Full Report
The Pentagon’s newest cyber organization, the Defense Cyber Defense Command (DCDC), is working to build out a framework for how to respond to cyberattacks against critical infrastructure in the homeland, according to a military official. “I’m currently assigned there to build out a [Joint Task Force Defense of Critical Infrastructure] framework and command and control…
Analysis Summary
# Regulation/Compliance: Joint Task Force Defense of Critical Infrastructure (JTF-DCI) Framework
## Overview
The Defense Cyber Defense Command (DCDC) is establishing a formalized "Joint Task Force Defense of Critical Infrastructure" (JTF-DCI) framework. This initiative aims to codify the Department of Defense’s (DoD) role in defending civilian and homeland critical infrastructure. It specifically addresses the "Command and Control" (C2) challenges of coordinating military cyber assets with civilian agencies such as CISA and the FBI during a domestic cyberattack.
## Key Details
- **Issuing Authority:** Defense Cyber Defense Command (DCDC) / U.S. Cyber Command
- **Effective Date:** Development ongoing (DCDC elevated to sub-unified command May 2025)
- **Jurisdiction:** U.S. Homeland Critical Infrastructure
- **Status:** Proposed / Under Development
## Requirements
### Mandatory Requirements (Internal DoD/Inter-agency)
1. **Command and Control (C2) Alignment:** Establishment of a clear "who is in control" hierarchy for domestic cyber defense operations.
2. **Authorization Synchronization:** Integration of legal and operational authorizations across CISA, FBI, Coast Guard, and the Department of Defense.
3. **Common Rail Implementation:** Adoption of standardized communication and execution protocols ("common rail") between military and civilian cyber agencies.
### Recommended Practices
1. **Public-Private Information Sharing:** Enhanced telemetry sharing from private sector critical infrastructure owners to DCDC.
2. **Unified Incident Response:** Participation in Joint Task Force exercises to test the DCI framework before active deployment.
## Affected Organizations
- **Industries:** All 16 Critical Infrastructure sectors (Energy, Financial, Water, Healthcare, etc.).
- **Organization Size:** Primarily Large-scale infrastructure providers and government partners.
- **Geographic Scope:** United States (Homeland).
## Compliance Timeline
- **May 2025:** DCDC elevated to sub-unified command under US Cyber Command.
- **June 2026 (Current):** Framework drafting and C2 blueprinting Phase.
- **Future Date (TBD):** Formal publication of the JTF-DCI incident response playbook.
## Implementation Guidance
### Assessment Phase
- Organizations should identify "crown jewel" assets that may require federal/military support during a "cyber-act of war" scenario.
### Implementation Phase
- Align internal Emergency Response Plans (ERPs) with CISA and FBI reporting structures, as these will serve as the primary conduits to the DCDC framework.
### Validation Phase
- Participation in regional or national-level cyber exercises (e.g., Cyber Yankee) to verify interoperability with National Guard and DCDC personnel.
## Technical Requirements
- **Interoperability Standards:** Framework requires cross-agency technical standards for sharing "Common Operational Pictures" (COP) during attacks.
- **Authorization Protocols:** Clarification of the legal data-sharing boundaries allowed under DoS/DoD domestic authorizations.
## Penalties & Enforcement
- **Fines:** N/A (The framework is currently focused on operational coordination rather than industry enforcement).
- **Other Consequences:** Failure to integrate with the framework may result in delayed DoD assistance or lack of federal protection during a catastrophic national cyber event.
- **Enforcement:** Managed via U.S. Cyber Command operational directives.
## Related Standards
- **NIST CSF:** Provides the foundational language for the infrastructure defense plans.
- **National Cyber Strategy:** The high-level policy driving the more aggressive homeland defense posture of the DCDC.
## Resources
- **Official Documentation:** [https://breakingdefense.com/2026/06/pentagons-cyber-defense-command-drafting-plan-to-defend-critical-infrastructure/] (Defanged)
- **Primary Agency:** U.S. Cyber Command / DCDC.
## Practical Recommendations
- **Monitor C2 Developments:** Critical infrastructure operators should monitor updates from the DCDC to understand how the military's role may overlap with existing CISA mandates.
- **Review Incident SOPs:** Ensure that standard operating procedures for incident response include specific triggers for when to escalate communication to federal partners who may be coordinating with the DCDC.