The Defense Department recently released an unclassified summary of its 2023 cybersecurity strategy. The previously classified document was submitted to Congress in May. The document outlines updates to the department’s plan to “operationalize the priorities” in cyberspace.
GovCIO Media & Research Managing Editor Ross Gianfortune and Staff Writer/Researcher Anastasia Obis discuss what is inside the plan and what it means for the future of DOD’s cyber posture.
The document outlines four main adversary categories:
North Korea, Iran and violent extremist organizations
Transnational criminal organizations
According to the Pentagon, the 2023 strategy is the fourth iteration and “the first to be informed by years of significant cyberspace operations.” To combat these adversaries and to defend U.S. interests in cyberspace, the plan lays out some strategies and key points.
Engage with China and Russia.
In a shift, the plan calls for DOD to “persistently engage U.S. adversaries in cyberspace, identifying malicious cyber activity in the early stages of planning and development.” China is highlighted specifically in the document, with the Pentagon noting “the PRC has engaged in prolonged campaigns of espionage, theft, and compromise against key defense networks and broader U.S. critical infrastructure.”
The document says that in cyberspace, “the Department will harness outward facing capabilities to enable internal defense, identifying and mitigating threats before they can harm the American people.”
Defense, defense, defense.
As much as the strategy calls for pursuing engagement with Russia and China, defending the United States cyber infrastructure is key to the strategy.
But public infrastructure is not the only place the Pentagon’s strategy emphasizes. Noting that protecting the supply chain of industry serving the defense mission, the strategy calls for cyber protection of the Defense Industrial Base (DIB). “Safeguarding the technical information used for the design and manufacture of these technologies is critical,” the plan says. “Beyond information-sharing efforts, the Department will also align DIB contract incentives with DoD cybersecurity requirements.”
AI and emerging technology are never far away.
In developing capacity, the strategy notes the import of the fast pace of commercial technology and industry innovation. According to the document, the Pentagon "will take steps to align the technology development process with the strategy and objectives of the wider cyber enterprise and ensure that these activities are informed by relevant intelligence.”
That includes artificial intelligence and the strategy notes the work that DOD is doing in that realm. “Department will study the applications of autonomous and artificial intelligence-driven cyber capabilities,” the document states.
Staffing up is critical.
People-driven cybersecurity is key to implementation of policy and strategy. The document calls for the military services to explore and implement more effective talent management for the cyber workforce. According to the strategy, that could include:
Extended tour commitments or repeat tour requirements,
Rotations within mission areas,
Career progression models that reward development of such skills.
Everyone has a stake, including partners.
In a globalized world, partnerships are critical to success in cyberspace. The strategy says that an effective strategy “requires a mix of internal institutional reforms and external partner engagement.” That includes working with more allies and partners worldwide, as the Pentagon will be “augmenting partner capacity, expanding partners' access to cybersecurity infrastructure and maturing their cyber workforce though combined training events and exercises.”