Recently, the Department of Defense presented its classified 2022 National Defense Strategy (NDS) to Congress, with an unclassified version to be forthcoming for public consumption. The purpose of the NDS is to focus on DoD’s role in implementing the President’s National Security Strategy and sets forth how DoD will contribute to protecting U.S. national interests such as the safety of the U.S. public, safeguarding U.S. prosperity, and defending democratic values. A fact sheet published by DoD highlighted four primary defense priorities: 1) defending the homeland from the threat posed by China; 2) deterring strategic attacks against the United States, as well as its Allies and partners; 3) deterring aggression while still being prepared to win in conflicts; and 4) “developing and sustaining a resilient Joint Force and defense ecosystem.”

Per the fact sheet, the DoD intends to support these priorities in three primary ways. The first is via integrated deterrence, an acknowledgment that U.S. military strength is directly tied to its diverse combat-ready and combat-tested military forces and advanced weapons systems that provide the United States substantial advantages over its adversaries across the warfighting domains (air, land, sea, space, cyber). The second way DoD intends to support these priorities is through campaigning, which essentially is how DoD’s ensures its ability to operate via its various instruments of power while reducing an adversary’s ability to do so. Finally, the DoD will build “enduring advantages” though reforms designed to develop its forces via technology acquisition and recruiting the best personnel possible.

While more particulars will be available when the unclassified version of strategy is released, looking at these priorities can help provide some indication of how cyber factors into the updated strategy. First articulated in the 2018 DoD Cyber Strategy, the U.S. Cyber Command (CYBERCOM) has implemented its “defend forward” approach, a policy designed to stop cyber threats from reaching their targets. This can come in a variety of ways ranging from providing indications and warning for stakeholders to conducting cyber missions with the intent of disrupting adversary operations. “Hunt forward” is a term that has been given these missions in which CYBERCOM teams set up in locations to directly impact threats close to their source. This has been the core cyber strategy for the past four years, and there is every indication that this will continue for the near future as its applicable to the tenants set forth in the NDS.

OODA Loop Sponsor

Since its implementation, CYBERCOM has deployed personnel to foreign nations 28 times in 16 countries in the last four years. These efforts have been intended to help partner nations shore up their cyber defenses and conduct defensive cyber operations alongside their counterparts to solidify cooperation. Notably, most of these operations have occurred since March 2020 (after U.S. found evidence of adversary malfeasance during the 2016 U.S. presidential elections), according to one official associated with the U.S. Cyber National Mission Force. It is clear that U.S. cyber mission managers believe that hunt forward activities are essential to maintaining persistent engagement in cyberspace, a key element that takes the fight to the adversaries rather than wait and react to cyber incidents.

Hunt forward operations have largely been viewed by some officials as a success though it is not well known if the achieved objectives were solely tactical in nature or if the effects of these operations had longer strategic impacts such as behavior detrrence. Determining relevant metrics for evaluating success of such missions may be difficult to establish in a domain where disrupting an adversary’s ability to operate in cyberspace is usually a short-lived endeavor as infrastructure, tools, and exploits can quickly be substituted or replaced. Still, there is positive expectation of hunt forward operations being able to impose costs on adversaries. Recently, CYBERCOM concluded a three-month deployment to Lithuania in May where they hunted for malicious cyber activity on important Lithuanian national defense systems. This marked the second mission tied to Russia’s invasion of Ukraine.

Finally, to build its enduring advantages in cyberspace, the U.S. government has been actively trying to recruit the right personnel to support its larger cyber mission. The Department of Homeland Security launched an initiative focused on attracting qualified cybersecurity professionals based on demonstrated competencies, offering competitive compensation, and shortening time to actually be hired. CYBERCOM has followed suit, recognizing talent perhaps more so than technology is required in this space. In 2018 along with the roll out of its hunt forward strategy, an authority in the National Defense Authorization Act empowered CYBERCOM to hire individuals directly and make job offers outside the traditional government hiring practices.

On all accounts, it appears that the U.S. government is making a real effort to maintain its advantage in cyberspace. Hunt forward operations have been an innovative practice that has the potential to reduce the adversary footprint in cyberspace by merging international cooperation with the ability to proactively locate and counter adversaries in the regions in which they operate. Based on these actions, it is evident that hunt operations are consistent with the strategic blueprint DoD has laid out for itself indicating that any progress will be built upon and applied across a wide range of state and nonstate adversarial groups. If these successes continue, the United States may have found a strategy that is more than just words that communicate a message. They will demonstrate that the government is practicing what it is preaching.

Related Reading:

Explore OODA Research and Analysis

Decision Intelligence

Disruptive/Exponential Technology

Security and Resiliency

Community