[BreachExchange] Pentagon Officials Rethinking Cyber's Role in National Defense Strategy

[Terrell Byrd]

https://www.nextgov.com/cybersecurity/2021/11/pentagon-officials-rethinking-cybers-role-national-defense-strategy/187010/

Those who believe that cybersecurity should occupy a more central role in
national defense should keep their eyes open for the release of the 2022
National Defense Strategy, a senior Pentagon official suggested.

“We’re thinking about the role of cyber as a tool in the National Defense
Strategy,” said Mieke Eoyang, deputy assistant secretary of Defense for
cyber policy, at CyberNext DC last week. “I think you all will be
interested in what we say about this.”

Every four years, by law, the Defense Department is required to release a
National Defense Strategy (formerly known as the Quadrennial Defense
Review, or QDR). This is where DOD looks ahead and outlines what it sees as
emerging threats; for instance, the 2010 QDR was the first time the
department identified climate change as a national security threat.

In 2018, when the name changed, the new National Defense Strategy
“recognized that we can’t defend our way out of the [cyber threat]
problem,” Eoyang said. That is when the concept of “defending forward” and
a persistent engagement strategy emerged. “As a result, the department’s
cyber strategy became much clearer.”

She said the department has three main missions in cyberspace: to defend
DOD networks, to extend network capabilities to the warfighters, and to
defend the nation as a whole. “And by that we mean whole-of-government
actions.”

Eoyang pointed out that DOD played a role in election security in 2018 and
2020. “We were one of the prime players, [and] we’re posed to do so again
in 2022.”

The growing threat of ransomware is another area where the Pentagon’s cyber
capabilities are brought into play, because many attackers are either
agents of, or sheltered by, a hostile nation-state.

“While DOD is not responsible for all cyber crime … when it hits
infrastructure [in the U.S.] we’re resourced to be able to address it,”
Eoyang said. “Some of our adversaries have tremendous resources in this
area.”

She said the Pentagon is seeing hostile countries pursuing
“below-threshold” cyberattacks, that is, not serious enough to elevate to
an act of war, but that there’s the growing risk of unintended consequences
if things get out of hand.

Eoyang made a request to the in-person and online audience listening—that
defense contractors help the department get U.S. allies and international
partners more cyber secure.

“Some of these countries have companies that are incredibly capable, but …
we need to help our partners and allies get better at cyber defense,” she
said. “I think there are many cases where [they] would be more comfortable
if they could work directly with the companies. [It does no good] if they
buy F-35s but the networks that run the F-35s” are compromised.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211123/520cec2e/attachment.html>