Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireCybersecurity NewsGovernment: Federal, State and Local

Department of Defense overhauls cyber strategy: Experts weigh in

By Rachelle Blair-Frasier, Editor in Chief
Earth from space

Image via Unsplash

September 28, 2023

Earlier this month, the Department of Defense (DOD) released an unclassified summary of its classified 2023 Cyber Strategy which is the baseline document for how the department will operationalize priorities of the 2022 National Security Strategy, 2022 National Defense Strategy and the 2023 National Cybersecurity Strategy. The strategy builds upon the 2018 DOD Cyber Strategy and will set a new strategic direction for the DOD.

"This strategy draws on lessons learned from years of conducting cyber operations and our close observation of how cyber has been used in the Russia-Ukraine war," Assistant Secretary of Defense for Space Policy John Plumb said in a press release. "It has driven home the need to work closely with our allies, partners and industry to make sure we have the right cyber capabilities, cyber security, and cyber resilience to help deter conflict, and to fight and win if deterrence fails."

According to the summary, the DOD has conducted a “significant number of cyberspace operations through its policy of defending forward, actively disrupting malicious cyber activity before it can affect the U.S. Homeland” since 2018. The summary further states that both the People's Republic of China (PRC) and Russia have embraced malicious cyber activity.

“Globally, malicious cyber activity continues to grow in both volume and severity, impacting the U.S. Homeland and placing Americans at risk,” the summary states.

The document continues that the DOD will pursue four complementary lines of effort to address current and future cyber threats: 1. Defend the nation; 2. prepare to fight and win the nation's wars; 3. protect the cyber domain with allies and partners; and 4. build enduring advantages in cyberspace.

“The 2023 Cyber Strategy plan is a step in the right direction to overcome the asymmetric challenge of defending our nation and obtaining an asymmetric advantage in cyberspace,” said Landen Brown, Federal CTO at Symmetry Systems. “It reinforces the DOD’s commitment to defending our nation’s mission critical systems and infrastructure and that of our broader allies, as well as empowering the future by building enduring advantages in cyberspace capabilities.”

Security leaders weigh in

Jonathan Trull, Chief Security Officer and Head of Solutions Architecture at Qualys:

I was happily surprised by the direction they took with the document. The DOD is going to be extremely proactive in cyberspace based on their strategy. Being forward leaning in their approach means a lot more proactive disruption to defend our critical infrastructure. They mention more threat hunting and threat hunting with allies and taking lessons learned from the Russia-Ukraine conflict. I would expect to see the DOD take a significantly more proactive posture in the cybersecurity space.

The other thing they got right is that ultimately the success of the DOD is based on the talent they retain. Historically, the military was slow to move to adding designators for enlisted or for officers. I have firsthand experience of this, so it was great to see career progression for the cyber workforce called out specifically in the document. This needs to be one of their core priorities. It’s difficult when you have private sector companies recruiting out of the military. Calling out this effort directly in their strategy is a positive sign. Having and retaining the right people matters more than anything.

They also called out working with the science and technology community for automation and artificial intelligence-driven cyber capabilities. Over the last six months, generative AI has opened people’s eyes to what’s possible with AI. We’ve talked about this as a community for over a decade, and AI has been called the nirvana cure-all for years. I want to see AI drive automation and changes moving forward, and I’m glad they’re looking at it carefully.

The one area that’s left a little open is that the document calls out the DOD as the primary stakeholder for the Defense Industrial Base (DIB) — all the suppliers of ships, missiles and clothing for troops. Essentially, anyone that is a critical supplier. The thing that was a little surprising is that we still have critical infrastructure, civilian companies providing very significant services and they called out a lot of public-private partnerships and interagency work, but they’re not the primary department that would be responsible for defending or responding to cyberattacks in those instances. There are a few scenarios where the President could call out the DOD. In certain situations, the President can specifically call on the National Guard to help. My experience has been that this is still a fairly immature convoluted space in terms of the National Guard’s involvement in state and local issues and cyberattacks. For example, how would they engage a civilian company if they asked for assistance? There’s a lack of clarity against non-DIB entities. Who can you count on to support here? Would it be Homeland Security, would they have to coordinate with the DOD? That may be in the classified version, but it’s not clear who would be the authority to defend them.

Edward Debish, Director, Public Sector at Tanium:

The DOD highlights an imperative to fight and win the nation’s war. In this section, they discuss the need to be “resilient against malicious cyber activity and ready to operate in a contested environment."  I fully agree with this emphasis, but this thought needs to be broadened to include a line of effort to maintain “Cyberspace Lines of Communication." Much like how Sea Lines of Communication (SLOCs) are secured to ensure the free movement of maritime shipping, the DoD should focus on ensuring that in a contested environment, electronic commerce, information sharing, critical infrastructure and services, as well as warfighting networks are resilient and operational when the nation needs them most. Lastly, with China as our pacing threat, we need to maintain our Cyberspace Lines of Communication (CLOCs) in peacetime as well as war. The CLOCs are the critical enabler to all warfighting functions and the key to winning.

Landen Brown, Federal CTO at Symmetry Systems:

For the last five-plus years, the DOD has made a concerted effort to move mission critical workloads to the cloud with both success and challenges. Most challenges that have been presented this far, outside of cloud cost, have been related to monitoring, alerting and defending these mission critical systems in their new cloud domain against existing and emerging adversaries. This new domain brought new vulnerabilities and advanced exploits that adversaries continue to use, compounded by the current cloud engineering skill and viable cybersecurity solutions gap. The 2023 Cyber Strategy plan acknowledges this gap and makes investment in the cyber workforce a clear priority.

In order to defend the nation and protect the cyber domain, the approach to cybersecurity and intelligence sharing between allies and partners will need to evolve further. It is becoming more and more clear that the need for new capabilities including Zero Trust and evidence-based data security is rapidly growing. Solutions and the companies that develop them are now under a tight window to create capabilities that no longer service just a single pillar of the Zero Trust model, but instead evolve to treat Zero Trust as a fabric — covering multiple pillars simultaneously. The focus on building enduring advantages in cyberspace will require the tools and tactics to allow greater collaboration with more certainty on the security of the data being shared.

Further, it is clear from the Cyber Strategy that the solutions that our nation’s cybersecurity leaders choose are going to be under strict scrutiny to integrate with the broader ecosystem and fix the handicap that currently exists with point solutions. Holistic visibility across each mission critical domain will only be possible with innovation and integration with each other.

Gareth Lindahl-Wise, CISO at Ontinue:

As a strategy for a department focused on military operations and protection, the 2023 Defense Department Cyber Strategy makes a great deal of sense. However, what is not as clear is the link between this and the National Cybersecurity Strategy for commercial organizations and what their role will be as ‘partners.’

National governments need to incentivize the private sector.

Many organizations will weigh out what this means for them and will question how it could affect them in terms of their responsibilities to deliver components of the strategy to their ecosystems, whether they should adopt the recommendations internally and how this could impact vendors they work with.

The answers to these questions will obviously depend on what the organization does. The National Strategy makes it clear that there are expectations for larger organizations, critical infrastructure providers and ‘foundational’ providers for the digital marketplace to play a role. It will be interesting to see if some of the intent of the strategy makes its way into the realm of corporate social responsibility. Will demonstrable adoption of this strategy be a differentiator in selecting products and services? If this takes hold, market forces could supercharge adoption. This means buyers will give a clear preference to those organizations clearly executing their responsibilities to implement the strategy.

KEYWORDS: china cyber strategy national defense national security Russia security leaders

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Rachelle blairfrasier headshot white

Rachelle Blair-Frasier is Security magazine’s Editor in Chief. Blair-Frasier handles eMagazine features, as well as writes and publishes online news and web exclusives on topics including physical security, risk management, cybersecurity and emerging industry trends. She helps coordinate multimedia content and manages Security magazine's social media presence, in addition to working with security leaders to publish industry insights. Blair-Frasier brings more than 15 years of journalism and B2B writing and editorial experience to the role.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • smartwatch next to keyboard

    U.S. military members receive unsolicited smartwatches in the mail

    See More
  • US-Flag.jpg

    Former President Donald Trump injured in shooting at campaign rally

    See More
  • Claire Campbell | Chief Security Officer — Moneycorp

    Claire Campbell | Women in Security 2024

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products

Events

View AllSubmit An Event
  • March 6, 2025

    Why Mobile Device Response is Key to Managing Data Risk

    ON DEMAND: Most organizations and their associating operations have the response and investigation of computers, cloud resources, and other endpoint technologies under lock and key. 
  • August 27, 2025

    Risk Mitigation as a Competitive Edge

    In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing