By Richard J. Harknett
The US Cyber Command (USCYBERCOM) has released effectively a novel ascendancy strategy (formally called a “Command Vision,” although it addresses ends, ways together with means), anchored on the recognition that the cyberspace domain has changed inwards telephone commutation ways since the Command was established inwards 2009. Drawing on its sense over the yesteryear 8 years, the Command offers a novel approach that aligns alongside the strategic realities within which it must successfully operate. The “Achieve together with Maintain Cyberspace Superiority: H5N1 Command Vision for US Cyber Command” marks a pregnant evolution inwards cyber operations together with strategic thinking, portending an chance to convey near greater safety together with stability to the interconnected global digital environment.
Recently inwards Lawfare, Michael Sulmeyer, onetime U.S. Department of Defense manager for plans together with operations for cyber policy, provided a relatively positive assessment of the novel US National Security Strategy’s (NSS) approach to cybersecurity, noting that the “administration shows an agreement that cyberspace is a critical purpose to practically every aspect of national security.” The Command’s novel approach nests neatly nether the NSS, provides a roadmap to guide cyber operations together with points toward the policy framework that must evolve to ensure such operations succeed inwards advancing U.S. national interests. The Command’s approach also focuses on stemming the erosion of the United States’ competitive border found inwards the newly released National Defense Strategy .
This Command Vision boldly aligns alongside the strategic context together with operational environs that withdraw keep emerged over the lastly decade together with provides a comprehensive vision of how to tackle these novel realities. Successful implementation of this novel strategic together with operational approach volition require novel thinking across the authorities together with academia to ensure that the right organizational structures, decision-making processes, capabilities evolution pathways together with authorities are inwards place. It has provided the foundation for such novel cyber thinking.
Strategic Context
The Command’s strategic approach makes roughly critical assumptions near cyberspace every bit a domain, which withdraw keep either non been explicit inwards the yesteryear or stand upwards for of import shifts from previous U.S. thinking. First together with first of all is the recognition that adversary demeanor intentionally ready below the threshold of armed aggression has strategic effect. This insight moves away from the conventional bifurcation of looking at cyber activity every bit “hacking” together with binning it every bit either nuisance (crime) or every bit a potential surprise ready on against critical infrastructure. Instead, the strategy focuses on adversarial cyber operations for what they are—well idea out campaigns seeking to degrade U.S. powerfulness together with advance their ain relative capacities, spell avoiding pregnant American reaction. Moving away from the ‘hack,’ ‘breach,’ ‘incident,’ ‘attack’ framing toward a recognition that what is significantly putting at run a endangerment American strength are sophisticated campaigns that undermine diplomatic, economic, together with military machine powerfulness every bit good every bit social cohesion is an of import measuring forwards inwards U.S. thinking. The vision realizes that different inwards the terrestrial spaces where strategic effects withdraw keep required territorial aggression (or the threat thereof), cyber operations withdraw keep opened a novel seam inwards the distribution of powerfulness together with tin behave upon relative powerfulness without traditional armed aggression. In his Lawfare essay, Sulmeyer complimented the NSS drafters for recognizing the connection betwixt cybersecurity together with American power. USCYBERCOM’s strategy builds off of that NSS frame.
The instant critical supposition is that the US straightaway faces peer competitors inwards the cyberspace domain. Thus, cyber superiority, which is critical for superiority inwards all other military machine domains, is non assured together with is really nether continual stress. The strategy accepts every bit a given that cyberspace is congested contested terrain together with that spell capabilities vary across states, trigger-happy extremist organizations, organized criminals groups together with hacktivists, all of these actors tin contribute to damaging American interests (including when state actors leverage these other actors to advance their goals spell retaining deniability together with doubtfulness over attribution).
The concluding of import strategic reality that the document recognizes is that the condition quo is deteriorating into norms that yesteryear default are beingness ready yesteryear adversaries. This non exclusively challenges American interests, but orients cyberspace toward a chaotic future. The novel strategy aims to redress these negative norms. The vision appropriately accords to our adversaries a reasonable supposition of clever calculation. USCYBERCOM is acknowledging that opponents “exploit our dependencies together with vulnerabilities inwards cyberspace together with utilization our systems, processes, together with values against us to weaken our democratic institutions together with gain economic, diplomatic, together with military machine advantages.” The implication, of course, is non exclusively the demand for a novel approach, which USCYBERCOM straightaway offers, but the demand to readdress our overall national cyberspace strategic framework if nosotros are to wrest the first away from opponents who are operating without existent constraint below the threshold of war.
Operating Context
Building upon USCYBERCOM’s experience, the vision explicitly distinguishes characteristics of cyberspace every bit an operational domain. Specifically, the document recognizes that the interconnected nature of cyberspace leads to an environs of constant contact together with shifting terrain inwards which persistent activity continually challenges ones’ capacity to defend together with to maneuver. Security is redefined every bit resting on seizing first to gain “continuous tactical, operational, together with strategic advantage.” What powerfulness live missed inwards the populace presentation of this build is that first is non near going on the offense, but rather beingness 1 anticipatory measuring ahead across the spectrum of cyber operations.
Indeed, this approach notably emphasizes linking resiliency, defending, together with contesting inwards a seamless operational framework. Success inwards each flows from having the first to anticipate where U.S. vulnerabilities lie, together with through resiliency together with defensive actions, taking those opportunities away from adversaries; when possible, defending forwards so that adversarial activity is blunted earlier getting into U.S. networks and, when necessary, contesting adversary capabilities together with their ain vulnerabilities to shift the focus of opponents inwards lodge to shape their behavior. It is the amount of these constituent parts of the strategy, non whatever 1 inwards isolation, that volition Pb to a to a greater extent than stable together with secure cyberspace.
That beingness said, the of import emphases on defending forwards together with contesting active campaigns are both noteworthy. These operational orientations recognize that previous U.S. approaches ultimately left the U.S. playing ‘clean-up on aisle nine,’ likewise oft dealing alongside adversaries within our networks (or inwards the aftermath of their exploitations), rather than stopping them earlier entering. What is interesting is how those efforts are linked dorsum to resiliency to make strategic outcomes. The strategy recognizes that along alongside authorities resiliency, improve alignment betwixt someone sector technology scientific discipline evolution together with national safety goals every bit good every bit enhanced coordination betwixt cyberspace service providers, safety firms, together with authorities policy aims tin homecoming adversarial activities inconsequential. This volition enable USCYBERCOM to direct its focus toward really consequential threats. There is of import similarity hither alongside the United Kingdom’s 2016 Cyber Strategy, which created its National Cyber Security Centre that has a similar mission focus on proactively reducing the effects of persistent adversary cyber operations. While the strategy lays out this goal, it does non delineate how this critical alignment betwixt the someone sector together with a military machine cyber operational approach volition live produced. One novel starting betoken to consider is that it is to a greater extent than near alignment of activity than partnership—a concept soundless used inwards the vision document (and 1 nosotros withdraw keep been talking near inwards the US for 20-plus years, but withdraw keep failed to fully produce).
That limitation aside, the project design hither is the greater clarity of what is potentially consequential due to a shrinking vulnerability surface (both user together with technical), contesting adversaries’ remaining cyber operations together with then tin make strategic final result every bit the “tactical friction” the adversary experiences through continuous appointment yesteryear the US compels them to shift their resources (and thinking) toward their ain vulnerabilities together with defense. In this manner, the Command’s approach seeks to supervene upon the electrical current norm of adversaries acting alongside relative impunity to a different, to a greater extent than complicated calculus on their part. This can, over time, Pb to a normalization of cyberspace that is less free-for-all together with potentially to a greater extent than stable. It is non contradictory to assume that inwards an environs of constant activity it volition select counter activity to moderate demeanor effectively.
Interestingly, the strategy anticipates criticism from opponents who volition bill the US of potentially militarizing cyberspace through this approach. The vision explicitly notes that cyberspace has been militarized yesteryear the actions of adversaries over the lastly decade. More importantly, the vision emphasizes that this is non an offensive doctrine, but a seamless operational approach integrating resilience, defence forcefulness together with disceptation of adversary activity. Sulmeyer suggested inwards Dec that the NSS “missed an chance to stress the demand for Cyber Command’s maturing Cyber Mission Force must live a forcefulness that is create to fight.” USCYBERCOM’s strategy non exclusively fills that omission inwards the NSS, but offers us a unique agreement of what it agency to “fight” inwards cyberspace through its recognition of seamless resiliency, defence forcefulness together with offense. This is captured yesteryear 1 operational objective referred to every bit “create friction for adversaries.” One tin reckon inwards all 3 forms of operations--resiliency, defending forward, together with contesting--how each tin create friction inwards the planning together with operations of adversaries. Better resiliency volition nurture the initial attempt an adversary needs to make, defending forwards volition create early on interruption, together with contesting volition demand that adversaries reallocate resources to defense. Building such friction tin withdraw keep an overall potential shaping effect, but it comes through the friction produced, non the threat to inflict costs that is associated alongside previous strategies of deterrence yesteryear denial or punishment. This is a major conceptual advancement.
Adm. Michael S. Rogers’ commander’s intent department of the document fleshes out 5 distinct, but related together with reinforcing, imperatives, to advance the strategy toward success. Without delineating them hither inwards detail, the primary takeaway is that they stand upwards for actions that every bit a novel unified combatant ascendancy USCYBERCOM tin achieve.
Policy Framework
The document notes that it fully aligns alongside both the novel National Security Strategy together with National Defense Strategy. It speaks to those larger purviews yesteryear detailing the connection betwixt cyber operations together with the spectrum of American power. The strategy importantly addresses how cyber operations contribute to: U.S. diplomatic powerfulness (the potential for sanction back upwards or discreet reversible compellence); combating others’ information operations; facilitating “overmatch of adversary military machine capabilities” together with importantly making the sources of American economical powerfulness “more resilient together with defensible.” Viewing cyber operations every bit a critical constituent inwards whole-of-government national safety policy is important. (Consider, for example, that exclusively 12 years agone the word “cyber” appeared exclusively in 1 lawsuit inwards the entire NSS).
Within that policy context, 1 pregnant challenge is the American penchant to split upwards roles together with responsibilities across authorities inwards a highly hierarchical, bureaucratic model. In an interconnected domain, however, the answer is non segmentation, but rather synergy. Again, the British appear to live seeking greater organizational synergy through their National Cyber Security Centre. Both Commonwealth of Australia together with State of Israel are organizing along similar lines. While the USCYBERCOM strategy does non direct address the pending organizational enquiry of splitting the dual-hat of commander together with manager National Security Agency, it would behoove the Trump direction to consider a intermission inwards thinking such a motion every bit inevitable together with opened upwards itself to a rethink—we may withdraw keep been ahead of our fourth dimension inwards organizing 1 expanse of cybersecurity correctly (a tight human relationship betwixt our Pb cyber military machine operational ascendancy together with our Pb signals tidings agency). The priority inwards the immediate, at least, should live inwards implementing USCYBERCOM’s novel strategy inwards the context of its novel unified ascendancy elevated condition together with and then doing a novel reality banking concern check on where to move out organizationally (for example, a hybrid model of to a greater extent than empowered deputies inwards both organizations reporting to a dual-hatted leader powerfulness live considered).
To Boldly Go…
Big decisions remain. While the alignment of cyber operations alongside national policy is critical, the strategy volition hopefully catalyze the balance of the policy community, to boldly rethink decision-making processes, operational authorities, together with capabilities evolution -- all of which must realign to correspond the realities of cyberspace. Currently, none of these come across what Secretary of Defense James Mattis calls the “speed of relevance.” Two critical variables that the strategy notes are fourth dimension together with fluidity: things tumble out fast together with things modify regularly. The strategy succinctly outlines the: how (seamless), where (global), when (continuous), together with why (achieve operational advantage), but none of that volition attain total final result if it is non supported yesteryear an aligned policy framework that tin suit to the speed together with fluidity of this operational domain. The nuclear revolution brought near telephone commutation changes inwards U.S. national safety organizations, capabilities evolution together with decision-making processes that mapped to nuclear realities. While it is beyond the range of a unified combatant command’s strategy to convey such change, USCYBERCOM’s vision should live taken every bit an initiating betoken for pregnant inquiry together with give-and-take (and action) to address comprehensively how the US should organize itself to secure the cyber domain. lxx years out, Strategic Command soundless holds annual symposia researching the implications of its nub strategy of nuclear deterrence. We demand the same sustained analysis of cyber operations.
The wider inquiry together with academic communities, along alongside nub authorities agencies, demand to to a greater extent than intensely evaluate the necessary adjustments needed inwards achieving success inwards an interconnected domain of constant contact, ever-shifting terrain, together with a persistent competition over who tin sustain initiative. We withdraw keep much operate inwards front end of us. The problem, of course, is that adversaries are actively gaining advantages, hence the operate must laid about inwards earnest. One powerfulness suspect that inwards the capitals of roughly of our cyber adversaries, the alignment of USCYBERCOM’s strategy to the realities of the operational infinite volition live met with, “darn, they withdraw keep figured it out, this is going to instruct harder.” That volition live the vision’s immediate effect. But maybe to a greater extent than importantly, USCYBERCOM’s novel strategy tin live a spur to a to a greater extent than robust attain of thinking near cyber operations, strategy, together with powerfulness inwards the 21st century. That could live its demarcating legacy.
Buat lebih berguna, kongsi:
