U.S. Cyber Command’s new operating philosophy of “defend forward” has helped clarify how the Department of Defense can protect the United States from cyberattacks, a Pentagon official said April 23.
“Defend forward” is often described as fighting the cyber battle on someone else’s turf instead of fighting at home as a way to learn what adversaries might be planning.
“The defend forward construct also helps us to articulate and clarify roles and responsibilities domestically in defense of the nation,” Burke “Ed” Wilson, Deputy Assistant Secretary of Defense for Cyber Policy within the Office of the Under Secretary of Defense for Policy, said April 23 during an event hosted by the Atlantic Council.
“The Department of Defense has a role [in defending the nation]. We were having a little bit of trouble clarifying what that role is. The defend forward construct helps us do that. We bring the capacity, unique attributes of the Department of Defense in terms of information sharing and then incident response … to be able to support DHS … FBI.”
In the past, DOD leaders have struggled to offer clear visions for how the department can protect the homeland from cyber threats. This difficulty has been in large part due to legal restrictions on what DoD can do within domestic soil, compounded by the pervasiveness and ubiquity of cyber in government and society.
As a result, top DoD officials sparred with top members of Congress in recent years following the Russian’s interference in the 2016 presidential election and the role DoD should have played in defending the nation from information campaigns.
What is cyber success?
DoD leaders have also begun to reevaluate what success means in cyberspace.
“It’s not about what the Department of Defense’s role is, it’s how can we enable our international partners, our domestic partners and industry to be able to defend those things that are critical to our nation’s success,” Brig. Gen. Timothy Haugh, commander of the Cyber National Mission Force, said during the same conference.
The defend forward philosophy is working in the international and domestic arenas. Haugh said Cyber Command is partnering with nations to hunt for adversary activity on their networks, an activity that had not been previously disclosed in these terms.
The intent is to challenge adversaries wherever they are and feed information back to the Department of Homeland Security or FBI to defend critical infrastructure or to take law enforcement action.
But that’s not the only path to success. Other routes could include when DoD information leads to diplomatic demarches from the Department of State, alerts from DHS to industry, Treasury sanctions or Department of Energy communications directly through the Information Sharing and Analysis Centers, Haugh said.
One other positive sign is when the Cyber National Mission Force’s public exposure of malware it discovers, he said. Agency leaders have begun releasing malware to public cybersecurity forums to pass information directly to industry so businesses can quickly develop countermeasures, Haugh said.
“That’s an area we’re going to continue to explore as to what is the right role for the department in terms of our relationships with industry, how will we pass information in the most agile and quickest manner to be able to put addition pressure on adversaries that target our critical infrastructure,” he said.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.