The Pentagon’s new cyber strategy includes expanding public-private partnerships on information sharing and plans to work with industry on developing technologies “that can confound malicious cyber actors.”
An unclassified summary of the DoD 2023 Cyber Strategy released on Tuesday states the document is an effort to operationalize the 2022 National Defense Strategy in cyberspace and complements the Biden administration’s National Security Strategy and National Cybersecurity Strategy.
“We will prioritize technologies that can confound malicious cyber actors and prevent them from achieving their objectives in and through cyberspace. These include Zero Trust architectures and their associated cybersecurity technologies, advanced endpoint monitoring capabilities, tailored data collection strategies, enhanced cyber forensics, automated data analytics, and systems that enable network automation, network restoration, and network deception,” the summary states on the department’s plans to work with industry.
Mieke Eoyang, deputy assistant secretary of defense for cyber policy, told reporters on Tuesday the full classified cyber strategy was submitted to Congress in May.
“I’m not going to get into the specifics of particular technologies. But I would just say that as we have seen adversary tactics and techniques change and evolve, there are technologies as we think about, for example as part of a zero trust architecture, that would enable us to better identify malicious and anomalous behavior on DoD networks, and we are interested in the development of those technologies among others,” Eoyang said during briefing following the release of the unclassified summary.
On working with the defense industrial base, the summary of the strategy also includes “expanding public-private partnerships to ensure that DoD resources, expertise, and intelligence are made available to support key private sector initiatives.”
“We will also draw upon the private sector’s technical expertise and analytic capabilities to identify foreign-based malicious cyber activity and mitigate vulnerabilities on a global scale,” according to the summary.
The new document is the department’s fourth cyber strategy, and follows the latest iteration rolled out in 2018, with Eoyang adding “is informed by years of real world experience of significant DoD cyberspace operations.”
“The strategy draws from our experience conducting offensive and defensive operations. It’s also informed by DoD’s close observation of the Russia-Ukraine war and the integration of cyber into large-scale military operations. Which is to say this is not an aspirational document, it reflects hard won lessons and truths,” Eoyang told reporters.
Eoyang was asked Tuesday about specific lessons from the conflict in Ukraine that informed the strategy, and responded that it’s shed light on cyber likely having “limited utility” when used as a tool on its own rather than as a part of a multi-faceted approach.
“I think prior to this conflict there was a sense that cyber would have a much more decisive impact in warfare than what we experienced. What this conflict has shown us is the importance of integrated cyber capabilities in and alongside other warfighting capabilities,” Eoyang said.
Eoyang noted, like the National Defense Strategy, the new cyber document identifies China as the DoD’s “pacing challenge” in the cyber domain and “recognizes the significant threat that Russia poses in cyberspace.”
“As the cyber domain has grown, foreign adversaries have exploited it to identify U.S. vulnerability, commit espionage, steal intellectual property, violate U.S. sovereignty and, recently, to wage war. The department has long recognized the dangers inherent in the cyber domain and has maintained efforts to protect its own systems. The new strategy establishes how the department, with a robust and integrated cyber capability, will operate in and through cyberspace to protect the American people and work to deter conflict where it can and prevail where it must,” Eoyang said.