Former Department of Defense officials today offered mostly positive reviews of the current administration’s approach to cybersecurity–including the National Cybersecurity Strategy and the DoD Cyber Strategy–while taking note of the risks posed by more offensive-minded leanings featured in those policies.
Speaking during a panel discussion at Illumio’s Assume Breach event, Kate Charlet, director of Carnegie Endowment’s Technology and International Affairs Program, and previously the deputy assistant secretary of defense for cyber policy, echoed the Department of Homeland Security’s call for a focus on missions and functions over assets and cited the Pentagon’s success with the approach.
“For a long time, DoD has had a mission assurance focus, which comes from having to do war plans,” she said, citing mission assurance culture as a key building block for DoD’s mindset in cyberspace.
Today’s discussion turned toward the new “defend forward” approach in DoD’s strategy, which panelists said was not entirely new.
“There’s been a lot made of the concept of defend forward. To me, it’s actually an iteration and evolution of a previous concept in the Department of Defense, which was ‘defend the nation,’” said Charlet. “Defend forward as a concept for the DoD strategy is not new, but what is new is the idea that you would do this on a day-to-day fashion, rather than defending from significant consequence, major attacks.” She said that the change was “warranted” with more catastrophic and corrosive attacks occurring in cyberspace.
“We had the defend the nation concept … but we were so focused on infrastructure. We didn’t forget social media, but we hadn’t anticipated how” the platform would be used, said John Reiber, head of cybersecurity strategy at Illumio and former chief strategy officer for cyber policy within DoD.
He praised the recent move by U.S. Cyber Command to message Russian hackers directly and warn them, but expressed concern at potential escalation. “I think what will probably happen is that there will be a low intensity, counteroffensive operation, and it probably won’t escalate much further,” he said, citing Russia’s success in creating distrust in the U.S.
“I do think that the arena changes do reflect an appreciation that we can be more clear about the consequences” of attacks, said David Simon, a partner at Mayer Brown LLP and former special counsel to DoD. He emphasized the benefits of stronger deterrence messages for private companies, as they often are targets in retaliatory strikes by adversaries.