Cyber Command prepares force assessment

The head of Cyber Command is preparing to ask for more personnel as the organization's election security role expands and cybersecurity threats evolve.

During a March 4 budget hearing of the House Armed Services Subcommittee on Intelligence and Emerging Threats and Capabilities, Gen. Paul Nakasone, CYBERCOM commander, said the organization is "gathering data" to determine whether it has the right number of personnel to match current responsibilities.

Cyber Command's responsibilities have steadily increased beyond protecting the Defense Department's networks since standing up in 2009.

The Cyber Mission Force "was designed on 133 teams, given the planning at the time," Nakasone said, adding that since 2013, Cyber Command is now charged with the "enduring mission" of election security support and contends with the threat of influence operations and the need for persistent engagement and hunt-forward missions.

"We see across our services the necessity, not just to defend networks, but also to be very careful in defending our data and our weapons systems," he said.

Nakasone said elections, readiness and cyber force personnel were CYBERCOM's main priorities. But when pressed on whether the command had enough personnel, Nakasone said the upcoming force assessment would help with that.

Nakasone, who also serves as the director of the National Security Agency has previously told Congress about a possible increase in the number of Cyber Mission Force personnel that now total more than 6,000. Nakasone told the Senate Armed Services Committee in February 2019 "there will be requirements that will probably be outside the 133 teams we have right now."

"Obviously as a commander, I would tell you that I never have enough forces. But what I do need is I need the ability to be able to show that in data," Nakasone said March 4.

In accordance with its election security mission, the Defense Department is also responsible for loaning cyber personnel to the Department of Homeland Security.

Kenneth Rapuano, the principal cyber advisor to the defense secretary, also testified, saying DOD was finalizing an agreement that allows the department to loan out 50 non-reimbursable personnel to DHS.

"2013 versus 2020 is a whole new paradigm in terms of threat and in terms of our understanding of the need," Rapuano said. The 2020 National Defense Authorization Act directed quarterly reviews of Cyber Mission Force readiness as well as a zero-based review on all cyber personnel by 2021, including military, civilian and contractors.

In addition to force size, training will also likely come up. The Government Accountability Office raised training readiness concerns in a 2019 report, citing rotating personnel, a lengthy clearance process and disruption due to the command's changes to training that negatively affected the National Guard and Reserve personnel.

However, the ask for more personnel will likely come soon. Nakasone, who said election response in 2016 resembled a pick-up game compared to the interagency coordination during primary voting March 3, said cyber strategies, policy and authorities have dramatically changed in the last five years, driving a higher level of operations, which he wouldn't discuss openly.

This article first appeared on FCW, a partner site of Defense Systems.