Cyber Defense

DOD looks to develop a preemptive approach to network defense

With roughly 43,000 attempted daily intrusions on the Department of Defense Information Network, or DODIN, the department has sought a more proactive approach to defense as opposed to a “whack-a-mole” response. 

Air Force Lt. Col. Patrick Daniel, deputy director for Strategy and Plans at Joint Force Headquarters-DODIN, or JFHQ-DODIN, told an audience at the April AFCEA Defensive Cyber Operations Symposium that the force wants to take a “strategic look” at network defense, because the old way of operating is not feasible. “In the past, as different incidents have happened across the DODIN, we have been playing whack-a-mole – something pops up, we send a team,” he said.

The new vision, he said, will eventually culminate in a first-ever DODIN defense strategic plan.  The plan, according to DISA officials, is still in draft form, undergoing the official review process with the JFHQ-DODIN commander, Lt. Gen. Alan Lynn, who also serves as DISA director, to then be followed by review of Cyber Command Commander, Adm. Michael Rogers. Upon approval, the plan, dubbed Department of Defense Information Networks Support Plan, will be the first to “fully address JFHQ-DODIN's mission to secure, operate and defend the DODIN,” a DISA spokesperson said.

JFHQ-DODIN has two important missions in cyberspace that include DODIN operations – day-to-day tasks involved in running networks and defensive cyber operations that are specific actions taken in response to an incident. The command, a subordinate of Cyber Command, took over the daily functions of defending the network from Cyber Command and has been in named operations and deployed forces to respond to cyber incidents all across the globe.

“This is part of the department operationalizing the Department of Defense Information Networks, its own networks, and be able to establish operational authority for direction and maneuver inside that network,” Kevin Lunday, cyber command director of the Coast Guard’s Exercises and Training, told a small group of reporters at the annual Cyber Guard exercise. Lunday added that all component or intermediate layers of headquarters to Cyber Command – such as individual service branches such as Army Cyber Command or Air Force Cyber (24th Air Force) and JFHQ-DODIN – have maneuver forces.              

The DODIN Networks Support Plan will have a two-fold impact on daily operations once finalized: It will solidify JFHQ-DODIN’s ability to develop deliberate and authoritative response to cyber events that occur on the DODIN as well as allow for better planning for combatant command operations and training, DISA said.

Daniel, JFHQ-DODIN’s deputy director for Strategy and Plans, called the plan “very significant” in April as it will posture the force to look at problems from an adversarial perspective. “So we can now take that, understanding what the adversary wants to do…what can we do to get ahead of them?...We have not done that before in the DOD,” he said. 

The Support Plan’s scope will offer a more strategic outline to securely operate and defend the DODIN. “JFHQ-DODIN's effort in developing this plan lays out a clear pathway for providing command and control, planning, direction, coordination, integration and synchronization of DODIN operations and defensive cyberspace operation and internal defensive measures,” DISA told Defense Systems.      

While the deliberative planning process for the plan began in September of 2015 by JFHQ-DODIN, it is not clear when the plan will be finalized. The command has served in an operational role since it reached initial operating capability in January 2015, but it does not have a clear full operational capability date either, Daniel said. Full operational capability will be conditions-based as “right now at our IOC, we’re able to do a certain number of functions,” he told his audience in April. “As we grow, as we gain more personnel, we’ll be able to do a larger range of functions that will take us into our full mission capability.”

“The plan, when approved, codifies the relationships and processes that support” the mission of providing a unified effort and command for military services, over 45 agencies, combatant commands and intelligence agencies that makeup the DODIN framework, DISA said. 

About the Author

Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.

Defense Systems Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.