July 20, 2011
The Department of Defense has just crossed a major milestone, finally releasing their new “Cyber 3.0” Strategy for Operating in Cyberspace as well as having been deeply involved in the White House’s International Strategy for Cyberspace.

   Despite the department’s energy and enthusiasm on cyber issues, it is facing a serious short-term crisis which may sap their momentum: many of the Department’s senior cyber leaders – the very ones most behind these new successes – are leaving. Here are the most important departing officials:

Moreover, it is not just DoD that is losing cyber leadership. As longtime DC cyber watcher Bob Gourley has discussed on his own blog,

The deputy secretary is the latest cybersecurity leader to announce his departure from the Obama administration. On June 16, the White House revealed that Federal Chief Information Officer Vivek Kundra would leave later this summer (see Vivek Kundra Resigning as Federal CIO). A day later, Justice Department CIO Van Hitch, who co-chairs the Federal CIO Council’s panel on IT security, said he would retire (see Van Hitch to Retire as Justice CIO). In late May, Deputy Undersecretary Philip Reitinger left the Department of Homeland Security as its top cybersecurity policymaker (see Reitinger Resigns Top DHS Cybersecurity Post).

DoD has now set itself a goal to “treat cyberspace as an operational domain to organize, train, and equip so that DoD can take full advantage of cyberspace’s potential.” The DoD has generations of officials and officers that understand the air, space, land, and sea domains but few that understand cyberspace. There is a new generation that is making its way up through the system now, but without senior leadership these may never stay in the Department long enough and be stripped off to contractors or industry. 

Fortunately, there are many important officials that will be staying with the DoD to implement their own strategy and the White House’s. Jim Miller, the Principal Deputy Under Secretary for Policy, has been involved in cyber issues for years and can provide oversight to whomever replaces Bob Butler. Teresa Takai, the DoD CIO, also remains to oversee the more technical parts of the cyber portfolio. The directors in the Cyber Policy Office (direct reports to DASD Bob Butler) also seem they will be in place for the transition. These include Steve Schleien, Mary Beth Morgan, Colonel BJ Shwedo, and Dr David Mussington; all are longtime veterans of the policy process, cyber issues, or both.

Even better, initial feedback is that during his first weeks, Secretary Panetta has shown an interest for cyber issues. Combined with his guaranteed access to the President, this could go a long way to making up for the loss of Lynn. It also means that both General Alexander at Cyber Command and Secretary Panetta have had their formative cyber experiences in intelligence agencies (NSA and CIA respectively). This may drive DoD planning and operations to an even heavier intelligence focus.

The Department has come a very long way and learned many painful lessons, but there are many more yet to come. Whether or not the replacements for Lynn, Cartwright, and Butler understand (or care about) cyberspace as deeply as their predecessors is still unknown; either way it will be up to them and their staff and advisors to ensure  they can execute the DoD’s many sorely needed actions to operate securely in cyberspace. 

Jason Healey is the Director of the Cyber Statecraft Initiative at the Atlantic Council of the United States. You can follow his comments on cyber cooperation, conflict and competition on Twitter, @Jason_Healey.