FORT SHAFTER, Hawaii — The fledgling U.S. Cyber Command is trying to hit the ground running, aware that it’s playing catchup with often archaic equipment, dealing with constantly evolving threats and trying to justify its existence amid budget cuts and force reductions.
The cyber force is expected to be fully in place by the end of 2016 with a staff of 6,000, said Lt. Gen. James McLaughlin, deputy commander of U.S. Cyber Command. About 2,400 have been hired since fiscal year 2013 began, and they are now in teams that have at least “initial operating capability,” McLaughlin said Wednesday at the annual TechNet Pacific conference.
“That’s something that’s in play right now,” he said.
McLaughlin said the Cyber Mission Force was being formed into 133 teams.
“They’re basically tactical units,” he said.
He said he couldn’t provide much detail about where the teams will be placed, but said half would be used for defensive measures. At least part of the other half will presumably focus on offensive measures in the cyber realm.
“A few of the combatant commands — based on just the scope of responsibility and base of operation — have more of the teams than others, but every combatant command is being supported,” he said.
“We’re just beginning to have these teams formed,” he said. As each team is established, representatives of combatant commands have met with U.S. Cyber Command and set a short list of priorities, he said.
U.S. Cyber Command treats cyberspace as a warfare domain in the way the services regard air, sea and land.
“The real challenge for some of the teams is because of the infancy of the domain,” McLaughlin said.
He compared creating these fledgling cyber teams with building an F-22 fighter jet squadron.
“They’ve been checked out on the F-22, and they’d shown up at their unit, and the whole unit is mainly new lieutenants who’d just been checked out on the F-22,” he said. Their commander hadn’t “grown up as an offensive fighter,” nor had the unit been trained as an entity and certified to go into combat, as would normally be done with such a squadron.
”He didn’t have a training environment where they train every day so that you could certify individuals, certain elements of the team and the entire squadron,” he said. “Those things don’t exist yet in cyber, but we’re creating it as fast as we can.”
U.S. Cyber Command is looking to hire more people to fill those higher-level gaps.
“We need additional people to work the command and control, those intermediate-level set of tasks either in our combatant commands or in our service components that really translates senior-commander intent into plans and then into operations that the lead commander can then control,” he said.
The command’s domain includes the vast array of linked computer systems within the Defense Department, parts of which are arcane, archaic and exposed.
When a new cyber threat is announced, it can take weeks for technicians to even determine what parts of the network are running software that’s vulnerable.
“We don’t have weeks,” he said. “A lot of what we’re doing today is reacting to what happened, so we spend a lot of our time chasing our tails in the cyber command.”
He said the command’s goal is to get ahead of such threats, perhaps through the analysis of big data from the network that will reveal anomalies to prevent outside incursions before they happen.
McLaughlin acknowledged that pressure is on the cyber command to justify its hiring binge and increased budget at a time when most other areas in the Defense Department have dealt with cutbacks.
“This is the year of ‘prove it,’” he said.