Paul Craft, director of operations at the Joint Force Headquarters Department of Defense Information Network (JFHQ-DoDIN), spoke today at the Defense Systems Summit about how his relatively new component of U.S. Cyber Command is now tasked with operating and securing the entirety of DoD’s sprawling IT network infrastructure and has undertaken a complete restructuring of network operations for all of DoD.
“This is the newest organization within Cyber Command, and its overall responsibility is the command and control headquarters for all cybersecurity, all network operations, and all active cyber defense for the Department of Defense,” Craft said of JFHQ-DoDIN.
The headquarters was established in 2014, but only reached full operational capacity in January of this year. Craft said it has quickly set to work in completely restructuring how DoD handles the network infrastructure of the roughly 15,000 networks and 3 million users in the DoD ecosystem.
“We had to integrate and synchronize all 42 combatant command, services, agencies, and field activities’ operations. We did that synchronization through a thing called the cyber tasking cycle,” he said. “New organization, just stood up in January, we started the cyber tasking cycle of being able to control all these networks almost 90 days ago. So, this is all new. This is all new of how we are now organizing and managing the entirety of the Department of Defense’s networks.”
The nascent cyber tasking cycle includes several initiatives of varying timeframes and scope. Looking broadly, JFHQ’s planning begins with the Cyber Operations Directive. This document authorizes a “six-month look of how DoD needs to prioritize network operations, cybersecurity, and network events,” Craft said, noting that U.S. Cyber Command is working closely with DoD CIO Dana Deasy to determine long-term priorities.
Narrowing the focus, JFHQ-DoDIN creates a master cyber operations plan – an operational playbook for “all the things we’re going to do across DoD over the next thirty days,” Craft said. The plan identifies authorized service interruptions, patching and scanning timelines, and anything that could impact DoD-wide network operation.
These initiatives contribute to the new level of oversight that DoD now has over its networks, every single day, across every component of the department, he said.
“We send out what is called a cyber tasking order every single day to every combatant command, every service, every DoD agency, every field activity on what is going on, what needs to be secured, what is under attack, what needs to be turned on or turned off, and then where we’re putting our cyber operations forces that are defending our nation,” Craft said
He said that’s allowed JFHQ-DoDIN to leverage big data analytics and has “changed the narrative of what to focus on.” Through those daily updates, Craft says the headquarters has turned the entirety of the DoDIN into a unified force for staying ahead of the adversary.
“That’s the communication we now have, in the last ninety days, every single day,” he said. “This is about operationalizing a network by turning the network, this $24 billion network, and flipping it over and making it a $24 billion sensor grid.”