House bill directs Pentagon’s network defense arm to become subordinate unified command

The House Armed Services Committee passed a provision directing the elevation of the Department of Defense’s primary organization charged with defending its networks to a sub-unified command.

An amendment to the fiscal 2025 defense policy bill proposed by Rep. Don Bacon, R-Neb., which passed the committee late Wednesday night, would direct the secretary of defense to designate the Joint Force Headquarters-DOD Information Network as a subordinate unified command under U.S. Cyber Command.

JFHQ-DODIN is a subordinate headquarters under Cybercom responsible for protecting and defending the Pentagon’s network globally.

“There is broad agreement on the committee that DOD’s cyber defense mission should have an organizational structure and resource priority commensurate with its significant responsibilities,” Bacon, who is also the new chairman of the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems, said in a statement to DefenseScoop. “As we looked at options, we felt the obvious move was to mirror what the Department did for the offensive side which elevated the Cyber National Mission Force to a subordinate unified command in 2022. The leadership of the Department has been clear on the mission improvements they’ve seen since CNMF was elevated so it was just a matter of applying that same logic to the defensive side of the mission.”

As Bacon referenced, last year, the Pentagon elevated the Cyber National Mission Force — its elite cadre of teams responsible for defending the nation from cyberattacks — to a sub-unified command. This decision signified CNMF’s importance within the department for the mission it performs. While officials said the elevation didn’t mean CNMF would necessarily receive new resources or personnel anytime soon, in practical terms, it signified maturity of the group and will provide a better resource pipeline for personnel from the services — as it will be able to more clearly and with more authority direct the training requirements it needs from the services.   

What was not clear from the legislation is if it would sever the so-called dual-hat relationship in which the Defense Information Systems Agency and JFHQ-DODIN are led by the same person. DISA serves as a combat support agency providing critical IT services to warfighters and is much bigger than JFHQ-DODIN.

Other aspects of the relationship could complicate a possible elevation of JFHQ-DODIN.

Despite the separate reporting chains of command — JFHQ-DODIN to Cybercom and DISA to DOD’s chief information officer — command and control of each group can be complicated and competing in many cases.

DISA also has several directorates and divisions while JFHQ-DODIN’s staff has remained relatively small and has relied frequently on contractor support.

Lawmakers on both sides of Congress have recently raised the prospect of elevating JFHQ-DODIN.

“It’s my understanding that when the nation faces a cyberattack, there are two forces under your operational control that respond: the cyber national mission force and the Joint Force Headquarters-DOD Information Network. As you know, in 2022, the cyber national mission force was elevated to be a sub-unified command … How has this elevation helped Cybercom’s operational readiness to respond to attack?” Sen. Jacky Rosen, D-Nev., asked at a congressional hearing last month. “Would also elevating the DOD Information Network to a sub-unified command enable Cybercom to be more resilient in future cyberattacks?”

Others on the House side have raised similar issues.

“In December 2022, SECDEF officially elevated Cybercom’s defensive arm, cyber national mission force to a sub-unified command. The logic was that it would provide greater enabling resources for this critical mission set. With how much adversary activity we have witnessed against DOD networks, it would appear that your defensive arm Joint Force Headquarters could similar benefit,” Rep. Morgan Luttrell, R-Texas, said during another congressional hearing in April.

For his part, Cybercom commander, Gen. Timothy Haugh told lawmakers that such an elevation could be in the cards as part of a holistic evaluation of the future of the command.

The provision put forth by Bacon would also make clear that JFHQ-DODIN is the “lead organization for the network operations, security, and defense of the Department of Defense Information Network.”

The bill must still pass the full House and be reconciled with the Senate version before becoming law.