The US Department of Defense Cyber Strategy was released in September 2018. This following policy changes are based on changes announced earlier this year in the National Cyber Strategy. The US DoD Cyber Strategy states,
We will conduct cyberspace operations to collect intelligence and prepare military cyber capabilities to be used in the event of crisis or conflict. We will defend forward to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict. We will strengthen the security and resilience of networks and systems that contribute to current and future U.S. military advantages. We will collaborate with our interagency, industry, and international partners to advance our mutual interests.
The phrase, “defend forward…at its source”, is introduced in this strategy which was not included in 2015 strategy. This signifies expansion of proactive defense based approach as deterrence is a key goal of the strategy. Also, DOD increased emphasis on defending non-DOD-owned Defense Critical Infrastructure and cyber talent management within DOD. DOD stated that cyber threats to critical civilian infrastructure leads to failure of military missions. Increasing focus on defense and deterrence in cyber will require different skills and policies from traditional operate and maintain focus, and this strategy shows a road map to evolve DOD cyber mission.
Japan also released updated Japanese Cyber Security Strategy in July 2018 which annouced a similar approach to deterrence as the US strategy.
The security environment in cyberspace is growing increasingly severe. Cyberattacks have been taking place against governmental bodies, critical infrastructure operators, companies and academic and research institutions possessing advanced technologies. There are cases that might threaten to undermine the foundations of democracy. Furthermore, some of these attacks are suspected of being state-sponsored.
Given this situation, in order to protect the Japan’s national security interests from cyberattacks, it is important to secure Japan’s resilience against cyberattacks and increase Japan’s ability to defend the state (defense capabilities), deter cyberattacks (deterrence capabilities), and be aware of the situation in cyberspace (situational awareness capabilities).
Finally, both countries emphasized importance of collaboration with allies and building partnership to defend cyberspace. There are many stakeholders collaborating at all levels; private sector, government, and military. Enhanced efforts to increase bilateral response capabilities, information and situational awareness sharing, and combined operations will continue to increase in order to advance mutual interests.
Deterrence and governmental policy will be active topics of discussion at our monthly seminar event series. Please join us every last Friday of the month if you’d like to learn more. Don’t forget to register for TechNet 2019 March 5-7 to meet with leaders in the cyber industries and governments.