Cyber Resiliency and Cybersecurity Policy

The Cyber Resiliency & Cybersecurity Policy program, managed by the Office of the Secretary of Defense, aims to enhance the cybersecurity posture of the Department of Defense (DoD). It focuses on critical mission weapon systems and defense infrastructure. This initiative conducts comprehensive cybersecurity assessments and implements mitigations to protect these vital assets from cyber threats. The program supports efforts led by the OUSD (A&S) and involves collaboration with entities such as Combatant Commands (CCMDs), the National Security Agency (NSA), and USCYBERCOM. A key component is the Strategic Cybersecurity Program, which prioritizes cyber hardening for DoD missions.

One primary objective is conducting mission-based cyber risk assessments for priority defense missions. This includes Deep Cyber Resiliency Assessments (DCRAs) that provide detailed evaluations and mitigation strategies for mission partners across the DoD. The program also emphasizes developing tools like the Cyber Risk Mitigation Tool (CRMT), which serves as a decision support system for tracking and prioritizing cyber vulnerabilities. These efforts ensure that cybersecurity measures are effectively integrated into mission planning and execution.

The program also addresses cybersecurity supply chain risk management through pilot projects in collaboration with the DoD CIO and other organizations. These pilots aim to demonstrate scalable cybersecurity services that enhance existing commercial capabilities, particularly for small-to-medium-sized companies within the Defense Industrial Base (DIB). By focusing on these smaller entities, which often lack robust cybersecurity measures, the program seeks to protect sensitive unclassified information critical to national security.

The Capability Portfolio Management aspect involves overseeing Joint Cyber Capabilities used by the Cyber Mission Force. This includes assessing capabilities for offensive and defensive cyberspace operations in collaboration with USCYBERCOM. The goal is to manage and optimize these capabilities to support effective cyberspace operations, ensuring alignment with broader strategic objectives outlined in national defense strategies.