existing 40 CMF teams in 2022, not long after the expansion plan was put into motion.

The readiness of those teams was deemed inadequate, so service leaders decided to use the four new teams to boost the training of the existing force.

“There's a force structure associated with each of the teams based on unique skill sets and job codes that have to reside within each mission team and, in some instances, we didn't have as many as we needed,” said Chris Cleary, the Navy’s principal cyber adviser, about the existing 40 teams.

“As opposed to initially complying to the requirement that we increase to have four new teams … our strategy is to work on the readiness side of what we're doing before we commit to additional capacity or our ability to create that additional capacity,” he said.

The tradeoff means that, in the short-term, the CMF will have fewer members available with the skills to actually perform its more advanced digital work for the foreseeable future. In the long term, though, the move will create a talent pipeline of incoming members who are better trained in digital warfare.

In all, two Cyber Combat Mission Teams, which conduct digital operations to support U.S. military commands around the world, and two Combat Support Teams that aid the combat teams and others, will bolster the existing teams and lay the groundwork for future squads with the intention that, one day, they will protect computer networks from foreign hackers as intended.

Based on the established size of the two types of teams, a total of 186 people, nearly one-third of the projected 600 the expansion was to bring in, were impacted.

Cleary likened the shift in resources to the Navy’s shipbuilding efforts where “there's years that we buy ships, and there's years that ships are delivered.”

“On the math, it's there. It's now the filling of these teams,” he said. “Is there a room with a team mission name on the door where bodies are beginning to show up and sit in chairs? I don't think that is the case. But from a force design standpoint, and authorization of bodies to go into those teams, those do exist.”


Building blocks

The expansion of the CMF — which includes around 5,800 personnel taken from the armed services and divided into 133 teams that conduct offensive and defensive operations in cyberspace — was the first of its kind since its structure was designed in 2012.

Under the plan, the Army and Air Force each would provide five new teams, while the Navy would produce four.

1000w_q95-1.webp
Members of the Air Force's 834th Cyber Operations Squadron discuss a staged cyberattack. Image: U.S. Air Force / Maj. Christopher Vasquez


The design to grow to 147 teams was the result of years of internal debate within Cyber Command and Pentagon dating back to 2018 and a recognition that, while the command had become central to combating malicious actors and tackling an increasing number of missions like election security, the bulk of its forces had remained static.

The build received the greenlight in summer 2020 following a months-long combatant command review by then Defense Secretary Mark Esper.

"My sense is that while 14 teams is likely the start, I would not be surprised if the department comes to a determination that more are necessary,” Cyber Command and NSA chief Gen. Paul Nakasone told House lawmakers in April 2022.

President Joe Biden’s fiscal 2022 budget request proposed $10.4 billion in cybersecurity programs for the Pentagon, including funds for two Army teams and the first two Navy teams.

For this year, DoD asked for an $11.2 billion cyber budget that included money for five additional cyber teams, bumping the total to 142. The administration then proposed a $13.5 billion cyber budget for 2024, which would complete the build with funding for five CMF teams, including the last two from the Navy.


Fighting the churn

Readiness issues have plagued the CMF across the board since Cyber Command was established over a decade ago. Each service has its own culture and priorities in terms of the cyber mission, causing a constant churn of personnel in and out of the organization.

The command’s doctrine of “persistent engagement,” which puts U.S. forces in constant contact against adversaries in cyberspace, has also contributed to some of the burnout as operators are in around-the-clock battles on the digital frontlines.

“There's no doubt that over the last few years, we have not had the overall readiness levels of the CMF where U.S. Cyber Command wants them,” said Retired Lt. Gen. Charles “Tuna” Moore, who served as Nakasone’s deputy until last October.

The Navy is taking a “very logical approach” by shifting the focus of its new teams, he said during an interview last week.

“It's no secret that they've had challenges in terms of simply getting the proper number of fully qualified people trained to fill their requirements to the existing force structure,” according to Moore, now a Distinguished Visiting Professor at Vanderbilt University.

The Navy’s pivot has been tough to track publicly because most of Congress’ oversight of military digital operations happens almost entirely behind closed doors.

“Most of the discussions that we have end up in a classified session,” Sen. Mike Rounds of South Dakota, the top Republican on the Senate Armed Services Committee’s cyber panel, acknowledged to The Record.

“But has it been something that we’re aware of and have we been trying to bring it to their attention and provide other alternatives? The answer to that is yes.”


The long haul

Cleary declined to say when the fully trained members for the service's four new teams would be on station, speculating that raising readiness to sustainable levels would take at least a few years.

“It might look like we're not funding these additional teams or filling these teams. We will,” he said. “So you can either take new or unqualified sailors and just have more 'low-ready' teams, or figure out how you need to fix this process. I think what you're witnessing is the first iteration of us fixing the process.”

But Congress might not wait that long. Last year’s bipartisan defense policy bill contained two provisions to address concerns about Cyber Command’s overall readiness to combat digital threats.

The first required the command to submit a report detailing the support it is receiving from the military services, while the second asked for an examination of any readiness shortfalls within the CMF.

Multiple congressional sources said the language was to act as a cudgel to get the military branches to provide bodies to Cyber Command, particularly the Navy.

Rounds said this year’s policy bill, which House and Senate lawmakers will take up separately next week, would also address “part of a culture issue that we’re still working through with the Navy” that doesn’t place an emphasis on cybersecurity.

The South Dakota Republican didn’t sound overly concerned about the CMF personnel reshuffle, even as digital threats from Beijing and Moscow increase and grow more sophisticated.

“Do I wish we had 10 times as many? The answer is yes,” according to Rounds. “We’re going to grow. Cyber’s not going away, it’s going to get bigger. But we want a cyber team made of individuals who clearly know what they’re doing.”

However, Moore expressed worry about improving the overall readiness across the CMF and speeding up the process for the Navy teams to reenter the fold to better keep up with what DoD has called the “pacing challenge” of China.

“They are lagging behind a bit more than the other services, and are a focal point for our pacing challenge, that makes it a more concerning circumstance.”

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Martin Matishak

Martin Matishak

is the senior cybersecurity reporter for The Record. Prior to joining Recorded Future News in 2021, he spent more than five years at Politico, where he covered digital and national security developments across Capitol Hill, the Pentagon and the U.S. intelligence community. He previously was a reporter at The Hill, National Journal Group and Inside Washington Publishers.