Senate committee looks to withhold funding for Cybercom capability architecture

BALTIMORE — The Senate Armed Services Committee plans to put a hold on funding for U.S. Cyber Command’s warfighting platforms until the command provides details on the next steps of the architecture’s development.

The funding limitations stem from the committee’s annual defense policy bill, which passed the Senate panel June 13. It pertains to Cybercom’s Joint Cyber Warfighting Architecture (JCWA), designed in 2019 to get a better handle on the capabilities, platforms and programs the command was designing, and set priorities for the Department of Defense as well as the industry partners that would be building them. It includes large programs for data analytics, operations conducted outside DOD networks, dashboards to command forces, and smaller components for individual tools and sensors.

When Cybercom was first created, it relied heavily on intelligence personnel, infrastructure platforms and tradecraft to build its enterprise. But just like the Army needs tanks and the Air Force needs planes to conduct missions, cyber troops need their own military-specific cyber platforms separate from the National Security Agency, which conducts foreign intelligence.

According to a summary of the Senate Armed Service’s bill — the full text of which has not been released as of publication — the committee will limit the funding available for JCWA until the Cybercom commander provides a plan to minimize work under the current architecture and creates a baseline plan for a “Next Generation JCWA.”

According to staff on the committee, they want the DOD to pause the current architecture to make sure it is looking at what the next iteration looks like and how it evolves. The Defense Science Board conducted a study on the architecture.

While staff noted there isn’t any indication the DOD isn’t looking at the next generation, they didn’t want to go too far down the current path before devising plans for how the architecture will evolve.

Cybercom has been on a long journey to develop its own capabilities, stemming from being granted limited acquisition authority in 2016 to realizing full control over its budget beginning in fiscal 2024. One of the main issues is the services still procure many of the capabilities needed by the cyber forces they provide to Cybercom, which over time, has created a hodgepodge of distinct and disparate capabilities that are not well integrated.

As a joint organization overseeing joint cyber teams, the command envisions a warfighting architecture that has the same look and feel across all teams — offensive and defensive — and services. The current architecture encompasses several components built by each of the services on behalf of the joint cyber mission force. The services provide them to Cybercom to conduct cyber operations, as executive agents. As such, JCWA is thought of as a singular platform to conduct military cyber operations, comprised of the sum of its parts.

Officials have alluded to the next generation of JCWA in the past, previously dubbed JCWA 2.0, to better integrate the disparate parts after an in-depth review found some pretty significant deficiencies in the architecture.

Now, the nomenclature has shifted to NextGen, through which Cybercom hopes to evolve the architecture into a more common and integrated platform, Col. Seth Bennett, deputy director of Cybercom’s cyber acquisition and technology directorate, J9, said at the AFCEA TechNet Cyber conference in Baltimore on June 25. Many of the major cyber acquisition programs to date did not have integrated requirements, something that will change going forward while also trying to work backward to integrate what’s already been built retroactively.

“To realize the JCWA Design, USCYBERCOM must balance the need to coalesce around a unifying architectural vision with the fact that the disparate programs already exist in some capacity today, and that the cyber operations forces need capabilities now—they do not have time to wait for a perfectly realized end state,” a chard from Bennett’s presentation read.

JCWA NextGen looks like a “Common Platform Runtime. Today, there are multiple, independently mange [sic] Kubernetes-based service meshes. Work toward a common platform architecture to reduce variance across PMOs. Imagine a fleet of vehicles of varying types, styles, brands, and fuel types for which the team of drivers must learn each vehicle’s needs, idiosyncrasies, and procedures, resulting in significant inefficiencies and delays,” the slide continued, referencing the current state of capabilities.

Also at issue is Congress’ requirement for Cybercom in the fiscal 2023 annual defense policy bill to create a program executive office for JCWA to manage all the capabilities and programs by 2027.

To get there, the command has drafted and outlined its path to initial operational capability and full operational capability. The roadmap includes areas for acquisition policies, hiring and improving the architecture, among others.

The initial operational capability involves continuing to plod along on the current path, something Bennett described as JCWA 1.X, essentially working to lay the groundwork for integration while it works on further developing the programs in progress.

“The idea is that we’ve got to do integration steps along the way. Just because we’re building the PEO and the personnel, doesn’t change the fact that we’ve got to be able to do integration steps,” Bennett said. “There’s clearly spots that we’ve evaluated in that giant architecture where that’s not efficient, that doesn’t make sense, why are there two of those, why are there six of these. We’re picking those spots with our lead architecture and trying to lay out when we’re going to work on integration points.”

The services will continue their work — for which now they will be reimbursed through Cybercom under its new authorities — while the J9 develops the programmatic, organizational and technical outlook for the PEO.

Some examples include aligning and integrating the various software factories across the services. Currently, services run software factories independent and distinct from each other.

“You can’t get to the other software factory from there to see what the amazing tools they’ve developed. Just something as silly as that needs to be integrated, because if you sign into JCWA, you need to be able to go see, look at all the tools, whether it be a Marine, Army, Navy, they should absolutely have them all in one spot so we can go find out how best to use them,” Bennett said. “That’s what we’re going to do in JCWA 1.0 is make those better.”

While the organization continues on its current work, it is also working with the Office of the Undersecretary of Defense for Acquisition and Sustainment to prove it can perform the necessary duties, manage programs and gain milestone decision authority.

Efforts are also underway to gain more staff and acquisition expertise. While the command has gained significantly more authority and funding, its acquisition staff and expertise have remained relatively flat from when it first gained acquisition authority and a budget nearly eight years ago, which was only $75 million per year compared to nearly $3 billion now.

While Cybercom can reach IOC with current staffing, Bennett said, “We will need more billets to get to a full operating capability, no question. I don’t have an answer for you yet on what’s next. How do we get more than what we have today? We’re all working. We’re all trying to do manpower studies and discuss that right now.”

Getting to FOC, on the other hand, will require addressing the findings of the Defense Science Board study, such as redundancy.

“Now we’re faced with: Why are we running six or seven different service mesh clusters when the truth is we can manage them all as a common runtime environment, create the JCWA common runtime environment and manage that in the central spot so that it can maintain its uptime and have its appropriate backups and not waste a lot of money, time and energy?” Bennett said. “That’s what the JCWA NextGen is supposed to be focusing on, making that common runtime environment all at the same time.”

Part of NextGen is aligning the various program offices that the services run on behalf of Cybercom to be value-stream-related and associated with the operational functional needs, such as software agile methodologies.

But until Cybercom gains more authority from the Office of the Undersecretary of Defense for Acquisition and Sustainment to affect programs run by the services, everything is still based upon handshake agreements, Bennett said. The J9 does not have the authority to tell the services how something should look, which is a power retained by the Pentagon’s A&S. Rather, they rely on verbal agreements between the command and service program managers to shape the end state of what Cybercom would like.

“We need that acquisition authority, which is why we’ve got to convince A&S that we can do this so that they can grant it to us. But in the meantime, we can do this,” Bennett said.