RECORD VERSION STATEMENT BY LIEUTENANT GENERAL EDWARD C CARDON COMMANDING GENERAL U S ARMY CYBER COMMAND AND SECOND ARMY BEFORE THE SENATE ARMED SERVICES COMMITTEE SUBCOMMITTEE ON EMERGING THREATS AND CAPABILITIES OPERATIONALIZING CYBERSPACE FOR THE SERVICES FIRST SESSION 114TH CONGRESS APRIL 14 2015 NOT FOR PUBLICATION UNTIL RELEASED BY THE SENATE ARMED SERVICES COMMITTEE SUBCOMMITTEE ON EMERGING THREATS AND CAPABILITIES Introduction Chairman Fischer Ranking Member Nelson and Members of the Subcommittee thank you for your support of our Soldiers and Civilians our Army and our efforts to operationalize cyberspace It is an honor to address this subcommittee on behalf of the dedicated Soldiers and Army Civilians of U S Army Cyber Command ARCYBER and Second Army who work every day supporting Joint and Army commanders defending the Nation in cyberspace Army Cyber Command and Second Army have gained tremendous momentum building the Army's cyberspace capabilities and capacity While making significant strides over the past two years continued progress requires persistent congressional support in three core areas people operations and technology Put differently we require resources appropriate authorities organizations and capabilities which can be synchronized in time and space with singular purpose to accomplish directed missions This testimony focuses on the actions and activities the Army has underway or is planning to support our Title 10 responsibilities to organize man train and equip Army cyber forces for cyberspace operations Mission and Organization Army Cyber Command and Second Army directs and conducts cyberspace operations as authorized or directed to ensure freedom of action in and through cyberspace and to deny the same to our adversaries To accomplish this mission the Secretary of the Army and the Army Chief of Staff streamlined the Army's cyberspace command and control structures by placing operational control of all Army operational cyber forces under one commander The ARCYBER commanding general is responsible for Army and joint cyberspace operations is designated as the Second Army commanding general responsible for all Army network operations to meet United States Code Titles 40 and 44 requirements as defined by Headquarters Department of the Army and is designated as the Army's Joint Force Headquarters-Cyber JFHQCyber commander responsible for cyberspace operations supporting select geographic combatant commands as directed by U S Cyber Command USCYBERCOM This construct enables unity of effort for cyberspace operations The Secretary of Defense's recent decision to establish Joint Force Headquarters - Department of Defense Information Networks DoDIN better aligns DoDIN operations and by extension Army networks in a joint construct This decision is essential to realizing the Department's goal of establishing one joint global network that the Services operate within and extend for operational missions Other recent Army decisions include the formation of the Army Cyber Institute at the U S Military Academy West Point the establishment of the U S Army Cyber Center of Excellence Cyber CoE at Fort Gordon Georgia and the transition of the proponent for cyberspace operations from ARCYBER to the Army's Training and Doctrine Command at the Cyber CoE The Cyber CoE is now the Army's center of gravity for institutionalizing cyberspace to include developing the necessary doctrinal organizational training and materiel activities and policies We have already established the initial elements of Army JFHQ-Cyber at Fort Gordon Georgia and will collocate the ARCYBER headquarters alongside National Security Agency-Georgia at Fort Gordon by 2020 The FY16 President's Budget includes a request for $90 million to build a state-of-the-art headquarters and operations facility at Fort Gordon for Army Cyber Command To carry out our mission ARCYBER and Second Army's budget priorities include fielding the Cyber Mission Forces growing the Army's JFHQ-Cyber developing a highly skilled cyber workforce piloting capabilities for Cyber Mission Forces and re-stationing ARCYBER headquarters The budget for ARCYBER funds the headquarters activities supporting all Army cyberspace operations including the Army JFHQ-Cyber and the Army Cyberspace Operations Integration Center Information technology capabilities we are focusing on include network modernization cyber analytics network mapping cloud and virtualization and advanced platforms and tools Additionally we are working with the Army CIO G-6 and acquisition community to strengthen cybersecurity across the Army Bounding the Impact of Cyberspace on Military Operations Our momentum in cyberspace is also being driven by broader institutional changes to Army concepts The Army's doctrine Unified Land Operations and recently published Army Operating Concept establish a set of assumptions about conditions of 2 the network and cyber-electromagnetic environment in which our forces are expected to operate Services and combatant commanders base their plans on the expected Army capabilities derived from this doctrine Despite downsizing the Army is adding capabilities that amplify military effects while allowing more effective operations in and through cyberspace Commanders at all levels are synchronizing cyberspace operations into traditional land sea air and space activities in time and space They are simultaneously organizing networked assets the electromagnetic spectrum and kinetic forces in all domains to achieve a disproportionate advantage Achieving operational success hinges on having the requisite command and control alignment of authorities with missions and other key enabling capabilities such as intelligence targeting information technology and communication activities Tactical and enterprise networks are converging and future networks and the data they carry will be more contested and challenged -- especially in more intense forms of conflict Today the network is a critical enabler and also an operational capability for cyberspace operations Army Cyber Command is charged to plan and direct cyberspace operations supporting both the Army and USCYBERCOM and these missions require unity of effort and unity of command Now that cybersecurity has to be considered an element of cyberspace operations where does cybersecurity fit within the DoD's full-spectrum of cyberspace operations In other words where does statutory responsibility for cybersecurity nest with the operational commanders' responsibility to conduct full-spectrum cyberspace operations To fully operationalize cyberspace Army leaders and cyber organizations must be capable of ensuring both freedom of maneuver in cyberspace and integrating interactions between cyberspace operations and our traditional military activities that are increasingly reliant on networks and network-dependent enablers This requires an agile and adaptive network that does not exist in the Army today The Army recognizes it must collapse its vast array of disparate networks enclaves and nodes at both tactical and enterprise levels to improve security effectiveness and efficiency through network modernization In his recent House Armed Services subcommittee on Emerging Threats and Capabilities testimony the Army's Chief Information Officer LTG 3 Robert Ferrell described how the Army is achieving this modernization as part of the Joint Information Environment JIE Recruiting Retaining and Developing Cyberspace Operations Personnel The Army's first priority for cyberspace capabilities is to grow the Cyber Mission Force CMF We have increased our CMF capacity exponentially since September 2013 with 25 of 41 teams at initial operating capability We are on track to have all 41 Army CMF teams established and operating by the end of FY 16 However they will not all be fully operationally capable until FY17 Nothing is more important and vital to the growth of cyber capabilities than our ability to attract and retain the best people As such the Army views people as the centerpiece to cyberspace characterized by high degrees of competence and character After a detailed study the Army determined it needs 3 806 military and civilian personnel with core cyber skills To help meet our personnel needs the Secretary of the Army established a cyber branch on September 1 2014 and discussions are ongoing to determine how to better manage civilians supporting cyberspace operations In addition the Army has also created an E4 additional skill identifier to better track personnel who have served in cyber and cyber related assignments as we build the branch and the force The Army has enjoyed success with in-Service recruiting into the growing cyber force and is actively working to expand access to high-quality recruits We have increased recruiting aptitude scores visibly expanded our marketing efforts and started work on a Cyber CoE-led initiative to encourage Science Technology Engineering and Mathematics cadets from both United States Military Academy USMA and the Reserve Officers' Training Corps ROTC We will commission the first 30 cyber branch officers from both USMA and ROTC programs this summer Once assessed into the cyber branch officers are managed by the U S Army Human Resources Command's Cyber Management Branch Furthermore the Cyber CoE in collaboration with ARCYBER and other stakeholders is working to implement a cyber Career Management Field for enlisted personnel that will encompass accessions career management and retention this fiscal year The Army recently approved Special Duty Assignment Pay Assignment Incentive 4 Pay and bonuses for Soldiers serving in operational cyber assignments We have also expanded cyber educational programs including training with industry fellowships civilian graduate education and utilization of inter-service education programs e g Air Force Institute of Technology and the Naval Postgraduate School We are confident these will serve as additional incentives to retain the best personnel for this highly technical field Additionally as part of our Total Force efforts we have worked with the Reserve Components on key retention initiatives including bonuses for critical skill Service members transitioning from active duty service into the Reserve Components and accession bonuses for commissioned and warrant officers upon award of their duty qualifying military occupational specialties Appropriate Special Duty and Assignment Incentive Pays should be considered for each of the Reserve Components' cyber Soldiers Recruiting and retaining Army Civilian cyber talent is challenging given internal federal employment constraints regarding compensation and a comparatively slow hiring process Current efforts to attract and retain top civilian talent include extensive marketing efforts and leveraging existing programs and initiatives run by the National Security Agency Office of Personnel Management and National Science Foundation The targeted and enhanced use of recruiting relocation and retention bonuses and repayment of student loans will improve efforts to attract develop and retain an effective cyber civilian workforce These authorities exist but require consistent and predictable long-term funding Retaining highly skilled cyber professionals will continue to be a significant challenge that needs to be addressed Training Training is critical to building and retaining our cyberspace force Individual and collective cyber training has four components training the CMF integration of cyber into unified land operations at echelon training other cyber forces and enablers and training to achieve basic cybersecurity awareness across the Total Army To fund CMF joint training requirements for Active Component Soldiers and Civilians the Department of Defense provided resources through USCYBERCOM for all the Services through FY16 This training allotment was only for Active Component Soldiers and Civilians Training and sustainment resourcing after FY16 will become a 5 Service responsibility which the Army must fund beginning in 2017 To determine the way ahead for the transition to Service responsibility the Army Cyber CoE recently conducted a Joint Cyber Training Forum with USCYBERCOM and representatives from other Services and agencies The forum concluded that the Services are best positioned to develop common core individual training for specific CMF work roles Consequently the Army is re-evaluating cyber-related training at its specialty schools to better align the curriculum with CMF requirements To meet the growing demands for trained cyberspace operations personnel and in accordance with the Total Army policy with reference to cyberspace the Cyber CoE has initiated a partnership with the Army National Guard Professional Education Center in Little Rock Arkansas to increase cyber training throughput Both ARCYBER and the Cyber CoE are developing robust collective training methods that include both simulated virtual and real-world operational events on ranges and networks that stress individual and team capabilities We now require dedicated training facilities support infrastructure and cyberspace live fire facilities consistent with joint range requirements at the Service and joint levels Permanent training environments with dedicated facilities and resources will enable training innovations and further growth in capability and capacity available to combatant and Army commanders To help integrate cyberspace operations into unified land operations at echelon Army Cyber Command works closely with Army Training and Doctrine Command to ensure the continuum of cyberspace leader development education and training remains current and relevant despite the high rates of technological change The Cyber CoE is explicitly charged with incorporating joint standards into existing programs of instruction in Military Occupational Specialty schools and the Army Combined Arms Center is incorporating cyber operations planning into their training scenarios The Army must place equal attention toward the training of our cyber network defense service providers our computer emergency response teams and our information technology professionals Finally the Army must continue to improve the effectiveness of cybersecurity training across the Total Army This also requires a culture change The Army maximizes its contribution to the joint environment through fully participating in the design and conduct of USCYBERCOM-sponsored and executed 6 training and exercise events Army Cyber Command has also incorporated cyberspace operations into multiple operational plans and major exercises -- building a cadre of cyberspace planners now supporting the joint force and Army commanders The Army recognizes that cyber capabilities should also extend and be executed at the tactical edge to provide our forces a winning advantage across warfighting functions therefore the Army is working hard to define cyber requirements including training requirements for cyber support to our Corps and below formations with pilot programs planned for this year We continue to expand our professional cyberspace opposing force to more effectively train organizations and individuals on how to better protect and defend themselves against cyber-attacks and how to operate in a degraded cyberspace environment during operational training events such as major exercises and training center rotations Reserve Components Integration Army Cyber Command is a total multi-component force of Active and Reserve Components which are fully integrated into the cyberspace force mix Building the U S Army Reserve USAR and Army National Guard ARNG cyber forces is a high priority for the Army and ARCYBER Our Reserve Components integration strategy was reflected in the Army's input to the Department's response to Section 933 of the FY14 National Defense Authorization Act titled Cyber Mission Analysis for Cyber Operations of the Department of Defense which requested an analysis of the Reserve Components' role in cyberspace operations and is focused along several lines of effort including building an operational reserve in the USAR and ARNG for cyberspace crisis response seeking opportunities to provide dual-use capability in support of Military and Homeland Defense and Defense Support of Civil Authorities missions organizing cyber units to match CMF structure aligning ARNG and USAR cyber forces under ARCYBER training and readiness authority leveraging industry connected skills and using the Reserve Components' retention advantages for the Total Force The Army and ARCYBER will continue to develop a Total multi-component Army cyber force that includes 21 Reserve Component Cyber Protection Teams trained to the same standards as the Active Component cyber force The civilian acquired skills and experience of Reserve Component Soldiers should be leveraged to provide equivalency for cyber training enabling faster integration of the Reserve Components' capability into 7 the cyberspace force mix In October 2014 in coordination with the Director of the Army National Guard the Army activated one Army National Guard Cyber Protection Team in a Title 10 status supporting ARCYBER and Second Army Army Guard and Reserve forces routinely augment our headquarters now for cyberspace operations even as we work to build additional capability and capacity in the Guard and Reserve Our Reserve Components' contributions include supporting Operation ENDURING FREEDOM current operations in Southwest Asia the Defense Information Systems Agency USCYBERCOM the standup of Army JFHQ-Cyber and the defense of Army networks As we move forward with the ARNG and USAR to build the Total Army cyber force we will continue to train and integrate 429 ARNG and 469 USAR Soldiers into the Army's cyberspace operations Authorities are a complex problem The 933 report was an excellent start for defining the critical role our Reserve Components play in cyberspace operations While Title 10 authorities are clear Title 32 and State Active Duty status require the application of varied State constitutional legislative and executive authorities and coordination with state agencies and officials While every State is different there is merit in developing a common approach for authorities and capabilities to facilitate rapid and effective response in cyberspace Equipping the Army's Cyberspace Operations Force As cyberspace grows more complex and increasingly contested with sophisticated threats able to exploit known and unknown vulnerabilities cyberspace operations and cybersecurity have become exceptionally critical to national security Sophisticated software that almost anyone can operate is readily available for altruistic or nefarious purposes Aided by the proliferation of dual-use technologies cyber actors of all types take advantage of the connectivity openness and relative anonymity of cyberspace as illustrated by the recent attacks on Sony Pictures Entertainment and Anthem health insurance Today electronic hardware and software are increasingly embedded in everything from vehicles to guided missiles and are often integrated into systems which are difficult and costly to update or upgrade New threats or vulnerabilities are identified with increasing speed and at widely ranging intervals making updates time-consuming These factors present new vulnerabilities and pose new threats to our warfighting systems 8 To combat the growing threats to our networks we have to modernize and move to the Joint Information Environment JIE as quickly as possible to improve mission effectiveness enhance security and increase efficiency -- an imperative to protecting the DoDIN In conjunction with our joint partners the Army is aggressively improving its defensive posture beginning with architecture modernization efforts that reduce attack surface area improve bandwidth and reliability and fortify our long-standing but evercritical perimeter and defense-in-depth capabilities Notably the Joint Regional Security Stack JRSS initiative a component of the JIE will consolidate and improve the security of currently disparate networks and provide foundational elements for enhanced situational awareness Recent intrusions plainly underscore the extent to which DoD lacks sufficient situational awareness putting operations and sensitive data at grave risk With the proliferation of cyberspace capabilities globally situational awareness depends upon analysis of unprecedented quantities of data gathered across friendly enemy and neutral cyberspace Essential data elements providing clues to cyber-attacks often originate deep within adversary space and span our entire defenses All of these separate data sources must be captured aggregated and correlated in near real-time to discover ever-evolving and diverse threats including insider threats To improve our situational awareness in cyberspace we are aggressively pursuing foundational cyber analytics capabilities Coupled with architecture modernization our efforts align directly with JIE standards and its Single Security Architecture construct In parallel we are pursuing several advanced technologies to include network mapping cloud and virtualization and cyber infrastructure platforms and tools all of which are also fully integrated with USCYBERCOM's Unified Platform initiative Additionally we are an active partner with Defense Advanced Research Projects Agency on its PLAN X cyberwarfare program developing foundational platforms for the planning and execution of cyber operations Given the pace of technological change in cyberspace we must also address distinct requirements resourcing and acquisition processes for cyber technologies affecting the entire spectrum of research development testing evaluation fielding and sustainment Dynamic and agile institutional processes are crucial to building and maintaining our decisive technological advantage Recent updates to policy instructions 9 for the Joint Capabilities Integration and Development System and the Defense Acquisition System provide a foundation for requirements and acquisition governance and management These policy updates are rooted in agility flexibility and accountability to rapidly deliver cyberspace capabilities The Army is also establishing fiscal and governance structures for investments and appropriations for urgent requirements To keep pace with technology we must also capitalize on the cumulative innovative power of industry academia and our National Laboratories to develop test and pilot promising technology and concepts This requires a willingness to engage in iterative development and testing where success is measured by rapidly validating assumptions failing cheaply early and often Where resources are liberated from nonperforming programs and applied to those demonstrating promise and where new or enhanced cyberspace capabilities are delivered in weeks or months instead of months or years In recognition of the unique demands of cyberspace technologies the Army has designated a cyber-focal point at the office of the Assistant Secretary of the Army for Acquisition Logistics and Technology and designated initial cyber materiel development roles across our Program Executive Offices The Army is deeply focused on improving the security posture and resilience of its critical weapons and business platforms ensuring cyber threats and vulnerabilities are considered both in the design phase and throughout production and sustainment In addition the Army is focused on ensuring the advanced cyber technologies being procured for cyber mission forces today are integrated into comprehensive sustainable acquisition programs that fully address defensive offensive and DoDIN cyberspace operations requirements Remaining focused on DoD and USCYBERCOM guidance and directives we will ensure Army capabilities are presented in alignment with joint requirements and are interoperable within the joint community optimizing our collective investments across DoD As we work to ensure current processes evolve to capitalize on innovative technologies ultimately new programming and acquisition authorities would provide greater flexibility to developing and fielding the infrastructure platforms and tools needed by our operational cyber forces Conclusion 10 Operationalizing cyberspace is a journey Army Cyber Command Second Army and Army JFHQ-Cyber have made tremendous progress operationalizing cyberspace for the Army Army networks are better defended and our cyber forces are better manned trained and equipped Recent institutional changes are helping recruit retain and continuously develop competent and disciplined cyber professionals Despite cyberspace operations' central role in current defense strategy today funding for core requirements remains uncertain Cyber professionals - resourced with the right infrastructure platforms and tools - are the key to dominance in cyberspace Continued persistent congressional support is essential to ensure our Army has the required resources and authorities and the right people processes and technologies to provide our combatant commanders and national decision makers with a ready capable and superior operational cyber force With your support the Army will continue to provide national leaders and military commanders with an expanded set of options supporting national security objectives With your support we will deliver 11                     National Security Archive    Suite 701  Gelman Library  The George Washington University    2130 H Street  NW  Washington  D C  20037    Phone  202 994‐7000  Fax  202 994‐7005  nsarchiv@gwu edu