Cyber

New assistant secretary of defense wants to focus on return on investment for cyber operations

In his first public remarks since taking the job, ASD for Cyber Policy Michael Sulmeyer described the institutionalization of cyber across the DOD over the last 10 years.

By Mark Pomerleau

September 6, 2024

Members of the 106th Rescue Wing Communication Flight stand in formation at F.S. Gabreski Air National Guard Base, Westhampton Beach, New York National Guard, during their unit's redesignation ceremony to become the 106th Communications Squadron, February 4, 2024. (U.S. Air National Guard photo by Staff Sgt. Kevin Donaldson)

The newly minted and first-ever assistant secretary of defense for cyber policy wants to focus on the broader return on investment for cyber operations across the government and the nation.

Michael Sulmeyer, four weeks into his job that was created by Congress, explained in his first remarks since assuming the role that it’s not always about quantity, but quality and return on investment of cyber activity that he’ll be looking for to measure success going forward.

“I’ve been talking with my team about and trying to talk with other partners across the government about is, how do we keep score of ourselves? It’s one thing to count the number of operations or something like that, or to count the number of hunt-forward [operations]. There is a power in quantity, but increasingly how we talk about our return on the nation’s investment in us,” he said in remarks Friday at the annual Billington Cybersecurity Summit. “Not just DOD, but the cyber community more broadly, private sector, public, I think is an area I’m looking to try to work on, again in the weeks and months ahead of telling that story, at least from the Office of the Secretary of Defense side.”

The term “hunt-forward” refers to physically sending defensively oriented cyber protection teams from the U.S. military’s Cyber National Mission Force (CNMF) to foreign countries at their invitation to look for malicious activity on their networks. These operations are mutually beneficial, officials have said, because they help bolster the security of partner nations and provide Cybercom — and by extension, the United States — advance notice of adversary tactics, allowing the U.S. to harden systems at home against these observed threats.

Sulmeyer, who previously served as the Army’s principal cyber adviser, sees his job as helping the principal cyber advisers of each service understand the broader picture about where the DOD and U.S. Cyber Command are going, to inform how the services’ training, organizing and equipping of their cyber forces can evolve to have relatively common standards across the department as a whole.

He will also be certifying Cybercom’s cyber operations budget, working with the Pentagon’s chief information officer who already certifies the department’s cybersecurity and IT budget.

“I’m supposed to focus on understanding the cyber operations part of Cyber Command’s budget and then DOD-wide. That means that there’s an opportunity to set some priorities upfront with other department leaders to say, here’s where we want to go in the future, we have a strategy, now let’s look at what does that set of investment priorities go. Then through the budget process every year Congress has given us that mechanism to work with the services and see how that actually translates at that level,” he said.

Cybercom has been given service-like authorities, and the new assistant secretary position will help oversee those, allowing the combatant command to focus more on the warfighting aspect of cyber.

Sulmeyer — who has served for many years in key cyber-related positions across the Defense Department as well as on the White House’s National Security Council staff — also reflected on the institutionalization of cyber within DOD and the military.

“What it strikes me as we now see, 10 years on, an institutionalization of cyber issues across the services and across the Department of Defense. It just wasn’t there those years ago,” he said. “That means, for example, you get a lot of repeat players … Now, most people, most of the time, have had multiple touch points in previous jobs with cyber issues. It makes for a much more dynamic series of discussions and decisions.”

Several experts and members of Congress indicated that the creation of the new assistant secretary position signified a maturation of cyber across DOD.

Sulmeyer also wants to focus more on international partnerships to boost the collective power of the U.S. and its allies.

“The big lesson I take away is, I’m looking at partnerships where one-plus-one equals more than two,” he said. “A lot of times partners will come [and say],’Well, if you do this and we do this, well, it’s the same thing if we just did it independently — same outcome.’ What I’m interested in is, where does the outcome actually grow as a function of one-plus-one equals actually more than two?”

The 2023 DOD cyber strategy — in conjunction with the national defense strategy — added a fourth mission of enhancing partnerships to Cybercom’s initial three missions of defending the nation from digital threats, protecting the department’s networks, and conducting cyber operations for combatant commands to support joint force ops and objectives.

“The good news is we have so much rich history in cyberspace of where that has happened that I’m very optimistic going forward, again, months and years ahead, that’s going to be a big area of focus for us,” Sulmeyer said.

Cybercom has prioritized hunt-forward operations as a means of improving partnerships with other nations to bolster collective defense. The command has executed roughly two dozen of these operations every year, according to officials, and they have carried them out on every continent.

“The Cyber National Mission Force conducts about two dozen defend-forward operations a year where we go out with foreign partners, foreign government networks and hunt and find [Chinese], Russian, Iranian threats to the networks that all of us rely on,” Nicholas Hull, deputy commander of the Cyber National Mission Force, said at a conference in June. “At some point, it moves off the DOD network, it moves on to a commercial network and then it moves on to a foreign partner network. We’re actively hunting, finding and eradicating threats on foreign networks. We have hunt-forwards teams out today doing that across multiple geographic combatant commands, finding threats, helping allies, identify what they need to do to plug the holes in their networks and evict those threats — and then bringing that information back and feeding it to partners in industry, partners across the government.”

Officials in the past have noted that these partnership can be vital as an ally or friendly nation might have access or authorities that the U.S. doesn’t possess, allowing them to act against a common threat or target.