In creating a new top cyber job, Pentagon seeks outside help

The Pentagon is hiring an independent research firm to examine how to fit a new, top-ranking cyber policy adviser into the Defense Department’s existing bureaucracy, according to people familiar with the matter.

The RAND Corporation will advise on the creation of a new assistant secretary of Defense for cyber policy, said the sources, who spoke on the condition of anonymity to discuss the agreement, which has not been signed yet.

The job, which will report directly to the Defense secretary, was created in last year’s bipartisan defense authorization bill in response to years of mounting frustrations on Capitol Hill that the Pentagon lacks a senior civilian leader who is truly accountable for digital security policy.

By farming out the work to a respected third party, Pentagon leaders can provide themselves with political cover if the study indeed concludes that roles and responsibilities must shift in order for the new post to work.

Lawmakers established the assistant secretary position because “we need the focus on a department-wide basis,” Sen. Mike Rounds of South Dakota, the top Republican on the Armed Services Committee’s cyber panel, told The Record.

“It’s time we recognize that any time we go to war, cyber is going to play a major part of it,” said Rounds, who helped lead the legislative push for the Senate-confirmed position.

John Plumb, assistant secretary of Defense for space policy, currently fills the office of the Principal Cyber Advisor to the Secretary of Defense. In addition, his portfolio “encompasses the Department’s strategic capabilities for integrated deterrence: space, nuclear weapons, cyber, missile defense, electromagnetic warfare, and countering weapons of mass destruction,” according to his official biography.

Lawmakers believe that having one person responsible for so many issues has led to digital security not receiving the attention and supervision it deserves. Similarly, during the Trump administration, the assistant secretary for homeland defense and global security acted as the Defense secretary’s No. 1 cyber counselor.

Plumb testifies Thursday before the House Armed Services Subcommittee on Cyber, Information Technologies, and Innovation.

Congress wants motion

The RAND study could take up to a year to complete, one source said. It will examine whether existing entities — such as the deputy assistant secretary of Defense for cyber policy, who reports to Plumb — will become subordinate units. It also could consider moving missions that are currently under other assistant secretaries.

The examination will be led by Quentin Hodgson, a former longtime DoD policy official, and another individual, the sources said.

A RAND spokesperson declined to comment.

The idea of the Pentagon tasking an outside firm, rather than conducting the study internally, has split proponents of the new post.

“It’s like DoD has this problem of just studying things endlessly, to death,” said Rep. Mike Gallagher (R-WI), the chair of the House Armed Services cyber subcommittee.

He added that a potential yearlong study “sounds too long” and speculated the topic could come up when Plumb and U.S. Cyber Command chief Gen. Paul Nakasone testify Thursday.

Rounds, who like Gallagher was unaware of the department’s pending decision, said it surprised him that a third party was being brought in to conduct the work.

“Maybe they’re taking this very seriously. If they are, that’s fine, but I would most certainly hope they would be able to expedite this,” he said, noting the hiring and confirmation process takes an extended period of time.

“I want to do it right,” Rounds told The Record. “I won’t complain about the process if they think they’re going to move in the right direction. But what I don't want them to do is somebody dragging their feet.”

At the time of publication, the Pentagon had not responded to a request for comment.