CYBERCOM 2.0 Seeks to ‘Deny Adversaries Freedom of Maneuver’

Officials said the War Department is implementing Cyber Command (CYBERCOM) 2.0 – a “revised cyber force generation model” – to develop and retain its elite cyber forces for long-term strategic competition.

“How do we build a better talent management system for our cyber force?’” said Assistant War Secretary for Cyber Policy and the War Secretary’s Principal Cyber Advisor Katie Sutton during AFCEA International’s Cyber Workforce Summit at National Defense University Tuesday. “I fundamentally believe that that’s going to be important, whether we have five services providing forces into the cyber mission force, or whether we have a different organizational model.”

CYBERCOM 2.0, introduced last fall and now being implemented, aims to integrate cyber capabilities across all military missions, a shift Sutton described as critical as adversaries such as Iran threaten to respond to U.S. kinetic operations with cyber activity.

“Going forward, we must operate on a fully integrated battlefield where the cyber domain is not a separate fifth domain of warfare, but the connective tissue for all domain warfare,” she said. “We are very focused on ensuring that we have a strategic advantage in the cyber domain to actively work to deny and defeat our adversaries freedom of maneuver in and through cyberspace to preserve our military advantage.”

Sutton emphasized that the nature of cyber threats has evolved significantly since the domain’s inception. While early cyber operations primarily focused on intelligence gathering, modern adversaries are preparing for conflict by embedding disruptive capabilities deep within the nation’s critical infrastructure and defense industrial base partners, she said. CYBERCOM 2.0 aims to explicitly counter advanced adversarial threats, according to Sutton.

“Our current force generation approach, while effective for conventional forces, has been inadequate for the unique requirements of building the deep technical skills we need in cyberspace,” Sutton said. “It’s too slow, too fragmented and hinders our ability to adapt at speed and scale to counter threats like Volt Typhoon … To address this, we’re taking a bold transformation and how we build and cultivate our cyber warriors.”

Compounding this danger is the rapid advancement of artificial intelligence. AI acts as a powerful force multiplier, increasing the speed, scale and sophistication of hostile attacks.

“Our adversaries are operationalizing AI to out compete us, creating a new paradigm where the pace of attacks challenges our ability to react, and the sheer scale overwhelms our ability to mount a credible defense,” Sutton said.

CYBERCOM 2.0 replaces compliance-based generalists with deep, technical experts, resting on three essential pillars: domain mastery, specialization and agility. The pillars allow staff to become experts at their jobs while maintaining the ability to face a wide span of threats, she said.

“We’re creating career tracks that allow our best operators to continue to hone their craft for years, becoming true masters of the domain without having to hang out their keyboards to get promoted,” Sutton explained.

As the Pentagon embeds emerging technologies into its cybersecurity workflows, Sutton stressed that governing its use is paramount. DOW must proactively develop rules of engagement before these capabilities are fully deployed, she said.

“The technology is going to be here long before we have the tactics, techniques and procedures to use it – the policies and the appropriate policy guidance,” she added.