While the 133 teams of DOD Cyber Mission forces have reached initial operating capability, their organization, equipment and deployment structures continue to develop and change.
Brig. Gen. Maria Barrett said that the composition and doctrine of cyber mission forces are evolving.
While all 133 teams of cyber mission forces reached initial operating capability in the fall of 2016, they continue to be a work in progress, a U.S. Cyber Command official said, and changes to their equipping and doctrine are on the horizon.
Brig. Gen. Maria Barrett, the deputy director of operations, J-3, CyberCom, said at the AFCEA Army IT day that teams are currently involved in 50 named CyberCom missions. That experience is shaping how the teams will evolve, she said, and how they will be sustained.
"With the steady and increasing level of operational activity, we are continually assessing our requirements and challenging our assumptions that we made not long ago," Barrett said.
"We've talked about establishing doctrine," she said, "but I do believe that unlike other areas, we're going to be a little bit of a spiral development here for a while."
One of the primary areas of review is the Deployable Mission Support System, or DMSS, which is field kit that cyber protection teams take on deployment. Each of the services builds its own kits, which include laptops, passive and active sensors, "and analytic capability provided by either government off the shelf, commercial off the shelf or free and open software," Barrett said.
Those kits facilitate reconnaissance and security and counter mobility operations, and Barrett said the original requirements document for the kits was developed in January 2016, well before the teams reached initial capability.
She said the kits have generally met hardware requirements, but through deployments CyberCom has learned that teams can deploy in sub-units, which is something CyberCom commander Adm. Mike Rogers discussed in recent congressional testimony. As a result, CyberCom needs to create "out-of-band communications to establish command and control," said Barrett.
In addition, she said additional guidance is needed for "technology-specific software such as those needed for industrial control systems."
She also said CyberCom is looking to improve interoperability between the service DMSS kits by standardizing data.
"Having a fully defined data strategy would greatly enhance analysis across the cyber mission force and facilitate transitions between operations and between the teams regardless of what service they come from," she said.
Another area where the cyber forces need to evolve is in leveraging automation to move from a current focus on addressing known cyber threats to sensing and responding to new and unknown threats. Barrett said CyberCom is nearing completion of a document that outlines guidance for "development, selection, deployment and operation of sensing capabilities."
Another change in the works is restructuring CyberCom to combine offensive and defensive operational planning. Currently, offensive planners do not incorporate cyber defensive measures into their planning, and vice versa.
Barrett said she thinks the current structure and distribution of cyber mission forces has the needed flexibility to move and deploy them as mission demands require, at least for now.
"I think what we need to do right now is see how the force is operated, which we are, make the modifications that we need to do, and probably let it settle down a little bit before we make any changes," she said.
NEXT STORY: DHS: WannaCry could linger