The DCDC is Better Positioned To Impose Costs on Our Adversaries

With a new moniker this summer as the Department of Defense Cyber Defense Command, or DCDC—in place of what was referred to as the Joint Force Headquarters DoD Information Network—the command is better positioned to impose costs on our adversaries in protecting the Department of Defense Information Network, or DODIN, says, Lt. Gen. Paul Stanton, USA, director, Defense Information Systems Agency (DISA), and commander, Department of Defense Cyber Defense Command.

Stanton spoke at the AFCEA TechNet Augusta conference in Augusta, Georgia, on August 21 with Col. Timothy Sikora, USA, commanding officer, Cyber Protection Brigade.

“It is a pretty significant development in our warfighting capabilities and the operational domain of cyberspace for the Joint Force Headquarters Department of Defense Information Network to transition into a sub-unified headquarters, the Department of Defense Cyber Defense Command,” Stanton explained. “It gives us the ability to focus on warfighting at the operational level of war. DCDC being elevated to sub-unified command gives us the opportunity to step in at the operational level of war and drive to a campaign against our adversaries.”

This elevation to a command also offers a “look at the big picture,” a more holistic viewpoint for actions.

“We are not deploying combat power in an individual incident without recognizing how it is correlated to another incident that another force is acting upon,” the commander continued. “That’s transformational.”

For instance, the DCDC can take intelligence capabilities and make sure they are positioned to be relevant in the operational context of mission execution.

“How do I plan effectively so that I’m not reactionary?” Stanton queried. “I'm delivering lethality and imposing costs on the adversaries, because I'm thinking about how I'm organizing and posturing for a campaign. That is what being elevated to sub-unified means.”

The elevation to a command also means a greater confluence with DISA’s actions, Stanton advised.

DISA, which is responsible for operating, maintaining, securing, extending, transforming and modernizing the DODIN, has to perform those actions in a way that informs how the DCDC protects the DODIN.  

“If DISA is making modifications to the operating environment, DCDC has to absolutely be informed so that we adjust the manner in which we execute the defense,” the commander advised. “But then flip that, and so we have a responsibility as DISA to continuously modernize the network. Well, we should do that in a way that is informed by its defensibility. It does us no good to extend the operating environment and then not have it available to us at time of need because we didn't secure properly. So, putting those two together is a key aspect of my responsibilities being dual-hatted as both the director and a commander.”

Moreover, the DCDC and DISA will be more in tune with the combatant commanders’ driving needs.

“We must deliver an environment that is relevant for our combatant commanders,” the commander noted. “Telling combatant commanders about a 10-year modernization vision is unsatisfying. Combatant commanders need a capability today, and it needs to be improved tomorrow, and it better be exponentially improved the day after that. So, making sure that we are aligned with our combatant commanders' requirements, so that we deliver them functionally relevant capability is central to what we are tasked with as a combat support agency as the Defense Information Systems Agency. We have to be in tune with what the combatant commander needs.”

Zero-trust architecture—namely through DISA’s Thunderdome venture—will be the glue that securely holds together activity around the world at the combatant commands with the United States' international partners. Zero-trust measures will continue to enable mission partner environments (MPEs) and federated networks so that the U.S. military can work effectively with international partners, sharing data and information for worldwide operations.

And while the MPE and federated networks have been around for a long time, as the military works to connect sensors with shooters across international partners, for example, it calls for a more involved construct.

“The MPE is incredibly complex, and it could include an infantry rifleman with a software-defined radio in some god-forsaken location, calling for fire from a foreign national naval destroyer—as part of the Venn diagram, inclusionary concept of MPE,” Stanton suggested.

Here, robust identity credential and access management, or ICAM, is necessary, the commander continued. “Can I see the electromagnetic spectrum in a meaningful way to where I’m sharing that data with partners, but then using the fact that we have applied appropriate data-tagging mechanisms to then control access and present a picture for which you are only authorized to see based off of who you are and what device you are on,” he stated. “That is central to the design. That is absolutely the direction that we are headed, a key aspect of our design as we drive towards an implementation of a multipartner environment.”

In future fights, the commander emphasized that U.S. military may not know in advance who would be a partner in a specific conflict.

“I will argue that anybody in this room that thinks that they know who is going to be in the coalition in the next engagement ahead of time will be absolutely wrong,” he stressed. “You might have a subset correct. We are going to fight alongside some partners that we know will be part of the coalition, yes, but I will argue that you don’t know, in entirety, who will make up the coalition ahead of time. So, the operating environment that we present must be structured, organized, designed and capable of incorporating partners from all over the place at the time of need.”

The U.S. military will be relying on industry, naturally, to help build the composable elements of this design—whether that is for the DODIN, ICAM or the MPE. As such, industry needs to recognize that their solutions will be put into a greater system of systems, and they must ensure that their designs are secure, at scale and meet the greater DISA, DCDC and combatant command needs.

“Ensuring that your own design criteria account for how we plan to use it, [is crucial],” the commander emphasized. “Again, it is putting your solution together with others in a system of systems to support a formation at echelon with functionally relevant capability . . . That is part of the collaboration.”

TechNet Augusta is organized by AFCEA International with help from the U.S. Army Cyber Center of Excellence. SIGNAL Media is the official media of AFCEA International.