Cyber DOD Sends New Cyber Strategy to Congress, Releases Unclassified Fact Sheet
The Department of Defense (DOD) recently sent its new classified cyber strategy to Congress, according to reports. The strategy was created following the release of the National Cybersecurity Strategy in March and is the first such document of its kind since 2018. Despite being classified and thus mostly kept under wraps, the DOD also released a publicly available unclassified “fact sheet” on Friday, which detailed the broad principles behind the document and its implications.
Defend Forward
Of note, the fact sheet explains that the updated strategy is based on the lessons gleaned from real-world operations conducted in recent years. One of the key principles of the strategy is something known as “defend forward,” which involves attacking the networks of US adversaries before they can strike against US networks. The idea behind this approach is that by taking the fight to enemies in cyberspace, US forces can greatly diminish their capacity to mount successful attacks on domestic networks and infrastructure.
The DOD has been focusing on this concept since the 2018 National Defense Authorization Act was passed. The previous period saw fewer actions in cyberspace due to a variety of factors, including stringent authorities and high risk levels inherent in such operations. By using the more streamlined authorities inherent in the 2018 Act, the DOD was able to ramp up its offensive actions significantly.
New Efforts
The newly released strategy contains four complementary lines of effort, according to the fact sheet. The first of these is defending the nation by campaigning in cyberspace to generate insights about malicious activity and continuing to defend forward to disrupt adversaries’ capabilities. Second, the strategy aims to invest in cyber capabilities to fight and win in conflict. This entails ensuring that the DOD’s Information Network is robust and promoting cyber resilience throughout the joint force.
US forces will also use the capabilities it is building to gain asymmetric advantages over its enemies. The third line of effort is to protect the cyber domain with the help of allies and partners. This component of the strategy involves sending cybersecurity experts and defense personnel to countries who have requested help to hunt for threats on their networks. This practice is known as “hunt forward operations,” and it allows both parties to gain knowledge about adversary tactics and harden cybersecurity at home against those threats.
The fourth line of effort involves optimizing the organizing, training, and equipping of cyber forces in a bid to build durable advantages against US adversaries and other malicious actors. The DOD is currently facing readiness shortfalls among its cyber mission force, while it builds an acquisition capability for Cybercom thanks to enhanced authorities from Congress. However, some experts are concerned that there needs to be a separate, independent body to handle cybersecurity within the DOD to properly build cohesion and focus on these missions.
The Broader Implications
This new strategy is a significant move by the DOD, which shows just how important cybersecurity has become for the US military. Gone are the days when cybersecurity was seen as a “nice to have” component of military operations or a subordinate aspect of national defense. Instead, cybersecurity has emerged as a pillar of national defense alongside traditional aspects of warfare such as land, air, and sea operations. As cyber attacks from other nations and groups continue to rise in scale and sophistication, expect the DOD and other branches of the US government to invest more heavily in this area going forward.
Advice
The increased focus on cybersecurity employed by the DOD and the wider US government should provide some comfort to internet users and corporations alike. However, as the public instance of this particular strategy is mostly hidden, it is difficult for companies and individuals to determine what, if any, specific actions they should be taking in terms of cybersecurity. As a consequence, the advice is much the same as it has been in recent years: individuals should ensure that their devices and networks are secure, applications are kept current, passwords are changed regularly, and they should avoid clicking on any links or downloading attachments from untrusted sources. Corporate entities should focus on a range of cybersecurity and data protection measures, including encryption, firewalls, and VPNs, along with upskilling and investing in cybersecurity teams who can spot and respond to attacks in real-time.
<< photo by Sigmund >>
You might want to read !
- BianLian Cybercrime Group Adapts Extortion Tactic, Eluding CISA’s Awareness
- “White House Launches Bold Cyber Strategy with Focus on Digital Education Initiatives”
- Deploying a Strong Workforce is Crucial to Achieving the US Cyber Strategy
- The Implications of Timothy Haugh as the Next Cyber Command Chief
- How Economic Downturns Jeopardize Innovation and Cybersecurity
- Exploring the Growing Threat of Sophisticated Travel-Related Phishing and BEC Scams This Summer.
- How the Buhti Ransomware is Targeting Organizations Worldwide
- “Revolutionizing TLS Certificate Management: Google Cloud’s New Automation Capability”
