Cyber Defense Review

Joint Interagency Coordination: How Can the Reserve Component Be Better Utilized to Defend Our Nation in the Cyber Arena?

By CAPT Sheila McMahon | March 01, 2017

INTRODUCTION

     In a time of constrained and reduced resources and to fortify the protection against the ever-increasing global cyber threats, the United States (US) must do more with less and better utilize its existing resources. The Reserve Components (RC) of the US military are filled with cyber expertise gained through civilian and military training as well as job experience. If the Department of Defense (DoD) can develop a program to better utilize the experience and skills resident in the Reserves, the US military can improve the nation’s cyber capabilities and better protect its networks.
Based on the current DoD CYBER Strategy , the Guard and Reserve has a significant role to play in the cyber realm. Specifically, the DoD CYBER Strategy calls on the Guard and Reserve to provide a “resource for expertise and to foster creative solutions to cybersecurity problems” and to provide “critical surge capacity” when needed. To provide the resources required to defend the nation, the Reserve Forces need to be better utilized. This paper proposes the establishment of a full-time support program manned by the RC and augmented by traditional Selected Reservists and Guardsmen on weekend duty. This program will capitalize on existing expertise and further develop the in-depth technical skills required to tackle the enormous cybersecurity challenges that exist today, and in the future. Also, the creation of such a program will result in an available, fully trained surge capacity when needed.

USCYBERCOM’S CYBER MISSION FORCE

In December 2012, the U.S. Secretary of Defense (SecDef) authorized the creation of the Cyber Mission Force (CMF). According to the DoD CYBER Strategy and the 2014 Quadrennial Defense Review (QDR), the initial construct consisted of 133 teams to be fully operational by 2018 and organized as follows:

 

  • Thirteen National Mission Teams (NMTs) to protect the US and interests against significant cyber-attacks;
  • Sixty-eight cyber Protection Teams (CPTs) to defend high priority DoD networks and systems against high priority threats;
  • Twenty-seven Combat Mission Teams (CMTs) to provide support to the Combatant Commanders by integrating cyberspace effects in operational and contingency planning;
  • Twenty-five Cyber Support Teams (CSTs) to provide analytic and planning support to the NMTs and CMTs. 

 
The initial construct did not include the RC though, as mentioned earlier in this paper, the DoD CYBER Strategy proposed using the RC to help solve cyberspace problems and provide backup support. In addition, the 2014 Reserve Policy Review Board Report Use of the National Guard and Reserve in the Cyber Mission Force, mentions the possible establishment of an additional thirty-three Reserve Cyber Protection Teams, but also states that “there is no documentation of RC CMF missions and roles or established requirements.” For the purpose of this paper, the RC includes the Army Reserve, Air Force Reserve, Marine Corp Reserve, Naval Reserve, and the Army and Air National Guard. The Coast Guard Reserve could also be considered but are quite small and would have to embed with another Service, most likely the Navy.

 
The CMF has been tasked with three primary mission sets:

  1. Defending the nation against Cyber-attacks with National Mission Forces,
  2. Operating and Defending DoD Information Networks (DODIN) with Cyber Protection Forces,
  3. Combatant Command Support from Cyber Combat Mission Forces.

According to the 2014 Quadrennial Defense Review, the Joint Chiefs of Staff (JCS) Working Group and Deputy's Management Action Group (DMAG) decided the size and composition of the 133 teams and approximately 6,000 personnel based on the skills needed to prosecute a sustained operational requirement. The CMF is resourced with 30% contributions coming from each Service, and the remaining 10% from the Marine Corps. The initial plan called for a force mix composed of an 80% Active Component (AC) and 20% Civilian manpower with each Service building a slightly different model. The CMF training track is to be standardized with all Service teams having the same requirements. The training track takes advantage of existing military courses and utilizes civilian courses when needed. Another possible utilization of RC skills is to engage in training the CMF.


On June 5, 2013, in response to growing US dependence on computer network technologies and the increasing threats to national security from the cyber domain, the Reserve Forces Policy Board (RFPB) established a Task Group to examine DoD’s plans to develop its organizations, policies, doctrine and practices for conducting defensive and offensive cyber operations. In addition, the Task Group was directed to look into the force mix between active, reserve, and civilian personnel, and RC organizations needed to meet the DoD strategy. The RFPB met on June 4, 2014, and offered four recommendations:

Include Reserve Components in Cyber Mission Force requirements to leverage RC reduced cost, civilian/AC acquired skill/experience, continuity, and longevity.

As part of a Total Force solution, re-evaluate the composition, size and force mix of the planned Cyber Mission Force by FY 2017, and refine as needed based on changing threats, team effectiveness, capability, required capacity and cost.

The DoD should study, and then assign executive responsibility to a single Service for the full range of joint cyber training.

Recruit highly skilled members via a professional accessions and retention program to fill both AC and RC requirements within the Cyber Mission Force.

 
Based on the DoD Cyber Strategy, the 2014 QDR and RFPB’s recommendation, this paper proposes a new approach to better engage the RC in the CMF, and recruit individuals with the necessary cyber skills and aptitude required to keep US networks safe and secure.

NGB RINGGOLD PROGRAM

     RINGGOLD is a special and unique program under the National Guard (NG) Counterdrug (CD) Support Program, which utilizes linguist support. Specifically, it falls under the Federal Counterdrug program, which is funded by the Deputy Assistant Secretary of Defense for Counter-Narcotics (CN) and Global Threats (DASD CN&GT). This special CN program is a force provider in support of crucial Counter-Narcoterrorism (CNT) and CN missions for several combatant commands (COCOMs) and the U.S. Customs and Border Protection. Federal Operations also include State or Title 32 programs that provide linguistic support to U.S. Central Command, the National Security Agency, and the Drug Enforcement Administration.
This program is unique in that it taps into the language capability that already resides in the National Guard in certain States and offers Guardsmen opportunities to support a rewarding mission full-time. This program provides training opportunities not always afforded to the RC, and an opportunity to earn an active duty retirement. The ability to use the RC to support cyberspace mission full-time without the AC constraints of having to transfer to fill other military service requirements every three years is clearly a force multiplier. The ability to earn an active duty retirement and take advantage of specialized training opportunities only available to the military is a robust recruiting tool.
This paper proposes the creation of a CYBER RINGOLD program, mirrored after the NGB RINGGOLD program but utilizing all military reserves not just Title 32 National Guard forces. This program allows the RC to be a force provider in support of critical cyber missions and assure a potent and ready surge capacity. This program would tap into the cyber capabilities that already exist in the RC and focus on the cybersecurity aspect of cyberspace operations, specifically defensive cyberspace operations (DCO) and defense of the DODIN. The CYBER RINGGOLD Warriors should be part of the CMF and, in certain cases, could be assigned to long-term, enduring military cyber projects. In addition to utilizing skills that already exist in the RC, the CYBER RINGGOLD program would allow the AC to focus on tactical offensive cyberspace operation (OCO) missions. Funding for the CYBER RINGGOLD program could come from a myriad of sources including DASD CN&GT since cyber threats are more often than not global threats. In addition, and to add substance to the name, one could argue that cyber warriors are also linguists and their language is ‘bits.’

CYBER RINGGOLD PROPOSED STRUCTURE AND C2

Logically, the CYBER RINGGOLD teams should be operationally subordinate or OPCON to the U. S. Cyber Command (USCYBERCOM) located at Fort Meade, Maryland. To reiterate, this paper asserts that these teams should primarily focus on both the DCO and defense of the DODIN missions, and augment the OCO mission when tasked by USCYBERCOM. The CYBER RINGGOLD teams will also be administratively subordinate to their Service and part of the existing RC CMF structure and should be evenly distributed among the different Services. The working location of the CYBER RINGGOLD teams is negotiable since they should tap into to the existing Joint Reserve Intelligence Program (JRIP) infrastructure and utilize its approximately twenty-eight Joint Reserve Intelligence Centers (JRICs) located across the country.
It should be noted that for the CYBER RINGGOLD teams to be effective, they must receive clear tasking from USCYBERCOM and be formally incorporated within the CMF. The command and control (C2) must be clear, so the teams can accomplish their mission, and avoid confusion and diminished morale.

JOINT RESERVE INTELLIGENCE PROGRAM AND CENTERS

The JRIP is an Undersecretary of Defense for Intelligence (USDI) concept to better utilize the Reserve Military Intelligence (RMI) capabilities during peacetime. This DoD program was formally created by the SecDef in January 1995 and provides classified space or Joint Reserve Intelligence Centers (JRICs) for RC intelligence professionals to utilize during weekdays and drill weekends to utilize RC intelligence professionals to the fullest extent possible. The JRIP enables RMI units to support DoD intelligence requirements tasked by COCOMs, Military Departments, and Combat Support Agencies. The Director of the Defense Intelligence Agency (DIA) is the JRIP Program Manager as designated by the USDI.
The JRIC is a joint intelligence production and training facility that utilizes standardized information networks to connect members of the RC with an AC gaining command, i.e., COCOMs, Military Departments, and Combat Support Agencies (CSAs). JRICs are typically located within a Military Department-owned, managed, and maintained (Active or Reserve) Sensitive Compartmented Information Facility (SCIF) that uses JRIP-provided infrastructure and connectivity and normally includes collateral or unclassified areas. JRICs are also used by full-time civilian and military members from COCOMs, Military Departments, and CSAs to meet mission requirements and take advantage of skill-sets resident in different parts of the country or for humanitarian missions.

CONCLUSION

Clearly, our Nation is dependent on computer network technologies and is extremely vulnerable to multiple threats in the cyber domain. The April 2015 Office of Personnel Management (OPM) data breach and the compromise of personally identifiable information (PII) of over four million government employees is one example of the damage that can be done by US adversaries in cyberspace. Many of these cyber threats pose a danger to US personnel and national security. In addition, the US military reserve is a largely untapped resource that could be a robust force multiplier in the cyber domain. This paper proposes that DoD create a full-time military reserve program with operational control (OPCON) to USCYBERCOM that is mirrored after the National Guard Bureau’s RINGGOLD program and fully dedicated to counter the ever-present cyber threats. This program would leverage and build on the existing cyber talent already resident in the Reserves, work with existing or proposed AC and RC Military Service CMF units, and utilize the infrastructure already in place at DIA managed JRICs. In addition, this full-time program would create and strengthen a reliable reach back and surge capability for the AC and potentially be a recruiting tool to entice needed cyber talent to join the Reserves. The success of this program will be contingent on USCYBERCOM being able to successfully command and control the CYBER RINGGOLD Reservists, but the reward will be substantial. The cyber threats to our Nation are real and always increasing. It is time to use the US military RC to its full potential, which will add to defense-in-depth and better protect the US from these persistent and damaging cyber threats.






US Army Comments Policy
If you wish to comment, use the text box below. Army reserves the right to modify this policy at any time.

This is a moderated forum. That means all comments will be reviewed before posting. In addition, we expect that participants will treat each other, as well as our agency and our employees, with respect. We will not post comments that contain abusive or vulgar language, spam, hate speech, personal attacks, violate EEO policy, are offensive to other or similar content. We will not post comments that are spam, are clearly "off topic", promote services or products, infringe copyright protected material, or contain any links that don't contribute to the discussion. Comments that make unsupported accusations will also not be posted. The Army and the Army alone will make a determination as to which comments will be posted. Any references to commercial entities, products, services, or other non-governmental organizations or individuals that remain on the site are provided solely for the information of individuals using this page. These references are not intended to reflect the opinion of the Army, DoD, the United States, or its officers or employees concerning the significance, priority, or importance to be given the referenced entity, product, service, or organization. Such references are not an official or personal endorsement of any product, person, or service, and may not be quoted or reproduced for the purpose of stating or implying Army endorsement or approval of any product, person, or service.

Any comments that report criminal activity including: suicidal behaviour or sexual assault will be reported to appropriate authorities including OSI. This forum is not:

  • This forum is not to be used to report criminal activity. If you have information for law enforcement, please contact OSI or your local police agency.
  • Do not submit unsolicited proposals, or other business ideas or inquiries to this forum. This site is not to be used for contracting or commercial business.
  • This forum may not be used for the submission of any claim, demand, informal or formal complaint, or any other form of legal and/or administrative notice or process, or for the exhaustion of any legal and/or administrative remedy.

Army does not guarantee or warrant that any information posted by individuals on this forum is correct, and disclaims any liability for any loss or damage resulting from reliance on any such information. Army may not be able to verify, does not warrant or guarantee, and assumes no liability for anything posted on this website by any other person. Army does not endorse, support or otherwise promote any private or commercial entity or the information, products or services contained on those websites that may be reached through links on our website.

Members of the media are asked to send questions to the public affairs through their normal channels and to refrain from submitting questions here as comments. Reporter questions will not be posted. We recognize that the Web is a 24/7 medium, and your comments are welcome at any time. However, given the need to manage federal resources, moderating and posting of comments will occur during regular business hours Monday through Friday. Comments submitted after hours or on weekends will be read and posted as early as possible; in most cases, this means the next business day.

For the benefit of robust discussion, we ask that comments remain "on-topic." This means that comments will be posted only as it relates to the topic that is being discussed within the blog post. The views expressed on the site by non-federal commentators do not necessarily reflect the official views of the Army or the Federal Government.

To protect your own privacy and the privacy of others, please do not include personally identifiable information, such as name, Social Security number, DoD ID number, OSI Case number, phone numbers or email addresses in the body of your comment. If you do voluntarily include personally identifiable information in your comment, such as your name, that comment may or may not be posted on the page. If your comment is posted, your name will not be redacted or removed. In no circumstances will comments be posted that contain Social Security numbers, DoD ID numbers, OSI case numbers, addresses, email address or phone numbers. The default for the posting of comments is "anonymous", but if you opt not to, any information, including your login name, may be displayed on our site.

Thank you for taking the time to read this comment policy. We encourage your participation in our discussion and look forward to an active exchange of ideas.