BALTIMORE — Lt. Gen. John B. Morrison, Jr. highlighted Army cybersecurity risk management reforms during the opening day of TechNet Cyber 2022 in Baltimore on April 26.
“Earlier this year, we published the Risk Management Framework 2.0 that significantly changes how we will attack the bureaucratic parts of the risk management process,” Lt. Gen. Morrison said.
“It gets us to this notion of continuous monitoring much faster so we spend the vast majority of our time actually focusing on the security of applications, systems and networks that are in operation instead of spending the vast majority of time on paperwork to get approval to operate,” he explained.
To reinforce leader understanding of where RMF 2.0 takes Army cybersecurity processes, Morrison said he sent it directly to senior commanders across the Service to highlight the importance of shifting resources away from bureaucracy, assuming control where we have oversight and focusing on the highest priority requirements.
Cybersecurity staff members at the office of the Deputy Chief of Staff for Command, Control, Communications, Cyber Operations and Networks — known as DCS, G-6 — have also been training hundreds of cybersecurity specialists and officials during the updated framework’s first phase.
Morrison said RMF 2.0's next phase will be the establishment of an Army Staff-level risk management council co-chaired by the Deputy Chief of Staff for Operations, Plans, and Training, also known as the DCS, G-3/5/7, and the Army Chief information Officer, or CIO. The DCS, G-6 will be responsible for proposing priority topics for decisions whether to accept a capability’s identified risk or apply resources to mitigate it.
Risk management reform is a key element of the Army Unified Network Plan released by the service’s senior leaders in October 2021. The plan’s third line of effort synchronizes actions to achieve “Security and Survivability — Commander’s Freedom Of Action In Cyberspace” aspects of multi-domain operations.
The Armed Forces Communications and Electronics Association, or AFCEA, hosted the three-day, in-person TechNet Cyber event at the Baltimore Convention Center. Other speakers included Department of Defense Chief Information Officer, Defense Information Systems Agency, and military service leaders and staff experts, as well as other federal agency officials and industry representatives.
Approximately 4,500 people registered to attend TechNet Cyber 2022, according to AFCEA’s Julie Walter.
Visit the G-6 on Army.mil for more information on its leaders and mission.