Defense Cybersecurity Makes Progress on Multiple Fronts

Cyber Mission Force

The DoD’s Cyber Mission Force (CMF) was scheduled to arrive at initial operating capacity (IOC) by the end of September – a date that would be met, according to U.S. Cyber Command (CYBERCOM) Commander Adm. Michael Rogers in his testimony before the Senate Armed Services Committee in mid-September. (The CMF is expected to reach full operational capacity (FOC) in 2018.) They made it 99% there, with 132 of the total 133 teams reaching IOC by the end of fiscal 2016, according to statements to media. For their part, the Army is on the record for making their September CMF goal.

Cybersecurity Strategy

On the strategy front, the Joint Force Headquarters-DOD Information Networks (JFHQ-DoDIN) is charged with the mission of defending DoD networks, under the overarching leadership of DoD’s U.S. Cyber Command (USCYBERCOM). But an overall strategy was still in the works.

According to C4ISRNET a strategic document entitled the “The Joint Force Headquarters-DOD Information Networks Support Plan for DODIN operations and Defensive Cyber Operations-Internal Defensive Measures,” was approved by the commander of JFHQ-DoDIN, Lt. Gen. Alan Lynn and Adm. Rogers near the middle-end of September, one year after the planning process began. According to a spokesman quoted in the article, this is the “first planning effort to fully address JFHQ-DODIN's mission to secure, operate, and defend the DODIN. . . . JFHQ-DODIN continues to evolve the plan to provide greater detail, including regional and functional support, in order to transition into a formal campaign plan.” Translation: “We’re making progress. Stay tuned for more.”

New CISO and Cyber Awareness

Cybersecurity efforts at the Air Force are having organizational and cultural impacts. In a memorandum late last month sent to all Air Force personnel, Lt. Gen. William J. Bender, the Air Force’s Chief Information Officer (CIO), announced that he was establishing the Chief Information Security Office (CISO) and beginning a yearlong Cyber Secure campaign in October to address cybersecurity throughout the service. In a public statement about the memo, Bender said. “Any computer system capable of communicating with other computer systems in some way is part of cyberspace. . . . Most modern military equipment -- from a humble truck to a B-2 (Raider) bomber -- has some form of processor and is thus reliant upon and a part of cyberspace.” Bender is seeking to get everyone in the Air Force to personalize the mission implication of cybersecurity. “Going forward, we must position cyber at the forefront of our thinking, planning and operations to successfully support the five core [Air Force] missions."

Cyber Contract Awards

The Navy made news when it awarded contracts to seven companies for its Cyberspace Science Research Engineering and Technology Integration program. Each of the 3-year contracts has a two-year option period and are worth a combined total of at least $609 million, but could reach more than $1 billion if all the options are exercised. The seven companies will provide services including technology assessment, development and transition; requirements analysis; systems engineering; operational and technical support; experimentation support; hardware and software development and prototyping; modeling and simulation; training; and security engineering/cybersecurity.