The U.S. Department of Defense is starting preliminary work to update its cyber strategy, which was last revised two years ago, a Pentagon official said March 30.
Air Force Maj. Gen. Burke “Ed” Wilson, deputy principal cyber adviser to Defense Secretary Jim Mattis and senior military adviser for cyber in DoD’s policy shop, said that a “small team” will hold an offsite meeting the afternoon of April 3 to begin crafting a framework for the next cyber strategy.
Although an update has not been formally ordered, the department expects that the new Trump administration will want to put its imprint on the document.
“No one has dictated that we’re going to write one, but we’re just guessing that with a new administration and a lot of changes happening, there will be a desire to update the cyber strategy,” Wilson told AFCEA’s Northern Virginia chapter.
DoD released its first cyber strategy in 2011 and issued a revised one in April 2015. According to the latest version, the 33-page document is designed to guide the development of cyber forces and strengthen cyber defenses and cyber deterrence.
Wilson said that while the current strategy has fueled many productive activities in DoD, the next strategy should pay more attention to hardening weapon systems and improving collaboration with allies and industry.
Turning to organizational matters, Wilson said DoD has stood up a team to scrutinize how the department is set up for cyber operations. The team, co-led by DoD’s chief information officer and U.S. Cyber Command, is required by the fiscal year 2017 National Defense Authorization Act to send a plan to Congress in June.
DoD is also working to implement a defense authorization provision calling for Cyber Command, now part of U.S. Strategic Command, to be elevated to a full combatant command.
“We are driving very hard at that solution,” Wilson said. “I think we’re going to see packages moving very quickly to the president to make that happen.”
One issue that needs to be resolved is whether Cyber Command will have “service-like” authorities, such as rapid prototyping and acquisition, he added.
While opinions are still mixed on whether the head of Cyber Command should continue to be dual-hatted as director of the National Security Agency, Wilson predicted that a consensus will eventually emerge to separate the two jobs. Cyber Command, which was created in 2009, is becoming more independent but still relies heavily on the NSA.
“I think we’re going to assess that and make sure that we’ve matured U.S. Cyber Command because it’s a fairly new command,” he said. “We need to make sure it has the inherent capabilities to be successful.”
The “sweet spot” for separation will probably materialize sometime between late 2018 and 2020, he estimated.