August 10, 2023 By C.J. Haughey 5 min read

In May 2023, the Department of Defense (DoD) released an unclassified fact sheet detailing its latest cyber strategy. This latest update is another indication of the Pentagon’s intent to combat threat actors, coming fast on the heels of the 2022 National Security Strategy and the 2022 National Defense Strategy.

A more complete summary of the strategy will follow in a few months. For now, let’s unpack what we know so far about the Department of Defense’s 2023 cybersecurity strategy.

Reinforcing the “Defend Forward” strategy

Defend Forward is a cybersecurity strategy where organizations adopt an offensive approach to protect their critical infrastructure and data. Rather than reacting to incidents, the goal is to proactively disrupt or stop malicious cyber activities in the earliest stages.

By taking the fight to hackers, companies can limit the damage to their systems and increase costs for attackers.

The success of this concept relies on a few foundational principles:

  • Detect and disrupt malicious activity in the early stages
  • Develop a deep understanding of the latest tactics, techniques and procedures (TTPs)
  • Gather intelligence on potential adversaries by working outside your network
  • Focus on persistent engagement to inform allies and partners about cyber threats.

Although the concept of Defend Forward had appeared in defense policies since the early 2010s, years passed before it was fully embraced. In 2018, USCYBERCOM adopted the Defend Forward strategy in response to the escalating problem of state-sponsored cyberattacks.

Today, government bodies and enterprise-level organizations use this cybersecurity strategy to protect their critical information infrastructure and stay ahead of evolving threats. Senior Cybersecurity Reporter Martin Matishak elaborated that the DoD’s newest plan builds on the “Defend Forward” policy established in the previous 2018 version.

National Security Agency Chief General Paul Nakasone explained: “There was a huge inflection point in 2018 with the Defend Forward. I don’t see, necessarily, a huge change in the strategy coming out.”

What has changed (and why)?

The 2023 Cyber Strategy establishes the government’s planned approach for operating in cyberspace. This initiative supersedes the 2018 DoD Cyber Strategy.

Here are four driving factors behind the updates:

The Ukraine-Russia War

Russia has orchestrated a consistent cyberattack campaign against Ukraine since its illegal annexation of Crimea in 2014. But since Russia invaded Ukraine in February 2022, there has been a threefold increase in cyberattacks.

According to Politico, this relentless campaign included:

  • 300 attacks against the security and defense sector
  • 400 attacks on commercial, financial, telecommunications and software organizations
  • 500 other attacks against government groups.

In the wake of this surge in cyber warfare, the DoD intends to adapt its defense strategy. The intentions are to work in tandem with other instruments of national power and security to build a network of “integrated deterrence” in cyberspace.

Russia turning its focus to the U.S.

While most of Russia’s attention is focused on Ukraine now, it has made continued efforts to attack the United States.

In June 2022, Microsoft claimed Russian hackers had infiltrated over 100 companies. Targets included IT groups and energy suppliers, humanitarian organizations and the foreign ministries of NATO states.

In October 2022, Forbes reported that a pro-Russian hacking group claimed credit attacks on over a dozen U.S. airports — including New York’s LaGuardia Airport and Chicago O’Hare International Airport.

The head of Microsoft’s Digital Threat Analysis Center, Clint Watts, believes more of Russia’s influence will shift to the United States “as the year gets closer to a presidential election debate going into fall.”

The June 2023 attack on several U.S. government agencies confirms that suspicion. The hacking spree may have compromised hundreds of companies, as well as the Department of Energy.

With the latest developments in mind, the fact sheet from the DoD specifically acknowledges that Russian cyber activity poses “an acute threat” in 2023. And so, we can expect the latest defense strategy to combat that growing threat.

The growing threat of China’s cyber capabilities

For years, China has empowered proxy organizations to pursue malicious cyber activities against the United States. In May 2023, Microsoft reported that a Chinese state-sponsored hacking group had launched multiple intel-gathering breaches on U.S. cyber infrastructure.

Statista projects China’s cybersecurity market revenue to top $14 billion in 2023 — almost doubling since 2018. Much of this significant investment is in military cyber capabilities.

Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly warned that China poses an “epoch-defining threat” with the cyber capabilities to “induce societal panic” in the U.S.

In the strategy fact sheet, The Pentagon acknowledges this “increasingly contested cyberspace,” stating that China presents a “pacing challenge” to the United States. We can only assume the U.S. government intends to tackle this challenge head-on in line with its Defend Forward philosophy.

Other threats in an increasingly contested cyberspace

The fact sheet identified North Korea, Iran and other extremist organizations as “persistent cyber threats.”

Also, the new strategy considers that transnational criminal organizations present unique challenges. In addition to sophisticated technical capabilities, these organizations often have “close alignment with the foreign policy objectives of their host governments.”

How DoD will combat threats

To address this multifaceted global threat landscape, the 2023 DoD cyber strategy outlined a four-pronged approach:

Defend the nation

The Department will campaign through cyberspace to gather intel about malicious cyber actors. With the Defend Forward approach, the U.S. will seek to disrupt and degrade threat actors’ capabilities and supporting ecosystems.

David Brose, former staff director of the Senate Armed Services Committee, put it bluntly when he said China “has been working diligently and capably (to make) the United States military, deaf, dumb and blind in any conflict.”

With its new strategy, the DoD aims to counter threats to military readiness. The DoD will cooperate with its interagency partners to improve the cyber resilience of American critical infrastructure.

Prepare to fight and win the nation’s wars

In efforts to protect the DoD Information Network, the Department will invest in the Joint Force’s cyber resilience. With this goal in mind, the DoD will use cyberspace operations to gain asymmetric advantages that support the Joint Force’s plans and operations.

Protect the cyber domain with allies and partners

CISA and the National Security Agency (NSA) recently released new guidelines for identity and access management (IAM) administrators. Building on that, the DoD seeks to improve cyber resilience by exploring new ways of cyber cooperation.

This growth starts with helping allies and partners improve their cyber capacity and capability. As the DoD encourages adherence to international law, it aims to improve cyber resilience and reinforce responsible state behavior.

Build enduring advantages in cyberspace

The DoD will focus on improving how it organizes, trains and equips the Cyber Operations Forces and Service-retained cyber forces. In addition, the DoD will invest more in “the enablers of cyberspace operations.” These supporting pillars include cybersecurity, intelligence and science and technology.

The U.S. is preparing for the inevitable

Even outside the arena of international war, the cyber threat landscape is a volatile, evolving space. The U.S. government is acutely aware of how adversaries can use cyber capabilities to launch sophisticated attacks on American people, companies, financial institutions and government entities.

The Pentagon stated that the updated cyber strategy was “grounded in real-world experience,” which includes lessons the government has learned since the start of the war in Ukraine.

The goal remains the same: to protect the American people. But as threats grow and methods change, the DoD intends to double down on the Defend Forward strategy.

By reinforcing the United States’ global network of Allies and partners, the Pentagon aims to protect its foundational advantage in cyberspace and safeguard potential vulnerabilities before it’s too late.

To learn more about how the U.S. plans for defense, read our post on the new National Cybersecurity Strategy from the White House.

More from Government

CIRCIA feedback update: Critical infrastructure providers weigh in on NPRM

3 min read - In 2022, the Cyber Incident for Reporting Critical Infrastructure Act (CIRCIA) went into effect. According to Secretary of Homeland Security Alejandro N. Mayorkas, "CIRCIA enhances our ability to spot trends, render assistance to victims of cyber incidents and quickly share information with other potential victims, driving cyber risk reduction across all critical infrastructure sectors."While the law itself is on the books, the reporting requirements for covered entities won't come into force until CISA completes its rulemaking process. As part of…

Important details about CIRCIA ransomware reporting

4 min read - In March 2022, the Biden Administration signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This landmark legislation tasks the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments.The CIRCIA incident reports are meant to enable CISA to:Rapidly deploy resources and render assistance to victims suffering attacksAnalyze incoming reporting across sectors to spot trendsQuickly share information with network defenders to warn other…

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today