In May 2023, the Department of Defense (DoD) released an unclassified fact sheet detailing its latest cyber strategy. This latest update is another indication of the Pentagon’s intent to combat threat actors, coming fast on the heels of the 2022 National Security Strategy and the 2022 National Defense Strategy.

A more complete summary of the strategy will follow in a few months. For now, let’s unpack what we know so far about the Department of Defense’s 2023 cybersecurity strategy.

Reinforcing the “Defend Forward” strategy

Defend Forward is a cybersecurity strategy where organizations adopt an offensive approach to protect their critical infrastructure and data. Rather than reacting to incidents, the goal is to proactively disrupt or stop malicious cyber activities in the earliest stages.

By taking the fight to hackers, companies can limit the damage to their systems and increase costs for attackers.

The success of this concept relies on a few foundational principles:

  • Detect and disrupt malicious activity in the early stages
  • Develop a deep understanding of the latest tactics, techniques and procedures (TTPs)
  • Gather intelligence on potential adversaries by working outside your network
  • Focus on persistent engagement to inform allies and partners about cyber threats.

Although the concept of Defend Forward had appeared in defense policies since the early 2010s, years passed before it was fully embraced. In 2018, USCYBERCOM adopted the Defend Forward strategy in response to the escalating problem of state-sponsored cyberattacks.

Today, government bodies and enterprise-level organizations use this cybersecurity strategy to protect their critical information infrastructure and stay ahead of evolving threats. Senior Cybersecurity Reporter Martin Matishak elaborated that the DoD’s newest plan builds on the “Defend Forward” policy established in the previous 2018 version.

National Security Agency Chief General Paul Nakasone explained: “There was a huge inflection point in 2018 with the Defend Forward. I don’t see, necessarily, a huge change in the strategy coming out.”

What has changed (and why)?

The 2023 Cyber Strategy establishes the government’s planned approach for operating in cyberspace. This initiative supersedes the 2018 DoD Cyber Strategy.

Here are four driving factors behind the updates:

The Ukraine-Russia War

Russia has orchestrated a consistent cyberattack campaign against Ukraine since its illegal annexation of Crimea in 2014. But since Russia invaded Ukraine in February 2022, there has been a threefold increase in cyberattacks.

According to Politico, this relentless campaign included:

  • 300 attacks against the security and defense sector
  • 400 attacks on commercial, financial, telecommunications and software organizations
  • 500 other attacks against government groups.

In the wake of this surge in cyber warfare, the DoD intends to adapt its defense strategy. The intentions are to work in tandem with other instruments of national power and security to build a network of “integrated deterrence” in cyberspace.

Russia turning its focus to the U.S.

While most of Russia’s attention is focused on Ukraine now, it has made continued efforts to attack the United States.

In June 2022, Microsoft claimed Russian hackers had infiltrated over 100 companies. Targets included IT groups and energy suppliers, humanitarian organizations and the foreign ministries of NATO states.

In October 2022, Forbes reported that a pro-Russian hacking group claimed credit attacks on over a dozen U.S. airports — including New York’s LaGuardia Airport and Chicago O’Hare International Airport.

The head of Microsoft’s Digital Threat Analysis Center, Clint Watts, believes more of Russia’s influence will shift to the United States “as the year gets closer to a presidential election debate going into fall.”

The June 2023 attack on several U.S. government agencies confirms that suspicion. The hacking spree may have compromised hundreds of companies, as well as the Department of Energy.

With the latest developments in mind, the fact sheet from the DoD specifically acknowledges that Russian cyber activity poses “an acute threat” in 2023. And so, we can expect the latest defense strategy to combat that growing threat.

The growing threat of China’s cyber capabilities

For years, China has empowered proxy organizations to pursue malicious cyber activities against the United States. In May 2023, Microsoft reported that a Chinese state-sponsored hacking group had launched multiple intel-gathering breaches on U.S. cyber infrastructure.

Statista projects China’s cybersecurity market revenue to top $14 billion in 2023 — almost doubling since 2018. Much of this significant investment is in military cyber capabilities.

Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly warned that China poses an “epoch-defining threat” with the cyber capabilities to “induce societal panic” in the U.S.

In the strategy fact sheet, The Pentagon acknowledges this “increasingly contested cyberspace,” stating that China presents a “pacing challenge” to the United States. We can only assume the U.S. government intends to tackle this challenge head-on in line with its Defend Forward philosophy.

Other threats in an increasingly contested cyberspace

The fact sheet identified North Korea, Iran and other extremist organizations as “persistent cyber threats.”

Also, the new strategy considers that transnational criminal organizations present unique challenges. In addition to sophisticated technical capabilities, these organizations often have “close alignment with the foreign policy objectives of their host governments.”

How DoD will combat threats

To address this multifaceted global threat landscape, the 2023 DoD cyber strategy outlined a four-pronged approach:

Defend the nation

The Department will campaign through cyberspace to gather intel about malicious cyber actors. With the Defend Forward approach, the U.S. will seek to disrupt and degrade threat actors’ capabilities and supporting ecosystems.

David Brose, former staff director of the Senate Armed Services Committee, put it bluntly when he said China “has been working diligently and capably (to make) the United States military, deaf, dumb and blind in any conflict.”

With its new strategy, the DoD aims to counter threats to military readiness. The DoD will cooperate with its interagency partners to improve the cyber resilience of American critical infrastructure.

Prepare to fight and win the nation’s wars

In efforts to protect the DoD Information Network, the Department will invest in the Joint Force’s cyber resilience. With this goal in mind, the DoD will use cyberspace operations to gain asymmetric advantages that support the Joint Force’s plans and operations.

Protect the cyber domain with allies and partners

CISA and the National Security Agency (NSA) recently released new guidelines for identity and access management (IAM) administrators. Building on that, the DoD seeks to improve cyber resilience by exploring new ways of cyber cooperation.

This growth starts with helping allies and partners improve their cyber capacity and capability. As the DoD encourages adherence to international law, it aims to improve cyber resilience and reinforce responsible state behavior.

Build enduring advantages in cyberspace

The DoD will focus on improving how it organizes, trains and equips the Cyber Operations Forces and Service-retained cyber forces. In addition, the DoD will invest more in “the enablers of cyberspace operations.” These supporting pillars include cybersecurity, intelligence and science and technology.

The U.S. is preparing for the inevitable

Even outside the arena of international war, the cyber threat landscape is a volatile, evolving space. The U.S. government is acutely aware of how adversaries can use cyber capabilities to launch sophisticated attacks on American people, companies, financial institutions and government entities.

The Pentagon stated that the updated cyber strategy was “grounded in real-world experience,” which includes lessons the government has learned since the start of the war in Ukraine.

The goal remains the same: to protect the American people. But as threats grow and methods change, the DoD intends to double down on the Defend Forward strategy.

By reinforcing the United States’ global network of Allies and partners, the Pentagon aims to protect its foundational advantage in cyberspace and safeguard potential vulnerabilities before it’s too late.

To learn more about how the U.S. plans for defense, read our post on the new National Cybersecurity Strategy from the White House.

More from Government

How the FBI Fights Back Against Worldwide Cyberattacks

5 min read - In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called MEDUSA. The operation disrupted a global peer-to-peer network of computers compromised by malware called Snake. Attributed to a unit of the Russian government Security Service,…

How NIST Cybersecurity Framework 2.0 Tackles Risk Management

4 min read - The NIST Cybersecurity Framework 2.0 (CSF) is moving into its final stages before its 2024 implementation. After the public discussion period to inform decisions for the framework closed in May, it’s time to learn more about what to expect from the changes to the guidelines. The updated CSF is being aligned with the Biden Administration’s National Cybersecurity Strategy, according to Cherilyn Pascoe, senior technology policy advisor with NIST, at the 2023 RSA Conference. This sets up the new CSF to…

Why keep Cybercom and the NSA’s dual-hat arrangement?

4 min read - The dual-hat arrangement, where one person leads both the National Security Agency (NSA) and U.S. Cyber Command (Cybercom), has been in place since Cybercom’s creation in 2010. What was once touted as temporary 13 years ago now seems established. Will the dual-hat arrangement continue? Should it? Experts have discussed the pros and cons of both viewpoints for years. It remains in place for now, but is that likely to change in the future? That remains to be seen, and points…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…