Project 5: Cybersecurity Strategy, Law, and Policy Team Assignment
Instructions
The chief technology officer (CTO) has indicated that your organization has been requested by the National Security Council (NSC) to comment on the upcoming National Cybersecurity Strategy. The NSC has asked for specific recommendations as it relates to the next cybersecurity strategy, private/public partnerships, and comments on how specific technologies should be incorporated into the assessment.
The CTO has asked you to collaborate with your team to provide the organizational input.
You will be collaborating with your previously assigned team on this assignment. It is up to the team members to decide how they will plan, meet, discuss, and complete the six sections of the paper. Remember, if a member fails to complete his or her part of the work, the team is still responsible for all sections. You will also complete a peer review for yourself and for each member of the team. The peer feedback will be incorporated into each team member’s assignment grade.
*** I need to provide 2 areas below***
The papers resources are attached for each part (Part 4 Â Department of Defense (DoD) Cyber Strategy 2018 and Part 5 Â National Security Strategy (NSS) )
Part 4: Protecting Critical Infrastructure and the Homeland
· The Department of Defense (DoD) Cyber Strategy 2018 discusses the protection of critical infrastructure and the homeland.
· What does that mean to private organizations such as yours?
· If most critical infrastructure in the United States is owned by the private sector, what responsibility does the DoD have in this regard?
· Some would argue US laws are outdated and thus the DoD has little authority to assist. Others would argue US laws were purposely established such that the private sector would defend itself and not need assistance from the military. Obviously, for the DoD to assist, it would need the private organizations' data. Said another way, the DoD would need your data as a private citizen/customer of that organization. Those that believe our laws need to be updated argue giving up privacy for protection is legitimate.
· Others will argue that we should not give private information of citizens to the government for any reason. As a citizen, would you feel comfortable with this? As a private organization, would you feel comfortable giving information that may contain your customers' private data to the DoD?
· Is there a third solution (middle ground) you would propose that enables privacy but also enables cybersecurity?
Part 5: Cybersecurity Technologies
· The authors of the National Security Strategy (NSS) are looking to address particular technologies that have the opportunity to revolutionize cybersecurity. They believe that blockchain technology is a revolutionary technology that has the ability to significantly improve cybersecurity.
· What would be your recommendation for how the NSS should incorporate this technology to the public?
· Propose exactly what you believe should be written in the NSS. Specifically, explain the blockchain technology in layman's terms to nontechnical people that may be reading the NSS, give examples of how it could be used to provide revolutionary cybersecurity, include examples of how it is being used to provide cybersecurity solutions, and discuss what, if any policies or laws should be established to mandate its use in specific industries.
Notes
· While quality is valued over quantity, it is expected that a quality paper will result in a minimum length of 2 pages per part
· Use additional sources as needed and be sure to critically analyze the questions, addressing the pros and cons in your proposal.
· Use visuals where appropriate.
· You will receive an individual grade for this assignment based on your contribution to the overall project. Â
DEPARTMENT OF DEFENSE
CYBER STRATEGY
SUMMARY
This page left intentionally blank
1
D O D C Y B E R S T R A T E G Y
INTRODUCTION
American prosperity, liberty, and security depend upon open and reliable access to information. The
Internet empowers us and enriches our lives by providing ever-greater access to new knowledge,
usinesses, and services. Computers and network technologies underpin U.S. military warfighting
superiority by enabling the Joint Force to gain the information advantage, strike at long distance, and
exercise global command and control.
The a
ival of the digital age has also created challenges for the Department of Defense (DoD) and
the Nation. The open, transnational, and decentralized nature of the Internet that we seek to protect
creates significant vulnerabilities. Competitors dete
ed from engaging the United States and our allies
in an armed conflict are using cyberspace operations to steal our technology, disrupt our government
and commerce, challenge our democratic processes, and threaten our critical infrastructure.
We are engaged in a long-term strategic competition with China and Russia. These States have
expanded that competition to include persistent campaigns in and through cyberspace that pose long-
term strategic risk to the Nation as well as to our allies and partners. China is eroding U.S. military
overmatch and the Nation’s economic vitality by persistently exfiltrating sensitive information from
U.S. public and private sector institutions. Russia has used cyber-enabled information operations to
influence our population and challenge our democratic processes. Other actors, such as North Korea
and Iran, have similarly employed malicious cyber activities to harm U.S. citizens and threaten U.S.
interests. Globally, the scope and pace of malicious cyber activity continue to rise. The United States’
growing dependence on the cyberspace domain for nearly every essential civilian and military function
makes this an urgent and unacceptable risk to the Nation.
The Department must take action in cyberspace during day-to-day competition to preserve U.S.
military advantages and to defend U.S. interests. Our focus will be on the States that can pose strategic
threats to U.S. prosperity and security, particularly China and Russia. We will conduct cyberspace
operations to collect intelligence and prepare military cyber capabilities to be used in the event of crisis
or conflict. We will defend forward to disrupt or halt malicious cyber activity at its source, including
activity that falls below the level of armed conflict. We will strengthen the security and resilience of
networks and systems that contribute to cu
ent and future U.S. military advantages. We will
collaborate with our interagency, industry, and international partners to advance our mutual interests.
During wartime, U.S. cyber forces will be prepared to operate alongside our air, land, sea, and space
forces to target adversary weaknesses, offset adversary strengths, and amplify the effectiveness of
other elements of the Joint Force. Adversary militaries are increasingly reliant on the same type of
computer and network technologies that have become central to Joint Force warfighting. The
Department will exploit this reliance to gain military advantage. The Joint Force will employ offensive
cyber capabilities and innovative concepts that allow for the use of cyberspace operations across the
full spectrum of conflict.
2
D O D C Y B E R S T R A T E G Y
The 2018 Department of Defense Cyber Strategy represents the Department’s vision for addressing this
threat and implementing the priorities of the National Security Strategy and National Defense Strategy for
cyberspace. It supersedes the 2015 DoD Cyber Strategy.
The United States cannot afford inaction: our values, economic competitiveness, and military edge are
exposed to threats that grow more dangerous every day. We must assertively defend our interests in
cyberspace below the level of armed conflict and ensure the readiness of our cyberspace operators to
support the Joint Force in crisis and conflict. Our Soldiers, Sailors, Airmen, Marines, and civilian
employees stand ready, and we will succeed.
STRATEGIC COMPETITION IN CYBERSPACE
The United States’ strategic competitors are conducting cyber-enabled campaigns to erode U.S.
military advantages, threaten our infrastructure, and reduce our economic prosperity. The
Department must respond to these activities by exposing, disrupting, and degrading cyber
activity threatening U.S. interests, strengthening the cybersecurity and resilience of key potential
targets, and working closely with other departments and agencies, as well as with our allies and
partners.
First, we must ensure the U.S. military’s ability to fight and win wars in any domain, including
cyberspace. This is a foundational requirement for U.S. national security and a key to ensuring
that we deter aggression, including cyber attacks that constitute a use of force, against the United
States, our allies, and our partners. The Department must defend its own networks, systems, and
information from malicious cyber activity and be prepared to defend, when directed, those
networks and systems operated by non-DoD Defense Critical Infrastructure (DCI)1 and Defense
Industrial Base (DIB)2 entities. We will defend forward to halt or degrade cyberspace operations
targeting the Department, and we will collaborate to strengthen the cybersecurity and resilience
of DoD, DCI, and DIB networks and systems.
Second, the Department seeks to preempt, defeat, or deter malicious cyber activity targeting
U.S. critical infrastructure that could cause a significant cyber incident regardless of whether that
incident would impact DoD’s warfighting readiness or capability. Our primary role in this
homeland defense mission is to defend forward by leveraging our focus outward to stop threats
efore they reach their targets. The Department also provides public and private sector partners
with indications and warning (I&W) of malicious cyber activity, in coordination with other Federal
departments and agencies.
Third, the Department will work with U.S. allies and partners to strengthen cyber capacity,
expand combined cyberspace operations, and increase bi-directional information sharing in
order to advance our mutual interests.
3
D O D C Y B E R S T R A T E G Y
The Department’s cyberspace objectives are:
1. Ensuring the Joint Force can achieve its missions in a contested cyberspace environment;
2. Strengthening the Joint Force by conducting cyberspace operations that enhance U.S.
military advantages;
3. Defending U.S. critical infrastructure from malicious cyber activity that alone, or as part
of a campaign, could cause a significant cyber incident;31
4. Securing DoD information and systems against malicious cyber activity, including DoD
information on non-DoD-owned networks; and
5. Expanding DoD cyber cooperation with