Security Experts:

Department of Defense Releases New Cyber Strategy

The U.S. Department of Defense this week released its 2018 cyber strategy, which outlines how the organization plans on implementing the country’s national security and defense strategies in cyberspace.

The new cyber strategy, which supersedes the 2015 strategy, focuses on the competition with China and Russia, but it also mentions other actors, such as North Korea and Iran. The DoD says China has been “eroding U.S. military overmatch and the Nation’s economic vitality” by stealing information, while Russia has used cyber operations to influence elections.

“The Department must take action in cyberspace during day-to-day competition to preserve U.S. military advantages and to defend U.S. interests. Our focus will be on the States that can pose strategic threats to U.S. prosperity and security, particularly China and Russia,” the Pentagon wrote in a summary of the new cyber strategy.

“We will conduct cyberspace operations to collect intelligence and prepare military cyber capabilities to be used in the event of crisis or conflict. We will defend forward to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict. We will strengthen the security and resilience of networks and systems that contribute to current and future U.S. military advantages,” it added.

The DoD wants cyber forces to be prepared to assist air, land, sea and space forces during wartime to gain military advantage over its adversaries, which the Pentagon says are also increasingly reliant on computers.

One of the Department’s goals is to ensure that the U.S. can “fight and win wars” in cyberspace while being able to defend its own systems. Another objective is to prevent, defeat and deter malicious cyber activities aimed at critical infrastructure. Finally, the Pentagon wants to work with allies and partners to strengthen its cyber capabilities, expand cyber operations, and enhance information sharing.

As for its strategic approach, the DoD wants to “build a more lethal force, compete and deter in cyberspace, expand alliances and partnerships, reform the Department, and cultivate talent.”

The creation of “more lethal force” includes accelerating the development of cyber capabilities for warfighting and counterattacks, leveraging automation and data analysis to improve effectiveness, employing off-the-shelf capabilities in addition to its own, and moving from what it calls a “zero defect” culture to one that fosters agility and innovation.

The Pentagon hopes to deter adversaries by securing its own systems and critical infrastructure, but if that fails it wants to be ready to “employ the full range of military capabilities in response.”

The DoD has recently conducted its first ever cyber posture review, as directed by the National Defense Authorization Act. The results of the review are classified, but a factsheet made public by the organization reveals that the DoD must “continue investments in people, capabilities, and processes to meet fully the objectives set forth in the Strategy.”

Related: Department of Defense Unveils New Cyber Strategy

Related: China Believes Its Cyber Capabilities Lag Behind US

Related: DoD Launches 'Hack the Marine Corps' Bug Bounty Program

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.