Senior Pentagon officials told lawmakers that the department’s new cyber force generation model is intended to help the U.S. military remove and counter threats linked to China that have penetrated America’s critical infrastructure networks.
During a hearing of the Senate Armed Services Subcommittee on Cybersecurity, officials said Chinese-linked cyber actors, including a group known as Volt Typhoon, have in recent years infiltrated U.S. networks using a tactic known as “living off the land.”
Lt. Gen. William Hartman, acting commander of U.S. Cyber Command (CYBERCOM) and performing the duties of director of the National Security Agency, said such activity has been observed across multiple sectors.
“The bad news is we have seen them in telecommunication systems,” Hartman said. “We’ve seen them in critical infrastructure.”
Hartman said the Pentagon’s revamped approach, known as CYBERCOM 2.0, is designed to improve how the department builds, trains, and sustains cyber forces so they can better defend U.S. networks and respond to persistent threats.
The overhaul began last year and represented the most extensive restructuring of CYBERCOM since its establishment.
Hartman said the changes are intended to create a “more lethal, agile, and sustainable cyber force.”
He told lawmakers that advanced and specialized training under the new model would allow U.S. cyber forces to both compete with and “outpace China.”
Artificial intelligence (AI) and automation, he added, will play a growing role in defending American networks.
“It’s not going to entirely take the human out of the loop,” Hartman said. “But what it is going to do is identify the most important data that our analysts need to look at in order to best protect our network.”
Hartman said CYBERCOM is working to scale AI tools that are specifically focused on detecting “living off the land” techniques used by China-linked actors. He also emphasized the importance of rapidly sharing insights gained from offensive cyber operations with defensive teams.
Katherine Sutton, assistant secretary of defense for cyber policy, said the initiative reflects a broader shift in how the department approaches cyber workforce development.
Sutton said the reforms include targeted recruiting, standardized incentive and retention pay, mission-specific training, redesigned career pathways, specialized mission units, and a unit phasing model intended to manage operational tempo and reduce burnout.
“Our approach to building and sustaining cyber talent has not kept pace, while our adversaries are investing heavily in cyber capabilities,” Sutton said.
“This approach builds a cyber force better capable of addressing emerging threats, such as exploitation of industrial control systems in critical infrastructure or cyberattacks automated by artificial intelligence,” she said.