The 2023 Defense Cyber Strategy: A Primer
It’s no secret that the US Military, as well as its allies and partners, are under constant threat of malicious cyber activity. Nefarious actors seek to exploit any technological vulnerability they can find to undermine the US Military’s competitive edge. They also target US critical infrastructure, endangering the American people. Preventing and defeating these cyberattacks is of the utmost importance to the DOD. To meet these challenges, DOD recently released its 2023 Cyber Strategy which establishes how the Department will operate in and through cyberspace to protect the American people and advance the US Defense priorities. Built upon the 2018 Cyber Strategy, the 2023 version implements the priorities of the 2022 National Security Strategy, 2022 National Defense Strategy (NDS), and 2023 National Cybersecurity Strategy.
DEVELOPED THROUGH EXPERIENCE
The Cyber Strategy is grounded in real world experience including a significant number of cyberspace operations. It is also informed by Russia’s 2022 war on Ukraine in which significant use of cyber capabilities during armed conflict has occurred. In this saturated cyber battlefield, military operations conducted by states and non-state proxies have collided with the cyber defense efforts of numerous private sector actors. The conflict has demonstrated the character of war in the cyber domain. Its lessons will shape the maturation of US cyber capabilities.
The Department’s experiences have shown that cyber capabilities held in reserve or employed in isolation render little deterrent effect on their own. Instead, these military capabilities are most effective when used in concert with other instruments of national power, creating a deterrent greater than the sum of its parts. In this way, cyberspace operations represent an indispensable element of US and allied military strength and form a core component of integrated deterrence.
The Department will also use cyberspace operations for the purpose of campaigning, undertaking actions to limit, frustrate, or disrupt adversaries’ activities below the level of armed conflict and to achieve favorable security conditions.
FACING EVOLVING THREATS
As the Department’s cyber capabilities evolve, so do those of its adversaries. Both the People’s Republic of China (PRC) and Russia have embraced malicious cyber activity to counter US conventional military power and degrade the combat capability of the Joint Force.
The PRC in particular sees superiority in cyberspace as core to its theories of victory and represents the Department’s pacing challenge in cyberspace. Using cyber means, the PRC has engaged in prolonged campaigns of espionage, theft, and compromise against key defense networks and broader US critical infrastructure, especially the Defense Industrial Base (DIB). Globally, malicious cyber activity continues to grow in both volume and severity.
A SHARED RESPONSIBILITY
As cyber threats grow and intensify, every soldier, sailor, airman, marine, guardian, coast guardsman, DOD civilian, and contractor is responsible for exercising cyber awareness and helping to manage the risk of the Department.
At the same time, senior leaders of the Department, Military Departments and Services, and the Joint Warfighting community must work together with counterparts across other Federal departments and agencies to build a robust and integrated cyber capability: one that is ready and available to respond rapidly across the spectrum of conflict.
LINES OF EFFORT
In order to address current and future cyber threats, the Department will pursue four complementary lines of effort:
Defend The Nation
The Department will campaign in and through cyberspace to generate insights about cyber threats. It will defend forward, disrupting and degrading malicious cyber actors’ capabilities and supporting ecosystems. The Department will work with its interagency partners to leverage available authorities to enable the defense of US critical infrastructure and counter threats to military readiness.
Prepare To Fight And Win The Nation’s Wars
The Department will campaign in and through cyberspace to advance Joint Force objectives. It will ensure the cybersecurity of the Department of Defense Information Network (DODIN) and conduct defensive cyberspace operations to protect it. The Department will enhance the cyber resilience of the Joint Force and ensure its ability to fight in and through contested and congested cyberspace. It will utilize the unique characteristics of cyberspace to meet the Joint Force’s requirements and generate asymmetric advantages.
Protect The Cyber Domain With Allies And Partners
US allies and partners represent a foundational strategic advantage. The DOD will build the capacity and capability of US allies and partners in cyberspace and expand avenues of potential cyber cooperation. It will continue hunt forward operations and other bilateral technical collaboration, working with allies and partners to illuminate malicious cyber activity on their networks. It will reinforce responsible state behavior by encouraging adherence to international law and internationally recognized cyberspace norms.
Build Enduring Advantages In Cyberspace
The Department will pursue institutional reforms to build advantages that will persist for decades to come. It will optimize the organizing, training, and equipping of the Cyberspace Operations Forces and Service retained cyber forces. It will ensure the availability of timely and actionable intelligence in support of cyberspace operations and explore the intersection of emerging technologies and cyber capabilities. It will foster a culture of cybersecurity and cyber awareness, investing in the education, training, and knowledge development of personnel across the defense enterprise.
The internet, which forms the connective tissue for two thirds of the world’s population, is under attack by those who seek to undermine a secure and open cyberspace and threaten the security of the US. But, despite the evolving threat landscape, the country remains ready to disrupt, degrade, and malicious cyber actors. DOD will use cyberspace to fight and win the Nation’s wars, supporting and advancing the objectives of the Joint Force. The 2023 Cyber Strategy help to bolster the cyber capability and capacity of the US, its allies and partners, while also building enduring advantages in the cyber domain.
Protecting the DIB
The Department is also focused on protection of the Defense Industrial Base (DIB) from the malicious cyber actors who routinely target it. To ensure DIB cybersecurity, the Department will continue to convene government and industry officials and leverage public-private partnerships. It will invest in rapid information-sharing and analysis and will develop a comprehensive approach for the identification, protection, detection, response, and recovery of critical DIB elements, thereby ensuring the reliability and integrity of critical weapons systems and production nodes.
Beyond information-sharing efforts, the Department will also align DIB contract incentives with DOD cybersecurity requirements. Toward this end, the Department will continue implementation of the Cybersecurity Maturity Model Certification (CMMC) Program, which requires companies to certify compliance with information security standards to receive certain priority contracts. This program will be complemented by other efforts to increase active defense measures and improve data protection across the DIB, such as provision of no-cost cybersecurity services to qualifying companies. DTJ