National cyber strategy could come by summer
The Pentagon is looking to enhance its cyber posture review to sync with the White House cybersecurity strategy, which could land in August, a top DOD official told Congress.
The long-awaited national cyber strategy could materialize this summer.
Defense Department Assistant Secretary for Domestic and Global Security Kenneth Rapuano hinted during an April 11 House Armed Services Subcommittee on Emerging Threats and Capabilitieshearing that the much-anticipated national cyber strategy “should be forthcoming in the near future.”
“It’s very hard,” Rapuano said when asked about the lack of a national strategy. "There are a lot of evolving dynamics at play and we still have a relatively new administration, and there are competing views as to what the right trade space is associated with a variety of equities and risks."
Rapuano told legislators the White House has the national cyber strategy, adding that DOD in the meantime is looking to enhance its cyber posture review, which he said is set to be released in August to sync with the impending national cyber strategy.
Rep. Liz Cheney (R-Wyo.) said, “It’s absolutely incumbent upon this administration in light of this threat to provide some guidance...and it’s hard because we’re in a whole new world and our adversaries are moving forward.”
Cheney said the inability to define the threat, outline how the U.S. will operate, and tell adversaries “these are the kinds of things that will result in a response from us” is affecting deterrence.
Committee members also homed in on the potential legal and policy gaps, and lack of interagency coordination, when it comes to the services and DOD’s role in cyber conflict.
“The challenge associated with defining traditional military activities in the cyber domain is typically that is done by looking historically,” Rapuano said, adding that the Trump administration is looking to understand the implications of “changing the current definition” of a traditional military operation, if warranted.
Integrating the force
For Cyber Commander and National Security Agency Director Adm. Michael Rogers, who also testified on April 11, there needs to more integration at the sector and center levels that ties into a broader Cyber Command strategy.
To address the lack of common operating procedure, Rogers said, there are several questions that must be answered first.
“The mission set that I’m directly responsible for within the broader DOD effort is the critical infrastructure piece," he said. "So how do we get to an integrated real-time picture that enables us to have accurate sense of what is going on, that enables decision making and helps to speed [up] that decision making. That’s what I would recommend as a first focus,” for integration.
Rogers added that DOD is in “a supporting role” and shouldn’t lead the conversation, just be a part of it.
Subcommittee chairwoman Elise Stefanik (R-N.Y.) responded, saying “the status quo was unsustainable” and interagency cooperation needed a jumpstart.
Rapuano pushed back, saying the existing cybersecurity framework “drives how we organize and operate within the federal government in terms of our engagement with industry and other players.” Everyone has their role, he said: the Department of Homeland Security with asset response, the Federal Bureau of Investigation on threat response, and the Director of National Intelligence for intelligence integration function.