CYBERCOM elevates defensive office in ‘net positive’ for cybersecurity mission: Analysts

Warfighters operate equipment at the lab located at Defense Information Systems Agency Headquarters at Fort Meade Md. (Photo by David Abizaid/
Defense Information Systems Agency)

WASHINGTON — The Joint Force Headquarters-Department of Defense Information Network (JFHQ-DODIN) has been officially elevated to a sub-unified command under US Cyber Command, in a move analysts said could give a bureaucratic boost to the military’s defensive cyber mission.

The JFHQ-DODIN became the Department of Defense Cyber Defense Command (DCDC) on May 28, according to a spokesperson for the command. JFHQ-DODIN had been a subordinate headquarters under CYBERCOM, and the director of the Defense Information Systems Agency (DISA) was dual-hatted in running DISA and the JFHQ-DODIN. Gen. Paul Stanton, currently in this role, will remain in his dual-hatted position as he leads DISA and the DCDC.

“Elevating to a sub-unified command further expands our mission to focus on proactive thinking and ways to synchronize our efforts to deliver relevant capabilities to our warfighters,” Stanton told Breaking Defense. “Our success is not reached by being reactionary, it will be the ability to rapidly incorporate diverse intelligence to find and fix the enemy and allow a seamless transition to offensive cyber operations.”

One expert told Breaking Defense the move to transition to a sub-unified command, which was mandated by Congress in the 2025 National Defense Authorization Act, will provide the DCDC with a new status that can protect it against bureaucratic cuts. Another said that the move will put DCDC’s defensive mission — protecting the Pentagon’s information network — on par with CYBERCOM’s offensive mission.

CYBERCOM’s offensive group, known as the Cyber National Mission Force, was elevated to a sub-unified command in 2022. Sub-unified commands are created to carry out a portion of a mission for its larger combatant command. They differ from subordinate headquarters because sub-unified commands portray a greater sense of maturity and provide a more advanced resource pipeline, experts told Breaking Defense. Further, since CNMF is granted more resources than defensive cyber, or JFHQ-DODIN, given its status, this elevation could make it so defensive operations are treated the same as offensive operations, one expert said.

Mark Montgomery, senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, said that the change, first reported by DefenseScoop, does not directly provide the DCDC with more funding, but it can allow for the sub-unified command to pursue certain resources and opportunities that could make getting additional funding easier in the long run. It can also protect the sub-unified command from budget cuts. 

“While it doesn’t offer any explicit funding mechanism, over time, it will allow for more effective funding mechanisms to, kind of not tie this operational mission to an administrative headache […] that eventually has to deal with DOGE [Department of Government Efficiency] like entities,” Montgomery said. “What one would not want, is DISA salami slicing to impact its operational mission, right?

“I think this makes it less vulnerable to broad bureaucratic budget slashing,” he added.

Another expert said the move should be “a net positive,” despite the elevation not coming with any automatic new authorities  — for example, control over its resources and acquisitions — funding, or missions. 

“Broadly speaking, this seems like a net positive development, at least in theory,” Erica Lonergan, an assistant professor at Columbia University who was a lead writer of the DoD’s 2023 cyber strategy and a former a fellow at the Army Cyber Institute, told Breaking Defense. 

“Ultimately, the operational impact will depend on the specific scope and nature of the responsibilities that will be given to the new Cyber Defense Command.”

One benefit of the move, Lonergan noted, is that it would put the sub-unified command’s mission on the same playing field as its offensive-counter part, the CNMF.

“Elevating JFHQ-DODIN will ostensibly put the defensive mission (defending the DoD’s networks) on par with the offense mission within Cyber Command, given that the CNMF was elevated to a sub-unified combatant command a few years ago,” she said. “This reflects the reality that prioritizing the cost-imposition aspects of the cyber mission should not come at the expense of defending the DoD’s networks, which is an enduring challenge.”

Montgomery was optimistic about the move, saying that it will make CYBERCOM more effective.

“I just think bringing this kind of JFHQ-DODIN, into the operational environment of the force employer, Cyber Command, in the long term is going to make us more effective operationally, but also more likely to be properly resourced and managed administratively,” he said.