Army putting offensive and defensive cyber portfolios under a single office

Effective in October, the Army's program executive office for enterprise information systems will transfer its defensive cyber portfolio to the intelligence, electronic warfare and sensors office, which currently handles offensive capabilities.
Staff Sgt. Gregory Fretz, cyber operations specialist with 178th Cyber Protection, Mississippi Army National Guard, monitors cyber attacks during Exercise Southern Strike at Camp Shelby, Mississippi, April 21, 2023. (U.S. Army National Guard photo by Staff Sgt. Renee Seruntine)

PHILADELPHIA, Pa. — The Army is consolidating its offensive and defensive cyber portfolios under a single program executive office to improve efficiency and synergy from a management and budgeting standpoint.

The move is part of a larger push to consolidate all network functions and capabilities under a single PEO. As the Army is executing its vision for a unified network, which involves reducing the silos between its tactical and enterprise systems across the globe, the decision was made to transition elements of the enterprise network from PEO Enterprise Information Systems to PEO Command, Control, Communications-Tactical.

Within this larger effort, the project manager for defensive cyber operations at PEO EIS is moving to PEO Intelligence, Electronic Warfare and Sensors on Oct. 1.

“Having organizations responsible for the network across different PEOs just logically didn’t make sense … Why should we look at enterprise separate from tactical? Previously, it made sense, because they were separate. Technology now has allowed us to converge those efforts. We said, ‘Hey, the Army’s moving to a unified network, we should look at how do we organize,’” Young Bang, principal deputy assistant secretary of the Army for acquisition, logistics and technology, said at the Army’s Technical Exchange Meeting X in Philadelphia Wednesday.


“That’s what initially started that. Now we’re looking at the enterprise and the tactical together, we’re looking at other things beyond just the network when we had that discussion and talked about … why do we have cyber separately, why would we do defense and offense separately from a cyber perspective?” he added.

Officials said the move will create greater synergy between the offensive and defensive teams which, at least on the operations side, feed each other.

“I think it’s relatively obvious this synergy between defensive and offensive cyber operations. Having offensive and defensive functionals within one organization is a relatively obvious conclusion,” Mark Kitz, program executive officer for IEW&S, said at the conference.

Kitz explained that given the direction Congress is pushing U.S. Cyber Command to more tightly integrate the elements of its Joint Cyber Warfighting Architecture (JCWA) — piecemeal parts and programs that make up the command’s cyber operations platform — the move to consolidate within the Army makes sense.

“I did want to highlight that in the last two NDAAs [annual defense policy bills], with Cyber Command, there’s been a focus on integrating the Joint Cyber Warfighting Architecture and establishing at Cyber Command acquisition authority around the integration of cyber and functional components,” Kitz said.


“Because of this enterprise focus on integrating across the cyber architecture, the Army naturally is going to focus on that same integration. There’s synergy of our optimization of the organization here. It’s really important for us as a cyber enterprise to make sure that Cyber Command and ARCYBER — that we’re able to integrate across the cyber warfighting functions, whether that’s defensive, offensive, rapid response, cybersecurity,” he added.

PEO IEW&S will be creating a new offensive cyber and space program office to help handle the workload regarding programs it is developing for Cybercom on behalf of the joint force, with a commander officially taking over in June. They include the Joint Common Access Platform for executing offensive operations and the Joint Development Environment, a space to rapidly develop and test cyber tools.

“The Army is a significant contributor on the offensive side to that Joint Cyber Warfighting Architecture with our JCAP and [Rapid Cyber Development Network] programs,” Kitz said, referring to the Army’s name for the Joint Development Environment program.

Kitz told DefenseScoop on the sidelines of the conference that the defensive cyber office will essentially remain the same and be separate from the offensive cyber and space office within PEO IEW&S. Over the next two years, the PEO will make an assessment on how to build synergies between the two over the long term.

“Anytime you bring on a workforce that’s not co-located with another, we want to give them stability and make sure that they remain a valuable part of the organization before we make any changes or an assessment. I think it’d be about a two-year assessment and we’ll go from there,” he said.


While the defensive cyber office doesn’t provide any capabilities to the joint cyber force, it has been in joint discussions and is now being folded under IEW&S, which will allow it to leverage that close relationship with Cybercom and JCWA.

“They’ve been doing that for a long time and they’ve been identified as JWCA programs [with] JCAP. It will make that coordination much more streamlined,” Col. Mark Taylor, project manager for Defensive Cyber Operations at PEO EIS, told DefenseScoop and another reporter at the conference.

“Having those functionals and the interaction with those functionals unified with in one side of it under one PEO, it will make the stakeholder community group much tighter and communications much more synthesized and able to put out capability quicker … You got your acquisition and your operations, the users of that equipment, the operations are a lot more currently tightly coupled today, so where they can do some cross-cueing from the defensive side to the [offensive cyber operations] OCO side. There will be some intersections of the Venn diagram of OCO and [defensive cyber operations] DCO, and we’ll look to further flush those out what are common capabilities that we can use on both sides of the line?”

Kitz said while Cybercom is building out its PEO, it is looking to the services and their acquisition expertise to help.

“I think Cyber Command standing up this PEO, they need help in terms of acquisition experience. They’ve come to the Army to help with that and I think at the PEO level, we can drive a lot of that core talent management there because one of the things I talked to Cyber Command a lot about is we’re going after the same talent,” he said. “How do we build talent, workforce development activities across our cyber domains — whether it’s defensive, offensive, core infrastructure, you name it — so that if I’m a cyber professional, I can go from Cyber Command from Army to Air Force and still be a part of the mission and still deliver to one architecture.”


Cybercom, under its enhanced budget authority that activates in October and gives it oversight over spending and programs, for the short term is still having the services run its programs as executive agents. The short term change is Cybercom is reimbursing the services with its money instead of that money coming from the services. In fact, the Air Force is actually building out Cybercom’s acquisition office under a reimbursable basis.

Kitz believes the services, with their acquisition expertise, can help accelerate Cybercom’s PEO, for which they are congressionally mandated to complete in five years.

“I think we can accelerate a lot of that by starting with people, right, and then looking at the architecture and how we build synergies in the architecture. I think that will be really helpful,” he said, also referring to a synergistic offensive and defensive program office under a single PEO.

Latest Podcasts