The Pentagon’s latest cyber strategy includes expanding public-private partnerships on information sharing and plans to work with industry on developing technologies “that may confound malicious cyber actors.”
An unclassified summary of the DoD 2023 Cyber Strategy released on Tuesday states the document is an effort to operationalize the 2022 National Defense Strategy in cyberspace and complements the Biden administration’s National Security Strategy and National Cybersecurity Strategy.
“We are going to prioritize technologies that may confound malicious cyber actors and forestall them from achieving their objectives in and thru cyberspace. These include Zero Trust architectures and their associated cybersecurity technologies, advanced endpoint monitoring capabilities, tailored data collection strategies, enhanced cyber forensics, automated data analytics, and systems that enable network automation, network restoration, and network deception,” the summary states on the department’s plans to work with industry.
Mieke Eoyang, deputy assistant secretary of defense for cyber policy, told reporters on Tuesday the total classified cyber strategy was submitted to Congress in May.
“I’m not going to get into the specifics of particular technologies. But I’d just say that as we have now seen adversary tactics and techniques change and evolve, there are technologies as we take into consideration, for instance as a part of a zero trust architecture, that will enable us to higher discover malicious and anomalous behavior on DoD networks, and we’re inquisitive about the event of those technologies amongst others,” Eoyang said during briefing following the discharge of the unclassified summary.
On working with the defense industrial base, the summary of the strategy also includes “expanding public-private partnerships to be certain that DoD resources, expertise, and intelligence are made available to support key private sector initiatives.”
“We can even draw upon the private sector’s technical expertise and analytic capabilities to discover foreign-based malicious cyber activity and mitigate vulnerabilities on a world scale,” based on the summary.
The brand new document is the department’s fourth cyber strategy, and follows the most recent iteration rolled out in 2018, with Eoyang adding “is informed by years of real world experience of serious DoD cyberspace operations.”
“The strategy draws from our experience conducting offensive and defensive operations. It’s also informed by DoD’s close remark of the Russia-Ukraine war and the combination of cyber into large-scale military operations. Which is to say this just isn’t an aspirational document, it reflects hard won lessons and truths,” Eoyang told reporters.
Eoyang was asked Tuesday about specific lessons from the conflict in Ukraine that informed the strategy, and responded that it’s make clear cyber likely having “limited utility” when used as a tool by itself slightly than as a component of a multi-faceted approach.
“I feel prior to this conflict there was a way that cyber would have a way more decisive impact in warfare than what we experienced. What this conflict has shown us is the importance of integrated cyber capabilities in and alongside other warfighting capabilities,” Eoyang said.
Eoyang noted, just like the National Defense Strategy, the brand new cyber document identifies China because the DoD’s “pacing challenge” within the cyber domain and “recognizes the numerous threat that Russia poses in cyberspace.”
“Because the cyber domain has grown, foreign adversaries have exploited it to discover U.S. vulnerability, commit espionage, steal mental property, violate U.S. sovereignty and, recently, to wage war. The department has long recognized the hazards inherent within the cyber domain and has maintained efforts to guard its own systems. The brand new strategy establishes how the department, with a sturdy and integrated cyber capability, will operate in and thru cyberspace to guard the American people and work to discourage conflict where it will probably and prevail where it must,” Eoyang said.