DEPARTMENT OF DEFENSE CYBER STRATEGY 2018The arrival of the cyber era has created new opportunities and challenges for the Department and the Nation. Open and reliable access to information is a vital U.S. interest, and our allies and competitors alike should understand that we will assertively defend it. The 2018 DoD Cyber Strategy directs the Department to defend forward, shape the day-to-day competition, and prepare for war by building a more lethal force, expanding alliances and partnerships, reforming the Department, and cultivating talent, while actively competing against and deterring our competitors. Taken together, these mutually reinforcing activities will enable the Department to compete, deter, and win in the cyberspace domain.Our strategic approach is based on mutually reinforcing lines of effort to build a more lethal force; compete and deter in cyberspace; expand alliances and partnerships; reform the Department; and cultivate talent. U.S. Department of DefenseDoD_5e8dcfdc-5d6a-11df-839d-400e7a64ea2aDefense Critical Infrastructure (DCI)The Department must be prepared to defend non-DoD-owned Defense Critical Infrastructure (DCI) and Defense Industrial Base (DIB) networks and systems. Our chief goal in maintaining an ability to defend DCI is to ensure the infrastructure’s continued functionality and ability to support DoD objectives in a contested cyber environment.Defense Industrial Base (DIB)Our focus working with DIB entities is to protect sensitive DoD information whose loss, either individually or in aggregate, could result in an erosion of Joint Force military advantage. As the Sector Specific Agency (SSA) for the DIB and a business partner with the DIB and DCI, the Department will: set and enforce standards for cybersecurity, resilience, and reporting; and be prepared, when requested and authorized, to provide direct assistance, including on non-DoD networks, prior to, during, and after an incident.Open and reliable access to information_694dc5d6-39ca-11ed-bcf4-7bae1483ea00To enable the Department to compete, deter, and win in the cyberspace domain_694dc90a-39ca-11ed-bcf4-7bae1483ea00InformationOpennessReliabilityResilienceAccountabilityEffectivenessMissionsEnsure the Joint Force can achieve its missions in a contested cyberspace environment_694dc9f0-39ca-11ed-bcf4-7bae1483ea001Joint ForceBUILD A MORE LETHAL JOINT FORCECyber CapabilityAccelerate cyber capability development_694dca9a-39ca-11ed-bcf4-7bae1483ea001.1The Department will accelerate the development of cyber capabilities for both warfighting and countering malicious cyber actors. Our focus will be on fielding capabilities that are scalable, adaptable, and diverse to provide maximum flexibility to Joint Force commanders. The Joint Force will be capable of employing cyberspace operations throughout the spectrum of conflict, from day-to-day operations to wartime, in order to advance U.S. interests.Innovation & AgilityInnovate to foster agility_694dcb3a-39ca-11ed-bcf4-7bae1483ea001.2The Department must innovate to keep pace with rapidly evolving threats and technologies in cyberspace. We will accept and manage operational and programmatic risk in a deliberate manner that moves from a “zero defect” culture to one that fosters agility and innovation because success in this domain requires the Department to innovate faster than our strategic competitors.Automation & DataLeverage automation and data analysis to improve effectiveness_694dcc02-39ca-11ed-bcf4-7bae1483ea001.3The Department will use cyber enterprise solutions to operate at machine speed and large-scale data analytics to identify malicious cyber activity across different networks and systems. The Department will leverage these advances to improve our own defensive posture and to ensure that our cyber capabilities will continue to be effective against competitors armed with cutting edge technology.COTSEmploy commercial-off-the-shelf (COTS) cyber capabilities_694dcef0-39ca-11ed-bcf4-7bae1483ea001.4The Department excels at creating cyber capabilities tailored for specific operational problems. In addition to these capabilities, we will make greater use of COTS capabilities that can be optimized for DoD use. OperationsStrengthen the Joint Force by conducting cyberspace operations that enhance U.S. military advantages_694dcfae-39ca-11ed-bcf4-7bae1483ea002COMPETE AND DETER IN CYBERSPACEDeterenceDeter malicious cyber activities_694dd058-39ca-11ed-bcf4-7bae1483ea002.1The United States seeks to use all instruments of national power to deter adversaries from conducting malicious cyberspace activity that would threaten U.S. national interests, our allies, or our partners. The Department will prioritize securing sensitive DoD information and deterring malicious cyber activities that constitute a use of force against the United States, our allies, or our partners. Should deterrence fail, the Joint Force stands ready to employ the full range of military capabilities in response.ContestationPersistently contest malicious cyber activity in day-to-day competition_694dd15c-39ca-11ed-bcf4-7bae1483ea002.2The Department will counter cyber campaigns threatening U.S. military advantage by defending forward to intercept and halt cyber threats and by strengthening the cybersecurity of systems and networks that support DoD missions. This includes working with the private sector and our foreign allies and partners to contest cyber activity that could threaten Joint Force missions and to counter the exfiltration of sensitive DoD information. InfrastructureIncrease the resilience of U.S. critical infrastructure_694dd206-39ca-11ed-bcf4-7bae1483ea002.3The Department will work with its interagency and private sector partners to reduce the risk that malicious cyber activity targeting U.S. critical infrastructure could have catastrophic or cascading consequences. We will streamline our publicprivate information-sharing mechanisms and strengthen the resilience and cybersecurity of critical infrastructure networks and systems. InfrastructureDefend U.S. critical infrastructure from malicious cyber activity that alone, or as part of a campaign, could cause a significant cyber incident_694dd2ba-39ca-11ed-bcf4-7bae1483ea003CULTIVATE TALENT Cyber WorkforceSustain a ready cyber workforce_694dd36e-39ca-11ed-bcf4-7bae1483ea003.1The Department’s workforce is a critical cyber asset. We will invest in building future talent, identifying and recruiting sought-after talent, and retaining our current cyber workforce. We will provide ample opportunities—both inside and outside the Department—for the professional development and career progression of cyber personnel. We will create processes for maintaining visibility of the entire military and civilian cyber workforce and optimizing personnel rotations across military departments and commands, including maximizing the use of the Reserve Components. The Department will also ensure that its cyber requirements are filled by the optimal mix of military service members, civilian employees, and contracted support to serve mission requirements.Cyber TalentEnhance the Nation’s cyber talent_694dd422-39ca-11ed-bcf4-7bae1483ea003.2The Department plays an essential role in enhancing the Nation’s pool of cyber talent in order to further the goal of increasing national resilience across the private and public sectors. To that end, we will increase our efforts alongside other Federal departments and agencies to promote science, technology, engineering, mathematics, and foreign language (STEM-L) disciplines at the primary and secondary education levels throughout the United States. The Department will also partner with industry and academia to establish standards in training, education, and awareness that will facilitate the growth of cyber talent in the United States.ExpertiseEmbed software and hardware expertise as a core DoD competency_694dd4e0-39ca-11ed-bcf4-7bae1483ea003.3To make it attractive to skilled candidates, the Department will establish a career track for computer science related specialties (including hardware engineers, software developers, and data analysts) that offers meaningful challenges, rotational billets at other Federal departments and agencies, specialized training opportunities tied to retention commitments, and the expansion of compensation incentives for the Cyber Excepted Service (CES).Talent ManagementEstablish a cyber top talent management program_694dd59e-39ca-11ed-bcf4-7bae1483ea003.4The Department will establish a cyber talent management program that provides its most skilled cyber personnel with focused resources and opportunities to develop key skills over the course of their careers. The Department will use competitive processes, including individual and team competitions, to identify the most capable DoD military and civilian cyber specialists and then empower those personnel to solve the Department’s toughest challenges.Information & SystemsSecure DoD information and systems against malicious cyber activity, including DoD information on non-DoD-owned networks_694dd65c-39ca-11ed-bcf4-7bae1483ea004REFORM THE DEPARTMENTCyber AwarenessIncorporate cyber awareness into DoD institutional culture_694dd71a-39ca-11ed-bcf4-7bae1483ea004.1The Department will adapt its institutional culture so individuals at every level are knowledgeable about the cyberspace domain and can incorporate that knowledge into their day-to-day activities. Leaders and their staffs need to be “cyber fluent” so they can fully understand the cybersecurity implications of their decisions and are positioned to identify opportunities to leverage the cyberspace domain to gain strategic, operational, and tactical advantages.AccountabilityIncrease cybersecurity accountability_694dd7ec-39ca-11ed-bcf4-7bae1483ea004.2Reducing the Department’s “attack surface” requires an increase in cybersecurity awareness and accountability across the Department. We will hold DoD personnel and our private sector partners accountable for their cybersecurity practices and choices. SolutionsSeek material solutions that are affordable, flexible, and robust_694dd8b4-39ca-11ed-bcf4-7bae1483ea004.3The Department will reduce the time it takes to procure software and hardware in order to keep pace with the rapid advance of technology. We will identify opportunities to procure scalable services, such as cloud storage and scalable computing power, to ensure that our systems keep pace with commercial information technology and can scale when necessary to match changing requirements. We will also leverage COTS capabilities where feasible to reduce our reliance on expensive, custom-built software that is difficult to maintain or upgrade.VulnerabilityExpand crowd-sourced vulnerability identification_694dd97c-39ca-11ed-bcf4-7bae1483ea004.4The Department will continue to identify crowdsourcing opportunities, such as hack-a-thons and bug-bounties, in order to identify and mitigate vulnerabilities more effectively and to foster innovation. CooperationExpand DoD cyber cooperation with interagency, industry, and international partners_694dda4e-39ca-11ed-bcf4-7bae1483ea005Interagency PartnersIndustry PartnersInternational PartnersSTRENGTHEN ALLIANCES AND ATTRACT NEW PARTNERSHIPSPrivate Sector PartnershipsBuild trusted private sector partnerships_694ddb20-39ca-11ed-bcf4-7bae1483ea005.1Private SectorThe private sector owns and operates the majority of U.S. infrastructure and is on the frontlines of nation-state competition in cyberspace. In coordination with other Federal departments and agencies, the Department will build trusted relationships with private sector entities that are critical enablers of military operations and carry out deliberate planning and collaborative training that enables mutually supporting cybersecurity activities.International PartnershipsOperationalize international partnerships_694ddd3c-39ca-11ed-bcf4-7bae1483ea005.2Many of the United States’ allies and partners possess advanced cyber capabilities that complement our own. The Department will work to strengthen the capacity of these allies and partners and increase DoD’s ability to leverage its partners’ unique skills, resources, capabilities, and perspectives. Information-sharing relationships with allies and partners will increase the effectiveness of combined cyberspace operations and enhance our collective cybersecurity posture.NormsReinforce norms of responsible State behavior in cyberspace_694dde40-39ca-11ed-bcf4-7bae1483ea005.3Nation StatesThe Department will reinforce voluntary, non-binding norms of responsible State behavior in cyberspace during peacetime. The United States has endorsed the work done by the UN Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UNGGE) to develop a framework of responsible State behavior in cyberspace. The principles developed by the UNGGE include prohibitions against damaging civilian critical infrastructure during peacetime and against allowing national territory to be used for intentionally wrongful cyber activity. The Department will work alongside its interagency and international partners to promote international commitments regarding behavior in cyberspace as well as to develop and implement cyber confidence building measures (CBM). When cyber activities threaten U.S. interests, we will contest them and we will be prepared to act, in conjunction with partners, to defend U.S. interests. 2018-12-312022-09-21https://media.defense.gov/2018/Sep/18/2002041658/-1/-1/1/CYBER_STRATEGY_SUMMARY_FINAL.PDFOwenAmburOwen.Ambur@verizon.net