Congress directed Joint Force Headquarters-Department of Defense Information Network (JFHQ-DODIN) to elevate to a sub-unified command under Cybercom in the fiscal 2025 annual defense policy bill.

JFHQ-DODIN was created in 2015 as a subordinate headquarters under Cyber Command to protect and defend the Pentagon’s network globally. It’s led by a three-star general who also serves in a “dual-hat” role as the director of the Defense Information Systems Agency, a much bigger combat support agency providing critical IT services to warfighters.

Secretary of Defense Pete Hegseth directed that JFHQ-DODIN be designated a sub-unified command, effective immediately May 28, and its name has been changed to Department of Defense Cyber Defense Command (DCDC).

The name change was a recognition of the command’s ability to execute authority, direction and control over cyberspace forces, according to Steve Mavica, a spokesman for DCDC.

“This action aligns with the 2025 Interim National Defense Strategic Guidance to prioritize the command’s secure, operate, and defend the DODIN mission and enable U.S. Military Forces to deliver lethal effects when and where most needed. The elevation of DCDC to a subordinate unified command is a recognition of the vital importance of our mission to lead unified action in the security, operations, and defense of the DODIN, one of DOD’s most critical strategic assets,” Mavica said. “It is about increasing readiness and resiliency of the DODIN and those forces who conduct network operations, security, and defense activities in the face of the rapid pace of technological advances and the increasing abilities of cyber adversaries.”

The elevation follows Cybercom’s decision in December 2022 to elevate the Cyber National Mission Force — comprised of DOD’s most talented cyber operators aligned in task forces organized against specific threat actors, with the core mission of defending the nation against digital threats — to a sub-unified command. Congress wanted to put the defensive unit on the same playing field as the offensive entity.

The move doesn’t necessarily provide additional authorities or funding streams, but does offer opportunities to pursue certain resources, processes and authorities as needed for more effective approaches to protect the DODIN. Officials are working to deliver an assessment of requirements for the newly minted DCDC to be mission effective and combat ready as well as a plan for implementation, according to an official, who was not authorized to speak publicly.

DCDC’s commander, Lt. Gen. Paul Stanton, who took charge last fall, has tried to put the organization on more of a proactive footing to defend networks and respond to adversary activity. Having been exhausted by the whack-a-mole approach, with adversary intrusions continuing, he wants to impose costs.

“If it’s easy for the enemy to gain access into our environment and to achieve effects, shame on us,” he told reporters in January. “If we prioritize and make it really hard for the enemies to gain access to the things that they’re interested in, that we are also interested in, we start to make it hard on the enemy. While that’s an indirect imposition of cost, if they have to spend months, years, or even decide that that objective is not worth their time or energy because they’re simply not going to gain access to it, then we start shifting that cost curve.”

The command can also work to impose costs offensively, transitioning from defense by feeding information to the CNMF for action.

The organization is looking to “take the observations from our defense, where we gain and maintain contact with our enemies, and hand those insights to the appropriate forces that can conduct offensive missions,” he added.

The post Cybercom’s defensive arm elevated to sub-unified command appeared first on DefenseScoop.

Gen. Timothy Haugh, commander of U.S. Cyber Command, signed the DOD Information Network (DODIN) command operation framework execution order last year, which oriented the battlespace and now aligns DODIN areas of operation to commanders and directors.

The DODIN is a federated network of networks with 46 DODIN areas of operation comprising each service, agency and field activity, as opposed to a singular monolithic enterprise network for the entire DOD. For Joint Force Headquarters-DODIN — created in 2015 as a subordinate headquarters under Cybercom to protect and defend the Pentagon’s networks globally — defending that terrain is challenging as local organizations own many of those segments.

The execution order reflects a “transformation moment” in the command’s history as it seeks to improve the speed and organization with which the headquarters command can defend the battlespace.

“What this does is it transitions the DODIN’s responsibilities from attempting to independently manage 3.5 million endpoints to fighting in, with and through DODIN area of operations that have effective leaders,” Lt. Gen. Paul Stanton, commander of JFHQ-DODIN, told a group of reporters this week. “It gives us the ability to operate at speed and scale because we’re unlocking the totality of the force that can operate with our authorities. The numbers differ anywhere from [250,000] to 300,000 personnel that operate on, in, with, through and defend the DODIN. We’re unlocking the potential of all of that force. That’s huge.”

JFHQ-DODIN is celebrating its 10th anniversary on Wednesday, and officials want to use that opportunity to stress that the organization has and continues to mature in the face of increasing threats to DOD systems and intrusions on commercial networks.  

“We come from humble beginnings, about 90 folks that were burdened with an incredible task of operating and defending the entire Department of Defense Information Network to a robust command that’s postured to see ourselves effectively, to respond at speed and scale in ways that we had not done previously,” Stanton said. “We see ourselves at an inflection point. The fact that we are 10 years in just gives us an opportunity to put a mark in the sand and say we are ready now to downshift and accelerate into the operations of the future.”

Stanton, who is also dual-hatted as the director of the Defense Information Systems Agency, explained that this new approach comes with several implications for how to effectively defend the DODIN. It requires a greater understanding of the doctrine, readiness and training of defenders, more greatly leveraging data in different ways to better understand the network, and holding commanders and directors accountable.

In 2023, Cybercom outlined mission essential tasks for cybersecurity service providers (CSSPs) under the DODIN, with a forthcoming readiness and training model. This was the first time Cybercom focused on these personnel, having historically focused on standards for the cyber mission force. This was an important step as it began to move these mission owners from simple compliance- and checklist-based entities to taking more of a warfighting posture to defend.

“Historically, we’ve said, if you have a cybersecurity service provider, then you’re meeting your obligation to defend the network. That’s not a mission context, that is a compliance-based checklist approach to providing a modicum of security. That is not … context-aware, effective defense in the cyber domain,” Stanton said.

It also portends to free up JFHQ-DODIN’s cyber protection teams to get back to their original intent of hunting for adversaries and maneuvering on the network.

Stanton noted that the readiness and training standards are still being developed.

Imposing cost with context

Stanton explained the command and department are “exhausted” by the whack-a-mole nature of cyber defense.

So, he has charged the headquarters to impose costs on adversaries that seek to compromise DOD systems. From a defensive perspective, that means preventing intrusions by prioritizing where adversaries might be targeting, adding: “If it’s easy for the enemy to gain access into our environment and to achieve effects, shame on us.”

Enemies are attacking networks for a specific purpose and relying on intelligence to provide what they might be interested in can help prioritize what to defend.

“If we prioritize and make it really hard for the enemies to gain access to the things that they’re interested in, that we are also interested in, we start to make it hard on the enemy,” Stanton said. “While that’s an indirect imposition of cost, if they have to spend months, years or even decide that that objective is not worth their time or energy because they’re simply not going to gain access to it, then we start shifting that cost curve.”

Providing the context of those attacks can also better posture commanders and directors, along with the CSSPs, to be more effective in their cyber defense, he said.

On the flip side, Stanton noted they want to be able to rapidly transition from defense to offense or vice versa.

“How do we take the observations from our defense, where we gain and maintain contact with our enemies, and hand those insights to the appropriate forces that can conduct offensive missions,” he said.

As one of Cybercom’s headquarters elements, JFHQ-DODIN is tied into the other elements that operate outside of U.S. networks that are collecting intelligence, preparing the battlespace and performing offensive operations.

Stanton said the relationship between the offensive components – the Cyber National Mission Force, which is responsible for defending the nation in cyberspace, and the various Joint Force Headquarters-Cyber commands, responsible for conducting offensive operations on behalf of combatant commands – is better than he’s ever seen it in the past.

Meetings involving the operations staff always have CNMF representation as well as participants from the other service cyber components, he said.

Maturing the headquarters

As JFHQ-DODIN has sought to mature from 90 personnel to a full-fledged headquarters, it has sought to move beyond current operations to focus on other aspects a traditional organization requires.

That means building out a future operations cell and a strategy cell, budgeting, and determining what is ahead.

“You have to build out your training and readiness. Very different than sitting at the desk, but thinking about, what are my knowledge, skills and abilities that I require of each of the work roles and how do I build that into an effective training plan and then execute training,” Stanton said. “How do we, as a command and a headquarters, effectively participate in tier-one exercises that are led by the Department of Defense? J5, J7, J3, future ops, these are the sorts of evolutionary steps that the command is on the path to maturation.”

The headquarters also needs to start thinking five-to-ten years ahead from a budgeting and resourcing perspective, what’s known in the DOD as the Program Objective Memorandum process.

Moreover, the headquarters is being elevated to a sub-unified command under Cybercom. The fiscal year 2025 policy bill, signed by President Biden into law on Dec. 23, directed such elevation; however, it did not provide specifics on how to do so or what that means.

Cybercom elevated CNMF to a sub-unified command in December 2022. Lawmakers wanted a similar sub-unified element for the defensive command alongside the offensive command.

Stanton said his organization is currently in the early stages of mission analysis for what elevation means and plans to use some of the resident Cybercom experience from CNMF’s elevation to inform its own process.

The direction to elevate is “acknowledgment from Congress of the sustained higher priority of the defensive cyber operation mission set,” Stanton said, adding that “the good news is this discussion about fundamental change of how we fight in and through DODIN areas of operation, a requirement for the Joint Force Headquarters to set conditions through enabling functions.”

As JFHQ-DODIN looks toward its tenth year and beyond, Stanton noted there is a lot of work that still needs to be done. But there are “very clear signal signals from our leadership and Congress in order to drive defensive cyber operations to new heights.”

The post At 10th anniversary, Pentagon’s network defense arm looks to evolve how it fights appeared first on DefenseScoop.

Stanton, an Army officer, takes charge from Lt. Gen. Robert Skinner, who headed both organizations the past three-and-a-half years and will retire after a 40-year career that started as an enlisted sailor in the Navy.

DISA is a combat support agency responsible for operating and maintaining the DOD network along with providing the warfighter with critical IT-related capabilities, and JFHQ-DODIN is a subordinate headquarters under U.S. Cyber Command responsible for protecting and defending the Pentagon’s network globally.

“I leave this agency and command with a deep sense of humility, optimism, confidence and, most importantly, honor,” Skinner said, according to DISA. “I have truly been privileged to lead and be among our nation’s finest, working the most difficult problems, making the impossible possible. It is my hope today as I relinquish leadership of these two organizations, that I too have given more than I have received.”

Skinner helped stand up JFHQ-DODIN as its first deputy commander roughly 10 years ago, and oversaw many transformative efforts within DISA. In May, he crafted a strategic plan that aimed to get DISA back to its combat support agency roots.

Stanton, who most recently was the commander of the Army’s Cyber Center of Excellence and a veteran of Cybercom, lauded Skinner’s leadership over the years.

“Lt. Gen. Skinner has been a mentor of mine for years, providing valuable counsel and sage advice,” he said. “I’m honored for the opportunity to join the amazing team in stride as we remain trusted to connect, protect and serve.”

The ceremony was also attended by several top DOD cyber and IT leaders.

“This team, all of you, are engaged with our adversaries and our competitors on a daily basis, 24/7, and the very definition of success is nothing short of mission assurance for the joint force and for serving our nation’s decisive advantages,” said Gen. Timothy Haugh, commander of Cybercom and director of the National Security Agency. “The mission has been accomplished by all of you over the past three years, enabled by Bob Skinner’s leadership. It is a fantastic way to wrap up a career of dedication serving our nation. JFHQ-DODIN and DISA will be in terrific and very capable hands with Lt. Gen. Paul Stanton at the helm and all of you working missions. Paul was built for this job.”

Acting DOD CIO Leslie Beavers noted that Skinner was the right leader for the right time to guide the department through the COVID-19 pandemic and the Commercial Virtual Remote platform efforts necessary to keep personnel connected, adding it will take a “warrior-scholar to take the handoff from Bob and move those and many other initiatives down range, and we found one” in Stanton, who is “the perfect person to take on this challenge.”

For Stanton, who earned a Ph.D. from Johns Hopkins University, taking on that challenge comes during “an unprecedented period of significant change in an unsettled world that has an insatiable appetite for data,” he said.

“At the core of our responsibilities, we must securely and reliably get the right data to the right place at the right time to make a better and faster decision than our enemies, period,” Stanton said. “This is our business. This is warfighting as it has been, it is today and will be in the future. This agency and command are critical to our nation’s warfighting success. Failure is not an option, and excellence is our standard.”

The post Stanton takes over at DISA, JFHQ-DODIN appeared first on DefenseScoop.

Joint Force Headquarters-DOD Information Network was created in 2015 as a subordinate headquarters under U.S. Cyber Command to protect and defend the Pentagon’s network globally. JFHQ-DODIN is led by a three-star general who also serves in a “dual-hat” role as the director of the Defense Information Systems Agency, a much bigger combat support agency providing critical IT services to warfighters.

The proposals — part of each chamber’s annual defense policy bill, which still must be reconciled before becoming law — follow the elevation and sub-unification of Cybercom’s elite Cyber National Mission Force in December 2022. Comprised of 39 joint teams, CNMF is thought to have the DOD’s most talented cyber operators aligned in task forces organized against specific threat actors, with the core mission of defending the nation against digital threats.

Sub-unified commands are designed to conduct a portion of a mission assigned to the parent combatant command. They’re established because that particular mission is thought to be a sustained, higher priority. Cybercom itself was initially a sub-unified command under U.S. Strategic Command until it became a unified combatant command in 2018.

In CNMF’s case, sub-unification did not come immediately with new resources or personnel. But in practical terms, the move signified the maturity of the group and provided a better resource pipeline for personnel from the services, according to officials.

Attempted cyber intrusions are only increasing in scale and sophistication — all during relative peacetime, which is to say that the U.S. is not engaged in a direct armed conflict, although there’s an ongoing tit-for-tat in cyberspace to steal secrets and undermine U.S. interests. While the Defense Department has stopped listing specific statistics publicly in recent years, in 2018, officials stated there were typically 1 billion cyber operations targeting the DODIN each month.

The DODIN would be under constant stress and attack if things were to ever escalate to a true “hot war.”

Thus the case for elevating JFHQ-DODIN currently making its way across Congress. According to comments in congressional hearings this year and statements by lawmakers, the proposals follow the sentiment that the offensive component of Cybercom tasked with defending the nation was elevated and, given the exponential threats in the cyber domain, the defensive component should be too.

“The reason why they need a unified command is because the current JFHQ-DODIN model is plagued by persistent problems of staffing shortages, lack of prioritization and a clear shortfall in institutional capacity. I don’t think it’s responsive enough, I don’t think it’s able to engender the right level of staffing the way it’s organized,” Mark Montgomery, senior director of the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation and former executive director of the congressionally mandated Cyberspace Solarium Commission, said in an interview. “The department has faced multiple, significant cyber incidents over the last several years, but its primary defensive organization remains starved of resources.”

The defensive cyber mission in the DOD involves many organizations and chains of command. For example, the DOD chief information officer and the commander of Cybercom both have DODIN defense responsibilities.

The DODIN is a federated network of networks with 46 DODIN areas of operation comprising each service, agency and field activity, as opposed to a singular monolithic enterprise network for the entire DOD.

Sources have indicated that the cyber terrain within the DOD is not organized to match the way the U.S. military fights — it’s aligned to service components as opposed to warfighting commands.

Unlike the CNMF’s mission, there is also a significantly larger workforce dedicated to protecting the DODIN, estimated at around 300,000 in the overall network operations force that not only includes defensive cyber protection teams — which are part of the cyber mission force, the forces and teams each service provides to Cybercom to conduct cyber operations — but also local defenders, system administrations and cybersecurity service providers.

But what the elevation might look like is unclear. The current legislative proposals simply direct the Pentagon to elevate JFHQ-DODIN without specifying exactly how to elevate it or if it should be separate from DISA.

Senate Armed Services Committee ranking member Roger Wicker, R-Miss., in a long-term spending plan unveiled in May, recommended elevating JFHQ-DODIN to help DOD and Cybercom be “better postured for future and emerging threats in the cyber domain.”

Rep. Don Bacon, R-Neb., who proposed the provision on the House side, previously noted that there was broad agreement on the House Armed Services Committee that DOD’s cyber defense mission should have an organizational structure and resource priority commensurate with its responsibilities.

“As we looked at options, we felt the obvious move was to mirror what the Department did for the offensive side which elevated the Cyber National Mission Force to a subordinate unified command in 2022. The leadership of the Department has been clear on the mission improvements they’ve seen since CNMF was elevated so it was just a matter of applying that same logic to the defensive side of the mission,” he said in a statement previously.

Cybercom chief Gen. Timothy Haugh acknowledged that under potential sweeping changes to the way the command is organized, JFHQ-DODIN could be tweaked.

And the No.2 official leading the JFHQ-DODIN is encouraged by lawmakers’ support. “I appreciate everything that Congress is doing to focus on defense,” Brig. Gen. Heather Blackwell, deputy commander of JFHQ-DODIN, said in an interview on the sidelines of the TechNet Cyber conference in June. 

For some, the key question that needs to be answered is: What problem is Congress trying to solve?

“We [must] clearly identify what the problem or challenge is we’re trying to fix. I’m not for just making a unified command because we think it’s going to be better than it is now. What’s broken and how do we enable a fix is the most important thing,” said a former cyber defense official who requested anonymity to talk freely. “I would argue there’s probably many different ways you can solve this problem … The question is, can we better secure, operate and defend the DODIN with a unified command or the command that exists?”

According to Montgomery, elevation will bring JFHQ-DODIN more attention, authorities and manpower.

“Elevating JFHQ-DODIN to the sub-unified level will afford it the same benefits that CNMF received when it was elevated. It improves the chances [of], but does not guarantee, improved outcomes. However, it gives the organization a fighting chance in the bureaucracy resource fights. It’s illogical to put our offensive and defensive responses on different frameworks,” he said.

Montgomery added that the risk of not elevating JFHQ-DODIN would be a lack of agility to counter the threat, given he doesn’t believe the organization has been properly manned or operationally oriented. He added that there has been a lack of senior leader-focused effort necessary for the threat environment.

A second former defense official in the cyber missions space who also requested anonymity to talk freely indicated that JFHQ-DODIN would be more operationally effective with command and control properly aligned.

Incorrect command and control will always result in sub-optimal performance, the official said, noting that JFHQ-DODIN will be less effective in its mission to defend the DODIN due to its lack of resources in the way of manning, training and equipping, lack of information, and improper alignment.

One of the former officials noted that creating a sub-unified command would give the organization more of a voice to set training and readiness requirements, execute command and control, and coordinate orders across its area of responsibility and assigned mission. It could also provide new responsibilities to shape the operations area or battlespace — in this case, the DODIN — to give the DOD an operational advantage in the future. 

Most sources agreed that JFHQ-DODIN is a busy organization with a challenging mission. Part of that stems from the challenges of overseeing a federated system and directing mission owners to shore up their slices of the network. Others pointed to the dual-hat relationship with DISA, which has been complicated and oftentimes competing.

Sources indicated that DISA had many more staffing and resources while staffing at JFHQ-DODIN has been significantly lower.

“DISA reports to JFHQ-DODIN when it comes to DODIN operations. Being under DISA’s [administrative control] was only a disadvantage to JFHQ-DODIN in every single way,” according to one of the former officials, noting one of the biggest areas of contention was prioritization for manning.

Additionally, sources have indicated that there have been overlaps and redundancies between staff and functions of each organization given the similarities of JFHQ-DODIN’s role and mission and DISA’s role and legacy supporting the DODIN.

Resulting issues of manning, resourcing and greater attention given to DISA have led some officials to question JFHQ-DODIN’s maturity to even act as a sub-unified command.

If they were to split, several sources indicated that JFHQ-DODIN should be led by a two-star general officer, similar to CNMF, putting them on equal footing.

On the flip side, having the administrative connection to DISA could benefit JFHQ-DODIN in the short term after an elevation.

“In the short term, this command would benefit from both the tie to DISA and the tie to Cybercom because some of these are operational issues that have inherently administrative or technical solutions, and DISA will be the likely vehicle for that administrative or technical solution,” Montgomery said.

Ultimately, the risk of not doing something is that the DODIN will remain under attack without the resources it needs.

“You can continue to meddle around with incremental solutions that don’t get you to the right answer, or you can attempt something more significant, expansive change that gives this mission the kind of attention and focus it needs,” Montgomery said. “Am I certain there’s a way you could fiddle with the current JFHQ-DODIN and make it better? Yes. Do I think you will make it best? No. The way you’ll make it best is to establish this sub-unified command.”

The post What would it mean to elevate the Pentagon’s network defense command? appeared first on DefenseScoop.

The pilot is being conducted by Joint Force Headquarters-Department of Defense Information Network — a subordinate headquarters under U.S. Cyber Command responsible for defending the DOD’s network globally — and the Defense Intelligence Agency, which is responsible for providing intel on foreign militaries and owning all the intelligence directorates, or J2s, at the combatant commands.

Expanding beyond just cyberspace, the effort encompasses all-source intelligence, Brig. Gen. Heather Blackwell, deputy commander of JFHQ-DODIN, told DefenseScoop during an interview at the TechNet Cyber conference in Baltimore June 26.

While cyber itself might seem segmented on its own island, an all-source approach is often necessary to understand context regarding breaches or operations. For example, attributing nation-state activity is often an all-source endeavor, using a variety of intelligence streams from technical means to human sources in order to pinpoint the actor that’s responsible.

In a cyber defense scenario, having all-source intelligence can help defenders better understand which actors might be targeting them, what techniques those actors tend to use to give them a leg up on defense, and what they might be going after.

“How do we start doing better at using commercial intelligence with exquisite intelligence from NSA?” Blackwell said. Officials are looking at ways to “put it all together and use it to help us focus our defensive actions.”

The pilot also serves to help JFHQ-DODIN and intelligence personnel better understand each other.

DIA has been working for years on how it can better provide foundational cyber intelligence.

“At the same time, I’d argue that it’s also on the cyber personnel to better understand how I put demands into the intelligence system to say, ‘Hey, I want intel on this particular piece of equipment for that particular actor,’” Blackwell said. “I would say our cyber warriors need to put better RFIs into the intel system. It’s the education on both sides.”

The pilot began at the beginning of June and is expected to produce results by the end of the year.

The post Pentagon network defense arm conducting intelligence for cyber pilot appeared first on DefenseScoop.

Joint Force Headquarters-Department of Defense Information Network, which was created in 2015 and is the subordinate headquarters under U.S. Cyber Command responsible for protecting and defending the Pentagon’s network globally, earlier this year unveiled new readiness metrics for its forces operating on the network, shifting from compliance to operational readiness.

At issue was the notion that the old model was very checklist-based and forces’ readiness was outdated immediately following those checklists. But the shift to the new model, officials have explained previously, allows organizations to be more flexible, agile and responsive to threats in a highly dynamic yet unpredictable environment because it is risk-informed for “defensive cyber operations-internal defense measures,” the specific actions taken on the network in response to either intelligence, a threat or an incident.

There are roughly 300,000 people in the overall DODIN operations force from defenders and system administrations to cybersecurity service providers. Setting metrics for how they’re trained to operate on the network – which is in contact with live adversaries trying to probe it every day – and measuring their readiness is of utmost importance.

Shifting to risk-based metrics is helping the command focus attention where it is needed to secure a particular space and better identify the risks of those missions, given that each mission will be a bit different.

“If we can be risk-based versus just checklist-based, that’s when we’re really going to defend against an adversary,” Brig. Gen. Heather Blackwell, deputy commander of JFHQ-DODIN, told DefenseScoop in an interview at the AFCEA TechNet Cyber conference in Baltimore on June 26.

This approach was driven by JFHQ-DODIN Commander Lt. Gen. Robert Skinner, Blackwell explained.  

“Credit goes to Gen. Skinner. Because remember, he was in my position as the [first] deputy commander for Joint Force Headquarters-DODIN … and then came back as the commander. He knew, he understood where we need to take this,” Blackwell said. “During his last three years, he really set a vision for the team. Every time we go on the ops floor, [we ask] are we more or less of a risk than we were yesterday? He gave the team that vision and to focus away from compliance and focus in on risk.”

Skinner said there have been some bumps in implementing the new system, which is to be expected, but the end goal is continuous assessment.

 “The things that really matter — identity: How are you protecting privileged users? Privileged capabilities: How are you doing on your forward-facing assets? How are you doing on cross-domain? … What really defines the readiness of your cyber domain and your cyber posture for your organization?” Skinner said during a presentation at the conference. “But remember, this is just an episodic environment right now … The goal is to really get to understanding at any one time what the risk is and then have a conversation with that mission owner because it’s a shared risk. Mission owner and – Gen. [Timothy] Haugh, as U.S. Cyber Command commander – both own that risk. It’s that conversation between the two, usually through the service cyber components and JFHQ-DODIN, to understand that piece of the risk.”

Training cyber security providers

As JFHQ-DODIN continued to mature as a relatively young organization and improve the readiness and training of its force, in mid-2023 it unveiled new readiness requirements for its forces.

While Cybercom has focused heavily on the training of the cyber mission force — the teams each service provides to Cybercom to conduct offensive and defensive cyber operations — the command has turned its attention to cybersecurity service providers (CSSPs) for the first time. CSSPs are essentially the local defenders and maintainers of a network at any given organization or installation.

Officials are trying to leverage existing metrics and standards that exist rather than develop them from the ground up.

“There’s the DCWF, which is the DOD Cyber [Workforce] Framework, for work roles. Those work roles apply not only to offense, but also to defense. Let’s use the same great work that’s already been done with Cyber Command on the offense and say, ‘OK, you applied it to that work role, OK, now I want you to apply to the work role that applies to all of our system administrators,’” Blackwell said. “Let’s not reinvent the wheel. Let’s just put defense now as part of your pipeline and move it forward. It can be done, if we just make the effort to do it.”

The command now has readiness metrics for every CSSP that JFHQ-DODIN certifies. Roughly a month ago, for the first time, the command reported those metrics to Gen. Haugh.

The metrics now allow the command to be able to advocate for certain things they’re seeing within the metrics such as the need for data analytics, Blackwell said.

However, she acknowledged that they’re not where they’d like to be in terms of training CSSPs. But it’s not an issue of needing more authorities.

“Cybercom already has Joint Force Trainer; we just need to step into that space and start to identify the training gaps that exist, use Cyber Command’s … authorities and start to mandate some of those training standards. That’s the next evolution,” Blackwell said.

The post Pentagon’s network defense command improving readiness of cyber defenders appeared first on DefenseScoop.

Last year, Joint Force Headquarters-DOD Information Network — a subordinate headquarters under U.S. Cyber Command responsible for protecting and defending the Pentagon’s network globally — became the coordinating authority for Transcom. This coordinating authority provides each supported combatant command with a single commander who is responsible for planning, synchronizing and coordinating cyber support and operations.

Previously, the service cyber components to Cybercom — through what is known as their Joint Force Headquarters-Cyber — were the only organizations that had coordinating authority in cyber for combatant commands they supported.

Transcom is responsible for logistics and getting equipment around the world, coordinating with both military and commercial entities. As such, cybersecurity is of the utmost importance to the command given the private partners it works closely with.

In this new role, JFHQ-DODIN works with Transcom to understand its key missions and terrain to improve its cyber posture and ensure materials are delivered from point A to B.

“We can’t secure everything, so knowing the mission thread, knowing what Transcom needs to be able to move X piece of equipment from base A to Port B, what is the mission threat it’s going to take to get there? Therefore, I can make sure that along that mission threat, I secure the key cyber terrain that supports that mission,” Brig. Gen. Heather Blackwell, deputy commander of JFHQ-DODIN, said during a presentation at AFCEA’s TechNet Cyber conference in Baltimore on June 26.  

Blackwell and others have noted this coordinating authority is a natural progression for JFHQ-DODIN to support Transcom given the command doesn’t conduct offensive operations.

“It is a natural connection because Transcom doesn’t have an offensive mission … We’re defense only. To be able to be that coordinating authority for Transcom as a voice into Cyber Command is a perfect alignment,” she told DefenseScoop in an interview at the conference.

The other Joint Force Headquarters-Cyber organizations are responsible for offensive and defensive operations. If JFHQ-DODIN needs offensive support, it can leverage the larger Cybercom enterprise it’s part of to help.

 “Some of the things that Transcom will require are still outside of our purview, like for example, my authorities end at the DODIN. Transcom might need additional things off DODIN. But as the coordinating authority, we can take that requirement into Cyber Command and use Cyber Command’s authorities to help with some of that,” Blackwell told DefenseScoop, adding in remarks before the conference audience that if there is intelligence that a crucial port is being targeted by an adversary, they can call for offensive cyber help.

Now, JFHQ-DODIN and Transcom have worked to integrate their overall plans for stronger coordination.

“Aligning Transcom’s campaign plan with our campaign plan for global logistics and doing that overlay will make sure that we’re focusing on the unity of action in this space,” Blackwell said.

The two organizations held a global logistics summit last week at Cybercom with Lt. Gen. Robert Skinner, JFHQ-DODIN commander, and Lt. Gen. John Sullivan, the deputy commander for Transcom.

Participants went through several vignettes and mission threads to understand what Transcom requires to perform its mission. With the understanding of what Transcom needs, JFHQ-DODIN can then better apply its capabilities and intelligence to understand what systems adversaries could be targeting and what might be vulnerable to remediate them.

“What we’re doing collectively is we’re highlighting the cybersecurity within the logistics arena … As companies are moving logistics across the world, we need to make sure that we are emphasizing that cybersecurity of the data so that we can ensure that it makes it to where it’s going,” Col. Jessica Haugland, chief of global logistics at JFHQ-DODIN and the organizer of the summit, told DefenseScoop on the sidelines of the conference.

Blackwell said that following the summit, they have action items they’ll be pursuing, such as whether to conduct another tabletop exercise and make sure the mission threads are secure, both from a cyber resiliency perspective and from a Transcom perspective.

The post DOD’s network defense arm is working to protect logistics for Transportation Command appeared first on DefenseScoop.

If confirmed, Stanton will pin on his third star with the new role.

He comes from the Army’s Cyber Center of Excellence where he took command in June 2021 and has been charged with helping the Army with its data problems as well as focusing on the future of cyber and electronic warfare.

A Ph.D., Stanton has an extensive military cyber background with several roles at Cyber Command and within the Army cyber enterprise, mostly in the defensive sphere.

If confirmed, he will take on the so-called dual-hatted role of leading DISA — a combat support agency responsible for operating and maintaining the DOD network along with providing the warfighter with critical IT-related capabilities — and JFHQ-DODIN, a subordinate headquarters under Cybercom responsible for protecting and defending the Pentagon’s network globally.

DISA released its strategic plan in May aiming to get back to its combat support agency roots. JFHQ-DODIN has been facing calls from Congress to be elevated to a sub-unified command under Cybercom as a means of increasing its ability to respond and defend the network from increasing attacks.

Stanton would take over for Air Force Lt. Gen. Robert Skinner, who has been in the role since February 2021. Skinner was JFHQ-DODIN’s first deputy commander when it was first established.

The post DISA to get new director, Cybercom defense arm new commander appeared first on DefenseScoop.

An amendment to the fiscal 2025 defense policy bill proposed by Rep. Don Bacon, R-Neb., which passed the committee late Wednesday night, would direct the secretary of defense to designate the Joint Force Headquarters-DOD Information Network as a subordinate unified command under U.S. Cyber Command.

JFHQ-DODIN is a subordinate headquarters under Cybercom responsible for protecting and defending the Pentagon’s network globally.

“There is broad agreement on the committee that DOD’s cyber defense mission should have an organizational structure and resource priority commensurate with its significant responsibilities,” Bacon, who is also the new chairman of the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems, said in a statement to DefenseScoop. “As we looked at options, we felt the obvious move was to mirror what the Department did for the offensive side which elevated the Cyber National Mission Force to a subordinate unified command in 2022. The leadership of the Department has been clear on the mission improvements they’ve seen since CNMF was elevated so it was just a matter of applying that same logic to the defensive side of the mission.”

As Bacon referenced, last year, the Pentagon elevated the Cyber National Mission Force — its elite cadre of teams responsible for defending the nation from cyberattacks — to a sub-unified command. This decision signified CNMF’s importance within the department for the mission it performs. While officials said the elevation didn’t mean CNMF would necessarily receive new resources or personnel anytime soon, in practical terms, it signified maturity of the group and will provide a better resource pipeline for personnel from the services — as it will be able to more clearly and with more authority direct the training requirements it needs from the services.   

What was not clear from the legislation is if it would sever the so-called dual-hat relationship in which the Defense Information Systems Agency and JFHQ-DODIN are led by the same person. DISA serves as a combat support agency providing critical IT services to warfighters and is much bigger than JFHQ-DODIN.

Other aspects of the relationship could complicate a possible elevation of JFHQ-DODIN.

Despite the separate reporting chains of command — JFHQ-DODIN to Cybercom and DISA to DOD’s chief information officer — command and control of each group can be complicated and competing in many cases.

DISA also has several directorates and divisions while JFHQ-DODIN’s staff has remained relatively small and has relied frequently on contractor support.

Lawmakers on both sides of Congress have recently raised the prospect of elevating JFHQ-DODIN.

“It’s my understanding that when the nation faces a cyberattack, there are two forces under your operational control that respond: the cyber national mission force and the Joint Force Headquarters-DOD Information Network. As you know, in 2022, the cyber national mission force was elevated to be a sub-unified command … How has this elevation helped Cybercom’s operational readiness to respond to attack?” Sen. Jacky Rosen, D-Nev., asked at a congressional hearing last month. “Would also elevating the DOD Information Network to a sub-unified command enable Cybercom to be more resilient in future cyberattacks?”

Others on the House side have raised similar issues.

“In December 2022, SECDEF officially elevated Cybercom’s defensive arm, cyber national mission force to a sub-unified command. The logic was that it would provide greater enabling resources for this critical mission set. With how much adversary activity we have witnessed against DOD networks, it would appear that your defensive arm Joint Force Headquarters could similar benefit,” Rep. Morgan Luttrell, R-Texas, said during another congressional hearing in April.

For his part, Cybercom commander, Gen. Timothy Haugh told lawmakers that such an elevation could be in the cards as part of a holistic evaluation of the future of the command.

The provision put forth by Bacon would also make clear that JFHQ-DODIN is the “lead organization for the network operations, security, and defense of the Department of Defense Information Network.”

The bill must still pass the full House and be reconciled with the Senate version before becoming law.

The post House bill directs Pentagon’s network defense arm to become subordinate unified command appeared first on DefenseScoop.

Last year, the command elevated the Cyber National Mission Force — its elite cadre of teams responsible for defending the nation from cyberattacks — to a sub-unified command. Lawmakers in both houses this week were concerned with why the CNMF was elevated and not Joint Force Headquarters-Department of Defense Information Networks (JFHQ-DODIN), a subordinate headquarters under Cybercom responsible for protecting and defending the Pentagon’s network globally.

“As we look at Joint Force Headquarters-DODIN, our element that allows us to set the globe from a defensive perspective across the entire department, that’s an area that we’re evaluating,” Gen. Timothy Haugh, commander of Cybercom, explained during a Senate Armed Services Committee hearing Wednesday.

This evaluation is part of an effort dubbed Cybercom 2.0, a holistic top-to-bottom review underway at the command to examine how to reshape its organization and forces and ensure it’s best postured for the future and emerging threats. Haugh noted that as part of the Cybercom 2.0 endeavor, the DOD is responding to a series of studies Congress required that all ask for evaluations on how it is structured.

“In December 2022 [the secretary of defense] officially elevated Cybercom’s defensive arm, Cyber National Mission Force to a sub-unified command. The logic was that it would provide greater enabling resources for this critical mission set. With how much adversary activity we have witnessed against DOD networks, it would appear that your defensive arm Joint Force Headquarters could similarly benefit,” Rep. Morgan Luttrell, R-Texas, said Wednesday at a House Armed Services Subcommittee on Cyber, Innovative Technologies, and Information Systems hearing.

Sen. Jacky Rosen, D-Nev., also questioned Haugh on if elevating JFHQ-DODIN to a sub-unified command similar to the CNMF would allow Cybercom to be more resilient against future cyberattacks.

DOD will be examining if JFHQ-DODIN is structured appropriately and if it has the right resources to perform its mission.

“What’s the right way to position the Joint Force Headquarters-DODIN in terms of the right resources and authorities to make sure that it has the capacity to really set the globe? That’s the mission we’ve given them,” Haugh told the House Armed Services Subcommittee on Cyber, Innovative Technologies, and Information Systems. “When we have a crisis, we want them to set the globe. I think it’s an area that we’re certainly going to evaluate. And it does look different as a headquarters also in terms of assigned forces, but it’s something that we will definitely be looking at.”

JFHQ-DODIN has recently created a new model for assessing network readiness that is more threat informed and will better posture itself to respond to incidents.

The post DOD evaluating its main network defense arm for the future appeared first on DefenseScoop.