Pentagon moves closer to picking leader for top cyber job


The U.S. Defense Department has received the findings of a months-long outsider examination about how to best create a new lead cyber policy chief.

The Record first reported earlier this year that the Pentagon had tapped the RAND Corporation to study the creation of an assistant secretary of defense for cyber policy. The post was mandated in last year’s bipartisan defense policy bill after years of congressional frustration that the department lacks a clear-cut civilian leader accountable for digital security policy.

John Plumb, who serves as the assistant secretary for space policy and also fills the office of the principal cyber advisor to the secretary of defense, later testified to House lawmakers that the report wouldn’t be delivered until September, with a nominee to eventually follow.

In an email on Tuesday, a DoD spokesperson confirmed RAND delivered its research “at the end of September as contractually required.”

The department is “now reviewing the study’s results, which will inform forthcoming decisions on the organizational structure, resourcing, and workforce of the new office,” the spokesperson added.

While the report has been submitted, it will likely still be months before the Pentagon, which was opposed to establishing the new post and is notorious for its layers of bureaucracy, formally stands up the office and nominates someone for the job..

An obvious candidate for the role had been Mieke Eoyang, who serves as deputy assistant secretary of defense for cyber policy and reports directly to Plumb.

She has spoken extensively about the changing role of cyber operations in armed conflict following Russia’s invasion of Ukraine and last month served as the face of the Pentagon when it rolled out its latest cyber strategy.

However, Eoyang’s past as a senior Democratic staffer on Capitol Hill and a commentator on MSNBC has prompted concerns that she would not be confirmed in a narrowly-divided Senate, according to two people familiar with the matter.

The sources, who spoke on the condition of anonymity to discuss the new office candidly, said one rumored name for the post is Michael Sulmeyer, the Army’s principal cyber adviser.

Sulmeyer has served in multiple cyber policy roles over his career, including acting as a senior adviser to U.S. Cyber Command and National Security Agency chief Gen. Paul Nakasone.

He also briefly worked on cyber policy for the National Security Council at the start of the Biden administration.

In his current position, Sulmeyer counsels the Army secretary on areas like readiness, capabilities and strategy for a force that numbers more than one million people — when active force, guard, reserves and civilians are combined.

The DoD spokesperson declined to comment on potential candidates for the office.

“It is fair to say that the department does not have any announcements at this time,” they said.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Martin Matishak is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication’s cybersecurity newsletter.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Russia wants to isolate its internet, but experts warn it won’t be easy

Next Post

Exclusive: Ukraine says joint mission with US derailed Moscow’s cyberattacks

Related Posts

Combating IP Leaks into AI Applications with Free Discovery and Risk Reduction Automation

Wing Security announced today that it now offers free discovery and a paid tier for automated control over thousands of AI and AI-powered SaaS applications. This will allow companies to better protect their intellectual property (IP) and data against the growing and evolving risks of AI usage. SaaS applications seem to be multiplying by the day, and so does their integration of AI
Read More

4 Ways Hackers use Social Engineering to Bypass MFA

When it comes to access security, one recommendation stands out above the rest: multi-factor authentication (MFA). With passwords alone being simple work for hackers, MFA provides an essential layer of protection against breaches. However, it's important to remember that MFA isn't foolproof. It can be bypassed, and it often is.  If a password is compromised, there are several options
Read More

Russian Hackers Use ‘WINELOADER’ Malware to Target German Political Parties

The WINELOADER backdoor used in recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures has been attributed as the handiwork of a hacking group with links to Russia's Foreign Intelligence Service (SVR), which was responsible for breaching SolarWinds and Microsoft. The findings come from Mandiant, which said Midnight Blizzard (aka APT29, BlueBravo, or
Read More