Professional Documents
Culture Documents
Introduction.....................................................................................................................................2
WhattheUnitedStatesWillSeektoDeter.....................................................................................3
CyberDeterrenceStrategies...........................................................................................................4
ComponentElementsofU.S.CyberDeterrencePolicy.................................................................5
DeterrencebyDenial..................................................................................................................5
Defense,Resiliency,andReconstitution................................................................................6
DeterrencebyCostImposition.................................................................................................10
MeasurestoImposeEconomicCostsonMaliciousCyberActors.......................................11
TakingLawEnforcementAction..........................................................................................11
BuildingCapabilitiestoDefendtheNationinCyberspace..................................................12
ActivitiesthatSupportDeterrence............................................................................................13
BolsteringWholeofGovernmentandWholeofNationResponseCapabilities..........14
DeclaratoryPolicyandStrategicCommunications..............................................................15
IntelligenceCapabilities........................................................................................................16
InternationalEngagement.....................................................................................................16
ResearchandDevelopment...................................................................................................18
Conclusion....................................................................................................................................18
Introduction
Overthepast30years,theUnitedStateshasbecomeincreasinglydependentoncyberspaceasa
meansoffacilitatingtheglobalflowofgoodsandservices,fosteringfreeandopenpolitical
dialogue,andsupportingawiderangeofcriticalservicessuchasthecontrolofelectricity,water,
andotherutilities.WhiletheInternethasbroughtunparalleledsocialandeconomic
opportunities,ithasalsointroduceddifficultchallengesfornationalandeconomicsecurityand
thesecurityofsensitivecorporateandpersonalinformation.Inagloballyconnectedworld,
cybersecurityisoneofthemostseriousnationalsecurityconcernsthattheUnitedStatesandits
alliesfaceinthe21stcentury.
Thegrowthofsocial,mobile,andInternettechnologiesworldwidehasbeenaccompaniedbya
proliferationofcyberrelatedrisks.Astuteandtechnicallycapableactorsperpetratefraud,theft,
disruption,manipulationand,insomecases,damagetocomputersystems,networks,ordata.
Criminals,terrorists,andnationstateadversariesareabletoexploittheUnitedStatespervasive
dependenceonvulnerabletechnologiestoalter,steal,ordestroyinformationdivertorsteal
moneygaincompetitiveadvantagesthroughintellectualpropertytheftdisruptservicesand
potentiallycripplecriticalinfrastructures.
Agreatmajorityofrisksincyberspacedonotposedirethreatstopersonalorpublicsafetyorto
1
thefunctioningofgovernment,theeconomy,orsociety.
Atthesametime,cyberattacksand
2
somekindsofmaliciouscyberactivity
particularlythoseconductedbynationstatesorhighly
capablenonstateactorsandwhichtargetcriticalinfrastructuresandkeyindustriesintheUnited
StatescanconstituteasignificantthreattoU.S.nationalsecurityandeconomicinterests.Itis
thesesignificantthreatsthattheUnitedStatesGovernmentseekstoaddressesthroughitspolicy
3
fordeterringadversariesincyberspace.
TheUnitedStatesGovernmentispursuingmulti
facetedpolicyeffortstoleverageallinstrumentsofnationalpowertocountermaliciouscyber
activitythatposessignificantthreatstothenation,andtodeternationstatesandnonstateactors
seekingtoharmtheUnitedStatesthroughcyberenabledmeans.Andwewilldosowithout
underminingtheopenandinterconnectedqualitiesthathavemadetheInternetsuchapowerful
enablerofglobaleconomicandsocialprogress.Intakingthisapproach,theAdministrationwill
continuallyrefinecurrentcapabilitiesanddevelopnewonesthatwillraisethecostsandreduce
thebenefitsofconductingmaliciouscyberactivityagainsttheUnitedStatesanditsinterests.
TheentirescopeofmaliciouscyberactivitiesisofconcerntotheUnitedStatesGovernmentandisaddressedbymany
initiatives,programs,andothereffortstosecureU.S.publicandprivatenetworks,protectpeopleandbusinesses,andholdactors
responsibleforsuchactivitiesaccountable.
2
Forthepurposeofthisdocument,a
cyberattack
referstoanattempttodenyaccessto,disrupt,disable,degrade,destroy,or
otherwiserenderinoperablecomputers,informationorcommunicationssystems,networks,orphysicalorvirtualsystems
controlledbycomputers.Althoughcyberattackscanhavearangeofdirectandindirecteffectsthatvaryintheirseverity,U.S.
deterrenceeffortsareparticularlyfocusedonthoseattacksthatcouldresultinlossoflife,harmtoU.S.criticalinfrastructure,
significantdamagetoproperty,orsignificantthreatstothenationalsecurity,foreignpolicy,oreconomichealthorfinancial
stabilityoftheUnitedStatesoritsinterests.
Maliciouscyberactivity
referstoactivitiesthatseektocompromiseorimpairthe
confidentiality,integrity,oravailabilityofcomputers,informationorcommunicationssystems,networks,physicalorvirtual
systemscontrolledbycomputers,orinformationinortransitingthroughthosecomputers,networks,orsystems.
WhattheUnitedStatesWillSeektoDeter
ItistheUnitedStatesGovernmentspolicytoutilizeallinstrumentsofnationalpowertodeter
cyberattacksorothermaliciouscyberactivitythatposeasignificantthreattothenationalor
economicsecurityoftheUnitedStatesoritsvitalinterests.Specifically,thisincludescyber
threatsthatthreatenlossoflifeviathedisruptionofcriticalinfrastructuresandtheessential
servicestheyprovideorthatdisruptorunderminetheconfidenceinortrustworthinessof
systemsthatsupportcriticalfunctions,includingmilitarycommandandcontrolandtheorderly
operationoffinancialmarketsorthatposenationallevelthreatstocorevalueslikeprivacyand
freedomofexpression.Thefollowingconcernsrepresentpriorityareastofocusdeterrence
activities.However,thislistisneitherexhaustivenorstaticandwewilladaptourprioritiesto
newthreatsandgeopoliticaldevelopments.Inparticular,theAdministrationismostconcerned
aboutthreatsthatcouldcausewidescaledisruption,destruction,lossoflife,andsignificant
economicconsequencesfortheUnitedStatesanditsinterestsincluding,butnotlimitedto:
Cyberattacksorothermaliciouscyberactivityintendedtocausecasualties.
Cyberattacksorothermaliciouscyberactivityintendedtocausesignificantdisruptionto
thenormalfunctioningofU.S.societyorgovernment,includingattacksagainstcritical
4
infrastructurethatcoulddamagesystemsusedtoprovidekeyservices
tothepublicor
thegovernment.
Cyberattacksorothermaliciouscyberactivitythatthreatensthecommandandcontrolof
U.S.militaryforces,thefreedomofmaneuverofU.S.militaryforces,orthe
infrastructureonwhichtheU.S.militaryreliestodefendU.S.interestsandcommitments.
Maliciouscyberactivitythatunderminesnationaleconomicsecuritythroughcyber
enabledeconomicespionageorsabotage.Suchactivityunderminesthefairnessand
transparencyofglobalcommerceasU.S.competitorsstealdevelopingtechnologies,win
contractsunfairly,orstealinformationtomanipulatemarketsandbenefittheircompanies
directly.
Maliciousactorsemployvarioustacticsforattacking,exploiting,ordisruptingnetworks,
systems,anddata.Adversariesseekingtopenetratewellprotected,isolated,orhardened
networkslikethoseusedbymanyU.S.entitiestoperformcriticalnationalsecurityand
economicfunctionsmayuseacombinationoftechnologyandhumanenabledoperational
tradecraft.Althoughthefullspectrumofoperationalcapabilitiesrequiresresources,persistence,
andaccesstotechnologicalexpertise,noneofthesemethodsaresolelywithinthepurviewof
nationstates.Keymethodsinclude:
PresidentialPolicyDirective21(PPD21)onCriticalInfrastructureSecurityandResilienceidentifies16criticalinfrastructure
sectorsofkeyimportancetotheUnitedStatesGovernment:chemical,commercialfacilities,communications,critical
manufacturing,dams,defenseindustrialbase,emergencyservices,energy,financialservices,foodandagriculture,government
facilities,healthcareandpublichealth,informationtechnology,nuclearreactors,materials,andwaste,transportationsystems,
andwaterandwastewatersystems.
Remotecyberoperations
gainaccesstotargetmachines,networks,andinformation
throughcyberspace.Theseactivitiesdependontechnicalvulnerabilitiesinnetworksand
individualcomputers,improperconfigurations,andunmitigatedhumanerror.Many
remoteoperationsalsodependonthelikelihoodthatunwittingvictimswillaccepta
messageorfilewithembeddedmalicioussoftware(malware)thatcompromisestheir
systems.
Supplychainoperations
seektoexploitaccesstoproductsandservicesprovidedtothe
intendedvictim.Theseoperationscanoccuratanypointinaproductlifecycle:design
manufacturingdistributionmaintenanceorupgrades,andcantargeteverythingfrom
microcomponentstoentiresystems.
Closeaccessoperations
mayattempttointerceptunprotectedwirelesscommunications
andotheremanationsnearatargetedsystem,includinghiddenemissionsfrom
compromisedhardwareorhosts.
Insiders
eitherknowinglyorunwittinglyprovideknowledgeaboutthetargetednetwork,
solicitinformationfromotherpeople,corruptsystemsordata,orinfluencedecisionsby
thetargetorganization.Wittinginsidersstealportablemediaanddocumentsorinstall
devicesorsoftwarethatfacilitatesinformationgatheringandtheft.
CyberDeterrenceStrategies
Deterrenceseekstoconvinceadversariesbymeansofinfluenceovertheirdecisionmaking
nottotakeactionsthatthreatenimportantnationalinterests.Influenceisachievedbycredibly
demonstratingtheabilityandwillingnesstodenybenefitsorimposecoststoconvincethe
adversarythatrestraintwillresultinbetteroutcomesthanwillconfrontation.Butcyber
deterrenceintheInformationAgeissubstantiallydifferentfromColdWareraconceptsintended
todetertheuseofweaponsofmassdestruction.TheColdWarwascharacterizedbyasmall
numberofnationstateswhopossessednuclearweaponsandwerealliedwitheithertheUnited
StatesortheSovietUnioninabipolarinternationalsystem.Today,theUnitedStatespossesses
dominantmilitarycapabilities,butisasymmetricallydependentoncyberspaceandfaceshighly
capablestateandnonstateadversariesthathavethecapability,expertise,andintenttoconduct
significantcyberattacksagainstus.Further,manycybertoolsaredualormultipleuseandcan
enableaspectrumofmaliciouscyberactivity.Andfinally,cybertoolsandoperationscanbe
developedwithfewerresourcesthanconventionalmilitarycapabilities,affordbroadoperational
reachatrelativelylowrisk,andareplausiblydeniablecharacteristicsthatsimultaneously
createdemandforsuchcapabilitiesandlowerthethresholdforbuildingthem.
Cyberspacealsohasdistinctivecharacteristicsincludingitsglobalandinterconnectednature,
largelyprivateownership,potentialforanonymity,andlowbarrierstoentryforthosewhowish
tocausedamagethatposechallengesfordeterrencethataredifferentinkindandscopethan
deterrenceinmoretraditionalareas.Complicatingmattersfurther,potentialadversariesin
cyberspacemaynothaveequalcapabilitiesandeachsideisunlikelytoknowtheextentofthe
otherscapabilities.WhiletheUnitedStatesabilitytoattributeacyberattacktoaspecificactor
throughlongtermanalysishasimproveddramaticallyinrecentyears,allowingformalicious
5
actorstobeheldresponsiblefortheiractions,highconfidenceattribution
inrealtimeremains
difficult.Andfinally,maliciouscybertoolscanbeusedtoachievemultipleaimsfrom
harassmenttodisruptionanddonotcausethedestructiveimpactthatcouldbeachievedby
employingweaponsofmassdestruction.Toaccountforthedistinctivecharacteristicsofthe
cyberthreat,theUnitedStatesGovernmentistakingamultidisciplinaryapproachtodeveloping
thestrategiesandtacticsofcyberdeterrence.
ComponentElementsofU.S.CyberDeterrencePolicy
Giventhecharacteristicsofcyberspace,U.S.experiencesintheareasofcounterterrorismand
counterproliferationarehighlyrelevant.TheAdministrationhaslearnedinthosecontextsthat
animportantmeansofcounteringanasymmetryincapabilitiesandinformationistoadopta
broadconceptofdeterrencethatusesawholeofgovernmentapproachtobringallelementsof
nationalpowertobearonaparticularthreat.Similarly,theUnitedStatescyberdeterrence
policyreliesonallinstrumentsofnationalpowerdiplomatic,information,military,economic,
intelligence,andlawenforcementaswellaspublicprivatepartnershipsthatenhance
informationsecurityforU.S.citizens,industry,andthegovernment.Ourtargeteduseofthese
instrumentsisintendedtocreate
uncertainty
inadversariesmindsabouttheeffectivenessofany
maliciouscyberactivitiesandtoincreasethecostsandconsequencesthatadversariesfaceasa
resultoftheiractions.
Deterrencebydenial
effortsaimtopersuadeadversariesthattheUnitedStatescan
thwartmaliciouscyberactivity,therebyreducingtheincentivetoconductsuchactivities.
Tomakethesedeterrenceeffortscredible,wemustdeploystrongdefensesandarchitect
resilientsystemsthatrecoverquicklyfromattacksorotherdisruptions.
TheUnitedStatesisalsopursuing
deterrencethroughcostimposition
.Thesemeasures
aredesignedtoboththreatenandcarryoutactionstoinflictpenaltiesandcostsagainst
adversariesthatchoosetoconductcyberattacksorothermaliciouscyberactivityagainst
theUnitedStates.SuchmeasurestakeadvantageoftheUnitedStatesGovernments
abilityandwillingnesstorespondtocyberattacksthroughallnecessarymeans,as
appropriateandconsistentwithapplicableinternationallaw.Suchmeasuresinclude,but
arenotlimitedto,pursuinglawenforcementmeasures,sanctioningmaliciouscyber
actors,conductingoffensiveanddefensivecyberoperations,projectingpowerthrough
air,land,sea,andspace,and,afterexhaustingallavailableoptions,tousemilitaryforce.
DeterrencebyDenial
Pursuing
defense,resiliency,andreconstitution
initiativestoprovidecriticalnetworks
withagreatercapabilitytopreventorminimizetheimpactofcyberattacksorother
maliciouscyberactivity,andreconstituterapidlyifattackssucceed.
Forthepurposeofthisdocument,
attribution
isdefinedasthecapabilitytodeterminetheidentityorlocationofthose
responsibleforconductingordirectingcyberattacksorothermaliciouscyberactivity.
Building
strongpartnershipswiththeprivatesector
topromotecybersecuritybest
practicesassistinbuildingpublicconfidenceincybersecuritymeasuresandlend
credibilitytonationaleffortstoincreasenetworkresiliency.
Althoughachievingahighdegreeofcertaintyinatimelymannercanprovedifficult,the
UnitedStatesiscontinuallyimprovingourabilitytoattributemaliciouscyberactivitiesandwill
holdmaliciousactorsaccountablefortheiractions.ButtheUnitedStatesabilitytosuccessfully
deterstateandnonstatesponsoredcyberthreatsmustalsorelyatleastasmuchondefensive
strategiesthatraisetechnologicalandotherbarriersasonthecredibleknowledgethattheUnited
Statescanandwillappropriatelyrespondtosuchthreats.Inparticular,thereshouldbecertainty
aboutthefactthat,eveninthefaceofsophisticatedcyberthreats,theUnitedStatescanmaintain
robustdefenses,ensureresilientnetworksandsystems,andimplementarobustresponse
capabilitythatcanprojectpowerandsecureU.S.interests.
Defense,Resiliency,andReconstitution
TheUnitedStatesGovernmentrecognizesthatsomenetworksandinfrastructureaswellasthe
missionstheysupportaremorecriticalthanothersandshouldbeprotectedaccordingly.As
such,theAdministrationscyberdeterrencepolicyseekstodemonstratethestrengthof
governmentandprivatesectornetworkdefensestocreatedoubtthatsuchactivitywouldsucceed
orhavethedesiredeffects.Sucheffortstochangeanadversarysriskbenefitcalculushavethe
potentialtolimitperceivedoptionsandcanbepursuedindependentofattribution.
Tostrengthencollectivenetworkdefenses,theUnitedStatesGovernmentcollaborateswiththe
privatesectortoidentifykeysystemsthatmustbeprotectedandtoimplementbestpracticesin
cybersecurity.TheAdministrationisalsoimprovinginformationsharingofcyberthreat
indicatorsacrossgovernmentsectorsandbetweenthegovernmentandprivatesector.Further,
theUnitedStatesGovernmentinvestsheavilyinimprovingitsowninformationsecurityand
ensuringtheresiliencyofvitalcomputersystemsandnetworks,includingdevelopingtheability
toreconstitutethemrapidly,operatethemindegradedstates,orfunctionwithoutthemif
necessary.
IdentifyingandProtectingKeyCriticalInfrastructure
Toaddressthisissue,theDepartmentofHomelandSecurity(DHS)wastaskedin2013with
implementingSection9ofE.O.13636,whichstates:
Within150daysofthedateofthisorder,theSecretaryshalluseariskbasedapproachto
identifycriticalinfrastructurewhereacybersecurityincidentcouldreasonablyresultin
catastrophicregionalornationaleffectsonpublichealthorsafety,economicsecurity,or
nationalsecurity.
Tomakethisidentification,DHSconsultedwithownersandoperatorsrepresentingall16critical
infrastructuresectorsaswellasSectorSpecificAgencies,SectorCoordinatingCouncils,
GovernmentCoordinatingCouncils,independentregulatoryagencies,andsubjectmatter
experts.Thiscollaborationandresearchidentifiedasmallsubsetofentitiesinseveralcritical
infrastructuresectorswhereacybersecurityincidentanditssecondorthirdordereffectscould
resultincatastrophicregionalornationaleffectsonpublichealthorsafety,economicsecurity,or
nationalsecurity.DHSwillcontinuetoworkwithappropriatestakeholderstoreviewandupdate
thislistonanannualbasis.
Basedontheseresults,DHSandotherelementsoftheUnitedStatesGovernmenthave
developedinfrastructureandprocessesfordisseminatingspecificandtargetedcybersecurity
threatinformationtotheidentifiedcriticalinfrastructureownersandoperators.Thisinformation
isusedtodetectandpreventintrusionattemptsfromarangeofcyberadversaries.DHSisalso
workingwithabroadersetofcriticalinfrastructureownersandoperatorstounderstandthe
potentialcascadingeffectsfromacyberattackagainsttheirnetworksandsystems.Theseefforts
areimprovingtheprivatesectorsabilitytodetectandpreventintrusionattempts,aswellas
recoverfromarangeofcyberincidents.Thispublicprivatecollaborationisalsoshapingthe
governmentsplanning,mitigation,andresponseeffortsintheeventofsignificantcyber
incidents.
SharingThreatInformation
Sharedsituationalawarenessofcyberthreatsandindicatorsofmaliciouscyberactivity
includinginformationonthoseresponsibleprovidesnetworkdefenderstheopportunitytoclose
knownvulnerabilitiesbeforetheycanbefullyexploited.Accordingly,theUnitedStates
Governmentisexpandingitsexistinginformationsharingmechanismswithinthegovernment
andwiththeprivatesector.Muchhasbeendonethroughtheexpansionofexistingprograms,
includingtheDefenseIndustrialBaseCybersecurityandInformationAssuranceProgramDHSs
EnhancedCybersecurityServicesprogramtheProtectedCriticalInfrastructureInformation
programandengagementwiththeprivatesector,butadditionalworkremains.
Asafirststep,theAdministrationisworkingtolowerperceivedandrealbarriersto
appropriateinformationsharingunderexistingauthorities.Asoneexample,theDepartmentof
Justice(DOJ)andtheFederalTradeCommissioninApril2014releasedguidanceindicating
thatantitrustlawdoesnotbarappropriatecybersecurityinformationsharingbetween
companies.ButlongtermeffortstoimproveU.S.cybersecuritywillrequirelegislationthat
allowsindustrytoreadilysharecybersecurityinformationwiththegovernmentonanational
scaleandinacoordinatedmanner.TheAdministrationwillcontinuetoworkwiththeCongress
onlegislationthatclarifiesthetypesofcybersecuritythreatandincidentinformationthatcan
beshared,particularlyfromtheprivatesectortogovernment,andbyjointlydevelopingor
supportingthemechanismstofacilitate
sharing.Specifically,theAdministrationwillcontinuetopursuelegislationthatencouragesthe
privatesectortosharecyberthreatinformationwithDHSsNationalCybersecurityand
CommunicationsIntegrationCenter(NCCIC).TheNCCICwillhavetheresponsibilityfor
sharingthatinformationinnearrealtimewithrelevantfederalagenciesandwithprivate
sectordevelopedandoperatedInformationSharingandAnalysisOrganizations(ISAOs).To
incentivizeprivatesectorinformationsharing,theAdministrationscurrentlegislativeproposal
providestargetedliabilityprotectionforcompaniesthatshareinformationwitheithertheNCCIC
orISAOs.
AlloftheAdministrationseffortsoncybersecurityinformationsharingwillalsoseektoensure
thatprivacyandcivillibertiesaresafeguardedandpreservetherespectiverolesandmissionsof
civilianandintelligenceagencies.UndertheAdministrationscurrentlegislativeproposal,
privateentitiesthatshareinformationwiththeFederalgovernmentwillhavetocomplywith
certainprivacyrestrictionssuchasremovingunnecessarypersonalinformationandtaking
measurestoprotectanypersonalinformationthatmustbesharedinordertoqualifyforliability
protection.TheproposalfurtherrequiresDHSandtheAttorneyGeneral,inconsultationwith
thePrivacyandCivilLibertiesOversightBoardandothers,todevelopreceipt,retention,use,
anddisclosureguidelinesforthefederalgovernment.
PromotingBestPracticesthroughtheCybersecurityFramework
InFebruary2013,PresidentObamasignedExecutiveOrder(E.O.)13636onImprovingCritical
InfrastructureCybersecuritythat,amongotheractions,directedtheNationalInstituteof
StandardsandTechnology(NIST)toleadaprocesstodevelopatemplateofcybersecuritybest
practices.InFebruary2014,NISTreleasedthefirstversionofthetemplate,theCybersecurity
Framework(Framework),thatreferencesgloballyrecognizedstandardsandpracticestohelp
organizationsunderstand,communicate,andmanagetheircyberrisks.
U.S.companieshavebeguntoadoptandimplementtheFrameworkacrossmanydifferent
6
sectorsoftheeconomy.
Thisadoptionmeansthatmanyorganizationsareraisingtheiroverall
cybersecuritybaselinebyimplementingstandardsbasedmeasurestoprotecttheirmostsensitive
information,closeknownvulnerabilitiesintheirnetworks,andinvestinthehardwareand
softwarenecessaryforbasiccyberdefense.TheAdministrationwillcontinuetopromotethe
adoptionoftheFrameworkasakeymeansofimprovingU.S.cyberdefensesand,byextension,
decreasingadversariesperceptionsofthebenefitstobegainedfromengaginginmalicious
cyberactivitiesagainstU.S.computersandnetworks.
DefendingAgainstInsiderThreats
Inthewakeofotherunauthorizeddisclosuresofclassifiedinformation,includingtheWikiLeaks
incidentandleaksofU.S.intelligenceprogramswhichbothcenteredoninsidercompromiseof
Asoneexample:Intel,Apple,BankofAmerica,U.S.Bank,PacificGas&Electric,AIG,QVC,Walgreens,andKaiser
PermanenteannouncedtheircommitmentstousetheFrameworkattheWhiteHouseSummitonCybersecurityand
ConsumerProtectiononFebruary13,2015.
sensitive computer networks the United States Government has increased itsattentionto
policies and actions that strengthen the safeguarding of classified information vitaltoU.S.
nationalsecurityandreduceinsiderthreats.InOctober2011,PresidentObamaissuedE.O.
13587directingstructuralreformstoensureresponsiblesharingandsafeguardingofclassified
informationandestablishingtheSeniorInformationSharingandSafeguardingSteering
Committee(theSteeringCommittee),theExecutiveAgentforSafeguarding,andtheNational
InsiderThreatTaskForce(NITTF).
TheSteeringCommittee,cochairedbyseniorrepresentativesoftheOfficeof
ManagementandBudgetandtheNationalSecurityCouncilstaff,ensuresseniorlevel
accountabilityacrossdepartmentsandagenciesforimplementingpoliciesandstandards
regardingthesharingandsafeguardingofclassifiedinformationoncomputernetworks.
TheExecutiveAgentforSafeguarding,underthejointleadershipoftheSecretaryof
DefenseandtheDirectoroftheNationalSecurityAgency,isdevelopingeffective
technicalsafeguardingpoliciesandstandardsaddressingthesafeguardingofnational
securitysystemsandclassifiedinformationwithinthesesystems.
TheNITTF,underjointleadershipoftheAttorneyGeneralandtheDirectorofNational
Intelligence,bringstogethersecurity,counterintelligence,andinformationassurance
expertsfromacrossthegovernmenttodevelopagovernmentwideinsiderthreatprogram
fordeterring,detecting,andmitigatinginsiderthreats,includingcompromisesof
classifiedinformation.
BolsteringGovernmentNetworkDefenses
TheFederalgovernmentcontinuestoimprovethesecurityofitsinformationandsystems
throughbroadimplementationofcybersecuritycapabilitiesandservicesdesignedtodetectand
preventmaliciouscyberactivitiesaswellasmanageinternalnetworksandsystemsmore
effectivelyandsecurely.Althoughtheseeffortsareexpandingrapidly,manyUnitedStates
Governmentownedsystemsandnetworksremainvulnerable.Toaddressthatchallenge,the
Administrationisholdingdepartmentsandagenciesaccountableforimprovingtheirnetwork
7
defensesthroughtheCybersecurityCrossAgencyPrioritygoal.
Indoingso,theUnitedStates
Governmentissettingclearcybersecuritygoalsfordepartmentsandagencies,andholdingthem
accountableforachievingoutcomesagainstthosegoals.Concurrently,theAdministrationis
improvingthegovernmentsabilitytotrackspendingoncybersecurityacrossthegovernmentto
strengthenthelinkagebetweenresourcesandresults.
InadditiontoprotectingFederalnetworks,theDepartmentofDefense(DOD)iscontinuingto
bolsterthenetworkdefensesusedbythemilitaryandcompaniesoftheDefenseIndustrialBase
TheCrossAgencyPrioritygoalframeworkwasestablishedbytheGPRAModernizationActof2010andisusedtoaccelerate
progressonalimitednumberofPresidentialpriorityareaswhereimplementationwillrequirecollaborationandcoordinated
actionbymultipledepartmentsandagencies.EachgoalhasanamedseniorleaderbothwithintheExecutiveOfficeofthe
Presidentandwithinkeydepartmentsandagencies.AdditionalinformationontheCrossAgencyPrioritygoalsforcybersecurity
canbefoundhere:
http://www.performance.gov/capgoalslist/.
toprotectmillionsofnetworkeddevicesandthousandsofenclavesthathouseclassifiedand
unclassifiedmilitaryinformation.TheU.S.CyberCommand,inconjunctionwiththeService
CyberComponents,theNationalSecurityAgency,andtheDefenseInformationSystems
Agency,monitorsthefunctioningofDODnetworksandroutinelyprovidesthreatand
vulnerabilityinformationtotheoperatorsofthosenetworks.TheDepartmentofDefenseisalso
workingtomodernizetheoverallarchitectureanddefensesofitsnetworksbybuildingtheJoint
InformationEnvironment(JIE),whichwillprovidesecureInternetcommunicationsand
intelligencethroughtheuseofasharedinfrastructure,enterpriseservices,andasinglesecurity
architecture.
Inadditiontodefensivemeasures,theUnitedStatesGovernmentmustalsoensuretheresiliency
ofitsnetworks,systemsanddata.Todoso,theAdministrationhasimplementedpolicies
intendedtoimprovetheFederalgovernmentsabilitytoidentifyandrespondtoincidents,and
reconstituterapidlyifattackssucceed.In2013,theAdministrationissuedPresidentialPolicy
Directive21(PPD21)onCriticalInfrastructureSecurityandResilience,whichfocusedon
advancinganationalunityofefforttostrengthenandmaintainsecure,functioning,andresilient
criticalinfrastructure.E.O.13636,whichwasissuedatthesametimeasPPD21,furthered
effortstoprotectcriticalinfrastructure.E.O.13636requirementinformationsharingoncyber
threatsamongFederalagenciesandwiththeprivatesectorandthroughthedevelopmentofthe
CybersecurityFramework,whichanumberofFederalagenciesareseekingtoadopt.Such
effortstoimprovecybersecurityinformationsharingandriskmanagementwithinthe
governmentcanstrengthenbothsituationalawarenessandindicationsandwarning,whichin
turncanhelpgovernmentnetworkdefendersprepareforattacksandimprovetheresilienceof
governmentsystems.Finally,Federaldepartmentsandagenciesarealsomakingcybersecurity
anincreasinglyprominentcomponentoftheircontinuityofoperationsplanning.
DeterrencebyCostImposition
Developingoptionstoimpose
economiccosts
onmaliciouscyberactors.
Pursuingappropriate
lawenforcement
actionsto(1)investigateandprosecute
cybercriminalsresponsibleforstealinginformationfromtheprivatesectororgovernment
orcompromising,disrupting,ordestroyingU.S.computersandnetworksand(2)deny
adversariesaccesstoinfrastructureusedtoconductmaliciouscyberactivity.
Asnecessary,developingappropriatemilitaryoptionsto
defendthenation
fromcyber
attacks.
ConsistentwiththeAdministrations2011
InternationalStrategyforCyberspace
,andin
accordancewithrightsestablishedunderinternationallaw,theUnitedStatesGovernment
reservestherighttouseallnecessarymeansdiplomatic,informational,military,andeconomic
todefendthenationandU.S.interestsfrommaliciouscyberactivities.Justbecauseanattack
takesplaceincyberspacedoesnotmeanthatalawfulandappropriateresponsemustbe
conductedthroughcybermeans.Norisadirectresponsealwaysthemostappropriateand
proportionalresponse.Instead,theUnitedStatesmustmaintainaspectrumofresponse
capabilitiesthatprovidethePresidentandseniorU.S.leaderswithoptionsthatcanbetailoredto
particularadversaries,theimpactofthemaliciousactivities,andthelevelofcertaintyregarding
attribution.
MeasurestoImposeEconomicCostsonMaliciousCyberActors
Economictoolsmayofferoptionsforimposingcostsonmaliciouscyberactorsanddeterring
certaincyberthreats,particularlyfromadversarieswhoseektoundermineU.S.economic
securitybyillicitlyobtainingtradesecrets,includingintellectualproperty,orcontrolled
technology.Whenappropriateandwarranted,theAdministrationwillpursueactionstoimpose
economiccostsonthemaliciouscyberactorsresponsibleforsuchactivity,includingwhensuch
activityconstitutesaviolationofinternationaltraderulesortherulesoftheWorldTrade
Organization.
Inparticular,financialsanctionscanofferaneffectivetoolforrespondingtocyberattacks.In
responsetoNorthKoreasdestructiveandcoercivecyberattackinNovember2014whichwas
intendedtoharmaU.S.businessandsuppressfreespeechtheAdministrationannouncednew
sanctionsoncertainNorthKoreanactors.Further,inApril2015thePresidentissuedanew
ExecutiveOrderauthorizingtheimpositionofsanctionsonindividualsandentitieswhosecyber
enabledactivitieshavecontributedtoasignificantthreattothenationalsecurity,foreignpolicy,
oreconomichealthorfinancialstabilityoftheUnitedStates.Inestablishingthisnewpolicy,the
Administrationiscreatingameansofimposingeconomiccostsagainstnotjustthosethat
conductcyberattacks,butthoseresponsibleforsupporting,enabling,ororderingsuchattacks.
TheUnitedStatesGovernmenthasusedthesetoolsformanyyearstoaddressotherpolicy
challengesandwillcontinueapplythem,asappropriate,todeterandrespondtocyberthreatsas
well.
TakingLawEnforcementAction
Lawenforcementcanalsobeaneffectivedeterrenttocyberthreatsboththroughdenial(e.g.,
takingdownacriminalbotnetthatcouldbeusedinanattack)orcostimposition(e.g.,arresting
theperpetratorsofcyberattacks).Althoughinvestigationandprosecutionischallenginginthe
cybercontext,theUnitedStatesGovernmentusesthistooleffectivelytodisruptanddegrade
adversarycybercapabilities.Thelawenforcementcommunityroutinelyinvestigates
unauthorizedintrusionsandattacksoncomputersandnetworksusingtraditionalinvestigative
techniques,forensictools,undercoveroperations,confidentialhumansources,andlawfully
authorizedsurveillanceallofwhichhelpidentifyindividualsandgroupswhoposecyber
threats.
Investigating,Prosecuting,andDisruptingMaliciousCyberActivity
Sincethereisanindividualororganizationbehindeveryintrusion,U.S.lawenforcement
agenciesareacriticalelementoftheUnitedStatesGovernmentscyberincidentresponse
mechanism.TheyregularlyopeninvestigationsintomaliciouscyberactivitytargetingU.S.
victims,and,whentheevidencesupportsit,theDepartmentofJusticeprosecutesthose
responsiblefortheiractions,consistentwiththePrinciplesofFederalProsecution.Successful
investigationsandprosecutionsimposedirectcostsonmaliciouscyberactors,aswellasstates
thatmaysupportorharborthem,andservetodeterpersonsororganizationsfromcontinuingto
conductsuchactivity.
Asjustoneexampleofsuchaction,inMay2014theDepartmentofJusticeobtainedan
indictmentoffiveuniformedmembersoftheChinesePeoplesLiberationArmyforcomputer
hacking,aggravatedidentitytheft,economicespionage,andtradesecrettheft.Theseoffenses
weredirectedatsixvictimsintheU.S.nuclearpower,metals,andsolarproductsindustries.
Throughthecontinueduseofsuchlawenforcementactions,theUnitedStatesGovernmentcan
reducetheriskofcyberthreatsbydemonstratingthattherearerealconsequencestomalicious
cyberactivitywhetherornotthoseresponsibleareassociatedwithaforeigngovernment.
Lawenforcementcanalsodenyadversariesaccesstotheinfrastructureusedtoconduct
maliciouscyberactivitiesagainsttheUnitedStates.Forexample,ifanadversarydevelopsand
usesabotnetthatthreatenstooractuallydisruptsakeypublicservice,lawenforcementagencies
maynotonlyinvestigateandprosecutetheallegedperpetrators,butalsodisruptthebotnetitself.
Usinglawenforcementauthoritiesandcapabilities,theUnitedStatesGovernmentwillcontinue
toinvestigateanddisruptmaliciouscyberactivity,andtoprosecuteindividualswhocommit
cybercrimesagainsttheUnitedStates.Suchsuccessfullawenforcementeffortscandeterthose
whowouldconsiderusingcybermeanstocausepeoplephysicalharm,ortodisruptthe
functioningofsociety,government,orkeypublicservices.
BuildingInternationalCapacitytoCombatCybercrime
Combatingcybercrimeisnotonlyadomesticissue.Manyadversariesuseforeignbased
infrastructuretostagetheirintrusionsordisruptiveactivities.ItisintheUnitedStatesinterest
toassistothercountriesinbuildingthecapacitytoinvestigate,prosecute,anddisruptsuch
criminalactivity.TheUnitedStatesishelpingothercountriesdevelopthesecapabilitiesthrough
U.S.ledtrainingprogramsonsubjectsasvariedasdevelopingcyberrelatedlegalframeworks
andusingcomputerforensicstoinvestigatecrimes.Additionally,theUnitedStatesGovernment
isencouragingothercountriestoaccedetotheBudapestConventiononCybercrimeandusing
theConventionsstructureasabasisforcapacitybuildingefforts.Thatframeworkincludes
threekeyconcepts:(1)ensuringlawenforcementagencieshavetheauthoritiesandtoolsto
investigatecybercrimeandtodealwithelectronicevidence(2)enactingsubstantivecybercrime
lawsand(3)usingmechanismslikethe24/7NetworkonHighTechCrimetoensureeffective
andtimelyinternationalcooperation.TheUnitedStatesGovernmentismakingarenewedpush
toincreasethenumberofpartiestotheBudapestConvention,andtoincreasethemembershipof
the24/7Networkforlawenforcementpointsofcontact.Fiftythreecountrieshavesignedthe
BudapestConventionwithfortyfourofthoseratifyingitintodomesticlaw.Collectively,the
Administrationseffortsaremakingheadwayinbuildingthecooperativerelationshipsnecessary
topursuecriminalcyberactorswherevertheyresideandbringthemtojustice,thusadding
anotherdeterrenttothosewhoconstituteasignificantthreattoournationalsecurityand
economicinterests.
BuildingCapabilitiestoDefendtheNationinCyberspace
TheUnitedStatesGovernmentsfirstpreferenceistousenetworkdefense,lawenforcement
measures,economicactions,anddiplomacytodefendagainst,todeter,andtodeescalatecyber
incidents.Whendefenseanddeterrenceeffortsareinsufficient,however,theUnitedStates
Governmentmusthavethecapabilityandcapacitytodefendthenationincyberspace.The
UnitedStatesGovernmentwillbeprepared,ifdirectedbythePresident,touseallnecessary
means,includingmilitary,torespondtoacyberattackonthenation.
Tosupportthisoperationalrequirement,theDepartmentofDefenseestablishedU.S.Cyber
CommandinOctober2010toconsolidateU.S.militarycybercapabilitiestomeetcyberthreats.
U.S.CyberCommand,inconjunctionwiththecombatantcommands,isnowbuildingahighly
capableforce.TheCyberMissionForceiscapableoffullspectrumcyberoperations,andit
plansandpreparesonanongoingbasistodefendthenation.InSeptember2013,U.S.Cyber
CommandactivatedtheheadquartersforitsCyberNationalMissionForce,oneofthreedistinct
8
forces
that could rapidly react to a cyber attack on thenation. In taking thesesteps,the
Department of Defense is creatingcredibleandreliableoptionsforthePresidenttodeter
adversariesfromattackingincyberspaceandtodefendthenationfromcyberattacks.
Further,theDepartmentofDefenseisable,ifdirected,toconductoperationsincyberspace,
includingoffensivecyberoperations.PresidentialPolicyDirective20providesapolicy
frameworktogoverntheconductofsuchcyberoperations.EventhoughtheUnitedStates
Governmentisnotlimitedtorespondingtoacyberattackthroughcyberspace,thereareunique
advantagestosuchasymmetricalresponse.Cyberoperationscanbenarrowlytailoredtotarget
theprecisesystemorsystemsthatareperpetratinganattackagainsttheUnitedStates.Further,
themethodsforneutralizingamalicioussystemcanbesufficientlyprecisesoastominimize
collateraleffects.DevelopingthesecapabilitiesdoesnotmeantheUnitedStatesismilitarizing
cyberspace,anymorethanhavinganavymilitarizestheoceans.However,adversaries
contemplatingtestingU.S.resolveshouldunderstandthattheUnitedStatesmay,in
circumstanceswherenetworkdefenseandlawenforcementmeasuresareinsufficient,usecyber
operationstodefendournationandourinterests.
ActivitiesthatSupportDeterrence
Bringinga
wholeofgovernmentandwholeofnationapproach
tocyberincident
responseandnationallevelevents.
Promotinganuancedandgraduated
declaratorypolicyandstrategiccommunications
thathighlighttheUnitedStatesGovernmentcommitmenttousingitscapabilitiesto
defendagainstcyberattacks,butremainsambiguousonthresholdsforresponseand
consequencestodiscouragepreemptionormaliciouscyberactivitiesjustbelowthe
thresholdforresponse.
Furtherdeveloping
intelligence
capabilitiesthatimproveourabilitytoattributeandact
againstmaliciouscyberactivities,tounderstandadversariesplansandintentions,to
TheothertwoforcesaretheCyberCombatMissionForce,whichsupportsoperationalneedsofcommanders,andtheCyber
ProtectionForce,whichdefendstheDepartmentofDefenseInformationNetwork(DoDIN).
identifyU.S.targetsperceivedasbeingofvaluetotheadversary,andtocounter
adversaryactivities.
Bolstering
internationalengagement
toestablishnormsofstatebehaviorincyberspace,
improvecollectivenetworkdefenses,fostercooperationincounteringcybercrime,
enhancealliances,andcreateconsensusregardingappropriateresponsesforcyberattacks
againstcriticalinfrastructure.
Conducting
researchanddevelopment
toreduceandultimatelyeliminateadversaries
asymmetricadvantageovernetworkdefenders,todevelopnewcapabilitiestomonitor
anddetectadversaryactivity,topursueadversariesincyberspace,andtocounter
adversaryactivityinameasurableway.
BolsteringWholeofGovernmentandWholeofNationResponseCapabilities
Asthepaceandscaleofcyberincidentshasincreasedexponentially,theUnitedStates
Governmentrecognizesthatcyberriskscanbesignificantlyreduced,butnoteliminated.
Further,nooneelementofthegovernmenthasthecapacityorauthoritynecessarytodealwith
thethreatalone.EachFederaldepartmentoragencycanbringparticularexpertisetobearonthe
issue.TheDepartmentofStateusesitsrelationshipswithforeigngovernmentstocoordinate
policyresponses.TheDepartmentofJusticeandtheFederalBureauofInvestigation(FBI)bring
considerableinvestigative,prosecutorial,andlawenforcementcapabilitiesandauthorities.DHS
hasanintimateknowledgeofU.S.criticalinfrastructure,significantexpertiseinincident
responseandmitigation,andthedeeprelationshipswiththeprivatesectornecessarytoprotect
criticalinfrastructureandrespondtocyberattacks.TheUnitedStatesSecretServicehas
expertiseregardinglargescalecyberfraudinvestigationsthatmayhavenationalimplications.
ImmigrationandCustomsEnforcement,HomelandSecurityInvestigationsinvestigates
cybercrimerelatedtotheonlinetheftofintellectualproperty,exportcontrolleddataandmany
othercyberenabledcrimesincludingchildexploitation,andcybersmugglingincluding
undergroundmarketplaces.Economicagencies,includingtheDepartmentofCommerce,the
DepartmentoftheTreasury,theOfficeoftheUnitedStatesTradeRepresentativecanleverage
theirunderstandingofeconomicandmarketforces,aswellastheirrespectiveauthorities,to
enacteconomicsanctions,enforcetradelaws,andtakeotheractionsagainstmaliciousactors.
AndSectorSpecificAgencieshaveuniqueinsightintosectorsoftheeconomythatcouldbe
threatenedbymaliciouscyberactivities.Thesecapabilities,matchedwiththeexpertiseofthe
IntelligenceCommunityandtheDepartmentofDefense,reflectawholeofgovernment
approachtoidentify,mitigate,anddefendagainstcyberincidentsandnationallevelevents.
Inaddition,theAdministrationhasputinplacemechanismsthatensuredepartmentsand
agenciesarecombiningtheircapabilitiesandresourcesintoeffective,coordinatedresponsesto
maliciouscyberactivity.Asoneexample,in2014,theWhiteHousebeganusingtheCyber
ResponseGroup,orCRGmodeledonthehighlyeffectiveandlongstandingCounterterrorism
SecurityGrouptohandlecertainincidentresponsecoordinationtasks.TheCRGfocuseson
sharingthreatinformation,malwaresignatures,plansofstateandnonstateactors,and
coordinatingresponsesacrossthegovernment.Maliciousactorsareincreasinglywillingto
intrudeintopublicandprivatenetworksforthepurposeofdestructivecyberattacks,andthe
Administration viewsforumsforagileinteragencycoordination,liketheCRGasalinchpinin
the governments response capabilities. InstandinguptheCRGandsimilarmechanisms,the
Administration seeks to shareknowledgeabout ongoingthreatsandattacksandcoordinateall
elementsofthegovernmentsresponseatthehighestlevels.
Intakingthiswholeofgovernmentapproach,theAdministrationisworkingtoestablishclear
lanesofresponsibilityforFederaldepartmentsandagencies,buildthecommunicationschannels
necessaryfornearrealtimesituationalawareness,andbolstergovernmentengagementwiththe
privatesectorsothatcompaniesknowwhomtocontactwhenfacedwithacyberthreat.Allof
theseeffortsareaimedatimprovingthegovernmentsabilitytounderstandthenatureofagiven
cyberincidentandtomakerapiddecisionsaboutwhetherandhowtorespondtocyberincidents
ofsignificantnationalconcern.
DeclaratoryPolicyandStrategicCommunications
Regardlessofthemethodofdeterrence,clearandfrequentsignalingtoadversariesthattheir
actionswouldbeorareunacceptablewillincreasethelikelihoodthattheUnitedStates
successfullydeterssomemaliciouscyberactivities.Suchsignalingcanbedirectorindirect,
privateorpublic.However,theUnitedStatesmustmaintainconsistentandcrediblemessages
andmessengers,anddevelopthesharedsituationalawarenessnecessarytodeterminewhetheran
adversaryreceivedthesignalandinterpreteditcorrectly.Tothatend,thewholeofgovernment
consultativeprocess,constantcollaborationwiththeprivatesector,andinternational
coordinationallincreasethelikelihoodthatthesignalingcomponentoftheU.S.deterrenteffort
issuccessful.
ConsistentcommunicationofU.S.policyisalsoanecessarycomponentincreatingaglobal
environmentwhereactivitiesandtheirimplicationsareunderstoodbyalliesandadversaries.
TheAdministrationspublicstatementshavesoughttoexplainU.S.viewson,andemphasizethe
importanceof,internationalcooperationoncyberissues.TheUnitedStateshasissuedclear
statementsinthepastregardingtheU.S.intentiontorespondasnecessaryandappropriateto
cyberthreats.However,theUnitedStatesGovernmentwillremainambiguousinitsstatements
onthresholdsforresponseandconsequencesofcyberthreatsinordertodiscouragepreemption
ormaliciouscyberactivitiesjustbelowthethresholdforresponse.TheAdministrationwill
considerwhethertospeakmoreopenlyaboutwhetherandhowtheUnitedStatesmightrespond
tomaliciouscyberactivities,althoughsuchpublicdiscussionwillrequirecarefullybalancing
suchtransparencyagainstintelligenceandmilitaryequities.
Beyonddeclaratorypolicy,theUnitedStateswillalsousestrategiccommunicationsasa
deterrencetool.Insomecases,theAdministrationmayhighlightinvestigations,criminal
charges,successfulprosecutions,orotherlawenforcementactivitiesthatenhancetheU.S.
deterrenceposture.Bypublicizingsuchcases,theUnitedStatesensuresthatmaliciouscyber
actorsunderstandthatsuchactionswillincursignificantcosts.TheUnitedStatesGovernment
mayalsosendmessagesthroughdiplomaticorotherchannelstoforeignadversariesasawarning
thattheUnitedStatescanattributeandwillrespondtomaliciouscyberactivitiesasnecessaryto
protectourinterests.Inmoreextremescenarios,theUnitedStatesmayintensifythisstrategic
messaginganddemonstrateourresolvethroughstrongermeasures,includingsanctionsor
militaryposturing.
IntelligenceCapabilities
Intelligencecollection,analysis,andoperationsareessentialtotheUnitedStatesGovernments
effortstodetercyberthreats.EverymemberoftheU.S.IntelligenceCommunityplaysakey
roleinidentifyingthemostthreateningcyberadversaries,whattargetstheythreaten(including
criticalinfrastructure),theirdecisioncalculus,andopportunitiestocountersuchactivity.To
augmentthoseefforts,theAdministrationhasestablishedtheCyberThreatIntelligence
IntegrationCenter(CTIIC)toconnectthedotsregardingmaliciousforeigncyberthreatstothe
nationandcyberincidentsaffectingU.S.nationalinterests.TheCTIICwillsupporttheU.S.
governmentcentersresponsibleforcybersecurityandnetworkdefenseaswellasfacilitateand
supporteffortsbythegovernmenttocounterforeigncyberthreats.Inperformingthismission,
theCTIICwillplayakeysupportroletoothergovernmentagencieseffortstoidentify,
investigate,anddefendagainstcyberattacksandothermaliciouscyberactivity.TheUnited
StatesGovernmentwillcontinuetouseitsintelligencecapabilitiesinawaythatoptimally
protectsU.S.nationalandeconomicsecuritywhilesupportingforeignpolicy,protectingprivacy
andcivilliberties,andbuildingandmaintainingthepublictrust.
InternationalEngagement
Globalrelianceonnetworkedcomputersystemsshouldencourageallnationstocooperate
togetherinmutualselfinteresttodetercyberthreats.Effectiveinternationalcollaborationon
cyberdeterrencewillrequiretheUnitedStatestoshareitsperspectiveonthethreatenvironment
withalliesandinternationalpartners,leadthewayindevelopingandpromulgatingnormsof
statebehaviorincyberspace,andsupportinternationalpartnerseffortstosecuretheirown
networks.TheUnitedStatesGovernmentisalsoworkingwithitscounterpartsaroundtheworld
toenhancedeterrencebyexpandingbilateralandmultilateraldefenseandsecurityrelationships
toincludegreatercooperationintheareasofnetworkdefense,informationsharing,incident
response,andresiliency.Intakingtheseactions,theUnitedStatesintendstoformagroupof
likemindedstatesthattogetherseektodetercyberaggressionandtoenhanceglobaleconomic
securitywhilesustaininganopenandinteroperableglobalInternetforallusers.
NormsofStateBehaviorinCyberspace
Justasinthekineticrealm,internationalconsensusaboutwhatlevelofcyberattackcouldbe
consideredanarmedattackunderinternationallawdoesnotyetexist.However,theUnited
Stateshasbeensuccessfulinbuildinginternationalconsensusthatinternationallawdoesapply
tostateactivitiesincyberspace.
Endorsementof,andadherenceto,specificnormsofstatebehaviorincyberspacecouldfurther
buildmutualconfidencethatnationsarenotthreateningeachotherwithcripplingcyberattacks.
Suchnormswouldalsosocializestandardsofbehaviorincyberspaceconsistentwitheach
nationssecurityinterestsanddeveloptheinternationalsupportnecessaryforcollectiveactionto
counterbadactors.Byactingtogethertodevelopandenforcesuchnorms,theUnitedStatesand
AStateshouldnotconductorknowinglysupportonlineactivitythatintentionally
damagescriticalinfrastructureorotherwiseimpairstheuseofcriticalinfrastructureto
provideservicestothepublic.
AStateshouldnotconductorknowinglysupportactivityintendedtopreventnational
computersecurityincidentresponseteams(CSIRTs)fromrespondingtocyberincidents.
AStateshouldalsonotuseCSIRTstoenableonlineactivitythatisintendedtodoharm.
AStateshouldcooperate,inamannerconsistentwithitsdomesticlawandinternational
obligations,withrequestsforassistancefromotherstatesininvestigatingcybercrimes,
collectingelectronicevidence,andmitigatingmaliciouscyberactivityemanatingfromits
territory.
PromotingTrustandTransparencyintheInternationalCommunityandSupportforPartners
TheUnitedStatesGovernmentseekstoexpanditscyberengagementwithalliesand
internationalpartnersthroughdiplomaticengagementsledbytheDepartmentofState,law
enforcementpartnershipsledbytheDepartmentofJusticeandtheFederalBureauof
Investigation,informationsharingandincidentresponsepartnershipsledbytheDepartmentof
HomelandSecurityandtheFBI,andmilitarytomilitarycooperationledbytheDepartmentof
Defense.TheUnitedStatesGovernmenthasheldwholeofgovernmentdialoguesoncyber
issueswithmultiplelikemindedcountries,includingBrazil,Germany,India,Japan,South
Korea,andourMiddleEast,NordicandBalticStatepartners.Wewillalsocontinue,as
appropriate,toengageRussia,China,andothercountriestoexploreavailablemechanismsfor
cybersecuritycooperationandcontinueddialogueonpolicydifferences.Suchdialogues
reinforceotherpolicyeffortsthatsupportcyberdeterrencebycreatinganenvironmentwhere
partiescanexplorenewavenuesofcooperationandbuildtransparencymeasurestoreducethe
riskofmiscalculationinresponsetoacyberincident.Indoingso,theUnitedStatesGovernment
isbuildingtheframeworkforaninternationalcommunitywheretheincentivestocooperatein
cyberspacecounterbalanceintentionstoattack.
Reducingtheuncertaintyassociatedwithcertainaspectsofcyberspaceisakeyelementofthis
framework.Theasymmetricadvantagesgrantedtomaliciouscyberactorsrewardcompetition,
notcooperation,amongnationstates.Tocombatthisriskandcreatetheconditionsnecessary
fordeterrencetobesuccessfultheUnitedStatesGovernmentispursuingbilateraland
multilateraltrustandtransparencymeasurestoreducetheriskofescalationandunintended
consequencesthatcouldresultfromapoorlyunderstoodcyberincident.TheUnitedStatesis
leadingthewayontheseissuesinternationallytheAdministrationconcludedthefirstever
bilateralcyberconfidencebuildingmeasureswithRussiainJune2013andledtheeffort
todevelopthefirstsetofmultilateralconfidencebuildingmeasuresintheOrganization
forSecurityandCooperationinEurope.
Trustisnotonlybuiltthroughthesestrategicengagements,butalsothroughdaytoday
interactionandcooperationbetweentheanalystswhoprotectcomputernetworks.Such
interactionsimproveunderstandingbetweennationsandprovidevaluableinsightintohow
internationalpartnersthinkaboutcyberspace,divideresponsibilitiesforcyberoperations,and
respondtocyberincidents.Routinework,suchascooperationandinformationsharing
betweencomputersecurityincidentresponseteams,buildsrelationshipsandtrustthatserveas
anoperationalfoundationforstrategictrustandtransparency.DHSandtheFBIregularlywork
withtheirinternationalpartnerstoshareinformationonincidentsofconcernand,when
appropriate,worktogethertoinvestigateandmitigateincidents.Andmultipledepartmentsand
agenciesareexpandingtheireffortstosupportDHSsabilitytosharenetworkdefense
informationwithover200foreigncomputersecurityincidentresponseteamsandbuildinglong
termcooperativerelationshipswithmanyofthoseorganizations.
ResearchandDevelopment
U.S.adversarieswillcontinuetodevelopnewmeansofbypassingnetworkdefenses.Tokeep
pace,theUnitedStatesGovernmentmustevolveanddevelopinnovativesolutionstomake
cyberspaceresilienttofuturethreats.TheAdministrationseekstoshapethefutureof
cybersecuritythroughacomprehensiveplanandinvestmentstrategytodevelopthetools,
techniques,andnationalworkforcenecessarytocontinuetoimprovetheresilienceofU.S.
computers,networks,andcriticalinfrastructureandprovidenewtechnologicaloptionsfor
deterringmaliciouscyberactivities.
TheAdministrationisprioritizingresearch,development,andtechnologytransitiontoreshape
thesecuritylandscapebyeliminatingthecurrentadvantageofintrudersincyberspacewhile
makingitinherentlymoresecure.Theprimaryfocusforgovernmentresearchinvestmentison
makingthehardware,software,andoperations,transactions,activities,andbusinesspracticesin
cyberspacesecurebydefault.OneexampleofsucheffortsistheUnitedStatesGovernments
collaborationwiththeprivatesectoronimplementingthe
NationalStrategyforTrustedIdentities
inCyberspace
,whichseekstoreplacepasswordswithmoresecure,convenient,andprivacy
enhancingwaysofaccessingInternetservicesand,indoingso,eliminateoneofthekey
vulnerabilitiesusedbyadversariestogainaccesstocomputersandnetworks.
Conclusion
Thirtyyearsago,fewunderstoodthatthefreeflowofinformationincyberspacewouldbevital
toinnovationandglobalprosperity.Norwasitobviousthatmaliciousactivityconducted
throughcyberspacecouldthreatenpublicsafetyandwelfareandtheUnitedStatesnationaland
economicsecurity.Thesethreatsarenowwidelyrecognized,anditisequallyclearthatthey
willremainanenduringpartofthethreatlandscapefacedbytheUnitedStates.Governments,
businesses,andindividualsincreasingdemandforanduseofonlineanddigitalserviceswill
continuetopresentattractivetargetsforthosewhomightwishtodousharm.Theconvergence
oftelecommunicationsandcomputernetworks,increaseduseofwirelesstechnology,and
increasedconnectivitybetweencriticalinfrastructureandtheInternetarefactorsthatcreate
additionalenablersforcyberattacks.Andnationstatesalmostcertainlywillcontinuetoperceive
cyberattacksandothermaliciouscyberactivityasanasymmetric,plausiblydeniableoptionfor
pursuingnationalsecurityandforeignpolicyobjectives.
TheUnitedStatesGovernmentiscommittedtoidentifyinganddefendingagainstcyberattacks
andothermaliciouscyberactivityandtodeterringthosewhochoosetoconductsuchactivity.In
doingso,wewilluseallnecessaryandappropriateinstrumentsofnationalpowertoprotectour
interestsandtopreserveanopen,interoperable,secure,andreliablecyberspace.AcredibleU.S.
cyberdeterrentwillrequiresustainedeffortsbyallelementsofthegovernmenttopursuing
policiesandcapabilitiesthatimprovenetworkdefenses,bolstertheNationscyberresiliency,
andprovideoptionsforimposingcostsonmaliciouscyberactors.Thispolicydocumentoffers
aninitialroadmapfortheUnitedStatesGovernmentsdepartmentsandagenciestoidentifytheir
roleintheUnitedStatescyberdeterrenceefforts,toexecuteonspecificlinesofeffort,andto
developplansforthefuture.