DoD Turns to Stronger Alliances to Combat Cyberthreats
The Pentagon is undertaking a much more proactive approach to cybersecurity, with plans to more closely partner with the private sector and ally nations being a key part of an overhauled cyber strategy that is informed by the work already underway, the rising use of cyberattacks by Russia and China, and the cyberware on display in Ukraine.
In an unclassified summary of the new strategy released this week – the Department of Defense sent the full 2023 DoD Cyber Strategy document to Congress in May – the Pentagon called such partners “foundational” to the new initiative and a “force multiplier that extends into cyberspace, enabling rapid coordination and awareness of emerging threats.”
“Allies and partners are a strategic advantage that no competitor can match,” Mieke Eoyang, deputy assistant secretary of defense for cyber policy, said during a press conference September 12. “Adversaries continually attempt to undermine the capabilities of our partners, and it’s in our interests to strengthen the network defense of our allies and partners. This strong network of allies and partners boosts our reach and capabilities and protect us in cyberspace.”
Pulling in allies – which also include other U.S. agencies, such as the CIA and FBI – also can help the DoD shore up what Eoyang said is a shortage of skilled cybersecurity workers, adding that people are essential to the building the department’s cybersecurity strategy.
Other possible avenues for closing the skills gap – a problem throughout the private cybersecurity sector as well – include using reservists, extending the length and number of tours for those in cybersecurity positions, and using incentives to attract talented cyber specialists.
Four Pillars of the Strategy
Building a strong alliance with private companies and other nations is one of four pillars of the Pentagon’s new strategy, which builds upon the strategy the DoD rolled out in 2018 and includes priorities outlined in the 2022 National Security Strategy, National Defense Strategy, and National Cybersecurity Strategy.
The other foundational elements include defending the country by taking a more offensive approach against threat groups, improve the defense of critical infrastructure – a growing target of nation-state and financially driven adversaries – and countering threat to military readiness.
The DoD also wants to firm up the cybersecurity of the country’s Joint Force and the DoD Information Network and build a lasting advantage in cyberspace through training, organizing, and equipping Cyberspace Operations Forces and Service-retained cyber force, bulking up the gathering and distributing of intelligence, and drive security awareness.
“As cyber threats grow and intensify, every soldier, sailor, airman, marine, guardian, coast guardsman, DoD civilian, and contractor is responsible for exercising cyber awareness and helping to manage the risk of the Department,” the report reads.
It Sounds Good, but Execution is Key
Some in the private sector applauded the DoD’s more proactive and team-oriented approach, though cautioned that executing on the plan will be crucial.
“This new cyber strategy from the DoD represents an important shift from a reactive to proactive posture and is ultimately about far more than DoD’s capabilities,” said Ted Miracco, CEO of mobile security vendor Approov. “Networks crossing sectors and borders require a global security mindset. This strategy’s direction is right, but execution will determine whether it leads to meaningful improvement in cyber resilience as talk of information sharing and partnership is good, but only if it is backed-up by real, sustained commitments.
The emphasis on “sharing actionable intelligence to enable better private sector defenses, rather than just mopping up after the fact, is wise, but it will require overcoming cultural obstacles,” Miracco said.
Emily Phelps, director at threat intelligence firm Cyware, said that security critical infrastructure is a complex challenge that requires a modern and proactive approach, adding that it will take more than threat intelligence to “combat a persistent wave of adversaries.”
“Intelligence must have the necessary context and clarity so that the right people can take the right action,” Phelps said. “It requires strategic automation to rapidly collaborate so that teams have the actionable intel they need without the noise that slows them down.”
Threats from China, Russia, and Elsewhere
The evolving cyberthreat environment is helping to drive the strategy. Both Russia and China – not to mention Iran, North Korea, and other countries – and the cybercriminal groups they sponsor are constant threats, from cyber-espionage to ransomware and other financially driven attacks. For example, the notorious Lazarus Group runs its operations – including a string of recent cryptocurrency hacks – to help fund North Korea’s nuclear and strategic ambitions.
“Both the People’s Republic of China (PRC) and Russia have embraced malicious cyber activity as a means to counter U.S. conventional military power and degrade the combat capability of the Joint Force,” the Pentagon says in the report. “The PRC in particular sees superiority in cyberspace as core to its theories of victory and represents the Department’s pacing challenge in cyberspace.”
The agency noted that China has run prolonged espionage, theft, and compromise campaigns against both defense networks and U.S. critical infrastructure, particularly the Defense Industrial Base sector, which runs research and development of military weapons systems, subsystems, and parts.
In addition, watching Russia’s use of cyberwarfare in the runup to its illegal invasion of Ukraine and the subsequent year-plus of fighting also has been a lesson for the DoD.
“In this saturated cyber battlefield, military operations conducted by states and non-state proxies have collided with the cyber defense efforts of numerous private sector actors,” according to the report. “The conflict has demonstrated the character of war in the cyber domain. Its lessons will shape the maturation of our cyber capabilities.”
Eoyang added that the conflict in Eastern Europe illustrated the important of integrated cyber capabilities with other warfighting techniques.
“That is consistent with the approach in the NDS [National Defense Strategy] on integrated deterrence and is an important lesson for us to think about, that cyber is a capability that is best used in concert with those others and may be a limited utility when used all by itself,” she said.
Eoyang also said the DoD is investigating the new and advanced cybersecurity models, pointing to zero-trust architectures as an example of a tool that could help the agency more easily identify malicious and anomalous behavior on Pentagon networks.