With the impending full operational capability of Cyber Command's Cyber Mission Force – slated for 2018 – and an intense focus on personnel and manning the 6,000 person, 133 team force, the command and Congress are now focused on delivering capabilities to equip the CMF to do their job.

The Capabilities Development Group at CYBERCOM, stood up in February of 2016, is focused on just that. Their main mission now is development and fielding of what they call the Military Cyber Operations Platform, Keith Jarrin, executive director of the CGD said at the AFCEA Warfighter IT day March 30.

Jarrin's presentation was the first public disclosure of the MCOP, as it's referred to. MCOP is "essentially the sum total of the portfolios we manage," he said.

Cyber warriors, in order to carry out their mission successfully, need a platform, an interface, a toolset and an infrastructure, just like warfighters in the more traditional physical domains. As discussions continue to surround the inevitable split of NSA and CYBERCOM – which are currently collocated – an independent CYBERCOM will need its own infrastructure to conduct warfighting missions separate from NSA, which is an intelligence collection, combatant command support agency.

MCOP and similar endeavors get at this specialized military cyber mission. "When you take a look at the Military Cyber Operations Platform, you have to recognize that there are tools that will use physical infrastructure, there are analytics that will be fed by the physical infrastructure through a kind of network of sensors – for full spectrum operations," Jarrin said. "MCOP is a global presence that is hardware and software and the regime to be able to train and equip with the services the CMF."

"There are essentially common services that provide vital things like mission orchestration so we can actually do combined operations that are full spectrum," he continued adding that the joint force needs to understand where capabilities are and where and how they're being employed.

Other similar efforts include the unified platform, essentially a shared platform to allow cyber forces to conduct full spectrum cyber operations.

The future of MCOP, Jarrin explained, will be to engage capability synchronization boards to make fundamental decisions, not only tactical decisions such as what widget goes at Fort Gordon, the future headquarters of Army Cyber Command. But more important decisions like what is the Air Force’s piece of MCOP? What makes sense from a functional alignment, from a threat alignment; how do the two relate to each other, Jarrin asked. Planning is an important stage of engagement with the services so the command and DoD can really understand how MCOP is going to be growing as DoD rolls it out, he added.

Rapid acquisition

With the standing up of CDG, Congress sought to make CYBERCOM more agile with what some congressional aides have called a crawl, walk, run model by initially providing limited acquisitional capabilities.

"The whole point of CDG or the command gaining acquisition authority … is operational agility," Jarrin said. He also described that CDG’s mission is threefold:

  1. Plan and synchronize Capability development for the joint cyber force
  2. Develop capability in order to reduce risk or meet urgent operational needs
  3. Maintain the command’s technical baseline

Delivering capabilities

One of CDG’s biggest challenges currently, he said, is understanding how combat mission forces – one of the sets of cyber teams within the larger CMF focused on combatant command requirements – can be engaged in cyber activities in a true end to end fashion for the highest priority missions for the three highest priority combatant commands: Central Command, Pacific Command and European Command.

Jarrin also noted that capability development has to be thought of in three lines of effort. The first is operations. He explained that for the last seven or eight months, there have been organic DoD cyber operations, which means the department is conduction cyber operations in direct support of core DoD warfighting missions and objectives in a battlefield context.

"We’re learning so much from a doctrine standpoint about how to basically prosecute a new type of cyber full spectrum operation," he said. "The capability development people … need to be in those doctrine tactics and techniques discussions about how things are changing, how we’re using different authorities, how the partnerships and coalitions are forming, what they’re doing. That has direct bearing on the types of operations that really get conducted."

The second line of effort is cyber command and control, situational awareness and intelligence. This involves several sub-sets one of which he listed is the need for immediate situational awareness all source fusion at operations centers. The critical questions, from a capabilities development standpoint he described include what does this look like, how can they pull those things together – more than telecommunications, but software overlay, big data analytics and looking through the lens of all source cyber in new ways.

Lastly, he described force structure and whether or not the 6,000 personnel capacity is enough and if resources are being pooled efficiently.

"Are we really within a force of 6,000, are we geographically pooling our tool developers in the right place, are we pooling our requirements in targeting or analyst resources in the CMF in the right place?" he asked.

Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.

More In Cyber