U.S. Department of Defense Cyber StrategyThis strategy presents an aggressive, specific plan for achieving change. For DoD to succeed in its mission of defending the United States and its interests in cyberspace, leaders from across the Department must take action to achieve the objectives outlined in this document. They must also hold their organizations accountable. Because of the nature of networks and computer code, no single organization can be relied upon to do this work. Success requires close collaboration across DoD, between agencies of the U.S. government, with the private sector, and with U.S. allies and partners. We live in a time of growing cyber threats to U.S. interests. State and non-state actors threaten disruptive and destructive attacks against the United States and conduct cyber-enabled theft of intellectual property to undercut the United States’ technological and military advantage. We are vulnerable in cyberspace, and the scale of the cyber threat requires urgent action by leaders and organizations across the government and the private sector. Since developing its first cyber strategy in 2011, the Defense Department has made significant progress in building its cyber capabilities, developing its organizations and plans, and fostering the partnerships necessary to defend the country and its interests. More must be done. Stemming from the goals and objectives outlined in this strategy, appropriate resources must be aligned and managed to ensure progress... The strategic environment can change quickly. That is especially true in cyberspace. We must be dynamic, flexible, and agile in this work. We must anticipate emerging threats, identify new capabilities to build, and determine how to enhance our partnerships and planning. As always, our women and men – both uniformed and civilian personnel – will be our greatest and most enduring strength and a constant source of inspiration. By working together we will help protect and defend the United States and its interests in the digital age.U.S. Department of DefenseDoD_5e8dcfdc-5d6a-11df-839d-400e7a64ea2aAshton CarterSecretary of DefenseNational Mission Teams13 teams -- Defend the United States and its interests against cyberattacks of significant consequence.Cyber Protection Teams68 teams -- Defend priority DoD networks and systems against priority threats.Combat Mission Teams27 teams -- Provide support to Combatant Commands by generating integrated cyberspace effects in support of operational plans and contingency operations.Support Teams25 teams -- Provide analytic and planning support to the National Mission and Combat Mission teams._d447d854-679f-11e5-8193-20c88df7775bTo guide the development of DoD's cyber forces and strengthen our cyber defense and cyber deterrence posture._d447da66-679f-11e5-8193-20c88df7775bForces & CapabilitiesBUILD AND MAINTAIN READY FORCES AND CAPABILITIES TO CONDUCT CYBERSPACE OPERATIONS._d447db92-679f-11e5-8193-20c88df7775bITo operate effectively in cyberspace, DoD requires forces and personnel that are trained to the highest standard, ready, and equipped with best-in-class technical capabilities. In 2013 DoD initiated a major investment in its cyber personnel and technologies by initiating the CMF; now DoD must make good on that investment by training its people, building effective organizations and command and control systems, and fully developing the capabilities that DoD requires to operate in cyberspace. This strategy sets specific objectives for DoD to meet as it mans, trains, and equips its forces and personnel over the next five years and beyond.Cyber WorkforceBuild the cyber workforce. _d447e146-679f-11e5-8193-20c88df7775bI.ACyber WorkforceTo make good on DoD’s significant investment in cyber personnel, and to help achieve many of the objectives in this strategy, DoD’s first priority is to develop a ready Cyber Mission Force and associated cyber workforce. This workforce will be built on three foundational pillars: enhanced training; improved military and civilian recruitment and retention; and stronger private sector support. TrainingMaintain a persistent training environment._d447e42a-679f-11e5-8193-20c88df7775bI.A.iDoD requires an individual and collective training capability to achieve the goals outlined in this strategy and to meet future operational requirements. U.S. Cyber Command will work with other components, agencies, and military departments to define the requirements for and create a training environment that will enable the total cyber force to conduct joint training (including exercises and mission rehearsals), experimentation, certification, as well as the assessment and development of cyber capabilities and tactics, techniques, and procedures for missions that cross boundaries and networks. Career PathsBuild viable career paths._d447e5ba-679f-11e5-8193-20c88df7775bI.A.iiThroughout the course of this strategy, and following the CMF decisions of 2013, DoD will continue to foster viable career paths for all military personnel performing and supporting cyber operations.National Guard & ReserveDraw on the National Guard and Reserve._d447e7e0-679f-11e5-8193-20c88df7775bI.A.iiiNational GuardNational ReserveThroughout the course of this strategy, DoD will draw on the National Guard and Reserve Components as a resource for expertise and to foster creative solutions to cybersecurity problems. The Reserve Component offers a unique capability for supporting each of DoD’s missions, including for engaging the defense industrial base and the commercial sector. It represents DoD’s critical surge capacity for cyber responders.Recruitment & RetentionImprove civilian recruitment and retention. _d447e9d4-679f-11e5-8193-20c88df7775bI.A.ivCiviliansIn addition to developing highly-skilled military personnel, DoD must recruit and retain highly-skilled civilian personnel, including technical personnel for its total cyber workforce. Civilians must follow a well-developed career development and advancement track and be provided with best-in-class opportunities to develop and succeed within the workforce.Exchange ProgramsDevelop and implement exchange programs with the private sector._d447eb5a-679f-11e5-8193-20c88df7775bI.A.vThe Private SectorTo supplement DoD’s civilian cyber workforce, DoD must be able to employ technical subject matter experts from the best cybersecurity and information technology companies in the country to perform unique engineering and analytic roles within DoD. The Defense Department will implement successful private sector exchange programs to bring measurable benefits to the Department of Defense through the design and development of new operational concepts for DoD’s cyberspace missions.Cyberspace EducationSupport the National Initiative for Cyberspace Education._d447ed80-679f-11e5-8193-20c88df7775bI.A.viDoD will develop policies to support the National Initiative for Cybersecurity Education. Working with interagency partners, one or more educational institutions, as well as state and private sector partners, DoD will continue to support innovative workforce development partnerships focused on both the technical and policy dimensions of cybersecurity and cyber defense. Technical CapabilitiesBuild technical capabilities for cyber operations._d447ef88-679f-11e5-8193-20c88df7775bI.BPresident of the United StatesSecretary of DefenseIn 2013, DoD developed a model for achieving CMF readiness and for developing viable cyber military options to present to the President and Secretary of Defense. DoD must have the technical tools available to conduct operations in support of combatant command missions. Key initiatives include the following:Unified PlatformDevelop the Unified Platform._d447f10e-679f-11e5-8193-20c88df7775bI.B.iOn the basis of planning requirements, DoD will develop the detailed requirements for integrating disparate cyber platforms and building an interoperable and extendable network of cyber capabilities. This Unified Platform will enable the CMF to conduct full-spectrum cyberspace operations in support of national requirements. R&DAccelerate research and development._d447f348-679f-11e5-8193-20c88df7775bI.B.iiThe Defense Department will continue to accelerate innovative cyber research and development to build cyber capabilities. The DoD research and development community as well as established and emerging private sector partners can provide DoD and the nation with a significant advantage in developing leap-ahead technologies to defend U.S. interests in cyberspace. In addition to supporting current and planned investments, DoD will focus its basic and applied research agenda on developing cyber capabilities to expand the capacity of the CMF and the broader DoD cyber workforce.Command & ControlValidate and continually refine an adaptive command and control mechanism for cyber operations._d447f53c-679f-11e5-8193-20c88df7775bI.CDoD has made significant progress in recent years in developing command and control for all three of its missions, but its command and control model must be finalized, resourced, and tested to ensure effectiveness. The command and control model must support USCYBERCOM and the combatant commands. It must be efficient and practical, and must promote unity of effort of effort across all three cyber missions.Modeling & SimulationEstablish an enterprise-wide cyber modeling and simulation capability._d447f6cc-679f-11e5-8193-20c88df7775bI.DIntelligence CommunityDoD will work in collaboration with the intelligence community to develop the data schema, databases, algorithms, and modeling and simulation (M&S) capabilities necessary to assess the effectiveness of cyber operations.Capacity AssessmentAssess Cyber Mission Force capacity._d447f910-679f-11e5-8193-20c88df7775bI.ECyber Mission ForceAssess the capacity of the projected Cyber Mission Force to achieve its mission objectives when confronted with multiple contingencies. MetricsPropose, collect, analyze, and report a set of appropriate metrics to measure the operational capacity of the CMF._d447fb0e-679f-11e5-8193-20c88df7775bI.E.iPrincipal Cyber AdvisorJoint StaffUSCYBERCOMThe Joint Staff, with support from USCYBERCOM and other DoD components, will propose, collect, analyze, and report a set of appropriate metrics to the Principal Cyber Advisor to measure the operational capacity of the CMF. These metrics will include updates on the status of USCYBERCOM contingency capabilities, to include capability development and proficiency as well as accesses and tools that may be required in a contingency. In response to this analysis, DoD will develop a plan for ensuring that the CMF has the appropriate capacity and flexibility available to respond to changes in the strategic environment.Network, Data & RisksDEFEND THE DOD INFORMATION NETWORK, SECURE DOD DATA, AND MITIGATE RISKS TO DOD MISSIONS._d447fc9e-679f-11e5-8193-20c88df7775bIIWhile DoD cannot defend every network and system against every kind of intrusion – DoD’s total network attack surface is too large to defend against all threats and too vast to close all vulnerabilities – DoD must take steps to identify, prioritize, and defend its most important networks and data so that it can carry out its missions effectively. DoD must also plan and exercise to operate within a degraded and disrupted cyber environment in the event that an attack on DoD’s networks and data succeeds, or if aspects of the critical infrastructure on which DoD relies for its operational and contingency plans are disrupted. Finally, DoD must raise the bar on technology and innovation to stay ahead of the threat by enhancing its cyber defense capabilities, including by building and employing a more defendable network architecture in the Joint Information Environment (JIE). Outside of DoD networks, DoD must work with the private sector to help secure defense industrial base trade data, and be prepared to assist other agencies in hardening U.S. networks and data against cyberattacks and cyber espionage.Joint Information EnvironmentBuild the Joint Information Environment (JIE) single security architecture._d447fee2-679f-11e5-8193-20c88df7775bII.AUSCYBERCOMCombatant CommandsDoD ComponentsThe Defense Department will build DoD information networks to meet the JIE’s single security architecture. The single security architecture will adapt and evolve to mitigate cyber threats; it will help DoD to develop and follow best-in-class cybersecurity practices, and its small network footprint will allow USCYBERCOM, combatant commands, and DoD components to maintain comprehensive situational awareness of network threats and mitigations.Enterprise SecurityEnable a robust network defense and shift the focus from protecting service-specific networks and systems to securing the DoD enterprise in a unified manner._d44800f4-679f-11e5-8193-20c88df7775bII.A.iThe JIE’s single security architecture will enable a robust network defense and shift the focus from protecting service-specific networks and systems to securing the DoD enterprise in a unified manner. The JIE’s single security architecture must be developed with enhanced cyber situational awareness, deployed in response to validated requirements, and able to accommodate future defensive measures. New TechniquesDevelop and integrate new defensive techniques into DoD’s cybersecurity architecture._d4480298-679f-11e5-8193-20c88df7775bII.A.iiAs a part of JIE planning DoD will develop a framework for developing and integrating new defensive techniques into DoD’s cybersecurity architecture, to include anomaly-based detection capabilities, data analytics to identify vulnerabilities and threats, and advanced encryption methods. Joint Force HeadquartersAssess and ensure the effectiveness of the Joint Force Headquarters for DoD information network (DoDIN) operations._d4480522-679f-11e5-8193-20c88df7775bII.BJoint Force HeadquartersUSCYBERCOMOperating under USCYBERCOM, the Joint Force Headquarters-DoDIN will coordinate network defense and mitigate cyber risks to DoD operations and missions across the defense enterprise. DoD will assess, validate, and fully implement the Joint Force Headquarters-DoDIN concept to operate DoD networks securely, defend DoD networks, and mitigate cyber risks to DoD missions. VulnerabilitiesMitigate known vulnerabilities._d448070c-679f-11e5-8193-20c88df7775bII.CThe Defense Department will implement a capability to mitigate all known vulnerabilities that present a high risk to DoD networks and data. In addition to zero-day vulnerabilities, one of the greatest threats to DoD networks and systems lies in known, high-risk vulnerabilities that potential adversaries can exploit. DoD often finds itself rushing to close vulnerabilities once an adversary has penetrated a system. The DoD Chief Information Officer (CIO) will lead an effort to implement an automated patch management capability to distribute software and configuration patches, updates, and fixes to mitigate known, major vulnerabilities on DoD networks and systems against threats. Cyber Defense AssessmentAssess DoD’s cyber defense forces._d44808c4-679f-11e5-8193-20c88df7775bII.DCyber Protection TeamThe Defense Department will assess its cyber defense forces’ ability to conduct integrated, adaptive, and dynamic defensive operations. Enterprise-level and Cyber Protection Team (CPT) network defenders must be able to discover, detect, analyze, and mitigate threats and vulnerabilities to defend the DoD information network.Computer Network Defense Service ProviderImprove the effectiveness of the current DoD Computer Network Defense Service Provider (CNDSP) construct in defending and protecting DoD networks._d4480c0c-679f-11e5-8193-20c88df7775bII.EComputer network defense service providers deliver cybersecurity solutions for DoD networks, to include monitoring, detection, and protection capabilities. The Defense Department will determine whether current CNDSP processes are sufficient to defend networks against known and projected threats in cyberspace and whether current CNDSP forces are adequately trained and equipped to defend against advanced threats. Finally, DoD will determine whether its CNDSP forces can integrate into the broader cyberspace command and control construct and how that integrated construct will perform in the face of cyber threats that span CNDSP and CPT protected networks and data.Network Defense & ResiliencePlan for network defense and resilience. _d4480e32-679f-11e5-8193-20c88df7775bII.FThe Defense Department must identify and plan to defend the networks that support key DoD missions. The Department must make a careful assessment of the priority assets that it must defend in cyberspace to assure DoD missions and exercise to defend those assets effectively.Mission AssuranceIntegrate cyber into mission assurance assessments._d4480ff4-679f-11e5-8193-20c88df7775bII.F.iThe Defense Department will integrate cybersecurity requirements and assessments into the DoD Mission Assurance program and update DoD policy appropriately. Currently DoD components take varying approaches to measuring and assessing cyber risks for mission assurance. DoD will develop a Joint Mission Assurance Assessment Program that includes the integration of cybersecurity assessments, cybersecurity requirements, and cyber operations’ requirements.Capability AssessementAssess Cyber Protection Team (CPT) capabilities. _d448126a-679f-11e5-8193-20c88df7775bII.F.iiCyber Protection TeamsDoD will complete an assessment of CPT capacity, capability, and employment model in regard to mission assurance priorities as set by combatant command requirements.Weapons SystemsImprove weapons systems cybersecurity._d448149a-679f-11e5-8193-20c88df7775bII.F.iiiDoD will assess and initiate improvements to the cybersecurity of current and future weapons systems, doing so on the basis of operational requirements. For all future weapons systems that DoD will acquire or procure, DoD will mandate specific cybersecurity standards for weapons systems to meet. Acquisition and procurement policy and practice will be updated to promote effective cybersecurity throughout a system’s life cycle. Continuity PlansBuild and exercise continuity plans._d4481670-679f-11e5-8193-20c88df7775bII.F.ivDoD ComponentsAll DoD components will identify and build resiliency plans to maintain continuity of their most critical operations in the event of network disruption and degradation. Military campaign plans must fully incorporate the ability to operate in a degraded cyber environment; military forces must exercise and be able to conduct military campaigns in a degraded cyber environment where access to networks and data is uncertain. Components must balance cyber risks effectively to ensure that they can continue to carry out their missions in the physical world. Red TeamsRed team DoD’s network defenses._d44818fa-679f-11e5-8193-20c88df7775bII.GThe Defense Department has developed mature red team capabilities to test vital networks and mission systems for vulnerabilities and to better prepare its cyber defense forces. Going forward, DoD must focus its red team capabilities on priority networks and mission systems to assure DoD’s ability to carry out its most critical missions. As a part of this work, every major DoD exercise should include a cyber red team to test DoD's cyber defenses in a realistic scenario where the Department could have its operations disrupted by an adversary. Components will be audited regularly to ensure progress in incorporating red team findings and improving their cybersecurity posture.Insider ThreatsMitigate the risk of insider threats._d4481b34-679f-11e5-8193-20c88df7775bII.HThe nation's defense depends upon the fidelity of those entrusted with the nation's secrets. The Defense Department has invested in the technological and personnel solutions necessary to identify threats before they can impact U.S. national security. The Defense Department continues to deploy and implement these solutions through continuous network monitoring, improved cybersecurity training for the workforce, and improved methods for identifying, reporting, and tracking suspicious behavior.Awareness, Anticipation, Detection & ResponseCreate a culture of awareness to anticipate, detect, and respond to insider threats,_d4481d0a-679f-11e5-8193-20c88df7775bII.H.iThis work extends beyond information technology and includes matters of personnel and reliability. Mitigating the insider threat requires good leadership and accountability throughout the workforce. Beyond implementing policies and protocols, leaders will strive to create a culture of awareness to anticipate, detect, and respond to insider threats before they have an impact.Civil AuthoritiesExercise to provide Defense Support of Civil Authorities._d4481fa8-679f-11e5-8193-20c88df7775bII.ICivil AuthoritiesUnder its existing and planned force structure, DoD will develop a framework and exercise its Defense Support of Civil Authorities (DSCA) capabilities in support of DHS and other agencies and with state and local authorities to help defend the federal government and the private sector in an emergency if directed.Critical InfrastructureExercise for contingencies that may require emergency allocation of forces to help protect critical infrastructure._d4482200-679f-11e5-8193-20c88df7775bII.I.iDHSFBIDoD‘s annual exercise program, to include Cyber Guard, will include exercising with DHS and the FBI for contingencies that may require emergency allocation of forces to help protect critical infrastructure, under partner agencies’ lead. This framework will describe how combatant commands and combat support agencies can partner with DHS and FBI and other agencies to improve integration, training and support.National GuardDefine and refine the National Guard’s role in supporting law enforcement, Homeland Defense, and Defense Support of Civil Authorities missions._d44823ea-679f-11e5-8193-20c88df7775bII.JNational GuardDoD will work with the National Guard to define the coordinate, train, advise, and assist (C/TAA) roles of the National Guard force and refine implementation through Cyber Guard 16-1. Under its existing and planned force structure, National Guard forces will exercise to coordinate, train, advise, and assist state and local agencies and domestic critical infrastructure and to provide support to law enforcement, Homeland Defense, and Defense Support of Civil Authorities activities in support of national objectives.Data ProtectionImprove accountability and responsibility for the protection of data across DoD and the DIB._d44826a6-679f-11e5-8193-20c88df7775bII.KDefense Cyber Crime CenterThe Defense Department will ensure that policies and any associated federal rules or contract language requirements have been implemented to require DIB companies to report data theft and loss to the Defense Cyber Crime Center. DFARSAssess Defense Federal Acquisition Regulation Supplement (DFARS) rules and associated guidance to ensure they mature over time in a manner consistent with known standards for protecting data._d44828fe-679f-11e5-8193-20c88df7775bII.K.1DoD will continue to assess Defense Federal Acquisition Regulation Supplement (DFARS) rules and associated guidance to ensure they mature over time in a manner consistent with known standards for protecting data from cyber adversaries, to include standards promulgated by the National Institute of Standards and Technology (NIST). Information SharingExpand companies' participation in threat information sharing programs._d4482ade-679f-11e5-8193-20c88df7775bII.K.iiCompaniesDoD will continue to expand companies' participation in threat information sharing programs, such as the Cyber Security/Information Assurance program. Education & TrainingExpand education and training programs to include material for DoD personnel and DIB contractors to enhance their cyber threat awareness._d4482dae-679f-11e5-8193-20c88df7775bII.K.iiiDefense Security ServiceDoD PersonnelDIB ContractorsAs the certification authority for DIB cleared defense contractor sites, the Defense Security Service will expand education and training programs to include material for DoD personnel and DIB contractors to enhance their cyber threat awareness. Acquisition & Technology ProgramsReview the sufficiency of current classification guidance for critical acquisition and technology programs._d4482ffc-679f-11e5-8193-20c88df7775bII.K.ivOffice of the Under Secretary of Defense for IntelligenceIn addition, the Office of the Under Secretary of Defense for Intelligence will review the sufficiency of current classification guidance for critical acquisition and technology programs to protect information on contractor networks.Procurement & Acquisition CybersecurityStrengthen DoD’s procurement and acquisition cybersecurity standards._d4483272-679f-11e5-8193-20c88df7775bII.LTo defend DoD networks, DoD must strengthen the cybersecurity requirements of DoD’s network acquisition and procurement items by integrating cybersecurity standards into contract vehicles for research, development, and procurement. DoD will specify additional cybersecurity standards for industry to meet for components of any DoD procurement item.CollaborationBuild collaboration between the acquisition, intelligence, counterintelligence, law enforcement, and operations communities to prevent, mitigate, and respond to data loss._d4483538-679f-11e5-8193-20c88df7775bII.MAcquisition CommunityIntelligence CommunityCounterintelligence CommunityLaw Enforcement CommunityOperations CommunityDoD will establish a Joint Acquisition Protection and Exploitation Cell (JAPEC) to link intelligence, counterintelligence, and law enforcement agents with acquisition program managers to prevent and mitigate data loss and theft. DoD will conduct comprehensive risk and damage assessments of cyber espionage and theft to inform requirements, acquisition, programmatic, and counterintelligence courses of action.Information System Security ControlsAssess and update specific information system security controls that underpin the DFARs for defense contractors._d44837b8-679f-11e5-8193-20c88df7775bII.M.iDefense ContractorsDoD CIOOffice of the Under Secretary of Defense for Acquisition, Technology, and LogisticsThe DoD CIO, in collaboration with the Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics, will assess and update specific information system security controls that underpin the DFARs for defense contractors within the NIST and DFARS standards. Alert Capabilities & Cyber DefensesWork with companies to develop alert capabilities and build layered cyber defenses._d44839ca-679f-11e5-8193-20c88df7775bII.M.iiCompaniesTo safeguard critical programs and technologies DoD will work with companies to develop alert capabilities and build layered cyber defenses.Risk & Damage AssessmentStreamline risk and damage assessment processes to better inform decisions to maintain, modify, or cancel penetrated programs. _d4483c86-679f-11e5-8193-20c88df7775bII.M.iiiDefense Cyber Crime CenterPrincipal Cyber Advisor to the Secretary of DefenseOffice of the Under Secretary of Defense for Acquisition, Technology, and LogisticsFinally, the Defense Cyber Crime Center, the Principal Cyber Advisor to the Secretary of Defense, and the Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics will collaborate with the Services' Damage Assessment Management Offices to streamline risk and damage assessment processes to better inform decisions to maintain, modify, or cancel penetrated programs. IntrusionsUse DoD counterintelligence capabilities to defend against intrusions._d4483ef2-679f-11e5-8193-20c88df7775bII.NPrincipal Cyber AdvisorSecretary of DefenseMilitary DepartmentsUnder Secretary of Defense for IntelligenceThe Military Departments and the Under Secretary of Defense for Intelligence, in consultation with the Principal Cyber Advisor, will develop a strategy for the Secretary of Defense’s approval that maximizes the capabilities and authorities of the military departments’ counterintelligence agencies to identify, attribute, and defend against cyber intruders. Cyber EspionageImprove insight into and frustrate and defeat cyber espionage._d4484104-679f-11e5-8193-20c88df7775bII.N.iCounterintelligence AuthoritiesU.S. Intelligence CommunityLaw Enforcement CommunityCounterintelligence authorities are uniquely positioned to improve our insight into and frustrate and defeat cyber espionage. The strategy will specify how DoD’s counterintelligence agencies will collaborate more effectively with the broader U.S. intelligence and law enforcement communities on investigations and human and technical operations to thwart cyber-enabled intellectual property theft against the United States and its allies and partners.Intellectual PropertyCounter intellectual property theft._d44843d4-679f-11e5-8193-20c88df7775bII.OU.S. Government AgenciesThe Defense Department will continue to work with other agencies of the U.S. government to counter the threat posed by intellectual property theft through cyberspace.Homeland & InterestsBE PREPARED TO DEFEND THE U.S. HOMELAND AND U.S. VITAL INTERESTS FROM DISRUPTIVE OR DESTRUCTIVE CYBERATTACKS OF SIGNIFICANT CONSEQUENCE._d4484654-679f-11e5-8193-20c88df7775bIIIThe Department of Defense must work with its interagency partners, the private sector, and allied and partner nations to deter and if necessary defeat a cyberattack of significant consequence on the U.S. homeland and U.S. interests. The Defense Department must develop its intelligence, warning, and operational capabilities to mitigate sophisticated, malicious cyberattacks before they can impact U.S. interests. Consistent with all applicable laws and policies, DoD requires granular, detailed, predictive, and actionable intelligence about global networks and systems, adversary capabilities, and malware brokers and markets. To defend the nation, DoD must build partnerships with other agencies of the government to prepare to conduct combined cyber operations to deter and if necessary defeat aggression in cyberspace. The Defense Department is focused on building the capabilities, processes, and plans necessary to succeed in this mission. ThreatsContinue to develop intelligence and warning capabilities to anticipate threats._d4484866-679f-11e5-8193-20c88df7775bIII.ATo defend the nation against cyberattacks of significant consequence, DoD will work with the broader intelligence community to develop intelligence capabilities about adversary activities and prepare to disrupt cyberattacks before they can impact the U.S. homeland and U.S. interests. To meet combatant command contingency requirements, DoD will expand its intelligence of key adversary human and technical networks. To operate effectively in cyberspace DoD requires cyber intelligence and warning and shared situational awareness through all phases of a potential operation. All intelligence collection will follow the law and guidance outlined in executive orders.CapabilitiesDevelop and exercise capabilities to defend the nation._d4484b68-679f-11e5-8193-20c88df7775bIII.BNational Mission ForceDoD ComponentsThe National Mission Force and other relevant DoD components will train and partner with key interagency organizations to prepare to conduct cyber operations to defend the nation from cyberattacks of significant consequence. In addition, DoD will practice emergency procedures through regular exercises at all levels of the Department and support interagency exercises to practice emergency and deliberate cyber action procedures.PartnershipsBuild partnerships to defend the nation._d4484df2-679f-11e5-8193-20c88df7775bIII.B.iDoD will have a framework in place to cooperate with other government agencies to conduct defend the nation operations. DoD will work with FBI, CIA, DHS and other agencies to build relationships and integrate capabilities to provide the President with the widest range of options available to respond to a cyberattack of significant consequence to the United States.Annual ReviewsConduct an annual comprehensive review of DoD’s defend the nation capabilities._d4485018-679f-11e5-8193-20c88df7775bIII.B.iiThe Defense Department’s requirements and capabilities for its mission to defend the nation against cyberattacks of significant consequence will evolve over time. On an annual basis, DoD will conduct an in-depth review of the capabilities available and required for the mission. As a part of this review, DoD will validate new requirements and identify gaps and initiatives to pursue.Critical InfrastructureDevelop innovative approaches to defending U.S. critical infrastructure._d448532e-679f-11e5-8193-20c88df7775bIII.CDoD will work with DHS to improve the Enhanced Cybersecurity Services program and encourage additional critical infrastructure entities to participate, with a particular emphasis on increasing the number of defense critical infrastructure participants.Information SharingDevelop automated information sharing tools._d44855e0-679f-11e5-8193-20c88df7775bIII.DDHSU.S. Government AgenciesCongressThe Private SectorTo improve shared situational awareness DoD will partner with DHS and other agencies to develop continuous, automated, standardized mechanisms for sharing information with each of its critical partners in the U.S. government, key allied and partner militaries, state and local governments, and the private sector. In addition, DoD will work with other U.S. government agencies and Congress to support legislation that enables information sharing between the U.S. government and the private sector.Cyber DeterrenceAssess DoD’s cyber deterrence posture and strategy._d44858f6-679f-11e5-8193-20c88df7775bIII.EDefense Science BoardTask Force on Cyber DeterrenceU.S. Strategic CommandJoint StaffOffice of the Secretary of DefenseBuilding off of the Defense Science Board’s Task Force on Cyber Deterrence, U.S. Strategic Command (USSTRATCOM), in coordination with the Joint Staff and the Office of the Secretary of Defense, will assess the Department of Defense’s ability to deter specific state and non-state actors from conducting cyberattacks of significant consequence on the U.S. homeland and against U.S. interests, to include loss of life, significant destruction of property, or significant impact on U.S. foreign and economic policy interests.Capabilities & ActionsDetermine whether DoD is building the capabilities required for attributing and deterring key threats from conducting such attacks and recommend specific actions that DoD can take to improve its cyber deterrence posture._d4485c3e-679f-11e5-8193-20c88df7775bIII.E.iUSSTRATCOMIn conducting its analysis, USSTRATCOM must determine whether DoD is building the capabilities required for attributing and deterring key threats from conducting such attacks and recommend specific actions that DoD can take to improve its cyber deterrence posture. Careful attention should be devoted also to deterring non-state actors that may fall outside of traditional deterrence frameworks but which could pose a considerable threat to U.S. interests.OptionsBUILD AND MAINTAIN VIABLE CYBER OPTIONS AND PLAN TO USE THOSE OPTIONS TO CONTROL CONFLICT ESCALATION AND TO SHAPE THE CONFLICT ENVIRONMENT AT ALL STAGES._d4485ee6-679f-11e5-8193-20c88df7775bIVPresident of the United StatesCombatant CommandsDuring heightened tensions or outright hostilities, DoD must be able to provide the President with a wide range of options for managing conflict escalation. If directed, DoD should be able to use cyber operations to disrupt an adversary’s command and control networks, military-related critical infrastructure, and weapons capabilities. As a part of the full range of tools available to the United States, DoD must develop viable cyber options and integrate those options into Departmental plans. DoD will develop cyber capabilities to achieve key security objectives with precision, and to minimize loss of life and destruction of property. To ensure unity of effort, DoD will enable combatant commands to plan and synchronize cyber operations with kinetic operations across all domains of military operations.OptionsIntegrate cyber options into plans._d4486120-679f-11e5-8193-20c88df7775bIV.AU.S. AlliesU.S. Government AgenciesTo meet strategic end-states as defined by the Guidance for the Employment of the Force, combatant command plans, and other strategic guidance documents, DoD will work with agencies of the U.S. government as well as U.S. allies and partners to integrate cyber options into combatant command planning.RequirementsAccelerate the integration of cyber requirements into plans._d4486454-679f-11e5-8193-20c88df7775bIV.A.iJoint StaffUSSTRATCOMChairman of the Joint Chiefs of StaffCyber Mission ForcesThe Defense Department will accelerate the integration of cyber requirements into combatant command plans. Plans must outline and define specific cyberspace effects against targets. To facilitate this work, the Joint Staff will work with USSTRATCOM to synchronize and integrate requirements into planning and provide recommendations to the Chairman of the Joint Chiefs of Staff on the alignment, allocation, assignment, and apportionment of Cyber Mission Forces.Alliances & PartnershipsBUILD AND MAINTAIN ROBUST INTERNATIONAL ALLIANCES AND PARTNERSHIPS TO DETER SHARED THREATS AND INCREASE INTERNATIONAL SECURITY AND STABILITY._d4486706-679f-11e5-8193-20c88df7775bVAll three of DoD’s cyber missions require close collaboration with foreign allies and partners. In its international cyber engagement DoD seeks to build partnership capacity in cybersecurity and cyber defense, and to deepen operational partnerships where appropriate. Given the high demand and relative scarcity of cyber resources, the Department of Defense must make hard choices and focus its partnership capacity initiatives on areas where vital U.S. national interests are stake. Over the next five years, in addition to ongoing partner capacity building efforts in other regions, DoD will focus its international engagement on: the Middle East, the Asia-Pacific, and key NATO allies. Through the course of this strategy DoD will constantly assess the international environment and develop innovative partnerships to respond to emerging challenges and opportunities.Partner CapacityBuild partner capacity in key regions._d4486954-679f-11e5-8193-20c88df7775bV.AU.S. AlliesU.S. PartnersU.S. Government AgenciesU.S. Department of StateUnder its existing and planned force structure, DoD will work with key allies and partners to build partner capacity and help secure the critical infrastructure and key resources on which DoD missions and U.S. interests depend. The Defense Department will work regularly with other agencies of the U.S. government, to include the Department of State, in building partner capacity. Priority regions include the Middle East, Asia-Pacific, and Europe.Middle Eastern Networks & SystemsSupport the hardening and resiliency of Middle Eastern allies’ and partners’ networks and systems._d4486ca6-679f-11e5-8193-20c88df7775bV.A.iMiddle Eastern AlliesMiddle Eastern PartnersAs a part of its cyber dialogue and partnerships, DoD will work with key Middle Eastern allies and partners to improve their ability to secure their military networks as well as the critical infrastructure and key resources upon which U.S. interests depend. Key initiatives include improved information sharing to establish a unified understanding of the cyber threat, an assessment of our mutual cyber defense posture, and collaborative approaches to building cyber expertise.Asian Networks & SystemsSupport the hardening and resiliency of Northeast Asian allies’ networks and systems._d4486f80-679f-11e5-8193-20c88df7775bV.A.iiNortheast Asian AlliesAs a part of its broader cyber dialogue with Asian allies, DoD will work with key allies and partners to improve their ability to secure their military networks and critical infrastructure and key resources upon which U.S. and allied interests depend.Asia-Pacific RegionBuild new strategic partnerships in the Asia-Pacific region._d44871e2-679f-11e5-8193-20c88df7775bV.A.iiiThe Defense Department will work with key states across the Asia-Pacific to build cyber capacity and minimize risk to U.S. and allied interests, in a manner consistent with DoD’s International Cyberspace Security Cooperation Guidance.NATO AlliesWork with key NATO allies to mitigate cyber risks to DoD and U.S. national interests._d448753e-679f-11e5-8193-20c88df7775bV.A.ivNATO AlliesThe Defense Department will develop these partnerships through the defense consultations that DoD holds with its key NATO allies.Alliances & PartnershipsBuild alliances and partnerships to best respond to shifts in the strategic environment._d4487804-679f-11e5-8193-20c88df7775bV.A.vDoD will remain flexible and agile as it builds alliances and partnerships to best respond to shifts in the strategic environment.MalwareDevelop solutions to counter the proliferation of destructive malware._d4487a70-679f-11e5-8193-20c88df7775bV.BState and non-state actors seek to acquire destructive malware. The uncontrolled spread of destructive malware to hostile actors presents a significant risk to the international system. Working with the Department of State and other agencies of the U.S. government as well as U.S. allies and partners, the Defense Department will draw on best-practices to counter the proliferation of destructive malware within the international system. In addition to international regimes and best-practices, the U.S. government has a range of domestic export control regimes for governing dual-use technologies that can be used to prevent proliferation. Planning & TrainingWork with capable international partners to plan and train for cyber operations._d4487dea-679f-11e5-8193-20c88df7775bV.CThroughout the course of this strategy, DoD will strengthen its international alliances and partnerships to develop combined capabilities to achieve cyber effects in support of combatant command plans.DialogueStrengthen the United States cyber dialogue with China to enhance strategic stability._d448818c-679f-11e5-8193-20c88df7775bV.DChinaCyber Working GroupRussiaIf and when U.S.-Russia military relations resume, as a part of broader interagency efforts DoD will seek to develop a military-to-military cyber dialogue with Russia to foster strategic stability in cyberspace. Through the course of this strategy, as part of the U.S.-China Defense Consultative Talks and related dialogues, such as the Cyber Working Group, DoD will continue to hold discussions with China to bring greater understanding and transparency of each nation’s military doctrine, policy, roles and missions in cyberspace. The goal of this work is to reduce the risks of misperception and miscalculation that could contribute to escalation and instability. DoD will support U.S. government efforts to strengthen confidence-building measures to bring a greater level of trust to the U.S.-China relationship. In addition, DoD will continue to raise concerns about China’s cyber enabled theft of U.S. intellectual property, trade secrets, and confidential business information.ManagementManage the strategy._d44883ee-679f-11e5-8193-20c88df7775bVITo achieve the goals and objectives outlined in this strategy will require hard choices regarding cyber forces and personnel, organizations, and capabilities. The financial choices that DoD makes in the course of implementing this strategy will have national and global implications for years to come, and DoD must operate in an effective and cost-efficient manner to guarantee the best return on its investments. To that end, DoD will pursue the following management objectives to govern its cyber activities and missions. Principal Cyber AdvisorEstablish the Office of the Principal Cyber Advisor to the Secretary of Defense._d448875e-679f-11e5-8193-20c88df7775bVI.AOffice of the Principal Cyber AdvisorSecretary of DefenseIn the National Defense Authorization Act (NDAA) of 2014, Congress required the Defense Department to designate a Principal Cyber Advisor to the Secretary of Defense to review military cyberspace activities, cyber mission forces, and offensive and defensive cyber operations and missions. In addition, the Principal Cyber Advisor will govern the development of DoD cyberspace policy and strategy for the DoD enterprise.GovernanceBuild an intradepartmental team to ensure effective governance of cyber issues within DoD._d4488a38-679f-11e5-8193-20c88df7775bVI.A.iPrincipal Cyber AdvisorUnder Secretary of Defense for Policy Under Secretary of Defense for IntelligenceUnder Secretary of Defense for Personnel and ReadinessPrincipal Staff Assistants (PSA)in the office of the Secretary of DefenseThe 2014 NDAA also stipulated that this Principal Cyber Advisor integrate the cyber expertise and perspectives of key organizations to build an intradepartmental team of key players to ensure effective governance of cyber issues within DoD. The Principal Cyber Advisor responsibilities assigned by the FY14 NDAA shall not be interpreted to affect the existing responsibilities and authorities of the Under Secretary of Defense for Acquisition, Technology, and Logistics; the Under Secretary of Defense for Policy; the Under Secretary of Defense for Intelligence; the Under Secretary of Defense for Personnel and Readiness; or any other Principal Staff Assistant (PSA) in the office of the Secretary of Defense in cyber-related responsibilities and authorities. Cyber Management ReviewReview DoD’s cyber management._d4488cae-679f-11e5-8193-20c88df7775bVI.A.iiPrincipal Cyber AdvisorDoD ComponentsCyber Investment and Management Board (CIMB)Office of the Under Secretary of Defense for Acquisition, Technology, and LogisticsJoint StaffAn intradepartmental team. The Principal Cyber Advisor will work with DoD components through the Cyber Investment and Management Board (CIMB) to review DoD’s cyber management. The CIMB will be a forum for synchronization, coordination, and project management. It will not replicate existing programmatic and budgetary mechanisms or interfere with previously defined Principal Staff Assistant roles and authorities, nor will it interfere in any way with the military chain of command; rather, it will provide a single forum to integrate cyber initiatives, it will manage projects through completion, and streamline DoD’s cyber governance structures. The PCA will work with the Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics and the Joint Staff to build an intradepartmental team of DoD representatives to support the CIMB in this work.Cyber Issue CoordinationProvide senior-level coordination on key cyber issues._d4489028-679f-11e5-8193-20c88df7775bVI.A.iiiCIMBOSDJoint StaffA senior executive forum. Subordinate and reporting to the CIMB, a senior executive forum will provide initial senior-level coordination on key cyber issues. The senior executive forum will recommend courses of action to the CIMB and will coordinate with other OSD and Joint Staff governance bodies to facilitate unity of effort and resolve management issues at appropriate levels.Budgetary & Financial CoordinationCoordinate budgetary and financial recommendations._d4489316-679f-11e5-8193-20c88df7775bVI.A.ivDeputy’s Management Action GroupCIMBIf and when a budgetary or financial matter comes into play during the Program and Budget Review process, the Principal Cyber Advisor will use the senior executive forum and the CIMB to coordinate recommendations for the Deputy’s Management Action Group or other financial and budgetary organizations, vetting options and alternatives through the issue teams as appropriate.Cyber Budgetary ManagementImprove cyber budgetary management. _d44895a0-679f-11e5-8193-20c88df7775bVI.BUnder Secretary of Defense for IntelligenceDoD will develop an agreed-upon method to more transparently and effectively manage the DoD cyber operations budget. Today cyber funding is spread across the DoD budget, to include the Military Intelligence Program (MIP), in multiple appropriations, budget lines, program elements, and projects. In addition, the Under Secretary of Defense for Intelligence, on behalf of DoD, ensures that all National Intelligence Program (NIP) investments are aligned to support DoD missions. The diffuse nature of the DoD cyber budget presents DoD with a challenge for effective budgetary management; DoD must develop a new method for managing cross-program funding to improve mission effectiveness and achieve management efficiencies. Operations & Policy frameworkDevelop DoD’s cyber operations and cybersecurity policy framework. _d448994c-679f-11e5-8193-20c88df7775bVI.CConsistent with Presidential guidance, DoD will align and simplify its cyber operations and cybersecurity policy management and identified gaps, overlaps, seams, conflicts, and areas in need of revision in current documentation. This effort will help translate national and departmental guidance and policy into tactical operations. It is essential to clarifying conflicts in existing documentation that currently complicate cyber operations and cybersecurity governance.Capability AssessementConduct an end-to-end assessment of DoD’s cyber capabilities._d4489c58-679f-11e5-8193-20c88df7775bVI.DSecretary of DefensePrincipal Cyber Advisor to the Secretary of DefenseOffice of the Under Secretary of Defense for Acquisition, Technology, and LogisticsOffice of the Director of Coast Assessment and Program EvaluationUSCYBERCOMU.S. Cyber Command will lead a comprehensive operational assessment of its posture. In coordination with the Principal Cyber Advisor to the Secretary of Defense, the Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics, and the Office of the Director of Coast Assessment and Program Evaluation, USCYBERCOM will provide short- and long-term recommendations through the CIMB to provide to the Secretary of Defense regarding organizational structure, command and control mechanism, rules of engagement, personnel, capabilities, tools, and potential operational gaps. The goal of this posture assessment will be to provide a clear understanding of the future operational environment; key stakeholder views; as well as strategic priorities, choices, and resources for planning and operations.2015-04-302015-09-30http://www.defense.gov/Portals/1/features/2015/0415_cyber-strategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdfOwenAmburOwen.Ambur@verizon.net