Cyberspace is critical to the way the entire U.S. functions. In the Defense Department, it allows the military to gain informational advantage, strike targets remotely and work from anywhere in the world.
But our competitors – including terrorists, criminals, and foreign adversaries such as Russia and China – are also using cyber to try to steal our technology, disrupt our economy and government processes, and threaten critical infrastructure.
That means a thorough strategy is needed to preserve U.S. cyberspace superiority and stop cyberattacks before they hit our networks.
In September, the White House released a new National Cyber Strategy based on four pillars shown in Figure 1.
The DoD released its own strategy outlining five lines of effort that help to execute the national strategy.
1. Build a more lethal force.
Troops have to increasingly worry about cyberattacks while still achieving their missions, so the DOD needs to make processes more flexible. Here’s how:
- Capabilities are going to be more diverse and adaptable.
- Automation and large-scale data analytics will help identify cyberattacks and make sure our systems are still effective.
- More commercial technology will be integrated into current systems for maximum effectiveness in the ever-changing cybersphere.
2. Compete and deter in cyberspace.
This means preventing harmful cyber activities before they happen by:
- Strengthening the cybersecurity of systems and networks that support DOD missions, including those in the private sector and our foreign allies and partners.
- Streamlining public-private information-sharing.
- Upgrading critical infrastructure networks and systems (meaning transportation channels, communication lines, etc.) to reduce the risk of major cyberattacks on them.
- Setting and enforcing standards for cybersecurity, resilience and reporting.
- Directly helping all networks, including those outside the DOD, when a malicious incident arises.
3. Strengthen alliances and attract new partnerships.
We can’t do this mission alone, so the DOD must expand its cyber-cooperation by:
- Building dependable partnerships with private-sector entities who are vital to helping support military operations.
- Sharing information with other federal agencies, our own agencies, and foreign partners and allies who have advanced cyber capabilities. This will increase effectiveness.
- Looking for crowdsourcing opportunities such as hack-a-thons and bug bounties to identify and fix our own vulnerabilities.
- Upholding cyberspace behavioral norms during peacetime.
4. Reform the department.
Personnel must increase their cyber awareness. The DOD is making strides in this by:
- Making sure leaders and their staff are “cyber fluent” at every level so they all know when decisions can help or harm cybersecurity.
- Holding DOD personnel and third-party contractors more accountable for slip-ups.
- Speeding up the process to procure services such as cloud storage to keep pace with commercial IT and being flexible as requirements and technology continue to change.
5. Cultivate talent.
Retaining the current cyber workforce is key, as is finding talented new people to recruit. The department will do this by:
- Increasing its promotion of science, technology, engineering and math classes in grade schools to help grow cyber talent.
- Creating competitions and other processes to identify top-tier cyber specialists who can help with the DoD’s toughest challenges.
- Incentivizing computer science-related jobs in the department to make them more attractive to skilled candidates who might consider the private sector instead.
Examples: Rotational billets for service members at other federal agencies, specialized training opportunities, the expansion of compensation incentives.
- Optimizing the mix of service members, civilians and contractors who can best support the mission.