The first Department of Defense strategy report on cyberspace was released on July 14, 2011 and an update to the strategy was released April 23, 2015. The strategy outlines the three missions in the cyber domain: to defend Department of Defense networks, systems, and information; to defend the U.S. homeland and U.S. national interests against cyberattacks of significant consequence; and to provide integrated cyber capabilities to support military operations and contingency plans.
Excerpt from 2015 Strategy:
STRATEGIC GOAL I: BUILD AND MAINTAIN READY FORCES AND CAPABILITIES TO CONDUCT CYBERSPACE OPERATIONS.
To operate effectively in cyberspace, DoD requires forces and personnel that are trained to the highest standard, ready, and equipped with best-in-class technical capabilities. In 2013 DoD initiated a major investment in its cyber personnel and technologies by initiating the CMF; now DoD must make good on that investment by training its people, building effective organizations and command and control systems, and fully developing the capabilities that DoD requires to operate in cyberspace. This strategy sets specific objectives for DoD to meet as it mans, trains, and equips its forces and personnel over the next five years and beyond.
STRATEGIC GOAL II: DEFEND THE DOD INFORMATION NETWORK, SECURE DOD DATA, AND MITIGATE RISKS TO DOD MISSIONS.
While DoD cannot defend every network and system against every kind of intrusion – DoD’s total network attack surface is too large to defend against all threats and too vast to close all vulnerabilities – DoD must take steps to identify, prioritize, and defend its most important networks and data so that it can carry out its missions effectively. DoD must also plan and exercise to operate within a degraded and disrupted cyber environment in the event that an attack on DoD’s networks and data succeeds, or if aspects of the critical infrastructure on which DoD relies for its operational and contingency plans are disrupted.
Finally, DoD must raise the bar on technology and innovation to stay ahead of the threat by enhancing its cyber defense capabilities, including by building and employing a more defendable network architecture in the Joint Information Environment (JIE). Outside of DoD networks, DoD must work with the private sector to help secure defense industrial base trade data, and be prepared to assist other agencies in hardening U.S. networks and data against cyberattacks and cyber espionage.
STRATEGIC GOAL III: BE PREPARED TO DEFEND THE U.S. HOMELAND AND U.S. VITAL INTERESTS FROM DISRUPTIVE OR DESTRUCTIVE CYBERATTACKS OF SIGNIFICANT CONSEQUENCE.
The Department of Defense must work with its interagency partners, the private sector, and allied and partner nations to deter and if necessary defeat a cyberattack of significant consequence on the U.S. homeland and U.S. interests. The Defense Department must develop its intelligence, warning, and operational capabilities to mitigate sophisticated, malicious cyberattacks before they can impact U.S. interests. Consistent with all applicable laws and policies, DoD requires granular, detailed, predictive, and actionable intelligence about global networks and systems, adversary capabilities, and malware brokers and markets. To defend the nation, DoD must build partnerships with other agencies of the government to prepare to conduct combined cyber operations to deter and if necessary defeat aggression in cyberspace. The Defense Department is focused on building the capabilities, processes, and plans necessary to succeed in this mission.
STRATEGIC GOAL IV: BUILD AND MAINTAIN VIABLE CYBER OPTIONS AND PLAN TO USE THOSE OPTIONS TO CONTROL CONFLICT ESCALATION AND TO SHAPE THE CONFLICT ENVIRONMENT AT ALL STAGES.
During heightened tensions or outright hostilities, DoD must be able to provide the President with a wide range of options for managing conflict escalation. If directed, DoD should be able to use cyber operations to disrupt an adversary’s command and control networks, military-related critical infrastructure, and weapons capabilities. As a part of the full range of tools available to the United States, DoD must develop viable cyber options and integrate those options into Departmental plans. DoD will develop cyber capabilities to achieve key security objectives with precision, and to minimize loss of life and destruction of property. To ensure unity of effort, DoD will enable combatant commands to plan and synchronize cyber operations with kinetic operations across all domains of military operations. Cyber Flag 14-1 participants analyze an exercise scenario in the Red Flag building at Nellis Air Force Base, NV. Cyber Flag focuses on exercising USCYBERCOM’s mission of operating and defending DoD networks across the full spectrum of operations against a realistic adversary in a virtual environment.
STRATEGIC GOAL V: BUILD AND MAINTAIN ROBUST INTERNATIONAL ALLIANCES AND PARTNERSHIPS TO DETER SHARED THREATS AND INCREASE INTERNATIONAL SECURITY AND STABILITY.
All three of DoD’s cyber missions require close collaboration with foreign allies and partners. In its international cyber engagement DoD seeks to build partnership capacity in cybersecurity and cyber defense, and to deepen operational partnerships where appropriate. Given the high demand and relative scarcity of cyber resources, the Department of Defense must make hard choices and focus its partnership capacity initiatives on areas where vital U.S. national interests are stake. Over the next five years, in addition to ongoing partner capacity building efforts in other regions, DoD will focus its international engagement on: the Middle East, the Asia-Pacific, and key NATO allies. Through the course of this strategy DoD will constantly assess the international environment and develop innovative partnerships to respond to emerging challenges and opportunities.