DoD Cyber Strategy Emphasizes Allies, Technology, and Resilience

DoD Cyber Strategy Emphasizes Allies, Technology, and Resilience

The U.S. Department of Defense (DoD) recently released their 2023 Cyber Strategy, summarizing the department’s views on current and evolving threats and risk mitigation against those threats.

In this post, we provide a summary of the DoD’s strategy and what it means for defense contractors and subcontractors in the Defense Industrial Base (DIB) who inevitably must align with and ultimately support the DoD’s mission.

DoD Cyber Strategy: An Overview

The 2023 Department of Defense Cyber Strategy aims to defend the nation, prepare to fight and win wars, protect the cyber domain with allies, and build enduring advantages in cyberspace. It builds on lessons from recent conflicts showing cyber capabilities are most effective when integrated with other tools. Key threats are China and Russia using cyber means against U.S. critical infrastructure and military networks.

The strategy has four lines of effort. First, defend forward by disrupting adversaries’ cyber capabilities before they can affect the U.S. Work with agencies to defend critical infrastructure and counter threats to military readiness.

Second, ensure cybersecurity of DoD networks and cyber resilience of the joint force to fight in contested cyberspace. Utilize unique cyber capabilities to generate asymmetric advantages.

Third, build cyber capacity of allies and partners. Conduct collaborative hunt-forward operations to illuminate threats. Encourage responsible state behavior in cyberspace.

Fourth, pursue reforms to build enduring advantages like optimizing organization, training, and equipping of cyber forces. Ensure timely intelligence support. Foster a culture of cyber awareness through training and education across DoD.

Ultimately, cyber threats require DoD, services, and agencies to integrate cyber capabilities rapidly across conflict spectrum. The DoD’s cyber strategy aims to defend the nation, fight and win wars, protect allies, and sustain advantages in cyberspace through strategic cyberspace operations and whole-of-government collaboration.

A Contested Cyberspace

The DoD recognizes cyberspace as a contested domain with threats from state and non-state actors seeking asymmetric advantages against the U.S. The DoD considers China, Russia, North Korea, Iran, and violent extremist organizations as the nation’s key adversaries.

China views cyber capabilities as core to achieving global power status and eroding U.S. military superiority. These adversaries steal intellectual property like technology secrets, target U.S. critical infrastructure, and undertake intrusion against U.S. citizens abroad.

For example, China’s theories of victory in war depend on using cyber means to degrade the joint force and launch destructive attacks against the Homeland.

Russia remains an acute cyber threat, employing capabilities against Ukraine to disrupt logistics, infrastructure, and political will. Russia is prepared to undertake similar cyberattacks on the U.S. and allies in crisis situations.

North Korea, Iran, and violent extremist organizations demonstrate varying cyber capabilities. North Korea focuses on espionage and criminal objectives. Iran uses cyber for espionage, interference, and retaliation. Extremist groups have limited cyber capabilities beyond social media exploitation.

Transnational criminal groups like ransomware gangs and cyber mercenaries also threaten U.S. interests for profit. They often align with nation states, targeting critical infrastructure and government functions. States provide safe haven for cyber criminals, causing billions in losses and disrupting critical services.

These adversaries share a common objective: they seek asymmetric advantages and perceive cyber capabilities as core to achieving their goals against the U.S. military and Homeland. The DoD’s cyber strategy aims to defend forward against this diverse range of threats through integrated deterrence and whole-of-government collaboration. Managing risk and building resilient networks and infrastructure will be critical in this contested domain.

Defend the Nation

Defending the Homeland is the DoD’s first priority. The department’s cyber strategy aims to identify and mitigate cyber threats before they can harm America. This will involve generating insights on adversaries’ capabilities and intent, then disrupting their activities and degrading their ecosystems.

The DoD will persistently engage adversaries in cyberspace to track their organization, capabilities, and intent early on. These insights will improve national cyber resilience and be shared with interagency partners.

U.S. Cyber Command will continue defending forward by conducting operations that disrupt adversaries and degrade their cyber infrastructure. Lessons from recent operations inform capabilities and risk management. Operations will complement whole-of-government efforts to reduce the utility of cyberattacks.

The National Guard will facilitate partnerships between federal and state/local entities to support cyber defense. Coordination across government will improve to communicate priorities clearly.

Safeguarding the Defense Industrial Base (DIB) is critical, as it develops vital technologies. Adversaries routinely target the DIB, imposing opportunity costs and raising government acquisition expenses.

To ensure DIB security, the Department will convene public-private partnerships for rapid information sharing and analysis. A comprehensive approach will identify, protect, detect, respond to, and recover from attacks on critical DIB elements.

DIB contracts will align incentives with cyber requirements, including compliance certification for priority contracts. Additional efforts will increase active defense and data protection for small/medium DIB partners.

In summary, defending forward through persistent engagement, coordinated efforts, public-private partnerships, and aligned incentives will disrupt adversary cyber activities targeting the Homeland and DIB. Generating insights and communicating priorities across government are key.

Prepare to Fight and Win the Nation’s Wars

The DoD’s cyber strategy aims to use cyberspace operations to enable and empower the joint force. This will be achieved through persistent campaigning, cyber defense/resilience, and supporting plans and operations.

Campaigning in cyberspace will advance joint force objectives, reinforce deterrence, and achieve information and military advantages. Adversaries will doubt efficacy of capabilities and believe they cannot coercively target the U.S. unattributed. Offensive and defensive options will support joint force readiness across conflict spectrum.

Defending the Department of Defense Information Network (DODIN) will ensure resilience against malicious cyber activity and readiness to operate in contested cyberspace. Vulnerabilities will be addressed through zero-trust architectures, cryptographic upgrades, and integrating visibility and operations of relevant mission elements. Intelligence, acquisition, sustainment and other functions will rapidly adapt DODIN to counter threats.

Enhancing joint force cyber resilience will prioritize capabilities supporting mission assurance. The force will train to operate through network and platform degradation.

Cyberspace operations will continue integrating into campaign and contingency planning as part of integrated deterrence. Approaches will develop asymmetric options utilizing unique cyberspace characteristics to meet joint force requirements. This includes pursuing cross-domain effects in large-scale combat operations.

In total, the strategy will empower the joint force through persistent cyber campaigning, resilient networks, integrated planning, and asymmetric options. Bolstering cyber defense, addressing vulnerabilities, and adapting the DODIN will counter threats. Prioritizing mission assurance will build resilience. Cyberspace integration in plans will support deterrence and joint force advantages.

Protect the Cyber Domain With Allies and Partners

Building cyber capacity and capability of allies and partners is a DoD priority. Their capabilities combine with the U.S. to enable information sharing, interoperability, and collective security. However, shared networks also introduce risks of compromise. Efforts will increase ally effectiveness in cyberspace to protect the open internet and U.S.

For some partners, the focus will be building capacity by expanding access to infrastructure and maturing the cyber workforce through training and exercises. For others, capability development will enable new functions partners need but lack. Relationships with top cyber partners will be enhanced at strategic, operational, and tactical levels.

Institutional barriers to cooperation will be addressed and security cooperation tools leveraged to advance priorities. Timely information sharing will boost combined operations and collective security. Best practices on vulnerabilities, workforce, and planning will be shared. Requests for cybersecurity assistance will be responded to.

Hunt forward operations conducted by U.S. Cyber Command have identified network vulnerabilities and enhanced sharing with partners like Ukraine. These efforts will continue to illuminate adversary actions, bolster collective security, and build relationships.

Reinforcing responsible norms of behavior in cyberspace will intensify scrutiny of malicious actors and constrain adversaries. Supporting U.S. State Department cyber norm efforts, exposing bad behavior, and coordinating globally will progress this goal.

Essentially, building partner cyber capacity, maturing capabilities, enhancing cooperation, conducting hunt operations, and promoting responsible norms will strengthen the cyber domain. Collaborative efforts to illuminate threats and constrain adversaries will also advance U.S. security.

Building Enduring Advantages in Cyberspace

Developing the cyber workforce is most important for building advantages. Reforms will improve retention and utilization of cyber operators. Alternatives for sizing, structure, organizing and training will be assessed. Talent from defense, commercial IT, academia, intelligence, and military will be identified and hiring/retention incentives ensured. Rotational and private sector programs will provide access to skills.

Services will be empowered to enable effective talent management and career progression through extended tours, mission area rotations, and progression models rewarding skill development. Use of reserve components will be explored to share talent.

Intelligence support for cyber operations will be prioritized through reforms addressing needs, information sharing barriers, and enabling activities consistent with laws and policies.

New cyber capabilities will be developed and implemented, prioritizing technologies that confound adversaries and prevent their objectives. These include zero-trust architectures, endpoint monitoring, data collection/analytics, network automation/restoration/deception. Alignment with overall cyber strategy will guide technology development. Responsible artificial intelligence principles will shape capabilities.

Fostering a cyber awareness culture across the department is crucial given risks to networks, infrastructure, and personnel. A culture of cybersecurity will be established. Baseline cyber fluency will be expected from leaders. Technical curricula will be developed for professional military and civilian education. Cyber education will integrate across ranks, sources, and training programs.

Building enduring advantages ultimately requires workforce investment, intelligence support, new capabilities, and widespread awareness. Retention, training, technology development, education, and leadership fluency will enable operations over the long term. Talent management and coordinated efforts therefore are key in order for the DoD to succeed in its mission.

Wrap Up: Securing the Nation’s Systems and Data Requires Operational and Technological Vigilance

Allies and partners are critical to bolstering cyber capabilities and reinforcing responsible norms in cyberspace. Their combined strength creates advantages for collective defense. But shared systems also create risks of compromise that must be addressed through cooperation.

As key partners, DoD contractors and subcontractors must support the DoD’s cybersecurity imperatives by ensuring the secure handling of federated controlled information (FCI) and controlled unclassified information (CUI). Obtaining Cybersecurity Maturity Model Certification (CMMC) will allow companies to share sensitive data with confidence.

Investing in CMMC certification now will pay long-term dividends by preventing breach and theft of vital defense information.

Cyber resilience is a cornerstone of the DoD’s cyber strategy. Defense contractors and subcontractors in the DIB must therefore ensure their systems are configured to deflect attacks. Implementing multi-factor authentication, 24/7 monitoring, strong access controls and data encryption are hallmarks of a mature cybersecurity posture. Promoting a culture of cyber awareness throughout their workforce is also critical.

Adopting zero-trust architectures that verify all users and devices before granting the minimum access required will greatly enhance data security. Transitioning to the cloud also enables advanced analytics, threat detection and prevention capabilities to stay ahead of emerging threats.

Leveraging shared cybersecurity services offered by DoD provides economical options for contractors to bolster defenses. Active participation in the Defense Industrial Base Cybersecurity Program gives access to bi-directional sharing of indicators and best practices.

The Cyber Strategy also prioritizes development of new technologies and capabilities. Contractors are valuable partners in innovating solutions like automated security orchestration, smart endpoint management, and advanced deception techniques. Bringing commercial innovation to the table is a win-win situation.

Kiteworks Helps DoD Contractors and Subcontactors Achieve CMMC 2.0 Compliance

With advanced persistent threats from China, Russia, and elsewhere targeting sensitive data, contractors must work hand in hand with DoD to thwart unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information.

The message is clear—contractor cybersecurity is integral to the success of the DoD cyber strategy. CMMC certification and a collaborative partnership mindset are crucial to securing controlled information and technologies critical to defense. Contractors must rise to the occasion. Our national security depends on it.

The Kiteworks Private Content Network, a FIPS 140-2 Level validated secure file sharing and file transfer platform, consolidates email, file sharing, web forms, SFTP and managed file transfer, so organizations control, protect, and track every file as it enters and exits the organization.

Kiteworks supports nearly 90% of CMMC 2.0 Level 2 requirements out of the box. As a result, DoD contractors and subcontractors can accelerate their CMMC 2.0 Level 2 accreditation process by ensuring they have the right sensitive content communications platform in place.

With Kiteworks, DoD contractors and subcontractors unify their sensitive content communications into a dedicated Private Content Network, leveraging automated policy controls and tracking and cybersecurity protocols that align with CMMC 2.0 practices.

Kiteworks enables rapid CMMC 2.0 compliance with core capabilities and features including:

  • Certification with key U.S. government compliance standards and requirements, including SSAE-16/SOC 2, NIST SP 800-171, and NIST SP 800-172
  • FIPS 140-2 Level 1 validation
  • FedRAMP Authorized for Moderate Impact Level CUI
  • AES-256-bit encryption for data at rest, TLS 1.2 for data in transit, and sole encryption key ownership

Kiteworks deployment options include on-premises, hosted, private, hybrid, and FedRAMP virtual private cloud. With Kiteworks: control access to sensitive content; protect it when it’s shared externally using automated end-to-end encryption, multi-factor authentication, and security infrastructure integrations; see, track, and report all file activity, namely who sends what to whom, when, and how. Finally, demonstrate compliance with regulations and standards like GDPR, HIPAA, CMMC, Cyber Essentials Plus, IRAP, and many more.

To learn more about Kiteworks, schedule a custom demo today.

Additional Resources

 

Get started.

It’s easy to start ensuring regulatory compliance and effectively managing risk with Kiteworks. Join the thousands of organizations who feel confident in their content communications platform today. Select an option below.

Lancez-vous.

Avec Kiteworks, se mettre en conformité règlementaire et bien gérer les risques devient un jeu d’enfant. Rejoignez dès maintenant les milliers de professionnels qui ont confiance en leur plateforme de communication de contenu. Cliquez sur une des options ci-dessous.

Jetzt loslegen.

Mit Kiteworks ist es einfach, die Einhaltung von Vorschriften zu gewährleisten und Risiken effektiv zu managen. Schließen Sie sich den Tausenden von Unternehmen an, die sich schon heute auf ihre Content-Kommunikationsplattform verlassen können. Wählen Sie unten eine Option.

Comienza ahora.

Es fácil empezar a asegurar el cumplimiento normativo y gestionar los riesgos de manera efectiva con Kiteworks. Únete a las miles de organizaciones que confían en su plataforma de comunicación de contenidos hoy mismo. Selecciona una opción a continuación.

Table of Content
Share
Tweet
Share
Explore Kiteworks