The Pentagon’s new cyber strategy
On September 12 of this year, 2023, the Pentagon published an update of its cyber strategy and released its main points in a 15-page text. The rest of the document is classified. It is known that this fourth iteration of the Pentagon’s strategy implements the priorities of the National Security Strategy, the National Defense Strategy for 2022 and the National Cyber Security Strategy for 2023. The text replaces the Department of Defense’s cyber strategy for 2018 and is designed to “establish a new strategic direction for that ministry.”
What is that address? Does it itself represent a potential threat to Russia? Yes, since from the first lines you can understand where it leads and because from the prologue the emphasis is immediately placed on the war in Ukraine. It is notable how this conflict has brought to light the very nature of warfare in cyberspace and its lessons will determine the future development of our cyber capabilities.
Experience has shown that cyber capabilities accumulated or used in isolation have little significant deterrent effect. On the contrary, these military capabilities are most effective when used in conjunction with other instruments of power, creating a deterrent element that exceeds the sum of all its components. Therefore, cyberspace operations represent an integral element of the military power of the United States and its allies, and are articulated with the main component of comprehensive deterrence.
The Pentagon also plans to use cyberspace operations to conduct campaigns, take restraint measures, interrupt or disrupt enemy activities below the level of armed conflict and thus ensure favorable security conditions. It will also closely monitor enemy perception and manage the risk of involuntary escalation. America’s global allies and partners form the backbone of the Department of Defense’s 2023 Cyber Strategy.
The United States’ diplomatic and defense relationships represent a power multiplier that also extends into cyberspace, enabling rapid coordination and understanding of potential threats. To this end, the document states: “…we will improve our efficiency and security in cyberspace by creating a community of nations with cyber capabilities and interests and values common to ours. By combining international engagement with important institutional reforms and technological investments in new cyber capabilities, the Pentagon will provide itself with sustainable benefits in cyberspace…”
This points to the continuation of the promotion of the policy of interventionist liberalism, called “rules-based order” and the promotion of the deepening of the digital divide. This gap, despite calls from American politicians to reduce it and help developing countries, will be further deepened by the introduction of new sanctions against states and companies in the field of promising technologies (the United States implements them constantly against Russia, China and other countries) and through attempts to undermine technological development through targeted cyber attacks. The president of Russia spoke about this purpose of the American establishment to prevent the development of other states during a speech at the East Economic Forum on September 12.
Judging by the new cyber strategy, the United States intends to once again use its already tested satellites as part of its equipment against other sovereign powers and justify its actions with the efforts of a kind of coalition in the “fight for democracy.” As they did before on other fronts of their interventionist policy: military, political, diplomatic, informational and economic. The Pentagon has made it clear that these are other elements of national power and will also be used in the future. It is only about the extent of penetration and impact: now the US interventions will affect the Internet space (both global and sovereign), as well as the various sectors that are associated with it and therefore can also be vulnerable.
Regarding enemies and threats, the United States’ overall approach has not changed much since the previous document. And despite revelations from Washington that Russia is not involved in any interference in the electoral process, the old meme about certain Russian hackers remains.
“…Russia remains a serious threat to the United States in cyberspace. Russia has engaged in malicious influence efforts against the United States to manipulate U.S. elections and undermine confidence in them. Russia targets critical infrastructure of the United States, as well as the infrastructure of allies and partners. “It continues to improve its espionage, influence and attack capabilities…” says the strategy.
As before, other challenges and threats are China, Iran, the DPR of Korea, extremist and transnational criminal organizations.
What do they specifically intend to do at the Pentagon to achieve the objectives set and counter these threats, including fictitious ones?
“…The Department of Defense will prioritize developing our cyber personnel and improving the content and work of our cyber operators. In doing so, we will evaluate several alternatives to determine the size, structuring, organization and training of the Cyberspace Operations Forces and their relationship with the cyber forces that remain in service (…). The Pentagon will actively identify cybersecurity talent with experience in the military industrial sector, commercial information technology sector, academia, the intelligence community, and the military field. We will ensure that incentive programs are sufficiently resourced and focused on the specific skills desired to recruit and retain staff (…). Where we cannot directly hire the desired professionals, we will use rotation programs and expand cooperation with the private sector to ensure that the department has access to appropriate personnel (…), it will also expand the services’ capacity to implement effective talent management and the professional development of employees working in cyberspace. We will encourage the development of expertise through a variety of options, including long tour commitments or repeat requirements, rotations across mission areas, and career models that encourage the development of expertise. The department will also study the possibility of using more reserve components as a way to exchange talent with the private sector, similar to those adopted in National Guard cyber units…” .
The document shows concern about the state of affairs in the field of cyber specialists, although it cannot be said that the situation is bad either. The United States Cyber Command already had the ability to attack designated targets, only the Pentagon wants to maintain its dominance and to do so, it will act in conjunction with companies and other government departments.
It is no coincidence that at the beginning of August 2023, the White House administration launched as an initiative the “Artificial Intelligence Cyber Challenge” competition, which lasts two years and is supervised by the Defense Advanced Technologies Agency ( DARPA), which also has the participation of other companies such as Anthropic, Google, Microsoft and OpenAI.
Around the same time, on August 10, 2023, the United States Department of Defense creates the Lima Task Force, to study generative artificial intelligence for defense (i.e., war) needs. It was administered by the Pentagon’s General Directorate of Digital Technology and Artificial Intelligence (CDAO) and, according to a statement: “…it will evaluate, synchronize and harness the power of generating artificial intelligence throughout the Department of Defense, ensuring that it is stay at the forefront of cutting-edge technology while ensuring national security…” .
Artificial intelligence is now actively used both in the sector of the US military-industrial complex, for example, for the work of drones or reconnaissance tools, and as weapons of information warfare.
A RAND Corporation study on generative artificial intelligence used for social media manipulation, published in September 2023, states that: “…the emergence of pervasive and powerful generative AI represents a potential threat to national security in terms of risk of abuse by US adversaries (particularly for social media manipulation), which the US government and the broader technology and political community must now actively combat. Although the authors focus on China and its People’s Liberation Army as a clear example of a potential threat, generative AI could be used by various actors to manipulate social media, including technically complex non-state actors (both domestic and foreign). The opportunities and threats discussed from this point of view are probably also relevant for other actors, such as Russia and Iran, who are already involved in the manipulation of social networks…” .
Once again, we are faced with an old narrative about enemies and threats against which AI capabilities must be used, because potential enemies can supposedly use it against the United States.
It is essential, then, to provide a proactive and comprehensive response to these initiatives and strategies. Both nationally and with partners who do not accept American hegemony in cyberspace.