The Pentagon Unveils An Aggressive New Cyber Defense Plan

The Long March
SOFWERX hosted a Cyber Capability Expo at their newest facility in Tampa, Fla., Oct. 19, 2017.
U.S. Air Force/Master Sgt. Barry Loo

Over the last six months, the government has released a series of strategic documents and executive orders that have led some to conclude that the gloves are off when it comes to deploying offensive cyber capabilities.


The Department of Defense Cyber Strategy, released in an unclassified summary this week, reiterates the proactive use of offensive cyber capabilities. However, instead of viewing this as unfettered authorization to deploy these capabilities, it should be viewed as the emergence of a national security framework that acknowledges the realities of a dramatically shifting international system and technological change. Importantly, the strategy sends core signals to U.S. adversaries, allies, and the private sector.

For our adversaries, the policy homes in on defending forward, stating that cyber campaigns will be countered by “defending forward to intercept and halt cyber threats.” Instead of waiting for the attacks to happen in the homeland, offense will be used surgically to counter campaigns. This is a full-court press strategy that leverages offense to counter threats and underpins the notion of deterrence by denial. It does not imply unconstrained deployment of offensive capabilities, but rather an approach that is focused to stop a threat before it harms its target.

The strategy also alludes to countering adversarial, cyber-enabled information operations. Given the emphasis on China and Russia within the strategy, this again helps progress a more coherent approach to countering the full range of cyber-enabled interference operations instead of viewing computer compromises and disinformation within discrete stovepipes.

Finally, too often the cyber component is siloed as separate from other tools of national power. The Cyber Strategy specifies that all instruments of national power will be employed to deter malicious cyber activities. Again, this implies a more nuanced approach to countering the threat, as well as one that understands the risks of escalation.

For our allies, the strategy emphasizes the pursuit and defense of a free and open internet. This is perhaps the major continuation from the 2015 strategy, and signals to democratic allies that the U.S. remains steadfast in a commitment to preserving a foundational component of democracy. If there is any doubt, the very first sentence notes, “American prosperity, liberty, and security depend upon open and reliable access to information.” At a time when cyber-enabled activities are exasperating fissures in democratic institutions across the globe, the strategy attempts to renew U.S. commitment to preserving a free and open internet as critical to democracy. To further specify this commitment, the strategy offers U.S. support and participation in global institutions to help shape cyber confidence building measures and those norms for responsible behavior in cyberspace.

Finally, for the private sector, this strategy extends Defense Department defensive commitments beyond .mil and .gov domains. Historically, the approach toward the private sector has more or less been one of letting it fend for itself. While the strategy more so focuses on the defense industrial base, the commitment to critical infrastructure widens the potential for greater defensive support for the private sector. At the same time, the emphasis on commercial-off-the-shelf cyber capabilities and leveraging automation and data analysis additionally highlight potential avenues for greater partnerships with the private sector.

In short, rather than reflecting a shift toward unconstrained cyber anarchy, the strategy continues the momentum away from post-hoc responses to cyber attacks, and instead takes a nuanced, multi-faceted approach toward one of the most daunting national security challenges. Importantly, it amplifies the ongoing discourse on the use of offensive capabilities, providing transparency in an area that has for too long been viewed as a dark art, while signaling to attackers that the unfettered deployment of cyber-enabled attacks against the U.S. is over.

Andrea Little Limbago is chief social scientist at Endgame, a cybersecurity software company. She previously taught in academia before joining the Joint Warfare Analysis Center as a computational social scientist. While at JWAC, she earned the command’s top award for technical excellence for her analytic support across the Department of Defense. She holds a Ph.D. in political science from the University of Colorado at Boulder.

WASHINGTON (Reuters) - Known for acting on impulse, President Donald Trump has adopted an uncharacteristically go-slow approach to whether to hold Iran responsible for attacks on Saudi oil facilities, showing little enthusiasm for confrontation as he seeks re-election next year.

After state-owned Saudi Aramco's plants were struck on Saturday, Trump didn't wait long to fire off a tweet that the United States was "locked and loaded" to respond, and Secretary of State Mike Pompeo blamed Iran.

But four days later, Trump has no timetable for action. Instead, he wants to wait and see the results of investigations into what happened and is sending Pompeo to consult counterparts in Saudi Arabia and the United Arab Emirates this week.

Read More Show Less

That sound you're hearing is Army senior leaders exhaling a sigh of relief, because the Army has surpassed its recruiting goal for the year.

After failing to meet recruiting goals in 2018, the Army put the pedal to the metal and "did some soul searching," said Acting Army Secretary Ryan McCarthy, to ensure that they'd meet their 2019 goal. It must have paid off — the service announced on Tuesday that more than 68,000 recruits have signed on as active-duty soldiers, and more soldiers have stuck around than they expected.

Read More Show Less

Air Force Chief of Staff Gen. David Goldfein transformed into the Cigarette Smoking Man from "The X-Files" on Tuesday when explaining why UFO enthusiasts should avoid storming the mythical Area 51 installation in Nevada.

"All joking aside, we're taking it very seriously," Goldfein told reporters during the Air Force Association's annual Air, Space, and Cyber Conference. "Our nation has secrets, and those secrets deserve to be protected. The people deserve to have our nation's secrets protected."

Read More Show Less
Paul Szoldra/Task & Purpose

SAN DIEGO — A San Diego-based Navy SEAL acquitted of murder in a closely watched war crimes trial this summer has filed a lawsuit against two of his former attorneys and a military legal defense nonprofit, according to a complaint filed in federal court in Texas on Friday.

Read More Show Less

NATIONAL HARBOR, Maryland — The Air Force is reviewing whether some airmen's valor awards deserve to be upgraded to the Medal of Honor, Chief of Staff Gen. David Goldfein said on Tuesday.

Goldfein revealed that several airmen are being considered for the nation's highest military award during a press conference at the Air Force Association's annual Air, Space, and Cyber Conference. He declined to say exactly who could receive the Medal of Honor, pending the outcome of the review process.

Read More Show Less