Maj. Gen. Marine Gen. Dennis Crall, the Defense Department (DoD) deputy principal cyber advisor and senior military cyber policy advisor, outlined the pillars and priorities of DoD’s cyber strategy at the Billington Cybersecurity Summit on Sept. 5.
Crall said that DoD has derived three elements – lethality, partnership, and reform – from the 2018 National Defense Strategy and 2018 DoD Cyber Strategy, adding that pushing those values into DoD’s mission will help it move forward with up-to-date technological and cyber capabilities.
“We talk about these principles – they’re not esoteric, they’re not things that sit out there to be admired – but they’re there to be practiced, vetted, rehearsed, challenged, improved, and implemented with confidence,” Crall said. “That’s where we need to be.”
Crall explained that lethality features three components – the ideas of authorities, process, and capabilities. The general said those mean that DoD needs to: persistently engage to grant the proper authorities to allow individuals to operate on its networks so they can deliver lethality quickly; have processes in place to take advantage of the authorities given; and have the proper workforce and resource capabilities that will take advantage of cutting-edge technology.
The partnership aspect involves supporting DoD partners in building and bolstering their authorities and capabilities to reduce the threat surface, Crall said. He said DoD also looks to improve information-sharing with partners with “a common level of protection” so that it can deliver support to partners while also safeguarding secret information.
The final pillar – reform – aims at using minimal resources for consistent and meaningful outcomes by creating common standards to drive across every level at DoD while reducing redundancies.
“This is the idea of making sure we have common standards and that we have an apparatus in place to inspect what we expect, that we have adherence to those standards” Crall said. “Nothing is more frustrating than publishing a set of standards and not following them, and not even knowing that you’re not following them. But the idea of following through with the expectation that we have a level of adherence and compliance and commitment to those, means that we’re a better warfighting organization as a result.”