WASHINGTON — The military has relied heavily on contractors for highly technical work to develop software for cyber operators. But the Army, Navy and Marine Corps have found that in-house engineers and tool developers can quickly create mission capabilities to improve threat response times and mission outcomes.

While industry software specialists continue to complement the military’s internal efforts, each of the service cyber components that feed up to U.S. Cyber Command has organized teams of coders, engineers and tool developers. They build rapid prototypes and new solutions, extend existing platforms, conduct vulnerability research and malware analysis, and test and evaluate software.

These personnel support the cyber mission force operations and provide wide expertise for their services on cyberspace and vulnerabilities.

For example, Fleet Cyber Command said it provided requested developers to Naval Sea Systems Command to determine how adversaries might compromise a shipboard system. Within a week, the developers identified potential cyber vulnerabilities and suggested corrections.

Army coders figure out how to best secure weapons systems and give combatant commanders effective options that align with their operations. Some examples include implementing systems designed to defend soldiers from small unmanned aerial system attacks and analyzing weapon systems’ attack surface to patch vulnerabilities.

The Marine Corps combines a mix of personnel — developers, analysts and operators — to achieve mission outcomes, a Marines spokesperson said.

MARFORCYBER noted there isn’t a set ratio for developers to operators, instead emphasizing adaptability. The Air Force and Navy declined to offer specifics on their ratios. Army Cyber Command explained it tries to ensure that a good percentage of developers provide direct support to several kinds of cyber teams:

  • Combat mission teams — conduct most offensive cyber operations on behalf of combatant commands.
  • National mission teams — work against specific nation-states in defense of the nation.
  • Expeditionary cyber teams — tactically focused teams that carry out cyber and radio frequency ground operations in support of ground commanders.

In fact, the Army recently experimented with coders at the edge for these teams to reprogram electronic warfare and radio frequency systems.

Army Cyber Command said a mix of developers, analysts and operators support of the command’s mission.

16th Air Force acknowledged that it has its own software develop program associated with its cyber mission set, but declined to offer specifics citing operational security. In one known example, the 67th Cyberspace Wing is experimenting with an approach it describes as software factory as a service, renting commercial space for software factories — such as the LevelUP DevSecOps facility — to develop tools for the cyber mission force.

For Army Cyber Command, in-house software and tool-building personnel are more agile, a spokesperson told C4ISRNET, following the Defense Department custom of speaking to reporters anonymously.

The command can rapidly reprioritize work around commanders’ short schedules, and the personnel have expertise that provides commanders more options than previously existed. This makes the command less dependent on industry to perform its mission, and the spokesperson said getting intelligence in developers’ hands is easier, and they can test capabilities against mission-relevant environments, which can be trickier with outside partners.

Navy cyber workforce teams, which have grown and matured, aren’t easily replicated through the acquisition process, a Fleet Cyber Command/10th Fleet spokesperson, told C4ISRNET.

“While contractors provide crucial support across the DoD, operational tempo and effective integration necessitate that many efforts are led and performed by government employees,” the person said.

Specifically, Fleet Cyber Command said developers have proved their ability to identify a capability gap during an operation, develop a solution in less than 24 hours and deliver a modified capability. Shorter timeframes for data science application creation saved thousands of hours of analysts’ time that they can spend on higher-priority tasks.

The services continue to used contractor support for larger efforts and platforms but have discovered the critical need for their own staff to perform these on-mission functions in a more timely manner.

The Air Force noted that contractor developers and government personnel are not mutually exclusive.

“Tool development lead by either Air Force organic teams, bleeding-edge Silicon Valley start-ups or the traditional large defense contractors is not a mutually exclusive answer in delivering timely and needed capability to our cyber forces,” according to a spokesperson for 16th Air Force/Air Forces Cyber. “The effectiveness of any of those groups is very dependent on the access to operators, and requirements and resources to develop capabilities at the speed of cyber. Each one of those groups bring different ideas, processes and experience to the cyber problem set. With the low cost of entry and number of cyber actors well beyond traditional nation state actors, Air Forces Cyber, and ultimately the United States cyber community at large, will require the expertise found in government, industry and academia to compete in the cyber domain.”

Army Cyber Command noted it has sufficient numbers of billets to address critical missions today, noting it does rely on industry for specialized expertise, tools and platform development “where the level of effort needed to obtain and sustain critical capabilities would be counterproductive or less cost effective than contracting for a limited period of time,” according to a spokesperson.

Similarly, Fleet Cyber Command noted the role of government employees and contractors is complementary.

“Industry are great partners to Fleet Cyber Command because they provide the expertise and scale that the Navy cannot generate internally. However, rapid agile development processes require a continuous and close synchronization with the operational elements, from requirements generation/modification through testing and acceptance,” a Fleet Cyber Command spokesperson said. “Establishing these processes with a single or handful of industry partners can be difficult from Defense Acquisition process perspective or prohibitively expensive. Additionally, if we outsource all of our capability development to industry, we lose the ability to develop a foundation for professional development and growth of our government employees into more advanced technical and leadership positions.”

Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.

More In Daily Brief