Armed and Ready: The Pentagon’s Assertive New Cyber Strategy

When the U.S. Department of Defense released its latest cyber strategy last week, it laid more than just another brick in the edifice of cybersecurity that the government has been building for decades. Coming just a few weeks after President Barack Obama’s Executive Order setting out a policy framework for sanctioning malicious cyber actors, the new strategy marks a significant evolution in Washington’s understanding and approach to providing security in the digital age. That’s because it comes with a warning to potential adversaries: The United States will no longer only be reactive in its cyber defenses, as the Pentagon will be armed and ready to retaliate against cyberattacks or even strike first to pre-empt them. The strategy is careful to note, however, that the U.S. seeks to exhaust all network defense and law enforcement options before moving to cyber operations.

The new strategy builds on an earlier approach announced in July 2011 that focused on how the Pentagon would operate in cyberspace. That document’s initiatives included treating cyberspace as an operational domain and revolved around a primary mission of defending Defense Department networks. The Pentagon planned to do the latter with new operational concepts, partnering with other agencies, building relationships with international partners and exploiting national innovation capabilities—that is, working with Silicon Valley and other parts of the private sector. Thematically, it was a defensive strategy, downplaying the importance of the adversary’s decision-makers and accepting that the tactical battle would occur on networks of an adversary’s choosing.


The full (paywalled) article is available at

Partner & Fellow Blogs