(DOD) CYBER STRATEGY APRIL 2015

FACT SHEET: THE DEPARTMENT OF DEFENSE 
(DOD) CYBER STRATEGY  

APRIL 2015  

An engine of innovation and communication, the Internet connects billions of people, helps deliver goods and services globally, and brings ideas and knowledge to those who would otherwise lack access. The United States relies on the Internet and the systems and data of cyberspace for a wide range of critical services.  This reliance leaves us vulnerable in the face of a real and dangerous cyber threat, as state and non-state actors plan to conduct disruptive and destructive cyberattacks on the networks of our critical infrastructure and steal U.S. intellectual property to undercut our technological and military advantage.   

The purpose of the new Department of Defense Cyber Strategy, the Department’s second, is to guide the development of DoD's cyber forces and strengthen its cyber defense and cyber deterrence posture. It focuses on building cyber capabilities and organizations for DoD’s three cyber missions: defend DoD networks, systems, and information; defend the United States and its interests against cyberattacks of significant consequence; and provide integrated cyber capabilities to support military operations and contingency plans. The strategy sets five strategic goals and establishes specific objectives for DoD to achieve over the next five years and beyond.   

What drove DoD to develop a new cyber strategy? Three major drivers required that DoD develop a new cyber strategy. First is the increasing severity and sophistication of the cyber threat to U.S. interests, to include DoD networks, information, and systems. The Department of Defense has the largest network in the world and DoD must take aggressive steps to defend its networks, secure its data, and mitigate risks to DoD missions. Second, in 2012 President Obama directed DoD to organize and plan to defend the nation against cyberattacks of significant consequence, in concert with other U.S. government agencies. This new mission required new strategic thinking. Finally, in response to the threat, in 2012 DoD began to build a Cyber Mission Force (CMF) to carry out DoD’s cyber missions. The CMF will include nearly 6,200 military, civilian, and contractor support personnel from across the military departments and defense components. The strategy provides clear guidance for the CMF’s development.  

Building bridges to the private sector and beyond. To build the force of the future, DoD must attract the best talent, the best ideas, and the best technology to public service. To do so, DoD must build strong bridges to the private sector as well as the research institutions that make the United States such an innovative nation. The private sector and America’s research institutions design and build the networks of cyberspace, provide cybersecurity services, and research and develop advanced capabilities. The Department of Defense has had a strong partnership with the private sector and these research institutions historically, and DoD will strengthen those historic ties to discover and validate new ideas for cybersecurity for DoD and for the country as a whole.   

Deterrence is a key part of DoD’s new cyber strategy. This strategy describes the Department of Defense contributions to a broader national set of capabilities to deter adversaries from conducting cyberattacks. The Department of Defense assumes that the deterrence of cyberattacks on U.S. interests will be achieved through the totality of U.S. actions, including declaratory policy, substantial indications and warning capabilities, defensive posture, effective response procedures, and the overall resiliency of U.S. networks and systems. DoD has a number of specific roles to play in this equation; this strategy describes how DoD will fulfill its deterrence responsibilities effectively.   

STRATEGIC GOALS AND KEY IMPLEMENTATION OBJECTIVES:    

I. BUILD AND MAINTAIN READY FORCES AND CAPABILITIES TO CONDUCT CYBERSPACE OPERATIONS. 

In 2013, DoD initiated a major investment in its cyber personnel and technologies for the Cyber Mission Force. The Department of Defense must train its people, build effective organizations and command and control systems, and fully develop the capabilities that DoD requires to operate in cyberspace. Key objectives of this goal include: • Build technical capabilities for operations, to include a unified and integrated operational platform.  • Accelerate research and development to provide DoD with a significant advantage in developing leap-ahead technologies to defend U.S. interests in cyberspace. • Assess CMF capacity to achieve mission objectives when confronted with multiple contingencies.   

II. DEFEND THE DOD INFORMATION NETWORK, SECURE DOD DATA, AND MITIGATE RISKS TO DOD MISSIONS. 

DoD must identify, prioritize, and defend its most important networks and data so that it can carry out its missions effectively. DoD must also plan and exercise to operate within a degraded and disrupted cyber environment in the event that an attack on DoD’s networks and data succeeds, or if aspects of the critical infrastructure on which DoD relies for its operational and contingency plans are disrupted.  Key objectives of this goal include: • Build the Joint Information Environment single security architecture to shift the focus from protecting service-specific networks and systems to securing the DoD enterprise.  • Implement a capability to mitigate all known vulnerabilities that present a high risk to DoD. • Identify, plan, and defend the networks that support key DoD missions.  • Build a layered defense around the Defense Industrial Base through improved accountability, cybersecurity standards, counterintelligence, and whole of government efforts to counter IP theft.    

III. BE PREPARED TO DEFEND THE U.S. HOMELAND AND U.S. VITAL INTERESTS FROM DISRUPTIVE OR DESTRUCTIVE CYBERATTACKS OF SIGNIFICANT CONSEQUENCE. 

The Department of Defense must work with its interagency partners, the private sector, and allied and partner nations to deter and if necessary defeat cyberattacks of significant consequence on the U.S. homeland and U.S. interests. The Department of Defense must develop its intelligence, warning, and operational capabilities to mitigate sophisticated, malicious cyberattacks. Key objectives of this goal include: • Develop intelligence and warning capabilities to anticipate threats.  • Partner with key interagency organizations to prepare to defend the nation in cyberspace.  • Work with DHS to develop continuous and automated mechanisms for sharing information. • Assess DoD’s cyber deterrence posture and provide recommendations for improving it.    

IV. BUILD AND MAINTAIN VIABLE CYBER OPTIONS AND PLAN TO USE THOSE OPTIONS TO CONTROL CONFLICT ESCALATION AND TO SHAPE THE CONFLICT ENVIRONMENT AT ALL STAGES. 

During heightened tensions or outright hostilities, DoD must be able to provide the President with a wide range of options for managing conflict escalation. As a part of the range of tools available to the United States, DoD must develop viable cyber options and integrate those options into Departmental plans. DoD will develop cyber capabilities to achieve key security objectives with precision, and to minimize loss of life and destruction of property.  
 
V. BUILD AND MAINTAIN ROBUST INTERNATIONAL ALLIANCES AND PARTNERSHIPS TO DETER SHARED THREATS AND INCREASE INTERNATIONAL SECURITY AND STABILITY.
All three of DoD’s cyber missions require close collaboration with foreign allies and partners. In its international cyber engagement, DoD seeks to build partnership capacity in cybersecurity and cyber defense.  • Partner capacity building will focus on priority regions, to include the Middle East, Asia-Pacific, and Europe. DoD will remain adaptive and flexible to build new alliances and partnerships as required.

Popular Post

Ensure a fast start and a long, lucrative career with the right professional credentials - See more

DOD Directive 8570.1 Compliance + requiring certification: U.S. State Department, FBI, FAA BAE Systems, Booz Allen Hamilton General Dynamics, Northrop Grumman Raytheon, SAIC

CAST 611 Advanced Penetration Testing Government & Intelligence Agencies interested in real world attack and defense in today’s complex and highly secure IT environments

ACTION ORIENTED

Another scandal..Another scandal... There is a new investigation into alleged misconduct and improper prescriptive practices by Cincinnati VA chief of staff according to cryptic messages from the agency. At the center of the allegations is acting chief of staff is a thoracic surgeon Barbara Temeck, MD. The investigation involves prescriptive privileges and scripts written for numerous people including VISN 10 director Jack Hetrick. Hetrick recused himself from the investigation since it involves his wife... [read on] Get the rest Numerous state attorney generals are demanding that the US Department of Veterans Affairs reinstate GI Bill benefits for veterans defrauded by for-profit colleges. Attorney generals (AGs) in California, Connecticut, Illinois, Kentucky, Massachusetts, New Mexico, Oregon and Washington sent Secretary Bob McDonald a letter demanding restoration of GI Bill benefits. The justification is that for-profit colleges uses deceptive tactics to recruit veterans while the agency failed to verify education quality. According to Illinois AG Lisa Madigan: “Veterans earn educational benefits through their heroic service to our country… They should not return home and become targets of predatory, bogus colleges whose only interest in our veterans is to profit off them. It’s critical that our tax dollars allow student veterans to get a true education and the opportunities it provides.” The problem with the schools was that they promised veterans jobs after graduation that never materialized. In fact, those colleges provided such low quality educations that employers do not accept nor would other colleges accept them for transfer credits. Recruiters used proven psychotherapy techniques to manipulate veterans into enrolling. VA then paid benefits without verifying the claims made by such colleges. Veterans used up the benefits without the result they were promised. GI BILL RESTORATION STRATEGY The AGs are also suggesting VA adopt the following four strategies to protect veterans moving forward. According to Progress Illinois, those strategies are: Exercising current federal statutory authority to provide relief to these veterans. In cases where the VA has authorized the use of benefits contrary to its own governing statutes and regulations, federal law (38 U.S.C. §503) provides the VA discretion to offer equitable relief that would give back to the veterans full eligibility and entitlement to their benefits that they have lost from the schools’ conduct. Restoring these benefits would allow the veterans to obtain an education that will help them advance their careers. Triggering Automatic Reviews. The VA should establish that a review to exercise this discretion will automatically take place in any of the following cases: (1) when the U.S. Department of Education, a state regulatory agency, or a state attorney general takes a regulatory or enforcement action against a school; (2) when a court enters a judgment against a school, or (3) upon application by a veteran or a group of veterans alleging that an education program or college has utilized advertising, sales, or enrollment practices which are erroneous, deceptive, or misleading. Taking Proactive Steps To Provide Full and Accurate Information. The VA should take proactive steps to guarantee that veterans will be furnished full and accurate information about their education options to prevent them from enrolling in schools that employ aggressive and misleading marketing practices. Increasing Cooperation. The VA should continue and increase its support of efforts of state regulatory agencies and attorneys general in protecting veterans from misconduct. So what do you think about the plan? Should veterans receive the benefit, or harm, of their own educated choice of attending for-profit colleges? Or, should VA reinstate the GI Bill benefits of veterans defrauded? I used to be rather cynical about this, but VA does have a fiduciary duty to ensure colleges provide the quality education they promise before approving a veteran’s attendance. The past two presidential administrations were clearly asleep at the wheel while veterans were ripped off.

acinet.org•America's Career InfoNet helps people make better, more informed career decisions.