The Internet enables global connectivity, communication, and innovation. It has brought increased prosperity to the United States, inaugurating new industries and revitalizing old ones. It has also helped to ensure the superiority of the Joint Force, strengthening our ability to coordinate and quickly adapt to dynamic circumstances. In this decisive decade, the success of our Nation depends upon a free, open, and secure cyberspace.
The United States is challenged by malicious cyber actors who seek to exploit our technological vulnerabilities and undermine our military’s competitive edge. They target our critical infrastructure and endanger the American people. Defending against and defeating these cyber threats is a Department of Defense (DoD) imperative.
The classified 2023 Department of Defense Cyber Strategy establishes how the Department will operate in and through cyberspace to protect the American people and advance the defense priorities of the United States. It implements the priorities of the 2022 National Security Strategy, 2022 National Defense Strategy (NDS), and 2023 National Cybersecurity Strategy. It builds upon and supersedes the 2018 DoD Cyber Strategy. This unclassified summary is intended to present the overarching priorities of the 2023 DoD Cyber Strategy and should not be considered exhaustive. The scope of this document is limited to the cyber domain; it does not establish policy for the Department’s operations in the information environment.
The 2023 DoD Cyber Strategy is grounded in real-world experience. Since 2018, the Department has conducted a significant number of cyberspace operations through its policy of defending forward, actively disrupting malicious cyber activity before it can affect the U.S. Homeland. This strategy is urther informed by Russia’s 2022 war on Ukraine, which has seen a significant use of cyber capabilities during armed conflict. In this saturated cyber battlefield, military operations conducted by states and non-state proxies have collided with the cyber defense efforts of numerous private sector actors. The conflict has demonstrated the character of war in the cyber domain. Its lessons will shape the maturation of our cyber capabilities.
The Department’s experiences have shown that cyber capabilities held in reserve or employed in isolation render little deterrent effect on their own. Instead, these military capabilities are most effective when used in concert with other instruments of national power, creating a deterrent greater than the sum of its parts. In this way, cyberspace operations represent an indispensable element of U.S. and Allied military strength and form a core component of integrated deterrence.
The Department will also use cyberspace operations for the purpose of campaigning, undertaking actions to limit, frustrate, or disrupt adversaries’ activities below the level of armed conflict and to achieve favorable security conditions. By persistently engaging malicious cyber actors and other malign threats to U.S. interests in cyberspace, U.S. Cyber Command (USCYBERCOM) will support Department-wide campaigns to strengthen deterrence and gain advantages. As it campaigns in cyberspace, the Department will remain closely attuned to adversary perceptions and will manage the risk of unintended escalation.
Our global Allies and partners are foundational to the 2023 DoD Cyber Strategy. The United States’ diplomatic and defense relationships represent a force multiplier that extends into cyberspace, enabling rapid coordination and awareness of emerging threats. To this end, we will improve our effectiveness and security in cyberspace by fostering a community of cyber-capable nations with shared interests and values. By combining international engagement with significant institutional reforms and technological investments in emerging cyber capabilities, the Department will build enduring advantages in cyberspace.
As the Department’s cyber capabilities evolve, so do those of our adversaries. Both the People’s Republic of China (PRC) and Russia have embraced malicious cyber activity as a means to counter U.S. conventional military power and degrade the combat capability of the Joint Force. The PRC in particular sees superiority in cyberspace as core to its theories of victory and represents the Department’s pacing challenge in cyberspace. Using cyber means, the PRC has engaged in prolonged campaigns of espionage, theft, and compromise against key defense networks and broader U.S. critical infrastructure, especially the Defense Industrial Base (DIB). Globally, malicious cyber activity continues to grow in both volume and severity, impacting the U.S. Homeland and placing Americans at risk.
In order to address current and future cyber threats, the Department will pursue four complementary lines of effort:
- Defend the Nation. The Department will campaign in and through cyberspace to generate insights about cyber threats. We will defend forward, disrupting and degrading malicious cyber actors’ capabilities and supporting ecosystems. The Department will work with its interagency partners to leverage available authorities to enable the defense of U.S. critical infrastructure and counter threats to military readiness.
- Prepare to Fight and Win the Nation’s Wars. The Department will campaign in and through cyberspace to advance Joint Force objectives. We will ensure the cybersecurity of the Department of Defense Information Network (DODIN) and conduct defensive cyberspace operations in order to protect it. The Department will enhance the cyber resilience of the Joint Force and ensure its ability to fight in and through contested and congested cyberspace. We will utilize the unique characteristics of cyberspace to meet the Joint Force’s requirements and generate asymmetric advantages.
- Protect the Cyber Domain with Allies and Partners. Our global Allies and partners represent a foundational strategic advantage for the United States. We will build the capacity and capability of U.S. Allies and partners in cyberspace and expand avenues of potential cyber cooperation. We will continue hunt forward operations and other bilateral technical collaboration, working with Allies and partners to illuminate malicious cyber activity on their networks. We will reinforce responsible state behavior by encouraging adherence to international law and internationally recognized cyberspace norms.
- Build Enduring Advantages in Cyberspace. The Department will pursue institutional reforms to build advantages that will persist for decades to come. We will optimize the organizing, training, and equipping of the Cyberspace Operations Forces and Service-retained cyber forces. We will ensure the availability of timely and actionable intelligence in support of cyberspace operations and explore the intersection of emerging technologies and cyber capabilities. We will foster a culture of cybersecurity and cyber awareness, investing in the education, training, and knowledge development of personnel across the defense enterprise.
As cyber threats grow and intensify, every soldier, sailor, airman, marine, guardian, coast guardsman, DoD civilian, and contractor is responsible for exercising cyber awareness and helping to manage the risk of the Department.
At the same time, senior leaders of the Department, Military Departments and Services, and the Joint Warfighting community must work together with counterparts across other Federal departments and agencies to build a robust and integrated cyber capability: one that is ready and available to respond rapidly across the spectrum of conflict.
