An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

NEWS | Nov. 21, 2024

Enabling DoD to More Effectively Manage Cyber Risk to All DoD Missions as a Unified Force

JFHQ-DODIN Information Series Volume 1 Issue 1

Joint Force Headquarters-Department of Defense Information Network (JFHQ-DODIN) reports directly to U.S. Cyber Command (USCYBERCOM). It bridges the gap between tactical level organizations and strategic goals, as a command and control (C2) headquarters that operates at the operational level of warfare. Its primary mission is to secure, operate, and defend the Department of Defense Information Network (DoDIN). JFHQ-DODIN is empowered to synchronize, coordinate, and direct all DoD Components that conduct DoDIN operations, security, and defense, which includes all Combatant Commands, Services, Defense Agencies, Field Activities, and other designated DoD organizations. JFHQ-DODIN simultaneously and continuously operates as a supported command for the U. S. Cyber Command mission for global or trans-regional operations, and as a supporting command to all other DoD Components to manage cyber risk to each of their missions. 

JFHQ-DODIN was established to improve DoD’s ability to effectively manage cyber risk to all DoD missions. It’s role centers around ensuring collective force and cyber terrain readiness, enabling DoD to operate as a unified force in response to adversary activity, meet DoDIN operations requirements, and organizing the ever-evolving DoDIN battlespace. This article is first in a series about JFHQ-DODIN’s mission area and provides a foundational overview for the JFHQ-DODIN Information Series.

The Emerging Challenge & A New Norm to Address the Challenge

The AT&T divestiture, initiated in 1974 and completed by the mid-1980s, achieved the desired effect. All U.S. telecommunications sectors became competitive, generating a surge of new information technology. This led DoD and the entire federal government to dramatically increase their use of and thus mission dependency on, this new technology. In response, Congress acted by passing the Clinger/Cohen Act in 1996 establishing the Chief Information Officer (CIO) community with the primary purpose of realizing economies and efficiencies in the federal government’s ability to acquire this technology. Over time, Congress expanded the CIO’s role with the establishment and maturation of Title 40/44 authorities. In response to the ever-increasing amount of sensitive information on federal networks that needed to be protected, Congress passed the first of a series of Federal Information Security Management Acts (FISMA) in 2002 that created the Information Assurance Program. A year later, DoD established the Computer Network Defense Program to manage risk to networked enabled capabilities. Commercial best business practices and other approaches were also established and applied, all in an attempt to manage cyber risk more effectively, for all missions of the federal government.

As these efforts were implemented, the level or degree to which DoD missions depended upon network enabled capabilities and the information that resided on the DoDIN, continued to increase. At the same time, the level of effort, determination, and sophistication of adversary activities against the DoDIN also dramatically increased and outpaced many of these efforts. Risk to mission continued to increase. Discussions, largely within context of the DoD Mission Assurance Program, began questioning why DoD was not dealing with this source of operational risk in the same manner in which DoD uniquely addresses all other sources of operational risk. In 2010, DoD decided to treat cyber risk in the same manner, with the declaration of cyberspace as an operational domain. The declaration centralized and operationalized the risk management approach and triggered the following events:

  1. A Unified Command Plan (UCP) mission and specified responsibilities were established and assigned to a combatant commander (CCDR)
  2. CCDR organized the assigned mission.
  3. CCDR established authoritative lineage from the UCP mission through the CCDR and direct subordinate components, down to the forces executing the mission.
  4. Assigned battlespace was organized in terms of forces and terrain.
  5. All joint operational norms were applied, and operations began when authorized.

The UCP mission to conduct full spectrum cyberspace operations (CO) was organized into three mission areas – Defend the Nation Against Strategic Attack, Combatant Command (Offensive CO) Support, and Secure, Operate, and Defend the DoDIN. Defend the Nation mission area was assigned to the Cyber National Mission Force Headquarters in 2012; Combatant Command Support mission area was assigned to each JFHQ-Cyber in 2013; and the Secure, Operate, and Defend the DoDIN Mission Area was assigned to JFHQ-DODIN in 2014. This mission area was based on the UCP assigned responsibility to direct DoDIN operations, security, and defense. There are many similarities across all mission areas but there are unique elements to this mission area.

  1. JFHQ-DODIN has standing authorities to direct continuous operations for both steady state and crisis/contingency operations.
  2. JFHQ-DODIN simultaneously and continuously operates as a supported and supporting command.
  3. JFHQ-DODIN is the only battlespace owner, with the DoDIN as the assigned Operations Area (OA).
  4. JFHQ-DODIN supports all DoD core functions: 1) combatant command joint warfighting, 2) services organize/train/equip, 3) DoD Intelligence Community and 4) departmental functions.
  5. Requires DoD and approximately 250,000 forces to transition to a completely new norm, in a new operational domain, while continuing to conduct operations.

Mission Area – DoDIN Command Operational Framework (DCOF)

The mission assurance of all DoD components is dependent upon the DoDIN, but no DoD component can independently manage all cyber risk to their mission. Each DoD component has direct authority over a portion but not all DoDIN terrain and forces that their mission is dependent upon. The percentage of direct control varies significantly by type of DoD component, ranging from as low as 10 percent to as high as 80/90 percent. Within context of the DoDIN Command Operational Framework (DCOF), the portion that a DoD component has direct authority over, is referred to as a DoDIN Area of Operations or DAO. The totality of DoDIN terrain and forces that their mission assurance is dependent upon, is referred to as their DoDIN Sector. Each DoD component’s DAO is a subset of their own DoDIN Sector, and many DAOs support multiple other Sectors. For example, each service cyber component DAO simultaneously supports their service’s Sector and all combatant command Sectors. The DISA DAO supports all Sectors. Up to 17 DAOs support a geographic combatant command Sector. All DAOs operate under the authority and direction of JFHQ-DODIN, in support of USCYBERCOM and all Sector missions.

DODIN Sectors and DAOs are an essential element of the DCOF. In this mission area, this framework establishes the required authoritative lineage, from the UCP through all echelons of command or levels of warfare and ultimately to the forces executing the mission. The DCOF enables JFHQ-DODIN to execute the mission to simultaneously and continuously operate as a supported command for global or transregional operations, and as a supporting command to all DoD component DoDIN Sectors. Absent of JFHQ-DODIN exercising operational control over its DoDIN Cyber Protection Teams (CPTs) as an operational level reserve force, the totality of DoDIN terrain and forces are under the authority of a DAO commander or director. As an operational level C2 headquarters, JFHQ-DODIN does not direct DoDIN Forces. JFHQ-DODIN only directs DAOs in both their supported and supporting roles. DAOs and their subordinate battlespace owners direct DoDIN Forces. JFHQ-DODIN empowered with Directive Authority for Cyber Space Operations (DACO), enables all DoD components, as DAOs, to operate as a unified force. The DCOF enables DoD to transition from decentralized risk management to centralized risk management, under the authority and direction of a Combatant Commander.

Organizing DoDIN Battlespace

Organizing a battlespace in terms of forces and terrain in cyberspace has unique aspects to it but also has similarities to norms in the land warfare domain, which as the name describes is the domain of combat that takes place on land. In cyberspace, the architecture of the DoDIN defines the actual terrain itself and dictates many operational factors such as flow of authorities and span of control. Functionally, network architectures are hieratical in nature. Organizing battlespace in both domains must start at the OA level, follow the terrain, and work down echelons. In the land warfare domain, the scope or size of the area of operations assigned to a subordinate battlespace owner, is based on capability and capacity of the organization and the type or nature of the mission, terrain, and threat. Organizing DoDIN battlespace requires following the architecture from the top down. Then determining what organization is best postured to be empowered and enabled to direct all forces operating in their area of operations to secure, operate, and defend their assigned, discrete portion of the DoDIN.

For example, an Army or Marine Division will organize their OA from the top down in an echeloned approach. Once their OA is defined, they first define the area of operations for the next echelon of C2, brigade/regiment areas of operations. Then the brigade/regiment organizes their area of operations into battalion areas of operations. Then battalion to the company level and down each echelon of C2. Generally, this same concept applies to organizing the DoDIN OA, with the caveat that the diversity with DoD component architectures will result in some nuanced approaches. JFHQ-DODIN first organizes the DoDIN OA by DAO, the next echelon of C2. Each DAO must then follow the terrain/architecture and designate subordinate tactical AOs. These AOs must then organize their area of operations with subordinate areas of operations as necessary, until all terrain/architecture and forces are accounted for under the DAO’s authority. Again, at all echelons, areas of operations are designated by following the architecture/terrain and determining the organization best postured to be empowered and enabled to direct DoDIN Forces to secure, operate, and defend a portion of the DoDIN.

However, there are some key differences. Divisions organize their battlespace based on their common core mission and that of their subordinates. JFHQ-DODIN’s core mission is to secure, operate, and defend the DoDIN. All DoD components, except DISA and service cyber components, have a completely different core mission. As a result, JFHQ-DODIN organizes the battlespace with all DoD components that conduct DoDIN operations and defense, agnostic to their core mission. The designation of DoDIN battlespace owners must be based on the terrain/architecture, which in most cases does not follow existing chains of command that were established for their core missions. The designation of DAOs and their subordinate areas of operations is based on determining which organization is best postured to assume that role. When necessary, these DAO Commanders and Agency Directors are empowered with DACO to achieve unity of action. DACO is a Secretary of Defense established authority, to compel DoDIN operations, security, and defense actions as a unified force.

Conclusion

The catalyst for DoD declaring cyberspace an operational domain was to improve DoD’s ability to manage cyber risk to all DoD missions. Managing risk to a mission is the responsibility of military organization commanders and/or DoD agency directors. The intent was to transition away from an administrative, best business practice approach, within a policy and governance framework, with decentralized risk management where DoD component heads viewed the DoDIN largely as a commodity or utility. Instead, the focus is on operationalizing DoD’s approach to managing cyber risk by applying joint operational norms, with centralized risk management where all of DoD operates as a unified force, under the direct authority of a combatant commander established by DCOF, with commanders and directors empowered and enabled to effectively manage cyber risk to their mission.  

The scope, scale, and complexity of the DoDIN is immense. Transitioning all DoD components and approximately 250,000 DODIN Forces from a 30+ year old norm, to a completely new operational framework, in a new operational domain; all while continuing to conduct operations, was and remains, a significant challenge.