Congress directed Joint Force Headquarters-Department of Defense Information Network (JFHQ-DODIN) to elevate to a sub-unified command under Cybercom in the fiscal 2025 annual defense policy bill.

JFHQ-DODIN was created in 2015 as a subordinate headquarters under Cyber Command to protect and defend the Pentagon’s network globally. It’s led by a three-star general who also serves in a “dual-hat” role as the director of the Defense Information Systems Agency, a much bigger combat support agency providing critical IT services to warfighters.

Secretary of Defense Pete Hegseth directed that JFHQ-DODIN be designated a sub-unified command, effective immediately May 28, and its name has been changed to Department of Defense Cyber Defense Command (DCDC).

The name change was a recognition of the command’s ability to execute authority, direction and control over cyberspace forces, according to Steve Mavica, a spokesman for DCDC.

“This action aligns with the 2025 Interim National Defense Strategic Guidance to prioritize the command’s secure, operate, and defend the DODIN mission and enable U.S. Military Forces to deliver lethal effects when and where most needed. The elevation of DCDC to a subordinate unified command is a recognition of the vital importance of our mission to lead unified action in the security, operations, and defense of the DODIN, one of DOD’s most critical strategic assets,” Mavica said. “It is about increasing readiness and resiliency of the DODIN and those forces who conduct network operations, security, and defense activities in the face of the rapid pace of technological advances and the increasing abilities of cyber adversaries.”

The elevation follows Cybercom’s decision in December 2022 to elevate the Cyber National Mission Force — comprised of DOD’s most talented cyber operators aligned in task forces organized against specific threat actors, with the core mission of defending the nation against digital threats — to a sub-unified command. Congress wanted to put the defensive unit on the same playing field as the offensive entity.

The move doesn’t necessarily provide additional authorities or funding streams, but does offer opportunities to pursue certain resources, processes and authorities as needed for more effective approaches to protect the DODIN. Officials are working to deliver an assessment of requirements for the newly minted DCDC to be mission effective and combat ready as well as a plan for implementation, according to an official, who was not authorized to speak publicly.

DCDC’s commander, Lt. Gen. Paul Stanton, who took charge last fall, has tried to put the organization on more of a proactive footing to defend networks and respond to adversary activity. Having been exhausted by the whack-a-mole approach, with adversary intrusions continuing, he wants to impose costs.

“If it’s easy for the enemy to gain access into our environment and to achieve effects, shame on us,” he told reporters in January. “If we prioritize and make it really hard for the enemies to gain access to the things that they’re interested in, that we are also interested in, we start to make it hard on the enemy. While that’s an indirect imposition of cost, if they have to spend months, years, or even decide that that objective is not worth their time or energy because they’re simply not going to gain access to it, then we start shifting that cost curve.”

The command can also work to impose costs offensively, transitioning from defense by feeding information to the CNMF for action.

The organization is looking to “take the observations from our defense, where we gain and maintain contact with our enemies, and hand those insights to the appropriate forces that can conduct offensive missions,” he added.

The post Cybercom’s defensive arm elevated to sub-unified command appeared first on DefenseScoop.

The upcoming losses are due to some DISA employees accepting deferred resignation or voluntary early retirement programs, terminations of probationary employees and other workforce reduction initiatives inspired by Elon Musk’s DOGE, according to Lt. Gen. Paul Stanton, head of DISA and the Joint Force Headquarters-Department of Defense Information Network.

DOGE stands for Department of Government Efficiency.

However, the workforce reductions may glean some benefits for the agency, Stanton suggested during a Senate Armed Services cybersecurity subcommittee hearing.

“It’s giving us an opportunity to ruthlessly realign and optimize how we are addressing what is an evolving mission,” he said.

DISA is the Pentagon’s combat support agency responsible for providing IT and communication support to the military, as well as other federal organizations like the Department of Homeland Security and U.S. Secret Service. At the moment, DISA employs roughly 20,000 individuals — including around 6,800 DOD civilians and 1,200 active duty military personnel — and more than half are contractors, Stanton said.

Across the federal government, agencies are carrying out mandates from President Donald Trump designed to “maximize efficiency” by massively reducing the civilian workforce and making significant budget cuts. At the Pentagon, leaders are currently planning to slash more than 50,000 of the department’s 900,000-plus civilian personnel through deferred resignations, cutting probationary staff and implementing temporary hiring freezes.

Stanton told lawmakers that DISA is using the downsizing as an opportunity to reorganize its remaining workforce and direct more focus to some of its top priorities. 

“Things like the Multi-Partner Environment and initiatives like DoDNet are driving our workforce to perform roles that they hadn’t previously, and so we are doing a realignment,” he said. 

The agency also plans to request Pentagon approval to do a “surgical rehiring” in order to fill any gaps as a result of the workforce cuts that could negatively impact DISA’s missions.

“We need to hire the right people back into the right positions to then lead us forward,” Stanton said.

Along with cuts to its civilian workforce, the DOD is looking to cancel a number of IT consulting contracts following an April memo from Secretary of Defense Pete Hegseth. Components affected by the directive include the Defense Health Agency, the Defense Advanced Research Projects Agency and some of the military services.

Stanton told lawmakers that reviewing IT contracts is already a regular practice within DISA, as it allows the agency to adapt to emerging capabilities and stay aligned with its highly technical workforce.

“In the IT world, as technology changes, we have to continually evaluate whether or not we have the right industry partner performing the right mission, and so we routinely evaluate,” he said. “They’re not consulting contracts. These are individuals that are putting hands on keyboards, that are running fiber optic cables, that are performing server maintenance in a global footprint. And our contracts are healthy and are in a good spot.”

The post DISA expects 10 percent reduction in workforce due to DOGE-inspired campaign appeared first on DefenseScoop.

Gen. Timothy Haugh, commander of U.S. Cyber Command, signed the DOD Information Network (DODIN) command operation framework execution order last year, which oriented the battlespace and now aligns DODIN areas of operation to commanders and directors.

The DODIN is a federated network of networks with 46 DODIN areas of operation comprising each service, agency and field activity, as opposed to a singular monolithic enterprise network for the entire DOD. For Joint Force Headquarters-DODIN — created in 2015 as a subordinate headquarters under Cybercom to protect and defend the Pentagon’s networks globally — defending that terrain is challenging as local organizations own many of those segments.

The execution order reflects a “transformation moment” in the command’s history as it seeks to improve the speed and organization with which the headquarters command can defend the battlespace.

“What this does is it transitions the DODIN’s responsibilities from attempting to independently manage 3.5 million endpoints to fighting in, with and through DODIN area of operations that have effective leaders,” Lt. Gen. Paul Stanton, commander of JFHQ-DODIN, told a group of reporters this week. “It gives us the ability to operate at speed and scale because we’re unlocking the totality of the force that can operate with our authorities. The numbers differ anywhere from [250,000] to 300,000 personnel that operate on, in, with, through and defend the DODIN. We’re unlocking the potential of all of that force. That’s huge.”

JFHQ-DODIN is celebrating its 10th anniversary on Wednesday, and officials want to use that opportunity to stress that the organization has and continues to mature in the face of increasing threats to DOD systems and intrusions on commercial networks.  

“We come from humble beginnings, about 90 folks that were burdened with an incredible task of operating and defending the entire Department of Defense Information Network to a robust command that’s postured to see ourselves effectively, to respond at speed and scale in ways that we had not done previously,” Stanton said. “We see ourselves at an inflection point. The fact that we are 10 years in just gives us an opportunity to put a mark in the sand and say we are ready now to downshift and accelerate into the operations of the future.”

Stanton, who is also dual-hatted as the director of the Defense Information Systems Agency, explained that this new approach comes with several implications for how to effectively defend the DODIN. It requires a greater understanding of the doctrine, readiness and training of defenders, more greatly leveraging data in different ways to better understand the network, and holding commanders and directors accountable.

In 2023, Cybercom outlined mission essential tasks for cybersecurity service providers (CSSPs) under the DODIN, with a forthcoming readiness and training model. This was the first time Cybercom focused on these personnel, having historically focused on standards for the cyber mission force. This was an important step as it began to move these mission owners from simple compliance- and checklist-based entities to taking more of a warfighting posture to defend.

“Historically, we’ve said, if you have a cybersecurity service provider, then you’re meeting your obligation to defend the network. That’s not a mission context, that is a compliance-based checklist approach to providing a modicum of security. That is not … context-aware, effective defense in the cyber domain,” Stanton said.

It also portends to free up JFHQ-DODIN’s cyber protection teams to get back to their original intent of hunting for adversaries and maneuvering on the network.

Stanton noted that the readiness and training standards are still being developed.

Imposing cost with context

Stanton explained the command and department are “exhausted” by the whack-a-mole nature of cyber defense.

So, he has charged the headquarters to impose costs on adversaries that seek to compromise DOD systems. From a defensive perspective, that means preventing intrusions by prioritizing where adversaries might be targeting, adding: “If it’s easy for the enemy to gain access into our environment and to achieve effects, shame on us.”

Enemies are attacking networks for a specific purpose and relying on intelligence to provide what they might be interested in can help prioritize what to defend.

“If we prioritize and make it really hard for the enemies to gain access to the things that they’re interested in, that we are also interested in, we start to make it hard on the enemy,” Stanton said. “While that’s an indirect imposition of cost, if they have to spend months, years or even decide that that objective is not worth their time or energy because they’re simply not going to gain access to it, then we start shifting that cost curve.”

Providing the context of those attacks can also better posture commanders and directors, along with the CSSPs, to be more effective in their cyber defense, he said.

On the flip side, Stanton noted they want to be able to rapidly transition from defense to offense or vice versa.

“How do we take the observations from our defense, where we gain and maintain contact with our enemies, and hand those insights to the appropriate forces that can conduct offensive missions,” he said.

As one of Cybercom’s headquarters elements, JFHQ-DODIN is tied into the other elements that operate outside of U.S. networks that are collecting intelligence, preparing the battlespace and performing offensive operations.

Stanton said the relationship between the offensive components – the Cyber National Mission Force, which is responsible for defending the nation in cyberspace, and the various Joint Force Headquarters-Cyber commands, responsible for conducting offensive operations on behalf of combatant commands – is better than he’s ever seen it in the past.

Meetings involving the operations staff always have CNMF representation as well as participants from the other service cyber components, he said.

Maturing the headquarters

As JFHQ-DODIN has sought to mature from 90 personnel to a full-fledged headquarters, it has sought to move beyond current operations to focus on other aspects a traditional organization requires.

That means building out a future operations cell and a strategy cell, budgeting, and determining what is ahead.

“You have to build out your training and readiness. Very different than sitting at the desk, but thinking about, what are my knowledge, skills and abilities that I require of each of the work roles and how do I build that into an effective training plan and then execute training,” Stanton said. “How do we, as a command and a headquarters, effectively participate in tier-one exercises that are led by the Department of Defense? J5, J7, J3, future ops, these are the sorts of evolutionary steps that the command is on the path to maturation.”

The headquarters also needs to start thinking five-to-ten years ahead from a budgeting and resourcing perspective, what’s known in the DOD as the Program Objective Memorandum process.

Moreover, the headquarters is being elevated to a sub-unified command under Cybercom. The fiscal year 2025 policy bill, signed by President Biden into law on Dec. 23, directed such elevation; however, it did not provide specifics on how to do so or what that means.

Cybercom elevated CNMF to a sub-unified command in December 2022. Lawmakers wanted a similar sub-unified element for the defensive command alongside the offensive command.

Stanton said his organization is currently in the early stages of mission analysis for what elevation means and plans to use some of the resident Cybercom experience from CNMF’s elevation to inform its own process.

The direction to elevate is “acknowledgment from Congress of the sustained higher priority of the defensive cyber operation mission set,” Stanton said, adding that “the good news is this discussion about fundamental change of how we fight in and through DODIN areas of operation, a requirement for the Joint Force Headquarters to set conditions through enabling functions.”

As JFHQ-DODIN looks toward its tenth year and beyond, Stanton noted there is a lot of work that still needs to be done. But there are “very clear signal signals from our leadership and Congress in order to drive defensive cyber operations to new heights.”

The post At 10th anniversary, Pentagon’s network defense arm looks to evolve how it fights appeared first on DefenseScoop.

Stanton, an Army officer, takes charge from Lt. Gen. Robert Skinner, who headed both organizations the past three-and-a-half years and will retire after a 40-year career that started as an enlisted sailor in the Navy.

DISA is a combat support agency responsible for operating and maintaining the DOD network along with providing the warfighter with critical IT-related capabilities, and JFHQ-DODIN is a subordinate headquarters under U.S. Cyber Command responsible for protecting and defending the Pentagon’s network globally.

“I leave this agency and command with a deep sense of humility, optimism, confidence and, most importantly, honor,” Skinner said, according to DISA. “I have truly been privileged to lead and be among our nation’s finest, working the most difficult problems, making the impossible possible. It is my hope today as I relinquish leadership of these two organizations, that I too have given more than I have received.”

Skinner helped stand up JFHQ-DODIN as its first deputy commander roughly 10 years ago, and oversaw many transformative efforts within DISA. In May, he crafted a strategic plan that aimed to get DISA back to its combat support agency roots.

Stanton, who most recently was the commander of the Army’s Cyber Center of Excellence and a veteran of Cybercom, lauded Skinner’s leadership over the years.

“Lt. Gen. Skinner has been a mentor of mine for years, providing valuable counsel and sage advice,” he said. “I’m honored for the opportunity to join the amazing team in stride as we remain trusted to connect, protect and serve.”

The ceremony was also attended by several top DOD cyber and IT leaders.

“This team, all of you, are engaged with our adversaries and our competitors on a daily basis, 24/7, and the very definition of success is nothing short of mission assurance for the joint force and for serving our nation’s decisive advantages,” said Gen. Timothy Haugh, commander of Cybercom and director of the National Security Agency. “The mission has been accomplished by all of you over the past three years, enabled by Bob Skinner’s leadership. It is a fantastic way to wrap up a career of dedication serving our nation. JFHQ-DODIN and DISA will be in terrific and very capable hands with Lt. Gen. Paul Stanton at the helm and all of you working missions. Paul was built for this job.”

Acting DOD CIO Leslie Beavers noted that Skinner was the right leader for the right time to guide the department through the COVID-19 pandemic and the Commercial Virtual Remote platform efforts necessary to keep personnel connected, adding it will take a “warrior-scholar to take the handoff from Bob and move those and many other initiatives down range, and we found one” in Stanton, who is “the perfect person to take on this challenge.”

For Stanton, who earned a Ph.D. from Johns Hopkins University, taking on that challenge comes during “an unprecedented period of significant change in an unsettled world that has an insatiable appetite for data,” he said.

“At the core of our responsibilities, we must securely and reliably get the right data to the right place at the right time to make a better and faster decision than our enemies, period,” Stanton said. “This is our business. This is warfighting as it has been, it is today and will be in the future. This agency and command are critical to our nation’s warfighting success. Failure is not an option, and excellence is our standard.”

The post Stanton takes over at DISA, JFHQ-DODIN appeared first on DefenseScoop.

Janovic recently served as the director of operations at U.S. Cyber Command.

In his new position, he’ll be responsible for furthering the modernization of cyber, electronic warfare and communications from a doctrine and training perspective.

The Cyber Center of Excellence has played a pivotal role in shaping the future of the Army by developing doctrine and concepts for electromagnetic warfare, data and information advantage — all of which are expected to be key elements in future conflicts and play a bigger role than they did in the global war on terror.

Janovic takes over for Maj. Gen. Paul Stanton, who was nominated for his third star in June and tapped to be the next director of the Defense Information Systems Agency and commander of Joint Force Headquarters-Department of Defense Information Network (JFHQ-DODIN), a subordinate headquarters under Cybercom responsible for protecting and defending the Pentagon’s network globally.

Stanton has been at the Cyber Center of Excellence since June 2021 and was charged with helping the Army with its data problems as well as focusing on the future of cyber and electronic warfare.

Stanton is expected to take over for Air Force Lt. Gen. Robert Skinner, who has led DISA since February 2021. Skinner was JFHQ-DODIN’s first deputy commander when it was first established.

The post Army gets new leader for Cyber Center of Excellence appeared first on DefenseScoop.

With new forces and organizations beginning to take shape, the service is determining how it can apply military power across the spectrum of hostilities.

“The information dimension is a place [where] we are in a persistent conflict right now … It is going to be crucially important to us — how do we think through how to apply military power across the spectrum of conflict?” Lt. Gen. Maria Barrett, commander of Army Cyber Command, said during a presentation at an Association of the United States Army event on Tuesday. “We might reserve this discussion to, oh it’s just to conflict or just to crisis. But in fact, the competition space, this is where it’s happening now. If you think you’re going to deliver options to a commander, insights to a commander about the information dimension and you are not looking at it in the competition phase, whatever you are delivering in crisis and conflict probably will fall short. You need to be prepared to be operating across that spectrum.”

One reason it’s important to stay engaged is that the barrier to entry is very low in the information space, Barrett noted. Technologies and mediums such as social media make it easy for unsophisticated actors or tactics to have an impact. However, those tactics can be enhanced by ever-advancing capabilities that are becoming more prevalent.

“What happens when you have a very capable adversary that can make the investment in artificial intelligence, and what does that then do to the information dimension?” she said. “I think these are serious considerations for all of us and the fact that this particular dimension, again, activities will happen across the spectrum of conflict, below the threshold of war, it’s important for us to consider what is our role.”

Officials across the U.S. military, not just the Army, have been talking about the need to be present in this competition phase, short of armed conflict, for a few years. While the Pentagon has historically taken a binary approach of war or peace, adversaries have seen conflict as a fluid continuum. In recent years, they have sought to exploit the information space to achieve their objectives without using traditional military capabilities.

Officials said some of this isn’t all that unfamiliar and it boils down to being able to map the environment with commercially available information ahead of time while keeping in place protections for U.S. persons.

“Commercially available information, publicly available information — those are areas where you can start to get a sense of what the information environment looks like, how the adversary uses it, what kind of tools they use. It’s actually something that you can start to map,” Barrett told reporters following the event. “Something that is actually in our wheelhouse to do is mapping networks. I do think this is something that will come easier to us in terms of mapping data.”

This includes being able to understand target audiences, what languages they speak, how they communicate, what social media platforms they use, and whether they’re pro or anti-U.S. or they support or oppose certain actors or other nations.

Officials also explained that if forces want to put a concept or an operation forward for approval, the work needs to be done on the front end to be able to determine how it will be carried out based on the intelligence and what’s known.

“If you go to a geographic combatant commander and say, ‘I want to conduct information operations,’ you’ll walk right back out of the headquarters having achieved nothing,” Maj. Gen. Paul Stanton, commander of the Cyber Center of Excellence, said at the AUSA event. “In contrast, if you’ve done your planning, you’ve done your homework and you walk in and say, ‘Here is the very specific objective that I am attempting to achieve, this is how it nests into my campaign plan that supports your campaign plan as the geographic combatant commander,’ that’s a fundamentally different conversation.”

New forces

The planning and expertise to be able to enable these operations comes from the Army’s Theater Information Advantage Detachments, 65-person teams focused on synchronizing information capabilities at the theater level.

The Army recently approved the force structure for three such organizations: one in the Pacific, one in Europe and a transregional one with Army Cyber Command.

Officials explained they will be doing the day-to-day business of setting the conditions and informing commanders of the information environment.

“This is all for the purpose of enabling commanders to visualize and decide and again synchronize these effects that they could have in this dimension much better than they can today,” Barrett said.

Those TIADs will be taking what might be abstract to something concrete.

“The TIAD has to do all detailed planning, they have to do the data collection, they have to get the approvals in order to execute mission, and then they have to do the appropriate assessment of effectiveness after the fact,” Stanton told reporters.

He noted that while not there yet, the detachments are likely headed towards collaborating more with international partners in their regions to share information on potential threats.

One of the main reasons this type of formation must exist at the theater Army level, is because that’s where many of the authorities exist and coordination between other nations’ militaries and diplomatic officials occurs at the theater level.

“We need to develop the right very detailed plan and walk that forward through the interagency and other governmental organizations for the right approval to say, ‘OK, in this particular case, based off of the specifics that you described, we should establish an information-sharing agreement with the host nation because of dependencies on the execution of our mission on their operating environment.’ I absolutely believe that there’s space for that conversation [but] we’re not doing it currently,” Stanton said.

The post To be ready for conflict, Army leader urges focus on information space in ‘competition’ appeared first on DefenseScoop.

If confirmed, Stanton will pin on his third star with the new role.

He comes from the Army’s Cyber Center of Excellence where he took command in June 2021 and has been charged with helping the Army with its data problems as well as focusing on the future of cyber and electronic warfare.

A Ph.D., Stanton has an extensive military cyber background with several roles at Cyber Command and within the Army cyber enterprise, mostly in the defensive sphere.

If confirmed, he will take on the so-called dual-hatted role of leading DISA — a combat support agency responsible for operating and maintaining the DOD network along with providing the warfighter with critical IT-related capabilities — and JFHQ-DODIN, a subordinate headquarters under Cybercom responsible for protecting and defending the Pentagon’s network globally.

DISA released its strategic plan in May aiming to get back to its combat support agency roots. JFHQ-DODIN has been facing calls from Congress to be elevated to a sub-unified command under Cybercom as a means of increasing its ability to respond and defend the network from increasing attacks.

Stanton would take over for Air Force Lt. Gen. Robert Skinner, who has been in the role since February 2021. Skinner was JFHQ-DODIN’s first deputy commander when it was first established.

The post DISA to get new director, Cybercom defense arm new commander appeared first on DefenseScoop.

Part of the effort stems from lessons learned during Russia’s invasion of Ukraine.

“We’re learning that the EW landscape is changing everywhere between three weeks and three months, and so that we need to be more flexible in our approach … The battlefield is changing really, really rapidly,” Gen. Randy George, chief of staff of the Army, said during testimony before the Senate Armed Services Committee in April.

As a result, the force must become more agile.

“This forces the Army to design for agility — EW payloads (techniques and software) must be dynamic and reprogrammable so they can be delivered from a variety of independent platforms” like drones, tactical vehicles and manpacks, among others, David May, a senior advisor at the Cyber Center of Excellence, said in response to questions from DefenseScoop. “Consequently, the Army is shifting its EW paradigm, moving away from inflexible, tightly coupled solutions and towards a more adaptive and responsive approach. This involves developing and integrating new technologies within an Army Reprogramming Enterprise.”

The Army has not fielded any program-of-record electronic warfare systems used for jamming or defense since the war on terror, delivering only quick-reaction capabilities to forces in response to threats they’ve encountered in their regions.

Over the last several months, George has discussed an emerging concept dubbed transforming in contact, in which the Army plans to use deployments and troop rotations to test new equipment — mainly commercial off-the-shelf gear — to allow units to be more responsive on a dynamic battlefield.

Within the concept, there are three areas where George says the Army needs to be faster and more adaptable when it comes to delivering equipment to forces, due to how dynamic the threat environment is and the cat-and-mouse aspect of countering moves: unmanned aerial systems, counter-UAS and electronic warfare.

May stated that the reprogrmaming enterprise changes software within the EW payloads — described as electronic warfare sensing and effects delivery — that can be customized based on the size, weight and power limitations of the platform.

That payload is then employed according to a scheme of maneuver, May said, adding that in order to maintain advantage, changes must be made in a timely manner — less than 48 hours.

What has been less clear in recent months is the extent to which the Army will have reprogrammers at the tactical edge to make these adjustments in near real-time.

“EW requirements should be synchronously coordinated with this paradigm shift (Platforms to Modular Mission Payloads), ensuring that they align with the proposed changes and prioritized appropriately within the Reprogramming Enterprise,” May said.

George has maintained that the Army will not be going back to foreign service representatives or contractors that accompany soldiers to war zones that maintain equipment.

“I want to not have FSRs. For everybody out here, I mean, we want to develop easy-to-use things that can be repaired or you take a tablet or something that can be exchanged, because we’re not going to have these big [forward operating bases] like we’ve had in the past and doing these things,” George said at a conference in March. “We have very technically savvy troops that can do a lot of these things.”

That leaves soldiers to performing the reprogramming. The Army’s 17D designation are coders and developers both in the cyber and electronic realms.

In 2021, the service embarked on a pilot effort dubbed Starblazor, to place coders and software developers at the tactical edge to reprogram electronic warfare and radio frequency systems.

The Army has continued to recognize the need to have coders at the edge.

“Everything from a concept of platform and payload disaggregation, let’s design a platform and then let’s apply payloads to it from an electronic warfare perspective. Starblazor was key in helping us develop those insights,” Maj. Gen. Paul Stanton, commander of the Cyber Center of Excellence, told reporters during a conference in October. “Understanding the right physics problem also was a major outcome from Starblazor — at what range and what distance, within what frequency band do we want to be able to operate. It also helped us understand the agility needed in the development and potential manipulation of our payloads. We recognize that the enemy has signals of interest. We also recognize that the enemy signals of interest will change. We’ll see new things on the battlefield that we did not anticipate and we have to be prepared for.”

Stanton recognized that the Army must have tactical engineers capable of tweaking a payload in accordance with a modification or a previously unseen event in the electromagnetic spectrum.

May said the results from Starblazor are providing the starting point for a new pilot.

Army Cyber Command and CCoE “are embarking on an EW Data Pilot that serves as a campaign of learning for a conceptual Army Reprogramming Enterprise,” May said. “The Pilot will focus on enhancing the understanding and implementing EW data needs supporting the rapid reprogramming of modular mission payloads. This learning is necessary to enable the future approach to EW effects on the battlefield supporting the operational force’s scheme of maneuver.”

The ultimate goal of the pilot effort is to develop capabilities using advanced EW concepts throughout the next year of learning based on a series of events from division and theater exercises, May said.

While the focus of the pilot is on the data and defining requirements for a data platform, architecture and standards, the effort will also help the service align polices and procedures, refine organizational structure and outline a governance strategy to enable a reprogramming enterprise, May added.

“Ultimately the pilot will help inform how the Army can augment its current capability and capacity to execute effects in the EMS at the speed and scale necessary to provide the Army and joint force an edge in Large Scale Combat Operations,” he said.

The post Army embarking on electronic warfare data pilot to help inform rapid reprogramming appeared first on DefenseScoop.

A revised version of Joint Publication 3-12 Cyberspace Operations — published in December 2022 and while unclassified, is only available to those with DoD common access cards, according to a Joint Staff spokesperson — officially provides a definition for “expeditionary cyberspace operations,” which are “[c]yberspace operations that require the deployment of cyberspace forces within the physical domains.”

DefenseScoop has seen a copy of the updated publication.

The last version was published in 2018 and was publicly available. The Joint Staff spokesman noted that five years has been the norm for updates.

The definition, recognition and discussion of such operations are indicative of not only the maturity of cyberspace and associated operations, but the need for more tactical capabilities to get at targets that the current cyber force might not be able to access.

U.S. Cyber Command owns the offensive cyber capabilities within DOD, and the services conduct offensive cyber ops through Cybercom and the cyber mission forces that each service provides to the command. Authorities to launch cyber effects have traditionally been held at the highest levels of government. In recent years, those authorities have been streamlined and delegated. However, most cyber operations are still conducted from remote locations by the cyber mission force (CMF) and primarily focused on IP-based networks.

Many of the services have begun investing in capabilities and forces for their own offensive cyber, however, that is mostly in the blended electronic warfare or radio frequency-enabled sphere at the tactical level.

The updated doctrine recognizes that these capabilities, which will still have to be coordinated centrally, could provide access to targets that remote operators might not be able to get for a variety of reasons.

“Developing access to targets in or through cyberspace follows a process that can often take significant time. In some cases, remote access is not possible or preferable, and close proximity may be required, using expeditionary [cyber operations],” the joint publication states. “Such operations are key to addressing the challenge of closed networks and other systems that are virtually isolated. Expeditionary CO are often more regionally and tactically focused and can include units of the CMF or special operations forces … If direct access to the target is unavailable or undesired, sometimes a similar or partial effect can be created by indirect access using a related target that has higher-order effects on the desired target.”

It also notes that these effects and operations should be coordinated with the intelligence community to deconflict intelligence gain/loss.

Moreover, the updated doctrine recognizes the complexity of cyberspace and how in-demand cyber capabilities might be. Thus, global cyber support might need to “reach-forward” to support multiple combatant commands simultaneously.

“Allowing them to support [combatant commands] in this way permits faster adaptation to rapidly changing needs and allows threats that initially manifest only in one [area of responsibility] to be mitigated globally in near real time. Likewise, while synchronizing CO missions related to achieving [combatant commander] objectives, some cyberspace capabilities that support this activity may need to be forward-deployed; used in multiple AORs simultaneously; or, for speed in time-critical situations, made available via reachback,” it states. “This might involve augmentation or deployment of cyberspace capabilities to forces already forward or require expeditionary CO by deployment of a fully equipped team of personnel and capabilities.”

When it comes to internalizing the new doctrine, the Air Force sees this as additional access points for operations.

“How do we leverage folks that are and forces that are at the tactical edge for access? That’s primarily how I think about the expeditionary capabilities we have … is empowering or enabling the effect they’re trying to create or using their access or position physically, to help enable some of our effects,” Lt. Gen. Kevin Kennedy, commander of 16^th Air Force/Air Forces Cyber, told DefenseScoop at the AFCEA TechNet Cyber conference.

He noted that these access-enabling capabilities could be across the services, but primarily from an Air Force perspective, “I’m looking at looking within the Air Force, from aerial platforms down to ground-based airmen, as well about how we would do that,” he said.

Officials have described how the services are seeking to build their own forces separate from Cybercom.

“There was a lot of language that came out the [National Defense Authorization Act] that talked about force design in general. All the services to one degree or another are really — I’m not going to say rethinking — but evaluating what their contribution to the joint force is, as well as what their own … service-retained cyber teams are,” Chris Cleary, principal cyber advisor for the Department of Navy, told DefenseScoop at the AFCEA conference.

Last year’s NDAA directed the Pentagon to develop a strategy for converged cyber and electronic warfare conducted by deployed military and intelligence assets, specifically for service-retained assets.

As electronic warfare and cyber capabilities are expected to be a big part of the battlefield in 2030 — a key waypoint the Army has been building toward — it recognizes those capabilities can’t be held from remote sanctuary, Maj. Gen. Paul Stanton, commander of the Army Cyber Center of Excellence, told DefenseScoop in an interview on the sidelines of the AFCEA conference.

In fact, the Army’s principal cyber adviser has tasked the Cyber Center of Excellence with clarifying certain authorities and capabilities.

“How do you execute electronic attack to achieve effects? How do you differentiate a cyber-delivered capability that benefits from proximity based on owning the land, owning the ground?Because that’s what the Army does. The principal cyber advisor, Dr. [Michael] Sulmeyer is tasking me with conducting a study to clearly define and delineate where those lines are,” Stanton said. “This study is going to help us be able to clearly define that. I expect to be tasked to kick that off here in the very near future with about 90 days to complete.”

When it comes to service-retained forces and capabilities, the Army has built the 11^th Cyber Battalion, formerly the 915^th Cyber Warfare Battalion, which provides tactical, on-the-ground cyber operations — mostly through radio-frequency effects — electronic warfare and information ops. The unit will help plan tactical operations for commanders and conduct missions in coordination with deployed forces. It consists of several expeditionary cyber and electromagnetic activities (CEMA) teams that are scalable and will maneuver with units and conduct operations on the ground for commanders.

The Navy, meanwhile, is building what it’s calling non-kinetic effects teams, which will augment afloat forces with critical information warfare capabilities. Cleary has previously noted that the service is still working through what cyber ops at sea will look like.

“As we continue to professionalize this, [information warfare commanders within carrier strike groups] will become more and more important as it fully combines all aspects of the information warfare space, the electromagnetic spectrum, command and control of networks, eventually potentially offensive cyber being delivered from sea, information operations campaigns,” Cleary said.

“That job will mature over time, and then the trick is to get the Navy and the Marine Corps to work together because we are back to our roots of being an expeditionary force. Even the Marines through [Commandant] Gen. [David] Berger’s new force design is really about getting the Marines back to being what the Marines were designed to be, which is an expeditionary fighting force that goes to sea with the Navy. We work together to achieve our objectives as a team, and we’re getting back to our blocking [and] tackling them.”

For the Marine Corps’ part, officials have been building Marine Expeditionary Force Information Groups (MIGs), which were created in 2017 and support each MEF within the Corps, integrate electronic warfare with intelligence, communications, military information support operations, space, cyber and communication strategy — all to provide MEF commanders with an information advantage.

The service has also recently established Marine Corps Information Command (MCIC), which was designed to more tightly link the service’s information forces — including cyber, intelligence and space — in theater with the broader joint force across the globe.

Mission elements the Marines have created and sent forward with Marine expeditionary units are “right in line with [Joint Publication] 3-12,” Maj. Gen. Joseph Matos, deputy commander of Marine Corps Forces Cyberspace Command, told DefenseScoop at the AFCEA conference.

“How do we take what we do at the fort, or back at Fort Meade [where Cybercom is headquartered], and be able to extend that out to the services? That’s what we’re in the process of doing right now … We started about two years ago doing that. That capability is starting to mature pretty well,” he said. “It’s to extend Cyber Command out to those forward units.”

Matos said the recently created MCIC will act as the integrator for a lot of these capabilities throughout the force, acting as a bridge of sorts.

The organization will help tactical forces understand the authorities and capabilities that cyber can provide to help them conduct their missions.

“You kind of hit a glass ceiling of the capability [of] the lower elements being able to reach out and do cyberspace operations,” Matos said of the process prior to establishing that entity. “We’re able to say, OK, here’s a team, trained, capable,’ understand the capabilities that we can bring, give them to the deployed forces to say, ‘OK, you want to do cyber operations, here’s how we can help you do that.’ We know who to talk to, the authorities and so on so forth, and we can do that. I think it’s right in line with what the [Joint Publication] 3-12 is trying to do.”

That command essentially acts as the glue between the high-end cyber forces and the tactical elements, bridging the gap between Cybercom forces and the deployed forces.

“The genesis of the Marine Corps Information Command to tie all these elements together is to address that concern, is to be that integration point between the forces below the tactical edge who have these requirements to operate in a rapidly changing environment. But also tie that to the Marine Corps Information Command knows who to talk to at Cyber Command, or at NSA, or at Space Command. To be able to be that touchpoint between the two organizations so you don’t have to have an infantry battalion going all the way to” a combatant command, Matos said during a presentation at the AFCEA conference.

“I think as we operate in this rapidly changing cyberspace world, that Marine Corps Information Command’s going to be a tremendous benefit to the [Marine Air Ground Task Force], but also to the joint world and the intelligence and cyber world,” he added.

The post New DOD doctrine officially outlines and defines ‘expeditionary cyberspace operations’ appeared first on DefenseScoop.

The service for several years has been building out its doctrine for information advantage, the Army’s parlance for information warfare.

“We’re on target for the end of the summer” to complete that work, Maj. Gen. Paul Stanton, commander of the Army Cyber Center of Excellence, said in an interview with DefenseScoop at the AFCEA TechNet Cyber conference, regarding the Army Doctrinal Publication 3-13, Information Advantage.

The Army has been working on this concept and doctrine for at least five years, initially charting down information warfare, but in 2020 shifting to information advantage. Information advantage has five broad pillars: enable decision-making, protect friendly information, inform and educate domestic audiences, inform and influence international audiences, and conduct attack operations.

While it is tied in with the joint community — which recently revised its doctrine for information in joint operations in September 2022 — and some of the efforts of the other services, Stanton said the Army has one key departure from other Defense Department components.

“We refer to the ‘information dimension’ of the operating environment and the joint world refers to the ‘information environment.’ We adamantly believe in the Army that there’s one operational environment and information is the dimension therein,” he noted. “We think that that’s important because we need commanders to think about the totality of their operating environment and not ignore information — they can’t because it is a dimension within which they have purview and responsibility.”

While the Army has been drafting the doctrine, which Stanton said has been in worldwide staffing twice, it has sought lessons from the real world as well as exercises to inform its information concepts, and will soon be delivering on products associated with doctrine, organization, capabilities and personnel.

This summer, the service will be using the exercise Pacific Sentry to determine if it has developed theater information advantage detachments correctly. These organizations are envisioned to be aligned to theater armies and coordinate with other theater-level organizations such as the multi-domain task force and expeditionary cyber teams.

The assessment team — made up of personnel from Training and Doctrine Command, the deputy chief of staff for operations, Army Cyber Command and Army Special Operations Command — will determine: “Are we right, are we not right, how close are we, where are we short, where do we need to apply our focus across [doctrine, organization, training, materiel, leadership, education, personnel and facilities] based off of how effective the theater information advantage detachment is during the exercise?” Stanton said.

The theater level makes the most sense to place these personnel and forces, Stanton said, because most of the authorities for these effects reside there.

“The theater Army is our conduit and our tie in into the meetings and working groups at the combatant command such that we can inform them, ‘Hey, here’s something that we’re interested in doing, will you, geographic combatant commander, approve and delegate the authorities?’ Now that you will, the theater information advantage detachment has the ability to deliver the effect,” Stanton explained.

The service is placing a great deal of importance on these entities and the information space writ large.

“We’re also recognizing the importance of information operations. We’re building theater information advantage detachments, so we’re going to have those capabilities in the Army. This is how we’re getting ready for the next fight. We’re going to build these organizations with a flat budget and a flat end strength,” Army Chief of Staff Gen. James McConville said at the McAleese and Associates Defense Programs Conference in March.

The service has a similar entity for U.S. Army Europe and Africa, though that organization is called a theater information advantage element. Stanton said they will be assessed next year.

Meanwhile. in the Pacific, the Army is working collaboratively with Fleet Information Warfare Command Pacific (FIWC PAC), the Navy’s information warfare element.

“They’re entirely coordinated alongside us in building out the plan and the assessment. Frankly, they want to watch what we do, take our homework while we watch what they do, take their own — but we’re absolutely sharing the information,” Stanton said.

The post Army working to game concepts, exercise forces for the information environment appeared first on DefenseScoop.