| June 2024: |
DC3 Announces Retirement of Executive Director
Department of Defense (DoD) Cyber Crime Center (DC3) Executive Director Dr. Jude Sunderbruch departed from this role on 18 June 2024 and retired from the Senior Executive Service. He also retired from the Air Force Reserve on 01 June 2024.
Prior to this role, Dr. Sunderbruch served as Executive Director of the Air Force Office of Special Investigations (AFOSI), based in Quantico, Virginia.
Dr. Sunderbruch began his career with the Air Force in 1994 as a distinguished graduate of the Reserve Officer Training Corps. He served as an active duty AFOSI special agent from 1994 until 2001, when he became a civil servant and a reservist. He has extensive interagency and international leadership experience in cybersecurity and national security. While deployed, he served in leadership roles in Bosnia-Herzegovina as an officer and in Iraq as a civilian. He retires as a colonel in the Air Force Reserve.
During Dr. Sunderbruch’s tenure, DC3 expanded to a workforce of more than 500 civilian, military, and contractor personnel. Designated via Presidential Directive as a Federal Cyber Center, DC3 offers a range of integrated services, including cyber training, digital and multimedia forensics, vulnerability disclosure, cybersecurity support to the Defense Industrial Base, analysis and operational enablement, and advanced technical solutions and capabilities.
DC3 is a Field Operating Agency aligned with the Department of the Air Force Inspector General, supporting the entire DoD, as well as interagency and international partners.
Following Dr. Sunderbruch’s retirement, DC3 Deputy Director Mr. Joshua Black assumed the role of interim DC3 Executive Director. |
| April 2024: |
DC3 and DCSA Partner to Establish Vulnerability Disclosure Program for the Defense Industrial Base
The Department of Defense (DoD) Cyber Crime Center (DC3) and Defense Counterintelligence and Security Agency (DCSA) formed a strategic partnership to establish a fully operational Vulnerability Disclosure Program (VDP) supporting the Defense Industrial Base (DIB), known as DIB-VDP.
This free and voluntary DIB-VDP was formed to bring vulnerability disclosure capabilities to the DIB, with strategic alignment to further enhance DC3 and DCSA support to the DIB in the vulnerability, analytical, cybersecurity, and cyber forensics domains. Program efforts align to address national-level cybersecurity strategies and policies, such as the 2022 National Defense Strategy, the 2023 National Cybersecurity Strategy, and the 2024 Defense Industrial Base Cybersecurity Strategy.
Through this program and partnership, DC3 builds upon and improves the combination of policies, requirements, services, pilots, public-private collaboration, and interagency efforts to combat the complex, ever-evolving cyber threats facing the DIB. |
| March 2024: |
DC3 Releases 2023 Annual Report
Throughout 2023, DC3 streamlined its organizational structure as a catalyst in our ability to deliver flexible and nimble capabilities to support partner initiatives. DC3 strives to develop a more diverse, equitable, and inclusive workforce whose composition reflects that of our great nation. Moving forward, DC3 will continue to boldly transform the way we operate to meet the evolving needs of our customers and our national security.
Aligned to our 2023–2025 Strategic Plan, we reinvigorated efforts to enrich our engagements with both domestic stakeholders and international partners. Throughout the year, members of the DC3 team represented Department of Defense and U.S. equities abroad in support of U.S. Combatant Command and NATO events and initiatives. In efforts to reach the globally dispersed cyber community, our team welcomed invitations and opportunities to engage more holistically with academic institutions.
Informed by long-standing requirements and the 2022 National Defense Strategy’s focus on the Indo-Pacific, DC3 leadership initiated operational endeavors to establish a future operating capability within that region. This DC3 outfit will support DoD investigators and a range of international partners with a compliment of DC3 capabilities.
Annual Report 2023 | Open PDF |
| March 2024: |
DC3’s Vulnerability Disclosure Program Received Its 50,000th Report
DC3's Vulnerability Disclosure Program reached a remarkable milestone with the processing of its 50,000th report. Since 2016, this enduring initiative has been a crucial element in the DoD's defense-in-depth strategy.
The enduring program was launched in November 2016 following the successful Hack-the-Pentagon bug bounty event. Unlike short-duration bug bounties, VDP’s crowd-sourced ethical hackers report vulnerabilities continuously as part of a defense-in-depth approach.
Through its function as the focal point for receiving vulnerability reports, DC3 VDP continues to contribute significantly to DoD’s overall security. |
| 2023: |
DC3 Undergoes Organizational Restructuring to Establish Two New Directorates
DC3 Executive Director directed an organizational structure realignment approved by U.S. Air Force Headquarters in 2023. This action resulted in the establishment of two Directorates (Strategy and Partner Engagement [XE] and Information Technology [XT]) while disestablishing two Directorates (Business and Technology Operations and Technical Solutions Development). This completed the realignment of 42 manpower positions from previously assigned Directorates to newly assigned Directorates based on the new organizational structure outlined by the DC3 Executive Director.
DC3 XT was formed in 2023, combining the former Technical Solutions Development Directorate with the Information Technology Division, Records Management, and Knowledge Management. The creation of the XT Directorate unified IT operations end-to-end and provides the organization a one-stop shop for all items IT-related, to include application development, knowledge management, records management, data management, service desk, network, and software and hardware management.
DC3 XE was formed in 2023, combining the offices of Public Affairs, Plans and Policy, Organizational Development, Partner Engagement, and Executive Support Staff. The creation of XE unified elements dedicated within DC3 to provide organizational outreach and strategic engagement across federal government and internationally. |
| September 15, 2023: |
DC3 Celebrates 25 Years of Operation
On September 15, 2023, several hundred guests gathered at DC3 Headquarters to celebrate 25 years of DC3 operations. The unprecedented event featured speakers Mr. John Dixson, Director of Defense Intelligence, Counterintelligence, Law Enforcement, and Security from the office of the Under Secretary of Defense for Intelligence and Security, and Mr. Gurpreet Bhatia, Principal Director, Cybersecurity, Office of the Chief Information Officer.
During the ceremony, long-time DC3 veterans gave their recollections of key moments in the organization’s history. Executive Director, Mr. Sunderbruch, spoke about the future of DC3, outlining the strategic plan for 2023-2025, closing with a message of gratitude to everyone who made the event possible. |
| August 2023: |
DC3 Published 2023-2025 Strategic Plan
DC3 published its 2023-2025 Strategic Plan, emphasizing its role in delivering innovative capabilities and expertise to enable and advise law enforcement, cybersecurity, and national security partners. |
| February 2023: |
DC3’s Vulnerability Disclosure Program Reaches 45,000 Reports
In February 2023, the Department of Defense’s (DoD) Vulnerability Disclosure Program (VDP) program processed its 45,000th report. VDP began as an extension of the “Hack the Pentagon” project run by the predecessor to the DoD’s Directorate for Digital Services.
At the time, VDP partnered with Joint Force Headquarters-DoDIN to manually process all valid reports received from the researcher community. In the summer of 2018, the system known as the Vulnerability Report Management Network began production service to automate, track, and process all reporting, creating a much more efficient process.
Since then, the VDP reporting process has matured to include selection of a report of the month, a report of the year, publication of a monthly “Bug Bytes” report, and an annual report.
|
| December 2022: |
DC3 Received 2022 DoD CIO Annual Award for Cyber and IT Excellence
The Department of Defense (DoD) Chief Information Officer (CIO) Awards Program awarded the DoD Cyber Crime Center (DC3) with a 2022 DoD CIO Annual Award for Cyber and IT Excellence for the Defense Industrial Base (DIB) Vulnerability Disclosure Program (VDP) Pilot. DC3’s team was also recognized as an Honorable Mention recipient. The award recognizes outstanding achievements of individuals and teams within the DoD CIO portfolio, with nominations highlighting numerous efforts across the Department supporting critical and national security efforts.
DC3 collaborated on the 12-month Pilot with the Defense Counterintelligence Security Agency. Throughout the awarded Pilot, VDP members helped coordinate remediation for over 400 actionable vulnerabilities found on DIB participants’ public-facing assets, saving the Defense Industrial Base an estimated $61 million. HackerOne’s global ethical researcher community supported the pilot by submitting 1,015 vulnerability reports, showcasing public-private cooperation.
The Honorable Mention and Team award recognized the joint collaborative team’s outstanding contributions to protect the DIB, Department of Defense Information Network (DoDIN), and national cybersecurity. DoD CIO formally recognized DC3 members on December 09, 2022 at the Pentagon. |
| November 10, 2022: |
DC3 DCISE Onboarded 1000th Partner into Defense Cybersecurity Program
DC3’s DoD-Defense Industrial Base Collaborative Information Sharing Environment (DCISE) officially onboarded its 1000th voluntary partner into the DoD’s Defense Industrial Base Cybersecurity Program. The voluntary onboarding program began in 2008 with only 16 partners, achieving an average of 24% annual partner growth year-over-year through 2022.
Defense companies involved in the program receive unique cyber threat intelligence reporting, free malware analysis, engagement opportunities with government and industry experts, and cybersecurity-as-a-service capabilities from DCISE in coordination with the larger DC3 Enterprise.
|
| August 2022: |
Mr. Jude Sunderbruch is appointed the Executive Director of DC3. Mr. Sunderbruch was the Air Force Office of Special Investigations Executive Director prior to joining DC3. |
| March 2022: |
DoD Cyber Crime Center (DC3) personnel from the DoD-Defense Industrial Base Collaborative Information Sharing Environment, Operations Enablement Analytical Group, and Public Affairs participated in two national-level cyber exercises: the Department of Homeland Security sponsored unclassified Cyber Storm VIII, and the Office of the Director of National Intelligence sponsored classified Ice Storm 11.
Participants followed an objective-driven scenario and exercise injects to exercise DC3 objectives of responding to requests for information, conducting cyber analytics, and sharing threat information with partners as part of DC3's role in the NCIRP. |
| May 2021: |
The DoD expanded the Vulnerability Disclosure Program to include all publicly accessible DoD information systems. |
| Jan. 15, 2021: |
The DoD Cyber Crime Center (DC3) was officially designated a Field Operating Agency (FOA) by the Secretary of the Air Force, effective Jan. 15, 2021, with an associated activation ceremony at the Office of Special Investigations (OSI) Headquarters, Quantico, Va. As a FOA, DC3 transitioned from a unit aligned under OSI to a separate agency aligned under the Inspector General, Office of the Secretary of the Air Force. |
| December 2020: |
The Operations Enablement Directorate (OED) was established to amplify the effects of DoD-wide law enforcement and counterintelligence investigations and operations, and by extension, the effects of the U.S. Intelligence Community at large |
| July 2019: |
The DoD Cyber Crime Center (DC3) partnered with the National Security Agency (NSA) by hosting 12 U.S. Army Reserve Officer Training Corps (ROTC) cadets for internships at DC3. |
| December 1, 2018: |
Mr. Jeffrey D. Specht is appointed the Executive Director of DC3. Mr. Specht was the Air Force Office of Special Investigations Executive Director prior to joining DC3. |
| March 16, 2018: |
DC3 Cyber Investigations Training Academy officially became DC3 Cyber Training Academy (DC3/CTA). |
| November 2017: |
Many of DC3’s directorates underwent a name change:
- DCFL became the DC3 Cyber Forensics Laboratory (DC3/CFL)
- DCITA became the DC3 Cyber Investigations Training Academy (DC3/CITA)
- DCCI became DC3 Technical Solutions Development (DC3/TSD)
- DVDP became DC3 Vulnerability Disclosure Program (DC3/VDP)
- AG became DC3 Analytical Group (DC3/AG)
- DCISE became DC3 DoD-Defense Industrial Base Collaborative Information Sharing Environment (DC3/DCISE)
|
| November 21, 2016: |
Secretary of Defense Ash Carter authorizes the establishment of the Defense Vulnerability Disclosure Program (DVDP) to utilize private-sector cybersecurity researchers to scan public-facing DoD web sites for vulnerabilities. DC3/ VDP was born from this authorization. |
| November 1, 2013 –December 17, 2012: |
DC3 held its eighth Digital Forensics Challenge. Due to budget constraints, this is the last challenge held by DC3.
- Number of teams participating: 1,254
- Packets submitted for consideration: 317
- Winner: Northrop Grumman, United States
|