What Is DACO Anyway?

FORT MEADE, MARYLAND, UNITED STATES

12.02.2024

Courtesy Story

Joint Force Headquarters - Department of Defense Information Network

✔ ✗ Subscribe

2

Volume 1, Issue 2

You may often hear the term “DACO” being thrown around when it comes to DoDIN operations and defense, but what does DACO really mean and how is it used? This article explains the foundational elements of DACO.

What is DACO?

Directive Authority for Cyberspace Operations, or DACO, is an authority created by Secretary of Defense Charles T. Hagel in 2014. This authority grants the power to direct the tactical execution of global cyberspace security, operations, and defense actions by issuing binding orders to all elements of the DoDIN. Defined in Joint Publication 3-12 Cyberspace Operations, the scope of DACO is limited to cyberspace operations on the DoDIN. It is a standing authority, meaning it is not temporary or situational in its application, though it can be delegated based on circumstances.

DACO does not supersede or supplant other existing command authorities such as combatant command operational control (OPCON) or tactical control (TACON) but is instead complementary and is specific in its application to cyberspace security, operations, and defense. Very few organizations within the DoD have DoDIN operations and defense as their core mission or as a major function tied to their purpose, but all execute those activities. Thus, the application of DACO compels unity of action across all the individual missions of the combatant commands, service cyber components, and defense agencies and field activities that comprise the Department’s global cyberspace terrain without impacting the underlying core mission of the organization.

Why was DACO created?

In November 2011, prior to the elevation of U.S. Cyber Command (USCYBERCOM) as a combatant command, Air Force Gen. C. Robert Kehler, then commander of U.S. Strategic Command (USSTRATCOM), conducted full spectrum cyberspace operations as his assigned mission under the Unified Command Plan. To execute his mission, he developed a strategic estimate to measure his ability to effectively direct cyberspace security, operations, and defense. What the estimate determined was that the existing federated approach to cyberspace that attempted to oversee a collection of independent teams was both ineffective and inefficient in practice. In fact, the approach within the DoD up until that point was that of a “best-effort model” to cyberspace; one where each organization would do what they could with the resources they were given and set their own priorities based on their own missions. Gen. Kehler determined that he needed the ability to globally direct cyberspace security, operations, and defense across all DoD components regardless of their core mission, their forces and personnel assigned to them, and whether they had previously operated within a warfighting construct (i.e., agencies and field activities).

The creation and assignment of DACO by the Secretary of Defense in November 2014 specifically responded to the concerns highlighted by Gen. Kehler and enabled USSTRATCOM to begin organizing the secure, operate, and defend mission area in terms of cyberspace forces and terrain. DACO was delegated to JFHQ-DODIN in January 2015 and further delegated to the service cyber components in 2016. DACO was vested with USCYBERCOM upon its elevation to a combatant command in 2018.

The declaration of cyberspace as an operational domain and the assignment of a combatant commander necessitates centralized risk management in cyberspace, but always with an eye on preserving all DoD component missions wherever possible. Gone are the days of DoD components acting independently in cyberspace, performing decentralized risk management without consequence, and having to limit actions, activities, and investments to accommodate their own finite resources.

How is DACO used by JFHQ-DODIN?

The application of DACO by JFHQ-DODIN under its supported role on behalf of the USCYBERCOM commander means that JFHQ-DODIN directs cyberspace actions within the secure, operate, and defend the DoDIN mission area primarily based on CDRUSCYBERCOM-derived priorities. Such actions are concurrently in support of broad strategic objectives codified in the National Security Strategy, National Military Strategy, National Defense Strategy, DoD Cyber Strategy, and others.

JFHQ-DODIN leverages DACO to proactively integrate, synchronize, and direct priority security actions like network hardening actions or vulnerability mitigations necessary to maintain a standardized cyberspace posture. By issuing orders to preserve the network status and availability, JFHQ-DODIN’s DACO authority directs actions necessary to preserve cyberspace redundancy, resiliency, and survivability. Lastly, JFHQ-DODIN uses DACO to direct command and control actions required to respond and recover from anomalous or malicious cyberspace activities and directing incident response actions.

When directing actions in its supporting role of another organization that is not USCYBERCOM, JFHQ-DODIN supports combatant command warfighting, DoD business functions, DoD Intelligence Community functions, and military service organize, train, and equip functions. JFHQ-DODIN leverages its DACO authorities to direct the tactical execution of global cyberspace security, operations, and defense actions, by issuing binding orders to all elements of the DoDIN, on behalf of these other DoD component’s core missions and in support of non-cyberspace-specific objectives and priorities.

Wrapping it up.

DACO provides a crucial authority for JFHQ-DODIN to conduct its day-to-day mission on behalf of USCYBERCOM. While specific in its application to cyberspace security, operations, and defense, it can easily be leveraged to achieve non-cyberspace objectives and priorities that are heavily dependent on the DoDIN. Establishing a common understanding of this authority ensures those who are bound by it understand its purpose, and those who are reliant on it understand its reach and impact.