DOD establishes Office of the Assistant Secretary of Defense for Cyber Policy

The federal government recently took a new step toward prioritizing cybersecurity and demonstrating its commitment to reducing risk. On March 20, 2024, the Pentagon formally established the new Office of the Assistant Secretary of Defense for Cyber Policy to supervise cyber policy for the Department of Defense. The next day, President Joe Biden announced Michael Sulmeyer as his nominee for the role.

“In standing up this office, the Department is giving cyber the focus and attention that Congress intended,” said Acting Undersecretary of Defense for Policy Sasha Baker in a statement.

As part of the Fiscal 2023 National Defense Authorization Act, Congress instructed the Pentagon to increase the focus on cybersecurity in the Office of the Secretary of Defense by creating a new office. The NDAA increased the number of Assistant Secretaries of Defense to 18 and the number of Deputy Assistant Secretaries of Defense to 60.

The role was created due to concerns about the lack of focus in the Pentagon on a civilian-facing cyber effort. With the new role, the DoD now has more resources dedicated to improving cyber resiliency through policy.

However, the actions came a year later than officials and taxpayers expected. The delay happened because the Pentagon commissioned a study to determine the roles and responsibilities of the assistant secretary of defense for cyber policy (ASD CP), specifically regarding whether electronic and information warfare would be included.

When asked about the delay, John Plumb, principal cyber advisor to the secretary of defense and assistant secretary of defense for space policy, responded that they were moving forward but wanted to do it right. He explained that they were working to create the ASD cyber role deliberately to ensure the most positive results. The committee used the template for the ASD for Space and then added specifics relevant to cyber policy.

With the establishment of the office, the DoD released the official responsibilities of the ASD CP. The new position will handle:

• Developing, coordinating, assessing and overseeing the deployment of DoD cyberspace policy and strategy and ensuring these efforts align with national security objectives
• Overseeing and certifying the department’s Cyberspace Operations Budget and providing fiscal and budgetary oversight to USCYBERCOMs USD 3 billion annual execution with their “Enhanced Budget Control” (Budget Authority, as recently approved by the FY24 DoD Appropriations Act)
• Monitoring programs and activities associated with the implementation of cyberspace workforce development, recruitment and retention
• Overseeing integration of cyberspace operations and capabilities into operations and contingency plans
• Developing DoD cyberspace policy guidance on private sector outreach, engagement and agreements
• Leading the DoD implementation of national-level cyberspace policies
• Leading the development, implementation and oversight of cyberspace-related activities for security cooperation
• Exercising authority, direction and control over the official designated as Deputy Principal Cyber Advisor with respect to that official’s Deputy PCA duties

In his current role as principal cyber advisor to the secretary of the army, Sulmeyer serves as the advisor for issues related to cyber and the Army, including readiness, capabilities and strategy. He previously worked as the director of the cybersecurity project at the Harvard Kennedy School’s Belfer Center for Science and International Affairs along with roles in the Office of the Secretary of Defense, in the National Security Council and at U.S. Cyber Command.

Currently, Sulmeyer is waiting for confirmation of the position. Ashley Manning is performing the duties of the office until Sulmeyer is confirmed by the Senate.