New Pentagon Cyber Strategy

On September 12, the Pentagon released an updated cyber strategy and published its main provisions in fifteen pages. The rest of the document is classified.

We know that the fourth iteration of the department’s strategy “implements the priorities of the 2022 National Security Strategy, 2022 National Defense Strategy (NDS), and 2023 National Cybersecurity Strategy.” It replaces the Department of Defense’s 2018 cyber strategy and is intended to set a new strategic direction for the department.

What direction is this? And does it pose a potential threat to Russia? From the first lines you can understand what it means. The preface immediately places emphasis on the war in Ukraine. It is noted that “the conflict has demonstrated the character of war in the cyber domain. Its lessons will shape the maturation of our cyber capabilities. The Department’s experiences have shown that cyber capabilities held in reserve or employed in isolation render little deterrent effect on their own. Instead, these military capabilities are most effective when used in concert with other instruments of national power, creating a deterrent greater than the sum of its parts.”

Thus, operations in cyberspace will continue.

The Department will also use cyberspace operations for the purpose of campaigning, undertaking actions to limit, frustrate, or disrupt adversaries’ activities below the level of armed conflict and to achieve favorable security conditions. By persistently engaging malicious cyber actors and other malign threats to U.S. interests in cyberspace, U.S. Cyber Command (USCYBERCOM) will support Department-wide campaigns to strengthen deterrence and gain advantages. As it campaigns in cyberspace, the Department will remain closely attuned to adversary perceptions and will manage the risk of unintended escalation.

The document points to the continuation of a policy of following interventionist liberalism, labeled as “rules-based order,” and promoting the deepening of the digital divide. This gap, despite calls by U.S. politicians to reduce it and help developing countries, will be exacerbated both through the imposition of new sanctions against states and companies in the field of promising technologies (the U.S. has consistently implemented them against Russia, China, and other countries) and through attempts to undermine technological development through targeted cyberattacks. The desire of the U.S. establishment to prevent the development of the state was mentioned by the President of Russia during his speech at the FEF on September 12.

Judging by the new strategy, the U.S. will take in its cohort of trusted satellite-states, to use them against sovereign powers, and justify its actions through the coalition’s efforts in the “fight for democracy.” Which has happened before on other fronts of U.S. intervention—military, political, diplomatic, informational and economic. The Pentagon has made it clear that these are other elements of national power, and they will also be applied in the future. We are talking about the sphere of penetration and influence—now the Internet (both global and sovereign) will suffer from US interventions, as well as various sectors that are related to it and, accordingly, may be vulnerable.

In terms of enemies and threats, the overall U.S. approach has changed little. And despite revelations inside the U.S. that Russia was not involved in any election meddling, the old meme about Russian hackers remains dominant.

“Russia remains an acute threat to the United States in cyberspace. Russia has undertaken malign influence efforts against the United States that aim to manipulate and undermine confidence in U.S. elections. Russia targets U.S. critical infrastructure as well as that of Allies and partners. It continues to refine its espionage, influence, and attack capabilities,” the strategy states.

As before, other challenges and threats are named: China, Iran, DPRK, extremist and transnational criminal organizations.

What does the Pentagon intend to do in order to achieve these goals and counter these threats, including fictitious ones?

The Department will prioritize reforms to our cyber workforce and improve the retention and utilization of our cyber operators. In so doing, we will assess diverse alternatives for sizing, structuring, organizing and training the Cyberspace Operations Forces and their relationship to Service-retained cyber forces.

The Department will proactively identify cyber talent with experience in the DIB, commercial information technology sector, academia, Intelligence Community, and military. We will ensure that incentive programs are adequately resourced and target specific desired skills for hiring and retention. Where we cannot hire desired skills directly, we will leverage rotational programs and enhance collaboration with the private sector to ensure the Department’s access to relevant talent.

Where we cannot hire desired skills directly, we will leverage rotational programs and enhance collaboration with the private sector to ensure the Department’s access to relevant talent.

The Department will also empower the Services to implement effective talent management and career progression for the cyber workforce. We will encourage the development of expertise via options including extended tour commitments or repeat tour requirements, rotations within mission areas, and career progression models that reward development of such skills. The Department will also exploregreater use of reserve components as a way to share talent with the private sector, like those adopted in National Guard cyber units.

This shows concern about the current state of affairs in the field of cyber specialists, but the US Cyber Command has previously had the ability to strike at designated targets. The Pentagon just wants to maintain its dominance. And to do this, they will work in conjunction with business and other government departments and continue efforts to “brain drain” other countries.

It is no coincidence that in early August 2023, the White House administration launched the Artificial Intelligence Cyber Challenge initiative, a two-year competition supervised by the Defense Advanced Technologies Agency DARPA. Anthropic, Google, Microsoft and OpenAI are participating.

Almost at the same time, on August 10, 2023, the US Department of Defense created Task Force Lima to study generative artificial intelligence for defense (i.e., war) needs. It will be led by the Pentagon’s Chief Digital and Artificial Intelligence Office (CDAO) and, according to a Pentagon statement, “will assess, synchronize, and employ generative AI capabilities across the DoD, ensuring the Department remains at the forefront of cutting-edge technologies while safeguarding national security.”

Artificial intelligence is now actively used both in the US military-industrial sector, for example, for the operation of drones or intelligence and reconnaissance tools, and as a weapon of information warfare.

A RAND Corporation study on generative artificial intelligence used for social media manipulation, released in September 2023, argued that “the emergence of ubiquitous, powerful generative AI poses a potential national security threat in terms of the risk of misuse by U.S. adversaries (in particular, for social media manipulation) that the U.S. government and broader technology and policy community should proactively address now. Although the authors focus on China and its People’s Liberation Army as an illustrative example of the potential threat, a variety of actors could use generative AI for social media manipulation, including technically sophisticated nonstate actors (domestic as well as foreign). The capabilities and threats discussed in this Perspective are likely also relevant to other actors, such as Russia and Iran, that have already engaged in social media manipulation.”

The old narrative is used about enemies and threats against which AI must be used because potential enemies could use it against the United States.

And such initiatives and strategies require a proactive and comprehensive response, both at the national level and together with partners who do not accept US hegemony in cyberspace.

Leonid Savin is Editor-in-Chief of the Analytical Center, General Director of the Cultural and Territorial Spaces Monitoring and Forecasting Foundation and Head of the International Eurasia Movement Administration. This article appears through the kind courtesy of Geopolitika.