DOD's new cyber strategy stresses election security, embraces commercial IT

The Defense Department's cyber strategy highlights infrastructure protection and greater reliance on commercial technology to stay competitive.

malware detection (Alexander Yakimov/

The Defense Department's newly released cyber strategy draws attention to election meddling, infrastructure protection and greater reliance on commercial technology to get ahead of the curve.

A summary of the DOD's cyber strategy released Sept. 18 boasted an assertive stance on election meddling and attribution, calling out cyber "challenges to [U.S.] democratic processes" as a means for Russia, China, North Korea and Iran to inflict damage without engaging in armed conflict.

However, the Pentagon remained firm in its infrastructure protection role. DOD will partner with the private sector and other agencies on improved information sharing "to reduce the risk that malicious cyber activity targeting U.S. critical infrastructure could have catastrophic or cascading consequences,"  the document indicated.

"We will defend forward to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict," the department wrote. "We will strengthen the security and resilience of networks and systems that contribute to current and future U.S. military advantages."

To meet that goal, the Defense Department said it will establish a talent management program  that uses individual and team competitions to select talented cyber specialists who will go on to solve DOD toughest cyber problems. 

Reinforcing cyberspace norms for state actors was also included in the stragegy. DOD wrote that it would support and promote the non-binding, voluntary principles created by the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security at the United Nations, which prohibit civilian critical infrastructure damage during peacetime. DOD also said it would "develop and implement cyber confidence building measures."

The Pentagon's strategy also highlighted increased reliance on commercial, off-the-shelf products and services to stay abreast of advanced technology.

"We will identify opportunities to procure scalable services, such as cloud storage and scalable computing power, to ensure that our systems keep pace with commercial information technology and can scale when necessary to match changing requirements," the document stated.

To imbue its entire workforce with a basic fluency in cybersecurity, the strategy announced DOD would hold all personnel and private-sector partners accountable for their cybersecurity choices and practices.