An official website of the United States government
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

NEWS | Jan. 13, 2025

JFHQ-DODIN: Protecting the DoDIN – Enabling the National Defense Strategy

JFHQ-DODIN Information Series Volume 1 Issue 7

The DoD Information Network (DoDIN) is under continuous attack by a wide range of malicious threat actors, with ever increasing levels of determination and sophistication.  All National Defense Strategy (NDS) objectives and DoD component missions are dependent upon network enabled capabilities and information that resides on the DoDIN. Joint Force Headquarters-Department of Defense Information Network (JFHQ-DODIN) is U.S. Cyber Command’s operational arm responsible to effectively manage cyber risk in achieving these objectives and for all DoD missions by continuously synchronizing, coordinating, and directing operations, as a unified force, to secure, operate, and defend the DoDIN. As the battlespace owner of the DoDIN, JFHQ-DODIN is also responsible to assess and direct the current readiness posture of all DoDIN terrain and forces, and to shape the DoDIN areas of operations to gain a greater operational advantage in the future through campaigning. This issue provides an overview of the command’s history, current approach to operations, and a glimpse into future aspirations for the headquarters and mission area that strengthen strategic advantage for DoD.

Past: The Military Problem that Led to Establishing JFHQ-DODIN

The primary reason cyberspace was declared an operational domain, was to integrate and synchronize forces to defend and defeat adversaries utilizing this environment to cause harm, disrupt, deny, and take advantage of the US in all other warfighting domains, The declaration also improve the ability to manage cyber risk by enabling DoD to address this source of ever-increasing risk in the same manner, methods, and joint operational norms that DoD deals with all other sources of operational risk. JFHQ-DODIN was established and assigned the mission to apply joint operational norms in organizing the DoDIN battlespace and in synchronizing, coordinating network, security operations, and defense of the DoDIN as a unified force. The scope, scale, and complexity of this transition from old norm to new norm is immense. 

In the old norm, the DoDIN was largely treated as an information technology commodity or utility and not as a warfighting domain in which component commanders’ or agency directors’ responsibility include managing risk to their mission and the mission of others who rely on their cyber terrain. It was shaped by decades of independent decisions focused on gaining economies and efficiencies. Norms were based on commercial best business practices where each DoD component employed an independent or federated approach to operations and in incrementally creating DoDIN terrain over the decades with decentralized risk management. This presented an incredibly complex and high-risk environment with no global command structure for the totality of the DoDIN. By the late 1990s and early 2000s, the DoDIN had emerged as a vital operational asset comprised of more than 15,000 network enclaves each owned by a component commander or director responsible and accountable for their part of the DoDIN. With this federated approach DoD was incapable of operating as a unified force, resulting in an operational environment where risk assumed by one posed a risk to all.

The shift to viewing the DoDIN as a vital operational asset created the need for synchronization and a single entity empowered to direct and manage coordination from the purview of the entirety of the DoDIN environment. This realization led to the declaration of the Cyberspace Warfighting Domain (2009) and establishment of U.S. Cyber Command (2010). Once under the authority of a combatant commander, it triggered three basic decisions: establish an area of operations, designate a commander or director for that area, and assign responsibilities to that commander or director over the terrain. The DoDIN became the battlespace, JFHQ-DODIN was established in 2014, and the director of the Defense Information Systems Agency was designated a dual-hat role to also serve as the new organization’s 3-star commander. JFHQ-DODIN’s mission emerged to “direct cyberspace operations to achieve unified action in the security, operation, and defense of the DODIN to assure Department of Defense priorities and freedom of maneuver across the competition continuum.”

In essence, the DoD organizational changes making cyberspace operations an integral part of the global military operational environment set the stage for the shift moving from an administrative view to a new norm of an operational warfighter view.

Present: A New Norm

JFHQ-DODIN’s role as the DoDIN battlespace owner centers around ensuring collective readiness of maneuver forces, the ability to quickly identify vulnerabilities and mitigate risks, and overall strengthen the posture of the DoDIN to take proactive security and defensive actions against adversaries’ persistent threats and opportunistic and long-term malicious campaigns. The dynamic threat and risk factors require a multi-dimensional approach that reinforces uninterrupted network access and provides unhindered operations of systems and network-enabled capabilities.

Today, JFHQ-DODIN has organized the DODIN into 45 subordinate battlespace owners, referred to as DoDIN areas of operations (DAOs), as the center of gravity. JFHQ-DODIN exercises its standing Directive Authority for Cyberspace Operations (DACO) to orchestrate actions across the totality of the DoDIN, with each DAO operating as part of the unified force. The benefit of this approach has been a dramatic increase in speed and agility in managing cyber risk to DoD missions by building and synchronizing capacity. All DoD components conduct DoDIN operations and defense but very few have this as their core mission. DACO, the command’s unique authority, is different from all other command authorities because it is agnostic to the core mission and the chain of command associated with their core mission. DACO is also constrained to DoDIN operations, security, and defensive cyberspace operations.

Managing risk to the DoDIN and risk to DoD missions requires understanding the operational environment during the persistently contested steady-state, through transition to crisis contingency and conflict conditions. Managing risks includes understanding the security posture of the terrain and forces, assessment outcomes, current capabilities and future requirements, the threat environment, and the ability to manage the full life cycle of technologies with security and defense as part of the process. Dependencies on and interface with external entities such as the Defense Industrial Base and other commercial, academia, international/coalition, and federal government partners add to the complexity of protecting the DoDIN.

JFHQ-DODIN operates at the operational level of warfare, bridging strategic guidance and direction with tactical action. JFHQ-DODIN functions cover a broad range of activities which includes, conducting intelligence operations and situational monitoring to achieve situational awareness to inform force management, force direction, and movement and maneuver. JFHQ-DODIN simultaneously and continuously operates as a supported command for the USCYBERCOM mission for global or trans-regional operations, and as a supporting command to all DoD components as DoDIN sectors to direct actions to reduce cyber risk to their mission. 

The command’s five-year Campaign Support Plan includes long-term enduring pursuits and near-term objectives that identify actions to seize opportunities and set the security posture of the DoDIN. The command’s campaign approach focuses on ensuring 100% of the battlespace (the DoDIN) is assigned to a DAO, resiliency and network operations are coordinated, and target priority mission essential elements, and partnering to leverage and optimize the capabilities of each partner. Key aspects of the campaign include enhancing visibility and visualization through data analytics and artificial intelligence; and taking a mission thread approach for continually calibrating standards, risk, and cyberspace operations toward the assurance of all DoD missions while ensuring commanders and directors have the DoDIN related support and cyber-risk-to-mission information they need to accomplish their mission.

Internal-DoD partnerships push for changes in doctrine, policy, and processes to accurately reflect the secure, operate, and defend the DoDIN mission area responsibilities. These internal relationships develop common understanding to ensure technology and capability development, resource planning, training, and support activities reflect operational requirements and give commanders and directors more decision-making authority about what and how technologies connect to their networks and systems. External partnering seeks to increase information exchange opportunities about the threat environment, vulnerabilities, and mitigation options. This involves not only the organizations who are currently part of the DoDIN environment, but also with those organizations on which DoD has dependencies such as in the critical infrastructure field. Continually enhancing partnerships with commercial, federal government, and not-for-profit organizations to share information helps all involved.

Together these efforts directly support the National Defense Strategy’s emphasis on integrated deterrence and operations.

Future: Where We Need To Be & Aspirations

Just when you think you are fast, you have to get faster. Rapid advancements in technology and aggressive sophisticated adversary behaviors affirm JFHQ-DODIN’s mission because lessons learned show a unified approach increases overall speed of action. Establishing common standards, ensuring the necessary training, and conducting real-time assessments bolster DoD’s use of the DoDIN.

Looking to the next phase of maturation, the command is taking steps to ramp up readiness of the terrain and forces who conduct network operations, and on-DODIN security and defense. This includes focus on partnerships with those non-DoD entities that directly connect to the DoDIN or impact DoD operations. Expanding monitoring and reporting individual and collective readiness are essential to successful DoD operational outcomes and national security.

Changing the architecture, policies, and processes for multi-partner operations are also operational success factors. Key requirements relate to enhancing dynamic networking, data management, and rapid actions for security and cyber defensive maneuvers. Decisions must be based on joint and coalition perspectives for mission assurance supported by the deliberate convergence of command and control processes, technology development and employment, and human action.

Relevant data and analytics underpin terrain and force readiness. Leveraging cyber environment data drives thoughtful informed decision-making. By prioritizing resilience and mission assurance, and synchronizing with the DAOs and partners, JFHQ-DODIN ensures the ability to withstand disruptions and maintain operational effectiveness.