In a time of constrained and reduced resources and to fortify the protection against the ever-increasing global cyber threats, the United States (US) must do more with less and better utilize its existing resources. The Reserve Components (RC) of the US military are filled with cyber expertise gained through civilian and military training as well as job experience. If the Department of Defense (DoD) can develop a program to better utilize the experience and skills resident in the Reserves, the US military can improve the nation’s cyber capabilities and better protect its networks.
Based on the current DoD CYBER Strategy[i], the Guard and Reserve has a significant role to play in the cyber realm. Specifically, the DoD CYBER Strategy calls on the Guard and Reserve to provide a “resource for expertise and to foster creative solutions to cybersecurity problems” and to provide “critical surge capacity” when needed. To provide the resources required to defend the nation, the Reserve Forces need to be better utilized. This paper proposes the establishment of a full-time support program manned by the RC and augmented by traditional Selected Reservists and Guardsmen on weekend duty. This program will capitalize on existing expertise and further develop the in-depth technical skills required to tackle the enormous cybersecurity challenges that exist today, and in the future. Also, the creation of such a program will result in an available, fully trained surge capacity when needed.
USCYBERCOM’S Cyber Mission Force
In December 2012, the U.S. Secretary of Defense (SecDef) authorized the creation of the Cyber Mission Force (CMF). According to the DoD CYBER Strategy and the 2014 Quadrennial Defense Review (QDR), the initial construct consisted of 133 teams to be fully operational by 2018 and organized as follows:
- Thirteen National Mission Teams (NMTs) to protect the US and interests against significant cyber-attacks;
- Sixty-eight cyber Protection Teams (CPTs) to defend high priority DoD networks and systems against high priority threats;
- Twenty-seven Combat Mission Teams (CMTs) to provide support to the Combatant Commanders by integrating cyberspace effects in operational and contingency planning;
- Twenty-five Cyber Support Teams (CSTs) to provide analytic and planning support to the NMTs and CMTs.[ii]
The initial construct did not include the RC though, as mentioned earlier in this paper, the DoD CYBER Strategy proposed using the RC to help solve cyberspace problems and provide backup support. In addition, the 2014 Reserve Policy Review Board Report Use of the National Guard and Reserve in the Cyber Mission Force, mentions the possible establishment of an additional thirty-three Reserve Cyber Protection Teams, but also states that “there is no documentation of RC CMF missions and roles or established requirements.”[iii] For the purpose of this paper, the RC includes the Army Reserve, Air Force Reserve, Marine Corp Reserve, Naval Reserve, and the Army and Air National Guard. The Coast Guard Reserve could also be considered but are quite small and would have to embed with another Service, most likely the Navy.
The CMF has been tasked with three primary mission sets:
- Defending the nation against Cyber-attacks with National Mission Forces,
- Operating and Defending DoD Information Networks (DODIN) with Cyber Protection Forces,
- Combatant Command Support from Cyber Combat Mission Forces.[iv]
According to the 2014 Quadrennial Defense Review, the Joint Chiefs of Staff (JCS) Working Group and Deputy’s Management Action Group (DMAG) decided the size and composition of the 133 teams and approximately 6,000 personnel based on the skills needed to prosecute a sustained operational requirement.[v] The CMF is resourced with 30% contributions coming from each Service, and the remaining 10% from the Marine Corps. The initial plan called for a force mix composed of an 80% Active Component (AC) and 20% Civilian manpower with each Service building a slightly different model.[vi] The CMF training track is to be standardized with all Service teams having the same requirements. The training track takes advantage of existing military courses and utilizes civilian courses when needed. Another possible utilization of RC skills is to engage in training the CMF.
On June 5, 2013, in response to growing US dependence on computer network technologies and the increasing threats to national security from the cyber domain, the Reserve Forces Policy Board (RFPB) established a Task Group to examine DoD’s plans to develop its organizations, policies, doctrine and practices for conducting defensive and offensive cyber operations. In addition, the Task Group was directed to look into the force mix between active, reserve, and civilian personnel, and RC organizations needed to meet the DoD strategy. The RFPB met on June 4, 2014, and offered four recommendations:
- Include Reserve Components in Cyber Mission Force requirements to leverage RC reduced cost, civilian/AC acquired skill/experience, continuity, and longevity.
- As part of a Total Force solution, re-evaluate the composition, size and force mix of the planned Cyber Mission Force by FY 2017, and refine as needed based on changing threats, team effectiveness, capability, required capacity and cost.
- The DoD should study, and then assign executive responsibility to a single Service for the full range of joint cyber training.
- Recruit highly skilled members via a professional accessions and retention program to fill both AC and RC requirements within the Cyber Mission Force.[vii]
Based on the DoD Cyber Strategy, the 2014 QDR and RFPB’s recommendation, this paper proposes a new approach to better engage the RC in the CMF, and recruit individuals with the necessary cyber skills and aptitude required to keep US networks safe and secure.
NGB RINGGOLD Program
RINGGOLD is a special and unique program under the National Guard (NG) Counterdrug (CD) Support Program, which utilizes linguist support. Specifically, it falls under the Federal Counterdrug program, which is funded by the Deputy Assistant Secretary of Defense for Counter-Narcotics (CN) and Global Threats (DASD CN>). This special CN program is a force provider in support of crucial Counter-Narcoterrorism (CNT) and CN missions for several combatant commands (COCOMs) and the U.S. Customs and Border Protection. Federal Operations also include State or Title 32 programs that provide linguistic support to U.S. Central Command, the National Security Agency, and the Drug Enforcement Administration.[viii]
This program is unique in that it taps into the language capability that already resides in the National Guard in certain States and offers Guardsmen opportunities to support a rewarding mission full-time. This program provides training opportunities not always afforded to the RC, and an opportunity to earn an active duty retirement. The ability to use the RC to support cyberspace mission full-time without the AC constraints of having to transfer to fill other military service requirements every three years is clearly a force multiplier. The ability to earn an active duty retirement and take advantage of specialized training opportunities only available to the military is a robust recruiting tool.
This paper proposes the creation of a CYBER RINGOLD program, mirrored after the NGB RINGGOLD program but utilizing all military reserves not just Title 32 National Guard forces. This program allows the RC to be a force provider in support of critical cyber missions and assure a potent and ready surge capacity. This program would tap into the cyber capabilities that already exist in the RC and focus on the cybersecurity aspect of cyberspace operations, specifically defensive cyberspace operations (DCO) and defense of the DODIN. The CYBER RINGGOLD Warriors should be part of the CMF and, in certain cases, could be assigned to long-term, enduring military cyber projects. In addition to utilizing skills that already exist in the RC, the CYBER RINGGOLD program would allow the AC to focus on tactical offensive cyberspace operation (OCO) missions. Funding for the CYBER RINGGOLD program could come from a myriad of sources including DASD CN> since cyber threats are more often than not global threats. In addition, and to add substance to the name, one could argue that cyber warriors are also linguists and their language is ‘bits.’
Cyber RINGGOLD Proposed Structure and C2
Logically, the CYBER RINGGOLD teams should be operationally subordinate or OPCON to the U. S. Cyber Command (USCYBERCOM) located at Fort Meade, Maryland. To reiterate, this paper asserts that these teams should primarily focus on both the DCO and defense of the DODIN missions, and augment the OCO mission when tasked by USCYBERCOM. The CYBER RINGGOLD teams will also be administratively subordinate to their Service and part of the existing RC CMF structure and should be evenly distributed among the different Services. The working location of the CYBER RINGGOLD teams is negotiable since they should tap into to the existing Joint Reserve Intelligence Program (JRIP) infrastructure and utilize its approximately twenty-eight Joint Reserve Intelligence Centers (JRICs) located across the country.
It should be noted that for the CYBER RINGGOLD teams to be effective, they must receive clear tasking from USCYBERCOM and be formally incorporated within the CMF. The command and control (C2) must be clear, so the teams can accomplish their mission, and avoid confusion and diminished morale.
Joint Reserve Intelligence Program and Centers
The JRIP is an Undersecretary of Defense for Intelligence (USDI) concept to better utilize the Reserve Military Intelligence (RMI) capabilities during peacetime. This DoD program was formally created by the SecDef in January 1995 and provides classified space or Joint Reserve Intelligence Centers (JRICs) for RC intelligence professionals to utilize during weekdays and drill weekends to utilize RC intelligence professionals to the fullest extent possible.[ix] The JRIP enables RMI units to support DoD intelligence requirements tasked by COCOMs, Military Departments, and Combat Support Agencies. The Director of the Defense Intelligence Agency (DIA) is the JRIP Program Manager as designated by the USDI.[x]
The JRIC is a joint intelligence production and training facility that utilizes standardized information networks to connect members of the RC with an AC gaining command, i.e., COCOMs, Military Departments, and Combat Support Agencies (CSAs). JRICs are typically located within a Military Department-owned, managed, and maintained (Active or Reserve) Sensitive Compartmented Information Facility (SCIF) that uses JRIP-provided infrastructure and connectivity and normally includes collateral or unclassified areas.[xi] JRICs are also used by full-time civilian and military members from COCOMs, Military Departments, and CSAs to meet mission requirements and take advantage of skill-sets resident in different parts of the country or for humanitarian missions.
Clearly, our Nation is dependent on computer network technologies and is extremely vulnerable to multiple threats in the cyber domain. The April 2015 Office of Personnel Management (OPM) data breach and the compromise of personally identifiable information (PII) of over four million government employees[xii] is one example of the damage that can be done by US adversaries in cyberspace. Many of these cyber threats pose a danger to US personnel and national security. In addition, the US military reserve is a largely untapped resource that could be a robust force multiplier in the cyber domain. This paper proposes that DoD create a full-time military reserve program with operational control (OPCON) to USCYBERCOM that is mirrored after the National Guard Bureau’s RINGGOLD program and fully dedicated to counter the ever-present cyber threats. This program would leverage and build on the existing cyber talent already resident in the Reserves, work with existing or proposed AC and RC Military Service CMF units, and utilize the infrastructure already in place at DIA managed JRICs. In addition, this full-time program would create and strengthen a reliable reach back and surge capability for the AC and potentially be a recruiting tool to entice needed cyber talent to join the Reserves. The success of this program will be contingent on USCYBERCOM being able to successfully command and control the CYBER RINGGOLD Reservists, but the reward will be substantial. The cyber threats to our Nation are real and always increasing. It is time to use the US military RC to its full potential, which will add to defense-in-depth and better protect the US from these persistent and damaging cyber threats.
About the Author
Captain Sheila McMahon, USN is currently serving as the Commanding Officer of Navy Reserve Navy Information Operations Command Maryland in Fort Meade, MD. She was commissioned through ROTC at the University of Illinois at Urbana-Champaign in 1994 into the cryptologic career field. She holds a BS in biochemistry, an MS in technology management and an AA in Chinese Mandarin. Prior to her current assignment, CAPT McMahon served as the Commanding Officer of Defense Intelligence Agency 0601 in Fort Dix, New Jersey, and the Executive Officer of Navy Reserve Commander, U.S. TENTH Fleet in Fort Meade, Maryland.
[i]Ashton Carter, The Department of Defense Cyber Strategy (Washington DC: Department of Defense, 2015), 18.
[ii] Ashton Carter, The Department of Defense Cyber Strategy (Washington DC: Department of Defense, 2015), 6.
[iii] Reserve Forces Policy Board, DoD Cyber Approach: Use of the National Guard and Reserve in the Cyber Mission Force (Washington DC: Reserve Forces Policy Board, 2014), 9.
[iv] Cheryl Pellerin, “Rogers: Cybercom Defending Networks, Nation,” DoD News, August 18, 2014, https://www.defense.gov/News/Article/Article/603083.
[v] Charles Hagel, The Quadrennial Defense Review 2014 (Washington DC: Department of Defense, 2014), 41.
[vi] Reserve Forces Policy Board, DoD Cyber Approach: Use of the National Guard and Reserve in the Cyber Mission Force (Washington DC: Department of Defense, 2014), 8.
[vii] Reserve Forces Policy Board, DoD Cyber Approach: Use of the National Guard and Reserve in the Cyber Mission Force (Washington DC: Department of Defense, 2014), 16-24.
[viii] Chief of the National Guard Bureau, “National Guard Counterdrug Support,” Chief of the National Guard Bureau Instruction (CNGBI) 3100.01, September 30, 2014, B-5.
[ix] U.S. Department of Defense, DoD Instruction 3305.07: Joint Reserve Intelligence Program (JRIP), (Washington DC: DoD, March 27, 2007), 2.
[x] U.S. Department of Defense, DoD Instruction 3325.11: Management of the Joint Reserve Intelligence Program (JRIP), (Washington DC: DoD, June 26, 2015), 5.
[xi] U.S. Department of Defense, DoD Instruction 3305.07: Joint Reserve Intelligence Program (JRIP), (Washington DC: DoD, March 27, 2007), 2.
[xii] U.S. Office of Personnel Management, “Information about OPM Cybersecurity Incidents,” Cybersecurity Resource Center. Last accessed February 20, 2017, https://www.opm.gov/cybersecurity/cybersecurity-incidents/.