DOD, White House Release Cybersecurity Strategies
Both strategies recognize the vital nature of necessary American action in cyberspace to defend its interests.
With the United States engaged in a “long-term strategic competition” with China and Russia, which are mounting persistent cyber attack campaigns that pose long-term risks to America, the U.S. military will act to deter aggression, cyber or otherwise, according to a new policy, known as the Department of Defense Cyber Strategy, from the U.S. Department of Defense.
“China is eroding U.S. military overmatch and the nation’s economic vitality by persistently exfiltrating sensitive information from U.S. public and private sector institutions,” a summary of the DOD strategy stated. “Russia has used cyber-enabled information operations to influence our population and challenge our democratic processes. Other actors, such as North Korea and Iran, have similarly employed malicious cyber activities to harm U.S. citizens and threaten U.S. interests. The United States’ growing dependence on the cyberspace domain for nearly every essential civilian and military function makes this an urgent and unacceptable risk to the nation.”
As such, DOD “must take action in cyberspace during day-to-day competition,” to defend U.S. interests and maintain the U.S. military advantage, the summary stated. This action includes conducting intelligence operations in cyberspace as well as preparing the military’s cyber capabilities.
The DOD "seeks to preempt, defeat or deter malicious cyber activity targeting U.S. critical infrastructure that could cause a significant cyber incident regardless of whether that incident would impact DOD’s warfighting readiness or capability,” the strategy summary promised.
Because adversaries depend more and more on similar computing and network technologies that DOD uses for its Joint Force warfighting, the department noted that it would work to exploit this reliance. “The Joint Force will employ offensive cyber capabilities and innovative concepts that allow for the use of cyberspace operations across the full spectrum of conflict,” the summary stated.
Meanwhile, over at the White House, the Trump Administration also released a cyber policy, National Cyber Strategy of the United States of America.
“Protecting America’s national security and promoting the prosperity of the American people are my top priorities,” the president promised in a letter at the beginning of the document. “Ensuring the security of cyberspace is fundamental to both endeavors.”
The administration's goals include: to secure federal networks and critical information, combat cyber crime, improve incident reporting, support a resilient digital economy, protect American ingenuity, provide attribution to cyber crimes and develop a superior workforce. As part of that process, the administration aims to modernize electronic surveillance and computer crime legislation.
“Our competitors and adversaries ... benefit from the open Internet, while constricting and controlling their own people’s access to it, and actively undermine the principles of an open Internet in international forums,” the White House policy stated. “They hide behind notions of sovereignty while recklessly violating the laws of other states by engaging in pernicious economic espionage and malicious cyber activities, causing significant economic disruption and harm to individuals, commercial and non-commercial interests, and governments across the world. They view cyberspace as an arena where the United States’ overwhelming military, economic, and political power could be neutralized and where the United States and its allies and partners are vulnerable.”
The White House strategy reported that staff from the National Security Council would coordinate with federal governmental departments, agencies and the Office of Management and Budget (OMB) to develop “an appropriate resource plan to implement” the policy. “Departments and agencies will execute their missions informed by the ... strategic guidance,” the strategy stated.
The two cyber strategies come at the same time as a grim report from the General Accounting Office, Congress’ watchdog agency, which warned that the government has not provided effective oversight of cybersecurity as called for by federal laws and policies.