There is currently not a whole-of-government approach to the Department of Defense’s “defend forward” strategy and, according to Brandon Valeriano, a senior adviser to the Cyber Solarium Commission and the chair of armed politics at the Marine Corps University, there needs to be.
The policy, which says DoD can operate on foreign networks to stop attacks before they happen, needs engagement from other government agencies in order to be successful. “The defend forward strategy, properly implemented, wouldn’t just be DoD,” Valeriano said Nov. 12 at Fifth Domain’s annual CyberCon conference. “It would include everything.”
Valeriano said that the major players in government cybersecurity — the Departments of Homeland Security, Justice, State and Defense, as well as the intelligence community — aren’t properly communicating.
“Not everyone is on the same page and that’s been the most disappointing thing I’ve found looking at cyber policy," said Valeriano.
The defend forward strategy is meant to change adversary behavior in cyberspace, but Valeriano said that the DoD hasn’t established how it can measures the before and after of adversary behavior. Valeriano also said that there is not a “clear conception of metrics" to measure the success of the new strategy.
"We don’t have clear adjudication of authorities and overlapping goals and missions,” he said
The State Department has had demonstrated some success in engaging with the persistent engagement strategy, said Emily Goldman, a member of the policy planning staff at the State Department speaking at the same conference. The department has established relationships with foreign nations to allow U.S. Cyber Command to work with them to kick adversaries off their networks, as well as establish a standard for cyber norms.
“There’s a recognition that it is complementary to the DoD’s strategy of defend forward because essentially those activities help to reinforce and demonstrate our support for the norms that we want to see become accepted in the international community,” said Goldman.
The strategy will be an important piece of defending the integrity of the 2020 election. Defend forward was adopted out of an “evolution” of international events, including the 2016 election.
“The reality is a lot of felt that we were attacked, that we were threatened [and] that we did not respond,” Valeriano said.
Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.