The White House released a new National Cyber Strategy on Sep. 20 easing restrictions on offensive operations and the use of cyber weapons, building on an updated Pentagon plan announced earlier in the week to broaden the response to ongoing digital attacks.
John Bolton, the administration’s national security adviser, told reporters the new plan will provide cyber forces more options needed to address continuing threats from nation-state actors, including China and Russia, and better respond to attacks on critical infrastructure and election meddling.
“Americans and our allies are under attack every day in cyberspace,” Bolton said. ‘We intend to, through both offensive and defensive cyber actions, create structures of deterrence that will reduce maligned behavior in cyberspace.”
The cyber strategy, which Bolton called the first articulated plan in 15 years, arrives following a decision to reverse an Obama administration directive restricting the use of offensive cyber weapons.
Bolton said the new strategy incorporates the presidential directive reversing the previous policy, and added the current administration has already begun plans for potential offensive-minded operations.
“We have authorized offensive cyber operations that would be undertaken in the process under the presidential directive,” Bolton said.
DoD released its own updated cyber strategy on Sep. 18, calling for broader use of offensive cyber capabilities and a greater role in protecting non-military critical infrastructure from digital attacks.
“The Joint Force will employ offensive cyber capabilities and innovative concepts that allow for the use of cyberspace operations across the full spectrum of conflict,” Pentagon officials wrote in a summary of the new strategy. “We will defend forward to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict.”
The plan, which updates the latest strategy from 2015, follows a new Cyber Command mission statement from March citing a need for greater use of offensive cyber capabilities and calls from Senators earlier this year on how DoD’s cyber leaders could use their authorities to protect critical infrastructure.
“DoD will preempt, defeat, or deter malicious cyber activity targeting U.S. critical infrastructure that could cause a significant cyber incident regardless of whether that incident would impact DoD’s warfighting readiness or capability,” Pentagon officials wrote.
Both the White House and Pentagon’s plan calls for improved engagement with the technology industry to find enhanced capabilities to deter and respond to growing threats from actors such as China, Iran, North Korea and Russia.
“Our focus will be on fielding capabilities that are scalable, adaptable, and diverse to provide maximum flexibility to Joint Force commanders,” the Pentagon wrote.