July 27, 2023


How America Can Defend Forward in Cyberspace

By: Caleb Larson

Given its recent track record in foreign interventionism, America’s efforts to expand offensive cyber operations should be scrutinized. From the Iraq invasion predicated on lies to the decades-long campaign in Afghanistan that ultimately failed to further any substantial strategic interest, not to mention the unfolding repeat experiment in Ukraine, America’s time abroad has been spent with a negative return on investment. Cyber operations must not fall victim to this pattern of behavior. Thankfully, there are principles that can be applied to ensure that outcome. As America embraces the concept of defending forward, it must keep national strategic interests in mind, avoid further entangling itself in forever conflicts, and embrace the unique nature of cyberwar.

The defend forward term was introduced in the 2018 release of the Department of Defense’s (DOD) Cyber Strategy. The commander of U.S. Cyber Command, Paul Nakasone, lays out the basics of the strategy with a succinct definition: “The idea is that we would operate in cyberspace outside the United States, against our adversaries before they could do harm to us.” Defending forward contains additional principles like informing allies of cyber threats, also known as persistent engagement, and putting pressure on threat actors through attribution and cost imposition. While these other two are important to achieving a secure cyberspace environment for the United States, they do not come with the prospect of unforced foreign entanglement that offensive cyber operations do.

The possibility of cyber enabled conflict escalation is acutely pronounced in the ongoing war in Ukraine. While Ukraine is not a member of NATO, there are growing talks of admitting the war-torn nation after the war is resolved (some advocate even before then). Additionally, there are NATO allied countries that are very close in proximity to Ukraine, both in distance and technical integration. The implications of a cyber attack on the declaration of Article 5 of the NATO treaty are still murky, but this ambiguity is the perfect condition for conflict to spiral out of control. Defending forward in such a precarious state could imperil the United States if Russia were to conduct its own forward cyber operations in response. The importance of defining America’s strategic interests before defending forward becomes clear. Doing so will help to confine offensive operations in such a way to prevent outright conflict with another nuclear equipped nation, a result no American wants.

Additionally, cyberspace must not devolve into another avenue for warmongers to further their ill-headed misadventures. Defending forward should be limited to preventing potential cyber attacks before their execution. It should not allow for provocations that invite additional and more invasive forms of intervention such as troop deployment. With cyberspace still having a high degree of novelty, it introduces questions on appropriate response and ethical use. These factors only compound the existing consequences that come with military operations in foreign lands. Cyber operations should also contain measurable and achievable goals. Without this key ingredient, they are at danger of being plagued by unnecessary and aimless continuation much like previous American military operations.

While cyber operations may be similar in some ways to traditional armed conflicts, they are unique in others that inform their necessary guiding principles. The most important of these aspects is attribution. Cyber operations are notoriously difficult to attribute to threat actors. Technologies involved in conducting cyber operations play a large part in helping to hide their source, as does the techniques used to obscure the activities taken. A well-equipped and highly skilled threat actor can go as far as to pin the blame for a cyber attack on an entirely different entity. By embracing the mystique of cyber operations, the United States can defend forward while reducing the risks that attribution brings.

Another differentiator in cyberspace is speed. Joshua Steinman, former senior director for cyber security in the Trump administration, relates that before his work to get National Security Presidential Memorandum-13 (NSPM-13) implemented, policy approval for cyber operations was measured in months to years. Such a lag in time between planning and implementation is not acceptable as “that’s not the way this environment works.” NSPM-13 gave the DOD authority to conduct time-sensitive cyber operations, such as interrupting the operations of a Russian troll farm involved in election interference. While cyber operations must be done with these principles in mind, they must not get bogged down in bureaucratic committee review as losing the competitive edge of speed renders them far less effective. Steinman says that to counter this, NSPM-13’s “core philosophical underpinning” is “put one person in charge” while retaining a “robust interagency review process at almost every step.”

To defend forward properly, the United States must keep certain principles at the forefront. Strategic national interests should guide all decisions. Cyberspace cannot be abused to justify aimless forever-conflicts. The unique nature of cyber operations must be embraced to both achieve these principles and avoid rendering them ineffective. The United States cannot afford to continue repeating its past military mistakes. As cyberspace emerges as a prime warfighting domain, it is vitally important to set it up for future success.