Ten Years In: Implementing Strategic Approaches to Cyberspace

This book represents a look beyond theories and analogies to examine the challenges of strategy implementation. In the essays that follow, practitioners who are building cyberspace forces at-scale join scholars who study power and force in this new domain to collectively offer a unique perspective on the evolution and future of cyber strategy and operations.https://digital-commons.usnwc.edu/usnwc-newport-papers/1044/thumbnail.jp

Cyber Command Needs New Acquisition Authorities

The Department of Defense acquisitions process drives how the military builds and equips its fighting forces to achieve strategic priorities set by national leadership, and it is a central element of how the military determines planning, budgeting and procurement. The overall projected budget planning process, called the Future Years Defense Program (FYDP), takes place in five-year intervals and is organized into 12 different MFP categories, each of which represents a combination of the personnel, forces and appropriated funding that together constitute a Defense Department program to achieve certain objectives. How the MFP categories are defined and organized, and which elements within the Pentagon manage the acquisition authorities associated with each MFP category, is important: These issues shape what kinds of capabilities the department can acquire for different missions and purposes

What do the Trump Administration\u27s Changes to PPD-20 Mean for Offensive Cyber Operations?

The Wall Street Journal recently reported that the Donald J. Trump administration removed some of the restrictions governing the approval process for offensive cyberattacks conducted against U.S. adversaries under Presidential Policy Directive 20 (PPD-20). With the elevation of U.S. Cyber Command to a unified combatant command in May 2018—on par with the Pentagon’s other combatant commands—the logic behind the reported revisions was that the commander of Cyber Command should have authority to take action comparable to that of other combatant command commanders

Confidence Building Meaures for the Cyber Domain

There is a growing debate among scholars and practitioners in the cyber conflict field regarding the extent to which the cyber domain is likely to be characterized by inadvertent escalatory spirals and arms races between increasingly cyber-capable states. Historically, technological innovation or geopolitical dynamics have propelled states to form confidence building measures (CBM) or create arms control regimes to institutionalize constraints on offensive military technology and guard against inadvertent conflict and escalation. We argue that cyber CBMs could blunt some of the factors that contribute to crises and escalation. Given the absence of arms control regimes for the cyber domain, cyber CBMs could be used to mitigate the risks to stability between states and possibly change the incentives that could lead to crises. In assessing current cyber confidence building initiatives, this article creates a novel framework to better understand these efforts. It also identifies limits of cyber CBMs and provides prescriptions for new steps in cyber CBMs to enhance mutual security and guard against inadvertent conflict stemming from cyber operations