SASC proposes reorganization of Pentagon’s IT, cyber leadership
In an effort to align IT and cyber responsibilities, senators are proposing to create a new Undersecretary of Defense for Cyber, Information, and Networks position within the Pentagon.
The language to create the new role is included in the Senate Armed Services Committee’s draft of the fiscal 2027 National Defense Authorization Act (NDAA), according to a summary of the bill. A committee staffer told reporters Thursday that the undersecretary would serve in a dual-hatted role as both Defense Department chief information officer and principal cyber advisor to the secretary of defense.
The Pentagon’s CIO serves as the top advisor for information technology matters while also managing a broad portfolio comprising the department’s IT enterprise, digital modernization and defensive cybersecurity posture.
In contrast, the principal cyber advisor focuses on the military’s offensive cyber capabilities and operations. The position is responsible for overseeing readiness of the DOD’s cyber forces in coordination with U.S. Cyber Command.
Lawmakers in the past have urged the Pentagon to better align the two positions to avoid conflicts between activities — especially among the lines where the CIO’s defensive network management ends and Cybercom’s operational activities begin.
“As the evolution of cyber started to mature, we realized that there were some frictions and gaps between protect-and-defend activities of the CIO and the principal cyber advisor,” the staffer said during a background briefing on Capitol Hill. “So within this new undersecretary, what we’ve actually done is merge these underneath the undersecretary.”
The Undersecretary of Defense for Cyber, Information, and Networks would also oversee the Pentagon’s Chief Digital and Artificial Intelligence Office (CDAO) to also better integrate AI technologies into the department’s cyber operations, another Senate staffer said.
If the language is approved, the CDAO will exist as its own entity that is nestled within the new undersecretary’s purview, they added.
The issue of fragmentation between cyber and IT was also present in the House Armed Services Committee’s version of the FY27 NDAA, which was approved by lawmakers June 5. The bill included language that directs the Pentagon to review and “as needed,” reorganize its cybersecurity, IT, network defense and defensive cyber operations “to establish clear accountability, reduce duplication and fragmentation, and improve the alignment and integration of cybersecurity efforts across the Department.”
