You are on page 1of 35

Contents

Introduction.....................................................................................................................................2

WhattheUnitedStatesWillSeektoDeter.....................................................................................3
CyberDeterrenceStrategies...........................................................................................................4

ComponentElementsofU.S.CyberDeterrencePolicy.................................................................5

DeterrencebyDenial..................................................................................................................5
Defense,Resiliency,andReconstitution................................................................................6

DeterrencebyCostImposition.................................................................................................10

MeasurestoImposeEconomicCostsonMaliciousCyberActors.......................................11
TakingLawEnforcementAction..........................................................................................11

BuildingCapabilitiestoDefendtheNationinCyberspace..................................................12

ActivitiesthatSupportDeterrence............................................................................................13
BolsteringWholeofGovernmentandWholeofNationResponseCapabilities..........14

DeclaratoryPolicyandStrategicCommunications..............................................................15

IntelligenceCapabilities........................................................................................................16
InternationalEngagement.....................................................................................................16

ResearchandDevelopment...................................................................................................18

Conclusion....................................................................................................................................18

Introduction

Overthepast30years,theUnitedStateshasbecomeincreasinglydependentoncyberspaceasa
meansoffacilitatingtheglobalflowofgoodsandservices,fosteringfreeandopenpolitical
dialogue,andsupportingawiderangeofcriticalservicessuchasthecontrolofelectricity,water,
andotherutilities.WhiletheInternethasbroughtunparalleledsocialandeconomic
opportunities,ithasalsointroduceddifficultchallengesfornationalandeconomicsecurityand
thesecurityofsensitivecorporateandpersonalinformation.Inagloballyconnectedworld,
cybersecurityisoneofthemostseriousnationalsecurityconcernsthattheUnitedStatesandits
alliesfaceinthe21stcentury.

Thegrowthofsocial,mobile,andInternettechnologiesworldwidehasbeenaccompaniedbya
proliferationofcyberrelatedrisks.Astuteandtechnicallycapableactorsperpetratefraud,theft,
disruption,manipulationand,insomecases,damagetocomputersystems,networks,ordata.
Criminals,terrorists,andnationstateadversariesareabletoexploittheUnitedStatespervasive
dependenceonvulnerabletechnologiestoalter,steal,ordestroyinformationdivertorsteal
moneygaincompetitiveadvantagesthroughintellectualpropertytheftdisruptservicesand
potentiallycripplecriticalinfrastructures.

Agreatmajorityofrisksincyberspacedonotposedirethreatstopersonalorpublicsafetyorto
1
thefunctioningofgovernment,theeconomy,orsociety.
Atthesametime,cyberattacksand
2
somekindsofmaliciouscyberactivity
particularlythoseconductedbynationstatesorhighly
capablenonstateactorsandwhichtargetcriticalinfrastructuresandkeyindustriesintheUnited
StatescanconstituteasignificantthreattoU.S.nationalsecurityandeconomicinterests.Itis
thesesignificantthreatsthattheUnitedStatesGovernmentseekstoaddressesthroughitspolicy
3
fordeterringadversariesincyberspace.
TheUnitedStatesGovernmentispursuingmulti
facetedpolicyeffortstoleverageallinstrumentsofnationalpowertocountermaliciouscyber
activitythatposessignificantthreatstothenation,andtodeternationstatesandnonstateactors
seekingtoharmtheUnitedStatesthroughcyberenabledmeans.Andwewilldosowithout
underminingtheopenandinterconnectedqualitiesthathavemadetheInternetsuchapowerful
enablerofglobaleconomicandsocialprogress.Intakingthisapproach,theAdministrationwill
continuallyrefinecurrentcapabilitiesanddevelopnewonesthatwillraisethecostsandreduce
thebenefitsofconductingmaliciouscyberactivityagainsttheUnitedStatesanditsinterests.

TheentirescopeofmaliciouscyberactivitiesisofconcerntotheUnitedStatesGovernmentandisaddressedbymany
initiatives,programs,andothereffortstosecureU.S.publicandprivatenetworks,protectpeopleandbusinesses,andholdactors
responsibleforsuchactivitiesaccountable.
2

Forthepurposeofthisdocument,a
cyberattack
referstoanattempttodenyaccessto,disrupt,disable,degrade,destroy,or
otherwiserenderinoperablecomputers,informationorcommunicationssystems,networks,orphysicalorvirtualsystems
controlledbycomputers.Althoughcyberattackscanhavearangeofdirectandindirecteffectsthatvaryintheirseverity,U.S.
deterrenceeffortsareparticularlyfocusedonthoseattacksthatcouldresultinlossoflife,harmtoU.S.criticalinfrastructure,
significantdamagetoproperty,orsignificantthreatstothenationalsecurity,foreignpolicy,oreconomichealthorfinancial
stabilityoftheUnitedStatesoritsinterests.
Maliciouscyberactivity
referstoactivitiesthatseektocompromiseorimpairthe
confidentiality,integrity,oravailabilityofcomputers,informationorcommunicationssystems,networks,physicalorvirtual
systemscontrolledbycomputers,orinformationinortransitingthroughthosecomputers,networks,orsystems.

Although the principal focus of theUnitedStates Governmentscyberdeterrenceeffortsfocusprincipallyonsignificantthreats


to U.S. interests,theframeworkoutlinedin thisreport, includingthe wholeofgovernmentapproach,alsoservesto deter lesser
threats,generallythroughnonmilitarymeans.

WhattheUnitedStatesWillSeektoDeter

ItistheUnitedStatesGovernmentspolicytoutilizeallinstrumentsofnationalpowertodeter
cyberattacksorothermaliciouscyberactivitythatposeasignificantthreattothenationalor
economicsecurityoftheUnitedStatesoritsvitalinterests.Specifically,thisincludescyber
threatsthatthreatenlossoflifeviathedisruptionofcriticalinfrastructuresandtheessential
servicestheyprovideorthatdisruptorunderminetheconfidenceinortrustworthinessof
systemsthatsupportcriticalfunctions,includingmilitarycommandandcontrolandtheorderly
operationoffinancialmarketsorthatposenationallevelthreatstocorevalueslikeprivacyand
freedomofexpression.Thefollowingconcernsrepresentpriorityareastofocusdeterrence
activities.However,thislistisneitherexhaustivenorstaticandwewilladaptourprioritiesto
newthreatsandgeopoliticaldevelopments.Inparticular,theAdministrationismostconcerned
aboutthreatsthatcouldcausewidescaledisruption,destruction,lossoflife,andsignificant
economicconsequencesfortheUnitedStatesanditsinterestsincluding,butnotlimitedto:

Cyberattacksorothermaliciouscyberactivityintendedtocausecasualties.

Cyberattacksorothermaliciouscyberactivityintendedtocausesignificantdisruptionto
thenormalfunctioningofU.S.societyorgovernment,includingattacksagainstcritical
4
infrastructurethatcoulddamagesystemsusedtoprovidekeyservices
tothepublicor
thegovernment.

Cyberattacksorothermaliciouscyberactivitythatthreatensthecommandandcontrolof
U.S.militaryforces,thefreedomofmaneuverofU.S.militaryforces,orthe
infrastructureonwhichtheU.S.militaryreliestodefendU.S.interestsandcommitments.

Maliciouscyberactivitythatunderminesnationaleconomicsecuritythroughcyber
enabledeconomicespionageorsabotage.Suchactivityunderminesthefairnessand
transparencyofglobalcommerceasU.S.competitorsstealdevelopingtechnologies,win
contractsunfairly,orstealinformationtomanipulatemarketsandbenefittheircompanies
directly.

Maliciousactorsemployvarioustacticsforattacking,exploiting,ordisruptingnetworks,
systems,anddata.Adversariesseekingtopenetratewellprotected,isolated,orhardened
networkslikethoseusedbymanyU.S.entitiestoperformcriticalnationalsecurityand
economicfunctionsmayuseacombinationoftechnologyandhumanenabledoperational
tradecraft.Althoughthefullspectrumofoperationalcapabilitiesrequiresresources,persistence,
andaccesstotechnologicalexpertise,noneofthesemethodsaresolelywithinthepurviewof
nationstates.Keymethodsinclude:

PresidentialPolicyDirective21(PPD21)onCriticalInfrastructureSecurityandResilienceidentifies16criticalinfrastructure
sectorsofkeyimportancetotheUnitedStatesGovernment:chemical,commercialfacilities,communications,critical
manufacturing,dams,defenseindustrialbase,emergencyservices,energy,financialservices,foodandagriculture,government
facilities,healthcareandpublichealth,informationtechnology,nuclearreactors,materials,andwaste,transportationsystems,
andwaterandwastewatersystems.

Remotecyberoperations
gainaccesstotargetmachines,networks,andinformation
throughcyberspace.Theseactivitiesdependontechnicalvulnerabilitiesinnetworksand
individualcomputers,improperconfigurations,andunmitigatedhumanerror.Many
remoteoperationsalsodependonthelikelihoodthatunwittingvictimswillaccepta
messageorfilewithembeddedmalicioussoftware(malware)thatcompromisestheir
systems.

Supplychainoperations
seektoexploitaccesstoproductsandservicesprovidedtothe
intendedvictim.Theseoperationscanoccuratanypointinaproductlifecycle:design
manufacturingdistributionmaintenanceorupgrades,andcantargeteverythingfrom
microcomponentstoentiresystems.

Closeaccessoperations
mayattempttointerceptunprotectedwirelesscommunications
andotheremanationsnearatargetedsystem,includinghiddenemissionsfrom
compromisedhardwareorhosts.

Insiders
eitherknowinglyorunwittinglyprovideknowledgeaboutthetargetednetwork,
solicitinformationfromotherpeople,corruptsystemsordata,orinfluencedecisionsby
thetargetorganization.Wittinginsidersstealportablemediaanddocumentsorinstall
devicesorsoftwarethatfacilitatesinformationgatheringandtheft.

CyberDeterrenceStrategies

Deterrenceseekstoconvinceadversariesbymeansofinfluenceovertheirdecisionmaking
nottotakeactionsthatthreatenimportantnationalinterests.Influenceisachievedbycredibly
demonstratingtheabilityandwillingnesstodenybenefitsorimposecoststoconvincethe
adversarythatrestraintwillresultinbetteroutcomesthanwillconfrontation.Butcyber
deterrenceintheInformationAgeissubstantiallydifferentfromColdWareraconceptsintended
todetertheuseofweaponsofmassdestruction.TheColdWarwascharacterizedbyasmall
numberofnationstateswhopossessednuclearweaponsandwerealliedwitheithertheUnited
StatesortheSovietUnioninabipolarinternationalsystem.Today,theUnitedStatespossesses
dominantmilitarycapabilities,butisasymmetricallydependentoncyberspaceandfaceshighly
capablestateandnonstateadversariesthathavethecapability,expertise,andintenttoconduct
significantcyberattacksagainstus.Further,manycybertoolsaredualormultipleuseandcan
enableaspectrumofmaliciouscyberactivity.Andfinally,cybertoolsandoperationscanbe
developedwithfewerresourcesthanconventionalmilitarycapabilities,affordbroadoperational
reachatrelativelylowrisk,andareplausiblydeniablecharacteristicsthatsimultaneously
createdemandforsuchcapabilitiesandlowerthethresholdforbuildingthem.

Cyberspacealsohasdistinctivecharacteristicsincludingitsglobalandinterconnectednature,
largelyprivateownership,potentialforanonymity,andlowbarrierstoentryforthosewhowish
tocausedamagethatposechallengesfordeterrencethataredifferentinkindandscopethan
deterrenceinmoretraditionalareas.Complicatingmattersfurther,potentialadversariesin

cyberspacemaynothaveequalcapabilitiesandeachsideisunlikelytoknowtheextentofthe
otherscapabilities.WhiletheUnitedStatesabilitytoattributeacyberattacktoaspecificactor

throughlongtermanalysishasimproveddramaticallyinrecentyears,allowingformalicious
5
actorstobeheldresponsiblefortheiractions,highconfidenceattribution
inrealtimeremains
difficult.Andfinally,maliciouscybertoolscanbeusedtoachievemultipleaimsfrom
harassmenttodisruptionanddonotcausethedestructiveimpactthatcouldbeachievedby
employingweaponsofmassdestruction.Toaccountforthedistinctivecharacteristicsofthe
cyberthreat,theUnitedStatesGovernmentistakingamultidisciplinaryapproachtodeveloping
thestrategiesandtacticsofcyberdeterrence.

ComponentElementsofU.S.CyberDeterrencePolicy

Giventhecharacteristicsofcyberspace,U.S.experiencesintheareasofcounterterrorismand
counterproliferationarehighlyrelevant.TheAdministrationhaslearnedinthosecontextsthat
animportantmeansofcounteringanasymmetryincapabilitiesandinformationistoadopta
broadconceptofdeterrencethatusesawholeofgovernmentapproachtobringallelementsof
nationalpowertobearonaparticularthreat.Similarly,theUnitedStatescyberdeterrence
policyreliesonallinstrumentsofnationalpowerdiplomatic,information,military,economic,
intelligence,andlawenforcementaswellaspublicprivatepartnershipsthatenhance
informationsecurityforU.S.citizens,industry,andthegovernment.Ourtargeteduseofthese
instrumentsisintendedtocreate
uncertainty
inadversariesmindsabouttheeffectivenessofany
maliciouscyberactivitiesandtoincreasethecostsandconsequencesthatadversariesfaceasa
resultoftheiractions.

Deterrencebydenial
effortsaimtopersuadeadversariesthattheUnitedStatescan
thwartmaliciouscyberactivity,therebyreducingtheincentivetoconductsuchactivities.
Tomakethesedeterrenceeffortscredible,wemustdeploystrongdefensesandarchitect
resilientsystemsthatrecoverquicklyfromattacksorotherdisruptions.

TheUnitedStatesisalsopursuing
deterrencethroughcostimposition
.Thesemeasures
aredesignedtoboththreatenandcarryoutactionstoinflictpenaltiesandcostsagainst
adversariesthatchoosetoconductcyberattacksorothermaliciouscyberactivityagainst
theUnitedStates.SuchmeasurestakeadvantageoftheUnitedStatesGovernments
abilityandwillingnesstorespondtocyberattacksthroughallnecessarymeans,as
appropriateandconsistentwithapplicableinternationallaw.Suchmeasuresinclude,but
arenotlimitedto,pursuinglawenforcementmeasures,sanctioningmaliciouscyber
actors,conductingoffensiveanddefensivecyberoperations,projectingpowerthrough
air,land,sea,andspace,and,afterexhaustingallavailableoptions,tousemilitaryforce.

DeterrencebyDenial

Pursuing
defense,resiliency,andreconstitution
initiativestoprovidecriticalnetworks
withagreatercapabilitytopreventorminimizetheimpactofcyberattacksorother
maliciouscyberactivity,andreconstituterapidlyifattackssucceed.

Forthepurposeofthisdocument,
attribution
isdefinedasthecapabilitytodeterminetheidentityorlocationofthose
responsibleforconductingordirectingcyberattacksorothermaliciouscyberactivity.

Building
strongpartnershipswiththeprivatesector
topromotecybersecuritybest
practicesassistinbuildingpublicconfidenceincybersecuritymeasuresandlend
credibilitytonationaleffortstoincreasenetworkresiliency.

Althoughachievingahighdegreeofcertaintyinatimelymannercanprovedifficult,the
UnitedStatesiscontinuallyimprovingourabilitytoattributemaliciouscyberactivitiesandwill
holdmaliciousactorsaccountablefortheiractions.ButtheUnitedStatesabilitytosuccessfully
deterstateandnonstatesponsoredcyberthreatsmustalsorelyatleastasmuchondefensive
strategiesthatraisetechnologicalandotherbarriersasonthecredibleknowledgethattheUnited
Statescanandwillappropriatelyrespondtosuchthreats.Inparticular,thereshouldbecertainty
aboutthefactthat,eveninthefaceofsophisticatedcyberthreats,theUnitedStatescanmaintain
robustdefenses,ensureresilientnetworksandsystems,andimplementarobustresponse
capabilitythatcanprojectpowerandsecureU.S.interests.

Defense,Resiliency,andReconstitution

TheUnitedStatesGovernmentrecognizesthatsomenetworksandinfrastructureaswellasthe
missionstheysupportaremorecriticalthanothersandshouldbeprotectedaccordingly.As
such,theAdministrationscyberdeterrencepolicyseekstodemonstratethestrengthof
governmentandprivatesectornetworkdefensestocreatedoubtthatsuchactivitywouldsucceed
orhavethedesiredeffects.Sucheffortstochangeanadversarysriskbenefitcalculushavethe
potentialtolimitperceivedoptionsandcanbepursuedindependentofattribution.

Tostrengthencollectivenetworkdefenses,theUnitedStatesGovernmentcollaborateswiththe
privatesectortoidentifykeysystemsthatmustbeprotectedandtoimplementbestpracticesin
cybersecurity.TheAdministrationisalsoimprovinginformationsharingofcyberthreat
indicatorsacrossgovernmentsectorsandbetweenthegovernmentandprivatesector.Further,
theUnitedStatesGovernmentinvestsheavilyinimprovingitsowninformationsecurityand
ensuringtheresiliencyofvitalcomputersystemsandnetworks,includingdevelopingtheability
toreconstitutethemrapidly,operatethemindegradedstates,orfunctionwithoutthemif
necessary.

IdentifyingandProtectingKeyCriticalInfrastructure

An approach to critical infrastructure cybersecuritythatfocusesonprotectingeverysystemfrom


any network intrusion atalltimeswouldbeimpractical. Thepervasivenessofsoftwarebugsand
othervulnerabilitiesmeansthattheUnitedStatesGovernmentcannotguaranteethatevery
systemwillalwaysbefreefromintrusionorcompromise.Ratherthanattemptingtoprotect
everysystematalltimes,theUnitedStatesGovernmentwillprioritizeitseffortsonidentifying
anddefendingcriticalinfrastructures.Governmenteffortsandresourceswillbeprioritizedto
ensurethatthoseparticularsystemsbenefitfromcontinuouslyimprovingandevolving
cybersecurityandnetworkdefenses.

Toaddressthisissue,theDepartmentofHomelandSecurity(DHS)wastaskedin2013with
implementingSection9ofE.O.13636,whichstates:

Within150daysofthedateofthisorder,theSecretaryshalluseariskbasedapproachto
identifycriticalinfrastructurewhereacybersecurityincidentcouldreasonablyresultin
catastrophicregionalornationaleffectsonpublichealthorsafety,economicsecurity,or
nationalsecurity.

Tomakethisidentification,DHSconsultedwithownersandoperatorsrepresentingall16critical
infrastructuresectorsaswellasSectorSpecificAgencies,SectorCoordinatingCouncils,
GovernmentCoordinatingCouncils,independentregulatoryagencies,andsubjectmatter
experts.Thiscollaborationandresearchidentifiedasmallsubsetofentitiesinseveralcritical
infrastructuresectorswhereacybersecurityincidentanditssecondorthirdordereffectscould
resultincatastrophicregionalornationaleffectsonpublichealthorsafety,economicsecurity,or
nationalsecurity.DHSwillcontinuetoworkwithappropriatestakeholderstoreviewandupdate
thislistonanannualbasis.

Basedontheseresults,DHSandotherelementsoftheUnitedStatesGovernmenthave
developedinfrastructureandprocessesfordisseminatingspecificandtargetedcybersecurity
threatinformationtotheidentifiedcriticalinfrastructureownersandoperators.Thisinformation
isusedtodetectandpreventintrusionattemptsfromarangeofcyberadversaries.DHSisalso
workingwithabroadersetofcriticalinfrastructureownersandoperatorstounderstandthe
potentialcascadingeffectsfromacyberattackagainsttheirnetworksandsystems.Theseefforts
areimprovingtheprivatesectorsabilitytodetectandpreventintrusionattempts,aswellas
recoverfromarangeofcyberincidents.Thispublicprivatecollaborationisalsoshapingthe
governmentsplanning,mitigation,andresponseeffortsintheeventofsignificantcyber
incidents.

SharingThreatInformation

Sharedsituationalawarenessofcyberthreatsandindicatorsofmaliciouscyberactivity
includinginformationonthoseresponsibleprovidesnetworkdefenderstheopportunitytoclose
knownvulnerabilitiesbeforetheycanbefullyexploited.Accordingly,theUnitedStates
Governmentisexpandingitsexistinginformationsharingmechanismswithinthegovernment
andwiththeprivatesector.Muchhasbeendonethroughtheexpansionofexistingprograms,
includingtheDefenseIndustrialBaseCybersecurityandInformationAssuranceProgramDHSs
EnhancedCybersecurityServicesprogramtheProtectedCriticalInfrastructureInformation
programandengagementwiththeprivatesector,butadditionalworkremains.

Asafirststep,theAdministrationisworkingtolowerperceivedandrealbarriersto
appropriateinformationsharingunderexistingauthorities.Asoneexample,theDepartmentof
Justice(DOJ)andtheFederalTradeCommissioninApril2014releasedguidanceindicating
thatantitrustlawdoesnotbarappropriatecybersecurityinformationsharingbetween
companies.ButlongtermeffortstoimproveU.S.cybersecuritywillrequirelegislationthat
allowsindustrytoreadilysharecybersecurityinformationwiththegovernmentonanational
scaleandinacoordinatedmanner.TheAdministrationwillcontinuetoworkwiththeCongress
onlegislationthatclarifiesthetypesofcybersecuritythreatandincidentinformationthatcan

beshared,particularlyfromtheprivatesectortogovernment,andbyjointlydevelopingor
supportingthemechanismstofacilitate

sharing.Specifically,theAdministrationwillcontinuetopursuelegislationthatencouragesthe
privatesectortosharecyberthreatinformationwithDHSsNationalCybersecurityand
CommunicationsIntegrationCenter(NCCIC).TheNCCICwillhavetheresponsibilityfor
sharingthatinformationinnearrealtimewithrelevantfederalagenciesandwithprivate
sectordevelopedandoperatedInformationSharingandAnalysisOrganizations(ISAOs).To
incentivizeprivatesectorinformationsharing,theAdministrationscurrentlegislativeproposal
providestargetedliabilityprotectionforcompaniesthatshareinformationwitheithertheNCCIC
orISAOs.

AlloftheAdministrationseffortsoncybersecurityinformationsharingwillalsoseektoensure
thatprivacyandcivillibertiesaresafeguardedandpreservetherespectiverolesandmissionsof
civilianandintelligenceagencies.UndertheAdministrationscurrentlegislativeproposal,
privateentitiesthatshareinformationwiththeFederalgovernmentwillhavetocomplywith
certainprivacyrestrictionssuchasremovingunnecessarypersonalinformationandtaking
measurestoprotectanypersonalinformationthatmustbesharedinordertoqualifyforliability
protection.TheproposalfurtherrequiresDHSandtheAttorneyGeneral,inconsultationwith
thePrivacyandCivilLibertiesOversightBoardandothers,todevelopreceipt,retention,use,
anddisclosureguidelinesforthefederalgovernment.

PromotingBestPracticesthroughtheCybersecurityFramework

InFebruary2013,PresidentObamasignedExecutiveOrder(E.O.)13636onImprovingCritical
InfrastructureCybersecuritythat,amongotheractions,directedtheNationalInstituteof
StandardsandTechnology(NIST)toleadaprocesstodevelopatemplateofcybersecuritybest
practices.InFebruary2014,NISTreleasedthefirstversionofthetemplate,theCybersecurity
Framework(Framework),thatreferencesgloballyrecognizedstandardsandpracticestohelp
organizationsunderstand,communicate,andmanagetheircyberrisks.

U.S.companieshavebeguntoadoptandimplementtheFrameworkacrossmanydifferent
6
sectorsoftheeconomy.
Thisadoptionmeansthatmanyorganizationsareraisingtheiroverall
cybersecuritybaselinebyimplementingstandardsbasedmeasurestoprotecttheirmostsensitive
information,closeknownvulnerabilitiesintheirnetworks,andinvestinthehardwareand
softwarenecessaryforbasiccyberdefense.TheAdministrationwillcontinuetopromotethe
adoptionoftheFrameworkasakeymeansofimprovingU.S.cyberdefensesand,byextension,
decreasingadversariesperceptionsofthebenefitstobegainedfromengaginginmalicious
cyberactivitiesagainstU.S.computersandnetworks.

DefendingAgainstInsiderThreats

Inthewakeofotherunauthorizeddisclosuresofclassifiedinformation,includingtheWikiLeaks
incidentandleaksofU.S.intelligenceprogramswhichbothcenteredoninsidercompromiseof

Asoneexample:Intel,Apple,BankofAmerica,U.S.Bank,PacificGas&Electric,AIG,QVC,Walgreens,andKaiser
PermanenteannouncedtheircommitmentstousetheFrameworkattheWhiteHouseSummitonCybersecurityand
ConsumerProtectiononFebruary13,2015.

sensitive computer networks the United States Government has increased itsattentionto
policies and actions that strengthen the safeguarding of classified information vitaltoU.S.
nationalsecurityandreduceinsiderthreats.InOctober2011,PresidentObamaissuedE.O.
13587directingstructuralreformstoensureresponsiblesharingandsafeguardingofclassified
informationandestablishingtheSeniorInformationSharingandSafeguardingSteering
Committee(theSteeringCommittee),theExecutiveAgentforSafeguarding,andtheNational
InsiderThreatTaskForce(NITTF).

TheSteeringCommittee,cochairedbyseniorrepresentativesoftheOfficeof
ManagementandBudgetandtheNationalSecurityCouncilstaff,ensuresseniorlevel
accountabilityacrossdepartmentsandagenciesforimplementingpoliciesandstandards
regardingthesharingandsafeguardingofclassifiedinformationoncomputernetworks.

TheExecutiveAgentforSafeguarding,underthejointleadershipoftheSecretaryof
DefenseandtheDirectoroftheNationalSecurityAgency,isdevelopingeffective
technicalsafeguardingpoliciesandstandardsaddressingthesafeguardingofnational
securitysystemsandclassifiedinformationwithinthesesystems.

TheNITTF,underjointleadershipoftheAttorneyGeneralandtheDirectorofNational
Intelligence,bringstogethersecurity,counterintelligence,andinformationassurance
expertsfromacrossthegovernmenttodevelopagovernmentwideinsiderthreatprogram
fordeterring,detecting,andmitigatinginsiderthreats,includingcompromisesof
classifiedinformation.

BolsteringGovernmentNetworkDefenses

TheFederalgovernmentcontinuestoimprovethesecurityofitsinformationandsystems
throughbroadimplementationofcybersecuritycapabilitiesandservicesdesignedtodetectand
preventmaliciouscyberactivitiesaswellasmanageinternalnetworksandsystemsmore
effectivelyandsecurely.Althoughtheseeffortsareexpandingrapidly,manyUnitedStates
Governmentownedsystemsandnetworksremainvulnerable.Toaddressthatchallenge,the
Administrationisholdingdepartmentsandagenciesaccountableforimprovingtheirnetwork
7
defensesthroughtheCybersecurityCrossAgencyPrioritygoal.
Indoingso,theUnitedStates
Governmentissettingclearcybersecuritygoalsfordepartmentsandagencies,andholdingthem
accountableforachievingoutcomesagainstthosegoals.Concurrently,theAdministrationis
improvingthegovernmentsabilitytotrackspendingoncybersecurityacrossthegovernmentto
strengthenthelinkagebetweenresourcesandresults.

InadditiontoprotectingFederalnetworks,theDepartmentofDefense(DOD)iscontinuingto
bolsterthenetworkdefensesusedbythemilitaryandcompaniesoftheDefenseIndustrialBase

TheCrossAgencyPrioritygoalframeworkwasestablishedbytheGPRAModernizationActof2010andisusedtoaccelerate
progressonalimitednumberofPresidentialpriorityareaswhereimplementationwillrequirecollaborationandcoordinated
actionbymultipledepartmentsandagencies.EachgoalhasanamedseniorleaderbothwithintheExecutiveOfficeofthe

Presidentandwithinkeydepartmentsandagencies.AdditionalinformationontheCrossAgencyPrioritygoalsforcybersecurity
canbefoundhere:
http://www.performance.gov/capgoalslist/.

toprotectmillionsofnetworkeddevicesandthousandsofenclavesthathouseclassifiedand
unclassifiedmilitaryinformation.TheU.S.CyberCommand,inconjunctionwiththeService
CyberComponents,theNationalSecurityAgency,andtheDefenseInformationSystems
Agency,monitorsthefunctioningofDODnetworksandroutinelyprovidesthreatand
vulnerabilityinformationtotheoperatorsofthosenetworks.TheDepartmentofDefenseisalso
workingtomodernizetheoverallarchitectureanddefensesofitsnetworksbybuildingtheJoint
InformationEnvironment(JIE),whichwillprovidesecureInternetcommunicationsand
intelligencethroughtheuseofasharedinfrastructure,enterpriseservices,andasinglesecurity
architecture.

Inadditiontodefensivemeasures,theUnitedStatesGovernmentmustalsoensuretheresiliency
ofitsnetworks,systemsanddata.Todoso,theAdministrationhasimplementedpolicies
intendedtoimprovetheFederalgovernmentsabilitytoidentifyandrespondtoincidents,and
reconstituterapidlyifattackssucceed.In2013,theAdministrationissuedPresidentialPolicy
Directive21(PPD21)onCriticalInfrastructureSecurityandResilience,whichfocusedon
advancinganationalunityofefforttostrengthenandmaintainsecure,functioning,andresilient
criticalinfrastructure.E.O.13636,whichwasissuedatthesametimeasPPD21,furthered
effortstoprotectcriticalinfrastructure.E.O.13636requirementinformationsharingoncyber
threatsamongFederalagenciesandwiththeprivatesectorandthroughthedevelopmentofthe
CybersecurityFramework,whichanumberofFederalagenciesareseekingtoadopt.Such
effortstoimprovecybersecurityinformationsharingandriskmanagementwithinthe
governmentcanstrengthenbothsituationalawarenessandindicationsandwarning,whichin
turncanhelpgovernmentnetworkdefendersprepareforattacksandimprovetheresilienceof
governmentsystems.Finally,Federaldepartmentsandagenciesarealsomakingcybersecurity
anincreasinglyprominentcomponentoftheircontinuityofoperationsplanning.

DeterrencebyCostImposition

Developingoptionstoimpose
economiccosts
onmaliciouscyberactors.

Pursuingappropriate
lawenforcement
actionsto(1)investigateandprosecute
cybercriminalsresponsibleforstealinginformationfromtheprivatesectororgovernment
orcompromising,disrupting,ordestroyingU.S.computersandnetworksand(2)deny
adversariesaccesstoinfrastructureusedtoconductmaliciouscyberactivity.

Asnecessary,developingappropriatemilitaryoptionsto
defendthenation
fromcyber
attacks.

ConsistentwiththeAdministrations2011
InternationalStrategyforCyberspace
,andin
accordancewithrightsestablishedunderinternationallaw,theUnitedStatesGovernment
reservestherighttouseallnecessarymeansdiplomatic,informational,military,andeconomic
todefendthenationandU.S.interestsfrommaliciouscyberactivities.Justbecauseanattack
takesplaceincyberspacedoesnotmeanthatalawfulandappropriateresponsemustbe
conductedthroughcybermeans.Norisadirectresponsealwaysthemostappropriateand

proportionalresponse.Instead,theUnitedStatesmustmaintainaspectrumofresponse
capabilitiesthatprovidethePresidentandseniorU.S.leaderswithoptionsthatcanbetailoredto

particularadversaries,theimpactofthemaliciousactivities,andthelevelofcertaintyregarding
attribution.

MeasurestoImposeEconomicCostsonMaliciousCyberActors

Economictoolsmayofferoptionsforimposingcostsonmaliciouscyberactorsanddeterring
certaincyberthreats,particularlyfromadversarieswhoseektoundermineU.S.economic
securitybyillicitlyobtainingtradesecrets,includingintellectualproperty,orcontrolled
technology.Whenappropriateandwarranted,theAdministrationwillpursueactionstoimpose
economiccostsonthemaliciouscyberactorsresponsibleforsuchactivity,includingwhensuch
activityconstitutesaviolationofinternationaltraderulesortherulesoftheWorldTrade
Organization.

Inparticular,financialsanctionscanofferaneffectivetoolforrespondingtocyberattacks.In
responsetoNorthKoreasdestructiveandcoercivecyberattackinNovember2014whichwas
intendedtoharmaU.S.businessandsuppressfreespeechtheAdministrationannouncednew
sanctionsoncertainNorthKoreanactors.Further,inApril2015thePresidentissuedanew
ExecutiveOrderauthorizingtheimpositionofsanctionsonindividualsandentitieswhosecyber
enabledactivitieshavecontributedtoasignificantthreattothenationalsecurity,foreignpolicy,
oreconomichealthorfinancialstabilityoftheUnitedStates.Inestablishingthisnewpolicy,the
Administrationiscreatingameansofimposingeconomiccostsagainstnotjustthosethat
conductcyberattacks,butthoseresponsibleforsupporting,enabling,ororderingsuchattacks.
TheUnitedStatesGovernmenthasusedthesetoolsformanyyearstoaddressotherpolicy
challengesandwillcontinueapplythem,asappropriate,todeterandrespondtocyberthreatsas
well.

TakingLawEnforcementAction

Lawenforcementcanalsobeaneffectivedeterrenttocyberthreatsboththroughdenial(e.g.,
takingdownacriminalbotnetthatcouldbeusedinanattack)orcostimposition(e.g.,arresting
theperpetratorsofcyberattacks).Althoughinvestigationandprosecutionischallenginginthe
cybercontext,theUnitedStatesGovernmentusesthistooleffectivelytodisruptanddegrade
adversarycybercapabilities.Thelawenforcementcommunityroutinelyinvestigates
unauthorizedintrusionsandattacksoncomputersandnetworksusingtraditionalinvestigative
techniques,forensictools,undercoveroperations,confidentialhumansources,andlawfully
authorizedsurveillanceallofwhichhelpidentifyindividualsandgroupswhoposecyber
threats.

Investigating,Prosecuting,andDisruptingMaliciousCyberActivity

Sincethereisanindividualororganizationbehindeveryintrusion,U.S.lawenforcement
agenciesareacriticalelementoftheUnitedStatesGovernmentscyberincidentresponse
mechanism.TheyregularlyopeninvestigationsintomaliciouscyberactivitytargetingU.S.
victims,and,whentheevidencesupportsit,theDepartmentofJusticeprosecutesthose

responsiblefortheiractions,consistentwiththePrinciplesofFederalProsecution.Successful
investigationsandprosecutionsimposedirectcostsonmaliciouscyberactors,aswellasstates

thatmaysupportorharborthem,andservetodeterpersonsororganizationsfromcontinuingto
conductsuchactivity.

Asjustoneexampleofsuchaction,inMay2014theDepartmentofJusticeobtainedan
indictmentoffiveuniformedmembersoftheChinesePeoplesLiberationArmyforcomputer
hacking,aggravatedidentitytheft,economicespionage,andtradesecrettheft.Theseoffenses
weredirectedatsixvictimsintheU.S.nuclearpower,metals,andsolarproductsindustries.
Throughthecontinueduseofsuchlawenforcementactions,theUnitedStatesGovernmentcan
reducetheriskofcyberthreatsbydemonstratingthattherearerealconsequencestomalicious
cyberactivitywhetherornotthoseresponsibleareassociatedwithaforeigngovernment.

Lawenforcementcanalsodenyadversariesaccesstotheinfrastructureusedtoconduct
maliciouscyberactivitiesagainsttheUnitedStates.Forexample,ifanadversarydevelopsand
usesabotnetthatthreatenstooractuallydisruptsakeypublicservice,lawenforcementagencies
maynotonlyinvestigateandprosecutetheallegedperpetrators,butalsodisruptthebotnetitself.
Usinglawenforcementauthoritiesandcapabilities,theUnitedStatesGovernmentwillcontinue
toinvestigateanddisruptmaliciouscyberactivity,andtoprosecuteindividualswhocommit
cybercrimesagainsttheUnitedStates.Suchsuccessfullawenforcementeffortscandeterthose
whowouldconsiderusingcybermeanstocausepeoplephysicalharm,ortodisruptthe
functioningofsociety,government,orkeypublicservices.

BuildingInternationalCapacitytoCombatCybercrime

Combatingcybercrimeisnotonlyadomesticissue.Manyadversariesuseforeignbased
infrastructuretostagetheirintrusionsordisruptiveactivities.ItisintheUnitedStatesinterest
toassistothercountriesinbuildingthecapacitytoinvestigate,prosecute,anddisruptsuch
criminalactivity.TheUnitedStatesishelpingothercountriesdevelopthesecapabilitiesthrough
U.S.ledtrainingprogramsonsubjectsasvariedasdevelopingcyberrelatedlegalframeworks
andusingcomputerforensicstoinvestigatecrimes.Additionally,theUnitedStatesGovernment
isencouragingothercountriestoaccedetotheBudapestConventiononCybercrimeandusing
theConventionsstructureasabasisforcapacitybuildingefforts.Thatframeworkincludes
threekeyconcepts:(1)ensuringlawenforcementagencieshavetheauthoritiesandtoolsto
investigatecybercrimeandtodealwithelectronicevidence(2)enactingsubstantivecybercrime
lawsand(3)usingmechanismslikethe24/7NetworkonHighTechCrimetoensureeffective
andtimelyinternationalcooperation.TheUnitedStatesGovernmentismakingarenewedpush
toincreasethenumberofpartiestotheBudapestConvention,andtoincreasethemembershipof
the24/7Networkforlawenforcementpointsofcontact.Fiftythreecountrieshavesignedthe
BudapestConventionwithfortyfourofthoseratifyingitintodomesticlaw.Collectively,the
Administrationseffortsaremakingheadwayinbuildingthecooperativerelationshipsnecessary
topursuecriminalcyberactorswherevertheyresideandbringthemtojustice,thusadding
anotherdeterrenttothosewhoconstituteasignificantthreattoournationalsecurityand
economicinterests.

BuildingCapabilitiestoDefendtheNationinCyberspace

TheUnitedStatesGovernmentsfirstpreferenceistousenetworkdefense,lawenforcement
measures,economicactions,anddiplomacytodefendagainst,todeter,andtodeescalatecyber
incidents.Whendefenseanddeterrenceeffortsareinsufficient,however,theUnitedStates
Governmentmusthavethecapabilityandcapacitytodefendthenationincyberspace.The
UnitedStatesGovernmentwillbeprepared,ifdirectedbythePresident,touseallnecessary
means,includingmilitary,torespondtoacyberattackonthenation.

Tosupportthisoperationalrequirement,theDepartmentofDefenseestablishedU.S.Cyber
CommandinOctober2010toconsolidateU.S.militarycybercapabilitiestomeetcyberthreats.
U.S.CyberCommand,inconjunctionwiththecombatantcommands,isnowbuildingahighly
capableforce.TheCyberMissionForceiscapableoffullspectrumcyberoperations,andit
plansandpreparesonanongoingbasistodefendthenation.InSeptember2013,U.S.Cyber
CommandactivatedtheheadquartersforitsCyberNationalMissionForce,oneofthreedistinct
8
forces
that could rapidly react to a cyber attack on thenation. In taking thesesteps,the
Department of Defense is creatingcredibleandreliableoptionsforthePresidenttodeter
adversariesfromattackingincyberspaceandtodefendthenationfromcyberattacks.

Further,theDepartmentofDefenseisable,ifdirected,toconductoperationsincyberspace,
includingoffensivecyberoperations.PresidentialPolicyDirective20providesapolicy
frameworktogoverntheconductofsuchcyberoperations.EventhoughtheUnitedStates
Governmentisnotlimitedtorespondingtoacyberattackthroughcyberspace,thereareunique
advantagestosuchasymmetricalresponse.Cyberoperationscanbenarrowlytailoredtotarget
theprecisesystemorsystemsthatareperpetratinganattackagainsttheUnitedStates.Further,
themethodsforneutralizingamalicioussystemcanbesufficientlyprecisesoastominimize
collateraleffects.DevelopingthesecapabilitiesdoesnotmeantheUnitedStatesismilitarizing
cyberspace,anymorethanhavinganavymilitarizestheoceans.However,adversaries
contemplatingtestingU.S.resolveshouldunderstandthattheUnitedStatesmay,in
circumstanceswherenetworkdefenseandlawenforcementmeasuresareinsufficient,usecyber
operationstodefendournationandourinterests.

ActivitiesthatSupportDeterrence

Bringinga
wholeofgovernmentandwholeofnationapproach
tocyberincident
responseandnationallevelevents.

Promotinganuancedandgraduated
declaratorypolicyandstrategiccommunications
thathighlighttheUnitedStatesGovernmentcommitmenttousingitscapabilitiesto
defendagainstcyberattacks,butremainsambiguousonthresholdsforresponseand
consequencestodiscouragepreemptionormaliciouscyberactivitiesjustbelowthe
thresholdforresponse.

Furtherdeveloping
intelligence
capabilitiesthatimproveourabilitytoattributeandact
againstmaliciouscyberactivities,tounderstandadversariesplansandintentions,to

TheothertwoforcesaretheCyberCombatMissionForce,whichsupportsoperationalneedsofcommanders,andtheCyber
ProtectionForce,whichdefendstheDepartmentofDefenseInformationNetwork(DoDIN).

identifyU.S.targetsperceivedasbeingofvaluetotheadversary,andtocounter
adversaryactivities.

Bolstering
internationalengagement
toestablishnormsofstatebehaviorincyberspace,
improvecollectivenetworkdefenses,fostercooperationincounteringcybercrime,
enhancealliances,andcreateconsensusregardingappropriateresponsesforcyberattacks
againstcriticalinfrastructure.

Conducting
researchanddevelopment
toreduceandultimatelyeliminateadversaries
asymmetricadvantageovernetworkdefenders,todevelopnewcapabilitiestomonitor
anddetectadversaryactivity,topursueadversariesincyberspace,andtocounter
adversaryactivityinameasurableway.

BolsteringWholeofGovernmentandWholeofNationResponseCapabilities

Asthepaceandscaleofcyberincidentshasincreasedexponentially,theUnitedStates
Governmentrecognizesthatcyberriskscanbesignificantlyreduced,butnoteliminated.
Further,nooneelementofthegovernmenthasthecapacityorauthoritynecessarytodealwith
thethreatalone.EachFederaldepartmentoragencycanbringparticularexpertisetobearonthe
issue.TheDepartmentofStateusesitsrelationshipswithforeigngovernmentstocoordinate
policyresponses.TheDepartmentofJusticeandtheFederalBureauofInvestigation(FBI)bring
considerableinvestigative,prosecutorial,andlawenforcementcapabilitiesandauthorities.DHS
hasanintimateknowledgeofU.S.criticalinfrastructure,significantexpertiseinincident
responseandmitigation,andthedeeprelationshipswiththeprivatesectornecessarytoprotect
criticalinfrastructureandrespondtocyberattacks.TheUnitedStatesSecretServicehas
expertiseregardinglargescalecyberfraudinvestigationsthatmayhavenationalimplications.
ImmigrationandCustomsEnforcement,HomelandSecurityInvestigationsinvestigates
cybercrimerelatedtotheonlinetheftofintellectualproperty,exportcontrolleddataandmany
othercyberenabledcrimesincludingchildexploitation,andcybersmugglingincluding
undergroundmarketplaces.Economicagencies,includingtheDepartmentofCommerce,the
DepartmentoftheTreasury,theOfficeoftheUnitedStatesTradeRepresentativecanleverage
theirunderstandingofeconomicandmarketforces,aswellastheirrespectiveauthorities,to
enacteconomicsanctions,enforcetradelaws,andtakeotheractionsagainstmaliciousactors.
AndSectorSpecificAgencieshaveuniqueinsightintosectorsoftheeconomythatcouldbe
threatenedbymaliciouscyberactivities.Thesecapabilities,matchedwiththeexpertiseofthe
IntelligenceCommunityandtheDepartmentofDefense,reflectawholeofgovernment
approachtoidentify,mitigate,anddefendagainstcyberincidentsandnationallevelevents.

Inaddition,theAdministrationhasputinplacemechanismsthatensuredepartmentsand
agenciesarecombiningtheircapabilitiesandresourcesintoeffective,coordinatedresponsesto
maliciouscyberactivity.Asoneexample,in2014,theWhiteHousebeganusingtheCyber
ResponseGroup,orCRGmodeledonthehighlyeffectiveandlongstandingCounterterrorism
SecurityGrouptohandlecertainincidentresponsecoordinationtasks.TheCRGfocuseson
sharingthreatinformation,malwaresignatures,plansofstateandnonstateactors,and

coordinatingresponsesacrossthegovernment.Maliciousactorsareincreasinglywillingto
intrudeintopublicandprivatenetworksforthepurposeofdestructivecyberattacks,andthe

Administration viewsforumsforagileinteragencycoordination,liketheCRGasalinchpinin
the governments response capabilities. InstandinguptheCRGandsimilarmechanisms,the
Administration seeks to shareknowledgeabout ongoingthreatsandattacksandcoordinateall
elementsofthegovernmentsresponseatthehighestlevels.

Intakingthiswholeofgovernmentapproach,theAdministrationisworkingtoestablishclear
lanesofresponsibilityforFederaldepartmentsandagencies,buildthecommunicationschannels
necessaryfornearrealtimesituationalawareness,andbolstergovernmentengagementwiththe
privatesectorsothatcompaniesknowwhomtocontactwhenfacedwithacyberthreat.Allof
theseeffortsareaimedatimprovingthegovernmentsabilitytounderstandthenatureofagiven
cyberincidentandtomakerapiddecisionsaboutwhetherandhowtorespondtocyberincidents
ofsignificantnationalconcern.

DeclaratoryPolicyandStrategicCommunications

Regardlessofthemethodofdeterrence,clearandfrequentsignalingtoadversariesthattheir
actionswouldbeorareunacceptablewillincreasethelikelihoodthattheUnitedStates
successfullydeterssomemaliciouscyberactivities.Suchsignalingcanbedirectorindirect,
privateorpublic.However,theUnitedStatesmustmaintainconsistentandcrediblemessages
andmessengers,anddevelopthesharedsituationalawarenessnecessarytodeterminewhetheran
adversaryreceivedthesignalandinterpreteditcorrectly.Tothatend,thewholeofgovernment
consultativeprocess,constantcollaborationwiththeprivatesector,andinternational
coordinationallincreasethelikelihoodthatthesignalingcomponentoftheU.S.deterrenteffort
issuccessful.

ConsistentcommunicationofU.S.policyisalsoanecessarycomponentincreatingaglobal
environmentwhereactivitiesandtheirimplicationsareunderstoodbyalliesandadversaries.
TheAdministrationspublicstatementshavesoughttoexplainU.S.viewson,andemphasizethe
importanceof,internationalcooperationoncyberissues.TheUnitedStateshasissuedclear
statementsinthepastregardingtheU.S.intentiontorespondasnecessaryandappropriateto
cyberthreats.However,theUnitedStatesGovernmentwillremainambiguousinitsstatements
onthresholdsforresponseandconsequencesofcyberthreatsinordertodiscouragepreemption
ormaliciouscyberactivitiesjustbelowthethresholdforresponse.TheAdministrationwill
considerwhethertospeakmoreopenlyaboutwhetherandhowtheUnitedStatesmightrespond
tomaliciouscyberactivities,althoughsuchpublicdiscussionwillrequirecarefullybalancing
suchtransparencyagainstintelligenceandmilitaryequities.

Beyonddeclaratorypolicy,theUnitedStateswillalsousestrategiccommunicationsasa
deterrencetool.Insomecases,theAdministrationmayhighlightinvestigations,criminal
charges,successfulprosecutions,orotherlawenforcementactivitiesthatenhancetheU.S.
deterrenceposture.Bypublicizingsuchcases,theUnitedStatesensuresthatmaliciouscyber
actorsunderstandthatsuchactionswillincursignificantcosts.TheUnitedStatesGovernment
mayalsosendmessagesthroughdiplomaticorotherchannelstoforeignadversariesasawarning
thattheUnitedStatescanattributeandwillrespondtomaliciouscyberactivitiesasnecessaryto
protectourinterests.Inmoreextremescenarios,theUnitedStatesmayintensifythisstrategic

messaginganddemonstrateourresolvethroughstrongermeasures,includingsanctionsor
militaryposturing.

IntelligenceCapabilities

Intelligencecollection,analysis,andoperationsareessentialtotheUnitedStatesGovernments
effortstodetercyberthreats.EverymemberoftheU.S.IntelligenceCommunityplaysakey
roleinidentifyingthemostthreateningcyberadversaries,whattargetstheythreaten(including
criticalinfrastructure),theirdecisioncalculus,andopportunitiestocountersuchactivity.To
augmentthoseefforts,theAdministrationhasestablishedtheCyberThreatIntelligence
IntegrationCenter(CTIIC)toconnectthedotsregardingmaliciousforeigncyberthreatstothe
nationandcyberincidentsaffectingU.S.nationalinterests.TheCTIICwillsupporttheU.S.
governmentcentersresponsibleforcybersecurityandnetworkdefenseaswellasfacilitateand
supporteffortsbythegovernmenttocounterforeigncyberthreats.Inperformingthismission,
theCTIICwillplayakeysupportroletoothergovernmentagencieseffortstoidentify,
investigate,anddefendagainstcyberattacksandothermaliciouscyberactivity.TheUnited
StatesGovernmentwillcontinuetouseitsintelligencecapabilitiesinawaythatoptimally
protectsU.S.nationalandeconomicsecuritywhilesupportingforeignpolicy,protectingprivacy
andcivilliberties,andbuildingandmaintainingthepublictrust.

InternationalEngagement

Globalrelianceonnetworkedcomputersystemsshouldencourageallnationstocooperate
togetherinmutualselfinteresttodetercyberthreats.Effectiveinternationalcollaborationon
cyberdeterrencewillrequiretheUnitedStatestoshareitsperspectiveonthethreatenvironment
withalliesandinternationalpartners,leadthewayindevelopingandpromulgatingnormsof
statebehaviorincyberspace,andsupportinternationalpartnerseffortstosecuretheirown
networks.TheUnitedStatesGovernmentisalsoworkingwithitscounterpartsaroundtheworld
toenhancedeterrencebyexpandingbilateralandmultilateraldefenseandsecurityrelationships
toincludegreatercooperationintheareasofnetworkdefense,informationsharing,incident
response,andresiliency.Intakingtheseactions,theUnitedStatesintendstoformagroupof
likemindedstatesthattogetherseektodetercyberaggressionandtoenhanceglobaleconomic
securitywhilesustaininganopenandinteroperableglobalInternetforallusers.

NormsofStateBehaviorinCyberspace

Justasinthekineticrealm,internationalconsensusaboutwhatlevelofcyberattackcouldbe
consideredanarmedattackunderinternationallawdoesnotyetexist.However,theUnited
Stateshasbeensuccessfulinbuildinginternationalconsensusthatinternationallawdoesapply
tostateactivitiesincyberspace.

Endorsementof,andadherenceto,specificnormsofstatebehaviorincyberspacecouldfurther
buildmutualconfidencethatnationsarenotthreateningeachotherwithcripplingcyberattacks.
Suchnormswouldalsosocializestandardsofbehaviorincyberspaceconsistentwitheach

nationssecurityinterestsanddeveloptheinternationalsupportnecessaryforcollectiveactionto
counterbadactors.Byactingtogethertodevelopandenforcesuchnorms,theUnitedStatesand

its internationalpartners canisolatepotentialadversaries. TheUnitedStatesGovernmenthas


identified several peacetimenormsofstatebehaviorincyberspaceandwillseekinternational
supportforthesenorms:

AStateshouldnotconductorknowinglysupportonlineactivitythatintentionally
damagescriticalinfrastructureorotherwiseimpairstheuseofcriticalinfrastructureto
provideservicestothepublic.

AStateshouldnotconductorknowinglysupportactivityintendedtopreventnational
computersecurityincidentresponseteams(CSIRTs)fromrespondingtocyberincidents.
AStateshouldalsonotuseCSIRTstoenableonlineactivitythatisintendedtodoharm.

AStateshouldcooperate,inamannerconsistentwithitsdomesticlawandinternational
obligations,withrequestsforassistancefromotherstatesininvestigatingcybercrimes,
collectingelectronicevidence,andmitigatingmaliciouscyberactivityemanatingfromits
territory.

A State should not conductorknowinglysupportcyberenabledtheftofintellectual


property, includingtradesecretsorotherconfidentialbusinessinformation,withthe
intentofprovidingcompetitiveadvantagestoitscompaniesorcommercialsectors.

PromotingTrustandTransparencyintheInternationalCommunityandSupportforPartners

TheUnitedStatesGovernmentseekstoexpanditscyberengagementwithalliesand
internationalpartnersthroughdiplomaticengagementsledbytheDepartmentofState,law
enforcementpartnershipsledbytheDepartmentofJusticeandtheFederalBureauof
Investigation,informationsharingandincidentresponsepartnershipsledbytheDepartmentof
HomelandSecurityandtheFBI,andmilitarytomilitarycooperationledbytheDepartmentof
Defense.TheUnitedStatesGovernmenthasheldwholeofgovernmentdialoguesoncyber
issueswithmultiplelikemindedcountries,includingBrazil,Germany,India,Japan,South
Korea,andourMiddleEast,NordicandBalticStatepartners.Wewillalsocontinue,as
appropriate,toengageRussia,China,andothercountriestoexploreavailablemechanismsfor
cybersecuritycooperationandcontinueddialogueonpolicydifferences.Suchdialogues
reinforceotherpolicyeffortsthatsupportcyberdeterrencebycreatinganenvironmentwhere
partiescanexplorenewavenuesofcooperationandbuildtransparencymeasurestoreducethe
riskofmiscalculationinresponsetoacyberincident.Indoingso,theUnitedStatesGovernment
isbuildingtheframeworkforaninternationalcommunitywheretheincentivestocooperatein
cyberspacecounterbalanceintentionstoattack.

Reducingtheuncertaintyassociatedwithcertainaspectsofcyberspaceisakeyelementofthis
framework.Theasymmetricadvantagesgrantedtomaliciouscyberactorsrewardcompetition,
notcooperation,amongnationstates.Tocombatthisriskandcreatetheconditionsnecessary
fordeterrencetobesuccessfultheUnitedStatesGovernmentispursuingbilateraland
multilateraltrustandtransparencymeasurestoreducetheriskofescalationandunintended

consequencesthatcouldresultfromapoorlyunderstoodcyberincident.TheUnitedStatesis
leadingthewayontheseissuesinternationallytheAdministrationconcludedthefirstever

bilateralcyberconfidencebuildingmeasureswithRussiainJune2013andledtheeffort
todevelopthefirstsetofmultilateralconfidencebuildingmeasuresintheOrganization
forSecurityandCooperationinEurope.

Trustisnotonlybuiltthroughthesestrategicengagements,butalsothroughdaytoday
interactionandcooperationbetweentheanalystswhoprotectcomputernetworks.Such
interactionsimproveunderstandingbetweennationsandprovidevaluableinsightintohow
internationalpartnersthinkaboutcyberspace,divideresponsibilitiesforcyberoperations,and
respondtocyberincidents.Routinework,suchascooperationandinformationsharing
betweencomputersecurityincidentresponseteams,buildsrelationshipsandtrustthatserveas
anoperationalfoundationforstrategictrustandtransparency.DHSandtheFBIregularlywork
withtheirinternationalpartnerstoshareinformationonincidentsofconcernand,when
appropriate,worktogethertoinvestigateandmitigateincidents.Andmultipledepartmentsand
agenciesareexpandingtheireffortstosupportDHSsabilitytosharenetworkdefense
informationwithover200foreigncomputersecurityincidentresponseteamsandbuildinglong
termcooperativerelationshipswithmanyofthoseorganizations.

ResearchandDevelopment

U.S.adversarieswillcontinuetodevelopnewmeansofbypassingnetworkdefenses.Tokeep
pace,theUnitedStatesGovernmentmustevolveanddevelopinnovativesolutionstomake
cyberspaceresilienttofuturethreats.TheAdministrationseekstoshapethefutureof
cybersecuritythroughacomprehensiveplanandinvestmentstrategytodevelopthetools,
techniques,andnationalworkforcenecessarytocontinuetoimprovetheresilienceofU.S.
computers,networks,andcriticalinfrastructureandprovidenewtechnologicaloptionsfor
deterringmaliciouscyberactivities.

TheAdministrationisprioritizingresearch,development,andtechnologytransitiontoreshape
thesecuritylandscapebyeliminatingthecurrentadvantageofintrudersincyberspacewhile
makingitinherentlymoresecure.Theprimaryfocusforgovernmentresearchinvestmentison
makingthehardware,software,andoperations,transactions,activities,andbusinesspracticesin
cyberspacesecurebydefault.OneexampleofsucheffortsistheUnitedStatesGovernments
collaborationwiththeprivatesectoronimplementingthe
NationalStrategyforTrustedIdentities
inCyberspace
,whichseekstoreplacepasswordswithmoresecure,convenient,andprivacy
enhancingwaysofaccessingInternetservicesand,indoingso,eliminateoneofthekey
vulnerabilitiesusedbyadversariestogainaccesstocomputersandnetworks.

Conclusion

Thirtyyearsago,fewunderstoodthatthefreeflowofinformationincyberspacewouldbevital
toinnovationandglobalprosperity.Norwasitobviousthatmaliciousactivityconducted
throughcyberspacecouldthreatenpublicsafetyandwelfareandtheUnitedStatesnationaland
economicsecurity.Thesethreatsarenowwidelyrecognized,anditisequallyclearthatthey
willremainanenduringpartofthethreatlandscapefacedbytheUnitedStates.Governments,

businesses,andindividualsincreasingdemandforanduseofonlineanddigitalserviceswill
continuetopresentattractivetargetsforthosewhomightwishtodousharm.Theconvergence

oftelecommunicationsandcomputernetworks,increaseduseofwirelesstechnology,and
increasedconnectivitybetweencriticalinfrastructureandtheInternetarefactorsthatcreate
additionalenablersforcyberattacks.Andnationstatesalmostcertainlywillcontinuetoperceive
cyberattacksandothermaliciouscyberactivityasanasymmetric,plausiblydeniableoptionfor
pursuingnationalsecurityandforeignpolicyobjectives.

TheUnitedStatesGovernmentiscommittedtoidentifyinganddefendingagainstcyberattacks
andothermaliciouscyberactivityandtodeterringthosewhochoosetoconductsuchactivity.In
doingso,wewilluseallnecessaryandappropriateinstrumentsofnationalpowertoprotectour
interestsandtopreserveanopen,interoperable,secure,andreliablecyberspace.AcredibleU.S.
cyberdeterrentwillrequiresustainedeffortsbyallelementsofthegovernmenttopursuing
policiesandcapabilitiesthatimprovenetworkdefenses,bolstertheNationscyberresiliency,
andprovideoptionsforimposingcostsonmaliciouscyberactors.Thispolicydocumentoffers
aninitialroadmapfortheUnitedStatesGovernmentsdepartmentsandagenciestoidentifytheir
roleintheUnitedStatescyberdeterrenceefforts,toexecuteonspecificlinesofeffort,andto
developplansforthefuture.

You might also like