The Department of Defense is pushing the responsibility to defend 3.5 million end points to where these devices live.

Commanders and directors now are charged with the defensive cyber operations over their network and security operations connected to the DoDIN, with the management of the Cyber Operational Forces securing their networks and data and for operating and defending their mission space.

But the DoDIN Command Operational Framework, signed by Gen. Tim Haugh, the commander of U.S. Cyber Command and the National Security Agency, in September that outlines these new responsibilities, doesn’t mean the end of the Joint Force Headquarters-Department of Defense Information Network (JFHQ-DoDIN).

Rather, Lt. Gen. Paul Stanton, director of the Defense Information Systems Agency and commander of JFHQ-DoDIN, said this change is a “transformational moment” in the now 10-year history of the cyber operations organization.

“It gives us the ability to operate at speed and scale because we now are unlocking the totality of the force that can operate with our authorities. The numbers differ anywhere from 250,000 to 300,000 personnel that operate on, in, with, through and defend the DODIN,” Stanton said during a press briefing on Jan. 13. “We’re unlocking the potential of all of that force and that’s huge. We have to look at the full doctrine, organization, training, materiel, leadership and education, personnel and facilities implications of changing how we fight. We have to look at the totality of what it means to fundamentally change how we fight and then address, as a headquarters, how we posture ourselves accordingly. There are interesting questions to ask. What do we need to do to effectively provide support to the DODIN areas of operation? I offered that we need to see ourselves effectively. We have to think with and use data in ways that are accelerate our operations.”

Protecting the DoDIN

The DCOF execution order laid out just how DoD would be changing the way it defends itself from cyber threats, mirroring the same chain-of-command concept as in the other warfighting domains, but with a unique difference given the DoDIN’s federated environment.

“The DoDIN Area of Operations (DAO) commanders and directors are responsible for planning, coordinating, directing and organizing network and security operations and their cyber terrain and must contribute to the sector owner’s ability to understand the readiness and risk to their mission,” the order stated. “The DAO commanders and directors are responsible for defining and organizing their terrain as well as optimizing the posture of their cyber operational forces (COF) to meet their assigned missions.”

There are 45 DoDIN Areas of Operations, which includes 15,000 unclassified and classified networked and cloud environments, are managed by combatant commands, military services and DoD agencies and field activities.

Stanton said by putting the commanders in charge of their DAO, they can manage risks better, apply context to their fight, focus on defending the applications and data that matter the most and impose costs on the attackers.

“This is necessary and long overdue. Fighting through DAOs helps achieve the scale and distribution necessary to defeat the relentless adversary aggression. Putting leaders in charge drives accountability. However, to effectively drive this change, we must account for organization, training, equipping, leader, development, and people,” he said. “I have said in the past that attempting to defend everything effectively defends nothing. Prioritization matters a great deal, and that prioritization is an overlap of how and why we’re executing operations. We don’t design and build networks because we like stringing cables and setting up servers. There’s a mission for which that network exists. Our enemies are attacking that mission space, and we have intelligence that helps us understand what their objectives are.”

Stanton added when commanders and directors prioritize their defense, it means the adversaries will have a harder time accessing the data and networks they are targeting.

Moving to a proactive defense

The approach of trying to defend everything without a true prioritization of networks and data led DoD to play “whack-a-mole” cyber defense.

Stanton said the new framework not only lets DoD become more proactive in cyber defense, but lets them move to offensive operations more quickly.

“Our defense can actually make contact with our enemies before they achieve results. Campaigning, I think, is a huge component of the direction that we’re headed,” he said. “It ties into the broader conversation. We have to be trained and ready. We have to think about, what does it mean to be trained and ready and how do we build the effective training program so that both individually and collectively we’re prepared to execute at that time of need? How do we partner effectively with other governmental organizations and with industry partners? How do we stay abreast of technological advances and build that into our culture to recognize that the rate of change of technology?”

An example of this is putting defensive cyber operations data into Cyber Commands big data platform, called CaspianPiegon.

Stanton said if data that originates in the DoDIN in DISA is in a platform, then users can ask specific questions against it to accelerate solving or mitigating a threat.

10 years of lessons

To make sure the DAOs are ready to handle the biggest life of protecting the DoDIN, Stanton said his team will review how well the commands and offices meet the Cybersecurity Service Providers (CSSP) readiness model.

“It’s how quickly can I take compartmentalized intelligence, overlay it on top of a network for context, and then turn that into direction that results in execution. There’s a degree of dynamicism associated with that process. It is not I’m just continuing to watch this checklist. I now have to adjust my defensive posture because of the changes in the operating environment, and I need to be able to do that rapidly,” he said. “That’s where we’re headed. There are different levels of maturation across different DAOs. If I were to go to one of the service cyber component commanders, they would be able to execute. If I go to the field agencies, they have not yet been resourced to execute.”

Over the last decade since DoD launched JFHQ-DoDIN, Stanton said this shift has been building up as military leaders better understood their roles and the need to protect data and networks.

Additionally, JFHQ-DoDIN can now bring all their expertise and experience to helping commanders address the ever-changing cyber threat landscape.

“I think leaders across the department are increasingly winning to their dependencies on the cyberspace warfighting domain, whether it is data, whether it’s networks, whether it is the combination of data on their networks. There’s senior leader acceptance and recognition of the significance of the mission space. So combine an execution order with leader involvement, and that sets the conditions for this inflection point,” Stanton said. “I don’t know that there were clashes, but it’s a matter of the senior leaders embracing and effectively understanding where their responsibilities lie. Historically, we’ve said, ‘if you have a cybersecurity service provider, then you’re meeting your obligation to defend the network.’ That’s not a mission context. That is a compliance-based checklist approach to providing a modicum of security. That is not the context aware effective defense in the cyber domain that we were talking. Leaders embracing that responsibility helps us drive the change.”

Copyright © 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.