What would it mean to elevate the Pentagon’s network defense command?

There are currently proposals in each chamber of Congress that would direct the Department of Defense to elevate the organization charged with operating and defending its information network to a sub-unified command.

Joint Force Headquarters-DOD Information Network was created in 2015 as a subordinate headquarters under U.S. Cyber Command to protect and defend the Pentagon’s network globally. JFHQ-DODIN is led by a three-star general who also serves in a “dual-hat” role as the director of the Defense Information Systems Agency, a much bigger combat support agency providing critical IT services to warfighters.

The proposals — part of each chamber’s annual defense policy bill, which still must be reconciled before becoming law — follow the elevation and sub-unification of Cybercom’s elite Cyber National Mission Force in December 2022. Comprised of 39 joint teams, CNMF is thought to have the DOD’s most talented cyber operators aligned in task forces organized against specific threat actors, with the core mission of defending the nation against digital threats.

Sub-unified commands are designed to conduct a portion of a mission assigned to the parent combatant command. They’re established because that particular mission is thought to be a sustained, higher priority. Cybercom itself was initially a sub-unified command under U.S. Strategic Command until it became a unified combatant command in 2018.

In CNMF’s case, sub-unification did not come immediately with new resources or personnel. But in practical terms, the move signified the maturity of the group and provided a better resource pipeline for personnel from the services, according to officials.

Attempted cyber intrusions are only increasing in scale and sophistication — all during relative peacetime, which is to say that the U.S. is not engaged in a direct armed conflict, although there’s an ongoing tit-for-tat in cyberspace to steal secrets and undermine U.S. interests. While the Defense Department has stopped listing specific statistics publicly in recent years, in 2018, officials stated there were typically 1 billion cyber operations targeting the DODIN each month.

The DODIN would be under constant stress and attack if things were to ever escalate to a true “hot war.”

Thus the case for elevating JFHQ-DODIN currently making its way across Congress. According to comments in congressional hearings this year and statements by lawmakers, the proposals follow the sentiment that the offensive component of Cybercom tasked with defending the nation was elevated and, given the exponential threats in the cyber domain, the defensive component should be too.

“The reason why they need a unified command is because the current JFHQ-DODIN model is plagued by persistent problems of staffing shortages, lack of prioritization and a clear shortfall in institutional capacity. I don’t think it’s responsive enough, I don’t think it’s able to engender the right level of staffing the way it’s organized,” Mark Montgomery, senior director of the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation and former executive director of the congressionally mandated Cyberspace Solarium Commission, said in an interview. “The department has faced multiple, significant cyber incidents over the last several years, but its primary defensive organization remains starved of resources.”

The defensive cyber mission in the DOD involves many organizations and chains of command. For example, the DOD chief information officer and the commander of Cybercom both have DODIN defense responsibilities.

The DODIN is a federated network of networks with 46 DODIN areas of operation comprising each service, agency and field activity, as opposed to a singular monolithic enterprise network for the entire DOD.

Sources have indicated that the cyber terrain within the DOD is not organized to match the way the U.S. military fights — it’s aligned to service components as opposed to warfighting commands.

Unlike the CNMF’s mission, there is also a significantly larger workforce dedicated to protecting the DODIN, estimated at around 300,000 in the overall network operations force that not only includes defensive cyber protection teams — which are part of the cyber mission force, the forces and teams each service provides to Cybercom to conduct cyber operations — but also local defenders, system administrations and cybersecurity service providers.

But what the elevation might look like is unclear. The current legislative proposals simply direct the Pentagon to elevate JFHQ-DODIN without specifying exactly how to elevate it or if it should be separate from DISA.

Senate Armed Services Committee ranking member Roger Wicker, R-Miss., in a long-term spending plan unveiled in May, recommended elevating JFHQ-DODIN to help DOD and Cybercom be “better postured for future and emerging threats in the cyber domain.”

Rep. Don Bacon, R-Neb., who proposed the provision on the House side, previously noted that there was broad agreement on the House Armed Services Committee that DOD’s cyber defense mission should have an organizational structure and resource priority commensurate with its responsibilities.

“As we looked at options, we felt the obvious move was to mirror what the Department did for the offensive side which elevated the Cyber National Mission Force to a subordinate unified command in 2022. The leadership of the Department has been clear on the mission improvements they’ve seen since CNMF was elevated so it was just a matter of applying that same logic to the defensive side of the mission,” he said in a statement previously.

Cybercom chief Gen. Timothy Haugh acknowledged that under potential sweeping changes to the way the command is organized, JFHQ-DODIN could be tweaked.

And the No.2 official leading the JFHQ-DODIN is encouraged by lawmakers’ support. “I appreciate everything that Congress is doing to focus on defense,” Brig. Gen. Heather Blackwell, deputy commander of JFHQ-DODIN, said in an interview on the sidelines of the TechNet Cyber conference in June. 

For some, the key question that needs to be answered is: What problem is Congress trying to solve?

“We [must] clearly identify what the problem or challenge is we’re trying to fix. I’m not for just making a unified command because we think it’s going to be better than it is now. What’s broken and how do we enable a fix is the most important thing,” said a former cyber defense official who requested anonymity to talk freely. “I would argue there’s probably many different ways you can solve this problem … The question is, can we better secure, operate and defend the DODIN with a unified command or the command that exists?”

According to Montgomery, elevation will bring JFHQ-DODIN more attention, authorities and manpower.

“Elevating JFHQ-DODIN to the sub-unified level will afford it the same benefits that CNMF received when it was elevated. It improves the chances [of], but does not guarantee, improved outcomes. However, it gives the organization a fighting chance in the bureaucracy resource fights. It’s illogical to put our offensive and defensive responses on different frameworks,” he said.

Montgomery added that the risk of not elevating JFHQ-DODIN would be a lack of agility to counter the threat, given he doesn’t believe the organization has been properly manned or operationally oriented. He added that there has been a lack of senior leader-focused effort necessary for the threat environment.

A second former defense official in the cyber missions space who also requested anonymity to talk freely indicated that JFHQ-DODIN would be more operationally effective with command and control properly aligned.

Incorrect command and control will always result in sub-optimal performance, the official said, noting that JFHQ-DODIN will be less effective in its mission to defend the DODIN due to its lack of resources in the way of manning, training and equipping, lack of information, and improper alignment.

One of the former officials noted that creating a sub-unified command would give the organization more of a voice to set training and readiness requirements, execute command and control, and coordinate orders across its area of responsibility and assigned mission. It could also provide new responsibilities to shape the operations area or battlespace — in this case, the DODIN — to give the DOD an operational advantage in the future. 

Most sources agreed that JFHQ-DODIN is a busy organization with a challenging mission. Part of that stems from the challenges of overseeing a federated system and directing mission owners to shore up their slices of the network. Others pointed to the dual-hat relationship with DISA, which has been complicated and oftentimes competing.

Sources indicated that DISA had many more staffing and resources while staffing at JFHQ-DODIN has been significantly lower.

“DISA reports to JFHQ-DODIN when it comes to DODIN operations. Being under DISA’s [administrative control] was only a disadvantage to JFHQ-DODIN in every single way,” according to one of the former officials, noting one of the biggest areas of contention was prioritization for manning.

Additionally, sources have indicated that there have been overlaps and redundancies between staff and functions of each organization given the similarities of JFHQ-DODIN’s role and mission and DISA’s role and legacy supporting the DODIN.

Resulting issues of manning, resourcing and greater attention given to DISA have led some officials to question JFHQ-DODIN’s maturity to even act as a sub-unified command.

If they were to split, several sources indicated that JFHQ-DODIN should be led by a two-star general officer, similar to CNMF, putting them on equal footing.

On the flip side, having the administrative connection to DISA could benefit JFHQ-DODIN in the short term after an elevation.

“In the short term, this command would benefit from both the tie to DISA and the tie to Cybercom because some of these are operational issues that have inherently administrative or technical solutions, and DISA will be the likely vehicle for that administrative or technical solution,” Montgomery said.

Ultimately, the risk of not doing something is that the DODIN will remain under attack without the resources it needs.

“You can continue to meddle around with incremental solutions that don’t get you to the right answer, or you can attempt something more significant, expansive change that gives this mission the kind of attention and focus it needs,” Montgomery said. “Am I certain there’s a way you could fiddle with the current JFHQ-DODIN and make it better? Yes. Do I think you will make it best? No. The way you’ll make it best is to establish this sub-unified command.”