How to Compete in Cyberspace: Cyber Command’s New Approach

The Commander of U.S. Cyber Command and one of his advisors describe the evolution of U.S. Cyber Command policy over the past few years, explaining how the defend forward strategy evolved and is implemented along with the doctrine of persistent engagement. While arguing that this new strategy is the best approach to protect American interests, the authors do acknowledge that with more frequent engagement comes increased risk of escalation. They contend that Cyber Command can mitigate these risks, argue that inaction could be much worse, and that all actions taken will have “narrowly tailor[ed]” effects in accordance with international law. Unfortunately, the authors do not expand much on these arguments. There is no in-depth explanation of the state of international law, nor do they provide much information about what “defending forward” looks like in practice, giving only vague descriptions about operations taking place outside of their own networks. In the introduction, they do recount a story where a Cyber Command team physically goes to Montenegro to assist with network defense. While this is an interesting example of assisting a foreign country with defense, it is unclear whether that fits under the defending forward strategy specifically or is just part of broader efforts to work more closely with international partners and allies.

After discussing the new U.S. Cyber Command strategy, the authors move on to identify and address continuing challenges for the organization – including improving coordination with other parts of government, cooperation with private-sector companies, and development of cyber talent. Notably, they discuss a focus on new information dissemination channels to better inform National Guard units of cyber threats to enable them to better defend networks at the state and local levels. Additionally, they identify supply-chain integrity as a vitally important area that will require close cooperation with the private-sector.