Reform

Deterrence in Cyberspace Requires Multifaceted Approach

Sept. 11, 2019 | BY C. Todd Lopez

Defending in cyberspace is only half the battle. Making it clear to adversaries that the United States is capable of engaging in damaging cyberattacks of its own is a way of deterring adversaries from acting in the first place, a senior Defense Department official told lawmakers on Capitol Hill.

People look on computer screen
Weapons Squadron
Airmen from the 32nd Weapons Squadron look at computer monitors at the 32nd Weapons Squadron on Nellis Air Force Base, Nev., June 10, 2019.
Photo By: Air Force Airman 1st Class Bryan Guthrie
VIRIN: 190610-F-DN281-010C

B. Edwin Wilson, deputy assistant secretary of defense for cyber policy, spoke yesterday during a joint hearing of the House Armed Services Committee's intelligence, emerging threats and capabilities subcommittee and the House Oversight and Reform Committee's national security subcommittee. Securing the nation's internet infrastructure was the hearing's topic.

Wilson told lawmakers one form of deterrence involves denying adversaries what they are looking for: seeing effects from their attacks.

"We want to deny adversaries the benefit of what they are trying to achieve through a cyber-effects operation or any other type of activity directed at the U.S. or allies or the nation at large," he said. "That's where you see the partnership between Department of Homeland Security and the other departments and agencies of the U.S. government — where we have stepped in to begin to assist, enable [and] support the resiliency of our critical infrastructure segments."

Army major types on laptop.
Cyber X-Games
The Army Reserve Cyber Operations Group, 335th Signal Command (Theater), holds the Cyber X-Games 2019 cyber training event at Moffett Field, Calif., June 14, 2019.
Photo By: Army Sgt. Erick Yates
VIRIN: 190614-A-RN359-913

Deterrence also includes letting adversaries know the United States has the ability to strike back, Wilson told lawmakers. "We look very hard at the ability, if called upon, to deliver consequences, not just kinetically or in all the other domains of operations the department has, but also in the domain of cyberspace," he said. 

Congressional involvement has enhanced the department's ability to deter, specifically with clarity on the authorities DOD has to act when needed, Wilson said. Additionally, National Security Presidential Memorandum 13 also focuses on the decision process for either offensive or defensive cyber-effects operations, he said.

People work at a table work on laptops.
Cyber Ops
Military teams compete in offensive and defensive cyber operations during the 2019 24th Air Force Cyber Competition in San Antonio, Texas, June 6, 2019.
Photo By: Air Force Tech. Sgt. R.J. Biermann
VIRIN: 190606-F-ND912-0034A

"Our strategic competitors such as Russia and China are conducting persistent cyber-enabled campaigns to erode U.S. military advantage, threaten our nation's critical infrastructure and reduce our economic prosperity," Wilson said. "In response, the department adopted a proactive posture to compete with and counter determined and rapidly maturing cyber adversaries. Our objective is to prevent or mitigate significant threats before they reach U.S. soil. We refer to this strategy as 'defending forward.'  It is the core of our DOD Cyber Strategy."

Wilson said the approach is focused on enabling interagency, industry and international partners to strengthen resilience, close vulnerabilities and defend critical networks and systems while simultaneously imposing cost on adversary malicious cyber actors when called upon.