The primary concept put forth in DOD's cyber strategy is "defend forward," but also a priority is more assertiveness in the face of growing threats from outside U.S. borders, the deputy assistant defense secretary for cyber policy said.
"We have shifted from ... a more reactive stance as a department, with regards to national security threats in [the cyber domain] ... into a much more proactive, assertive stance/posture," B. Edwin Wilson said yesterday during a cyber forum hosted by Defense One.
Adversaries are now taking advantage of the cyber domain in a way they haven't in the past, so DOD must step up to defend in ways it hasn't in the past, Wilson said, noting that adversaries now are engaged in persistent, ongoing campaigns, not merely one-off attacks.
"Adversaries are using this domain, especially operating below the threshold of a traditional response, in enduring campaigns," he said. "[These are] sustained campaigns that are creating strategic risk for the nation, not just for the military, but for the nation, our allies and partners, and industry."
Delivering cyber effect, he said, is now considered a tool similar to other instruments of national power.
"We may use trade sanctions, we may use attribution in terms of key actors, designations of malicious actors," Wilson said. "There have been several in the last couple of years: Russia, China, ... Iran. Those are techniques. We can also now have a process in place ... to put cyber effects operations, either defensive or offensive, as a potential instrument of national power. We use it all the time. But it is now considered on par with all the other tools of power for the nation."
The United States has a strong partnership with NATO nations, Wilson said, and cyber is now making its way into NATO dialogue. He said that the U.S. is one of nine NATO partners that have volunteered to respond to an Article 5 declaration when the attack is actually cyber, rather than kinetic. Article 5 of the treaty that created NATO states that the alliance considers an attack on one member to be an attack on all.
"We would be willing to use offensive cyber operations, mostly in a defensive capacity, in support of an Article 5 declaration by NATO," he said. "We are working through 'What does that really mean? What is the criteria for that? What nations have capability? What would that look like? How would we coordinate those activities?' and start working through that now."
The digital transformation taking place globally, Wilson said, demands quick U.S. action. That transformation, he said, is taking place at an unprecedented pace.
"I doubt that in history we've seen anything that would match the changes that are coming at us," he said. "It's both challenges and opportunities, no matter what walk of life you’re in."
For industry, he said, those changes present "tremendous opportunity for productivity." For those charged with defending the nation, he said, “that speaks to threats, and what are we going to do about those threats?"
The best indicators of those threats, he said, are China and Russia — both bellwethers of what's to come.
"Both have the technology wherewithal, as well as the capacity to put these technologies to use in a significant way," he said.
To prepare itself for the opportunities and the threats posed by cyber transformation the Defense Department is clarifying for itself and others what its role will be in defense of the nation, when it comes to the cyber domain, Wilson said, noting that this effort has been defined as "defend forward."
"When we went to craft the strategy last year, we began to look at what was different in the strategic environment we are operating in today as compared to 2015," Wilson said. "2015 doesn't seem like a long time, but when you do operations in cyberspace, defense operations, etc., that's an eternity."
Theft of intellectual property and malign influence activities are just two examples of what the department is facing, he said.
"We were having trouble articulating what is the DOD's role in this strategic environment," he said. "When we moved through it, we were looking for a concept that articulated the unique attributes of the department, as well as our roles and would help clarify roles and responsibilities next to other departments and agencies."
The "defend forward" concept is the name given to what crystalized, from the department's efforts to define its role in cyber defense.
"As the Department of Defense, we focus on a really external, outward-facing environment," he said. "Our job is to worry about significant threats to our country, to the nation, to our allies, to our partners. So that's what we do. ... We defend the homeland, we defend our allies and partners. In cyberspace, should it be different than any other domain?"
"Defend forward," he said, means DOD must identify the significant external threats to the nation and act on those — but not alone.
"Our job as a department, alongside the intelligence community and other departments and agencies ... is to be able to see threats as they develop, to be able to understand those threats, if there are imminent threats, then be able to pivot on behalf of the nation in a defensive role," he said.
That role, he said, isn't much different from what the department does in other domains.
"Disrupt, preempt, dissuade, deter ... to be able to blunt those attacks before they reach the homeland," he said. "That's a very similar construct as we use in any other domain."