DOD renewing focus on foundational cyber intelligence

U.S. Cyber Command and the Defense Intelligence Agency are conducting a series of pilots and sprints to evaluate ways to improve foundational cyber intelligence.
Airman 1st Class Gerald Mack, cyber operator with 175th Cyber Operations, Maryland Air National Guard, monitors cyber attacks during Exercise Southern Strike at Camp Shelby, Mississippi, April 21, 2023. (U.S. Army National Guard photo by Staff Sgt. Renee Seruntine)

The Pentagon is kicking off a series of pilots and “sprints” to evaluate and improve how it provides what it calls foundational cyber intelligence.

In his first two months as director of the Defense Intelligence Agency, Lt. Gen. Jeffrey Kruse, as part of his threefold approach to setting the organization’s course, is addressing new and emerging security and intelligence challenges that include, among others, cyber and AI.

As part of that effort, he has launched a 90-day sprint to address foundational military intelligence for cyber, Kruse told the House Armed Services Subcommittee on Intelligence and Special Operations on Thursday.

DIA is responsible for providing intel on foreign militaries and owning all the intelligence directorates, or J2s, at the combatant commands.


Earlier in the week, Gen. Timothy Haugh, commander of U.S. Cyber Command and director of the National Security Agency, told Congress that he and Kruse are working on pilot efforts to expand cyber intel.

“We think that growing the foundational cyber intelligence of the department is [a] benefit, not just to U.S. Cyber Command — it’s all the other combatant commanders that we partner with every day. For us to do multi-domain integration, it starts with our understanding of our adversaries,” Haugh said at a Senate Armed Services Committee hearing Wednesday.

“When the process normally works for foundational intelligence, that’s our start point, particularly in crisis to generate options. Today that is largely falling on Cyber Command and NSA. We want to see that grow across the defense intelligence enterprise, and Gen. Kruse as the new director and I are kicking off some pilots together to be able to look at how could we begin to expand within DIA’s architecture, the amount of cyber intelligence focused — that focus that is out there to meet the need for not just us, but the other combatant commands as well.”

Cyber intelligence and intelligence support to cyber has often seemed elusive, with officials explaining the inherent differences and challenges associated with it relative to traditional military intelligence, especially since it is also so new.

When it comes to foundational intelligence, much is known about the physical world and the platforms like tanks and airplanes that forces have been using for decades. But that is still lacking in the cyber or network realm where detailed intelligence on foreign computer systems, configurations and architectures are paramount for successful operations. This also extends into the open-source world of social media as well.


For years, dating back to when Cybercom was created, there have been talks about building the capability and capacity for developing organic cyber intelligence within the U.S. military. Relatedly, as cyber has grown in importance, there have been increasing discussions at the Defense Intelligence Agency regarding what constitutes foundational cyber intelligence.

Additional challenges include the relationship between Cybercom and NSA. Despite the close linkage — the two organizations share a boss and are co-located — NSA has a fundamentally different mission focused on foreign intelligence targets. Having a dedicated military cyber intel capability under Title 10 — the part of U.S. law that governs the armed forces — is considered increasingly important.

“For me, understanding how intelligence supports cyber and how cyber supports intelligence — those are really important things for us to do. In the pre-9/11 days, right, you think about targeting and you think about like in the Cold War days, like what our intelligence enterprise would do when it was enough to just identify, ‘Oh, this is my adversary’s airbase or headquarters,’ whatever. Then it’s like, you put munitions on it,” Mieke Eoyang, deputy assistant secretary of defense for cyber policy, said at a Center for a New American Security event in Washington in September. “In the cyber domain, it’s not just enough to identify where that thing is physically located. It’s like, well, what is its network diagram … [and] how do I think about those things?”

DIA and Cybercom have been working together for the last few years to improve cyber intelligence and cyber support to intelligence.

The top officials in front of Congress this week signaled that renewed and continuing partnership in building this out.


Last year, a provision passed the Senate mandating the creation of a dedicated cyber intelligence center. However, that issue was scrapped from final legislation.

“The conferees agree that intelligence support to the planning and execution of cyber operations conducted below the level of armed conflict, for preparation of the operational environment, and at each level of operational art — strategic, operational, and tactical — must be substantially improved. The conferees believe that the causes of, and solutions to, this requirement are complex,” a congressional report stated regarding the dropping of the proposal. “The conferees are not prepared at this time to dictate a specific organizational solution, but expect the Secretary of Defense to generate and implement one.”

The report noted that as a still maturing organization, Cybercom must improve its ability to define and articulate requirements for intelligence support, noting it’s likely the command will still require assistance from the DIA and NSA.

The report further suggested that the cyber mission force — the personnel each military service provides to Cybercom to conduct cyber operations — does not possess sufficient deep technical expertise nor adequate access to data to generate the required level of analysis organically.

Cybercom had begun the process of establishing such a center prior to the proposed congressional mandate.


The 2023 Department of Defense cyber strategy also sought to make intelligence support for cyber ops a priority, expanding on the 2018 version that simply asserted the department “will conduct cyberspace operations to collect intelligence and prepare military cyber capabilities to be used in the event of crisis or conflict.”

“The 2023 DoD Cyber Strategy places renewed emphasis on the role intelligence plays in the planning and execution of cyberspace operations,” Ashley Manning, acting assistant secretary of defense for cyber policy, stated in written congressional testimony this week. “The Office of the Under Secretary of Defense for Policy is working closely with the Office of the Under Secretary of Defense for Intelligence and Security, and through them, the Defense Intelligence Enterprise, to ensure that the intelligence requirements of the cyber warfighter are prioritized. The Department will improve business practices and human capital management processes to expand cyber intelligence production and reduce barriers to information sharing consistent with applicable law, policies, and procedures.”

The strategy notes the DOD will prioritize necessary reforms to meet the intelligence needs of the cyberspace operations community.

Latest Podcasts