The U.S. Cyberspace Solarium Commission, a bipartisan organization created in 2019 to develop a multipronged U.S. cyber strategy, will recommend the Department of Defense add more cyberwarriors to its forces, the group’s co-chair said Jan. 7.

The cyber mission force was established in 2013 and includes 133 teams and roughly 6,200 individuals from across the services that feed up to U.S. Cyber Command. These forces reached a staffing milestone known as full operational capability in May 2018, however, some on the commission believe the cyber landscape has changed so that the force needs to adapt as well.

In a final report that’s expected in the coming months, the solarium will recommend adding more cyberwarriors.

Cyber Command reaches critical staffing milestone Meeting a rigorous set of criteria, Cyber Command's cyber mission force is now fully manned.

“It’s fair to say that force posture today in cyber is probably not adequate," said Rep. Mike Gallagher, R-Wisc., co-chair of the U.S. Cyberspace Solarium Commission. Gallagher spoke at an event hosted by the Council on Foreign Relations in Washington Jan. 7.

Within the last two years, Cyber Command has described a philosophy called persistent engagement, which is a means of constantly contesting adversary behavior in cyberspace before it can be disruptive. Persistent engagement is viewed as a means of meeting the 2018 DoD cyberspace strategy’s direction to “defend forward.” That action seeks to position U.S. cyber forces outside of U.S. networks to either take action against observed adversary behavior or warn partners domestically or internationally of impending cyber activity observed in foreign networks.

Two years in, how has a new strategy changed cyber operations? This is the story of how, in two short years, a new cybersecurity strategy has forced the national security community to rethink cyber operations and how "persistent engagment" will work.

It is under this new approach that Gallagher and other commission members said the Pentagon must ensure its forces are capable of meeting the burgeoning challenges from bad actors.

× Need a daily brief? We've got you covered. Sign up to get the top Cyber headlines in your inbox every weekday morning. Thanks for signing up. By giving us your email, you are opting in to the Daily Brief.

“We need to figure out what’s the right size” of the force, Mark Montgomery, executive director of the commission, said at an event in November. “In my mind, the CMF probably needs to be reassessed. It might be that the assessment [says] that the size is the right size. I find that hard to believe with the growth in adversary.”

The cyber mission force is made up of about 5,000 service members out of a full staff of about 6,200, Dave Luber, Cyber Command’s executive director said in November. According to a defense official, it’s normal that staffing will fall below 100 percent but leaders are confident in DoD’s cyber forces’ readiness and ability to defend the nation.

During a February 2019 hearing before the Senate Armed Services Committee, Cyber Command’s leader, Gen. Paul Nakasone, said the force is the right size for the threats they currently face, but as it continues to operate and adversaries improve, it may need to grow beyond the 133 teams.

Nakasone told a defense conference in California in December that the force has been built to execute the persistent engagement strategy.

“Within U.S. Cyber Command, the National Security Agency, it’s about persistent engagement; this idea that we will enable our partners with information and intelligence and we will act when authorized,” he said. “This is the way forward for us … This is the way that we’ve structured our force. This is the way that we developed our doctrine. This is the way that we engage our adversaries … this is our method upon which we look at the future and say this is how we have an impact on our adversaries.”

Aside from the Cyberspace Solarium Commission, Congress now requires the Department of Defense to provide quarterly readiness briefings on the cyber mission force.

In the annual defense policy bill, signed into law in December, Pentagon officials must brief members of Congress on the abilities of the force to conduct cyber operations based on capability, capacity of personnel, equipment, training and equipment condition. The secretary of defense must also establish metrics for assessing the readiness of the cyber mission force, under the provision.