Share this article on:
The US government has outlined key strategies to combat emerging cyber security threats in the 2023 Department of Defense Cyber Strategy.
The baseline document sets a new strategic direction for the US Department of Defense, supports priorities set out in the 2022 National Security Strategy, 2022 National Defense Strategy, and the 2023 National Cybersecurity Strategy, and builds upon the 2018 DOD Cyber Strategy.
The classified cyber strategy, in its fourth iteration, establishes how the department will operate in and through cyber space to protect Americans and advance domestic defence priorities.
It specially outlines threats from the People’s Republic of China, Russia, North Korea, Iran, violent extremist organisations, and transnational criminal organisations.
“As the department’s cyber capabilities evolve, so do those of our adversaries. Both the People’s Republic of China and Russia have embraced malicious cyber activity as a means to counter US conventional military power and degrade the combat capability of the Joint Force,” the document stated.
“The PRC, in particular, sees superiority in cyber space as core to its theories of victory and represents the department’s pacing challenge in cyber space. Using cyber means, the PRC has engaged in prolonged campaigns of espionage, theft, and compromise against key defence networks and broader US critical infrastructure, especially the defence industrial base.
“Globally, malicious cyber activity continues to grow in both volume and severity, impacting the US homeland and placing Americans at risk.
“Numerous state and non-state actors have come to see cyber means as a powerful force multiplier, core to achieving their objectives. US adversaries seek to use malicious cyber to achieve asymmetric advantages, targeting US critical infrastructure and degrading US military superiority. These activities threaten the safety, security, and prosperity of the American people.”
The strategy outlines four complementary lines of effort to address current and future cyber threats.
These strategies include:
“This strategy draws on lessons learned from years of conducting cyber operations and our close observation of how cyber has been used in the Russia–Ukraine war,” Assistant Secretary of Defense for Space Policy John Plumb said.
“It has driven home the need to work closely with our allies, partners, and industry to make sure we have the right cyber capabilities, cyber security, and cyber resilience to help deter conflict, and to fight and win if deterrence fails.”
The 2023 Cyber Strategy priorities are generating insights on cyber threats, degrading and disrupting malicious cyber actors, enabling defence of US critical infrastructure, and protecting the defence industrial base.
The document also outlined that the department lacks the authority to employ military forces to defend private companies against cyber attacks and that the department will not posture itself to defend every private sector network.
“Distinct from previous iterations, the strategy commits to increasing our collective cyber resilience by building the cyber capability of allies and partners,” Deputy Assistant Secretary of Defense for Cyber Policy Mieke Eoyang said.
“It also reflects the department’s approach to defending the homeland through the cyber domain as well as prioritising the integration of cyber capabilities into our traditional warfighting capabilities.”