A recent Defense Department directive is an important clarification of the different roles played by the Pentagon’s CIO, principal cyber advisor and other officials in setting the department’s cybersecurity policy, acting DOD CIO Terry Halvorsen told reporters on Dec. 5.
The directive, dated Nov. 21 and signed by Deputy Defense Secretary Robert Work, updates the operational roles for DOD officials in cyberspace. The creation of a principal cyber advisor, a role filled by Assistant Secretary of Defense Eric Rosenbach, and the maturation of U.S. Cyber Command made greater intra-departmental clarity on cybersecurity necessary, Halvorsen told reporters on Dec. 5.
The recent directive charges the CIO with advising the National Security Agency director on cybersecurity policy, and with prescribing cyber-related standards, but gives the CIO no operational authority when it comes to offensive or defensive cyber maneuvers. That authority lies with U.S. Cyber Commander Adm. Michael Rogers, who is also NSA director.
The directive also makes Halvorsen, along with acting DCMO David Tillotson, co-chair of the Defense Business Council, a cross-agency board that coordinates DOD business operations. Halvorsen said being named DBC co-chair with Tillotson is “a big movement forward,” and stressed the importance of working closely with him.
Much bigger changes to the Pentagon’s IT leadership could be in the works. The fiscal 2015 defense authorization bill would combine the DCMO and CIO jobs into a new position — undersecretary for business management and information — effective February 2017.