April 22, 2024 By Jennifer Gregory 2 min read

The federal government recently took a new step toward prioritizing cybersecurity and demonstrating its commitment to reducing risk. On March 20, 2024, the Pentagon formally established the new Office of the Assistant Secretary of Defense for Cyber Policy to supervise cyber policy for the Department of Defense. The next day, President Joe Biden announced Michael Sulmeyer as his nominee for the role.

“In standing up this office, the Department is giving cyber the focus and attention that Congress intended,” said Acting Undersecretary of Defense for Policy Sasha Baker in a statement.

As part of the Fiscal 2023 National Defense Authorization Act, Congress instructed the Pentagon to increase the focus on cybersecurity in the Office of the Secretary of Defense by creating a new office. The NDAA increased the number of Assistant Secretaries of Defense to 18 and the number of Deputy Assistant Secretaries of Defense to 60.

The role was created due to concerns about the lack of focus in the Pentagon on a civilian-facing cyber effort. With the new role, the DoD now has more resources dedicated to improving cyber resiliency through policy.

ASD cyber position was delayed a year

However, the actions came a year later than officials and taxpayers expected. The delay happened because the Pentagon commissioned a study to determine the roles and responsibilities of the assistant secretary of defense for cyber policy (ASD CP), specifically regarding whether electronic and information warfare would be included.

When asked about the delay, John Plumb, principal cyber advisor to the secretary of defense and assistant secretary of defense for space policy, responded that they were moving forward but wanted to do it right. He explained that they were working to create the ASD cyber role deliberately to ensure the most positive results. The committee used the template for the ASD for Space and then added specifics relevant to cyber policy.

Learn more on AI cybersecurity

Supervising policy for cyber operations

With the establishment of the office, the DoD released the official responsibilities of the ASD CP. The new position will handle:

  • Developing, coordinating, assessing and overseeing the deployment of DoD cyberspace policy and strategy and ensuring these efforts align with national security objectives
  • Overseeing and certifying the department’s Cyberspace Operations Budget and providing fiscal and budgetary oversight to USCYBERCOMs $3 billion annual execution with their “Enhanced Budget Control” (Budget Authority, as recently approved by the FY24 DoD Appropriations Act)
  • Monitoring programs and activities associated with the implementation of cyberspace workforce development, recruitment and retention
  • Overseeing integration of cyberspace operations and capabilities into operations and contingency plans
  • Developing DoD cyberspace policy guidance on private sector outreach, engagement and agreements
  • Leading the DoD implementation of national-level cyberspace policies
  • Leading the development, implementation and oversight of cyberspace-related activities for security cooperation
  • Exercising authority, direction and control over the official designated as Deputy Principal Cyber Advisor with respect to that official’s Deputy PCA duties

Sulmeyer served in various roles in the Office of Secretary of Defense

In his current role as principal cyber advisor to the secretary of the army, Sulmeyer serves as the advisor for issues related to cyber and the Army, including readiness, capabilities and strategy. He previously worked as the director of the cybersecurity project at the Harvard Kennedy School’s Belfer Center for Science and International Affairs along with roles in the Office of the Secretary of Defense, in the National Security Council and at U.S. Cyber Command.

Currently, Sulmeyer is waiting for confirmation of the position. Ashley Manning is performing the duties of the office until Sulmeyer is confirmed by the Senate.

More from News

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

Ransomware attack on Rhode Island health system exposes data of hundreds of thousands

3 min read - Rhode Island is grappling with the fallout of a significant ransomware attack that has compromised the personal information of hundreds of thousands of residents enrolled in the state’s health and social services programs. Officials confirmed the attack on the RIBridges system—the state’s central platform for benefits like Medicaid and SNAP—after hackers infiltrated the system on December 5, planting malicious software and threatening to release sensitive data unless a ransom is paid. Governor Dan McKee, addressing the media, called the attack…

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today