It is not that easy. Systems used for such purposes use methods to hide themselves. It is a cat and mouse.
This issue was raised back in 1998. At that point we had idiots running key positions that made these decisions. They often gave dumb retorts like our system is "hack proof" we run our own fibre network for comms. When you have such duffers running critical areas for 3 years stints and then move on - you'll never be able institutionalize the level of excellence required. Add to this resource limitation and prioritization - and you get small pockets of capabilities, OTS purchasing, script kiddies (website defacing), old HW crypto for comms, compromised Foreign Embassy comms through outdated HW crypto system (thanks to NRTC), and other things that will make you grab your head in disbelief at the idiocy.
And finally there is an institutional tug and war, on who owns this domain. That dilutes the effort, in an area where deep expertise over time is required. Result - is BS capability, and idiots who will say "Sir we stopped the hack, we pulled the system offline when we first found out" - chapter closed. (major GHQ breach likely from Israelis).
My advice is and has been (for over 2 decades): Create a joint command structure under the CJCS - bring all branches together with Intel (MI, ISI - not IB). IB is swiss cheese. Have a non-uniformed DG (someone with deep knowledge and skills), alongwith an operational DG that is uniformed. One builds capabilities and one applies. And my vote to start off with would be a DG from the PAF, as I find them more attuned to these sort of threats. Though DG positions should be rotational. Also DG slots should be for 6 years not 3.