News | May 30, 2023

Safeguarding Cyberspace: The Imperative for Reform and Rebalance

The United States (US) will most likely continue to suffer unacceptable losses in strategic competition with autocracies in cyberspace until it shapes the cyberspace domain by improving cyberspace attention, leadership, and governance, fostering a more collaborative relationship with private industry to advance digital literacy and cybersecurity, and involving more offensive cyberspace operations through integrated deterrence via defend forward and persistent engagement strategies. Allies and partners should be engaged to ensure synchronous policies. The 2023 National Cybersecurity Strategy (NCS), though appropriately advancing cybersecurity, will unlikely bend the positive slope of Intellectual Property (IP) theft, ransomware loss, malign cyber information operations (CIO), and ongoing cyberspace threats to US critical infrastructure by Russia and China. The US remains largely timid in cyberspace, especially in punishing malign actors, fearing escalation to kinetic conflict, and limits itself to cybersecurity. To date, US operations involving denial capabilities have not resulted in escalation to military conflict.

To shape the cyberspace domain to protect US and allied interests and protect US political and economic sovereignty, the United States must:

  1. Shape the cyberspace domain and out-compete its adversaries, who view their relationships with the US as zero sum.
  2. Afford the National Cyber Director (NCD) the authorities to synchronize and integrate US efforts to shape the cyberspace domain, including combating foreign information operations (IO).
  3. Invest in emerging technology and public-private partnerships to out-compete adversaries in the cyberspace domain, including expanding cyber resilience, advancing private sector cooperation through a broader cyber incident reporting base, establishing a non-DoD cyberspace Reserve Force, establishing a Federal “Hack Us” program through the Office of the NCD (ONCD) and Cybersecurity and Infrastructure Security Agency (CISA), and enacting bipartisan legislation to protect Americans from malign, foreign cyber information activities.
  4. Provide certain Federal government agencies with pre-approved authorities to engage cyberspace threats with proportional, defensive cyberspace operations to deter, disrupt, and destroy malicious cyberspace activity at its source.