Defense Department cyber forces are tasked first and foremost with defending DoD networks. The first of three core mission sets for U.S. Cyber Command and its cyber mission force, which is poised to reach initial operational capability on Friday September 30 according to Cyber Command Commander Michael Rogers, is to defend the Department of Defense Information Networks. As part of this effort, there has not been a strategic vision for such a mission, until now.
C4ISRNET has learned that a strategic document, titled the "The Joint Force Headquarters-DOD Information Networks Support Plan for DODIN operations and Defensive Cyber Operations-Internal Defensive Measures," was approved by the commander of JFHQ-DoDIN, Lt. Gen. Alan Lynn and Adm. Rogers on September 21, 2016.
JFHQ-DoDIN is tasked with global defense of the DoDIN.
According to a JFHQ-DoDIN spokesperson, the new strategic plan is the "first planning effort to fully address JFHQ-DODIN's mission to secure, operate, and defend the DODIN. It will be executed through a standing order that will provide direction for the operation of the DODIN. JFHQ-DODIN continues to evolve the plan to provide greater detail, including regional and functional support, in order to transition into a formal campaign plan."
During a presentation earlier this year at the AFCEA Defensive Cyber Operations Symposium, JFHQ-DoDIN’s Deputy Director for Strategy and Plans Air Force Lt. Col. Patrick Daniel equated DoDIN defense to whack-a-mole.
"In the past, as different incidents have happened across the DoDIN, we have been playing whack-a-mole – something pops up, we send a team," he said, adding that this old process was not feasible.
The deliberative planning process for the plan beganin September of 2015. Since this time JFHQ-DODIN has collaborated with mission partners, combatant commands and agencies within DoD to develop a strategic outline for operational-level, command and control of defensive cyberspace operations-internal defense measures.
Daniel said that understanding adversarial intent in cyberspace was the first step in undertaking a strategic look at DoDIN defense. "We can say that our adversaries in cyberspace, number one, attempt to disrupt our operations, number two, they want to steal our information, and number three, they want to gain access into our networks for follow-on operations," he said.
In taking this information, DoD can get ahead of adversaries. "We have not done [this] before in the DoD," he said. "Now we’re taking this deliberate strategic look going to plan, which will ultimately become an operation that governs our day-to-day DoDIN operations and [
Defensive Cyberspace Operations-Internal Defense Measures]
DCO-ICM activities globally."
With the eventual implementation of the plan, Daniel said named operations in cyberspace, describedby JFHQ-DoDIN’s deputy commander Air Force Brig. Gen. Robert Skinner as an operation that might target a particular system to ensure protection or the synchronization of maneuver forces for an objective, will go down.
While JFHQ-DoDIN was stood up in September 2015, there are still no plans for full operational capability. "As of right now there is not [an FOC date]," Skinner said. "We are working with our higher headquarters to actually determine what the specific mission function and tasks that are required that will determine what that date will be."
Daniel said FOC will be conditions based adding that "at our IOC, we’re able to do a certain number of functions."
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.