Inside Cyber Warfare - Jeffrey Carr [157]
Summary
The US Department of Defense (DOD) has taken a decentralized approach to the organization of its cyber security structure. There are various organizations, divisions, and agencies that address the DoD’s cyber security needs at both the policymaking and operational levels. The Joint Chiefs of Staff, the US Joint Forces Command (JFCOM), and several offices within the Office of the Secretary of Defense have roles in developing policy and guiding cyber security strategy.[207] At the operational level, the central organization to DOD’s cyber security efforts is US Cyber Command (USCYBERCOM), which was created in June 2009 under US Strategic Command (USSTRATCOM).[208] The Joint Information Operations Warfare Center (JIOWC) was also created to plan, integrate, and synchronize information operations (IO) in direct support of Joint Force Commanders and to serve as the USSTRATCOM lead for enhancing IO across the Department of Defense. Additionally, the director of the NSA doubles as the director of USCYBERCOM, making them dual-hatted organizations.[209]
Each branch of the military has designated a support component for cyber security that operates under USCYBERCOM. These are the US Army Cyber Command, the US Fleet Cyber Command/US 10th Fleet, the 24th Air Force/AFCYBER, and the Marine Corps Cyber Command (able to conduct cyber operations but is not expected to achieve full operational capability until 2013).[210] There are several other DOD organizations that play an important role in cyber security. Network Operations Security Centers (NOSCs) provide network-operations reporting and situational awareness for each of the military service branches, as well as for the various theater commands. The National Guard and the DOD Criminal Investigative Services also have cyber security functions.[211]
* * *
[207] GAO, “Defense Department Cyber Efforts: DOD Faces Challenges In Its Cyber Activities,” US Government Accountability Office, July 2011, http://www.gao.gov/products/GAO-11-75.
[208] Ibid.
[209] GAO, “Defense Department Cyber Efforts: More Detailed Guidance Needed to Ensure Military Services Develop Appropriate Cyberspace Capabilities,” US Government Accountability Office, May 2011,http://www.gao.gov/products/GAO-11-421.
[210] Ibid.
[211] GAO, “Defense Department Cyber Efforts: DOD Faces Challenges In Its Cyber Activities,” US Government Accountability Office, July 2011, http://www.gao.gov/products/GAO-11-75.
Organization
Figure 17-1 shows the US Department of Defense’s cyber organizational structure.
Figure 17-1. The cyber organizational structure
The following list outlines the DOD’s cyber security organizational structure, including the cyber-related roles and responsibilities of each organization.
The Joint Staff
Establishes and develops doctrine, policies, and associated joint tactics, techniques, and procedures (TTP) for DOD’s global information grid (GIG), information assurance (IA), and joint and combined operations.
Ensures all joint education, training, plans, and operations include, and are consistent with, information operations (IO) policy, strategy, and doctrine.
Global Operations (Information Operations and Computer Network Operations), J-39
Focal point for IO within the Joint Staff.
Provides recommendations and advice to the President, Secretary of Defense (SECDEF), National Security Council (NSC), and Homeland Security Council (HSC) on all aspects of computer network operations (CNO).
Information and Cyberspace Policy, J-5
Develops policy that contributes to effective execution of information and cyberspace operations.