The United States is outsourcing its Cyberspace (Cyber Command) Operations – really?

// November 16th, 2015 // Hacking and Security

Task Order Request for Cyberspace Operations Support Services in support of United States Cyber Command (USCYBERCOM)

I just ran across this today. It’s a draft title Task Order Request for Cyberspace Operations Support Services in support of United States Cyber Command (USCYBERCOM). Oh, brother. That means the U.S. has bungled their cybersecurity so badly they’re now willing to outsource, and trust, this critical national security task to an outside contractor. Even a partner outside of the U.S. if they’re trusted status.

The entire document looks like a standard Task Order Request with these key (interesting) points.

The contractor “shall provide expertise in DODIN Operations, cyber defense, Tactics, Techniques, and Procedures (TTP) and systems, Cyberspace Operations community architecture, current and emerging cyber threats, and potential offensive and defensive capabilities for countering cyber threats.”

They shall “conduct proof of concept development of cyber capabilities for countering ongoing or impending cyber adversary actions against United States (U.S.) Government networks.”

They will be responsible for “cyber fires planning and analysis requires the coordination of joint strategic and operational planning and execution of joint fires, to include targeting, capability pairing, and threat mitigation.”

“Cyber fires” are direct attacks against targets which according to the Pentagon’s Law of War guidelines, can include lethal attacks. How could a cyberattack be lethal? According to the manual, examples include triggering a nuclear plant meltdown, opening a dam above a populated area, and disabling air traffic control services resulting in crashes of airplanes.

Included in the list of key personnel required for the contract are a “Weapons and Capabilities Lead” who will act as the “technical lead for contractor personnel performing fires, media malware analysis, cyber capability analysis”, etc. The minimum qualifications for the position include a minimum of ten years’ experience as a cyberspace analyst or three years’ experience in cyber fires and cyber targeting. In other words, they must have experience conducting real cyber-attacks.

Did we already forget that we just discovered our contractors were outsourcing their outsourced tasks to the Russians?

Additional information

Since I find these oh-so-interesting and somewhat comical, here’s the acronym list presented in the appendix of the proposal.

ACAS Assured Compliance Assessment Solution

AOR Area of Responsibility

ASSIST Assisted Services Shared Information System

B2C2WG Boards, Bureaus, Centers, Cells and Working Groups

BPR Business Process Re-engineering

C2 Command and Control

C3PO Cyber Command and Control Portal for Operations

C4IT Command, Control, Communications, Computers & Information Technology

CAPCO Controlled Access Program Coordination Office

CAS Cost Accounting Standards

CC/S/A/FA Combatant Command/Service/Agency/Field Activity

CCIR Commander’s Critical Information Requirements

CCMD Combatant Command

CCR Cyberspace Capability Registry

CCRI Command Cyber Readiness Inspection

CDA Congressionally Directed Actions

CDC Cleared Defense Contractor

CDS Cross Domain Solution

CERF Cyber Effects Request Form

CERT Computer Emergency Response Team

CFR Code of Federal Regulations

CI Counter-Intelligence

CIO Chief Information Officer

CJCSM Commander Joint Chiefs of Staff Manual

CKO Chief Knowledge Officer

CKT Cyber Key Terrain

CLIN Contract Line Item Number

CMF Cyber Mission Force

CMRS Continuous Monitoring Risk Score

CND Cyber Network Defense

CNODB Cyber Network Operations Database

CO Contracting Officer

COA Courses of Action

COCB Cyber Operational Capabilities Board

CONOPS Concept of Operations

CONUS Continental United States

COOP Continuity of Operations Plan

COR Contracting Officer’s Representative

CPFF Cost-Plus-Fixed-Fee

CRC Cyber Requirements Cell

CRIB USCYBERCOM Requirements and Investment Board

CS Control Systems

CSP Counterintelligence Scope Polygraph (CSP)

CTC Cyber Tasking Cycle

CTO Cyberspace Tasking Order

CTP Consent to Purchase

DCAA Defense Contract Audit Agency

DCO Defensive Cyberspace Operations

DFARS Defense Federal Acquisition Regulation Supplement

DHS Department of Homeland Security

DIB Defense Industrial Base

DISA Defense Information Systems Agency

DNS Domain Name System

DoD Department of Defense

DODIN Department of Defense Information Network

DSS Defense Security Service

DSSR Department of State Standardized Regulations (DSSR)

EEFI Essential Elements of Friendly Information

EIT Electronic and Information Technology

EResM Evaluation Response Message

EReqM Evaluation Request Message

ERP Enterprise Resource Planning

FAL Functional Area Lead

FCB Facility Clearance Branch

FCL Facility Clearance

FEDSIM Federal System and Integration Management Center

FOC Full Operational Capability

FOIA Freedom of Information Act

FTR Federal Travel Regulation

GFE Government-Furnished Equipment

GFI Government-Furnished Information

GFP Government-Furnished Property

GPS Global Positioning System

GSAM General Services Administration Acquisition Manual

HBSS Host Based Security System

HIDS Host Intrusion Detection System

IA Information Assurance

IAVA Information Assurance Vulnerability Alerts

IAVB Information Assurance Vulnerability Bulletins

IAVM Information Assurance Vulnerability Management

IAW In Accordance With

IC Intelligence Community

ICRWG Integrated Capabilities Requirements Working Group

IDIQ Indefinite Delivery Indefinite Quantity

IDM Internal Defensive Measures

IOC Initial Operational Capability

IOT In Order To

ISO In Support Of

IT Information Technology

J3 Directorate of Cyberspace Operations

J6 Command, Control, Communications, Computers Information Technology

J7 Joint Exercises and Training Directorate

JACWC Joint Advanced Cyber Warfare Course

JCAAS Joint Capability and Analysis Assessment System

JELC Joint Event Lifecycle

JFHQ Joint Force Headquarters

JIACG Joint Interagency Coordination Group

JID Joint Indicator Database

JIE Joint Information Environment

JIMS Joint Incident Management System

JMC Joint Malware Catalog

JMEM Joint Munitions Effectiveness Manual

JOC Joint Operations Center

JOPP Joint Operational Planning Process

JOSG Joint Information Environment Operations Sponsor Group

JQRR Joint Quarterly Readiness Review

JTCB Joint Targeting Coordination Board

JTCG Joint Targeting Coordination Group

JTF Joint Travel Regulation

JTSO Joint Information Environment Technical Synchronization Office

JTWG Joint Targeting Working Group

LAN Local Area Network

LE Law Enforcement

MA Multiple Award

MADO Military Affairs Desk Office

MCOP Master Cyber Operations Plan

MD5 Message Digest 5

ME Munitions Effectiveness

MIDB Modernized Integrated Database

MMA Media, Malware, and Analysis

MNS Mission Needs Statements

MOE Measure of Effectiveness

MOP Measure of Performance

MS Microsoft

MSR Monthly Status Report

NAI Named Areas of Interest

NDA Non-Disclosure Agreement

NIDS Network Intrusion Detection System

NISP National Industrial Security Program

NIST National Institute of Standards and Technology

NLT No Later Than

NSA National Security Agency

NTE Not to Exceed

OCI Organizational Conflict of Interest

OCO Offensive Cyberspace Operations

OCONUS Outside the Continental United States

ODC Other Direct Cost

OPG Operational Planning Groups

OPLAN Operations Plan

OPORD Operations Order

OPT Operational Planning Teams

ORSA Operations Research/System Analysis

OSD Office of the Secretary of Defense

PCC Planning and Coordination Cell

PDF Portable Document Format

PgMP® Program Management Professional

PII Personally Identifiable Information

PIR Priority Intelligence Requirements

PIT Platform Information Technology

PIV Personal Identity Verification

PM Project Manager

PMI Project Management Institute

PMP® Project Management Professional

PMP Project Management Plan

PNR Problem Notification Report

PNT Positioning, Navigation, and Timing

POA&M Plan of Action and Milestones

PoP Period of Performance

PWS Performance Work Statement

QCP Quality Control Plan

QFR Questions for the Record

RAP-CO Review and Approval Process for Cyberspace Operations

RFI Request for Information

RIP Request to Initiate Purchase

ROC Rehearsal of Concept

SAP Special Access Program

SATCOM Satellite Communications

SCI Sensitive Compartmented Information

SFE Space Force Enhancements

SIP Security In-Process

SLA Service Level Agreement

SME Subject Matter Expert

SOP Standard Operating Procedures

SSBI Single Scope Background Investigation

SSO Staff Security Office

STO Special Technical Operations

TASKORD Tasking Order

TMF Threat Mitigation Framework

TO Task Order

TOA Task Order Award

TOR Task Order Request

TPOC Technical Point of Contact

TS Top Secret

TTP Tactics, Techniques, and Procedures

TTX Tabletop Exercise

UCAP Unified Cyber Analytics Portal

U.S. United States

U.S.C. United States Code

USCYBERCOM United States Cyber Command

USSTRATCOM United States Strategic Command

WBS Work Breakdown Structure

WMS Workflow Management System

Sources: United States Department of Defense, Engadget




« « Previous Article: The crass symbolism in Arab cartoons following the terrorist attacks in Paris     » » Next Article: Obama’s address to the nation – Is the US government attempting to calm the public or instill more fear?


Leave a Reply

You must be logged in to post a comment.

%d bloggers like this: