New Pentagon Cyber Strategy Complete: Official
The Pentagon is finalizing a new cyber warfighting strategy that will create a framework for training and equipping forces, as well as call for more international cooperation in this evolving domain, according to a DoD official.
U.S. Defense Secretary Robert Gates is reviewing the document, which could become official in a matter of days, according to Mary Beth Morgan, DoD director for cyber strategy.
“It will help the department better organize, train and equip, and be prepared for its operations across the spectrum – whether it’s military, it’s business operations, as well as intelligence activities,” Morgan said March 29 at an Atlantic Council conference in Washington. “It’s a way for us to ensure that we’re organizing in the right way, that we’re training in the right way, that we’re resourcing in the right way.”
The cyber warfighting strategy is designed with a “flexible structure so that as this environment and the strategic context changes over time, the department can change and develop over time,” Morgan said. The document “gets everybody on the same page and moving forward together so that we do have a more strategic approach to this area,” she noted.
A “very large aspect” of the strategy calls for international engagement. This effort will be led by the State Department and help broaden military-to-military relationships, according to Morgan.
“If we as a department are to be successful in defending and providing enhanced security in cyberspace, we must build international partnerships both bilaterally and multilaterally,” Morgan said. “It has to be a U.S. government effort in a whole-of-government approach if we’re going to be successful.”
Building relationships with allies and international partners “to enable information sharing and strengthen collective cyber security” is one of U.S. Cyber Command’s top strategic initiatives, U.S. Army Gen. Keith Alexander, the head of the command, wrote in prepared testimony to the House Armed Services Committee on March 16.
The cyber strategy includes engaging the private sector and “the multi-stakeholder forums that help govern and develop the architecture for the Internet,” Morgan said.
In addition, the Pentagon has launched a pilot program that uses DoD cyberdefense tools to protect industry networks from attacks, according to a U.S. House lawmaker.
As this initiative takes foot, the government should considering using those tools to defend its infrastructure, according to Rep. Mac Thornberry, R-Texas, chairman of the House Armed Services emerging threats and capabilities subcommittee.
“The pilot program that is just beginning would begin to defense some of the defense industrial, base using those kinds of tools,” Thornberry said during a separate presentation at the conference.
Thornberry said there needs to be “cooperation and interrelation between government and private industry,” which presents policy challenges, to combat cyber threats.
The Pentagon has been working to streamline its cyber warfighting capabilities for years. In 2009, DoD stood up U.S. Cyber Command as the centralized hub of military cyber operations.
“We ought to look at facilitating the use of the tools that the military uses to defend military networks, to defend critical infrastructure,” Thornberry said.
Lawmakers need to update federal policy and laws that have not kept pace with the vast cyber technology advances in recent decades, Thornberry said. House Speaker John Boehner, R-Ohio, has tasked Thornberry with leading a cybersecurity review, which looks at coordinating cyber across a number of congressional committees. A number of panels oversee different cyber efforts.
“As a result, nothing has happened, year after year, after year,” Thornberry said.
The congressman said he us optimistic Congress will make advances in developing new cyber policies this year.
But, “while we fiddle, our vulnerability continues to grow,” he said.