The Pentagon Unveils An Aggressive New Cyber Defense Plan

The Long March
U.S. Air Force/Master Sgt. Barry Loo

Over the last six months, the government has released a series of strategic documents and executive orders that have led some to conclude that the gloves are off when it comes to deploying offensive cyber capabilities.

The Department of Defense Cyber Strategy, released in an unclassified summary this week, reiterates the proactive use of offensive cyber capabilities. However, instead of viewing this as unfettered authorization to deploy these capabilities, it should be viewed as the emergence of a national security framework that acknowledges the realities of a dramatically shifting international system and technological change. Importantly, the strategy sends core signals to U.S. adversaries, allies, and the private sector.

For our adversaries, the policy homes in on defending forward, stating that cyber campaigns will be countered by “defending forward to intercept and halt cyber threats.” Instead of waiting for the attacks to happen in the homeland, offense will be used surgically to counter campaigns. This is a full-court press strategy that leverages offense to counter threats and underpins the notion of deterrence by denial. It does not imply unconstrained deployment of offensive capabilities, but rather an approach that is focused to stop a threat before it harms its target.

The strategy also alludes to countering adversarial, cyber-enabled information operations. Given the emphasis on China and Russia within the strategy, this again helps progress a more coherent approach to countering the full range of cyber-enabled interference operations instead of viewing computer compromises and disinformation within discrete stovepipes.

Finally, too often the cyber component is siloed as separate from other tools of national power. The Cyber Strategy specifies that all instruments of national power will be employed to deter malicious cyber activities. Again, this implies a more nuanced approach to countering the threat, as well as one that understands the risks of escalation.

For our allies, the strategy emphasizes the pursuit and defense of a free and open internet. This is perhaps the major continuation from the 2015 strategy, and signals to democratic allies that the U.S. remains steadfast in a commitment to preserving a foundational component of democracy. If there is any doubt, the very first sentence notes, “American prosperity, liberty, and security depend upon open and reliable access to information.” At a time when cyber-enabled activities are exasperating fissures in democratic institutions across the globe, the strategy attempts to renew U.S. commitment to preserving a free and open internet as critical to democracy. To further specify this commitment, the strategy offers U.S. support and participation in global institutions to help shape cyber confidence building measures and those norms for responsible behavior in cyberspace.

Finally, for the private sector, this strategy extends Defense Department defensive commitments beyond .mil and .gov domains. Historically, the approach toward the private sector has more or less been one of letting it fend for itself. While the strategy more so focuses on the defense industrial base, the commitment to critical infrastructure widens the potential for greater defensive support for the private sector. At the same time, the emphasis on commercial-off-the-shelf cyber capabilities and leveraging automation and data analysis additionally highlight potential avenues for greater partnerships with the private sector.

In short, rather than reflecting a shift toward unconstrained cyber anarchy, the strategy continues the momentum away from post-hoc responses to cyber attacks, and instead takes a nuanced, multi-faceted approach toward one of the most daunting national security challenges. Importantly, it amplifies the ongoing discourse on the use of offensive capabilities, providing transparency in an area that has for too long been viewed as a dark art, while signaling to attackers that the unfettered deployment of cyber-enabled attacks against the U.S. is over.

Andrea Little Limbago is chief social scientist at Endgame, a cybersecurity software company. She previously taught in academia before joining the Joint Warfare Analysis Center as a computational social scientist. While at JWAC, she earned the command’s top award for technical excellence for her analytic support across the Department of Defense. She holds a Ph.D. in political science from the University of Colorado at Boulder.

An Oregon Air National Guard F-15C Eagle that made an emergency landing on Wednesday ditched its entire arsenal of live air-to-air missiles before touching down at Portland International Airport, The War Zone reports.

Read More Show Less

Several hundred U.S. troops will remain in Syria after allied forces clear ISIS fighters out of their last stronghold in the country, officials said on Friday.

President Donald Trump announced in December that he would withdraw all U.S. troops from Syria, but Sen. Lindsey Graham has since made a strong push to keep a small residual force along the Turkish border along with troops from European allies.

Read More Show Less
Chris Osman (Photo: _chris_osman_designs/Instagram)

The former Navy SEAL among a group of eight men arrested earlier this week in Port-au-Prince on weapons charges says he was providing security work "for people who are directly connected to the current President" of Haiti.

"We were being used as pawns in a public fight between him and the current Prime Minister of Haiti," said Chris Osman, 44, in a post on Instagram Friday. "We were not released we were in fact rescued."

Read More Show Less
Former Secretary of Defense James N. Mattis (DoD photo)

A Richland, Washington city councilman thinks native son Jim Mattis would make a terrific governor or even president.

Read More Show Less

It's a photo for the ages: a Marine NCO, a Greek god in his dress blues, catches the eye of a lovely young woman as her boyfriend urges her on in distress. It's the photographic ancestor of the much-loved "distracted boyfriend" stock photo meme, made even sweeter by the fact that this is clearly a sailor about to lose his girl to a Devil Dog.

Well, this photo and the Marine in it, which hopscotched around Marine Corps Facebook and Instagram pages before skyrocketing to the front page of Reddit on Thursday, are very real.

The photo shows then-Staff Sgt. Louis A. Capozzoli — and he is absolutely not on his way to steal your girl.

Read More Show Less