The House Armed Services Committee is seeking to transfer global defense of the Department of Defense’s network from Cyber Command to ... Cyber Command.
The proposal, from the Emerging Threats and Capabilities subcommittee’s part of the 2019 annual defense policy bill released Wednesday, seeks to transition all the “roles, missions, and responsibilities” from the commander of Joint Force Headquarters-Department of Defense Information Networks from the Defense Information Support Agency to the commander of Cyber Command by Sept. 30, 2019.
JFHQ-DoDIN’s commander is “dual-hatted” as the director of DISA as well, an agency HASC Chairman Mac Thornberry, R-Tex., has proposed axing as part of his marquee contribution to the 2019 defense policy bill.
Thornberry is proposing broader cuts to DoD agencies, dubbed “the fourth estate” for their ancillary status relative to war fighting. That includes moving DISA’s information technology functions and JFHQ-DoDIN to Cyber Command.
At present, JFHQ-DoDIN is one of three headquarters elements already subordinate to U.S. Cyber Command, and thus it already answers to Cyber Command’s commander, who himself is dual-hatted as the director of NSA. DISA’s role is to build the network and JFHQ-DoDIN’s role is to defend it.
So why propose the move? A HASC aide told reporters on Wednesday the intent was to simplify the command and control structure, particularly in light of U.S. Cyber Command’s elevation to a unified combatant command, and to dovetail with Thornberry’s plan.
As Cyber Command embraces the ability to conduct defensive operations, it made sense to elevate the job, placing it under a four-star commander, the aide said, adding: “This is a longstanding part of the dialogue as Cyber Command stands up, it matures, as you develop and thicken cyber forces—whether they’re defensive or offensive.”
These provisions still have a long way to go before becoming law, including HASC subcommittee and full committee markups where members have a chance to amend the bill. From there, the bill moves onto debate by the House, and afterward will enter into “conference,” in which both chambers of Congress settle on one version of the defense bill. That bill would have to be passed by both chambers and signed by the president into law.
The conversation comes as JFHQ-DoDIN reached a major milestone recently, achieving what is known as full operational capability.
“JFHQ-DoDIN is well on its way to operationalizing itself as a warfighting organization,” Lt. Gen. William Mayville, deputy commander for operations at Cyber Command said at the Joint Service Academy Cybersecurity Summit March 20 at the Naval Academy.
Mayville added operationalizing JFHQ-DoDIN was the right decision because “you don’t have an offensive unless you can account for your defense.”
What the creation of JFHQ-DoDIN in 2015 did “was really provide a unity of effort and a unity under U.S. Cyber Command for the defense of the DoDIN,” Vice Adm. Nancy Norton, the organization’s new commander said at the Joint Service Academy Cybersecurity Summit.
For all the disparate agencies, services and commands doing network defense, “now have a place where all of that is actually synchronized – all those efforts are synchronized – so we can be better prepared for rapid responses in defense of the DoDIN,” she said. “I think that’s really significant.”
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.
Joe Gould is senior Pentagon reporter for Defense News, covering the intersection of national security policy, politics and the defense industry.