New Blog | What the Defense Department’s Cyber Strategy Says About Cyber Conflict
New blog post by Associate Fellow Jelena Vicic, with Gregory H. Winger, on Lawfare on how experience is refining the Defense Department’s approaches to key issues like cyber campaigning, escalation, and public-private relations in cybersecurity.
In September, the Department of Defense released the unclassified summary of the 2023 Cyber Strategy. The strategy builds on the strategic reorientation toward cyber persistence first introduced in 2018 but marries the framework of persistent engagement with experience. Whereas the 2018 strategy was based on theory and behavioral observations, the intervening years and especially the war in Ukraine have added practical know-how to refine America’s cyber doctrine. The 2023 strategy summary notes specifically that the U.S. has been acutely informed “by Russia’s 2022 war on Ukraine, which has seen a significant use of cyber capabilities during armed conflict.” Although many aspects of the cyber war in Ukraine remain obscure and shielded from the public eye (cyber operations are often by their nature covert), the 2023 strategy provides insights into lessons learned from the conflict that have not been directly addressed in previous U.S. government documents. Moreover, by examining the evolution from the 2018 strategy, it is possible to glean wider insights into how the war in Ukraine has influenced the Pentagon’s evolving view of strategic competition in cyberspace.