A new era in DoD cyber defense begins

Listen to Jason's story on the Federal Drive

wfedstaff | April 18, 2015 12:03 am

The Defense Information Systems Agency will launch a new cyber defense organization this week. The Joint Task Force-DoD Information Networks will officially hit initial operating capability on Thursday.

The new cyber organization, JTF-DoDIN, is part of the broader DISA reorganization that went into effect Jan. 12.

Initially, DISA wanted to open both the new cyber office and launch the reorganization by Dec. 31. But it needed an extra two weeks to finalize the changes.

For DISA, the reorganization is centered on making the agency more responsive to its customer needs by becoming more agile and adaptable.

Advertisement

But it’s the JTF-DoDIN that likely will have the more immediate impact.

The new cyber organization will take over the operations or defensive work from the U.S. Cyber Command. The Defense Department created the U.S. Cyber Command in 2010 with a goal of overseeing cyber as a unified or sub unified command.

But over time, DoD has faced an increasingly constant stream of cyber threats and the need for policy and strategy has grown exponentially. So, DoD leaders decided to let the U.S. Cyber Command focus on strategy and have someone else take over the defensive operations. And DISA was the obvious choice.

Brig. Gen. Robert Skinner, the deputy commander of joint force headquarters, will be leading the new JTF-DoDIN, which will officially reach initial operating capability (IOC) on Jan. 15.

“At the beginning of the initial operating capability, there’s about 14-to-19 tasks that we will be doing and taking away from U.S. Cyber Command to focus our efforts in building capacity and capability,” said Skinner, who spoke Monday at the AFCEA Washington, D.C. chapter luncheon in Arlington, Virginia. “The end result is to provide unity of command and unity of effort across the entire DoD network. What does that mean? First and foremost, we have an identified, agreed upon and approved command and control framework with 39-plus — because it seems every time we turn around we find a different organization that needs to be a part of this framework — 39 organizations that that we will be building this capacity and capability from a command and control standpoint.”

Partnership and situational awareness

Skinner said part of this IOC is the need to build capacity and capability. He said capacity means — at least initially — bringing in 219 employees from DISA, cyber command and other military services.

“What we will do is build capability. Just because you have individuals, and we have a lot of great individuals on this team, it doesn’t mean you have the right type of capabilities. So whether it’s through additional training, additional education or collective training as a matter of fact, until we are able to get that, then that’s when we will build a capability to include the tactics, techniques and procedures (TTPs), to include the equipment and to include some additional resources,” he said. “The other thing we will, and this is where I think you will really come in handy, is building partnerships. And it’s not just building partnerships with the 39 organizations we have identified within the DoD, whether it’s a combatant commands or the other agencies. It’s leveraging industry, leveraging the commercial world and leveraging academia to build the capacity and capability so that we have a better understanding of DoD’s information networks so that the ultimate goal is to secure, operate and defense the DoDIN.”

Skinner said he expects the new cyber organization to reach full operational capability sometime in 2016.

The decision by DoD to create this new JTF-DoDIN comes just four years after it decided to merge the Joint Task Force, Global Network Operations (JTF-GNO) in with the U.S. Cyber Command.

DoD established the JTF-GNO in 2004 under Strategic Command to protect the Pentagon’s computer networks.

The difference here is the unified aspect of not only the cyber command but the new DISA organization, JTF-DoDIN.

JTF-GNO had less overall control or authority over DoD networks as each of the services had their own defensive approaches and no one organization could coordinate the response or understanding of the situation. But the Cyber Command now has that policy and authority and, the JTF-DoDIN will have the information and situational awareness to give the cyber command the decision making data it needs to create policy and deal with threats.

“From a cyber command and JTF-DoDIN standpoint, of those 39 organizations, the service components are part of that. There will be a daily operational update, there will be operational planning teams, and there will be a significant partnership between us and those 39 organizations,” Skinner said. “At IOC, what we defined as the partners initially are the service components so that includes [all the services’ cyber commands] and it also includes the U.S. Transportation Command as the first combatant command we want to cut our teeth on as we build our capacities and capabilities. The last one is the DISA. So JTF- DoDIN will build partnerships, but also provide command and control for all those organizations as we move forward to provide consistency of effort, unity of effort and unity of command.”

Cloud security guidelines

The JTF-DoDIN is but one major piece of the DISA reorganization.

Within the rest of the agency, DISA is trying to refocus on how it serves DoD services and agencies to be more customer focused and ensure there is coordination and accountability.

Lt. Gen. Ronnie Hawkins, DISA’s director, said he’s categorized DISA’s mission focus areas under five Cs:

  • Cyber
  • Cloud
  • Collaboration
  • Command
  • Control

“When we start looking at what we have to do in defensive cyberspace operations, we’ve got to have that cyber sovereignty that the DoD expects from us. We look at cyber at the first area right in there,” Hawkins said. “The next one I would look at is cloud. Many of you have seen and talked about the memo that [DoD CIO] Mr. [Terry] Halvorsen has put out on where the department is going with cloud. We still have areas with in DISA that we have to deliver on that. The next C that I look at is collaboration. Everything we are doing in the mobile development, everything we are doing in the collaboration environment, unified capabilities, all of those things are tied into that third C. And then the fourth and fifth C are command and control. We will not get rid of that. We are the premier organization that does that for the DoD.”

Inside those five Cs, DISA moved cybersecurity out from its own, separate organization and into everything that it does.

Instead, DISA created a risk management organization led by Mark Orndorff. The risk management group will try to help DISA and its customers understand cyber risks and make decisions about how much mission risk is acceptable.

In fact, Orndorff said DISA will issue a new cloud security guidance in the coming days. The guidance will separate the rules around moving non-national security systems to the cloud and the rules for putting national security systems in the cloud.

Probably the biggest change is how DISA will interact with its customers going forward.

Customer focused changes

Alfred Rivera, DISA’s principal director for enterprise services, said he will lead a new organization that is focused solely on bringing DISA customers together with the agency’s technology experts to ensure they are on the same page.

Rivera said he is hiring and training workers to be customer relationship management experts. He said the goal is to understand customer needs and make sure they are involved in the entire development process.

Rivera said his office will be “joined at the hip” with the new sustainment and implementation office run by Dave Bennett, who had been serving as DISA’s chief information officer.

Bennett said the sustainment and implementation office isn’t focused on creating something, but taking what’s been created and ensuring it’s available to whoever wants or needs it.

“One of the big changes that’s going on in the organization is to really to single up the roles and responsibilities within the agency so we as well as others don’t have to figure out where they have to go to get something done,” Bennett said. “From a development perspective, Mr. Rivera and his center do the requirements and the development, and my organization, the implementation and sustainment center, works in coordination with them to ensure the implementation plans for capabilities they develop and the sustainment plan for the capabilities they develop is in sync in how we operate and how we go forward to put to ensure we can put capabilities out quickly, sustain it and reduce costs as we go forward.”

The final change is around innovation. Dave Mihelcic, DISA chief technology officer, said his office will oversee both current science and technology efforts as well as now research and development efforts. Mihelcic said he will not execute the funding, but make sure it’s being used by the organizations to meet current and future challenges in a coordinated way.

RELATED STORIES:

DoD’s cyber command would be next step in evolution

DISA to restructure with eye toward more agility, Cyber Command

U.S. Cyber Command wants DISA to take greater role in DoD cyber defense

Inside the Reporter’s Notebook: Next man up: Booz Allen tries its hand to modernize GSA’s IAE

Copyright © 2019 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.