Security Experts:

Connect with us

Hi, what are you looking for?


Security Infrastructure

Department of Defense: Cyberspace is a New Warfare Domain

yberspace is a New Warfare Domain

yberspace is a New Warfare Domain

Defense Department Reveals that a Cyber Attack Captured 24,000 DoD Files; Announces Department’s Strategy for Operating in Cyberspace

The Department of Defense today released its Strategy for Operating in Cyberspace (DSOC), the Defense Department’s first unified strategy for cyberspace which “officially encapsulates” a new way forward for the DoD’s military, intelligence and business operations.

Listed first under the Five Strategic Initiatives in the 18-page document: “DoD will treat cyberspace as an operational domain to organize, train, and equip so that DoD can take full advantage of cyberspace’s potential.” Just like air, land, and sea, cyberspace is a new warfare domain. 

“There is no doubt that cyber space is a battleground, and it’s therefore perfectly logical that it be treated as a domain of warfare,” said Eric Knapp, Director of Critical Infrastructure Markets at NitroSecurity. “Establishing controls to keep cyber activities at bay, denying them the privilege of escalation, is a sound and responsible strategy,” Knapp added. “We shouldn’t be surprised that cyber defenses are a national concern, or be shocked that there is significant interest in cyber defense from a military perspective. More surprising is that there is still some reluctance to accept this concept from the public, despite recent examples of cyber attacks, such as Stuxnet, that have propagated through the mainstream media. I believe that reluctance likely stems from a common public misperception that ‘information’ is the only collateral at risk in a cyber war; it’s not common knowledge outside of the industry that the systems we rely on – energy, water, transportation, emergency response, and other public services – can be disrupted or even destroyed from a computer terminal. When you think of it in those terms, the Pentagon’s strategy is absolutely sound.”

William Lynn Department of Defense

“Strong partnerships with other U.S. government departments and agencies, the private sector and foreign nations are crucial,” said Deputy Secretary of Defense William J. Lynn III. “Our success in cyberspace depends on a robust public/private partnership. The defense of the military will matter little unless our civilian critical infrastructure is also able to withstand attacks.


The Department of Defense and other governmental agencies have taken steps to anticipate, mitigate and protect against the continuous rise in cyber threats. Last year, the DoD establishedU.S. Cyber Command, an agency responsible for directing activities to operate and defend DoD networks.  


In his remarks, Lynn acknowledge that In March, a cyber attack on a defense company’s network captured 24,000 files containing Defense Department information.”It is a significant concern that over the past decade, terabytes of data have been extracted by foreign intruders from corporate networks of defense companies. In a single intrusion this March, 24,000 files were taken,” Lynn said, without sharing any further detail as to the types of files that were taken.

“The DoD’s announcement that 24,000 files swiped in March from contractor systems isn’t surprising to those of us that understand the large-scale cyber looting that has been going on for some time now,” said Anup Ghosh, CEO of browser security startup Invincea. “It’s clear that the defenses employed against enterprise networks, most of which were developed in the 20th century, are no longer up to snuff for the current threat. The large-scale theft of our nation’s intellectual property has been going on for well over a decade while the Department has classified much of the incursions. Now with hacktivists like Anti-Sec, LulzSec, Anonymous publicly hacking private companies, public companies, government systems, and contractors that hold our nation’s intellectual property, this genie is out of the bottle,” Ghosh says.

“The U.S. government has drawn a line in the sand and is saying enough is enough. All U.S. organizations need to take notice because the Pentagon’s announcement doesn’t just reflect attacks on our government – it shows that cybercrime is serious and reaches deep into our economy and infrastructure,” said Jason Clark, CSO at web security firm Websense. “The cyber threat is real and if you have intellectual property that any economic competitor would value, you’re a target. It’s also absolutely critical that the public and private sector collaborate on security strategies and share cyber threat intelligence,” Clark added.

The DoD is establishing a pilot public-private sector partnership intended to demonstrate the feasibility and benefits of voluntarily opting into increased sharing of information about malicious or unauthorized cyber activity and protective cybersecurity emeasures, but Invincea’s Ghosh doesn’t think this is enough.

“The initiative to share data between the Government and private sector is important, but they would be far better off not classifying that data in the first place so the attack methods are known and the commercial sector can build defenses commensurate with the attacks,” Ghosh says. “Sharing information is an important first step, but it doesn’t go far enough. The US must deploy defenses that stop the threat from establishing breaches in our networks in the first place. It’s time to stop talking about the problem and start deploying technologies already available that defend against attacks targeted at users. Waiting another day simply means losing another terabyte of data to our adversaries and standing by while watching the largest theft of our nation as it leaves our networks.”

The Five initiatives outlined in the Department of Defense Strategy (PDF) for Operating in Cyberspace are:

1. Treat cyberspace as an operational domain to organize, train, and equip so that DoD can take full advantage of cyberspace’s potential

2. Employ new defense operating concepts to protect DoD networks and systems

3. Partner with other U.S. government departments and agencies and the private sector to enable a whole-of-government cybersecurity strategy

4. Build robust relationships with U.S. allies and international partners to strengthen collective cybersecurity

5. Leverage the nation’s ingenuity through an exceptional cyber workforce and rapid technological innovation

“The cyber threats we face are urgent, sometimes uncertain and potentially devastating as adversaries constantly search for vulnerabilities,” Lynn Said. “Our infrastructure, logistics network and business systems are heavily computerized. With 15,000 networks and more than seven million computing devices, DoD continues to be a target in cyberspace for malicious activity.”

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.


Identity and access governance vendor Saviynt has closed a $205 million financing round.

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture


Security orchestration, automation and response (SOAR) provider Swimlane on Monday announced the launch of a security automation solution ecosystem for operational technology (OT) environments.

Incident Response

Created and maintained by MITRE, MITRE D3FEND is a framework that provides a library of defensive cybersecurity countermeasures and technical components to help organizations...

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.