Pentagon Establishes New Cyber Policy Office

Frank Fang
By Frank Fang
April 2, 2024US News

The Pentagon has formally established the Office of the Assistant Secretary of Defense for Cyber Policy.

In a press release issued on March 29, the Department of Defense (DoD) explained that the office was established under the 2023 National Defense Authorization Act.

Ashley Manning, who has worked for the Pentagon for over 15 years, will be the acting head of the office until a Senate-confirmed candidate is appointed.

“In standing up this office, the Department is giving cyber the focus and attention that Congress intended,” said Acting Undersecretary of Defense for Policy Sasha Baker in a statement on Friday. The newly established office was launched on March 20.

The assistant secretary will sit beneath the undersecretary of defense for policy, according to the Pentagon. The official will be “responsible for overall supervision of DoD policy for cyber operations” and will act “as principal advisor to the Secretary of Defense on military cyber forces and activities.”

The Pentagon listed many responsibilities of the new offices, including developing, coordinating, assessing, and overseeing the implementation of DoD cyberspace policy and strategy.

The new office will also “lead the DoD implementation of national-level cyberspace policies” and oversee and certify the DoD’s cyberspace operations budget.

President Joe Biden announced on March 21 that his nominee for the new head of the office would be Michael Sulmeyer. The nomination has been referred to the Senate Armed Services Committee.

Mr. Sulmeyer is currently the principal cyber advisor to the Secretary of the Army, a post he has held since March 2022. Before that, he was once a top advisor to former U.S. Cyber Command chief Gen. Paul Nakasone.

Outside of government, Mr. Sulmeyer was once the director of the Cybersecurity Project at the Harvard Kennedy School’s Belfer Center for Science and International Affairs

Securing America’s ‘Defense Industrial Base’

The Pentagon issued a cyber strategy in September 2023, identifying the People’s Republic of China (PRC) as the biggest threat to U.S. cybersecurity.

“The PRC in particular sees superiority in cyberspace as core to its theories of victory and represents the Department’s pacing challenge in cyberspace,” the strategy read. “Using cyber means, the PRC has engaged in prolonged campaigns of espionage, theft, and compromise against key defense networks and broader U.S. critical infrastructure, especially the Defense Industrial Base (DIB).”

On March 28, the Pentagon released a cybersecurity strategy to protect the DIB from malicious cyber operations conducted by foreign adversaries. The strategy says the DIB includes about 300,000 defense companies and their supplies in both the defense and private sectors.

A day prior, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a notice of proposed rulemaking (NPRM) for reporting cyberattacks on U.S. critical infrastructure. Under the draft guidelines, companies that own and operate critical infrastructure would be required to report ransom payments within 24 hours and significant cyberattacks within 72 hours.

The guidelines were mandated by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which President Biden signed into law in 2022.

Four members of the House Homeland Security Committee released statements in response to the CISA’s draft proposal, including chairman Rep. Mark Green (R-Tenn.) and ranking member Rep. Bennie Thompson (D-Miss.).

“The Committee looks forward to working with CISA and affected stakeholders to ensure the final rule aligns with the Congressional intent of this landmark bipartisan legislation,” Mr. Green and Rep. Andrew Garbarino (R-N.Y.) stated in a joint statement.

“Amid increased cyber threats, implementation of CIRCIA is more important than ever to ensure a streamlined process for critical infrastructure owners and operators to mitigate risk and protect our national security, economy, and way of life.”

“Establishing a mandatory cyber incident reporting framework is an enormous undertaking,” Mr. Thompson and Rep. Yvette D. Clarke (D-N.Y.) said in a joint statement.

“As we in Congress review and weigh-in on the NPRM, our goal will be to ensure that CISA will have access to the information necessary to disrupt malicious cyber campaigns earlier and identify new tactics of bad actors so the government and the private sector can drive down risk.” 

From The Epoch Times

ntd newsletter icon
Sign up for NTD Daily
What you need to know, summarized in one email.
Stay informed with accurate news you can trust.
By registering for the newsletter, you agree to the Privacy Policy.