National Cyber Strategy Coming Soon From White House

Orhan Cam/Shutterstock.com

The Pentagon will update its cyber policies based on that strategy, an official says.

An updated national strategy that will guide how the Trump administration handles cyber defense and threats is being debated at the White House and “should be forthcoming in the near future,” a Pentagon official told lawmakers Wednesday.

That strategy, in turn, will inform a Defense Department cyber posture document that will likely come out in August, Assistant Secretary of Defense Kenneth Rapuano said.

Rapuano attributed the document’s delay to “evolving dynamics,” “a relatively new administration” and “competing views.”

Lawmakers have long complained that government cyber operations are hindered by the lack of an overarching cyber policy, though numerous such overarching policies failed to stem the tide of cyber strikes against the government during the Obama administration.

Though few details are known about the national cyber strategy, it’s likely to include priorities from a Trump cyber executive order issued in May 2017, former White House Homeland Security Adviser Tom Bossert has said.

Bossert resigned Tuesday, a day after National Security Adviser John Bolton took office.

The three pillars of that executive order were: improving the security of federal government computer networks; leveraging government resources to better secure critical infrastructure, such as hospitals, banks and financial firms; and establishing norms of good behavior in cyberspace and punishing bad behavior.

The Obama administration released a slew of guiding cybersecurity documents out of the White House, including a 2011 International Strategy for Cyberspace and a 2016 Cybersecurity National Action Plan. The Defense Department released its most recent cybersecurity strategy in 2015.

Rapuano was joined at the House Armed Services panel hearing by outgoing U.S. Cyber Command chief Adm. Michael Rogers, who plans to retire in the spring.

Rogers confirmed during the hearing that CYBERCOM teams are expected to reach full operational capability before a deadline at the close of the 2018 fiscal year.