Pentagon’s first cyber policy chief targets better metrics for cybersecurity success

"There is power in quantity, but how we talk about our return on the nation’s investment is an area I’m looking to try to work on," Michael Sulmeyer said.

Michael Sulmeyer, the first-ever assistant secretary of defense for cyber policy, plans to spend the “weeks and months ahead” focusing on developing better ways to measure cybersecurity progress across the Defense Department.

Sulmeyer, who’s been in this role for four weeks, said while the number of cyber operations conducted by the Defense Department provides some insight into DoD’s cybersecurity progress, the department, along with the rest of the federal government and private sector, needs to focus on return on investment to measure cybersecurity success.

“One of the things I’ve been talking with my team about and trying to talk with other partners across the government about is, ‘How do we keep score of ourselves?’” Sulmeyer said last week during the annual Billington CyberSecurity Summit.

“It’s one thing to count the number of operations or to count the number of hunt-forwards. There is power in quantity, but increasingly, how we talk about our return on the nation’s investment, not just DoD, but the cyber community, more broadly, private and public sector, I think, is an area I’m looking to try to work on.”

Hunt-forward operations Sulmeyer referred to are cyber missions conducted by personnel from the U.S. Cyber Command’s Cyber National Mission Force across the globe. These operations allow CYBERCOM to deploy its cyber teams around the world to identify and counter malicious cyber threats within partner nations’ networks. The benefits of these operations are twofold — they bolster the partner nations’ cybersecurity posture while providing insights to the U.S. and its allies into the tactics and techniques used by adversaries.

The Senate confirmed Sulmeyer as the Pentagon’s first cyber policy chief last month.  Congress created the role in 2023, following years of frustration over the Pentagon’s lack of a senior official responsible for cyber policies. The Pentagon officially announced the creation of the office of assistant secretary of defense for cyber policy in March, and President Joe Biden tapped Sulmeyer to lead the cyber shop shortly after.

‘Two distinct lines of work’

Sulmeyer, who now oversees the department’s policies, programs and strategies that enable DoD cyber operations, served in a number of senior roles throughout his career, including as the Army’s principal cyber advisor, as well as the special assistant to the President and the National Security Council’s senior director of cyber policy.

“The origin for the job I’m in right now — it has two distinct lines of work. One is a more traditional book of work in the Office of the Secretary of Defense, and the traditional policy office that generally is the forward-facing part of OSD for the White House and with foreign partners. That kind of office has been around for quite a while,” Sulmeyer said.

“And then in 2015, Congress created a separate entity called the principal cyber advisor staff. It’s that group that has the role of working with U.S. Cyber Command and helping them execute their service like authorities. So my job in the Army was to be that principal cyber advisor side for that service, and now, as the principal cyber advisor DoD-wide, it’s a big opportunity to really help the service PCAs get a broader picture about where the department’s going, where Cyber Command is going, and to use that to then inform how their service cyber components are evolving, how service related training and organizing and equipping can evolve so that we have relatively common standards across the department as a whole.”

In this role, Sulmeyer will also work with the department’s chief information officer to certify CYBERCOM’s cyber operations budget.

“They’re going to work on operating the network and the cyber security type of work. I’m supposed to focus on understanding the cyber operations part of Cyber Command’s budget and then DoD-wide. That means that there’s an opportunity to set some priorities up front with other department leaders to say, ‘Here’s where we want to go in the future. We have a strategy. Now let’s look at what that set of investment priorities,” said Sulmeyer.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories

    Graphic By: Derace LauderdaleDefense Pentagon Graphic

    Sulmeyer looks to extending SOCOM model to boost CYBERCOM readiness

    Read more