The new strategy directs the department to deter cyber threats and cultivate its cyber talent.
U.S. armed forces must “amplify military lethality and effectiveness” of offensive cyber operations, according to the summary of an updated Defense Department cyber strategy released Tuesday.
The strategy, which calls for a surge in cyber efforts both during military conflict and peacetime, also notes some current shortfalls, including a need to improve military cyber recruiting, training and retention.
“The United States cannot afford inaction: our values, economic competitiveness and military edge are exposed to threats that grow more dangerous every day,” defense officials wrote in an unclassified summary. “We must assertively defend our interests in cyberspace below the level of armed conflict and ensure the readiness of our cyberspace operators to support the Joint Force in crisis and conflict.”
‘Significant Work’ Needed to Boost Defense Posture
As part of creating the new strategy, Defense officials were charged with conducting a “comprehensive review of the department’s cyber posture” and its ability to meet this mission.
The review—which remains classified—showed the department had work to do, particularly in the areas of workforce, capabilities and process, according to an accompanying fact sheet.
“The department has begun to address these challenges, but it is an enduring effort and significant work remains,” the fact sheet states.
On the workforce front, the strategy requires cultivating more cyber experts, including training and retaining current department staff, as well as promoting development in the private sector to enlarge the overall talent pool.
In-house, the department plans to create a “cyber talent management program” to track rising stars and provide “its most skilled cyber personnel with focused resources and opportunities to develop key skills over the course of their careers.”
Deter and Defeat
Officials offered key military objectives in the cyber domain, including “deterring, preempting or defeating malicious cyber activity” and “securing DOD information and systems, including non-DOD-owned networks”—such as critical infrastructure and the defense industrial base—“against cyber espionage and malicious cyber activity.”
The unclassified summary also calls out China and Russia as “long-term strategic competition” in cyberspace, as well as North Korea and Iran, which “have similarly employed malicious cyber activities to harm U.S. citizens and threaten U.S. interests.”
In order to combat these threats, the strategy calls for engaging those nations in cyberspace, including conducting espionage and building offensive cyber capabilities “in the event of crisis or conflict.” Below that threshold, “We will defend forward to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict.”
“Should deterrence fail, the Joint Force stands ready to employ the full range of military capabilities in response,” the summary states. The department “excels at creating cyber capabilities” for offensive operations, officials said, though the document also calls for greater use of commercial-off-the-shelf tools.