Skip to main content
Geopolitics & DefenseGovernment & Policy

Pentagon Integrates Cyber into Operations, Prioritizes AI Security

Officer stands confidently at podium in briefing room with colleagues and large display screen.

"Information is becoming more and more important on the battlefield," said Katherine Sutton, the Defense Department’s assistant secretary for cyber policy and principal cyber adviser, framing a push inside the Pentagon to stop treating cyber as a separate lane and start weaving it into every operation from the outset.

Katherine Sutton: pull cyber out of its silo and build it into plans

Speaking at GDIT’s Emerge: Battlespace of the Future conference, hosted by Scoop News Group, Sutton described a cultural shift inside the Defense Department prompted by recent conflicts — referencing the war in Iran and the capture of Venezuelan leader Nicolas Maduro — that has elevated the role of cyber when paired with physical force. She urged that cyber effects be integrated "from day one with operational planning" rather than added on at execution time. As she put it, cyber must be "built in from the beginning, and not something that we strap on as we’re going to execute."

Brandon Pugh and the Army: cyber blended with kinetic operations

Brandon Pugh, principal cyber adviser for the Army, reinforced Sutton’s message at the same conference. He said cyber is "more effective when we see cyber blending in the kinetic operations while still being an option in its own right," and warned that "being considered in a silo is not where it’s most effective." The Army recently convened agencies last month for an exercise to contemplate threat scenarios across domains — an example the service is using to operationalize cross-domain planning.

Defense Secretary oversight links physical and cyber critical infrastructure

The Pentagon has tied physical and cyber protections together at the leadership level: Defense Secretary Pete Hegseth has given Pugh oversight of all defense critical infrastructure, both physical and cyber. That assignment, Pugh said, underscores how the department views the two as linked and subject to unified stewardship rather than separate portfolios.

Security must be interlaced with artificial intelligence from the start

Sutton warned that the department should not repeat past mistakes made with the internet — namely, adopting technologies without baking in security early. As advanced AI models grow in usage at the Defense Department, she said, "we’re also creating a new threat landscape for adversaries to attack us and to exploit these new capabilities, so we need to start thinking about how we’re going to secure them." She added that in previous tool adoptions, "security is an afterthought," and stressed, "I just don’t think we have that luxury with AI going forward."

What this means for technologists and security teams, the Army, and adversaries

  • Technologists and security teams: Expect requirements to emerge that embed security and cyber effects early in system design and operational planning. Sutton’s warning that AI must be secured from the outset suggests upcoming emphasis on pre-deployment hardening rather than post-deployment fixes.
  • The Army and other services: The Army’s interagency exercise last month and Pugh’s expanded oversight role indicate a push to harmonize planning and protection for physical and cyber infrastructure. Units will likely be asked to plan missions with blended cyber-kinetic options at the start.
  • Adversaries: Sutton’s remarks acknowledge that wider adoption of AI and integrated cyber capabilities also enlarges the attack surface — an explicit recognition that new capabilities create new opportunities for exploitation.

The Defense Department’s current line is straightforward and operational: cyber is not an add-on and AI is not a field to treat casually. Sutton and Pugh described a doctrine shift — embed cyber effects into planning and treat security as a design requirement for emerging tools — and concrete moves are already visible, from cross-domain exercises to the consolidation of critical-infrastructure oversight. The department’s next steps will show whether organizational practice keeps pace with the rhetoric: will cyber planners routinely sit at the table on day one of operational planning, and will procurement and development lines lock in security for AI before deployment? That is the practical test the remarks at the conference have put before the Pentagon.

Read the original reporting: https://cyberscoop.com/pentagon-cyber-integration-ai-security/