This is part three of a series exploring the differences between military cyber forces, capabilities, mission sets and needs. For previous installments, see part one and part two.

The delineation between “cyber” and “IT” is generally thought to be operations within a maneuver space vs. the infrastructure that enables that to happen, respectively.

Moreover, Col. Brian Lyttle, program executive officer for cyber at the Defense Information Systems Agency, referred C4ISRNET to the joint publication that governs cyber regarding the delineation between cyber operations and IT/cybersecurity. Speaking after his participation in a recent panel discussion, he noted that the document divides this up into three specific areas: offensive cyber, defensive cyber and network operations, which is where most people would think IT rests, he said. 

“We’re getting a little bit confused on infrastructure versus buying a network weapon for the [cyber protection teams] to use. And we have to make sure we understand when we’re weaponizing the network to do [defensive cyber operations] or [offensive cyber operations] versus maintaining the” network, said Gary Wang, deputy CIO of the Army at the time, now acting, last May. “I mean, it’s the only place where you’re going to run your business [operations] and you’re also going to fight a cyber war on the same infrastructure simultaneously.

“Where there’s some confusion is when we say IT infrastructure for keeping the lights on and network running versus … how we can weaponize the network to support defensive cyber operations or offensive cyber operations.”

This delineation is best exemplified by the two core missions of Cyber Command’s operational defensive arm Joint Force Headquarters-DoD Information Networks. DoDIN operations are those that are executed daily as part of running a network while defensive cyber operations/internal are specific actions taken in response to either intelligence, a threat or an incident.

DoDIN operations can be construed as classic IT work performed by a computer network defense service provider, while cyber operations — in this case on the defensive side — can be carried out by cyber protection teams.

The service chief information officers are generally more focused on the IT-network running/cybersecurity side as opposed to cyber operations. However, there has been a recent shift in thinking, making the distinction of “operationalizing” the network moving traditional IT work to a more operations-centric task.

Beyond the operational side, which is mostly orchestrated from the service cyber command components, the services are looking at basic cybersecurity efforts among their ranks — ensuring warriors exhibit good cyber hygiene and hardening installations and weapon systems. Both subordinate units of the various service cyber commands seek to perform basic IT functions as well as ensure cybersecurity, the services in concert but separate from the service cyber components are pursuing cybersecurity initiatives.

The most prominent of these efforts is focused on a DoD-wide initiative to harden weapon systems, all of which, including legacy, rely upon some cyber-enabled element that makes them vulnerable to cyber attacks. DoD announced that it was repurposing $100 million for evaluating cyber vulnerabilities in weapon systems.