Citation[]
Department of Defense, The DoD Cyber Strategy (Apr. 2015) (full-text).
Overview[]
The purpose of this cyber strategy, the Department's second, is to guide the development of DoD's cyber forces and strengthen its cyber defense and cyber deterrence posture. It focuses on building cyber capabilities and organizations for DoD's three cyber missions:
- defend DoD networks, systems, and information
- defend the United States and its interests against cyberattacks of significant consequence, and
- provide integrated cyber capabilities to support military operations and contingency plans.
Strategic goals[]
The strategy sets five strategic goals and establishes specific objectives for DoD to achieve over the next five years and beyond:
I. Build and maintain ready forces and capabilities to conduct cyberspace operations. In 2013, DoD initiated a major investment in its cyber personnel and technologies for the Cyber Mission Force. The Department of Defense must train its people, build effective organizations and command and control systems, and fully develop the capabilities that DoD requires to operate in cyberspace. Key objectives of this goal include:
- Build technical capabilities for operations, to include a unified and integrated operational platform.
- Accelerate research and development to provide DoD with a significant advantage in developing leap-ahead technologies to defend U.S. interests in cyberspace.
- Assess CMF capacity to achieve mission objectives when confronted with multiple contingencies.
II. Defend the DoD information network, secure DoD data and mitigate risks to DoD missions. DoD must identify, prioritize, and defend its most important networks and data so that it can carry out its missions effectively. DoD must also plan and exercise to operate within a degraded and disrupted cyber environment in the event that an attack on DoD's networks and data succeeds, or if aspects of the critical infrastructure on which DoD relies for its operational and contingency plans are disrupted. Key objectives of this goal include:
- Build the Joint Information Environment Single Security Architecture (JIE SSA) to shift the focus from protecting service-specific networks and systems to securing the DoD enterprise.
- Implement a capability to mitigate all known vulnerabilities that present a high risk to DoD.
- Identify, plan, and defend the networks that support key DoD missions.
- Build a layered defense around the Defense Industrial Base through improved accountability, cybersecurity standards, counterintelligence, and whole-of-government efforts to counter IP theft.
III. Be prepared to defend the U.S. homeland and U.S. vital interests from disruptive or destructive cyberattacks of significant consequence. The Department of Defense must work with its interagency partners, the private sector, and allied and partner nations to deter and if necessary defeat cyberattacks of significant consequence on the U.S. homeland and U.S. interests. The Department of Defense must develop its intelligence, warning, and operational capabilities to mitigate sophisticated, malicious cyberattacks. Key objectives of this goal include:
- Develop intelligence and warning capabilities to anticipate threats.
- Partner with key interagency organizations to prepare to defend the nation in cyberspace.
- Work with DHS to develop continuous and automated mechanisms for sharing information.
- Assess DoD's cyber deterrence posture and provide recommendations for improving it.
IV. Build and maintain viable cyber options and plan to use those options to control conflict escalation and to shape the conflict environment at all stages. During heightened tensions or outright hostilities, the DoD must be able to provide the President with a wide range of options for managing conflict escalation. As a part of the range of tools available to the United States, DoD must develop viable cyber options and integrate those options into Departmental plans. The DoD will develop cyber capabilities to achieve key security objectives with precision, and to minimize loss of life and destruction of property.
V. Build and maintain robust international alliance and partnerships to deter shared threats and increase international security and stability. All three of DoD's cyber missions require close collaboration with foreign allies and partners. In its international cyber engagement, DoD seeks to build partnership capacity in cybersecurity and cyber defense.
- Partner capacity building will focus on priority regions, to include the Middle East, Asia-Pacific, and Europe. The DoD will remain adaptive and flexible to build new alliances and partnerships as required.