Following the doctrine of American supremacy, the United States administration laid out a new strategy for protecting cyberspace, making it clear that the country would not hesitate to respond to cyberattacks, even using military force if necessary.
April 23 this year US Secretary of Defense Ashton Carter spoke about the new cybersecurity strategy in his speech at Stanford University, stating that “adversaries should know that our preference for deterrence and our defensive doctrine does not detract from our willingness to use cyber weapons when needed. Moreover, in response to actions in cyberspace, we can use other means."
Recall that one of the first American cyber attacks was carried out in 1998, at the beginning of the operation in Kosovo. Then the American intelligence connected to the communication line, which united the air defense systems of Serbia. As a result, dozens of false targets began to appear on Serbian radar screens. This allowed NATO aircraft to bombard Serbia's military and civilian targets with impunity.
The United States adopted its first cyberspace concept in 2003. In 2005, the Pentagon acknowledged that there is a special unit that is intended both for the defense of US computer networks and for conducting offensive operations against the enemy's information infrastructure. Subsequently, several more documents were prepared that regulated the actions of the United States power structures. The latest US Department of Defense strategy was published in 2011.
The new strategy notes that state and non-state actors are acting against America more and more brazenly and shamelessly to achieve various political, economic or military goals. The strategy emphasizes that the United States is most vulnerable in the cyber domain, in the military, financial, economic and technological spheres of confrontations. In accordance with this, the task was set to pre-emptively reflect cyber threats, i.e., in the embryo.
One of the most recent examples of the strategy is the November 2014 attack on Sony Pictures. The attack was carried out by a North Korean militant computer unit in retaliation for the release of a satirical film about the North Korean dictator. As a result of the attack, thousands of computers of the corporation were disabled, and access to confidential business information of Sony was obtained. At the same time, North Koreans stole digital copies of a number of unreleased films, as well as thousands of confidential documents containing data relating to the personal lives and activities of famous people working with Sony Corporation. At the same time, Sony employees received warnings and threats from hackers about further punitive sanctions against them if the corporation pursues a policy of ridiculing North Korea. North Korea's attack on Sony was one of the most devastating and audacious attacks ever carried out against a corporation operating in the United States.
The developers of the new cyber strategy proceed from the fact that the increasing use of cyber attacks as a political tool reflects a dangerous trend in international relations.Vulnerabilities in the cybersecurity of government structures and businesses make an attack on US territory a common and acceptable thing for US opponents.
The US Department of Defense says in the strategy that it has growing evidence that, along with hacker attacks against the United States, there are state and non-state structures that seek to place their reconnaissance and combat programs in critical infrastructure and military networks so that in the event of direct confrontation paralyze the American ability to adequately respond to any aggressive action.
In addition to the attacks described above, industrial SCADA systems connected to the Internet, the Internet networks of the country's housing and utilities and energy sector, as well as servers and networks associated with the storage of medical data are increasingly under attack.
The achieved program level allows America's adversaries, for the first time in history, to obtain effective means of inflicting destructive, paralyzing attacks, with consequences unacceptable for the United States.
The strategy calls for America to unite in action to reduce cyber risks. Federal government, states, companies, organizations, etc. must carefully reconcile the priorities in the protection of systems and data, assess the risks and dangers, weighed, taking into account the real possibilities, determine the amount of investment that can be spent on the specified goals. At the same time, the Ministry of Defense intends to pay special attention not only to cybersecurity, but also to unconditionally ensure the capabilities of the American armed forces, government, and business to work in a degraded cyber environment, where the use of certain infrastructure components and software code is impossible.
The strategy explicitly states the task of developing comprehensive measures to counter, and, if necessary, "destroy the enemy who dared to engage in a battle with the United States in cyberspace."
The strategy identifies several key areas of cybersecurity.
Information exchange and interagency coordination. To ensure the security and advancement of US interests around the world in cyberspace, the Department of Defense seeks to share information and coordinate its activities in an integrated manner on a range of cybersecurity issues with all relevant US federal authorities. For example, if the Department of Defense, thanks to its capabilities, learns about malware and actions that can be aimed at damaging the critical infrastructure of the United States, then the Department of Defense will immediately share information and begin to act in conjunction with such structures as the Department of Homeland Security and the FBI. The US Department of Defense also provides all the information necessary for other government agencies to be most successful in defending against hacker and spy attacks. The Ministry of Defense also advocates the creation of a unified information base for the recognition and determination of cyber attacks on government agencies, the creation of a unified incident management system in the future.
Construction of bridges with private business. The US Department of Defense sees its primary task in establishing contacts and interaction with private business. The Department of Defense constantly exchanges information with Internet service providers, software manufacturers, necessary to resiliently repel cyber intrusions, not only in relation to government agencies, but also in the corporate environment.
Building alliances, coalitions and partnerships abroad.The US Department of Defense maintains direct direct contacts with US allies and partners abroad, works to strengthen various kinds of alliances and coalitions, including, inter alia, addressing issues of protecting critical infrastructures, networks and databases. The strategically unified coalition being formed by the United States must ultimately form a unified cyberspace. It will be protected by the relevant collective defense acts.
The U.S. Department of Defense has three main missions in cyberspace:
First, the Department of Defense protects its own networks, systems and databases. The dependence of the success of military missions on the state of cybersecurity and the effectiveness of cyber operations prompted back in 2011 to declare cyberspace an operational area of the US armed forces.
Along with defense, the US Department of Defense is preparing to act in an environment where access to cyberspace is contested. During the Cold War, the US military was prepared to operate in the face of interruptions in communications, including the use of an electromagnetic pulse that knocked out not only telecommunications lines, but also satellite constellations. Today, the American military is reviving these traditions. The commanders again began to conduct classes and exercises, where the activities of units are being worked out in the absence of communication and the necessary level of communications.
Second, the US Department of Defense is preparing to defend the United States and its interests from devastating global cyberattacks. Although so far the overwhelming majority of cyber attacks are aimed at stealing data, the President of the United States, the National Security Council and the Department of Defense consider it quite likely that the enemy will try to inflict maximum material damage on the infrastructure of the United States, not using traditional weapons, but using program code. At the direction of the President or Secretary of Defense, the US military can and will carry out cyber operations aimed at eliminating the possibility of an imminent or ongoing attack on the territory and people of the United States, and infringement of the country's interests in cyberspace. The purpose of preventive defensive action is to nip the attack in the bud and prevent property destruction and loss of life on this basis.
The US Department of Defense seeks to synchronize its own capabilities with the capabilities of other government agencies whose competencies include repelling cyber threats. As part of the coordination, the Department of Defense will act in conjunction with law enforcement, the intelligence community, and the Department of State.
The strategy notes that the United States government has a limited and defined role in protecting the country from cyberattacks. The private sector currently owns and operates more than 90% of all networks and facilities in cyberspace. It is private sector cyberspace that is America's first line of cyber defense. Therefore, one of the most important steps to improve the strategic security of the United States in strategy is to increase the attention and resources directed by the business to address their own cybersecurity objectives. The strategists assume that the vast majority of cyberattacks on the territory of the United States do not require the involvement of the federal government to repel them, but can be successfully eliminated by the forces of American companies and corporations.
Third, as directed by the President or Secretary of Defense, the US military is preparing to provide cyber support capabilities for contingency and military action plans.As part of this mission, the Department of Defense, as directed by the President or the Minister of Defense, should be capable of offensive cyber operations, including suppressing enemy military cyber networks and disabling their critical infrastructure. For example, the US military may use cyber operations to end a permanent military conflict on American terms, thwart enemy preparations for certain aggressive actions, or to preemptively prevent the use of force against American interests.
US Cyber Command (USCYBERCOM) may also conduct cyber operations in coordination with other US government agencies to contain a variety of strategic threats in areas other than those mentioned in this document.
To ensure that the Internet functions as an open, safe cyberspace, the United States intends to conduct cyber operations under the Doctrine of Deterrence whenever and wherever the interests of the United States demand it, to protect human lives and prevent the destruction of property. In the strategy, offensive and defensive cyber operations are called an integral element of global defense policy.
In 2012, the Department of Defense began creating the Cyber Mission Force (CMF). CMF will include 6,200 military, civilians and technical support specialists. The importance of CMFs is comparable to America's missile defense system.
The CMF will be composed of 133 teams of cyber operators. Their main priorities will be: cyber protection of the priority networks of the Ministry of Defense against priority threats; protection of the territory and population of the country from particularly large and destructive cyber attacks; an integration function within the framework of the creation of complex teams to carry out missions in the event of military conflicts and emergencies. The implementation of these priorities is intended to be carried out through the creation of a National Mission Group within USCYBERCOM. In situations of military conflict or a state of emergency, the Group assumes the coordination and integration of the efforts of complex teams operating directly on various battlefields and in emergency zones. In 2013, the Department of Defense began to integrate CMF into the already established organizational-command, planning-procedural, personnel, material (weapons) and operational environment of the American armed forces.
As noted, the adopted strategy proceeds from the premise that effective cybersecurity presupposes close cooperation of the Ministry of Defense and other federal government bodies with business, international allies and partners, as well as state and local authorities. The United States Strategic Command (USSTRATCOM) will continue to play a key role in synchronizing all of these efforts.
In strategy, the US Department of Defense sets five strategic objectives for its cyberspace missions:
Creation and maintenance of combat readiness of forces carrying out operations in cyberspace.
Protection of information networks and data of the Ministry of Defense, a sharp decrease in the risk of unauthorized entry into these networks.
A willingness to defend the territories and people of the United States and the vital interests of the country from destructive and destructive cyberattacks.
Providing cyber troops with hardware, software weapons and human resources necessary and sufficient to fully control the escalation of future possible conflicts and to ensure, in the event of a cyber clash, the unconditional superiority of American cyber units in cyberspace as a battlefield.
Build and maintain strong international alliances and partnerships to contain common threats and enhance international security and stability.
Key cyber threats
The strategy notes that in 2013-2015. The director of national intelligence of the United States in speeches has repeatedly called cyberattacks the number one strategic threat for the United States, giving them priority over terrorism. Strategists believe cyber threats are prioritized because potential adversaries and non-state rivals are escalating aggressive actions to test the limits to which the United States and the international community are willing to tolerate further offensive activity.
The strategy assumes that potential adversaries of the United States are constantly increasing investment in cyber weapons and at the same time making efforts to disguise their use in order to plausibly deny their involvement in attacks on targets in the United States. The most successful in this, according to the leadership of the US Department of Defense, Russia and China, which have the most advanced offensive and defensive cyber weapons. At the same time, there are differences between the two countries, according to the strategists. According to the strategists, Russian actors can be mainly identified as criminal groups, carrying out their attacks in the final analysis for the sake of gaining benefits.
This emphasis on Russian cyberattacks in the United States is underpinned by massive media coverage. For example, one of the May issues of Newsweek magazine is devoted to Russian hackers, who are called the most formidable weapons in Russia. True, the article does not directly talk about their ties with the state.
As for China, according to the strategy developers, hacking is put on a state basis. The vast majority of Chinese offensive cyber operations involve the targeted theft of intellectual property and trade secrets from American companies. State-owned Chinese hacking aims not only at building up Chinese military capabilities, but also creating advantages for Chinese companies and criminalizing the legitimate competitive advantage of American businesses. Iran and North Korea, according to strategists, have much less developed cyber and information technology potential. However, they displayed the utmost level of hostility towards the United States and American interests in cyberspace. According to the US Department of Defense, these countries, unlike Russia and China, do not hesitate to use offensive cyber weapons in the literal sense of the word, associated with the destruction of facilities and critical infrastructures in the military and civil spheres.
In addition to state threats, non-state actors, and above all, the Islamic State, have become more active recently. Terrorist networks are not limited to using cyberspace to recruit fighters and disseminate information. They announced their intention to get destructive cyber weapons at their disposal in the near future and use them against America. A serious threat in cyberspace is posed by various types of criminal actors, primarily shadow financial institutions and hacktivist ideological groups. State and non-state threats often merge and intertwine. So-called patriotic, independent hackers often act as proxies for potential adversaries in the armed forces and intelligence agencies, while non-state actors, including terrorist networks, receive government cover and are reportedly using government-funded hardware and software. The strategy notes that such behavior of states, especially failed, weak, corrupt ones, makes the containment of cyber threats much more difficult and costly and reduces the chances of overcoming the escalation of cyber violence, cyber threats and cyber wars in the electromagnetic environment.
Distribution of malware
The strategy is based on the fact that the established and expanding network of global distribution of malicious code multiplies the risks and threats for the United States. The document notes that potential opponents of the United States spend billions of dollars on the creation of cyber weapons. At the same time, malicious states, non-state groups of various kinds, and even individual hackers can acquire destructive malware on the computer black market. Its volumes are growing at a faster pace than the global drug traffic.
At the same time, state and non-state actors launched a hunt for hackers around the world, whom they are trying to recruit for government service. As a result, a dangerous and uncontrolled market for hacker software has developed, which serves not only hundreds of thousands of hackers and hundreds of criminal groups, but also potential opponents of the United States, as well as malicious states. As a result, even the most destructive types of offensive cyber weapons are becoming more and more available to an ever wider range of buyers every year. The US Department of Defense believes that these processes will continue to develop, accelerating in time and expanding in scale.
Risks to Defense Infrastructure Networks
A defense agency's own networks and systems are vulnerable to attacks and attacks. The control systems and networks of critical infrastructure facilities routinely used by the US Department of Defense are also highly vulnerable to cyber attacks. These facilities and networks are vital to the operational capability and effectiveness of the US military in conflict and emergency situations. The US Department of Defense has recently made some progress in creating a proactive monitoring system for critical vulnerabilities. The Ministry of Defense has assessed the priority of various telecommunications networks, infrastructure facilities and their degree of vulnerability. Initiated implementation of specific measures to address these vulnerabilities.
In addition to destructive destructive cyberattacks, cybercriminals steal intelligence and intelligence from government and commercial organizations associated with the US Department of Defense. The number one victim of IP hackers is Defense Department contractors, weapons designers and manufacturers. Non-state actors have stolen huge amounts of intellectual property belonging to the Department of Defense. These thefts have challenged the strategic and technological superiority of the United States and saved theft customers many billions of dollars.
Contributions to future environmental safety
Due to the diversity and multiplicity of state and non-state actors using cyberspace for military, destructive and criminal purposes, the strategy includes a number of strategic subprograms that ensure effective deterrence, and ideally, elimination of threats from various actors in different segments of the electromagnetic environment, and using various destructive tools. The Department of Defense, building its CMFs, assumes that repelling, deterring and eliminating cyber threats will not be limited to cyberspace only. The entire arsenal of capabilities of the United States will be used for the same purposes - from diplomacy to financial and economic instruments.
Deanonymization is identified in the strategy as a fundamental part of an effective cyber strategy of deterrence. Online anonymity creates benefits for malicious government and non-government actors.In recent years, the US Department of Defense and the intelligence community have stepped up legal and investigative de-anonymization of the Internet, and have identified a number of escaping actors responsible for or plotting cyberattacks and other aggressive actions against the United States of America. The programmer community, university students, etc. will be involved in this work.
The strategy sets the task of developing a detailed, large-scale program of measures that would make it possible to make inevitable responsibility for any violation of America's national interests. The main tools for ensuring such responsibility of individuals or hacker groups should be the deprivation of their right to ever visit the United States, the application of American law to them, ensuring their extradition to America, as well as the use of a wide range of economic sanctions against individuals and groups of hackers.
The United States intends to act more actively in cases of theft of intellectual property. In April of this year. United States officials have alerted China to the potential risks to the strategic stability of the Chinese economy if the country continues to engage in large-scale cyber espionage. At the same time, the Ministry of Justice indicted five PLA members for stealing American property, and the Ministry of Defense went to the Ministry of Justice with a demand to conduct a total audit of Chinese companies for the use of American intellectual property, not acquired, but stolen by Chinese hackers.
The US Department of Defense's new cybersecurity strategy identifies five strategic objectives and specific operational objectives.
Strategic Objective 1: Build and Maintain a Force Capable of Offensive Cyber Operations
Creation of cyber forces. The main priority of the US Department of Defense is to invest in the recruitment, professional development, and improvement of the skills of military and civilian specialists that make up CFM. The US Department of Defense will focus its efforts on three components that ensure the solution of this problem: the creation of a permanent system of continuous retraining and professional development of military and civilian personnel; contracting the military and hiring civilian specialists CFM; maximum support from the private sector and from the private sector.
Building a career development system. As part of the strategy implementation and in line with the 2013 CFM decision, the US Department of Defense will establish a coherent career development system for all military, civilian, and service personnel who are committed to their job duties and instructions that meet professional standards.
Caring for the US National Guard and Reserve. This strategy differs from others in its special emphasis on the fullest possible use of the opportunities for attracting successful highly qualified entrepreneurs in the field of IT technologies, programmers, developers, etc. into the ranks of the US National Guard and the reserve. On this basis, the US Department of Defense expects to significantly improve interaction not only with traditional contractors and universities, but also with high-tech companies in the commercial sector, including start-ups. In today's environment, this decision is critical to America's defense in cyberspace.
Improved recruitment and payment of civilian personnel. In addition to the ongoing program to increase the pay of highly qualified military personnel, the US Department of Defense is announcing a program to attract and retain by raising wages and providing pension and other social packages for civilians, including technical personnel. The Department of Defense's goal is to create pay conditions for civilian personnel this year that are competitive with America's best companies. This will allow attracting the most trained, highly professional civilian personnel to the ranks of CFM.
Creation of technical capabilities for cyber operations. In 2013, the US Department of Defense developed a model containing the necessary technical, software and other means to ensure the success of combat missions. The model was reported to the President of the United States. The key pieces of the model are:
Development of a unified platform. Based on the requirements for goal setting and planning, the US Department of Defense will develop detailed terms of reference for the creation of an integration platform that connects heterogeneous cyber platforms and cyber applications within its framework.
Accelerating research and development. The Department of Defense, even with a reduction in the military budget, will expand and accelerate innovative developments in the field of cyber weapons and the provision of cyber security means. The Department of Defense will engage private sector partners in these studies, building on the principles laid down in the Third Defense Initiative. While focusing efforts on solving current and future problems, the US Department of Defense will continue, despite all budgetary constraints, to increase the share of spending on basic research, which in the long term should ensure American superiority.
Adaptive command and control of cyber operations. In recent years, the US Department of Defense has made significant progress in improving command and control of missions. A decisive role in this was played by the abandonment of one-sided hierarchical and network models in favor of adaptive control systems that provide a proactive response to challenges. USCYBERCOM and combatant teams at all levels will continue to relentlessly restructure command and control based on an adaptive model.
The ubiquitous application of cyber modeling and data mining. The US Department of Defense, in cooperation with the intelligence community, will develop the capabilities of using the potential of Big Data and its processing based on not only statistical, but also other algorithmic cores, and thus increase the efficiency of cyber operations.
Assessment of CFM potential. The primary task is to assess the potential of CFM combatants when they perform combat missions in unforeseen circumstances.
Strategic Objective 2: Protect the US Department of Defense Information Network and Databases, Minimize Risks to US Department of Defense Missions
Creation of a unified information environment. The US Department of Defense is creating a unified information environment built on an adaptive security architecture. In shaping the environment, best practices in the field of cybersecurity and ensuring the viability of technical and information systems are taken into account. The unified information environment will enable the US Department of Defense, USCYBERCOM, and military teams to maintain comprehensive information awareness of networked threats and risks.
A unified security architecture will allow you to shift the focus from protecting specific, unconnected disparate systems towards a multi-layered, secure, unified platform and target applications and components mounted on it.
The US Department of Defense is planning a phased deployment of a unified information environment based on the integration platform, as it repeatedly pre-checks the vulnerable system modules, as well as the data encryption systems used.
Evaluating and Ensuring the Effectiveness of Online Information for the US Department of Defense. A single information network (DoDIN) will be created within the Ministry of Defense. DoDIN, acting under USCYBERCOM and CFM, will interact with the information systems of other military structures and defense enterprises.
Mitigation of known vulnerabilities.The Department of Defense will aggressively close all known vulnerabilities that pose a major threat to the networks of the Department of Defense. In addition to zero-day vulnerabilities, the analysis shows that significant risks to US military networks are posed by known, overlooked, vulnerabilities. In the coming years, the Ministry of Defense plans to create and implement an automated system for patching and eliminating vulnerabilities, covering the moment of their appearance.
Department of Defense Cyber Force Assessment. The Department of Defense will assess the ability of its cyber defense forces to deliver adaptive and dynamic defensive operations.
Improving the efficiency of the service departments of the Ministry of Defense. The Department of Defense will consistently tighten requirements for providers and providers of cybersecurity solutions. The Department of Defense will determine whether their solutions meet the Department of Defense's criteria for protecting networks from not only known, but also foreseeable threats in cyberspace. It will test whether the solutions have room for improvement and build-up in the face of growing cyber threats to DoD networks.
Networked Defense and Resilience Plan. The Department of Defense will continue to plan activities to ensure comprehensive network protection. This planning will be carried out on the basis of a careful assessment of asset priorities and their current vulnerability levels.
Improving cyber weapons systems. The US Department of Defense will consistently evaluate and initiate initiatives to develop offensive and defensive cyber weapons. The acquisition of new cyber weapons systems will be strictly within the framework of their compliance with pre-established technical standards. The frequency and cycle of the procurement of cyber weapons will strictly correspond to the requirements of the product life cycle.
Provision of continuity plans. The US Department of Defense will ensure the sustainability of operations by ensuring that critical operations remain uninterrupted, even in a disrupted or degraded environment. The military plans of the companies will fully take into account the possibility of the need to work in a degraded cyber environment, when certain elements of cyber systems or cyber networks are disabled. When developing the cyber systems of the US Department of Defense, special attention will be paid to their viability, duplication and fractality.
Red team. The US Department of Defense has developed specific methods for verifying the viability of networks and critical infrastructure components of the Department, USCYBERCOM, and CFM. This means regularly conducting maneuvers and simulating enemy attacks on the networks and data of the Ministry of Defense in order to work out software, hardware and personnel counter-defenses.
Reducing the risk of internal threats. The defense of a country depends on the loyalty of military and civilian personnel to their oath, the terms of the contract, and the obligation to preserve state secrets. The US Department of Defense has taken a number of measures this year aimed at preliminary identification of threats, especially in terms of personnel. The US Department of Defense is deploying a system of continuous monitoring of all information flows, allowing to proactively respond to emerging threats and doubtful cases that could pose risks to the country's national security in the future.
Improved reporting and accountability for data protection. The Department of Defense will ensure that its policies are fully based on the laws of the United States and that data is completely secure and not accessed by third parties.As part of the policy to improve data security, the US Department of Defense Cybercrime Center will be established.
Strengthening cybersecurity standards. The Department of Defense will unswervingly pursue its policy of integrating federal cybersecurity and research standards and development and procurement standards. The Department of Defense, in cases where certain federal standards do not meet the requirements of the department, will introduce its own additional cybersecurity standards to ensure the viability and invulnerability of the networks of the Department of Defense.
Ensuring cooperation with intelligence, counterintelligence and law enforcement agencies to prevent, mitigate and respond to data loss
The Ministry of Defense, together with other military, intelligence and law enforcement agencies, will create a unified JAPEC system. This system integrates all departmental databases of the intelligence community and law enforcement agencies about cases of unauthorized access to databases or attempts to make such access, including time, place, software used, as well as information about stolen or intended to steal data, etc. Along with this, the database will include full profiles of identified and / or suspects and / or likely individuals and groups seeking to gain access to the data of organizations that lead to JAPEC.
In the future, it is planned to create joint investigative and operational interdepartmental teams of the JAPEC network.
Department of Defense uses counterintelligence capabilities to defend against intrusions
The US Undersecretary of Defense for Intelligence will work with the Chief Cyber Armaments and Cybersecurity Adviser to develop a strategy for the Secretary of Defense to engage military counterintelligence agencies in investigating cyber incidents and defending against cybercriminals and cyber attackers. Counterintelligence is in a unique position to make a decisive contribution to defeating cyber espionage. At present, military counterintelligence is limited in its actions exclusively to the tasks of protecting the US armed forces. The Department of Defense, within the framework of the new concept, will ensure the cooperation of military counterintelligence with all services of the US intelligence community and law enforcement officers at all levels. Within the framework of the new doctrine, for the first time, intelligence agencies subordinate to the US Secretary of Defense are involved in the fight against cybercrime, cyber espionage and other destructive actions not only against the US Armed Forces, but also any state structures and private business of the country.
Supporting a national policy against theft of intellectual property
The US Department of Defense will continue to work with other US government agencies to address threats posed by the theft of intellectual property in cyberspace as its top priority combat mission. As part of the concept, the Department of Defense uses all of its information, counterintelligence, reconnaissance and combat capabilities to end the theft of intellectual property.
Strategic Goal 3: Preparedness to defend U.S. soil and vital national interests from massive cyberattacks
Development of intelligence, early warning systems, forecasting and proactive response to threats. The Department of Defense, in conjunction with agencies in the intelligence community, will continue to actively work to build capacity and improve intelligence in early warning, forecasting and proactive responses to cyber threats.The aim of this work will be to tentatively respond to cyber risks associated with possible cyber attacks and cyber threats. Along with this, the US Department of Defense will increase its own intelligence capabilities and capabilities in case of various kinds of unforeseen circumstances. The Ministry of Defense, within the framework of its own intelligence structures, is activating the direction of cyber intelligence, which provides the fullest possible situational awareness at all stages of the managerial, political and combat cycles of operations.
Improving the national civil cyber defense system. The Department of Defense, together with interdepartmental partners, will train and train relevant personnel of public, private, public organizations, American citizens, actions to counter cyber operations of various kinds, as well as actions in the context of large-scale cyberattacks. In addition, the Department of Defense is intensifying its work at all levels and in all components with FEMA, aimed at coordinated proactive action in emergency situations when telecommunications networks and facilities may fail or be damaged for one reason or another.
As part of preventing destructive cyber threats and attacks, the Department of Defense will strengthen coordination with the FBI, NSA, CIA and other agencies. The result of this work should be the creation of an integrated system that the President of the United States can use to respond to the subjects of cyber attacks that have entailed significant consequences for the territory of the United States or the national interests of the United States around the world.
It is envisaged to increase attention and, if necessary, provide additional resources to DARPA in terms of the development of PlanX, a program for the creation of strategic cyber weapons based on the integral developing program of the Ministry of Defense.
Developing innovative approaches to protecting critical US infrastructure. The Ministry of Defense will actively interact with the Ministry of Homeland Security to implement an expanded program to ensure unconditional cybersecurity of the country's critical infrastructure facilities and networks, with a particular focus on increasing the number of defense participants in critical infrastructure.
Development of automated means of information exchange
To improve overall situational awareness, the US Department of Defense will work with the US Department of Homeland Security and other departments to develop an integrated automated multilateral information exchange system within the US government, with subsequent expansion of the system to military contractors, state and local governments, and then the private sector in general. … As a result, a single nationwide closed, integrated network should be formed, including secure communication channels and databases that are updated online, as well as tools for working with them for analyzing and predicting cybersecurity, cyber threats, cyber attacks and cybercrime.
Cyber Threat Assessments. A US Strategic Command Council on Defense Science Task Force (USSTRSTCOM), in consultation with the Committee of Chiefs of Staff and the US Department of Defense, will be tasked with assessing the Department of Defense's ability to prevent attempts by government and non-government actors to carry out cyberattacks of significant scale and impact on and / or against interests of the United States. At the same time, attacks of this kind include attacks that include such consequences (collectively or individually) as: victims or loss of ability to work and the possibility of normal life activity by Americans; large-scale destruction of property owned by citizens, private business or the state; significant changes in American foreign policy, as well as changes in the situation in macroeconomics or collapses, changes in trends, etc. in the financial markets.
In the course of the analysis, the USSTRATCOM Task Force should determine whether the US Department of Defense and its structures have the necessary capabilities to proactively deter state and non-state actors, as well as to eliminate the threat of such attacks.
Strategic Objective 4: Build and Maintain Viable Cyber Forces and Use them to Manage Escalation of Cyber Conflicts
Integration of cyber action into comprehensive plans. The US Department of Defense will work relentlessly to integrate the capabilities of cyber units, not only in cyberspace operations, but also as part of integrated teams operating across all battlefields - on land, at sea, in the air, in space and in cyberspace. To this end, the US Department of Defense, together with other government agencies, American allies and partners, will consistently integrate plans for cyber operations into general plans for comprehensive actions in various zones of actual or potential conflicts.
The function of integrating cyber commands, cyber forces and cyber capabilities into the actions of all branches of the military and complex commands will be carried out by USSTRATCOM. This command will make recommendations to the Chairman of the Joint Chiefs of Staff on the Distribution, Liaison and Use of the CNF.
Strategic Goal 5: Build and Strengthen International Alliances and Partnerships to Counter Common Threats and Increase International Stability and Security
Building partnerships in key regions. The Department of Defense will continue to work with key allies and partners to build partnership capabilities, cybersecurity for shared critical infrastructure and key resources. This work will be carried out by the Department of Defense in conjunction with other government agencies of the United States and, above all, with the Department of State. The Ministry of Defense considers the Middle East, South and Southeast Asia and Europe to be among the priority regions.
Development of solutions to counter the spread of destructive malware. State and non-state actors seek to acquire destructive malware. The uncontrolled proliferation of such programs and the ability of destructive actors to use them is one of the greatest risks for the international security system, politics and economy. Working with the US Department of State, other government agencies, allies and partners, the US Department of Defense will use all the best methods, practices and technologies available to it to counter the spread of destructive malware, detect non-state, terrorist, criminal and other groups, as well as malicious states that contribute to production and distribution of such programs. In addition to international regimes, the US Government will continue to actively use export controls related to the transfer of dual-use technologies, etc.
Implementation of the United States' cyber dialogue with China to enhance strategic stability. The US Department of Defense will continue discussions with China on cybersecurity and cybercrime through consultative US-China defense negotiations, including a cyber working group. The purpose of this dialogue is to reduce the risks associated with misperceptions of the values and legislation of each country and to prevent miscalculations that can contribute to escalation and destabilization. The Department of Defense supports the government's confidence-building efforts to bring US-China relations to a new level.At the same time, the US Department of Defense will continue to take concrete steps to prevent China from stealing US intellectual property, trade secrets and confidential business information.
Management and strategy
To achieve the set goals and solve the tasks defined by the strategy, it is necessary to exert all the forces and capabilities of the Ministry of Defense. The financial capabilities that the Ministry of Defense will have to implement this strategy will largely determine the face of the world for many years to come. The Ministry of Defense will effectively spend funds, use them in the most prudent and purposeful way. For this, the Ministry of Defense will take a number of practical actions.
Introduction of the post of Chief Adviser to the Secretary of Defense on Cybersecurity. In the 2014 National Defense Act, Congress required the Department of Defense to introduce the position of Chief Adviser to the Secretary of Defense, coordinating cyberspace warfare, offensive and defensive cyber operations and cyber missions, software and hardware development and procurement, and training for CMF. In addition, the Chief Adviser will be responsible for the Department of Defense's cyberspace policy and strategy. The Chief Cyber Advisor will lead the Department of Defense's cyber administration, as well as the emerging council, the Cyber Investment and Governance Council (CIMB). He will not replace or replace existing officials in the Department of Defense. He will be the only person responsible to the Secretary of Defense, Congress and the President for cybersecurity within the Department of Defense and the Chiefs of Staff Committee.
The large-scale reform and development of the entire cybersecurity system of the United States presupposes adequate measures in this direction on the part of our state and private companies. First of all, a programmatic audit of information and analytical and other systems used by Russian government agencies and business structures at the federal, regional and local levels is required. As part of such a software audit, it is necessary to check all software products, including those created by domestic companies, for the use of components and software solutions of American corporations in them. Decisions must be made to minimize the risks of cyber attacks and information leakage. Cyber warfare, which is waged with increasing intensity, which has no beginning, no end, no time or territorial restrictions, has become a reality today. The future will belong to those who can defend their national interests in cyberspace.