April 22, 2024 By Jennifer Gregory 2 min read

The federal government recently took a new step toward prioritizing cybersecurity and demonstrating its commitment to reducing risk. On March 20, 2024, the Pentagon formally established the new Office of the Assistant Secretary of Defense for Cyber Policy to supervise cyber policy for the Department of Defense. The next day, President Joe Biden announced Michael Sulmeyer as his nominee for the role.

“In standing up this office, the Department is giving cyber the focus and attention that Congress intended,” said Acting Undersecretary of Defense for Policy Sasha Baker in a statement.

As part of the Fiscal 2023 National Defense Authorization Act, Congress instructed the Pentagon to increase the focus on cybersecurity in the Office of the Secretary of Defense by creating a new office. The NDAA increased the number of Assistant Secretaries of Defense to 18 and the number of Deputy Assistant Secretaries of Defense to 60.

The role was created due to concerns about the lack of focus in the Pentagon on a civilian-facing cyber effort. With the new role, the DoD now has more resources dedicated to improving cyber resiliency through policy.

ASD cyber position was delayed a year

However, the actions came a year later than officials and taxpayers expected. The delay happened because the Pentagon commissioned a study to determine the roles and responsibilities of the assistant secretary of defense for cyber policy (ASD CP), specifically regarding whether electronic and information warfare would be included.

When asked about the delay, John Plumb, principal cyber advisor to the secretary of defense and assistant secretary of defense for space policy, responded that they were moving forward but wanted to do it right. He explained that they were working to create the ASD cyber role deliberately to ensure the most positive results. The committee used the template for the ASD for Space and then added specifics relevant to cyber policy.

Learn more on AI cybersecurity

Supervising policy for cyber operations

With the establishment of the office, the DoD released the official responsibilities of the ASD CP. The new position will handle:

  • Developing, coordinating, assessing and overseeing the deployment of DoD cyberspace policy and strategy and ensuring these efforts align with national security objectives
  • Overseeing and certifying the department’s Cyberspace Operations Budget and providing fiscal and budgetary oversight to USCYBERCOMs $3 billion annual execution with their “Enhanced Budget Control” (Budget Authority, as recently approved by the FY24 DoD Appropriations Act)
  • Monitoring programs and activities associated with the implementation of cyberspace workforce development, recruitment and retention
  • Overseeing integration of cyberspace operations and capabilities into operations and contingency plans
  • Developing DoD cyberspace policy guidance on private sector outreach, engagement and agreements
  • Leading the DoD implementation of national-level cyberspace policies
  • Leading the development, implementation and oversight of cyberspace-related activities for security cooperation
  • Exercising authority, direction and control over the official designated as Deputy Principal Cyber Advisor with respect to that official’s Deputy PCA duties

Sulmeyer served in various roles in the Office of Secretary of Defense

In his current role as principal cyber advisor to the secretary of the army, Sulmeyer serves as the advisor for issues related to cyber and the Army, including readiness, capabilities and strategy. He previously worked as the director of the cybersecurity project at the Harvard Kennedy School’s Belfer Center for Science and International Affairs along with roles in the Office of the Secretary of Defense, in the National Security Council and at U.S. Cyber Command.

Currently, Sulmeyer is waiting for confirmation of the position. Ashley Manning is performing the duties of the office until Sulmeyer is confirmed by the Senate.

More from News

Exploring the 2024 Worldwide Managed Detection and Response Vendor Assessment

3 min read - Research firm IDC recently released its 2024 Worldwide Managed Detection and Response Vendor Assessment, which both highlights leaders in the market and examines the evolution of MDR as a critical component of IT security infrastructure. Here are the key takeaways. The current state of MDR According to the assessment, “the MDR market has evolved extensively over the past couple of years. This should be seen as a positive movement as MDR providers have had to evolve to meet the growing…

Regulatory harmonization in OT-critical infrastructure faces hurdles

3 min read - In an effort to enhance cyber resilience across critical infrastructure, the Office of the National Cyber Director (ONCD) has recently released a summary of feedback from its 2023 Cybersecurity Regulatory Harmonization Request for Information (RFI). The responses reveal major concerns from critical infrastructure industries related to operational technology (OT), such as energy, transport and manufacturing. Their worries include the current fragmented regulatory landscape and difficulty adapting to new cyber regulations. The frustration appears to be unanimous. Meanwhile, the magnitude of…

Why the Christie’s auction house hack is different

3 min read - Christie's, one of the world's leading auction houses, was hacked in May, and the cyber group RansomHub has claimed responsibility. On May 12, Christie’s CEO Guillaume Cerutti announced on LinkedIn that the company had “experienced a technology security incident.” RansomHub threatened to leak “sensitive personal information” from exfiltrated ID document data, including names, dates of birth and nationalities. On the group’s dark website, RansomHub claims to possess 2GB of data on “at least 500,000” Christie’s clients from around the world.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today