The DoD Is Overhauling Its Cyber Strategy With Actionable Intelligence

The Department of Defense published its 2023 Cyber Strategy aimed to open up communications with other federal agencies and the private sector on the topics of cyber threats, elections and other critical systems, and increasing collaboration with foreign allies.

The strategy may be a challenge for the Defense Department which has a shortage of cybersecurity-trained personnel and doesn’t typically share intelligence outside agency walls, and, for decades, only focused its Cyber Command defense operations on protecting U.S. military networks from cyberattacks.

“DOD’s cyber strategy was extremely reactive in nature and led U.S. Cyber Command to really only be prepared to help recover from a cyber […]. During those days, I would frustratingly refer to Cyber Command as the ‘clean up on Aisle 6’ and ‘break glass in time of war’ command,” said Lt. Gen. Charlie Moore, who served as deputy commander of Cyber Command from 2020 to 2022.

DOD is now aiming to provide more resources and intelligence to tighten the bond with the private sector— which controls almost 90 percent of all critical U.S. networks.

Rather than merely asking companies to share information about breaches after they’d occurred, DOD is starting to say to companies: “‘we owe you actionable intelligence, and you will defend the networks yourselves,’” said Eoyang, the deputy assistant secretary.

Ted Miracco, CEO, Approov Mobile Security had this comment:

   “This new cyber strategy from the DoD represents an important shift from a reactive to proactive posture and is ultimately about far more than DoD’s capabilities. Networks crossing sectors and borders require a global security mindset. This strategy’s direction is right, but execution will determine whether it leads to meaningful improvement in cyber resilience as talk of information sharing and partnership is good, but only if it is backed-up by real, sustained commitments. The strategy’s emphasis on sharing actionable intelligence to enable better private sector defenses, rather than just mopping up after the fact, is wise, but it will require overcoming cultural obstacles.

Emily Phelps, Director, Cyware follows with this:

   “Securing critical infrastructure is complex, and with today’s threat landscape, it requires a modern, proactive approach. Threat intelligence alone is not enough to combat a persistent wave of adversaries. Intelligence must have the necessary context and clarity so that the right people can take the right action. It requires strategic automation to rapidly collaborate so that teams have the actionable intel they need without the noise that slows them down.”

This is a good move by the DoD as different federal agencies and the private sector working to stop cyber threats makes them all stronger. I hope we see more joint efforts like this going forward.

Leave a Reply

%d bloggers like this: