Cyber Command officials are calling their current reactive approach to cyber defense “unacceptable” and looking to move to an operational approach focused on thwarting attacks at their point of origin, according to a new command strategy released March 23.
The new strategy document cites the growing threat from foreign adversaries directed at U.S. networks and a need to create an operational framework for responding to digital acts of war.
“Achieving superiority in the physical domains in no small part depends on superiority in cyberspace. Yet we risk ceding cyberspace superiority,” officials wrote in the new strategy document. “The cyberspace domain that existed at the creation of US Cyber Command (USCYBERCOM) has changed. Our adversaries have exploited the velocity and volume of data and events in cyberspace to make the domain more hostile. They have raised the stakes for our nation and allies. In order to improve security and stability, we need a new approach.”
The 2018 National Defense Strategy (NDS) identified China, Iran, North Korea and Russia as nations growing their cyber attack capabilities. Cyber Command official offered the new document to support the NDS’ call to posture the service to better counter increasingly aggressive actions by foreign adversaries.
Cyber Command leadership wants to see previous experience with persistent cyber defense operations scaled to the new magnitude of the threat, while removing current constraints on the speed and agility needed to act.
Adm. Mike Rogers, head of Cyber Command, previously told members of the Senate Armed Services Committee that his teams have the capability to thwart certain attacks at the point of origin but not necessarily the authorities to for offensive operations (Defense Daily, Feb. 27).
Rogers is set to retire from his post in spring, and Lt. Gen. Paul Nakasone, commander of Army Cyber Command, has been nominated as his successor (Defense Daily, Feb. 14).
The new strategy makes clear that Cyber Command wants to move away from an approach of waiting until an adversary has infiltrated a network before acting in response.
This offensive-minded approach would require a new operational framework for responding to digital acts of war, according to command leadership.
“We cede our freedom of action with lengthy approval processes that delay U..S responses or set a very high threshold for responding to malicious cyber activities,” officials wrote. “The Department of Defense (DoD) is building the operational expertise and capacity to meet growing cyberspace threats and stop cyber aggression before it reaches our networks and systems. We need a policy framework that supports and enables these efforts.”
Richard J. Harknett, a political science professor and former scholar-in-residence with Cyber Command, supported the new approach in a March 23 Lawfare post.
“The important emphases on defending forward and contesting active campaigns are both noteworthy,” Harknett wrote.
Harknett sees a role for Cyber Command to establish an operational framework that would also serve as a way to fill a void for international cyberspace norms.
“Successful implementation of this new strategic and operational approach will require new thinking across the government and academia to ensure that the right organizational structures, decision-making processes, capabilities development pathways and authorities are in place. It has provided the foundation for such new cyber thinking,” Harknett wrote.
The new strategy also calls for the command to better anticipate and operationalize technological innovations, rapidly transfers new capabilities with military utility to scalable operational capabilities and enhance warfare options for Joint Force commanders.
Officials also cited a need to improve on the efficiency interagency and private sector threat sharing.