JFHQ-DODIN 10 Years On: Imposing Costs to Adversaries
The U.S. military’s information network that enables warfighters to perform missions around the globe is constantly besieged by cyber attacks. All U.S. Department of Defense (DoD) organizations use the Department of Defense Information Network, also known as the DODIN. It is a complex technical infrastructure, a network of networks that today connects 45 areas of operation, including all of the military service networks—such as the Air Force Information Network—and weapons systems, the 11 U.S. combatant commands, as well as the networks of the field commands and other DoD agencies and organizations.
The responsibility to protect the DODIN 24/7 falls squarely on the shoulders of the Joint Force Headquarters-Department of Defense Information Network (JFHQ-DODIN) at Fort Meade, Maryland.
JFHQ-DODIN, which was created in 2015, is a component of U.S. Cyber Command. In addition to performing “a broad range of activities on behalf of Cyber Command, including proactive, threat-informed steps to reduce cyber risk across the DODIN,” JFHQ-DODIN operators lead the response to attacks against the DODIN, which are staggeringly frequent and growing in complexity.
As such, JFHQ-DODIN’s level of response will only become more sophisticated, said Lt. Gen. Paul Stanton, USA, commander of JFHQ-DODIN, who, dual-hatted, is also the director of the Defense Information Systems Agency (DISA).
“We have to look at the totality of what it means to fundamentally change how we fight and then address as a headquarters how we posture ourselves accordingly,” the commander explained. “There are interesting questions to ask. What do we need to do to effectively provide support to the DODIN areas of operation?”
Stanton spoke to reporters on January 13 at Fort Meade in advance of the command’s 10-year anniversary celebration on January 15.
“We come from humble beginnings, with about 90 folks that were burdened with an incredible task of operating and defending the entire Department of Defense Information Network, to being a robust command that is postured effectively to respond at speed and scale in ways that we had not done previously,” the commander stated. “We see ourselves at an inflection point. And the fact that we are just 10 years in gives us an opportunity to put a mark in the sand and say we are ready now to downshift and accelerate into the operations of the future.”
For 2025, the command’s focus will be to continue to raise the barrier on adversaries’ efforts to try and breech military networks, Stanton emphasized.
“Importantly, [it is] to impose costs on our adversaries,” he said. “We have a lot of work to do, but we have an incredibly talented team of military, civilians and contracted support that understand our mission space and are prepared to drive us into the future.”
Starting from the commanders and leaders across the 45 areas of operation, JFHQ-DODIN will strengthen its networks.
The commander is working from the DODIN Command Operational Framework, known as the DCOF-EXORD, which U.S. Cyber Commander Gen. Timothy Haugh, USAF, signed as an execution order in September 2024. The policy more closely aligns the DODIN areas of operations to commanders and directors, Stanton explained. The idea is to increase the effectiveness of network operations and the digital battlespace further by starting with the commanders and leaders.
“Let me pound the table and say, with emphasis, it is commanders and directors,” he stressed. “It is important to have leader engagement and involvement. What this does is that it transitions the DODIN’s responsibilities from attempting to independently manage 3.5 million endpoints, to fighting in, with and through DODIN operations that have effective leaders. That is a transformational moment in our history. It gives us the ability to operate at speed and scale.”
JFHQ-DODIN will harness the 250,000 to 300,000 personnel that operate and defend the DODIN at a higher level, the commander noted. “We are unlocking the potential of all of that force,” Stanton stated. “That is huge.”
Part of the effort to engage leaders and commanders of the 45 areas of operation will help further shape acquisition, training, material needs, education and facilities for DODIN operations.
“We have to look at the full ‘DOTMLPF-P’ implications of changing how we fight,” Stanton suggested, speaking about the Doctrine, Organization, Training, Materiel, Leadership and Education, Personnel, Facilities, and Policy (DOTMLPF-P), a decision-making structure and a first step in identifying capability gaps as part of any functional solutions analysis.
In February, JFHQ-DODIN will gather the commanders and leaders for an operational summit that will examine the areas of the DODIN for which the officials are responsible, as well as outline the tenants of the DCOF-EXORD.
“To effectively operate in this space, we have to consider how we are resourcing the other dozen areas of operation [outside of the military services], and their commanders and directors,” the commander said. “The first step is leader education. That opens the the door for a resource conversation about how and what capabilities, what skill sets, what personnel they're going to need in order to fight in this space.”
At the beginning of the command, naturally each area of operation had to clearly identify the critical assets they were putting on their networks and conduct risk assessments for their portion of the DODIN for JFHQ-DODIN to prepare an aggregated risk assessment of the entire network.
Going forward, Stanton sees the risk assessment coming straight from the commander and leader level. “Who makes risk-based decisions in the Department of Defense? Commanders do, and I'll extend that to commanders and directors in the context of DODIN area of operations,” he clarified. “And now we have a bidirectional discussion and dialog with the folks that own the mission, to understand what risk or what the mission analysis is, and the application of the intelligence on the enemy's capabilities and their tools. And what does that mean in the context of the risk to your mission as the commander or director.”
And from the beginning of the command, JFHQ-DODIN leaders looked for automated solutions, especially for predictive intelligence, including behavioral analytics. At the time, the command leveraged the Integrated Cyber Intelligence Platform encoding capability and began relying on commercial intelligence data. It strengthened its stance through Operation Gladiator Shield to grow understanding of its information network battlespace and lay out each of the then 42 organizational networks.
Present-day automation and artificial intelligence solutions are still a priority, Stanton noted.
“We have a number of automated solutions that are already built into our defense, and I think that we can improve and need to focus on improving our automation,” he offered.
Automation is an area where JFHQ-DODIN looks to the commercial sector for solutions. “This is where partnership with industry becomes really, really powerful,” the commander continued. “At last tally, we have nine different industry partners that are incorporating artificial intelligence into the solutions that we are purchasing from them in the defense of the DODIN. We have a degree of maturity in our employment of artificial intelligence as we look through the lens of extended into our industry partners. That is really powerful.”
Lastly, Stanton, who took over his roles this fall, said he's optimistic about the future of JFHQ-DODIN and its operations.
“We are using the 10-year anniversary to help springboard this discussion to drive the strategy and vision that the team within the Joint Force Headquarters has established, and I'm excited about the potential,” Stanton said. “There is an enormous amount of work to be done, but we have dedicated professionals that are prepared to execute it. This will be an exciting year, with very clear signals from our leadership and Congress to drive defensive cyber operations to new heights.”
