The Defense Department’s New 2023 Cyber Strategy

The Department of Defense (DoD) has recently released an unclassified summary of its classified new 2023 Cyber Strategy. The new strategy provides the roadmap for “how the Department is operationalizing the priorities of the 2022 National Security Strategy, 2022 National Defense Strategy, and the 2023 National Cybersecurity Strategy,” according to the DoD announcement.

In a press briefing on the day of the release, Deputy Assistant Secretary of Defense (DASD) for Cyber Policy Mieke Eoyang noted that the latest cyber strategy – DoD’s fourth – was given to Congress in May and updates their strategy from 2018.

The updated strategy is informed by the DoD’s experience conducting offensive and defensive operations over time and the implications of adversaries such as China, Russia, Iran and North Korea, along with transnational criminal organizations have for U.S defenses – cyber and otherwise.

DoD Cyber Strategy Lines of Effort

Under the 2023 strategy, the DoD will pursue four complementary lines of effort:

1. Defend the Nation – involves working to determine cyber threats; disrupting and degrading malicious cyber actors' capabilities; and working with interagency partners to defend U.S. critical infrastructure (including the U.S. Defense Industrial Base (DIB) and counter threats to military readiness.
2. Prepare to Fight and Win the Nation's Wars – involves ensuring the cybersecurity and defense of the Department of Defense Information Network (DODIN); enhancing the cyber resilience of the Joint Force to fight in and through contested cyberspace; and using cyberspace to meet the Joint Force's requirements and generate asymmetric advantages.
3. Protect the Cyber Domain with Allies and Partners – involves building the capacity and capability of U.S. Allies and partners in cyberspace and expand cyber cooperation while encouraging adherence to international law and internationally recognized cyberspace norms.
4. Build Enduring Advantages in Cyberspace – involves efforts to optimize the organizing, training, and equipping of the Cyberspace Operations Forces and Service-retained cyber forces; ensuring the availability of timely and actionable intelligence; exploring emerging technologies for cyber capabilities; and fostering a culture of cybersecurity and cyber awareness across the DoD through education, training, and knowledge development.

Eoyang, highlighted a distinction from previous DoD cyber strategies in that “this strategy commits to building the cyber capability of global allies and partners and to increase our collective resilience against cyberattack.”

Implications

In listening to a briefing on the new strategy by Dr. John F. Plumb, Assistant Secretary of Defense for Space Policy, and a follow-on interview of Eoyang at the Center for a New American Security, it is clear that the new strategy is geared toward a comprehensive view of cyber operations and how it integrates with joint warfighting, specifically, how the DoD will incorporate offensive cyber capabilities into their overall warfighting strategy. As such, cybersecurity and network/infrastructure defense is only one piece of the larger DoD cyber puzzle, albeit a critical piece.

Eoyang also noted the challenge and opportunities associated with emerging technologies, such as artificial intelligence (AI) and machine learning (ML). Increasingly AI capabilities are presenting increasing challenges to the cyber defenses of the DoD, as well as U.S. critical infrastructure. At the same time, AI capabilities empower cyber analysis at scale, enabling defenders to identify malicious activity in real time. The DoD has been using algorithmic learning for some time and continues to pursue greater AI capabilities to add capacity to it varied cyber operations.

The new strategy also underscores the DoD’s goal of building a deeper and wider cyber workforce, and the challenges that they and others face in doing so. Building the cyber workforce is central to expanding the capacities and capabilities of both U.S. and allied cyber operations. In August, the DoD released a new 2023-2027 Cyber Workforce Strategy Implementation Plan laying out their strategy on how they intend to identify, recruit, develop and retain their cyber workforce.

Implementing these elements – integrating cyber capabilities, leveraging modern technologies and training the cyber practitioners of the future – is not something the department will do on its own. They will continue to look to innovative DIB partners for the solutions and support necessary for an effective defense.