Biden budget to seek boost to the military’s cyber force

A Defense Department spokesperson declined to comment before the budget rollout on Friday.

Since taking office in January, the Biden administration has been forced to confront a number of historic cyberattacks on federal government networks and the private sector.

A crippling ransomware attack on Colonial Pipeline this month led to widespread fuel shortages along the East Coast, laying bare the nation’s digital vulnerabilities and the broad national security challenges posed by the threat. The attack also added urgency to Biden issuing a lengthy executive order aimed at blocking hacks of federal networks.

The size of the Cyber Mission Force — whose three types of teams are responsible for protecting the nation’s computer networks and supporting military commands around the world — has remained largely unchanged even though the U.S. suffered a number of major cyberattacks over the past decade, such as North Korea’s 2014 hack of Sony Pictures and Russia’s digital assault on the 2016 presidential election.

Gen. Paul Nakasone, chief of Cyber Command, has been working on developing a request for an expansion for some time now, as both the cyber threat to the U.S. and the mission of the command increased drastically over the past decade, one of the sources said.

The desired boost is independent of an exhaustive force structure assessment first suggested by the congressionally chartered Cyberspace Solarium Commission, according to both people familiar with the request. Congress mandated the command undertake the review in last year’s defense policy bill.

That analysis is still ongoing, both people said, and is widely expected to call for even more personnel to be funneled into the Cyber Mission Force in the future.

Nakasone — who predicted in 2019 that the force would grow — wrote in congressional testimony in March that the time to boost the number of personnel was fast approaching.

“Recent demand across DoD has demonstrated that the original 133 teams in the CMF are not enough,” the four-star wrote. “The strategic environment has changed since the original CMF was designated in 2012. Added forces will ensure USCYBERCOM can fulfill its responsibility as both a supported and a supporting command.”

Nakasone, testifying before a House Armed Services subcommittee this month, said a number of factors would affect the growth of the force, including space operations, the malign digital operations of Russia, China and Iran, and the fact that the U.S. finds itself in a “period of strategic competition.”

“We have to have that balance of not only, what we are going to support our fellow combatant commands if conflict was to break out, but also if our adversaries are operating below the level of armed conflict every single day, what type of force do we need to be able to ensure that we can counteract that” similar to the way the command has defended recent U.S. elections, Nakasone added.

The 10 percent increase is “a wise down payment” on what is inevitably going to be a requirement to substantially scale up the force in the next few years, one of the people said.

While the cyber threat has been increasing steadily for the past decade, the danger has emerged vividly in the public domain over the past six months, from the SolarWinds hack, which breached at least nine federal agencies and roughly 100 private companies, to the ransomware attack this month on Colonial Pipeline that supplies nearly half of the East Coast’s liquid fuels.

The price tag of the proposed increase will not be clear until the budget request is rolled out on Friday, but one person estimated that it would cost at least $100 million a year on the low end. It will likely involve the costs associated with training and paying the additional people, as well as any associated infrastructure expenses.