Analysis
Attacks and Vulnerabilities
Critical infrastructure
News
Regulation, Standards and Compliance

US DOD submits 2023 Cyber Strategy to Congress, emphasizes current and future cyber threats

May 29, 2023
US DOD submits 2023 Cyber Strategy to Congress, emphasizes current and future cyber threats

The U.S. Department of Defense (DOD) announced Friday that it transmitted the classified 2023 DoD Cyber Strategy to Congress earlier this week. The classified 2023 DoD Cyber Strategy provides direction to the Department to operationalize the concepts and defense objectives for cyberspace outlined in the 2022 National Defense Strategy. It builds upon the direction set by the 2018 DoD Cyber Strategy and is informed by years of real-world experience of significant DoD cyberspace operations.

An unclassified summary of the strategy will be rolled out in the coming months. To address current and future cyber threats, the DOD is set to pursue four complementary lines of effort, including defending the nation, preparing to fight and win the nation’s wars, protecting the cyber domain with allies and partners, and building enduring advantages in cyberspace.

“The 2023 DoD Cyber Strategy establishes how the Department will operate in and through cyberspace to protect the American people and advance the defense priorities of the United States,” the DoD said in a Fact Sheet. “This strategy is subordinate to the 2022 National Security Strategy and the 2022 National Defense Strategy. It complements the 2023 National Cybersecurity Strategy and builds upon and supersedes the 2018 DoD Cyber Strategy.” 

Grounded in real-world experience, the 2023 DoD Cyber Strategy works on confronting an increasingly contested cyberspace. “The People’s Republic of China (PRC) represents the Department’s pacing challenge in the cyber domain. The PRC has made significant investments in military cyber capabilities and empowered a number of proxy organizations to pursue malicious cyber activities against the United States,” it added. 

Additionally, the document said Russia poses an acute threat in cyberspace, evidenced by its malign influence efforts against the United States and repeated cyber attacks against Ukrainian civilian critical infrastructure. “North Korea, Iran, and Violent Extremist Organizations remain persistent cyber threats. Transnational Criminal Organizations represent a unique threat in cyberspace due to their technical aptitude and often close alignment with the foreign policy objectives of their host governments,” it added.

Since 2018, the department has conducted several significant cyberspace operations through its policy of defending forward, actively disrupting malicious cyber activity before it can affect the U.S. homeland. The 2023 DoD Cyber Strategy is further informed by Russia’s 2022 invasion of Ukraine, showcasing how cyber capabilities may be used in a large-scale conventional conflict. 

These experiences have shaped the department’s approach to the cyber domain. The DOD will maximize its cyber capabilities in support of integrated deterrence, employing cyberspace operations in concert with other instruments of national power. 

The department will also campaign in and through cyberspace below the level of armed conflict to reinforce deterrence and frustrate adversaries. Additionally, the DOD recognizes that the U.S. global network of allies and partners represents a foundational advantage in the cyber domain that must be protected and reinforced. 

The department will pursue four complementary lines of effort to address current and potential cyber threats. To defend the nation, the DOD will campaign in and through cyberspace to generate insights about malicious cyber actors, as well as defend forward to disrupt and degrade these actors’ capabilities and supporting ecosystems. Additionally, DOD will work with its interagency partners to leverage all available authorities to enable the cyber resilience of U.S. critical infrastructure and to counter threats to military readiness. 

When preparing to fight and win the nation’s wars, the DoD will ensure the cybersecurity of the DOD Information Network and will further invest in the Joint Force’s cyber resilience. Additionally, the department will use cyberspace operations to generate asymmetric advantages supporting the Joint Force’s plans and procedures. 

To protect the cyber domain with allies and partners, the DOD will assist U.S. allies and partners in building their cyber capacity and capability and expand avenues of potential cyber cooperation. DOD will continue to conduct hunt-forward operations to build cyber resiliency and reinforce responsible state behavior by encouraging adherence to international law and internationally recognized cyberspace norms.

When building enduring advantages in cyberspace, the DoD will optimize the organizing, training, and equipping of the cyber operations forces and service-retained cyber forces. Furthermore, DOD will invest in the enablers of cyberspace operations, including intelligence, science and technology, cybersecurity, and culture. With a robust and integrated cyber capability, the department will work to deter conflict where it can and prevail where it must.

Earlier this month, the Pentagon’s senior information security official said the DOD is on track to implement its zero trust cybersecurity framework by fiscal year 2027 as planned.  

David McKeown, who serves as the DOD’s deputy chief information officer and senior information security officer, said his office has been hard at work to ensure a smooth rollout of the initiative after publishing the Zero Trust Strategy and Roadmap in November. He also credited partnerships with the private sector as a key enabler of the DOD’s progress toward implementing the key capabilities identified in the roadmap so far. 

In March, the DOD released the 2023-2027 DoD Cyber Workforce (CWF) Strategy, which sets the foundation for how the DoD will foster a cyber workforce capable of executing the Department’s complex and varied cyber missions. The DoD CWF Strategy will enable the DoD to close workforce development gaps, resource workforce management and development initiatives, stay at the forefront of technological advances, securely and rapidly deliver resilient systems, and transform into a data-centric enterprise with optimized workforce analytics.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
Radiflow helps customers achieve NIS2 compliance, spurring growth in Europe
Radiflow, Exclusive Networks partner to elevate OT cybersecurity
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
Mandiant exposes APT44, Russia's Sandworm cyber sabotage unit, targeting global critical infrastructure
Mandiant exposes APT44, Russia’s Sandworm cyber sabotage unit, targeting global critical infrastructure
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Armis
Armis acquires Silk Security for $150 million to enhance AI-driven cybersecurity capabilities
Nozomi discovers five vulnerabilities in AMI MegaRAC SP-X BMC, exposing OT, IOT devices to RCE attacks
Nozomi secures US$1.25 million US Air Force contract to boost DoD critical infrastructure security
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape