Defending in cyberspace is only half the battle. Making it clear to adversaries that the United States is capable of engaging in damaging cyberattacks of its own is a way of deterring adversaries from acting in the first place, a senior Defense Department official told lawmakers on Capitol Hill.
B. Edwin Wilson, deputy assistant secretary of defense for cyber policy, spoke yesterday during a joint hearing of the House Armed Services Committee's intelligence, emerging threats and capabilities subcommittee and the House Oversight and Reform Committee's national security subcommittee. Securing the nation's internet infrastructure was the hearing's topic.
Wilson told lawmakers one form of deterrence involves denying adversaries what they are looking for: seeing effects from their attacks.
"We want to deny adversaries the benefit of what they are trying to achieve through a cyber-effects operation or any other type of activity directed at the U.S. or allies or the nation at large," he said. "That's where you see the partnership between Department of Homeland Security and the other departments and agencies of the U.S. government — where we have stepped in to begin to assist, enable [and] support the resiliency of our critical infrastructure segments."
Deterrence also includes letting adversaries know the United States has the ability to strike back, Wilson told lawmakers. "We look very hard at the ability, if called upon, to deliver consequences, not just kinetically or in all the other domains of operations the department has, but also in the domain of cyberspace," he said.
Congressional involvement has enhanced the department's ability to deter, specifically with clarity on the authorities DOD has to act when needed, Wilson said. Additionally, National Security Presidential Memorandum 13 also focuses on the decision process for either offensive or defensive cyber-effects operations, he said.
"Our strategic competitors such as Russia and China are conducting persistent cyber-enabled campaigns to erode U.S. military advantage, threaten our nation's critical infrastructure and reduce our economic prosperity," Wilson said. "In response, the department adopted a proactive posture to compete with and counter determined and rapidly maturing cyber adversaries. Our objective is to prevent or mitigate significant threats before they reach U.S. soil. We refer to this strategy as 'defending forward.' It is the core of our DOD Cyber Strategy."
Wilson said the approach is focused on enabling interagency, industry and international partners to strengthen resilience, close vulnerabilities and defend critical networks and systems while simultaneously imposing cost on adversary malicious cyber actors when called upon.