April 22, 2024 By Jennifer Gregory 2 min read

The federal government recently took a new step toward prioritizing cybersecurity and demonstrating its commitment to reducing risk. On March 20, 2024, the Pentagon formally established the new Office of the Assistant Secretary of Defense for Cyber Policy to supervise cyber policy for the Department of Defense. The next day, President Joe Biden announced Michael Sulmeyer as his nominee for the role.

“In standing up this office, the Department is giving cyber the focus and attention that Congress intended,” said Acting Undersecretary of Defense for Policy Sasha Baker in a statement.

As part of the Fiscal 2023 National Defense Authorization Act, Congress instructed the Pentagon to increase the focus on cybersecurity in the Office of the Secretary of Defense by creating a new office. The NDAA increased the number of Assistant Secretaries of Defense to 18 and the number of Deputy Assistant Secretaries of Defense to 60.

The role was created due to concerns about the lack of focus in the Pentagon on a civilian-facing cyber effort. With the new role, the DoD now has more resources dedicated to improving cyber resiliency through policy.

ASD cyber position was delayed a year

However, the actions came a year later than officials and taxpayers expected. The delay happened because the Pentagon commissioned a study to determine the roles and responsibilities of the assistant secretary of defense for cyber policy (ASD CP), specifically regarding whether electronic and information warfare would be included.

When asked about the delay, John Plumb, principal cyber advisor to the secretary of defense and assistant secretary of defense for space policy, responded that they were moving forward but wanted to do it right. He explained that they were working to create the ASD cyber role deliberately to ensure the most positive results. The committee used the template for the ASD for Space and then added specifics relevant to cyber policy.

Learn more on AI cybersecurity

Supervising policy for cyber operations

With the establishment of the office, the DoD released the official responsibilities of the ASD CP. The new position will handle:

  • Developing, coordinating, assessing and overseeing the deployment of DoD cyberspace policy and strategy and ensuring these efforts align with national security objectives
  • Overseeing and certifying the department’s Cyberspace Operations Budget and providing fiscal and budgetary oversight to USCYBERCOMs $3 billion annual execution with their “Enhanced Budget Control” (Budget Authority, as recently approved by the FY24 DoD Appropriations Act)
  • Monitoring programs and activities associated with the implementation of cyberspace workforce development, recruitment and retention
  • Overseeing integration of cyberspace operations and capabilities into operations and contingency plans
  • Developing DoD cyberspace policy guidance on private sector outreach, engagement and agreements
  • Leading the DoD implementation of national-level cyberspace policies
  • Leading the development, implementation and oversight of cyberspace-related activities for security cooperation
  • Exercising authority, direction and control over the official designated as Deputy Principal Cyber Advisor with respect to that official’s Deputy PCA duties

Sulmeyer served in various roles in the Office of Secretary of Defense

In his current role as principal cyber advisor to the secretary of the army, Sulmeyer serves as the advisor for issues related to cyber and the Army, including readiness, capabilities and strategy. He previously worked as the director of the cybersecurity project at the Harvard Kennedy School’s Belfer Center for Science and International Affairs along with roles in the Office of the Secretary of Defense, in the National Security Council and at U.S. Cyber Command.

Currently, Sulmeyer is waiting for confirmation of the position. Ashley Manning is performing the duties of the office until Sulmeyer is confirmed by the Senate.

More from News

Change Healthcare discloses $22M ransomware payment

3 min read - UnitedHealth Group CEO Andrew Witty found himself answering questions in front of Congress on May 1 regarding the Change Healthcare ransomware attack that occurred in February. During the hearing, he admitted that his organization paid the attacker's ransomware request. It has been reported that the hacker organization BlackCat, also known as ALPHV, received a payment of $22 million via Bitcoin.Even though they made the ransomware payment, Witty shared that Change Healthcare did not get its data back. This is a…

State Department releases International Cyberspace and Digital Policy Strategy

3 min read - U.S. Secretary of State Antony Blinken announced the new U.S. International Cyberspace and Digital Policy Strategy during the recent RSA Conference in San Francisco. The strategy emphasizes the role of technology in diplomacy and the urgent need to build international coalitions. “Security, stability, prosperity — they are no longer solely analog matters,” Blinken said at the conference. The new strategy focuses on “digital solidarity” not “digital sovereignty,” Blinken said, emphasizing the importance of collaboration with like-minded nations. Also mentioned was…

DHS establishes Artificial Intelligence Safety and Security Board

3 min read - As part of its commitment to addressing the rapid growth and adoption of AI technology across all industries and sectors, the Department of Homeland Security (DHS) announced the establishment of the Artificial Intelligence Safety and Security Board in late April. The Board’s first meeting is planned for early May when they will begin the task of focusing on how to develop and deploy AI technology within the United States’ critical infrastructure safely and securely. Based on the DHS Homeland Threat…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today