An unclassified fact sheet released by the Pentagon said the new strategy will continue efforts to conduct “hunt forward operations”’ with U.S. allies and “defend forward” activities meant to disrupt threat actors on their own turf.
The Department of Defense announced on Friday that it submitted its classified 2023 cyber strategy to Congress “earlier this week” and plans to release an unclassified summary of its new cybersecurity approach “in the coming months.”
“The classified 2023 DOD cyber strategy provides direction to the department to operationalize the concepts and defense objectives for cyberspace set forth in the 2022 national defense strategy,” DOD said in a press release. “It builds upon the direction set by the 2018 DOD cyber strategy and is informed by years of real-world experience of significant DOD cyberspace operations.”
Submission of DOD’s updated cyber strategy to Congress follows the release of the Biden administration’s national cybersecurity strategy in March.
In an unclassified fact sheet, DOD said the new cyber strategy is “grounded in real-world experience,” including “Russia’s 2022 invasion of Ukraine” and the department’s growing focus on conducting “a number of significant cyberspace operations through its policy of defending forward, actively disrupting malicious cyber activity before it can affect the U.S. homeland.”
The department’s 2018 cyber strategy first laid out the concept of defending forward, which is meant to better position DOD to more directly “intercept and halt cyber threats” on the networks and systems of digital adversaries.
DOD said the department “will pursue four complementary lines of effort” in its cyber strategy, which are collectively designed to confront threats from violent extremist organizations, transnational criminal organizations, North Korea, Iran, Russia and China—the last of which DOD said “represents the department’s pacing challenge in the cyber domain.”
Expanding off of the defend forward focus included in the 2018 strategy, the fact sheet said DOD “will campaign in and through cyberspace to generate insights about malicious cyber actors, as well as defend forward to disrupt and degrade these actors’ capabilities and supporting ecosystems.”
DOD’s new strategy also seeks to “ensure the cybersecurity of the DOD information network” and make additional investments “in the Joint Force’s cyber resilience,” as well as “assist U.S. allies and partners in building their cyber capacity and capability,” according to the department’s fact sheet.
This includes the continuation of the Pentagon’s hunt forward operations, which DOD said “build cyber resiliency and will reinforce responsible state behavior by encouraging adherence to international law and internationally recognized cyberspace norms.”
Finally, DOD said the strategy will work to “build enduring advantages in cyberspace” by optimizing “the organizing, training and equipping of the cyber operations forces and service-retained cyber forces.” This includes additional investments in “the enablers of cyberspace operations,” which the department said included “intelligence, science and technology, cybersecurity and culture.”
“With a robust and integrated cyber capability, the department will work to deter conflict where it can and prevail where it must,” the DOD fact sheet said.