DoD Cyber Strategy of the U.S. of America

I’ve been reading the Department of Defense (DoD) Cyber Strategy of the United States of America this week. This new strategy seems more offensive than the last one because the Trump administration “will employ offensive cyber capabilities and innovative concepts” as well as they “must ensure the U.S. military’s ability to fight and win wars in any domain, including cyberspace”. However, the devil is in the details, of course. And the strategy includes no much details.

The first line of effort is to build a more lethal Joint Force which means accelerating cyber capabilities development and innovating to foster agility. In addition, the Department will use automation and data analysis tools to improve effectiveness with the aim of operating at machine speed and analysing large-scale of data to identify quickly malicious cyber activities. It’s interesting as well how they are also willing to employ commercial-off-the-shelf (COTS) cyber capabilities to optimized cyber operations.

The second line of effort is to compete and deter in cyberspace which means deterring malicious cyber activities and persistently fighting malicious cyber activity in day-to-day competition. The Department will also increase the resilience of U.S. critical infrastructure working with other agencies and the private sector and sharing information with them. It’s important to highlight most critical infrastructure is managed by the private sector thus sharing information is mandatory for protecting the country.

The third line of effort is to strengthen alliances and attract new partnerships for building trusted private sector partnerships and making international partnerships with the goal of getting advanced cyber capabilities. In addition, the Department wants to reinforce norms of responsible State behaviour in cyberspace to improve behaviour in cyberspace such as including prohibitions against damaging civilian critical infrastructure during peacetime.

Another line of effort is to reform the Department for incorporating cyber awareness into DoD institutional culture because leaders and their staffs should know about security risks as well as they should be able to identify opportunities to gain advantages. The Department will also increase cybersecurity accountability into the private sector and personnel so that each person is accountable for their cybersecurity practices and choices. This line of effort also seeks material solutions that are affordable, flexible, and robust which will be got from COTS. What’s more, the Department wants to expand crowd-sourced vulnerability identification with hack-a-thons and bug-bounties to identify and mitigate vulnerabilities.

Finally, the last line of effort is for cultivating talent. The aim of this line is to enhance the Nation’s cyber talent and sustain a ready cyber workforce. This is going to be done with education, training and awareness as well as with the use of the Reserve Components. Moreover, software and hardware expertise will be in the core of DoD competencies as well as establishing a cyber top talent management program will be one of the main objectives of the DoD.

This is a summary of the Department of Defense Cyber Security. Five lines of effort to compete, deter, and win in the cyberspace domain.

Regards my friends. Keep reading. Keep learning!!