The government’s annual defense policy bill, if signed into law by President Donald Trump, will create several new cyber positions within the military.
The fiscal year 2020 National Defense Authorization Act outlines the roles the Department of Defense must fill — at the Pentagon and within the services.
The first position is a senior military advisory for cyber policy — who will also serve as the deputy principal cyber adviser and be at least a two-star general — within the Office of the Under Secretary of Defense for Policy.
Under the scope of the senior military adviser for cyber policy, specific duties include being the principal uniformed military adviser on military cyber forces and activities to the under secretary of defense for policy; advise the under secretary on policies related to cyber operations, readiness, resources and personnel; help synchronize DoD military cyber forces and activities; and maintain lines of communication between the chief information officer senior civilian leaders, Joint Staff, services and combatant commands on issues related to cyber policy and operations.
Under the scope of the deputy principal cyber adviser, specific duties include synchronizing, coordinating and overseeing the implementation of the DoD cyber strategy; advising the secretary of defense on cyber programs and activities in relation to policy, training, resources, manpower and acquisition; assist in supervision of cyber operations; advocate for investments in capabilities; and identify shortfalls in capabilities while making budget recommendations to close those gaps.
The other set of positions the bill creates are principal cyber advisers for each military service.
The service secretaries must appoint a cyber adviser to advise the secretary on all cyber matters affecting the services 270 days after the bill becomes law.
This adviser will be a civilian and independent of the chief information officer.
Their responsibilities will include overseeing recruitment; resourcing and training of cyber forces, as well as assessing their readiness; overseeing acquisition; overseeing cybersecurity supply chain risk management; and security of information systems and weapon systems.
These advisers must also brief Congress biannually.