How to Compete in Cyberspace: Cyber Command’s New Approach

Nakasone, Paul M. & Michael Sulmeyer (2020). How to Compete in Cyberspace; Cyber Command’s New Approach. Foreign Affairs. https://www.foreignaffairs.com/articles/united-states/2020-08-25/cybersecurity.

Executive Summary: In 2018, Congress enabled Cyber Command to conduct traditional military activities in addition to the mostly preparatory operations in Cyberspace. The White House released a National Cyber Strategy, which aligned diplomatic, intelligence, military, and economic [DIME] efforts in cyberspace. That year, Cybercom was elevated to a functional combatant command with global responsibilities. And the DoD released its cyber strategy enshrining “Defend Forward.” General Nakasone, the commander US Cyber Commander, wrote this article to provide an overview of Cybercom’s new proactive approach.

Overview: What is Persistent engagement (PE)? PE is a recognition that one-off cyber operations won’t deter or defeat our adversaries. We must make it difficult for our adversaries to advance their goals over time. By only being reactive and applying defensive measures, we will always cede the initiative. [You cannot defend the nation on your heels.]

Hunting forward is a new proactive approach to Cybercom’s mission. By hunting forward, we support our partners, build unity of purpose, maintain and clarify international norms, learn from their techniques and approaches, and gain access to observing other operationalized malware. Once other malware is found by Cybercom, it shares this information with large antivirus companies to update their products to better protect their users. [The cost of these updates to adversaries could be months, if not years, of reconnaissance, access, tool development, and millions of dollars.]

Cybercom now pursues a proactive approach in three major ways:

(1) Cyber Protection Teams hunt for malware and bad actors in the system, not simply react to an event.

(2) Treat every host, server, and connection as potentially hostile. Zero trust. Scaling prevents toeholds from becoming beach heads.

(3) Commander-centric requirement to maintain the networks. It is not an S6 function. It is commander business now. Treat networks as an area of operations led by a single commander and align authority and accountability.

How do our adversaries threaten the United States in Cyberspace:

·        China supplements those cyberspace operations with influence campaigns to obscure international narratives about their activities.

·        Russia uses cyberspace for espionage and theft and to disrupt U.S. infrastructure while attempting to erode confidence in the nation’s democratic processes.

·        Iran undertakes online influence campaigns, espionage efforts, and outright attacks against government and industrial sectors.

·        North Korea flouts sanctions by hacking international financial networks and cryptocurrency exchanges to generate revenue that funds its weapons development activities.

·        Violent extremist organizations have used the Internet to recruit terrorists, raise funds, direct violent attacks, and disseminate gruesome propaganda

Cybercom’s capabilities are meant to complement, not replace, other military capabilities, as well as the tools of diplomacy, sanctions, and law enforcement.

Risk is calculated into every plan and action. Deliberate planning also ensures we remain consistent with the law of armed conflict and other important international norms to ensure we protect U.S. interests from cyber threats and staying true to the nation’s core values.

Militaries succeed when they embrace new technologies aimed at planning for the next war, not fighting the last one. [Move beyond doctrine based arguments that were written to support asymmetric, counter insurgency warfare. This is GPC.]

From US Navy Tenth Fleet Strategy: 

Those who recognize change, understand change and exploit change to their advantage, win! ~ Colonel John Boyd

[Let that be us.]

Bold, italics, [brackets] added by author

Join the discussion here or for FOUO discussions at Rochefort Group blog (CAC-enabled).