Cyberspace is a warfighting domain, and the U.S. military must take an active role in defending the country and its allies from threats in that realm, Defense Secretary Mark T. Esper said yesterday.
Speaking at the Department of Homeland Security Cybersecurity and Infrastructure Security Agency's second annual Cybersecurity Summit near Washington, Esper said the National Defense Strategy sets the tone for the military's aggressive stance in the cyberworld.
Cyber is the domain of choice for states and groups that wish to attack the United States, its interests and its allies. ''Strategic competitors such as Russia and China are asserting their military power and challenging the rules-based international order,'' he said.
Esper said the U.S. military has been waging war on land and sea for more than 200 years and in the air for 100 years, and that it remains dominant in those domains. But only in the past decade have officials been figuring out what fighting in cyberspace entails, he said.
Just as we do on land, at sea, and in the air, we must posture our forces in cyberspace where we can most effectively accomplish our mission.''
Defense Secretary Dr. Mark T. Esper
The world is quickly becoming dependent on the capabilities that run through the cyber domain, from navigation to targeting to reconnaissance, the secretary noted.
''While we are having success deterring conventional aggression against the United States, our adversaries are increasingly resorting to malign activity in less traditional areas to undermine our security,'' he said. ''There is perhaps no area where this is more true than in the cyber domain.''
Cyber has been part and parcel of what many call hybrid war – a blurring of the lines between peace and war, Esper said. ''For nation-states such as China, Russia, North Korea and Iran, engaging America and our allies below the threshold of armed conflict is a logical choice.''
Cyber allows adversaries to take on the United States and impose costs without confronting its traditional strengths, Esper said.
Tracking down the perpetrators of a cyberattack is difficult, and attributing them is sometimes impossible, the secretary said, and opponents may conduct campaigns to steal sensitive DOD information in an effort to undermine military advantages.
''When successful, this coordinated, malicious cyber activity puts us at risk by eroding our capabilities and disrupting our ability to operate once conflict ensues,'' he said.
DOD must respond to these challenges and is hardening networks and systems to continue to execute missions even while under cyberattack.
''Training to operate in a degraded environment is now regularly built into our exercises, and our service members are quickly becoming aware of our cyber vulnerabilities,'' the secretary said.
But winning in cyberspace requires an offensive strategy, Esper told the summit audience. ''We need to do more than just play goal line defense,'' he said. ''As such, the department's 2018 Cyber Strategy articulates a proactive and assertive approach to defend forward of our own virtual boundaries.
''Just as we do on land, at sea, and in the air, we must posture our forces in cyberspace where we can most effectively accomplish our mission,'' he continued. ''Defending forward allows us to disrupt threats at the initial source before they reach our networks and systems. To do this, we must be in a position to continuously compete with the ongoing campaigns being waged against the United States. Not only does this protect us day-to-day, but enacting this strategy builds the readiness of our cyber warriors so they have the tools, skills and experience needed to succeed in conflict.''
The department is also working with other U.S. agencies to protect American prosperity and democratic institutions as foreign governments conduct operations aimed at 'influencing the American public at a scope and scale never before imagined,' Esper said.
''The Department of Defense has an important role in defending the American people from this misinformation,'' he said, ''particularly as it pertains to preserving the integrity of our democratic elections.''
DOD demonstrated that capability during last year's midterm elections, the secretary said, with U.S. Cyber Command and the National Security Agency forming an interagency group that shared information, expertise and resources to protect the elections from foreign interference.
''We also expanded our cooperation to the Department of Homeland Security and the FBI and were prepared to provide direct support, if necessary,'' he said.
DOD also developed capabilities and increased military capacity to detect, locate and exploit threats in the cyber domain with the same focus and energy as in the physical domains.
Finally, DOD had the authorities needed to more fully employ cyber capabilities in an offensive manner, Esper said. ''This policy reflects a shared understanding across the government of the need to maximize the effectiveness of the department’s cyber warriors,'' he added.
The department will take the lessons learned from the 2018 experiences and apply them moving into 2020. ''I consider election security an enduring mission for the Department of Defense,'' the secretary said.
DOD officials for years have spoken of using a network to defeat a network, and the U.S. military is reaching out to allies and partners around the world to take on the challenge of cyberattacks.
''Our ability to share information and operate on common communications networks serves as a force multiplier – but, it also comes with increased risk,'' he said. ''To guard against this, we must help our allies develop their own cyber resiliency.''
China is the greatest threat, Esper said, and the Chinese government is ''perpetrating the greatest intellectual property theft in human history.'' Chinese businesses are in thrall to the government, and any nation that partners with Chinese firms to build 5G networks put their own networks at risk.
''This not only jeopardizes military interoperability and intelligence sharing, but can also compromise commercial institutions such as banks, hospitals and media outlets,'' Esper said. ''This is why it is so important that we work together from the very start to preserve the integrity of our cyber networks.''