The Pentagon Unveils An Aggressive New Cyber Defense Plan

The Long March
SOFWERX hosted a Cyber Capability Expo at their newest facility in Tampa, Fla., Oct. 19, 2017.
U.S. Air Force/Master Sgt. Barry Loo

Over the last six months, the government has released a series of strategic documents and executive orders that have led some to conclude that the gloves are off when it comes to deploying offensive cyber capabilities.

The Department of Defense Cyber Strategy, released in an unclassified summary this week, reiterates the proactive use of offensive cyber capabilities. However, instead of viewing this as unfettered authorization to deploy these capabilities, it should be viewed as the emergence of a national security framework that acknowledges the realities of a dramatically shifting international system and technological change. Importantly, the strategy sends core signals to U.S. adversaries, allies, and the private sector.

For our adversaries, the policy homes in on defending forward, stating that cyber campaigns will be countered by “defending forward to intercept and halt cyber threats.” Instead of waiting for the attacks to happen in the homeland, offense will be used surgically to counter campaigns. This is a full-court press strategy that leverages offense to counter threats and underpins the notion of deterrence by denial. It does not imply unconstrained deployment of offensive capabilities, but rather an approach that is focused to stop a threat before it harms its target.

The strategy also alludes to countering adversarial, cyber-enabled information operations. Given the emphasis on China and Russia within the strategy, this again helps progress a more coherent approach to countering the full range of cyber-enabled interference operations instead of viewing computer compromises and disinformation within discrete stovepipes.

Finally, too often the cyber component is siloed as separate from other tools of national power. The Cyber Strategy specifies that all instruments of national power will be employed to deter malicious cyber activities. Again, this implies a more nuanced approach to countering the threat, as well as one that understands the risks of escalation.

For our allies, the strategy emphasizes the pursuit and defense of a free and open internet. This is perhaps the major continuation from the 2015 strategy, and signals to democratic allies that the U.S. remains steadfast in a commitment to preserving a foundational component of democracy. If there is any doubt, the very first sentence notes, “American prosperity, liberty, and security depend upon open and reliable access to information.” At a time when cyber-enabled activities are exasperating fissures in democratic institutions across the globe, the strategy attempts to renew U.S. commitment to preserving a free and open internet as critical to democracy. To further specify this commitment, the strategy offers U.S. support and participation in global institutions to help shape cyber confidence building measures and those norms for responsible behavior in cyberspace.

Finally, for the private sector, this strategy extends Defense Department defensive commitments beyond .mil and .gov domains. Historically, the approach toward the private sector has more or less been one of letting it fend for itself. While the strategy more so focuses on the defense industrial base, the commitment to critical infrastructure widens the potential for greater defensive support for the private sector. At the same time, the emphasis on commercial-off-the-shelf cyber capabilities and leveraging automation and data analysis additionally highlight potential avenues for greater partnerships with the private sector.

In short, rather than reflecting a shift toward unconstrained cyber anarchy, the strategy continues the momentum away from post-hoc responses to cyber attacks, and instead takes a nuanced, multi-faceted approach toward one of the most daunting national security challenges. Importantly, it amplifies the ongoing discourse on the use of offensive capabilities, providing transparency in an area that has for too long been viewed as a dark art, while signaling to attackers that the unfettered deployment of cyber-enabled attacks against the U.S. is over.

Andrea Little Limbago is chief social scientist at Endgame, a cybersecurity software company. She previously taught in academia before joining the Joint Warfare Analysis Center as a computational social scientist. While at JWAC, she earned the command’s top award for technical excellence for her analytic support across the Department of Defense. She holds a Ph.D. in political science from the University of Colorado at Boulder.

U.S. special operations forces are currently field testing a lightweight combat armor designed to cover more of an operator's body than previous protective gear, an official told Task & Purpose.

The armor, called the Lightweight Polyethylene (PE) Armor for Extremity Protection, is one of a handful of subsystems to come out of U.S. Special Operations Command's Tactical Assault Light Operator Suit (TALOS) effort that media outlets dubbed the "Iron Man suit," Navy Lieutenant Cmdr. Tim Hawkins, a SOCOM spokesman, told Task & Purpose on Wednesday.

Read More Show Less
Petty Officer Derek Buitrago and his wife, Sandra, say they found black mold along their Corvias home's baseboards (Courtesy of Covington & Burling)

Ten military families are taking their privatized housing provider, Corvias, to court over "appalling housing conditions and cavalier treatment" at Fort Meade in Maryland, according to a new lawsuit.

The lawsuit filed on Tuesday by law firm Covington & Burling —which is handling the lawsuit pro bono, according to their press release — details "distressingly similar stories of poorly maintained infrastructure leading to serious problems, such as mold growing on walls, windows, and pipes," at the the installation.

The lawsuit was first reported by the Washington Post. The defendants identified include Corvias Management-Army LLC and Meade Communities, LLC, which is a part of Corvias.

Read More Show Less

WASHINGTON (Reuters) - Senior Democratic and Republican lawmakers presented dueling narratives on Wednesday as a U.S. congressional impeachment inquiry that threatens Donald Trump's tumultuous presidency entered a crucial new phase with the first televised public hearing.

The drama unfolded in a hearing of the House of Representatives Intelligence Committee in which two career U.S. diplomats - William Taylor and George Kent - voiced alarm over the Republican president and those around him pressuring Ukraine to conduct investigations that would benefit Trump politically.

Read More Show Less

The Navy is looking into the possibility of sending explosive ordnance disposal units on shorter and possibly more frequent deployments, service officials said on Wednesday.

Right now, EOD techs train for 18 months and deploy for another six months as part of their optimized fleet response plan, but the Navy is conducting a review of that training and deployment cycle, Navy officials told reporters.

A Navy analysis is looking at whether EOD techs should spend a total of 32 or 36 months training and deployed per cycle, said Capt. Oscar Rojas, who leads Explosive Ordnance Disposal Group 1 in San Diego.

Read More Show Less