U.S. Department of Defense Strategy for Operating in Cyberspace

Last updated

The 2011 U.S. Department of Defense Strategy for Operating in Cyberspace is a formal assessment of the challenges and opportunities inherent in increasing reliance on cyberspace for military, intelligence, and business operations. Although the complete document is classified and 40 pages long, this 19 page summary was released in July 2011 and explores the strategic context of cyberspace before describing five “strategic initiatives” to set a strategic approach for DoDʼs cyber mission. [1]

Contents

Strategic Context

The strategy for operating in cyberspace first outlines DoD strengths, including rapid communication and information sharing capabilities as well as knowledge in the global information and communications technology sector, including cybersecurity expertise. These are considered “strategic advantages in cyberspace.” [1] Additional emphasis is placed on furthering U.S. international cyberspace cooperation through international engagement, collective self-defense, and the establishment of international cyberspace norms.

Cyber Threats

The DoD begins discussion of current cyber threats by focusing on threats to DoD daily operations, with a progressively expanding scope to encompass broader national security concerns. The DoD is aware of the potential for adversaries to use small scale-technology, such as widely available hacking tools, to cause a disproportionate impact and pose a significant threat to U.S. national security. The DoD is concerned with external threat actors, insider threats, supply chain vulnerabilities, and threats to the DoDʼs operational ability. Additionally, the document mentions the DoDʼs need to address “the concerted efforts of both state and non-state actors to gain unauthorized access to its networks and systems.” [1] The DoD strategy cites the rapidly evolving threat landscape as a complex and vital challenge for national and economic security.

Strategic Initiatives

In light of the risks and opportunities inherent in DoD and U.S. Government use of cyberspace, this strategy presents five strategic initiatives as a roadmap to "operate effectively in cyberspace, defend national interests, and achieve national security objectives." [1] According to the DoD, pursuit of this strategy will see the DoD capitalize on the opportunities of cyberspace, defend against intrusions and malicious activity, strengthen cybersecurity, and develop robust cyberspace capabilities and partnerships.

Strategic Initiative 1

"Treat cyberspace as an operational domain to organize, train, and equip so that DoD can take full advantage of cyberspace’s potential." [1]

According to the DoD, this consideration allows them "to organize train and equip for cyberspace as we do in air, land, maritime, and space to support national security interests.” Consequently they established the U.S. Cyber Command under the U.S. Strategic Command to coordinate cyber activities of the Army, the U.S. fleet cyber command/U.S. 10th fleet, the 24th air force, USMC cyber command, and USCG cyber command. U.S. Cyber Command is collocated with the National Security Agency, with the head of the NSA also serving as the commander of Cybercom. This serves to coordinate training for operations in a "degraded" environment, including the use of red teams in war games, operating with presumption of a security breach, and development of secure networks for redundancy purposes. [1]

Strategic Initiative 2

"Employ new defense operating concepts to protect DoD networks and systems." [1]

This includes enhancing best practices and “cyber hygiene," featuring updated software and better configuration management. The DoD will take steps to strengthen workforce communications, accountability, internal monitoring, and information management capabilities to mitigate insider threats. The DoD will also focus on maintaining an active cyber defense to prevent intrusions. In addition to these reactionary concepts, the DoD will develop new defense operating concepts and computing architectures including mobile media and secure cloud computing to embrace evolutionary and rapid change. [1]

Strategic Initiative 3

"Partner with other U.S. government departments and agencies and the private sector to enable a whole-of-government cybersecurity strategy." [1]

Many critical functions of DoD rely on commercial assets such as Internet Service Providers and global supply chains, constituting a vulnerability that DoD and DHS will work together to mitigate. The formalized structure of DOD and DHS understanding sets limits to DoD and DHS policy. Their joint planning will increase effectiveness of cyber needs while respecting privacy and civil liberties and will conserve budget resources.
The DoD also maintains a partnership with the Defense Industrial Base to protect sensitive information. The DoD launched the Defense Industrial Base Cyber Security and Information Assurance program in 2007.
The DoD is also establishing pilot public-private partnership to enhance information sharing. They will continue to work with interagency partners towards a collaborative national effort to develop solutions to increase cybersecurity. A Whole-of-government approach will lead DoD to continue to support interagency cooperation with DHS to analyze and mitigate supply chain threats to government and private sector technology. [1]

Strategic Initiative 4

"Build robust relationships with U.S. allies and international partners to strengthen collective cybersecurity." [1]

In support of the U.S. International Strategy for Cyberspace, the DoD will seek “robust” relationships to develop international shared situational awareness and warning capabilities for self-defense and collective deterrence. The DoD will assist US efforts to help develop international cyberspace norms and principles, dissuade and deter malicious actors, reserve the right to defend vital national assets as necessary and appropriate. The DoD will also advance cooperation with allies to defend allied interests in cyberspace, work to develop shared warning capabilities, build capacity, conduct joint training, share best practices and develop burden sharing arrangements. [1]

Strategic Initiative 5

"Leverage the nation’s ingenuity through an exceptional cyber workforce and rapid technological innovation." [1]

The DoD intends to "catalyze US scientific, academic, and economic resources to build a pool of talented civilian and military personnel to operate in cyberspace and achieve DoD objectives.” The DoD will foster rapid innovation and invest in people, technology and R&D to create and sustain cyber capabilities vital to national security.
The DoD outlines 5 principles for the acquisition of information technology:
  1. Speed is a critical priority.
  2. Incremental development and testing.
  3. Sacrifice/defer customization for speedy incremental improvement.
  4. Adopt differing levels of oversight based on prioritization of critical systems.
  5. Improved security measures for hardware and software.
The DoD will also promote opportunities for small and medium businesses, work with entrepreneurs in technology innovation hubs to develop concepts quickly. Targeted investments and joint ventures will enable the DoD to foster the development of impactful and innovative technologies.
The DoD also developed the National Cyber Range to allow rapid creation of models of networks intended to enable the military to address needs by simulating and testing new technologies and capabilities.
Development and retention of cyber workforce is central to strategic success outlined in this strategy. Consequently, the DoD will work to streamline hiring for their cyber workforce, enable crossflow of professionals between public and private sectors. As part of this plan, the DoD will also endeavor to develop reserve and national guard cyber capabilities, as well as continue educating their cyber workforce. [1]

Media Reception

Xinhua News Agency cited the opinion of Li Shuisheng, a research fellow with the top military science academy of the People's Liberation Army, alleging the document is "fundamentally an attempt of the US to maintain its unparalleled global military superiority. [2] " Li noted that the strategy "clearly aims at sovereign nations in retaliating to cyber attacks, [2] " which could lead to a mistake in attribution that may provoke war. Furthermore, the president of Beijing University of Posts and Telecommunications, Fang Binxing, alleged that the United States is "more often on the offensive not the defensive side of cyber warfare, " and consequently can "fulfill its political and military purposes, including interference in domestic affairs of other countries and military intrusion, by making up technological effects on the Web. [2] " Essentially, Chinese media reporting considers the 2011 Department of Defense Strategy for Operating in Cyberspace clearly stated ambitions for enhancing U.S. hegemony.

The day after the DoD strategy document was published, The Voice of Russia published an article citing a recent admission that the Pentagon was successfully hacked in March 2011. The author suggested "the Pentagon admission could be just a strategic solution to gain support for its new program of cyber defense." [3] The article states that the strategy received "a serious amount of criticism," and concludes by stating that in light of the recent announcement of attacks in March, "the scared public should be much more supportive to the controversial strategy." [4]

CRN News.com cited the opinions of several American cyber security experts who believe the DoD strategy is "too vague, lacks enforcement and likely won't warrant an immediate uptick of future business." Furthermore, security experts cite DoD plans to recruit experts from the private sector as a risk for weakening public technological development. At best, the experts observed the document "represented a collective growing awareness around the issue" and could be "a public affirmation from the government about activities and plans already in progress." [5]

CRN News.com Australia covered the strategy release, focusing on the DoD's consideration of cyberspace as the fifth warfighting domain. The attitude of the article suggested the DoD strategy is a reaction to reports of data breaches, and should have been developed sooner. [6]

Related Research Articles

National Cyber Security Division

The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. Formed from the Critical Infrastructure Assurance Office, the National Infrastructure Protection Center, the Federal Computer Incident Response Center, and the National Communications System, NCSD opened on June 6, 2003. The NCSD mission is to collaborate with the private sector, government, military, and intelligence stakeholders to conduct risk assessments and mitigate vulnerabilities and threats to information technology assets and activities affecting the operation of the civilian government and private sector critical cyber infrastructures. NCSD also provides cyber threat and vulnerability analysis, early warning, and incident response assistance for public and private sector constituents. NCSD carries out the majority of DHS’ responsibilities under the Comprehensive National Cybersecurity Initiative. The FY 2011 budget request for NCSD is $378.744 million and includes 342 federal positions. The current director of the NCSD is John Streufert, former chief information security officer (CISO) for the United States Department of State, who assumed the position in January 2012.

United States Strategic Command Unified combatant command of the United States Armed Forces responsible for strategic, nuclear, and space operations

United States Strategic Command (USSTRATCOM) is one of the eleven unified combatant commands in the United States Department of Defense. Headquartered at Offutt Air Force Base, Nebraska, USSTRATCOM is responsible for strategic deterrence, global strike, and operating the Defense Department's Global Information Grid. It also provides a host of capabilities to support the other combatant commands, including integrated missile defense; and global command, control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR). This command exists to give national leadership a unified resource for greater understanding of specific threats around the world and the means to respond to those threats rapidly.

National Strategy to Secure Cyberspace

In the United States government, the National Strategy to Secure Cyberspace, is a component of the larger National Strategy for Homeland Security. The National Strategy to Secure Cyberspace was drafted by the Department of Homeland Security in reaction to the September 11, 2001 terrorist attacks. Released on February 14, 2003, it offers suggestions, not mandates, to business, academic, and individual users of cyberspace to secure computer systems and networks. It was prepared after a year of research by businesses, universities, and government, and after five months of public comment. The plan advises a number of security practices as well as promotion of cyber security education.

Cyberwarfare Use of digital attacks against a nation

Cyberwarfare is the use of digital attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting the vital computer systems. There is significant debate among experts regarding the definition of cyberwarfare, and even if such a thing exists. One view is that the term "cyberwarfare" is a misnomer, since no offensive cyber actions to date could be described as war. An alternative view is that "cyberwarfare" is a suitable label for cyber attacks which cause physical damage to people and objects in the real world.

Under Secretary of Defense for Policy United States government position

The United States under secretary of defense for policy (USDP) is a high level civilian official in the United States Department of Defense. The under secretary of defense for policy is the principal staff assistant and adviser to both the secretary of defense and the deputy secretary of defense for all matters concerning the formation of national security and defense policy.

A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access and control system attacks. There are numerous measures available to prevent cyberattacks.

The Joint Worldwide Intelligence Communication System is the United States Department of Defense's secure intranet system that houses top secret and sensitive compartmented information. JWICS superseded the earlier DSNET2 and DSNET3, the Top Secret and SCI levels of the Defense Data Network based on ARPANET technology.

Proactive cyber defence means acting in anticipation to oppose an attack through cyber and cognitive domains. Proactive cyber defence can be understood as options between offensive and defensive measures. It includes interdicting, disrupting or deterring an attack or a threat's preparation to attack, either pre-emptively or in self-defence. Common methods include cyber deception, attribution, threat hunting and adversarial pursuit. The mission of the pre-emptive and proactive operations is to conduct aggressive interception and disruption activities against an adversary using: psychological operations, managed information dissemination, precision targeting, information warfare operations, computer network exploitation, and other active threat reduction measures. The proactive defense strategy is meant to improve information collection by stimulating reactions of the threat agents and to provide strike options as well as to enhance operational preparation of the real or virtual battlespace. Proactive cyber defence can be a measure for detecting and obtaining information before a cyber attack, or it can also be impending cyber operation and be determining the origin of an operation that involves launching a pre-emptive, preventive, or cyber counter-operation.

United States Cyber Command Unified combatant command of the United States Armed Forces responsible for cyber operations

United States Cyber Command (USCYBERCOM) is one of the eleven unified combatant commands of the United States Department of Defense (DoD). It unifies the direction of cyberspace operations, strengthens DoD cyberspace capabilities, and integrates and bolsters DoD's cyber expertise.

Cyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and power projection thanks to comparatively advanced technology and a large military budget. Cyber warfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.

Marine Corps Forces Cyberspace Command Cyber warfare command of the U.S. Marine Corps

The U.S. Marine Corps Forces Cyberspace Command is a functional formation of the United States Marine Corps to protect critical infrastructure from cyberattack. Marine Corps Forces Cyberspace Command is the Marine Corps component to U.S. Cyber Command. It comprises a command element, the Marine Corps Cyber Operations Group, and the Marine Corps Cyber Warfare Group, a total of approximately 800 personnel. MARFORCYBER was established on January 21, 2010 under the command of LtGen George J. Flynn,. As of 7 July 2021, MajGen Ryan P. Heritage is in command.

The Assistant Secretary of Defense for Global Strategic Affairs, or ASD(GSA), is a position in the Office of the Secretary of Defense that develops policy for the Secretary on countering weapons of mass destruction, nuclear forces and missile defense, cyber security and space issues. ASD(GSA) is currently tasked with three major congressionally mandated reviews: the Nuclear Posture Review, the Ballistic Missile Defense Review, and the Space Posture Review. In addition, GSA is the Defense Department's lead in developing the DoD's cybersecurity strategy, and for crafting the policy for the standup of the new Cyber Command. ASD(GSA) answers to the Under Secretary of Defense for Policy. Although ASD(GSA) is a recently configured office, its functional responsibilities can be traced back in part to a position eliminated in early 2008, the 'Assistant Secretary of Defense for International Security Policy

Military-digital complex Link between militaries and cyberwarfare

The military-digital complex (MDC) is the militarization of cyber operations by governments and corporations, often through monetary relationships between computer programmers in private companies and the military to combat the threat of cyber terrorism and warfare. Cyber operations since 2000 have increased dramatically, with the recent branch of the US Strategic Command the United States Cyber Command. Cyber operations has been defined by the Washington Post as,

DHS Cyber Security Division

The Cyber Security Division (CSD) is a division of the Science and Technology Directorate of the United States Department of Homeland Security (DHS). Within the Homeland Security Advanced Research Projects Agency, CSD develops technologies to enhance the security and resilience of the United States' critical information infrastructure from acts of terrorism. S&T supports DHS component operational and critical infrastructure protections, including the finance, energy, and public utility sectors, as well as the first responder community.

Presidential Policy Directive 20 (PPD-20), provides a framework for U.S. cybersecurity by establishing principles and processes. Signed by President Barack Obama in October 2012, this directive supersedes National Security Presidential Directive NSPD-38. Integrating cyber tools with those of national security, the directive complements NSPD-54/Homeland Security Presidential Directive HSPD-23.

National Cybersecurity and Critical Infrastructure Protection Act of 2013

The National Cybersecurity and Critical Infrastructure Protection Act of 2013 is a bill that would amend the Homeland Security Act of 2002 to require the Secretary of the Department of Homeland Security (DHS) to conduct cybersecurity activities on behalf of the federal government and would codify the role of DHS in preventing and responding to cybersecurity incidents involving the Information Technology (IT) systems of federal civilian agencies and critical infrastructure in the United States.

Gabi Siboni

Gabriel "Gabi" Siboni is a colonel in the Israel Defense Forces Reserve service, and a senior research fellow and the director of the Military and Strategic Affairs and Cyber Security programs at the Institute for National Security Studies. Additionally, he serves as editor of the tri-yearly published, Military and Strategic Affairs academic journal at INSS. Siboni is a senior expert on national security, military strategy and operations, military technology, cyber warfare, and force buildup. Siboni is as a professor at the Francisco de Vitoria University in Madrid.

Homeland Security Cybersecurity Boots-on-the-Ground Act Bill of the 113th United States Congress

The Homeland Security Cybersecurity Boots-on-the-Ground Act is a bill that would require the United States Department of Homeland Security (DHS) to undertake several actions designed to improve the readiness and capacity of DHS’s cybersecurity workforce. DHS would also be required to create a strategy for recruiting and training additional cybersecurity employees.

The Cyberspace Solarium Commission was a United States bipartisan, congressionally mandated intergovernmental body created by the John S.McCain National Defense Authorization Act for Fiscal Year 2019. Its purpose was "to develop a strategic approach to defense against cyber attacks of significant consequences" to the United States. The Commission was sunsetted on 21 December 2021 but is continuing its work as a non-profit in 2022, led by Mark Montgomery, the Commission's former executive director at the non-profit organization Foundation for the Defense of Democracies (FDD) with a limited staff and the support of a small number of Senior Advisors.

Operational collaboration is a cyber resilience framework that leverages public-private partnerships to reduce the risk of cyber threats and the impact of cyberattacks on United States cyberspace. This operational collaboration framework for cyber is similar to the Federal Emergency Management Agency (FEMA)'s National Preparedness System which is used to coordinate responses to natural disasters, terrorism, chemical and biological events in the physical world.

References

  1. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 U.S. Department of Defense, "Strategy for Operating in Cyberspace", July 2011 Accessed September 28th, 2011
  2. 1 2 3 China Daily USA, "US cyber strategy dangerous: Chinese experts", June 2011 "" Accessed 11-10-2011
  3. Gladkov, Vladimir, "Pentagon claims its vital data was stolen by foreign hackers", The Voice of Russia, July 16, 2011 "" Accessed 11-20-2011
  4. Gladkov Vladimir, "Pentagon claims its vital data was stolen by foreign hackers", The Voice of Russia, July 16, 2011 "" Accessed 11-20-2011
  5. Hoffman, Stephanie, "Partners wary of DoD Cyber Security Plan", CRN News.com, 07-21-2011 "" Accessed 12-1-2011
  6. Moscaritolo, Angela, "US Defence dept releases cyber operation strategy", CRN News.com.au, 07-18-2011 "" Accessed 11-28-2011