For the past several years, one of the top priorities of Cyber Command was building its 133 cyber mission force teams made up of roughly 6,200 personnel from the four services.

All of those teams are expected to reach full operational capability by next year.

[4 Cyber Command storylines to watch in 2018]

Now, the command is expected to shift its focus and instead concentrate on developing the tools and infrastructure it will need in the near-term as well as developing concepts for using these capabilities. Most notably, Cyber Command’s leaders will focus on a so-called cyber carrier used to launch cyber operations and ISR.

“What I think you’re seeing from Cyber Command and the services is now they’ve gone beyond creating the force,” Bill Leigher, director of government cyber solutions at Raytheon, told Fifth Domain. “Now I think [they are] putting some punch behind these teams that have capabilities and developing the [tactics, techniques and procedures] so they really are capable of something.”

Leigher, a retired rear admiral, said that now the teams in place and possess some capability, the command will work on normalizing what those teams do on a day-to-day basis.

This focus is likely more acute on the defensive side as opposed to the offensive side.

[Cyber capabilities support U.S. kill/capture missions]

“When you get on the defensive side, you’re really talking about retooling an IT workforce to do more than” they’ve been expected to do in the past, he said. “What I’m talking about is getting back to what’s the first thing I’m going to do in the event of? What are the first five things I’m going to do in the event of? And that is what I’m sensing is missing.”

One of the first things Cyber Command will need is a training environment said Jim Keffer, director of cyber at Lockheed Martin.

The Army has been tasked by DoD to run the department’s persistent cyber training environment, an immersive training tool that will allow for teams and individuals to dial in and conduct cyber training from all over the world. This training environment will also allow forces to conduct mission rehearsal prior to deploying on adversarial networks.

[Here’s what the Pentagon’s persistent cyber training platform might look like]

Keffer, a retired major general who was previously the chief of staff at Cyber Command, also said Cyber Command will need a command and control battle management visualization capability that will allow for the coordination of defensive cyber operations, offensive cyber operations and cyber intelligence, surveillance and reconnaissance.

Cyber Command will need to tie together its command and control and battle management capabilities, a tool Cyber Command has referred to as the unified platform, Keffer said.

[Cyber Command now looking to equip its cyber warriors]

The unified platform, he said, can be thought of as the cyber equivalent of a carrier from which to launch cyber operations and ISR.

[Here’s what Cyber Command’s war-fighting platform will look like]

This unified platform concept is “absolutely critical to national security, providing a decisive advantage in multi-domain warfare defending our nation from hostile actors and projecting force within cyberspace,” said Chris Valentino, director of joint cyberspace programs for the cyber and intelligence mission solutions division at Northrop Grumman. “To be clear, UP is not an IT system but a joint warfighting platform that will unify existing, as well as emerging, cyberspace constructs to meet CMF mission requirements. UP will enable the continual iteration of planning, coordination, execution and assessment at the speed and scale of military operations that outpaces the threat.”

The unified platform will be a component of what Cyber Command calls the military cyber operations platform (MCOP), the war-fighting platform used by the cyber mission force to conduct Title 10 war-fighting missions.

Keffer explained that UP is “very much needed” to execute operations.

In addition to the infrastructure, Cyber Command will also need the necessary tools and developers to conduct its mission. This will be especially important as the command matures and gains greater independence from NSA. Initially, Cyber Command was heavily reliant on NSA to provide infrastructure, tools and personnel.

Cyber Command held its first ever industry day in October to provide insight to industry regarding current and future challenges, requirements, and acquisition plans. Among the agenda items listed, Cyber Command leaders hoped to provide insight into their tools and access platforms portfolio.

[Cyber Command awards first contract under its limited acquisition authority]

The services, as part of a pilot directed by Congress, will be looking at direct commissioning cyber talent into their ranks. The Army has identified certain career and skill set shortcomings they wish to fill, potentially through the pilot, as identified through operations against adversaries.

Lt. Gen. Paul Nakasone, commander of Army Cyber Command, said during a December media briefing that these include software engineers coders, crypto mathematicians and systems engineers.

Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.

More In Intel/GEOINT