A year after Department of Defense cyber teams reached the critical designation of full operational capability, U.S. Cyber Command has transitioned from building — both its headquarters and cyberwarrior teams — to sustaining and optimizing teams for mission success.

“Now we’re focused on conducting operations. As such, it was time to take a bit of a pause to say what were our operational lessons learned as we’ve conducted defensive cyber operations, offensive cyber operations,” Brig. Gen. Paul Stanton, deputy director of current operations, J3 at Cyber Command, said May 16 during a panel in Baltimore, Maryland, hosted by AFCEA. “When we designed our force, did we get it right? Are we organized appropriately?”

It has long been acknowledged that the team structure of the 133 cyber mission force teams — which hit full operational capability in May 2018 — would be reevaluated after all the teams were in place.

Now, Stanton explained, the command is trying to evaluate and define what “units of action” within teams look like.

“What’s the small unit of combined individuals with the right skill sets in order to achieve objectives? We’re taking a hard look at what a ‘unit of action’ means and how to adjust within the team construct, but at a smaller level to the element that will actually deploy out to conduct a meaningful mission,” he told Fifth Domain, following his participation in the panel.

For example, he said, in defensive operations, they need a network engineer, a host-based analyst, an intel analyst and somebody in charge.

“Recognizing that informs the nucleus of the unit of action that can then go forward and do something meaningful,” Stanton said.

Stanton added that there haven’t been any formal, concrete changes to the teams, but the command is working to define them.

For example, the Marine Corps has discussed organizing some of its teams along the concept of something like a cyber fire team, similar to teams within rifle squads.

“As we’ve recalibrated, we’ve looked at, ok, how do you have this planner with the intelligence analyst, with the capability developer, with the operator — kind of like a Marine Corps fire team mindset,” Gregg Kendrick, executive director of Marine Corps Forces Cyberspace Command, said during the same panel. “You’ve got to have the breadth and depth of understanding from a planner, intelligence, capability developer and operator perspective that heretofore we haven’t had.”

Teams have always been able to task organize as best they see fit to achieve missions. The cyber fire team is one such example, absent formal guidance to organize that way.

Ensuring readiness

The recalibration of teams is just one aspect Cyber Command is examining to create a more sustainable readiness model for the force.

Recalibration falls under defining how the force fights and thinks about fighting, which is the first step, Stanton explained. Once they understand how to fight, the next step is organizing and prioritizing.

“By definition, if I change the unit of aggregation of my individuals, I then have to redefine my mission-essential tasks,” he said. “What is it that I want that unit of action to be able to accomplish?”

Next, the teams have to be properly equipped. And lastly, the teams need to be trained appropriately.

Stanton explained this process is not new within the military. But with a new cyber force, DoD has to figure out how to apply it in a dynamic domain.

“At U.S. Cyber Command, we spent the last several months really working hard to define all the standards,” Stanton said. “We’ve got a lot of work to do … Fortunately, we’re not starting from scratch … we didn’t get it wrong when we initially built the force, but we’re refining it according to our operational lessons learned.”

Assessment cell

In keeping with ensuring forces are truly successful and making a difference, Cyber Command created a cell to determine the measures of effectiveness and performance of conducting operations.

This assessment branch is a byproduct of Cyber Command’s elevation to a full unified combatant command last May, Stanton said.

“We’re looking at how do we actually assess if we’re achieving those objectives,” he explained. “I’ll offer that we’re relatively nascent in our approach; however, we’re making significant progress to determining from an objective view whether or not we’re truly meeting what [Cyber Command Commander] Gen. [Paul] Nakasone is asking us to do.”

It’s unclear when evaluations or assessments will materialize.

Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.

More In