DOD Cyber Strategy Aims to Disrupt Hackers, Deepen Ally WorkDefense Department Will Conduct Defensive Ops on Internal Network, Invest in People
The U.S. military needs to be on the offensive and the defensive in cyberspace, disrupting malicious actors and boosting the cyber capabilities of U.S. allies to take on Chinese threats to critical infrastructure, an updated strategy document says.
Defense officials also emphasize protection of the department's information network and investments in education, training and cyber knowledge development as part of a four-pronged approach to address cyberthreats. The department in May submitted updates to Congress of its 2018 cyber strategy and published an unclassified 24-page summary of those updates Tuesday.
"Our allies and partners are an asymmetric advantage," Assistant Secretary of Defense for Space Policy John Plumb said during a Center for a New American Security virtual event Wednesday. "They're a force multiplier. That's something that neither China nor Russia can ever hope to match. We will help build out our partner cyber capacity to shore up their networks through hunt forward operations."
Top Defense Department Cyber Initiatives
Plumb said the Pentagon plans to share more actionable threat information with partners and eliminate institutional barriers that inhibit cooperation with allies and private sector organizations. The updated cyber strategy comes weeks after the Defense Department agreed to put forward $10 million to build a Security Operations Center for Costa Rica's Ministry of Public Security (see: US Aids Costa Rican Post-Hack Push for Robust SOC, Secure 5G).
Defense officials will continue efforts to disrupt and degrade the cyber capabilities of malicious actors, but Plumb said the department has a better appreciation for both the potential and limitations of cyber operations. Using cyber capabilities in concert with other instruments of national power creates a deterrent that's greater than the sum of its parts, according to Plumb.
"In election security, cyberspace operations work best in concert with the FBI and sanctions from the Department of Treasury," Plumb said. "Coordinated efforts by government and nongovernment entities have proven effective in frustrating malicious cyber activity from foreign governments and from criminals."
In recent years, the Defense Department has moved away from attempting to defend its entire network and instead has focused on maximizing resilience by improving its ability to withstand a cyberattack without losing any critical functions, Plumb said. The department is migrating to a zero trust architecture and looking to taking advantage of cyberspace operations to deliver kinetic effects in large-scale conflicts.
To build enduring advantages in cyberspace, Plumb said, the Defense Department will look to optimize how it organizes, trains and equips cyber operations forces and invests in intelligence, science and technology to enable further cyber operations. Officials have pushed for reforms to the agency's cyber workforce and have looked to empower the armed services to implement effective talent management.
Biggest Nation-State Cyberthreats
In the early 2010s, the Defense Department viewed cyber operations as analogous to nuclear weapons, meaning the department would have them in reserve as a deterrent and work very hard to make sure it never had to use them. At the time, Plumb said, Defense officials were most concerned about a "cyber Pearl Harbor" or a huge hack that would dismantle the transportation system and financial networks.
But in the first half of the 2010s, Plumb said, the most predominant trend was actually Chinese cyberespionage, which produced trillions of dollars of theft spanning the gamut from blueprints for cutting-edge aircraft to intellectual property for breakthrough pharmaceuticals and agricultural innovation. This includes the 2015 Office of Personnel Management breach, in which Chinese hackers stole 22 million records.
"There is a clear trend of cyber being deployed below the threshold of armed conflict, but to the strategic benefit of our competitors," Plumb said.
Russia's invasion of Ukraine in February 2022 for the first time led to the use of sophisticated cyber operations in a conventional conflict, and Plumb said Russian activity has demonstrated that cyber operations aren't particularly decisive on their own. In conflict, Plumb said, cyber operations are best understood as a complement to conventional machines rather than as a stand-alone capability (see: Russia-Ukraine War: Cyberattacks Fail to Best Partnerships).
Plumb described Ukraine's cybersecurity capabilities as "excellent and enduring" given the country's many years of experience in dealing with malicious cyber activity from Russia. Joint U.S.-Ukrainian hunt forward operations in the years leading up to the war ensured Ukraine's railroad infrastructure kept operating during the early phases of Russia's invasion, allowing 1 million civilians to escape to safety, Plumb said.
"Despite the initial burst of malicious cyber activity by Russia against Ukrainian networks to cut off or control access to information and communications, Russia has been unable to use cyber to achieve strategic effects," Plumb said.