In a speech at Stanford University on April 23, 2015, Department of Defense (“DoD” or the “Pentagon”) Secretary Ash Carter unveiled the Pentagon’s new cyber strategy (the “Strategy”) and called on the technology sector to partner with DoD in combatting cyber crime and terrorism. He also confirmed that Russian hackers had accessed one of the Pentagon’s unclassified networks earlier this year.
According to the Strategy, “[t]he United States is committed to an open, secure, interoperable, and reliable Internet that enables prosperity, public safety, and the free flow of commerce and ideas. … Yet these same qualities of openness and dynamism that led to the Internet’s rapid expansion now provide dangerous state and non-state actors with a means to undermine U.S. interests.” Further, “[l]eaders must take steps to mitigate cyber risks. Governments, companies, and organizations must carefully prioritize the systems and data that they need to protect, assess risks and hazards, and make prudent investments in cybersecurity and cyber defense capabilities to achieve their security goals and objectives.”
The Strategy builds on the work begun by the Pentagon in May 2011 in addressing cyber threats and sets forth the “strategic goals and objectives for DoD’s cyber activities and mission to achieve over the next five years.” In order to improve collective cybersecurity and protect U.S. interests, the Pentagon will seek to expand information sharing and interagency coordination; build bridges to the private sector; and build alliances, coalitions, and partnerships abroad.
The Strategy is focused on three primary missions:
- DoD must defend its own networks, systems, and information.
- DoD must be prepared to defend the United States and its interests against cyber attacks of significant consequence.
- If directed by the President or the Secretary of Defense, DoD must be able to provide integrated cyber capabilities to support military operations and contingency plans.
A new cyber mission force encompassing “leaders and communities across DoD and the broader U.S. government” is being developed to advance the Strategy, which has the following five goals for these missions:
- Build and maintain ready forces and capabilities to conduct cyberspace operations;
- Defend the DoD information network, secure DoD data, and mitigate risks to DoD missions;
- Be prepared to defend the U.S. homeland and U.S. vital interests from disruptive or destructive cyber attacks of significant consequence;
- Build and maintain viable cyber options and plan to use those options to control conflict escalation and to shape the conflict environment at all stages; and
- Build and maintain robust international alliances and partnerships to deter shared threats and increase international security and stability.