U.S. Cyber Command Annual Command Challenge Problem Guide

List of Key Chapter Titles

1. Vulnerabilities and Exploitation
2. Cybersecurity, Monitoring, and Visualization
3. Modeling and Predictive Analytics
4. Roles and Identity
5. Cross-Domain Penetrability and Agility
6. Infrastructure and Transport
7. Rapidly Generating Defensive Capabilities
8. Hardening SCADA and ICS Cybersecurity
9. Targeting and Influencing Closed Networks
10. Disruptively Scaling Operations
11. Sharing and Collaboration with External Partners
12. Joint Cyber Warfighting Architecture (JCWA) Integration

Document Introduction

As the United States' cyber warfare force, U.S. Cyber Command (USCYBERCOM) engages powerful adversaries in cyberspace daily, some of whom have become near-peer competitors in this domain. To maintain a decisive advantage, its operational forces must possess agility, its partnerships must be actionable, its operations must maintain continuity, and its relevant policies, doctrines, and processes must keep pace with the speed of developments in cyberspace, achieving synergy between operations, capabilities, and processes, as well as seamless integration of intelligence and operations.

Given the pace and complexity of missions and platforms, effective solutions require seamless integration, rapid scalability, and must allow interfacing parties to evolve independently. Segmented standard interfaces, automation, and autonomy are key elements of any solution. External organizations concerned with relevant challenge problems must inform U.S. Cyber Command of their participation and progress. Successfully addressing a challenge, while not directly leading to funding, will increase the likelihood of initiating related procurement and transition processes.

The report divides the 2024 Command Challenge Problems into six core categories, each corresponding to specific areas of expertise and skill sets, to align with external commercial and academic research, development, and product portfolios. The six categories include Vulnerabilities and Exploitation; Cybersecurity Monitoring and Visualization; Modeling and Predictive Analytics; Roles and Identity; Cross-Domain Penetrability and Agility; and Infrastructure and Transport. Each category defines core keywords and specific challenge directions.

In the area of Vulnerabilities and Exploitation, the focus is on issues such as vulnerability discovery, defensive patch deployment, threat detection, and attribution, with particular emphasis on the security protection of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. The Cybersecurity, Monitoring, and Visualization domain focuses on protecting Department of Defense infrastructure, involving technical challenges such as network topology mapping, intrusion detection, and risk assessment, while also encompassing requirements related to Zero Trust architecture and situational awareness.

Modeling and Predictive Analytics problems revolve around mathematical/statistical modeling, time-series analysis, and the application of Artificial Intelligence and Machine Learning, aiming to scale operations, optimize training environments, and achieve predictive persistent network access. The Roles and Identity domain addresses threats such as identity spoofing, phishing attacks, and cryptocurrency abuse, seeking operational application solutions within the open-source intelligence ecosystem. Cross-Domain Penetrability and Agility focuses on data sharing between classified and unclassified environments, collaboration with external partners, and the integration of cyber capabilities with kinetic operations.

The Infrastructure and Transport domain focuses on Joint Cyber Warfighting Architecture integration, enhancing Joint Cyber Command and Control capabilities, as well as the scaled application of Artificial Intelligence and Quantum Computing in offensive and defensive operations. It also involves core requirements such as data storage, transmission, and real-time resource management in a global network environment.