U.S. military leaders are starting to unveil the updated Defense Department cyber strategy, calling for troops to “campaign in and through cyberspace” in order to defend the country.
The Pentagon on Friday announced it shared a classified version of its 2023 Cyber Strategy with Congress earlier this week and promised to produce an unclassified summary of the new strategy in the coming months.
The new cyber strategy updates the previous one, issued in 2018, and “is informed by years of real-world experience of significant [Defense Department] cyberspace operations,” according to a Pentagon statement.
Those operations include 47 deployments to 22 countries by U.S. Cyber Command “hunt forward teams,” most recently to Latvia and Albania.
Hunt forward teams also played a role in securing the 2020 presidential election.
U.S. officials have likewise been learning from Russia’s attempts to use cyberattacks as part of its invasion of Ukraine.
“The department will maximize its cyber capabilities in support of integrated deterrence, employing cyberspace operations in concert with other instruments of national power,” the Defense Department said Friday in a separate, unclassified fact sheet.
It also warned that U.S. military cyber teams “will campaign in and through cyberspace below the level of armed conflict to reinforce deterrence and frustrate adversaries.”
In line with previous statements and congressional testimony from top Pentagon officials, the new cyber strategy lists China as the main threat.
“The People’s Republic of China (PRC) represents the department’s pacing challenge,” according to the strategy fact sheet. “The PRC has made significant investments in military cyber capabilities and empowered a number of proxy organizations to pursue malicious cyber activities against the United States.”
Earlier this month, the director of the U.S. Cybersecurity and Infrastructure Security Agency, or CISA, warned that China would very likely turn to cyberspace should tensions between Beijing and Washington boil into something more.
“In the event of a conflict with the U.S., we will almost certainly see China use aggressive cyber operations against our critical infrastructure and almost certainly be able to disrupt critical infrastructure,” Jen Easterly told a forum organized by the Special Competitive Studies Project.
Just this past week, CISA, along with the FBI, the U.S. National Security Agency and partners from Australia, Britain, Canada and New Zealand, issued a warning about cyber activity by a China-linked threat actor known as Volt Typhoon.
A separate report this week, issued by tech giant Microsoft, warned that Volt Typhoon “is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.”
It also cautioned that the Chinese-backed cyber actor already “has targeted critical infrastructure organizations in Guam and elsewhere.”
Other top threats in the 2023 Pentagon Cyber Strategy include Russia, North Korea, Iran, terror organizations and crime syndicates.
Additionally, the Pentagon said the new strategy complements the 2023 National Cybersecurity Strategy, launched by the White House earlier this year.
White House cybersecurity officials said the national strategy calls for a more aggressive response from all aspects of the U.S. government to any malicious cyber activity.
“We are certainly in a more forward-leaning position to make sure that we’re protecting the American people from these threats,” a senior administration official said during the rollout in March, adding that that included the use of military tools.
“These are options that the president has, and we’re certainly open to using all of them,” the official noted.
Patsy Widakuswara contributed to this report.